Prerequisite

• privkey.pem file
• fullchain.pem file

Installing Postfix

Run the following commands:

sudo apt-get update
sudo apt-get install postfix

Configuring Postfix

1. Run the following command:

   sudo dpkg-reconfigure postfix

   Configuration questions:

   1. Select OK to proceed.
   2. Choose Internet Site.
   3. System Mail Name: <EMAIL_DOMAIN>
   4. Other destinations for mail: <EMAIL_DOMAIN>, localhost.<EMAIL_DOMAIN>, localhost
   5. Force synchronous updates on mail queue?: No
   6. Local networks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
   7. Use procmail for local delivery?: No
   8. Mailbox size limit (bytes): 0
   9. Local address extension character: +
   10. Internet protocols to use: all

   Feel free to answer the preceding questions based on your setup. Just replace the EMAIL_DOMAIN (i.e. example.com) with a valid value.

2. Create the following folder:

   /etc/postfix/ssl

3. Copy the your privkey.pem and fullchain.pem to /etc/postfix/ssl.
4. Do additional configurations by executing the following commands:

   sudo postconf -e 'smtpd_sasl_local_domain ='
   sudo postconf -e 'smtpd_sasl_auth_enable = yes'
   sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
   sudo postconf -e 'broken_sasl_auth_clients = yes'
   sudo postconf -e 'smtpd_recipient_restrictions =  permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
   sudo postconf -e 'inet_interfaces = all'
   sudo postconf -e 'smtp_tls_security_level = may'
   sudo postconf -e 'smtpd_tls_security_level = may'
   sudo postconf -e 'smtpd_tls_auth_only = no'
   sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
   sudo postconf -e 'smtpd_tls_loglevel = 1'
   sudo postconf -e 'smtpd_tls_received_header = yes'
   sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
   sudo postconf -e 'tls_random_source = dev:/dev/urandom'	
   sudo postconf -e 'mua_client_restrictions = permit_sasl_authenticated,reject'
   sudo postconf -e 'mua_helo_restrictions = permit_mynetworks, permit_sasl_authenticated'
   sudo postconf -e 'mua_sender_restrictions = permit_sasl_authenticated'
   sudo postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/privkey.pem'
   sudo postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/fullchain.pem'
   sudo postconf -e 'myhostname = ronella.xyz'

5. Create or update the /etc/postfix/sasl/smtpd.conf with the following:

   pwcheck_method: saslauthd
   mech_list: plain login

6. In the /etc/postfix/master.cf file, uncomment the submission section and must be like the following entries:

   submission inet n       -       y       -       -       smtpd
     -o syslog_name=postfix/submission
     -o smtpd_tls_security_level=encrypt
     -o smtpd_sasl_auth_enable=yes
     -o smtpd_reject_unlisted_recipient=no
     -o smtpd_client_restrictions=$mua_client_restrictions
     -o smtpd_helo_restrictions=$mua_helo_restrictions
     -o smtpd_sender_restrictions=$mua_sender_restrictions
     -o smtpd_recipient_restrictions=
     -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
     -o milter_macro_daemon_name=ORIGINATING

7. Also in the same file, uncomment the smtps section and must be like the following entries:

   smtps     inet  n       -       y       -       -       smtpd
     -o syslog_name=postfix/smtps
     -o smtpd_tls_wrappermode=yes
     -o smtpd_sasl_auth_enable=yes
     -o smtpd_reject_unlisted_recipient=no
     -o smtpd_client_restrictions=$mua_client_restrictions
     -o smtpd_helo_restrictions=$mua_helo_restrictions
     -o smtpd_sender_restrictions=$mua_sender_restrictions
     -o smtpd_recipient_restrictions=
     -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
     -o milter_macro_daemon_name=ORIGINATING

8. Update the owner and group of /var/spool/postfix directory to become postfix as follows:

   sudo chown postfix:postfix /var/spool/postfix

9. Restart the postfix service with the following command:

   sudo systemctl restart postfix

Installing SASL

Run the following command:

sudo apt-get install libsasl2-2 sasl2-bin libsasl2-modules

Configuring SASL

1. Open the /etc/default/saslauthd file for editing.
2. Search for START=no and change it like the following:

   START=yes

3. Add the following entries just after preceding entry:

   PWDIR="/var/spool/postfix/var/run/saslauthd"
   PARAMS="-m ${PWDIR}"
   PIDFILE="${PWDIR}/saslauthd.pid"

4. Search for OPTIONS="-c -m /var/run/saslauthd" and change it like the following:

   OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

5. Update the dpkg state using the following command:

   sudo dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd

6. Create a symbolic link using the following command:

   sudo ln -s /etc/default/saslauthd /etc/saslauthd

7. Restart the sasl service using the following command:

   sudo service saslauthd restart

Installing Dovecot

Run the following command:

sudo apt-get install dovecot-core dovecot-imapd dovecot-pop3d

The default location of the mail directory is /var/mail.

Configuring Dovecot

1. Update the certificate location in the file /etc/dovecot/conf.d/10-ssl.conf to be as follows:

   ssl_cert = </etc/postfix/ssl/fullchain.pem
   ssl_key = </etc/postfix/ssl/privkey.pem

2. Restart the dovecot service using the following command:

   sudo service dovecot restart

Related Posts
Basic Postfix Management
Creating an Email Alias
MailScanner with Postfix