Raspberry Pi Email Server Part 1: Postfix

Powered by Drupal
Submitted by Sam Hobbs on

Postfix Logo This is the first part of a five part tutorial that will show you how to install a full featured email server on your Raspberry Pi. This tutorial covers Postfix, the Mail Transfer Agent.

The parts are:

The Introduction & Contents Page (read first)

Raspberry Pi Email Server Part 1: Postfix

Raspberry Pi Email Server Part 2: Dovecot

Raspberry Pi Email Server Part 3: Squirrelmail

Raspberry Pi Email Server Part 4: Spam Detection with Spamassassin

Raspberry Pi Email Server Part 5: Spam Sorting with LMTP & Sieve

Installing Postfix

Note: While you are setting up the mail server on the Pi, it’s a good idea to turn off port forwarding rules for email to the Pi in your router’s firewall. If you don’t have any port forwarding rules now, that’s great, don’t worry – I’ll prompt you to set them up later. First, log into your Pi with a SSH session and install postfix:

sudo apt-get update
sudo apt-get install postfix

You will see a menu with some choices. Select “Internet Site” and then set the mail name to your domain name, not including www. (e.g. samhobbs.co.uk). The setup script will then do some automatic configuration for you. The output will look something like this:

Selecting previously unselected package postfix.                                              
(Reading database ... 67653 files and directories currently installed.)                       
Unpacking postfix (from .../postfix_2.9.6-2_armhf.deb) ...                                    
Processing triggers for man-db ...
Setting up postfix (2.9.6-2) ...
Adding group `postfix' (GID XXX) ...
Done.
Adding system user `postfix' (UID XXX) ...
Adding new user `postfix' (UID XXX) with group `postfix' ...
Not creating home directory `/var/spool/postfix'.
Creating /etc/postfix/dynamicmaps.cf
Adding tcp map entry to /etc/postfix/dynamicmaps.cf
Adding sqlite map entry to /etc/postfix/dynamicmaps.cf
Adding group `postdrop' (GID XXX) ...
Done.
setting myhostname: samhobbs
setting alias maps
setting alias database
changing /etc/mailname to samhobbs.co.uk
setting myorigin
setting destinations: samhobbs.co.uk, samhobbs, localhost.localdomain, localhost
setting relayhost: 
setting mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
setting mailbox_size_limit: 0
setting recipient_delimiter: +
setting inet_interfaces: all
/etc/aliases does not exist, creating it.
WARNING: /etc/aliases exists, but does not have a root alias.

You can edit all of this later. You may also get some warnings like this:

postmulti: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol

IPv6 is a new type of IP address that was introduced because we’re running out of the “old” IPv4 addresses. Not many ISPs support IPv6 yet, so you probably don’t need it. Unless you fix the warning, you’ll see it every time. Change directory into the postfix configuration folder:

cd /etc/postfix/

Edit /etc/postfix/main.cf with your favourite command line text editor (e.g. sudo nano main.cf) and add inet_protocols = ipv4 to the end of the file. Now is also a good time to check that your hostname is specified properly in /etc/postfix/main.cf. The setup script takes the hostname of the server and uses that, but it may not be in the right format, i.e. “samhobbs” instead of “samhobbs.co.uk”. Find the line that begins myhostname = and make sure it is your fully qualified domain name. This is important because your server will use this to talk to other mail servers, and some will reject your emails if you don’t use a fully qualified domain name to say hi! This is covered in more detail in the helo access restrictions later. Restart postfix and you shouldn’t see the warnings any more:

sudo service postfix restart

Testing and Configuration

Before you start, it’s probably worth backing up the configuration files in their current state. This way, you’ll have something to compare to if you’re ever trying to work out which bits were defaults and which bits you changed yourself:

cd /etc/postfix
sudo cp main.cf main.cf.BAK
sudo cp master.cf master.cf.BAK

Mailbox Setup

There are a couple of different types of mailbox you can use, I’ve chosen to use a “Maildir” rather than “mbox” configuration. For users with “real” UNIX accounts on the system (like the one you’re using to log in), Maildir creates a folder in the user’s home directory and places emails inside it, one file for each email. I prefer this to the alternatives, because it’s easier to see and understand: you can rummage around in your home folder and see all your emails as individual files. To tell Postfix to use the Maildir format, add the following lines to /etc/postfix/main.cf:

