Hi. I've been trying to properly install and run postfix with no success.
I've read many recipes and instructions and made many attempts and
something always fails.
What I've accomplished so far:
- postfix is running
- I can send test mail from the command line (mailx) to an email account
elsewhere and the headers confirm it was sent by postfix
- telnet mydomain.net 25 replies and is ready for action
What I still need:
- SSL and/or TLS. Postfix does not bind to port 587 or 465 at all.
After all the attempts, I made what I consider to be my own best recipe,
the one that seems to get the closest to a working installation:
---------------- 8< ----------------
apt-get install -y certbot python3-certbot-apache
apt-get install -y libsasl2-2 libsasl2-modules sasl2-bin
apt-get install -y postfix
cp /home/me/postfixstuff/mydomain.net.conf /etc/apache2/sites-available/
a2ensite mydomain.net.conf
a2dissite 000-default
systemctl reload apache2
certbot certonly -a apache --agree-tos --no-eff-email --staple-ocsp --email
postmas...@mydomain.net -d mydomain.net
systemctl reload apache2
cp /home/me/postfixstuff/main.cf /etc/postfix/
systemctl restart postfix
tail -n 20 /var/log/mail.log
---------------- >8 ----------------
Here are the contents of my main.cf file:
---------------- 8< ----------------
myhostname = server.mydomain.net
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 2
# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/mydomain.net/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mydomain.net/privkey.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level=may
smtpd_tls_loglevel = 1
#Enable TLS Encryption when Postfix sends outgoing emails
smtp_tls_security_level = may
smtp_tls_loglevel = 1
#Enforce TLSv1.3 or TLSv1.2
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, mydomain.net, server.mydomain.net,
localhost.mydomain.net, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
---------------- >8 ----------------
What else do I need to do?
Somebody help? Please?!
