I ntroduction Postfix is ​​a (MTA), an application used to send and receive emails. It can be configured so that it can only be used to send emails through a local application. This is useful in situations where you need to send email notifications from your applications on a regular basis, or simply if you have a lot of outbound traffic that a third-party email service provider does not allow. It is also a lighter alternative to running a full SMTP server that maintains the necessary functionality. mail transfer agent In this tutorial, you will install and configure Postfix as a send-only . It will also request free TLS certificates from Let's Encrypt for your domain and encrypt outgoing emails with them. free SMTP server Previous requirements A Ubuntu 18.04 server configured according to the , with a non-root user. Initial Server Configuration for Ubuntu 18.04 A fully registered domain name. For this tutorial, it will be used your_domain at all times. You can purchase a domain name, get a free one from or use a domain registrar of your choice. Freenom, A DNS record with your_domainoriented to the public IP address of your server. You can use to DigitalOcean DNS to learn more about adding them. this introduction Note: Your server's hostname and your Droplet's name must match your_domain, as DigitalOcean automatically sets PTR records for the Droplet's IP address based on its name. You can verify the hostname of the server by typing hostname at the command prompt. The result should match the name you gave the Droplet when creating it. Step 1: Install Postfix In this step, you will install Postfix. The quickest thing to do is install the package mailutils, which bundles Postfix with some add-on programs that you will use to test email delivery. First, update the package database: $ sudo apt update Next, install Postfix by running the following command: $ sudo apt install mailutils Near the end of the installation process, you will be presented with the Postfix configuration window: The default option is . This is the recommended option for your use case, so press and then . If you only see the description text, press to select and then press . Internet Site TAB ENTER TAB OK ENTER If it doesn't show up automatically, run the following command to start it: $ sudo dpkg-reconfigure postfix Then you will receive another configuration message regarding : System mail name The must be the same as the one you assigned to your server when creating it. When done, press and then . system email name TAB ENTER Now, you have Postfix installed and you are ready to start configuring it. Step 2: Configure Postfix In this step, you will configure Postfix to send and receive email only from the server it is running on; that is, from . localhost For that to happen, Postfix must be configured to listen only on the , which is the virtual network interface that the server uses to communicate internally. To make the necessary changes, you will need to edit the main Postfix configuration file, named , found at . loopback interface main.cf etc/postfix Open it to modify it with your favorite text editor: $ sudo nano /etc/postfix/main.cf Look for the following lines: /etc/postfix/main.cf . . .
mailbox_size_limit = recipient_delimiter = +
inet_interfaces = all
. . . 0 Set the value of to : inet_interfaces loopback-only /etc/postfix/main.cf . . .
mailbox_size_limit = recipient_delimiter = +
inet_interfaces = loopback-only
. . . 0 Another directive that you will need to modify is , which is used to specify the list of domains that are delivered through the mail delivery transport . By default, the values ​​are similar to the following: mydestination local_transport /etc/postfix/main.cf . . .
mydestination = $myhostname, your_domain, localhost.com, , localhost
. . . Change the line to look like the following: /etc/postfix/main.cf . . .
mydestination = localhost.$mydomain, localhost, $myhostname
. . . If your domain is actually a subdomain and you want your emails to look like they were sent from the main domain, you can add the following line to the end of : main.cf /etc/postfix/main.cf ...
masquerade_domains = your_main_domain The optional setting specifies for which domains the subdomain part of the email address will be removed. masquerade_domains When done, save and close the file. Then restart Postfix by running the following command: $ sudo systemctl restart postfix You configured Postfix to only send emails from your server. Now, you will test it by sending a sample message to an email address. Step 3: Test the SMTP server In this step, you will test whether Postfix can send emails to an external email account using the command , which is part of the package you installed in the first step. mail mailutils To send a test email, run the following command: $ echo | mail -s your_email_address "This is the body of the email" "This is the subject line" You can change the body and subject of the email as you like. Remember to substitute a valid email address that you can access. your_email_address Now, check the mail at the email address you sent this message to. You should see the message in your inbox. If you don't see it, check your spam folder. At this point, the emails you send are not encrypted, leading service providers to think they are likely spam. You will configure encryption later, in step 5. If you receive an error from the command , or if you did not receive a message after a long period of time, check that the Postfix configuration you modified is valid and that your server name and host name are set to your domain name. mail Note that with this setting, the field address for test emails that you send will be in the format , where is the name of the server user under which you ran the command. From your_user_name@your_domainyour_user_name At this point, you sent an email from your server and verified that it was received correctly. In the next step, you will configure email forwarding for . root Step 4: Forward system emails In this step, you will configure email forwarding for the user so that system-generated messages sent to you on your server are forwarded to an external email address. root The file contains a list of alternate names of email recipients. Open it for editing: /etc/aliases $ sudo nano /etc/aliases In its default state, it looks like the following: / etc / aliases # See man 5 aliases for format postmaster:    root The only directive present specifies that system-generated emails be sent to . root Add the following line to the end of the file: / etc / aliases ...