home_mailbox = Maildir/
mailbox_command =

If there's already a line with mailbox_command, comment it out by adding a # at the start of the line. We also need to create the mail directory and its subfolders for existing users, and add some things to /etc/skel (the template for new users) so that if you create a new account this will be done automatically. These commands are part of Dovecot, so first we need to install it:

sudo apt-get update
sudo apt-get install dovecot-common dovecot-imapd

You will get a lot of output: some other dovecot packages will automatically be installed and the config files will be created. You will also see some errors – don’t worry about those for now, I’ll explain how to deal with them in part 2, later. Now we can create those mail folders. Run the following commands to create the template files:

sudo maildirmake.dovecot /etc/skel/Maildir
sudo maildirmake.dovecot /etc/skel/Maildir/.Drafts
sudo maildirmake.dovecot /etc/skel/Maildir/.Sent
sudo maildirmake.dovecot /etc/skel/Maildir/.Spam
sudo maildirmake.dovecot /etc/skel/Maildir/.Trash
sudo maildirmake.dovecot /etc/skel/Maildir/.Templates

Next, copy the files over to existing users’ home directories, and change the ownership and permissions for privacy (replace USER with the username you are doing this for, and repeat for all existing usernames):

sudo cp -r /etc/skel/Maildir /home/USER/
sudo chown -R USER:USER /home/USER/Maildir
sudo chmod -R 700 /home/USER/Maildir

Initial Testing

Now, the best way to test Postfix during configuration is to use Telnet, because it is such a simple way of communicating between programs and there’s less to go wrong and get confused about. First, install telnet:

sudo apt-get install telnet

Now, still inside the SSH session to your pi, type this command. It will connect you to port 25 on the Pi:

telnet localhost 25

You can now test sending an email using SMTP. Here are the steps:

  1. send an ehlo command to tell the server who you are, and it will tell you its capabilities
  2. use the mail from command to say who the email is from. If you are sending it from an address that exists on the server, you needn’t include the domain name (i.e. user instead of user@yourdomain.com)
  3. use the rcpt to command to tell the server where to send the email
  4. Use the data command to tell the server that you’re about to start giving it the message you want to send
  5. Type Subject: YOUR SUBJECT then enter to set a subject
  6. Type the body of your email. Once you’re done, press ENTER, then ., then ENTER again.
  7. Type quit to exit

Here’s an example:

telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 samhobbs.co.uk ESMTP Postfix (Debian/GNU)
ehlo foobar
250-samhobbs.co.uk
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: me        
250 2.1.0 Ok
rcpt to: me@outsideemail.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Subject: test
This is a test email
.
250 2.0.0 Ok: queued as A639C3EE6D
quit 
221 2.0.0 Bye

Some Access Restrictions

Add the following to /etc/postfix/main.cf to restrict who can send emails to external mail servers:

smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination

Reload postfix:

sudo service postfix reload
  • Line 1 begins the list of restrictions.
  • Line 2 permits users who have authenticated with Simple Authentication and Security Layer (SASL) to send email to any destination (this is part of the Dovecot config in Part 2, later).
  • Line 3 will let users send emails to any destination if they have connected from an IP address defined in mynetworks.
  • Line 4 will reject the email if none of the above conditions have been met unless the “rcpt to” address is one of the addresses that your server is accepting email to (as defined in main.cf with the mydestination parameter).

In its present state, the email server will allow you to send external emails because the connection is originating from the Pi itself (you are logged in via SSH) and not an unknown computer. Addresses of “trusted” computers are listed under the mynetworks setting in main.cf, e.g.

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

Try sending an external email again, using telnet as before. You should be able to do so without any issues. Now we want to see what kind of response someone would get if they were connecting from outside of the IP range defined in mynetworks, to make sure Pi won’t allow everyone to send outgoing emails from your server. To simulate this we can comment out permit_mynetworks under smtpd_recipient_restrictions:

smtpd_recipient_restrictions =
        permit_sasl_authenticated,
#       permit_mynetworks,
        reject_unauth_destination

Now reload the postfix configuration:

sudo service postfix reload

This will let you see what kind of response you would get if you weren’t sending the email from mynetworks. Try sending again, and you should receive an error “554: Relay access denied“:

admin@samhobbs /etc/postfix $ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 samhobbs.co.uk ESMTP Postfix (Debian/GNU)
ehlo samhobbs.co.uk
250-samhobbs
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: USER
250 2.1.0 Ok
rcpt to: me@externalemail.com
554 5.7.1 <me@externalemail.com>: Relay access denied
quit
221 2.0.0 Bye
Connection closed by foreign host.

