How to Install Postfix on Ubuntu

(argh, forgot to back up my postfix work. i have to start fresh, so this is an opportunity to document work.)

# first get a superuser shell with sudo
sudo -s

apt-get install mailutils
apt-get install postfix
apt-get install mailman
apt-get install spamassassin
apt-get install courier-imap
apt-get install courier-imap-ssl
apt-get install courier-pop
apt-get install courier-pop-ssl

# unfortunately, we need to install apache2 because we're going to install
# the roundcube mail client

apt-get install apache2
apt-get install roundcube

# install the sqlite client so that we don't need to deal with mysql
apt-get install sqlite3

# to simulate a network, we need to install BIND so we can make some
# fake domains and mx records.  
apt-get install bind9

# also should install the ufw firewall management package to configure the firewall
apt-get install ufw

My fake networks all end with the .lo domain. The subdomain I’ll use for the mailserver is riceball.lo. The machines will be desktop.riceball.lo, imap.riceball.lo, smtp.riceball.lo, and pop3.riceball.lo. The goal is to conform to the Thunderbird autoconfig style, so that guessing works.

In addition, I’ll set up two more test domains, slaptech.lo and indymedia.lo. This way, I can test mail delivery across domains (and eventually across machines).

In Ubuntu Linux, add to /etc/bind/named.conf.default-zones, three new zones:

zone "riceball.lo" {
  type master;
  file "/etc/bind/db.riceball.lo";
}; 
zone "slaptech.lo" {
  type master;
  file "/etc/bind/db.slaptech.lo";
};
zone "indymedia.lo" {
  type master;
  file "/etc/bind/db.indymedia.lo";
};

And make the file db.riceball.lo. This is mine, but you should tailor yours to your LAN:

$ORIGIN riceball.lo.
@ IN  SOA riceball.lo. root.lo. (
            5   ; Serial
         200    ; Refresh
         200    ; Retry
         200    ; Expire
         800 )  ; Negative Cache TTL
;
@ IN  NS  ns.riceball.lo.
@ IN  A 192.168.111.2
@ IN  AAAA  ::1
@ IN  MX 10 smtp.riceball.lo.
ns IN A 192.168.111.2
mail  IN   A 192.168.111.2
smtp  IN   CNAME mail
smtps IN   CNAME mail
imap  IN   CNAME mail
imaps IN   CNAME mail
pop   IN   CNAME mail
pops  IN   CNAME mail
pop3  IN   CNAME mail
pop3s IN   CNAME mail

Slaptech.lo is a domain that uses the riceball.lo mail system.

; db.slaptech.lo
$ORIGIN slaptech.lo.

@   IN  SOA slaptech.lo. root.lo. (
                  5     ; Serial
               200      ; Refresh
               200      ; Retry
               200      ; Expire
               800 )    ; Negative Cache TTL
;
@   IN  NS  ns.riceball.lo.
; note that the A record is a different address
; because we want to simulate a different host
@   IN  A   192.168.111.3
@   IN  AAAA    ::2
@ IN  MX 10 smtp.riceball.lo.
mail  IN   A 192.168.111.2
smtp  IN   CNAME mail
smtps IN   CNAME mail
imap  IN   CNAME mail
imaps IN   CNAME mail
pop   IN   CNAME mail
pops  IN   CNAME mail
pop3  IN   CNAME mail
pop3s IN   CNAME mail

Indymedia.lo is also a domain that uses the riceball.lo mail system.

;db.indymedia.lo
$ORIGIN indymedia.lo.