root:          your_email_address With this line, you specify that emails sent to the user are forwarded to a specific email address. Remember to substitute for your personal email address. When done, save and close the file. root your_email_address For the change to take effect, run the following command: $ sudo newaliases Upon execution , it will create a database of aliases that the command uses , which are taken from the configuration file you just edited. newaliases mail Check that emails are sent to the user by running the following: root $ echo | mail -s root "This is the body of the email" "This is the subject line" You should receive the mail at your email address. If you don't see it, check your spam folder. In this step, you configured the forwarding of system-generated messages to your email address. Now, you will enable message encryption so that all emails sent by your server are protected against tampering in transit and considered more legitimate. Step 5: Enable SMTP Encryption Now, you will enable SMTP encryption by requesting a free TLS certificate from Let's Encrypt for your domain (with Certbot) and configure Postfix to use it when sending messages. Ubuntu includes Certbot in its default package repository, but it might be out of date. Instead, you will add the official repository by running the following command: $ sudo add-apt-repository ppa:certbot/certbot Press when prompted to accept. Next, update your server's package manager cache: ENTER $ sudo apt update Lastly, install the latest version of Certbot: $ sudo apt install certbot -y In the prerequisites, you installed the simple firewall ufwas part of the initial server setup. You will need to configure it to enable the HTTP port 80so that the domain verification can complete. Run the following command to enable it: $ sudo ufw allow 80 The result will look like the following: Output
Rule Added
Rule Added (v6) Now that the port is open, run Certbot to get a certificate: $ sudo certbot certonly --standalone --rsa-key-size --agree-tos --preferred-challenges http -d your_domain 4096 This command instructs Certbot to issue certificates with an RSA key size of 4096 bits, to run a temporary stand-alone web server ( ) for verification, and to check through port ( ). Remember to substitute for your domain before running the command and enter your email address when prompted to do so. --standalone 80 --preferred-challenges http your_domain The result will look something like this: Output
Saving debug log to / /log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a certificate
Performing the following challenges:
http challenge Waiting verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at: letsencrypt/live/your_domain/fullchain.pem
   Your key file has been saved at: letsencrypt/live/your_domain/privkey.pem
   Your cert will expire on To obtain a or tweaked
   version certificate the future, simply run certbot
   again. To non-interactively renew *all* your certificates, run - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let var new -01 for `your_domain` for /etc/ /etc/ 2020 -07 -11. new of this in of "certbot renew" 's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF: https://eff.org/donate-le
As stated in the notes, your certificate and private key file were saved in ./etc/letsencrypt/live/your_domain Now that you have your certificate open to edit it: main.cf $ sudo nano /etc/postfix/main.cf Look for the following section: /etc/postfix/main.cf # TLS parameterssmtpd_tls_cert_file= ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file= ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache /etc/ /etc/ Modify it to look like this, replacing your_domainwith your domain where needed, which will update your TLS settings for Postfix: /etc/postfix/main.cf # TLS parameters
smtpd_tls_cert_file= letsencrypt/live/your_domain/fullchain.pem
smtpd_tls_key_file= letsencrypt/live/your_domain/privkey.pem
smtp_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache /etc/ /etc/ When done, save and close the file. Apply the changes by restarting Postfix: $ sudo systemctl restart postfix Now try sending an email again: $ echo | mail -s your_email_address "This is the body of an encrypted email" "This is the subject line" Then check the mail from the email address you provided. You may see the message in your inbox right away, because email providers are much more likely to classify unencrypted messages as spam. You can check the technical information about the email message on your client to see that the message is indeed encrypted. Conclusion Now, you have a Postfix send-only email server. Encrypting all outgoing messages is a good first step so that email providers do not directly classify your messages as spam. If you are doing this in a development scenario, this measure should be sufficient. However, if you want to send emails to potential site users (for example, confirmation emails for sign-up to a message board), consider so that emails from your server are more likely to be considered legitimate. setting SPF records

Chain

Transit

How to Install and Configure Postfix as a Send-only SMTP Server in Ubuntu 18.04

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Artificial Intelligence, Machine Learning and Deep Learning Basics

104 Stories To Learn About Go

105 Stories To Learn About Functional Programming

100+ Free Pluralsight Courses to learn Python, Java, and Spring Boot

10 Websites to Learn JavaScript for Beginners

104 Stories To Learn About Programming Top Story

Artificial Intelligence, Machine Learning and Deep Learning Basics

104 Stories To Learn About Go

105 Stories To Learn About Functional Programming

100+ Free Pluralsight Courses to learn Python, Java, and Spring Boot

10 Websites to Learn JavaScript for Beginners

104 Stories To Learn About Programming Top Story

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps