Smokes your problems, coughs fresh air.


Enabling authentication and SSL for Postfix on Debian

I used this document as main source. This blogpost is also useful.

First install libsasl2 and configure it. Enable it in /etc/default/sasl.

First make the sasl config file in /etc/postfix/sasl which says:

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

Then configure the ssl paramters in postfix (the following is deprecated. See aforementioned official postfix docs for good way):

# According to official docs, this should be in one pem file.
# This should be smtp_tls_security_level = may, because use_tls is deprecated.
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
# I don't know if this one is also needed.
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
# When TLS encryption is optional in the Postfix SMTP server, do not announce or accept SASL authentication over unencrypted connections. 

Then enable the three smtps lines in

smtps     inet  n       -       -       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes

Then you need to do some hacking to get the jailed postfix to access /var/run/saslauthd:

rm -r /var/run/saslauthd/
mkdir -p /var/spool/postfix/var/run/saslauthd
ln -s /var/spool/postfix/var/run/saslauthd /var/run
chgrp sasl /var/spool/postfix/var/run/saslauthd
# Add user postfix to group sasl
adduser postfix sasl

Then you should be good to go. Start all daemons.

Configuring fetchmail to deliver to Zimbra with custom header added

I needed to fetch mail from a POP3 account and deliver it to a Zimbra account. Because I’m doing this for multiple POP3 accounts, I want to add a header which I can use in Zimbra to filter. This is what we made:

poll server user "user" pass "secret" mda "formail -A 'X-Zimbra-To:'| /opt/zimbra/postfix/sbin/sendmail -i -t"

The -i tells sendmail to ignore a single dot on a line, because that would normally mean end of mail. The -t is “to” (not the header “To:“).

It is a bit unclear why postfix delivers locally to Zimbra, since doing mail routes through an external SMTP server, which is configured in Zimbra to be used as MTA for outgoing mail. It is configured as ‘webmail MTA’.

Using Fetchmail to deliver to another SMTP host and user

If you want to fetch mail from several accounts and relay them to another SMTP host and user, you can use fetchmail. Define a .fetchmailrc like this:

defaults proto POP3 no keep fetchall smtphost ssl
set no bouncemail
set no spambounce
set logfile /home/mailchecker/.fetchmail.log
poll user "test" pass "test" smtpname
# more accounts to poll... 

Configuring a Debian satellite Exim server

A very common way to configure Exim on a Debian machine, is to make it a ‘satellite’; a server which uses another SMTP server for sending and does not do local delivery, the latter being the difference with a ‘smarthost’. It can be used by other computers in the network to send mail, but also by the machine itself, to send system notifications and such (one of my favorite apps, arpwatch, for example).

The following needs to be in /etc/update-exim4.conf:

dc_smarthost='[your SMTP server]'

The following needs to be in /etc/mailname:


[mailname] is the same in both locations, and is simply the FQDN (world wide, not just local, such as which should appear after the @-sign. The reason that it must entered in both places, is because both have a different function. ‘etc/mailname’ Takes care of putting the specified domain after the @-sign if you mail to, for example, root. The ‘dc_other_hostnames’ is to let the server know that this is the machine that handles that domain. If you don’t specify the ‘dc_other_hostnames’, the server will just try to send it to the next relay. BTW, ‘dc_other_hostnames’ is colon (;) seperated.

Make sure the FQDN you use exists, otherwise a lot of mailservers refuse to accept it. What I don’t understand, though, is that in my experience, whatever you use as domain doesn’t have to exist as MX record, but just as an A record.

Also don’t forget to include an alias for root in /etc/aliases. I usually let all mail sent to root be sent to a local user, and alias that local user to an outside e-mail address.

© 2024 BigSmoke

Theme by Anders NorenUp ↑