Re: Can't finish installation, need help

Tue, 21 Jun 2022 14:32:40 -0700 

On 2022-06-21 at 16:17:23 UTC-0400 (Tue, 21 Jun 2022 17:17:23 -0300)
Luc GMail <lucm...@gmail.com>
is rumored to have said:
Hi. I've been trying to properly install and run postfix with no success. 
I've read many recipes and instructions and made many attempts and
something always fails.
FWIW: The best Postfix documentation is the official documentation that it comes with as "README" files and man pages. It should be installed with Postfix, but you can also get to it (with nicer names) at http://www.postfix.org/documentation.html The "Basic configuration" readme is probably the best place for you to start. 



What I've accomplished so far:
- postfix is running
- I can send test mail from the command line (mailx) to an email account 
elsewhere and the headers confirm it was sent by postfix
- telnet mydomain.net 25 replies and is ready for action

What I still need:
- SSL and/or TLS. Postfix does not bind to port 587 or 465 at all.
Postfix services (including the listeners) are defined in the master.cf file. Running "man 5 master" will show you the syntax for entries. Your master.cf may already have services defined for submission(587) and smtps(465) commented out, and you just need to uncomment them and restart Postfix. By convention, entries with command-line options are broken over multiple lines with continuation lines being started by whitespace. Your master.cf should include entries that look generally like this: 


smtp       inet  n       -       n       -       1       postscreen
smtpd      pass  -       -       n       -       -       smtpd
dnsblog    unix  -       -       n       -       0       dnsblog
tlsproxy   unix  -       -       n       -       0       tlsproxy
submission inet  n       -       n       -       -       smtpd
    -o syslog_name=postfix/submit
    -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
    -o milter_macro_daemon_name=ORIGINATING
smtps      inet  n       -       n       -       -       smtpd
    -o syslog_name=postfix/smtps
    -o smtpd_tls_wrappermode=yes
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
    -o milter_macro_daemon_name=ORIGINATING-TLS
[...]
Note that the services on the submission and smtps ports have multiple "-o" arguments which override the settings in main.cf for that service.
After all the attempts, I made what I consider to be my own best recipe, 
the one that seems to get the closest to a working installation:

---------------- 8< ----------------
apt-get install -y certbot python3-certbot-apache
apt-get install -y libsasl2-2 libsasl2-modules sasl2-bin
apt-get install -y postfix
cp /home/me/postfixstuff/mydomain.net.conf /etc/apache2/sites-available/ 
a2ensite mydomain.net.conf
a2dissite 000-default
systemctl reload apache2
certbot certonly -a apache --agree-tos --no-eff-email --staple-ocsp --email 
postmas...@mydomain.net -d mydomain.net

systemctl reload apache2

cp /home/me/postfixstuff/main.cf /etc/postfix/

systemctl restart postfix
tail -n 20 /var/log/mail.log
---------------- >8 ----------------



Here are the contents of my main.cf file:



---------------- 8< ----------------
myhostname = server.mydomain.net
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

append_dot_mydomain = no

readme_directory = no

compatibility_level = 2

# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/mydomain.net/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mydomain.net/privkey.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache 
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level=may
smtpd_tls_loglevel = 1

#Enable TLS Encryption when Postfix sends outgoing emails
smtp_tls_security_level = may
smtp_tls_loglevel = 1

#Enforce TLSv1.3 or TLSv1.2
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, mydomain.net, server.mydomain.net,
localhost.mydomain.net, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
---------------- >8 ----------------

What else do I need to do?

Somebody help? Please?!



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

Reply via email to