Table of Contents
Postfix
Completed 2018-06-27
- Finished mysql configuration of postfix
- Connected smtp & smtpd to sluug.org wildcard cert
- Disabled postgrey
- All other filters already disabled
- Verify postfixadmin before cutover
- PLAIN login method changed to TLS
- (requires TLS connection before sending password)
Email system testing successful 2018-06-28
ToDo
- Configure maildir for new users in postfixadmin
- Setup and enable SpamAssassin or rspamd
- Setup and enable clamav
- Setup and enable Amavisd?
- Setup and configure Webalizer
postgrey
Configuration
Create new "/etc/postgrey/whitelist_recipients.local". Edit it to add the one added "slack@craigbuchek.com" line from "/etc/postfix/postgrey_whitelist_recipients" copied from amber. Delete "/etc/postfix/postgrey_whitelist_recipients" copied from amber. Use /etc/postgrey/whitelist_recipients installed by default, don't change.
Use "/etc/postgrey/whitelist_clients" installed by default, don't change. Delete "/etc/postfix/postgrey_whitelist_clients" copied from amber which was not changed from default on amber.
Rename "/etc/postfix/postgrey_whitelist_clients.local" copied from amber to "/etc/postgrey/whitelist_clients.local". Edit this to delete or comment all SLUUG servers no longer operating.
Edit /etc/default/postgrey to add to the POSTGREY_OPTS variable:
--inet=127.0.0.1:10023 Replaces --inet=10023
--delay=240
--auto-whitelist-clients=4
--max-age=95
Restart the postgrey daemon:
systemctl stop postgrey systemctl status postgrey systemctl start postgrey systemctl status postgrey
Check logs "/var/log/daemon.log" and "/var/log/mail.info". netstat –all –numeric –numeric-ports | egrep 'Address|10023' ps -ef | egrep 'PID|postgrey'
Edit "/etc/postfix/main.cf". Check port in main.cf should now be port 10023 and not 60000. The test to be added to "smtpd_recipient_restrictions" is "check_policy_service inet:127.0.0.1:10023,". An example is:
smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination,
check_policy_service inet:127.0.0.1:10023
Reload the postfix daemon:
systemctl reload postgrey systemctl status postgrey
Check log "/var/log/mail.info".
Test sending mail from an external system.
Continue to monitor "/var/log/mail.info".
Additional information
Files and directories of interest:
- /etc/init.d/postgrey - Startup script
- /etc/default/postgrey - Startup options
- /etc/postgrey/ - All config files except startup options
- /var/lib/postgrey/ - Database files
Search finds comments that postgrey doesn't support systemd, and systemd is using "a shim" to just run the init script.
When stopping, expect to see errors logged about Couldn't unlink "/var/run/postgrey.pid". However, it is properly created when started and deleted when stopped.
