Postfix server and nullclient updated

alainwolf · Mar 5, 2023 · ab98bc6 · ab98bc6
1 parent 1419b4a
commit ab98bc6
Show file tree

Hide file tree

Showing 2 changed files with 66 additions and 61 deletions.
diff --git a/desktop/config-files/etc/postfix/main.cf b/desktop/config-files/etc/postfix/main.cf
@@ -1,13 +1,7 @@
 # See /usr/share/postfix/main.cf.dist for a commented, more complete version
 
-# Debian specific:  Specifying a file name will cause the first
-# line of that file to be used as the name.  The Debian default
-# is /etc/mailname.
-# Where do mails I send out come from?
-myorigin = /etc/mailname
-
 # Disable backwards compatibility
-compatibility_level=2
+compatibility_level = 3.6
 
 # Fully qualified domain name of this host
 myhostname = torres.example.net
@@ -33,13 +27,11 @@ smtp_sasl_password_maps = hash:/etc/postfix/smtp_password
 
 # Do I need to verify remote SMTP servers certificate?
 smtp_tls_security_level = secure
-smtp_tls_secure_cert_match = nexthop
 
 # Where are CA files stored to verify TLS certificates?
 smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
 
-# Do I need to log TLS certificate validation results?
+# Should I log TLS certificate validation results?
 smtp_tls_loglevel = 1
 
-
 #-*- mode: ini; tab-width: 4; indent-tabs-mode:nil  -*-
diff --git a/desktop/postfix-null.rst b/desktop/postfix-null.rst
@@ -40,25 +40,6 @@ The connection needs to be encrypted by TLS.
 Prerequisites
 -------------
 
-Mail-Server Account
-^^^^^^^^^^^^^^^^^^^
-
-Like your desktop mail client any other client, **torres** will need to login
-(as "torres@example.net"), before being allowed to deliver mails on
-**mail.example.net**.
-
-We therefore create a mail account for it on our mail server.
-
-Create a mail account password for the mail account **torres@example.net**::
-
-    $ pwgen --secure 32 1
-    ********
-
-`Create a mail account </server/mail/virtual.html#adding-a-mailbox>`_ for your
-workstation on your mail server. You can use the mail servers
-:doc:`/server/mail/vimbadmin` for that.
-
-
 Installation
 ------------
 
@@ -80,30 +61,53 @@ The installation process will ask you a series of questions:
 Unfortunately the "null client" configuration we need here is not in the list.
 Therefore we have to choose: "No configuration" here.
 
+If you are installing on a Raspberry Pi running Debian::
+
+    sudo apt install libsasl2-modules
+
 
 Postfix Configuration
 ---------------------
 
-Make a copy of the sample configuration file::
+Create an empty Postfix configuration file::
+
+    $ sudo touch /etc/postfix/main.cf
+
 
-    $ sudo cp /etc/postfix/main.cf.proto /etc/postfix/main.cf
+Main Configuration File
+^^^^^^^^^^^^^^^^^^^^^^^
+
+Fortunately a "null client" needs very little configuration. Just a few of
+lines in the file
+:download:`/etc/postfix/main.cf <config-files/etc/postfix/main.cf>` are
+enough:
 
+.. literalinclude:: config-files/etc/postfix/main.cf
+    :language: ini
+    :linenos:
 
-Set the group for postfix to run tasks in :file:`/etc/postfix/main.cf`::
 
-    # setgid_group: The group for mail submission and queue management
-    # commands.  This must be a group name with a numerical group ID that
-    # is not shared with other accounts, not even with the Postfix account.
-    #
-    setgid_group = postdrop
+Or you coould set those with command-lines using `postconf`::
 
+    sudo postconf compatibility_level=3.6
+    sudo postconf myhostname=$(hostname -f)
+    sudo postconf inet_interfaces=loopback-only
+    sudo postconf mydestination=
+    sudo postconf virtual_alias_maps=regexp:/etc/postfix/virtual_alias
+    sudo postconf relayhost=[mail.example.net]:submission
+    sudo postconf smtp_sasl_auth_enable=yes
+    sudo postconf smtp_sasl_security_options=noanonymous
+    sudo postconf smtp_sasl_password_maps=hash:/etc/postfix/smtp_password
+    sudo postconf smtp_tls_security_level=secure
+    sudo postconf smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
+    sudo postconf smtp_tls_loglevel=1
 
 Client Authentication
 ^^^^^^^^^^^^^^^^^^^^^
 
-As mentioned before, for the central mail server **mail.example.net**, our
-workstation is just another mail client, which needs to login before being
-allowed to send any mails.
+Like your desktop mail client any other client, **torres** will need to login
+(as "torres@example.net"), before being allowed to deliver mails on
+**mail.example.net**.
 
 This is how we tell our workstation to login on the remote server
 **mail.example.net**.
@@ -114,18 +118,36 @@ The format is
 
     `<SMTP server> <user-name>:<password>`
 
-::
+Create a mail account password for the mail account **torres@example.net**::
 
-    mail.example.net torres@example.net:********
+    $ SMTP_PASSWORD="$(pwgen --secure 32 1)"
+    $ echo "mail.urown.net torres@example.net:${SMTP_PASSWORD}" |sudo tee /etc/postfix/smtp_password
+    ********
 
+Note the displayed password, you will need it to setup the account on the
+mail-server later.
 
 After that update the relevant postfix database and protect it::
 
-    $ sudo postmap /etc/postfix/smtp_password
+    $ sudo postmap hash:/etc/postfix/smtp_password
     $ sudo chown root:root /etc/postfix/smtp_password*
     $ sudo chmod 0600 /etc/postfix/smtp_password*
 
 
+Mail-Server Account
+^^^^^^^^^^^^^^^^^^^
+
+As mentioned before, for the central mail server **mail.example.net**, our
+workstation is just another mail client, which needs to login before being
+allowed to send any mails.
+
+We therefore create a mail account for it on our mail server.
+
+`Create a mail account </server/mail/virtual.html#adding-a-mailbox>`_ for your
+workstation on your mail server. You can use the mail servers
+:doc:`/server/mail/vimbadmin` for that.
+
+
 Rerouting Local Mails
 ^^^^^^^^^^^^^^^^^^^^^
 
@@ -166,21 +188,6 @@ changes have been made to :file:`/etc/postfix/virtual_alias`:
     $ sudo postmap /etc/postfix/virtual_alias
 
 
-Main Configuration File
-^^^^^^^^^^^^^^^^^^^^^^^
-
-Fortunately a "null client" needs very little configuration. Just a few of
-lines in the file
-:download:`/etc/postfix/main.cf <config-files/etc/postfix/main.cf>` are
-enough:
-
-.. literalinclude:: config-files/etc/postfix/main.cf
-    :language: ini
-    :linenos:
-
-
-
-
 Configuration Check
 ^^^^^^^^^^^^^^^^^^^
 
@@ -189,9 +196,15 @@ Configuration Check
     $ sudo postfix check
 
 
-Reload Postfix
---------------
+Restart Postfix
+---------------
 
 ::
 
-    sudo systemctl reload-or-restart postfix.service
+    sudo systemctl restart postfix.service
+
+
+Send a test Mail::
+
+    echo "Hello World" | mail -s "Test Message" root
+