Perfect. Leave permit_mynetworks commented out in your smtpd_recipient_restrictions (you'll see why in part 2).

Helo access restrictions

Helo access restrictions can be a very useful way of blocking spam. Note that we’re not talking about unauthorised people being able to send email outside your network any more (that’s taken care of with the smtpd_recipient_restrictions); we’re now talking about stopping spammers from sending incoming mail to your email address. Spammers try to conceal their identity so that they don’t end up on block lists, so they rarely use helo hostnames that could identify them – these hostnames are written to the mail log files. As a result, they often make up a random string or use an IP address instead of a domain name. Luckily, these are easily taken care of. Add the following to /etc/postfix/main.cf:

smtpd_helo_required = yes
smtpd_helo_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_invalid_helo_hostname,
        reject_non_fqdn_helo_hostname,
        reject_unknown_helo_hostname
  • Line 1 requires people and programs to identify themselves when they send email, using the helo or ehlo commands I mentioned earlier.
  • Line 2 starts the list of restrictions.
  • Line 3 accepts any old rubbish in the ehlo if it comes from an IP address defined in mynetworks. If the connection isn’t connecting from an IP address in mynetworks, then the helo hostname is checked against the rest of the list.
  • Line 4 accepts any helo hostname if the client is authenticated with SASL (I added this to the tutorial recently after troubleshooting problems some people had in the comments – it allows you to connect from any network and still send messages through your Pi. Mobiles will usually work without this because most providers pass mail through their own proxies, so your Pi receives a connection from the proxy – which has a valid hostname – and not from the mobile, which may be called something like “android-b627cfe2efea7e67″).
  • Line 5 rejects connection attempts when the HELO hostname syntax is invalid.
  • Line 6 rejects non-fully qualified domain names (for example, foobar instead of foobar.com). This will also block those random strings, e.g. “kjhrsbvks”.
  • Line 7 rejects the helo hostname if it that domain doesn’t have a valid DNS A or MX record. For example, someone spamming you could make up a domain like theflyingspaghettimonster.com. If that domain doesn’t actually exist and have the right records, then your server won’t accept it as a hostname, and the email will be rejected.

If the helo hostname gets past line 7 and hasn’t been denied, it is accepted. You’d be surprised how much spam these helo access restrictions will block on their own (looking through my log files, I can see numerous spam scripts that have attempted to ehlo with my IP address), but there’s an extra step we can add in here to help:

Blocking people claiming to be your domain name

Many spammers try to send email to you after helo’ing with your own domain name. Since postfix doesn’t check whether or not they’re lying about their helo hostname, this will usually work. But, since we’ve put permit_mynetworks at the top of the list, anyone actually sending an email from your domain will be accepted already. Anyone using your hostname who isn’t in mynetworks is an imposter. So, add one more line to the end of the restrictions list:

smtpd_helo_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_invalid_helo_hostname,
        reject_non_fqdn_helo_hostname,
        reject_unknown_helo_hostname,
        check_helo_access hash:/etc/postfix/helo_access

That last line checks a file for custom rules you’ve built in. Create the file:

sudo nano /etc/postfix/helo_access

Add the following lines, edited for your domain:

samhobbs.co.uk          REJECT          Get lost - you're lying about who you are
mail.samhobbs.co.uk      REJECT          Get lost - you're lying about who you are

Now tell postfix to map the file, and restart postfix:

sudo postmap /etc/postfix/helo_access
sudo service postfix restart

Now anyone who tries to ehlo with one of the hostnames you defined in that file gets rejected, and sees the “get lost” message. Your legitimate servers won’t have that problem, because they will already have been accepted higher up the list. Neat, right? I found that little nugget of wisdom at unixwiz.net.

Moving on…

We’re almost done with Postfix now, athough there are a few bits of configuration that we’ll want to do once we’ve set up SASL with Dovecot, which I’ve chosen to lump in with the Dovecot tutorial. In Raspberry Pi Email Server Part 2: Dovecot, we’ll set up Dovecot to provide SASL authentication and IMAP capability. Please leave a comment if you’re having trouble with anything in this tutorial, and I’ll try and help you out!

