Email - Postfix

About

Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), TLS

The postfix installation install also an alias to the sendmail command line.

Security / Privileges

SMTP servers need to decide whether an SMTP client is authorized to send mail:

  • to remote destinations,
  • or only to destinations that the server itself is responsible for.

Once a remote client is authenticated, a server generally give the same network privileges.

Relaying is allowed only for authenticated users, and IP addresses you specify in mynetworks.

Configuration

Respond

nmap -Pn -p T:25 server
Starting Nmap 7.80 ( https://nmap.org ) at 2020-06-15 13:54 W. Europe Daylight Time
Nmap scan report for nico.gerardnico.com (xxxxxx)
Host is up.

PORT   STATE    SERVICE
25/tcp filtered smtp

Nmap done: 1 IP address (1 host up) scanned in 3.16 seconds

Parameters

mydestination

Which mail should be saved on the machine

  • If you don't want to store email for a specific domain on the server leave it untouch
mydestination = $myhostname, localhost.$mydomain, localhost

inet_interfaces

inet_interfaces: Example of value and their consequence

  • all
netstat -tulpn | egrep (master|:25)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      5611/master
  • 163.132.99.201, 127.0.0.1
netstat -tulpn | egrep (master|:25)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2413/master
tcp        0      0 163.132.99.201:25       0.0.0.0:*               LISTEN      2413/master

Mailbox

The home_mailbox parameter specifies the optional pathname of a mailbox file relative to a user's home directory. The default mailbox file is /var/spool/mail/user or /var/mail/user.

home_mailbox = Mailbox
# for qmail-style delivery (the / is required).
home_mailbox = Maildir/ 

where:

  • Maildir separates messages into individual files that are then moved between directories based on user action.
  • Mailbox stores all messages within a single file.

Virtual

Sasl authentication

With Sasl:

  • a remote SMTP client can authenticate to the Postfix SMTP server,
  • the Postfix SMTP client can authenticate to a remote SMTP server

More Postfix - SASL (SMTP Authorization)

smtpd_forbidden_commands

default to (CONNECT, GET, POST)

List of commands that cause the Postfix SMTP server to immediately terminate the session with a 221 code.

Version

postconf mail_version
# or
yum info postfix

Log

  • /var/log/maillog
  • /var/log/messages – Contains global system messages, including the messages that are logged during system startup.

See:


Powered by ComboStrap