Postfix
Best Postfix Documentation: http://www.postfix.org/BASIC_CONFIGURATION_README.html
postfix - Postfix control program
The postfix(1) command controls the operation of the Postfix mail system. To submit mail, use the Postfix sendmail(1) command.
Postfix has several hundred configuration parameters that are controlled via the main.cf file. Fortunately, all parameters have sensible default values. In many cases, you need to configure only two or three parameters before you can start to play with the mail system.
Postfix Configuration Files
By default, Postfix configuration files are in /etc/postfix. The two most important files are main.cf and master.cf;
In /etc/postfix/main.cf you will have to set up a minimal number of configuration parameters. Postfix configuration parameters resemble shell variables, with two important differences: the first one is that Postfix does not know about quotes like the UNIX shell does.
You specify a configuration parameter as:
/etc/postfix/main.cf:
parameter = value
and you use it by putting a "$" character in front of its name:
other_parameter = $parameter
Whenever you make a change to the main.cf or master.cf file, execute the following command as root in order to refresh a running mail system:
$ postfix reload # or $ systemctl restart postfix
Learn more here:
Best Postfix Documentation: http://www.postfix.org/BASIC_CONFIGURATION_README.html
What Domain Name to use in Outbound Mail
The myorigin parameter specifies the domain that appears in mail that is posted on this machine. The default is to use the local machine name, $myhostname, which defaults to the name of the machine. Unless you are running a really small site, you probably want to change that into $mydomain, which defaults to the parent domain of the machine name.
For the sake of consistency between sender and recipient addresses, myorigin also specifies the domain name that is appended to an unqualified recipient address.
Examples (specify only one of the following): /etc/postfix/main.cf:
myorigin = $myhostname (default: send mail as "user@$myhostname") myorigin = $mydomain (probably desirable: "user@$mydomain")
Learn more here:
Best Postfix Documentation: http://www.postfix.org/BASIC_CONFIGURATION_README.html
What Domains to Receive Mail For
The mydestination parameter specifies what domains this machine will deliver locally, instead of forwarding to another machine. The default is to receive mail for the machine itself.
Example 1: default setting.
mydestination = $myhostname localhost.$mydomain localhost
Example 2: domain-wide mail server.
mydestination = $myhostname localhost.$mydomain localhost $mydomain
Example 3: host with multiple DNS A records.
mydestination = $myhostname localhost.$mydomain localhost www.$mydomain ftp.$mydomain
Caution: in order to avoid mail delivery loops, you must list all hostnames of the machine, including $myhostname, and localhost.$mydomain.
Learn more here:
Best Postfix Documentation: http://www.postfix.org/BASIC_CONFIGURATION_README.html
What Clients to Relay Mail From
By default, Postfix will forward mail from clients in authorized network blocks to any destination. Authorized networks are defined with the mynetworks configuration parameter. The current default is to authorize the local machine only. Prior to Postfix 3.0, the default was to authorize all clients in the IP subnetworks that the local machine is attached to.
IMPORTANT: If your machine is connected to a wide area network then the "mynetworks_style = host" setting may be too friendly.
Examples (specify only one of the following):
mynetworks_style = subnet (not safe on a wide area network/default) mynetworks_style = host (authorize local machine only) mynetworks = 127.0.0.0/8 (authorize local machine only) mynetworks = 127.0.0.0/8 168.100.189.2/32 (authorize local machine) mynetworks = 127.0.0.0/8 168.100.189.2/28 (authorize local networks)
You can specify the trusted networks in the main.cf file, or you can let Postfix do the work for you. The default is to let Postfix do the work. The result depends on the mynetworks_styl parameter value.
Specify "mynetworks_style = host" when Postfix should forward mail from only the local machine.
Specify "mynetworks_style = subnet" (the default) when Postfix should forward mail from SMTP clients in the same IP subnetworks as the local machine. On Linux, this works correctly only with interfaces specified with the "ifconfig" command.
Alternatively, you can specify the mynetworks list by hand, in which case Postfix ignores the mynetworks_style setting. To specify the list of trusted networks by hand, specify network blocks in CIDR (network/mask) notation, for example:
mynetworks = 168.100.189.0/28, 127.0.0.0/8 mynetworks = [CIDR/subnet of source instance]
You can also specify the absolute pathname of a pattern file instead of listing the patterns in the main.cf file.
Learn more here:
Best Postfix Documentation: http://www.postfix.org/BASIC_CONFIGURATION_README.html
What Destinations to Relay Mail To
By default, Postfix will forward mail from strangers (clients outside authorized networks) to authorized remote destinations only. Authorized remote destinations are defined with the relay_domains configuration parameter. The default is to authorize all domains (and subdomains) of the domains listed with the mydestination parameter.
Examples (specify only one of the following):
relay_domains = $mydestination (default) relay_domains = (safe: never forward mail from strangers) relay_domains = $mydomain (forward mail to my domain and subdomains)
Learn more here: Best Postfix Documentation: http://www.postfix.org/BASIC_CONFIGURATION_README.html
What Delivery method: Direct or Indirect
By default, Postfix tries to deliver mail directly to the Internet.
Depending on your local conditions this may not be possible or desirable. For example, your system may be turned off outside office hours, it may be behind a firewall, or it may be connected via a provider who does not allow direct mail to the Internet.
In those cases you need to configure Postfix to deliver mail indirectly via a relay host.
Examples (specify only one of the following):
relayhost = (default: direct delivery to Internet) relayhost = $mydomain (deliver via local mailhub) relayhost = [mail.$mydomain] (deliver via local mailhub) relayhost = [mail.isp.tld] (deliver via provider mailhub) relayhost = [ip of internal exchange server/destination]
The form enclosed with [] eliminates DNS MX lookups. Don't worry if you don't know what that means. Just be sure to specify the [] around the mailhub hostname that your ISP gave to you, otherwise mail may be mis-delivered.