Comments

Thanks for this tutorial. I am busy working through it and having a problem at the telnet stage. When I send an email, should I receive the test email at the rcpt to: address?
I am not receiving anything so not sure if my set up so far is working or not. Here is a screen dump that I get.

pi@raspberrypi ~ $ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 labvolution.com ESMTP Postfix (Debian/GNU)
ehlo labvolution.com
250-labvolution.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: greg.payne@labvolution.com
250 2.1.0 Ok
rcpt to: gp.greg@gmail.com
250 2.1.5 Ok
data
354 End data with .
Subject: test email
this is a test email
.
250 2.0.0 Ok: queued as 6DA88109B
quit
221 2.0.0 Bye
Connection closed by foreign host.

Thanks again,
Greg

Hi Greg, Thanks for commenting. Have you checked your logs? Try this:
cat /var/log/mail.log | less
...and use b and space (back a page and forward a page) to look through pages of the log files. To go to the last (most recent) page you can press shift and G. If you want the view to auto update you can use this command:
less +f /var/log/mail.log
which may be useful to try while you send an email from a different SSH session so you can watch things happen in real time. You may also want to look at /var/log/mail.err for errors. If you don't find anything, it might be that your Pi is set up properly but your ISP is blocking outgoing email on port 25 to stop spam. Most ISPs provide a SMTP relay for their customers, it may be that you just need to tell Postfix to relay all outgoing email through it. If you can tell me your ISP I can help you with this. Hope that helps! Sam

Sam,

First I want to say thank you very much for the tutorials on setting up a mail server!

So I think I'm having the issue with my ISP blocking port 25. The log shows the attempt but times out:

Aug 18 18:14:26 maggie dovecot: master: Dovecot v2.1.7 starting up (core dumps disabled)
Aug 18 18:14:33 maggie postfix/master[2826]: daemon started -- version 2.9.6, configuration /etc/postfix
Aug 18 18:23:08 maggie dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=2877, secured, session=
Aug 18 18:23:08 maggie dovecot: imap(pi): Disconnected: Logged out in=44 out=721
Aug 18 18:23:09 maggie dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=2880, secured, session=
Aug 18 18:23:09 maggie dovecot: imap(pi): Disconnected: Logged out in=261 out=1766
Aug 18 18:23:10 maggie dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=2884, secured, session=
Aug 18 18:23:10 maggie dovecot: imap(pi): Disconnected: Logged out in=292 out=1926
Aug 18 18:23:52 maggie postfix/smtpd[2887]: connect from localhost[127.0.0.1]
Aug 18 18:23:52 maggie postfix/smtpd[2887]: 3FD5140AB4: client=localhost[127.0.0.1]
Aug 18 18:23:52 maggie postfix/cleanup[2891]: 3FD5140AB4: message-id=
Aug 18 18:23:52 maggie postfix/qmgr[2838]: 3FD5140AB4: from=, size=787, nrcpt=1 (queue active)
Aug 18 18:23:52 maggie postfix/smtpd[2887]: disconnect from localhost[127.0.0.1]
Aug 18 18:23:52 maggie dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=2894, secured, session=
Aug 18 18:23:52 maggie dovecot: imap(pi): Disconnected: Logged out in=650 out=471
Aug 18 18:23:53 maggie dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=2896, secured, session=
Aug 18 18:23:53 maggie dovecot: imap(pi): Disconnected: Logged out in=292 out=1926
Aug 18 18:24:22 maggie postfix/smtp[2892]: connect to mta6.am0.yahoodns.net[98.138.112.33]:25: Connection timed out
Aug 18 18:24:52 maggie postfix/smtp[2892]: connect to mta7.am0.yahoodns.net[98.138.112.34]:25: Connection timed out

I've enabled TLS on port 465 as you showed in the tutorial but I'm stuck at this point. My ISP does have an SMTP relay (gmail) and I've tried that with the same result. Any help would be much appreciated!

Thanks,
-Keith

I see you used a Gmail address for the 'rcpt to: address' step.
I just followed this tutorial and the test email went to my Gmail spam directory.

If you received it then it worked. I put quite a lot of information about getting mail past gmail's spam filters in the DNS sections, and I've answered questions about it many times. You're just testing whether you can send mail at all, and if your restriction lists are working properly. Sam

Thank you very much for this tutorial it works great! I installed on a Debian 7 x86 system rather then raspberry pi and it all works smoothly. However if you could make a tutorial to setup virtual users (so that you don't need to create system user accounts for each mail addresses), that would be great!

