About
Postfix 1) is a SMTP server, supporting LDAP, SMTP AUTH (SASL), TLS
The postfix installation installs also an alias to the sendmail command line.
Security / Privileges
- What is SMTP? Doc - the SMTP server rejects mail for unknown recipients.
SMTP servers need to decide whether an SMTP client is authorized to send mail:
- to remote destinations,
- or only to destinations that the server itself is responsible for.
Once a remote client is authenticated, a server generally give the same network privileges.
Relaying is allowed only for authenticated users, and IP addresses you specify in mynetworks.
Configuration
Respond
nmap -Pn -p T:25 server
Starting Nmap 7.80 ( https://nmap.org ) at 2020-06-15 13:54 W. Europe Daylight Time
Nmap scan report for nico.gerardnico.com (xxxxxx)
Host is up.
PORT STATE SERVICE
25/tcp filtered smtp
Nmap done: 1 IP address (1 host up) scanned in 3.16 seconds
Parameters
mydestination
Which mail should be saved on the machine
- If you don't want to store email for a specific domain on the server leave it untouch
mydestination = $myhostname, localhost.$mydomain, localhost
inet_interfaces
postconf.5.html: Example of value and their consequence
- all
netstat -tulpn | egrep (master|:25)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 5611/master
- 163.132.99.201, 127.0.0.1
netstat -tulpn | egrep (master|:25)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2413/master
tcp 0 0 163.132.99.201:25 0.0.0.0:* LISTEN 2413/master
Mailbox
The home_mailbox parameter specifies the optional pathname of a mailbox file relative to a user's home directory. The default mailbox file is /var/spool/mail/user or /var/mail/user.
home_mailbox = Mailbox
# for qmail-style delivery (the / is required).
home_mailbox = Maildir/
where:
- Maildir separates messages into individual files that are then moved between directories based on user action.
- Mailbox stores all messages within a single file.
Virtual
Sasl authentication
With Sasl:
- a remote SMTP client can authenticate to the Postfix SMTP server,
- the Postfix SMTP client can authenticate to a remote SMTP server
smtpd_forbidden_commands
default to (CONNECT, GET, POST)
List of commands that cause the Postfix SMTP server to immediately terminate the session with a 221 code.
Version
postconf mail_version
# or
yum info postfix
Log
- /var/log/maillog
- /var/log/messages – Contains global system messages, including the messages that are logged during system startup.
See:
- postconf.5.html = mail
- postconf.5.html = ${multi_instance_name:postfix}${multi_instance_name?$multi_instance_name}