@   IN  SOA indymedia.lo. root.lo. (
                  5     ; Serial
               200      ; Refresh
               200      ; Retry
               200      ; Expire
               800 )    ; Negative Cache TTL
;
@   IN  NS  ns.riceball.lo.
; note that the A record is a different address
; because we want to simulate a different host
@   IN  A   192.168.111.4
@   IN  AAAA    ::3
@ IN  MX 10 smtp.riceball.lo.
mail  IN   A 192.168.111.2
smtp  IN   CNAME mail
smtps IN   CNAME mail
imap  IN   CNAME mail
imaps IN   CNAME mail
pop   IN   CNAME mail
pops  IN   CNAME mail
pop3  IN   CNAME mail
pop3s IN   CNAME mail

Configure Network Manager (if you’re using that)

Once BIND is configured, you need to make sure that your computer (and any computers that will participate in this little LAN) point to your computer for DNS. Chances are, they get their DNS from the DHCP server, and the DHCP server is the home router, which also runs a DNS proxy or a small DNS with a hosts file.

Open up Network Manager and edit the relevant interface. Click on the “IPv4 Settings” tab, and set the DNS servers to 127.0.0.1 or whatever the IP address of this DNS server is.

You can then test the DNS:

root@johnk-desktop:/etc/postfix# nslookup mail.riceball.lo
Server:     127.0.1.1
Address:    127.0.1.1#53

Name:   mail.riceball.lo
Address: 192.168.111.2

Well, isn’t that special?

Configuring Postfix

Out of the box, on Ubuntu Linux at least, Postfix + Courier * starts up with a lot of ports open, and a lot of services running. So getting the services running on mail.riceball.lo was my next goal. That was enabled by editing /etc/postfix/main.cf, altering a line to look like this:

inet_interfaces = mail.riceball.lo

If you look back at the bind files, you’ll see that mail.*.lo was set to 192.168.111.2 – they all have the same IP address for mail.*. So I’m only going to specify it once here.

You can run nmap and see what’s running on our current setup:

Nmap scan report for mail.riceball.lo (192.168.111.2)
Host is up (0.0000060s latency).
Not shown: 993 closed ports
PORT    STATE SERVICE
25/tcp  open  smtp
53/tcp  open  domain
80/tcp  open  http
110/tcp open  pop3
143/tcp open  imap
993/tcp open  imaps
995/tcp open  pop3s

And a quick telnet to the server

% telnet mail.riceball.lo 25
Trying 192.168.111.2...
Connected to mail.slaptech.lo.
Escape character is '^]'.
220 johnk-desktop ESMTP Postfix (Ubuntu)
quit
221 2.0.0 Bye

Testing Outgoing Mail

Try sending a mail to an external address:

mail johnk@riceball.com
Subject: testing
test
Ctrl-D

The type mailq to see that it’s going out. You may need to use sudo.

If it’s stuck in the queue, check /etc/postfix/main.cf contains:

mynetworks_style = subnet
mynetworks = 192.168.111.0/24 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
smtp_use_tls = yes

Except with your LAN’s IP addresses as one of the mynetwork values.

If that doesn’t work, your ISP may be blocking port 25. The workarounds are to request port 25 to be opened, or to use your ISP’s relay. If it’s your ISP’s relay, set this value:

relayhost = outbound.att.net

With the machine name replaced by your ISP’s smtp server.

ATT, in this example, only supports SMTP over SSL. That’s not the standard. The standard is to support STARTTLS. However, using SSL on port 465 is the traditional secured SMTP port, so we have to contend with that.

A way to do that is outlined here: http://www.linuxquestions.org/qu…

Basically, you need to install stunnel: apt-get install stunnel

Then you need to set up the SSL tunnel.

Then you need to force your mail server to connect to the local side of the tunnel.

TODO below

To test outgoing mail, we will route to the internet. To test incoming mail, we send from one of the *.lo domains to another *.lo domain.

To test mail across servers, we fire up a second server and migrate all the Indymedia.lo configuration to that machine. Then, we change the BIND file for slaptech.lo so it looks like below. Then we send mail across the domains.

new slaptech.lo.

References

https://help.ubuntu.com/community/PostfixBasicSetupHowto
https://help.ubuntu.com/community/BIND9ServerHowto