====== Configure Postfix Mail Relay ======

It is assumed that following has been configured:

  * You have a primary mail Server. [[http://dokuwiki.orionmail.org/raspberrypi_email_server|Click here]] to configure a Mail Server
  * You have a Postfix mail relay Server. [[http://dokuwiki.orionmail.org/postfix_relay_server|Click here]] to configure a Postfix mail relay

===== Relay Server Tasks =====

First install the following:
<code>

apt-get install libsasl2-modules
apt-get install sasl2-bin

</code>

Create a file /etc/postfix/sasl/smtpd.conf:

<code>
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: plain login

</code>

Add an user to sasldb2

<code>
saslpasswd2 -c -u domain user
sasldblistusers2

</code>

Postfix needs /etc/sasldb2 in his chroot environment. One solution is to change init script to copy sasldb2 at startup.

In /usr/lib/postfix/configure-instance.sh, add etc/sasldb2 in the variable FILES :

<code>
        FILES="etc/localtime etc/services etc/resolv.conf etc/hosts \
            etc/host.conf etc/nsswitch.conf etc/nss_mdns.config etc/sasldb2"

</code>

Edit Postfix configuration:

Type the following at the terminal:

<code>
postconf -e 'smtpd_sasl_local_domain = $myhostname'
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'

</code>

Restart (reloading is not enough) postfix:

<code>
service postfix restart
systemctl daemon-reload

</code>

==== Main.cf modifications ====

Edit /etc/postfix/main.cf

Ensure that **mynetworks**  includes the Primary mail Server's IP address: such as **82.68.17.190/32**

<code>
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128, localhost, 82.68.17.190/32, 185.195.232.168/32, 185.195.232.148/32

</code>

Also check:

**mydestination**  should include the domain that this relay Server will be servicing. Such as: **flakie.org**  etc

<code>
mydestination = $myhostname, flakie.org, localhost, localhost.localdomain, localhost

</code>

**smtpd_recipient_restrictions**  should be added or set as below:

<code>
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

</code>

**relay_domains**  should be added as below:

<code>
relay_domains = $mydestination

</code>

Save /etc/postfix/main.cf

==== Master.cf Modifications ====

Edit /etc/postfix/master.cf

Ensure the line: **"50070 inet n - y - - smtpd"**is added. It allows smtpd traffic on port 50070. This will be the communication between the primary email Server and the relay Server.

<code>
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
50070      inet  n       -       y       -       -       smtpd

</code>

Add the following underneath the line above:

<code>
submission inet n       -       y       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

</code>

Add the following underneath the line above:

<code>
smtps     inet  n       -       y       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

</code>

Save /etc/postfix/master.cf

===== Primary Mail Server Tasks =====

==== Main.cf modifications ====

Edit /etc/postfix/main.cf

Ensure the following is added underneath **mydestination. **This is the IP of the relay Server and the port expressed in the master.cf file.

<code>
relayhost = 212.71.234.106:50070

</code>

Add the following at the bottom of the file:

<code>
# outbound relay configurations
smtpd_sasl_auth_enable = yes
smtpd_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_sasl_security_options = noanonymous
smtpd_tls_security_level = may
header_size_limit = 4096000

</code>

Save /etc/postfix/main.cf

==== Other Modifications ====

Create the following file:

/etc/postfix/sasl_passwd

Enter the following to the top line of the file:

<code>
[212.71.234.106]:50070           root:compu1er

</code>

The above is the IP of the relay Server along with the port. Additionally add the username and password as created in the 3rd of the relay tasks

Save the file.

Finally type the following command:

<code>
postmap /etc/postfix/sasl_passwd

</code>

The above creates a database-like file so postfix can read it