Learn more here: Best Postfix Documentation: http://www.postfix.org/BASIC_CONFIGURATION_README.html
My Own Network Addresses
The inet_interfaces parameter specifies all network interface addresses that the Postfix system should listen on; mail addressed to "user@[network address]" will be delivered locally, as if it is addressed to a domain listed in $mydestination.
You can override the inet_interfaces setting in the Postfix master.cf file by prepending an IP address to a server name.
The default is to listen on all active interfaces. If you run mailers on virtual interfaces, you will have to specify what interfaces to listen on.
IMPORTANT: If you run MTAs on virtual interfaces you must specify explicit inet_interfaces values for the MTA that receives mail for the machine itself: this MTA should never listen on the virtual interfaces or you would have a mailer loop when a virtual MTA is down.
Example: default setting.
inet_interfaces = all
Example: host running one or more virtual mailers. For each Postfix instance, specify only one of the following.
inet_interfaces = virtual.host.tld (virtual Postfix) inet_interfaces = $myhostname localhost... (non-virtual Postfix)
Example: Loopback:
inet_interfaces = localhost
Note: you need to stop and start Postfix after changing this parameter.
Learn more here: Best Postfix Documentation: http://www.postfix.org/BASIC_CONFIGURATION_README.html
Postfix Logging
Log file: /var/log/maillog
To check
$ postfix check $ egrep '(reject|warning|error|fatal|panic):' /some/log/file
Learn more here: Best Postfix Documentation: http://www.postfix.org/BASIC_CONFIGURATION_README.html
Work Experience
Configure Postfix Server to be a Relay server
6944138241
- Source/Instance/Lambda ==> Postfix (instance) ==> Internal Exchange Server ==> Proofpoint ==> Destination.
In this scenario, the user's set up was that Postfix is supposed to essentially be a "pass-through" for emails coming from source, and forwards it to their internal exchange server, to send it to Proofpoint (proofpoint only accepts Office365 mail), and then Proofpoint sends the email out to the destination.
The error: Relay Access Denied.
Solution:
1. Modify the Postfix configuration file: /etc/postfix/main.cf
- The inet_interfaces parameter specifies all network interface addresses that the Postfix system should listen on. If inet_interfaces = localhost, then when you run "$ netstat -tlpna" you will see loopback/localhost on the port (25).
inet_interfaces = all
2. By default, Postfix will forward mail from clients in authorized network blocks (subnets) to any destination. Authorized networks are defined with the mynetworks configuration parameter.
mynetworks = [source IP subnet]
3. By default, Postfix tries to deliver mail directly to the Internet. Depending on your local conditions this may not be possible or desirable. For example, your system may be turned off outside office hours, it may be behind a firewall, or it may be connected via a provider who does not allow direct mail to the Internet.
- In those cases you need to configure Postfix to deliver mail indirectly via a relay host. Once we did this we were able to send mail from the Postfix server to the destination THROUGH the internal exchange server IP address.
relayhost = [internal exchange server Ip address]
Case summary/notes:
- After I helped reconfigure Postfix, the Postfix instance is now able to send email out.
- however, when another instance tried to send mail and use the Postfix instance as relay server to send email out, they were getting "Relay Access Denied" error.
- Looking at the Postfix documentation[1], the parameter that control this behaviour is "mynetworks_style" and "mynetworks". By default, "mynetworks_style" is set to "subnet" meaning only instance from the same subnet as the Postfix instance would be able to relay through it.
- To loosen this restriction, specify "mynetworks = 10.0.0.0/8" into the /etc/postfix/main.cf file. This successfully resolve the relay error and they were able to send email from the source instance.
How to fix Postfix/SMTP Network is unreachable error
Howto fix postfix/smtp Network is unreachable error
https://www.e2enetworks.com/help/knowledge-base/howto-fix-postfixsmtp-network-is-unreachable-error/
How to configure: https://devops.ionos.com/tutorials/configure-a-postfix-relay-through-gmail-on-centos-7/ https://easyengine.io/tutorials/linux/ubuntu-postfix-gmail-smtp/
(SASL authentication failed; server smtp.gmail.com[108.177.15.109] said: 534-5.7.14 <https://accounts.google.com/signin/continue?sarp=1&scc=1&plt=AKgnsbt?534-5.7.14 3BdobI8Ya3TFPa14T3pnnT2erHQzE_1WGwWgWAG8-HEQ9JFf1IVe3CjwNLdjfz0mTq5RP?534-5.7.14 twD9wKNGruqcRmmN4Jai4ZijirtaVuicvrhntrsd4Q-1JYHA3SaChq-6kSMP_KPi>?534-5.7.14 Please log in via your web browser and then try again.?534-5.7.14 Learn more at?534 5.7.14 https://support.google.com/mail/answer/78754 s15sm56037482wrr.45 - gsmtp)
Fixes:
https://support.google.com/mail/answer/7126229?visit_id=637196211510431921-874501428&rd=2#cantsignin
Per my experience, doing the "DisplayUnlockCaptcha" thing worked.
https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-16-04
https://www.linux.com/training-tutorials/how-install-and-test-postfix-mail-server/
https://support.plesk.com/hc/en-us/articles/213914245-Mail-delivery-fails-Error-554-host-refused-to-talk-to-me
http://www.techspacekh.com/configuring-postfix-to-relay-mail-to-local-exchange-mail-server-in-rhel-centos-7/