Install Postfix

When you are prompted to configure Postfix, push Enter.

Postfix Installation Ajenti Ubuntu Linux

Then make sure Internet Site is selected and push Enter.

Postfix Configuration Internet Site Ubuntu

For System mail name, put your server name without the subdomain and push Tab and then push Enter. For example, if your server’s name is john.example.com, put in example.com in this field.

Postfix Configuration System Mail Name

For Root and postmaster mail recipient, enter in the admin’s username. Push Tab and then push Enter.

Postfix Configuration Root and Postmaster Recipient

For Other destinations to accept mail for, ensure something like the following is entered in:

server1.example.com, example.com, localhost.example.com, localhost

Then push Tab and then push Enter.

Postfix Configuration Other Destinations to Accept Mail

For Force synchronous updates on mail queue, select No. Then push Tab and then push Enter.

Postfix Configuration Force Synchronous Updates Mail Queue

For Local networks, you may leave this blank to use the defaults or enter in 127.0.0.0/8. Then push Tab and then push Enter.

Postfix Configuration Local Networks Ubuntu

For Mailbox size limit (bytes), enter in 0, which means no limit. Then push Tab and then push Enter.

Postfix Configuration Mailbox Size Limit Bytes

For Local address extension character, put in a plus sign: +. Then push Tab and then push Enter.

Postfix Configuration Local Address Extension Character

For Internet protocols to use, select all. Then push Tab and then push Enter.

Postfix Configuration Internet Protocols to Use All

Postfix Configuration Finished Setup

You might see a warning like the following:

WARNING: /etc/aliases exists, but does not have a root alias

If so, type in the following:

postconf -e 'home_mailbox = Maildir/'

Then type this:

postconf -e 'mailbox_command ='

Now, we will configure Postfix to do SMTP AUTH using SASL (saslauthd). To do so, type in the following:

postconf -e 'smtpd_sasl_local_domain =' && postconf -e 'smtpd_sasl_auth_enable = yes' && postconf -e 'smtpd_sasl_security_options = noanonymous' && postconf -e 'broken_sasl_auth_clients = yes' && postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination' && postconf -e 'inet_interfaces = all'

Now, we will add two lines to /etc/postfix/sasl/smtpd.conf by typing in the following:

echo -e "pwcheck_method: saslauthd\nmech_list: plain login" >> /etc/postfix/sasl/smtpd.conf

Now, we will generate certificates to be used for TLS encryption and/or certificate Authentication by typing in the following set of commands, one at a time:

touch smtpd.key
chmod 600 smtpd.key
openssl genrsa 1024 > smtpd.key
openssl req -new -key smtpd.key -x509 -days 3650 -out smtpd.crt

When asked for a Country Name, put in the two-letter code for your country (e.g. US). For State or Province Name, enter in your state (e.g. DC). For Locality Name, enter in your city (e.g. Washington). For Organization Name, enter the name of your organization. For Organizational Unit Name, enter in anything. For the Common Name, enter in the domain name you want associated with your server (or your IP address if you don’t have a domain name). For Email Address, enter in the administrator’s email address.

Now type in the following:

openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

When asked for a PEM pass phrase, enter in a secure password. Then re-enter it when prompted. When asked for a Country Name, put in the two-letter code for your country (e.g. US). For State or Province Name, enter in your state (e.g. DC). For Locality Name, enter in your city (e.g. Washington). For Organization Name, enter the name of your organization. For Organizational Unit Name, enter in anything. For the Common Name, enter in the domain name you want associated with your server (or your IP address if you don’t have a domain name). For Email Address, enter in the administrator’s email address.

Now, enter in the following set of commands:

mv smtpd.key /etc/ssl/private/ && mv smtpd.crt /etc/ssl/certs/ && mv cakey.pem /etc/ssl/private/ && mv cacert.pem /etc/ssl/certs/

Next, enter in the following set of commands to configure Postfix to do TLS encryption for both incoming and outgoing mail:

postconf -e 'smtp_tls_security_level = may' && postconf -e 'smtpd_tls_security_level = may' && postconf -e 'smtpd_tls_auth_only = no' && postconf -e 'smtp_tls_note_starttls_offer = yes' && postconf -e 'smtpd_tls_key_file = /etc/ssl/private/smtpd.key' && postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt' && postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem' && postconf -e 'smtpd_tls_loglevel = 1' && postconf -e 'smtpd_tls_received_header = yes' && postconf -e 'smtpd_tls_session_cache_timeout = 3600s' && postconf -e 'tls_random_source = dev:/dev/urandom' && postconf -e 'myhostname = server1.example.com'

In case you accidentally exit the Postfix configuration too early or do not see the Postfix configuration menu, simply type in the following to re-configure Postfix:

dpkg-reconfigure postfix