qubes-doc/Postfix.md
Marek Marczykowski-Górecki 8a6890174d Fix /wiki/ -> /doc/, add slash at the end
Addresses without a slash are redirected to a version with slash, but with
forced protocol http instead of https.
2015-05-08 17:42:43 +02:00

4.7 KiB

layout title permalink redirect_from
doc Postfix /doc/Postfix/ /wiki/Postfix/

Postfix

Postfix is full featured MTA (Message Transfer Agent). Here we will configure it in smarthost mode as part of common Mutt+Postfix+Fetchmail stack.

Installation

yum install postfix procmail make

Procmail is not strictly neccessary, but is useful to sort your incoming mail, for example to put each mailing list in its own directory. Make is also not neccessary, but is used to keep Postfix lookup tables. You should also check alternatives command, to see if it is the default mta. It probably is not. You may need to yum remove ssmtp or something.

Configuration

In TemplateVM open /etc/aliases and add line:

{% highlight trac-wiki %} root: user {% endhighlight %}

and run newaliases.

This is the only thing to do in TemplateVM, as MTA configuration is AppVM specific, so we will keep it in /usr/local (ie. /rw/usrlocal) in each AppVM.

Now shutdown TemplateVM, start AppVM. Create directory /usr/local/etc/postfix and copy /etc/postfix/master.cf there.

Makefile

Postfix keeps its lookup tables in bdb hash databases. They need to be compiled from source files. Postfix admins like to keep track of them by means of /usr/local/etc/postfix/Makefile:

{% highlight trac-wiki %} all: $(addsuffix .db,$(shell sed -n -e '/^[^#].hash:/etc/postfix/s:./::p' main.cf)) newaliases clean: $(RM) *.db .PHONY: all clean

%.db: % /usr/sbin/postmap hash:$< {% endhighlight %}

Postfix main configuration

/usr/local/etc/postfix/main.cf (/etc/postfix is intentional, don't correct it):

{% highlight trac-wiki %} mydestination = $myhostname, $myhostname.$mydomain, $myhostname.localdomain, localhost, localhost.$mydomain, localhost.localdomain, $mydomain, localdomain mynetworks_style = host

inet_protocols = ipv4

smtp_generic_maps = hash:/etc/postfix/generic local_header_rewrite_clients =

smtp_sender_dependent_authentication = yes sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/saslpass smtp_sasl_security_options = smtp_tls_security_level = encrypt smtp_sasl_mechanism_filter = plain, login smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

home_mailbox = .maildir/ setgid_group = postdrop mail_owner = postfix

html_directory = no manpage_directory = /usr/share/man queue_directory = /var/spool/postfix readme_directory = no

mailbox_command = /usr/bin/procmail sendmail_path = /usr/sbin/sendmail newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq alias_maps = hash:/etc/aliases {% endhighlight %}

Lookup tables

/usr/local/etc/postfix/generic (put there your primary address):

{% highlight trac-wiki %} @localhost your.mail@example.com {% endhighlight %}

/usr/local/etc/postfix/sender_relay. This is important file. Put there all your SMTP servers. Pay attention to port (smtp/submission). Square brackets have their special meaning, they are almost certainly needed. For more info consult Postfix manual.

{% highlight trac-wiki %} your.mail@exmaple.com [mail.example.com]:submission your.other@mail.com [smtp.mail.com]:smtp {% endhighlight %}

/usr/local/etc/postfix/saslpass. Here you put passwords to abovementioned servers. It depends on provider if you need to put whole email as username or just the part before @.

{% highlight trac-wiki %} [mail.example.com]:submission your.mail:y0urP4ssw0rd [smtp.mail.com]:smtp your.other@mail.com:supers3cret {% endhighlight %}

/usr/local/etc/postfix/sender_access. I use it to nullroute known spam domains. If you do not need it, comment respective line in main.cf.

{% highlight trac-wiki %} spamdomain1.com DISCARD spamdomain2.com DISCARD {% endhighlight %}

Now run make in /usr/local/etc/postfix. It will hopefully compile four abovementioned lookup tables (generic.db, sender_relay.db, saslpass.db and sender_access).

procmail

Don't start postfix or fetchmail yet, first create /home/user/.procmailrc:

{% highlight trac-wiki %} MAILDIR = "${HOME}/.maildir" ORGMAIL = "${MAILDIR}/" DEFAULT = "${MAILDIR}/"

:0

  • ^List-Id:.*qubes-users.googlegroups.com list/qubes-users/

:0

  • ^List-Id:.*qubes-devel.googlegroups.com list/qubes-devel/ {% endhighlight %}

Run

Open /rw/config/rc.local and add those two lines (before fetchmail lines, if you have them):

{% highlight trac-wiki %} #!/bin/sh

mount --bind /usr/local/etc/postfix /etc/postfix systemctl --no-block start postfix {% endhighlight %}

Reboot your AppVM and you are done.