Postfix Installation (Debian Lenny)¶
This document will describe how to install Postfix as a local mail server relay to sent local system mail to real world email recipients like e.g. system administrator(s).
For that, install postfix and libsasl2 packages first. Select Local, when requested to select an installation option.
apt-get install postfix libsasl2-modules
Then, setup postfix as local smtp mail relay server. First, consider the following options in /etc/postfix/main.cf. The remaining options should be left to their default values.
### localhost only ### mydestination = $myhostname, localhost.$mydomain, localhost mynetworks = 127.0.0.0/8 inet_interfaces = all ### redirect root mail to system administrator ### alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases ### mail relay host and password ### relayhost = mail.arcor.de smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd ### configure TLS connection to relay host ### smtp_tls_security_level = encrypt #smtp_tls_CApath = /etc/ssl/certs smtp_tls_CAfile = /etc/ssl/certs/Thawte_Premium_Server_CA.pem smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_sasl_tls_security_options = noanonymous
The first block limits the accessibility of the mail server to localhost. That way, any incoming internet requests should be rejected.
Regarding the alias_maps directives, mail redirection (e.g. for system user root) can be redirected to a "real world" email recipient. The aliases must be definied in /etc/aliases (.e.g . postmaster->root, root->email@example.com).
root: firstname.lastname@example.org postmaster: root
Also, /etc/aliases must be hashed using the postalias command.
Next, the smtp server to which any outgoing mails were relayed to must be defined. If you can use an internal mail server which does not require to login before sending emails (e.g. ip-address authentication), you can omit the next paragraph.
Currently, we are using the free mail hoster mail.arcor.de, because it permits to relay emails with any sender domain. In order to submit the user credentials required for login, create /etc/postfix/sasl_passwd and define your mail relay host and login credentials as follows.
The file must be hashed using the postmap command.
Then, the remaining block configures TLS/SSL negotiations (hopefully supported by your mail provider). The security level should be set to encrypt (passwords are sent!) and the rootCA certificate of the mail relay server (e.g. Thawte Premium for arcor.de).
Using the smtp_tls_CApath directive pointing to the default certificate directory /etc/ssl/certs which will be installed along with the ssl-cert package did not work for me ?!
Finally, restart the postfix server as usual.