mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2024-10-01 01:25:40 -04:00
8a6890174d
Addresses without a slash are redirected to a version with slash, but with forced protocol http instead of https.
151 lines
4.7 KiB
Markdown
151 lines
4.7 KiB
Markdown
---
|
|
layout: doc
|
|
title: Postfix
|
|
permalink: /doc/Postfix/
|
|
redirect_from: /wiki/Postfix/
|
|
---
|
|
|
|
Postfix
|
|
=======
|
|
|
|
Postfix is full featured MTA (Message Transfer Agent). Here we will configure it in smarthost mode as part of common [Mutt](/doc/Mutt/)+Postfix+[Fetchmail](/doc/Fetchmail/) stack.
|
|
|
|
Installation
|
|
------------
|
|
|
|
`yum install postfix procmail make`
|
|
|
|
Procmail is not strictly neccessary, but is useful to sort your incoming mail, for example to put each mailing list in its own directory. Make is also not neccessary, but is used to keep Postfix lookup tables. You should also check `alternatives` command, to see if it is the default `mta`. It probably is not. You may need to `yum remove ssmtp` or something.
|
|
|
|
Configuration
|
|
-------------
|
|
|
|
In TemplateVM open `/etc/aliases` and add line:
|
|
|
|
{% highlight trac-wiki %}
|
|
root: user
|
|
{% endhighlight %}
|
|
|
|
and run `newaliases`.
|
|
|
|
This is the only thing to do in TemplateVM, as MTA configuration is AppVM specific, so we will keep it in `/usr/local` (ie. `/rw/usrlocal`) in each AppVM.
|
|
|
|
Now shutdown TemplateVM, start AppVM. Create directory `/usr/local/etc/postfix` and copy `/etc/postfix/master.cf` there.
|
|
|
|
### Makefile
|
|
|
|
Postfix keeps its lookup tables in bdb hash databases. They need to be compiled from source files. Postfix admins like to keep track of them by means of `/usr/local/etc/postfix/Makefile`:
|
|
|
|
{% highlight trac-wiki %}
|
|
all: $(addsuffix .db,$(shell sed -n -e '/^[^#].*hash:\/etc\/postfix/s:.*/::p' main.cf))
|
|
newaliases
|
|
clean:
|
|
$(RM) *.db
|
|
.PHONY: all clean
|
|
|
|
%.db: %
|
|
/usr/sbin/postmap hash:$<
|
|
{% endhighlight %}
|
|
|
|
### Postfix main configuration
|
|
|
|
`/usr/local/etc/postfix/main.cf` (`/etc/postfix` is intentional, don't correct it):
|
|
|
|
{% highlight trac-wiki %}
|
|
mydestination = $myhostname, $myhostname.$mydomain, $myhostname.localdomain, localhost, localhost.$mydomain, localhost.localdomain, $mydomain, localdomain
|
|
mynetworks_style = host
|
|
|
|
inet_protocols = ipv4
|
|
|
|
smtp_generic_maps = hash:/etc/postfix/generic
|
|
local_header_rewrite_clients =
|
|
|
|
smtp_sender_dependent_authentication = yes
|
|
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
|
|
smtp_sasl_auth_enable = yes
|
|
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
|
|
smtp_sasl_security_options =
|
|
smtp_tls_security_level = encrypt
|
|
smtp_sasl_mechanism_filter = plain, login
|
|
smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination
|
|
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access
|
|
|
|
home_mailbox = .maildir/
|
|
setgid_group = postdrop
|
|
mail_owner = postfix
|
|
|
|
html_directory = no
|
|
manpage_directory = /usr/share/man
|
|
queue_directory = /var/spool/postfix
|
|
readme_directory = no
|
|
|
|
mailbox_command = /usr/bin/procmail
|
|
sendmail_path = /usr/sbin/sendmail
|
|
newaliases_path = /usr/bin/newaliases
|
|
mailq_path = /usr/bin/mailq
|
|
alias_maps = hash:/etc/aliases
|
|
{% endhighlight %}
|
|
|
|
### Lookup tables
|
|
|
|
`/usr/local/etc/postfix/generic` (put there your primary address):
|
|
|
|
{% highlight trac-wiki %}
|
|
@localhost your.mail@example.com
|
|
{% endhighlight %}
|
|
|
|
`/usr/local/etc/postfix/sender_relay`. This is important file. Put there all your SMTP servers. Pay attention to port (smtp/submission). Square brackets have their special meaning, they are almost certainly needed. For more info consult Postfix manual.
|
|
|
|
{% highlight trac-wiki %}
|
|
your.mail@exmaple.com [mail.example.com]:submission
|
|
your.other@mail.com [smtp.mail.com]:smtp
|
|
{% endhighlight %}
|
|
|
|
`/usr/local/etc/postfix/saslpass`. Here you put passwords to abovementioned servers. It depends on provider if you need to put whole email as username or just the part before `@`.
|
|
|
|
{% highlight trac-wiki %}
|
|
[mail.example.com]:submission your.mail:y0urP4ssw0rd
|
|
[smtp.mail.com]:smtp your.other@mail.com:supers3cret
|
|
{% endhighlight %}
|
|
|
|
`/usr/local/etc/postfix/sender_access`. I use it to nullroute known spam domains. If you do not need it, comment respective line in `main.cf`.
|
|
|
|
{% highlight trac-wiki %}
|
|
spamdomain1.com DISCARD
|
|
spamdomain2.com DISCARD
|
|
{% endhighlight %}
|
|
|
|
Now run `make` in `/usr/local/etc/postfix`. It will hopefully compile four abovementioned lookup tables (`generic.db`, `sender_relay.db`, `saslpass.db` and `sender_access`).
|
|
|
|
### procmail
|
|
|
|
Don't start postfix or fetchmail yet, first create `/home/user/.procmailrc`:
|
|
|
|
{% highlight trac-wiki %}
|
|
MAILDIR = "${HOME}/.maildir"
|
|
ORGMAIL = "${MAILDIR}/"
|
|
DEFAULT = "${MAILDIR}/"
|
|
|
|
:0
|
|
* ^List-Id:.*qubes-users\.googlegroups\.com
|
|
list/qubes-users/
|
|
|
|
:0
|
|
* ^List-Id:.*qubes-devel\.googlegroups\.com
|
|
list/qubes-devel/
|
|
{% endhighlight %}
|
|
|
|
Run
|
|
---
|
|
|
|
Open `/rw/config/rc.local` and add those two lines (before fetchmail lines, if you have them):
|
|
|
|
{% highlight trac-wiki %}
|
|
#!/bin/sh
|
|
|
|
mount --bind /usr/local/etc/postfix /etc/postfix
|
|
systemctl --no-block start postfix
|
|
{% endhighlight %}
|
|
|
|
Reboot your AppVM and you are done.
|