You're welcome! FYI it works on Ubuntu too, the only difference is you need to comment out the smtpd_relay_restrictions parameter, which is in newer versions of Postfix. Alternatively you could of course use the relay restrictions, but that would make all the testing stages different. I decided not to go for virtualisation this time because I'm the only person using my server and the tutorial was written for a raspberry pi, which is quite a low powered piece of hardware so I didn't imagine people would be configuring it for use by more than about ten users. I do agree that it would be interesting to learn though, it's definitely something I will come back to in the future. Apparently iRedMail is an easy automated way to set these things up, but admittedly that takes the fun out of it! Sam

Hi Sam,

I proved that immediately after a reboot, the first email sent from "outside" to my mail server generated the NOQUEUE error. nslookup works OK so it is not a DNS problem. A google search on "Postfix NOQUEUE problems" found one solution pointed to smtp_relay_restrictions as a possible culprit. So I visited your Postfix tutorial to check on any advice you might have made and sure enough found this comment. So: comment this line in main.cf; reboot; immediately send an "outside" email; email received at once. Watching mail.log all the time. I am happier that the mail server can now recover from a reboot while I am absent.

Would it be worthwhile putting your comment in the main body of the tutorial?

John

Hi John, I appreciate that you've put some work into investigating this and it must be frustrating, but no, I don't think so. This (two year old!) comment is a bit misleading - commenting smtpd_relay_restrictions (not smtp_ as we had both previously mistyped) doesn't remove it altogether, it just gives you the default value, i.e. smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination. Assuming that's what is in the config file, commenting it won't make any difference whatsoever (if a parameter is absent from the config file you get the default setting). It would only make a difference if the config file contains something other than the default value above. Even then it wouldn't affect most email, only mail sent through your server that is not addressed to a domain in mydestination (i.e. relaying!). The smtpd_relay_restrictions list only applies to mail sent to domains not in mydestination, so it doesn't make any sense for it to be the reason your server bounces email from other people that is addressed to you/your server, since that isn't relaying! I still think it's an intermittent (because it seems to work sometimes) DNS resolution problem - if the error was in postfix I think you'd see an error printed in the logs, whereas if it's an error elsewhere in the system (external dns resolver), it's possible you could see postfix treat "no response from DNS query" as "host does not exist". Maybe the reason your Pi is pinging your router so much is that the wireless connection is a bit flaky... could be worth connecting it with ethernet for a week to see if you see any improvement? I've seen problems before where the pi doesn't have enough juice to run external wifi dongles etc. when it's under load. Sam

Hi Sam,

I found "Postfix Debugging Howto" provided some useful information. In particular, this comment "when things do not work according to expectation" :

"A common mistake is to turn on chroot operation in the master.cf file without going through all the necessary steps to set up a chroot environment."

I have postfix v2.11.3 and chroot is "on" in master.cf in various places and "off" in others. I notice that in v2.11.7 source code for master.cf, chroot is "off" everywhere. In 2.11.7 there are scripts in examples/conf on how postfix should be configured for "chroot on". I won't touch these...

I set "chroot n" for the leading smtp entry in master.cf and this appears to solve my problems. I withdraw my comment about a bug in postfix but the standard master.cf configuration for 2.11.3 probably did not help at launch time.

Hopefully, I won't need to bother you with this problem. Thanks for your patience...

John

Hi Sam,

Really enjoyed the tutorial, many thanks for the work and effort you have put into this.

I would like to follow you up on your offer of getting an SMTP relay set up. My ISP is Tiscali/TalkTalk and even though they don't appear to block port 25, the 79.69.0.0/16 range of (presumably) dynamic IP's are blacklisted by Spamhaus ZEN, which means talking to many mail servers is troublesome.

Any assistance you could offer would be greatly appreciated :-)

Thanks

Ian

Hi Ian, It's actually quite a simple change. All you should need to do is edit /etc/postfix/main.conf and include your ISP's SMTP server as a relayhost. You can find the SMTP server name by ISP in this list. Generally, you add it like this:
relayhost = smtp.yourisp.com
or if your ISP requires you to use a specific port, use:
relayhost = [smtp.yourisp.com]:PORT
That list seems to suggest that you should use relayhost = smtp.TalkTalk.net or relayhost = smtp.tiscali.co.uk, so try adding one of those, then do:
sudo service postfix reload
...and then try sending email out. You shouldn't need to authenticate to send email because you are "in your ISP's LAN". That's probably not the right terminology but hopefully you know what I mean. BTW, if you check an email's headers you can see where it has been - each Mail Transfer Agent (MTA) adds a line like Received: from foo.com by intermediate.com for you@yourdomain.com.

