On 22/08/23 15:42, Bruce Dubbs via Postfix-users wrote:
I have built postfix-3.8.1 from source and want to use it only on the local system. That is, I really only want it to receive messages from applications like sudo, cron, or some simple scripts using mailx and post it to the local user's mailbox.
You've already over-complicated it. For starters building from source, while admirable, is almost certainly not going to be required for the simple use-case you have. I would just install the postfix that your distro packages for you, it may be an older version but nothing you are doing requires the latest bleeding-edge version of postfix, or anything near to it.
My problem is that postfix keeps rejecting the messages. For instance: bdubbs@pippin120$ mail -s test root smtp-server: 530 5.7.0 Must issue a STARTTLS command first "/home/bdubbs/dead.letter" 11/293 . . . message not sent.
This means that mailx has been reconfigured from it's default to attempt to use either submission or smtp. If you want to keep it simple then you don't need to do this, just let mailx use the sendmail binary which in postfix uses the postdrop command and mail gets picked up by the pickup service, all of which are enabled and properly configured by default.
I have tried several options, but nothing seems to avoid this situation. I've changed the default master.cl to have: smtp inet n - n - - smtpd -o smtpd_tls_security_level=none -o smtp_tls_security_level=none -o smtpd_sasl_auth_enable=no
I would comment this section out entirely, you do not need nor should you be using port 25 smtp unless your postfix instance is going to receive mail from other servers on the internet.
127.0.0.1:submission inet n - n - - smtpd -o smtpd_tls_security_level=none -o smtp_tls_security_level=none -o smtpd_sasl_auth_enable=no
Disabling tls is not a great idea here, but is okay since you're limiting it to localhost. Do keep in mind that you do not need this at all if you go by my suggestion above to use the sendmail binary (which is properly configured by default).
and main.cf changes: # myhostname is not a valid internet name, but is in /etc/hosts myhostname = pippin120.gdc.com mydomain = gdc.com
These are fine, although not really required or relevant if you're only doing delivery to local mailboxes.
inet_interfaces = 127.0.0.1
This is fine, although it's redundant with the specified 127.0.0.1 for the submission service above. It also won't matter if you end up just using the sendmail binary as suggested. That said, you can set this to loopback_only or localhost for a bit more flexibility.
mydestination = $myhostname, localhost.$mydomain, localhost mynetworks = 192.168.0.0/24, 127.0.0.0/8
If you use the sendmail binary then you can set this to blank (mynetworks=)
# Try to avoid TLS smtpd_tls_security_level = none smtp_tls_security_level = none smtp_sasl_auth_enable = no smtp_use_tls = no
You forgot: smtpd_tls_auth_only = no Peter _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
