Mail

How To Install and Configure Postfix as a Send-Only SMTP Server on Ubuntu 22.04 | DigitalOcean

The author has selected the free and open source fund to receive a donation as part of the write for donations program.

intro

postfix is ​​a mail transfer agent (mta), an application used to send and receive email. can be configured so that it can be used to send emails by local application only. this is useful in situations where you need to regularly send email notifications from your apps or have a lot of outgoing traffic that a third-party email service provider won’t allow. it is also a lighter weight alternative to running a full smtp server, while retaining the required functionality.

In this tutorial, you will install and configure postfix as a send-only smtp server. It will also request free tls certificates from let’s encrypt for your domain and encrypt outgoing emails using them.

requirements

  • an ubuntu 22.04 server configured with the initial ubuntu 22.04 server setup, including creating a non-root sudo user.
  • a fully registered domain name. this tutorial will use your_domain throughout. you can buy a domain name on namecheap, get one for free on freenom, or use the domain registrar of your choice.
  • a record to dns with your_domain pointing to your server’s public IP adress. you can follow this introduction to digitalocean dns for details on how to add them.

step 1: install postfix

In this step, you will install postfix. the quickest way is to install the mailutils package, which includes postfix with some plug-ins that you’ll use to test sending email.

first, update the package database:

  1. sudo apt update

then install postfix by running the following command:

  1. sudo apt install mailutils

near the end of the installation process, you will be presented with the postfix configuration window:

Select Internet Site from the menu, then press TAB to select <Ok>, then ENTER

default is internet site. that’s the recommended option for your use case, so press tab then enter. if you only see the description text, press tab to select ok, then enter.

if it doesn’t appear automatically, run the following command to start it:

  1. sudo dpkg-reconfigure postfix

after that you will get another configuration prompt regarding system mail name:

Enter your domain name, then press TAB to select <Ok>, ENTER

The system mail name should be the same as the one you assigned to your server when you were creating it. when you’re done, press tab, followed by enter.

You have already installed postfix and are ready to start configuring it.

See Also:  Beware of the United States Treasury Check Scam

step 2: configure postfix

In this step, you will configure postfix to send and receive email only from the server it is running on, i.e. from localhost.

For that to happen, you need to configure postfix to listen only on the loopback interface, the virtual network interface that the server uses to communicate internally. To make the changes, you’ll need to edit the main postfix configuration file called main.cf, stored in etc/postfix.

open it for editing using nano or your favorite text editor:

  1. sudo nano /etc/postfix/main.cf

search for the following lines:

set the value of the inet_interfaces setting to loopback-only:

If your domain is actually a subdomain and you want emails to appear to be sent from the main domain, you can add the following line to the end of main.cf:

The optional masquerade_domains setting specifies the domain for which the subdomain in the email address will be removed.

When you’re done, save and close the file.

then restart postfix by running the following command:

  1. sudo systemctl restart postfix

configured postfix to only send email from your server. Now you’ll test it by sending an example message to an email address.

step 3: test the smtp server

In this step, you will test whether postfix can send email to an external email account using the mail command, which is part of the mailutils package you installed in the first step.

To send a test email, run the following command:

  1. echo “this is the body of the email” | mail -s “this is the subject line” your_email_address

You can change the body and subject of the email to your liking. remember to replace your_email_address with a valid email address that you can access.

Now, check the email address you sent this message to. you should see the message in your inbox. if it’s not there, check your spam folder. At this point, all the emails you send are not encrypted, leading service providers to think it’s likely spam. you’ll configure encryption later, in step 5.

If you get an error from the mail command or haven’t received a message after a long period of time, check that the postfix configuration you edited is valid and that your server name and hostname are set to your domain.

See Also:  Why is Yahoo mail not Working on Chrome

Note that with this setting, the address in the field of test emails you send will be in the form of your_user_name@your_domain, where your_user_name is the username of the server user you ran the command under.

You have already sent an email from your server and verified that it was received successfully. In the next step, you will configure email forwarding for root.

step 4: system mail forwarding

In this step, you’ll set up email forwarding for the root user so that system-generated messages sent to you on your server are forwarded to an external email address.

The /etc/aliases file contains a list of alternative names for email recipients. open it for editing:

  1. sudo nano /etc/aliases

in its default state, it looks like this:

the only directive present specifies that system generated emails are sent to the root.

add the following line to the end of the file:

With this line, you specify that emails sent to the root will be forwarded to an email address. remember to replace your_email_address with your personal email address. When you’re done, save and close the file.

For the change to take effect, run the following command:

  1. sudo new aliases

running newaliases will create a database of aliases used by the mail command, which are taken from the configuration file you just edited.

test that sending emails to root works by running:

  1. echo “this is the body of the email” | mail -s “this is the subject line” root

You should receive the email at your email address. if it’s not there, check your spam folder.

In this step, you set up forwarding of system-generated messages to your email address. It will now enable message encryption so that all email sent by your server is immune to tampering in transit and is considered more legitimate.

step 5: enable smtp encryption

You will now enable smtp encryption by requesting a free tls certificate from let’s encrypt for your domain (using certbot) and configuring postfix to use it when sending messages.

ubuntu includes certbot in its default package repositories, so you can install it by running the following command:

  1. sudo apt install certbot

When prompted for confirmation, type y and press enter.

See Also:  Bridget Fonda, 58, looks UNRECOGNIZABLE as shy movie star is seen out for the first time in 12 years | Daily Mail Online

As part of the initial server setup in the prerequisites, you installed ufw, the hassle-free firewall. you will need to configure it to allow http port 80, so that the domain verification can be completed. run the following command to enable it:

  1. sudo ufw allows 80

the output will look like this:

now that the port is open, run certbot to get a certificate:

  1. sudo certbot certonly -standalone -rsa-key-size 4096 -agree-tos -preferred-challenges http -d your_domain

This command instructs certbot to issue certificates with an rsa key size of 4096 bits, run a temporary standalone web server (-standalone) for verification, and verify over port 80 (-preferred-challenges http). remember to replace your_domain with your domain before running the command and enter your email address when prompted.

the result will be similar to this:

As written in the notes, your certificate and private key file were saved to /etc/letsencrypt/live/your_domain.

now that you have your certificate, open main.cf to edit it:

  1. sudo nano /etc/postfix/main.cf

find the following section:

modify it to look like this, replacing your_domain with your domain where necessary. this will update the tls configuration for postfix:

once you’re done, save and close the file.

apply changes by restarting postfix:

  1. sudo systemctl restart postfix

now try sending an email again:

  1. echo “this is the body of an encrypted email” | mail -s “this is the subject line” root

then verify the email address you provided. you may see the message in your inbox right away because email providers are much more likely to mark unencrypted messages as spam.

You can check the technical information about the email message in your client to see if the message is encrypted.

conclusion

You now have a send-only email server, powered by postfix. encrypting all outgoing messages is an effective first step to prevent email providers from marking your messages as spam. if you’re doing this in a development scenario, then this should be enough.

However, if your use case is to send emails to potential site users (like confirmation emails to sign up for a message board) or popular email providers, like gmail, consider setting up spf records, to your server, the emails are even more likely to be considered legitimate.

Leave a Reply

Your email address will not be published. Required fields are marked *