David Lawson

Mon, 11/17/2014 - 04:18

In reply to by Sam Hobbs

Hi Sam,

Thank you very much indeed for this resource. Really a great benefit to all who read.
I am trying to set up an internal mail relay for some devices I have (scanners, UPSes, etc that can't authenticate), I have tried a few times, reading this and other web resources. I just can't quite get it going. Ultimately it appears all port 25 is blocked outbound.
I can forward to gmail but it need to be authenticated. Since I do not require mail hosting - do I need to install dovecot? can I do authenticated relay on a non-25 port with postfix only?

Cheers,
--d

If all you want to do is send outgoing email to gmail, than you just need postfix. I think it's possible to do authenticated relay on a non-25 port with Postfix only, but I'm not certain because I haven't tried it myself. If you own the WAN-side server then the ultimate fallback is to just specify a different port (for the receiving server) that isn't blocked and configure the LAN server to send using that too, but I'm not sure about gmail. Hopefully that isn't necessary, I'll have to have a read and get back to you. Do you own a different server outside your LAN, or do you use freemail like gmail for your personal email? Thanks for the interesting question! Sam

Thanks Sam, I have been looking for the reply but didn't see the email... many apologies.
Really I can do all the above - I do own an outside server at a service provider, could do to install a postfix relay there on a different port and do two hop relay. This was all working fine, until my ISP blocked port 25 - so I'd need postfix to listen on a second port now.
I have both personal and non-personal Google accounts (app/email) I can use. It just seemed easier to get to a public relay sooner.

I got the postfix on PI to send to Gmail, but it complains of needing a TLSstart command. I also believe dovcot does not support SSL/TLS/Auth as a client. (postfix -A) so it looks like I might have to go down the Cyrus route.

I'll let you know what I come up with and if you can think of any ideas, please let me know.
Cheers,
--david

I find it curious that your ISP suddenly blocked port 25, how many emails were you sending? Basically I think you will need modify the configuration for your outside mail server by adding another line to /etc/postfix/master.cf like this:
12345 inet n - n - - smtpd2
Where 12345 is whichever port you want to use and smtpd2 is your name for the service (will be used in logs etc.). You'll then have to test port 12345 to make sure it isn't relaying unauthenticated mail etc. Then modify your LAN postfix instance and change your smtpd to 12345 in master.cf (this will be used for outgoing email) and then add an smtpd2 line like above but with port 25 so that you can still receive email from the scanners on your LAN (changing the port for smtpd to 12345 would affect where postfix listens for incoming connections as well as the port it uses for outgoing email). Hope that makes some sense! Sam

Very late to the discussion but I just stumbled onto your site, Sam (thanks for all the tutorials). I worked though the process after determining that my ISP (Verizon FIOS) blocks port 25 and only allows SMTPS on port 465. It requires installing stunnel4, setting it up, and then configuring postfix to relay through a stunnel'ed connection. I pulled bits and pieces from various tutorials and, after much gnashing and hair-pulling :-), got it to work. If you're interested (maybe as an addendum to your excellent mail server tutorials), I can provide you with the steps required (email me). Thanks again.

Luis Montero

Thu, 05/28/2015 - 19:34

In reply to by Sam Hobbs

Hi, Sam. Just wanna ask you

As you may know, gmail allows SMTP relay, but one has to set-up it by using an active gmail email account, a password, and a port.

How do I include those additional parameters?

Great Guide and this nugget of info maybe should be added as a note to the OG post, had issues emailing gmail servers and then used my isp smtp and boom no more bounced in my mail.log :)

Sam

What a great tutorial, one of the few of any subject that I have managed to follow. I am a Linux noob (I hate that word!) and struggle to fully understand it as I am a simple soul. However I have almost got my Pi working as a mail server thanks to your tuition; I can send emails from my windows laptop with Thunderbird, but I have not been successful at receiving them as yet. I think I've fallen down at the sudo maildirmake.dovecot /etc/skel/Maildir... part. The main directory is there but I cannot 'see' inside it as only root has permission. Consequently the copy command to my home directory /home/jonty/ doesn't work and there are no Sent, Drafts etc directories there either. Can I just create the directories directly in my home/jonty/Maildir/ folder? If so should it be as user jonty or user Pi?

