Sending unlimited emails (outbound traffic) without limit is mostly restricted by third-party email service providers.
It is therefore necessary to configure Postfix as a Send Only SMTP Server, especially in cases where apps need to send regular email notifications.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform Postfix Email server configuration tasks.
In this context, we shall look into how to install and configure Postfix as a Send-Only SMTP Server.
To configure Postfix as a Send-Only SMTP Server, you need to follow the steps provided below:
i. Installing Postfix
ii. Configuring Postfix
iii. Testing the SMTP Server
iv. Forwarding System Mail
v. Enabling SMTP Encryption
Now you will see each of these steps in details.
Here, you will see how to install Postfix with the mailutils package. This package bundles Postfix with a few supplementary programs that help us to test sending emails.
a. As with any other software installation, let us first update the package database:
b. Then, install Postfix by running the following command:
$ sudo apt install mailutils
c. At the end of the installation process, we will be presented with the Postfix configuration window. Press Enter to see the next screen which shows options to select.
It includes four types of configurations;
i. Internet site
ii. Internet with smarthost
iii. Satellite system
iv. Local Only
d. Next, select Internet Site from the menu, then press TAB to select <Ok>, then ENTER.
e. The default option is the Internet Site. We are good to go with configuration, so press TAB, and then ENTER. If it shows only the description text, press TAB to select OK, then ENTER.
f. If it does not show up automatically, run the following command to start it:
$ sudo dpkg-reconfigure postfix
g. After that, we will get another configuration prompt regarding the System mail name:
Enter the domain name, then press TAB to select <Ok>, ENTER.
h. The System mail name must be the same as the name assigned to the server when we were creating it. Then, press TAB, followed by ENTER.
Now we have installed Postfix and ready to start its configuration.
The next step is to configure Postfix to send and receive emails only from the localhost. For this, we need to make some changes to the Postfix configuration file located at "/etc/postfix/main.cf".
a. Open this file with any available text editor and find the following lines:
. . .
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
. . .
b. Change the value of the inet_interfaces setting to loopback-only.
c. Another directive we will need to modify is mydestination, which specifies the list of domains that are delivered via the local_transport mail delivery transport. By default, the values are similar to these:
. . .
mydestination = $myhostname, your_domain, localhost.com, , localhost
. . .
d. Change the line to look like this:
. . .
mydestination = localhost.$mydomain, localhost, $myhostname
. . .
For the mails sent from subdomains to look as if they were sent from the main domain, we can add the line "masquerade_domains = your_main_domain" to the end of main.cf.
The optional masquerade_domains setting specifies the domains for which the subdomain will be stripped off in the email address.
Once the changes are made, save and close the file.
e. Then, restart Postfix by running the following command:
sudo systemctl restart postfix
In this step, we will test whether Postfix can send emails to an external email account using the mail command.
To send a test email, run the following command:
$ echo "This is the body of the email" | mail -s "This is the subject line" your_email_address
Now, check the email address to which we sent this message. We should see the message in your inbox.
If we receive an error from the mail command, or we have not received a message after a prolonged period of time, check that the Postfix configuration we edited is valid and that our server's name and hostname are set to the domain.
Note that with this configuration, the address in the From field for the test emails we send will be in the form of "your_user_name@your_domain", where "your_user_name".
In this step, we will set up email forwarding for user root, so that system-generated messages sent to it on the server get forwarded to an external email address.
The "/etc/aliases" file contains a list of alternate names for email recipients.
Now, Open it for editing by running the command:
$ sudo nano /etc/aliases
In its default state, it looks like this:
# See man 5 aliases for format
postmaster: root
The only directive present specifies that system-generated emails are sent to root.
Add the following line to the end of the file:
...
root: your_email_address
With this line, we specify that emails sent to root end up being forwarded to an email address. Remember to replace your_email_address with your personal email address. When we are done, save and close the file.
For the change to take effect, run the following command:
$ sudo newaliases
Running newaliases will build up a database of aliases that the mail command uses, which are taken from the config file we just edited.
Test that sending emails to root works by running:
$ echo "This is the body of the email" | mail -s "This is the subject line" root
We should receive the email at the email address.
We will now enable SMTP encryption by requesting a free TLS certificate from Let’s Encrypt for the domain (using Certbot) and configuring Postfix to use it when sending messages.
Ubuntu includes Certbot in their default package repositories, so we can install it by running the following command:
$ sudo apt install certbot
When asked for confirmation, type Y, and press ENTER.
We need to configure the UFW firewall to allow the HTTP port 80 for the domain verification to complete. Run the following command to enable it:
$ sudo ufw allow 80
The output will look like this:
Rule added
Rule added (v6)
Now that the port is open, run Certbot to get a certificate:
$ sudo certbot certonly --standalone --rsa-key-size 4096 --agree-tos --preferred-challenges http -d your_domain
This command orders Certbot to issue certificates with an RSA key size of 4096 bits, to run a temporary standalone webserver (–standalone) for verification, and to check via port 80 (–preferred-challenges http).
Remember to replace your_domain with your domain before running the command, and enter your email address when prompted.
Now that we have our certificate, open main.cf for editing with any available text editor and edit the TLS parameters with the following values:
# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/your_domain/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/your_domain/privkey.pem
smtpd_tls_security_level=may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
Note to modify it by replacing your_domain with your domain where necessary. Once you are done, save and close the file.
Apply the changes by restarting Postfix:
$ sudo systemctl restart postfix
Now, try sending an email again:
$ echo "This is the body of an encrypted email" | mail -s "This is the subject line" your_email_address
We will more likely see the message immediately in the inbox.
This article will guide you on how to perform configuration of Postfix as a Send Only SMTP Server which involves a series of steps that include installing postfix and modifying the configuration file.