One more question: Could this be used as a 'catch all' mail server i.e. 'xxxx@MyDomain.com' where xxxx can be any name? If so, is it very complicated?

Very best regards

Jonathan

To see inside a folder with only root permissions, use sudo, for example:
sudo ls - al /etc/skel/Maildir
The -l option shows the long version with ownership info, file names etc. and the -a option also shows hidden files and folders (ones starting with a period, e.g. .cur). Basically all of your mail folders in ~/Maildir are hidden. If you are still having problems you can create those directories without sudo (see below), but the skeleton files are important so that if you create a new user their home folder will automatically contain a maildir.
maildirmake.dovecot ~/Maildir
maildirmake.dovecot ~/Maildir/.Drafts
maildirmake.dovecot ~/Maildir/.Sent
maildirmake.dovecot ~/Maildir/.Spam
maildirmake.dovecot ~/Maildir/.Trash
maildirmake.dovecot ~/Maildir/.Templates
As for the catch-all, I'll have to look into it and get back to you, I imagine you can do it with aliases. Sam

Sam

Many thanks for your reply, and I found out about hidden folders and files and they are there, but any messages that I have sent have been delayed.

This is an automatically generated Delivery Status Notification

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipient has been delayed:

jonty@xxxxxx.com

Message will be retried for 2 more day(s)

Technical details of temporary failure:
The recipient server did not accept our requests to connect. Learn more at http://support.google.com/mail/bin/answer.py?answer=7720
[(1) xxxx.no-ip.biz. [87.xxx.xxx.47]:25: Connection timed out]

Now Google's help is:
The other domain doesn't have up-to-date MX records or is otherwise misconfigured.
The other domain is blacklisting or graylisting messages from Gmail.
The other domain is experiencing temporary networking problems.

Now I am fairly sure that I have put the MX records in correctly, and I have opened the ports on my router to point to the static IP of the Pi. I can ping the no-ip address...

I don't want to take up too much of your time, but any suggestions?

Jonathan

Jonathan, I notice you have redacted your domain name. If you don't want to publish it in a comment, would you mind emailing me it so I can try a few things? Also include your WAN IP address please, I'd like to see what happens if I look up the MX record (to check that the IP addresses match) and try to connect to your IP address directly to send you an email. If I can connect to your server directly, then your problem must be with the MX record...and if I can't connect, then your ISP must be blocking port 25 or some other funny business. You can also try this: http://canyouseeme.org/ to see if your ISP is blocking port 25. Sam

Sam

Thanks for your help, I now have it working. My main error was not with my Draytek router and my thinking that port redirection is the same as open ports. Opening 25, 465 & 993 solved it. The website http://canyouseeme.org/ was very useful here. I also needed to add a relayhost entry in main.cf

Best regards

Jonathan

Hi Sam, and many Thanks for your great Tutorials, reading all the comments on here they all sound very high tech, and I am afraid I am very low tech but trying to learn, so my first newb question is where is my "Postfix" program/Folder as I want to have another go at getting it setup as previously I only got as far as changing my url which went fine but it was the instructions after that that I just could not see how to complete ?? if I remember correctly I needed another program to make the changes like a text editor and I could not see how to access one of these, so if you understand what I am asking then any help much appreciated, Regards Eddie

Hi Eddie, The config files are all in /etc/postfix. You might want to start with:
sudo dpkg-reconfigure postfix
...which will bring up that initial configuration wizard for Postfix. In my opinion the easiest text editor to use is nano. Install it like this:
sudo apt-get install nano
and you can edit files by typing: nano /path/to/filename. If the file is owned by root then you will need superuser / root privileges to edit them, so use sudo nano /path/to/filename. When you're inside nano you can move around with the arrow keys on your keyboard, type your changes and then press CTRL X to exit, you'll be asked if you want to save changes (Y or N) so type Y and press enter. Hope that helps! Sam

Hi Sam thanks again, I got my Postfix back and carried on, but did not look the same as my first attempt, so I got to the end and closed it down, it did not at any time ask for "Text Editor" ??? so now I still can not relocate it as I assumed there would be a Desktop Icon to click on a bit like Thunderbird, so again any help much appreciated, or should I just uninstall and start all over again, again Thanks, Regards Eddie

Add new comment

The content of this field is kept private and will not be shown publicly.

Filtered HTML

  • Web page addresses and email addresses turn into links automatically.
  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.