Postfix Null Client
Install and configure postfix for send-only email from host to
a relay, optionally using SSL/TLS.
This is commonly called an email null client .
2022-08-03 Ubuntu 20.04-22.04, Raspbian buster-bullseye, macOS 10.13-12.5
The example used is based upon:
Local host
ironbark.home.arpa
Local system user
graham
Mail domain
geddy.au
Mail domain target for local system user
fred.nerk @geddy.au
Installation
macOS installation
macOS has postfix pre-installed. Although it is an old version,
it is usable and need not be installed from macports .
After every macOS update, this has to be re-reconfigured.
It helps to save a copy of /etc/postfix
and just overwrite
the provided one each time.
Ubuntu installation
graham:~ sudo apt install postfix mailutils bsd-mailx libsasl2-modules
Select Satellite site in popup configuration,
though it matters not what option is selected –
it is about to be completely overwritten.
Configuration
graham:~ sudo systemctl stop postfix # stop postfix for updating
graham:~ cd /etc/postfix
graham:/etc/postfix sudo vi main.cf
/etc/postfix/main.cf
replace all content
# Basic Null (send only) Postfix - ironbark.home.arpa
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# A safety net that causes Postfix to run with
# backwards-compatible default settings after an upgrade to a newer Postfix
# version. See http://www.postfix.org/COMPATIBILITY_README.html.
#
# new installs: set to 2
compatibility_level = 2
# The UNIX system account that owns the Postfix queue and most Postfix daemon
# processes. Specify the name of an unprivileged user account that does not
# share a user or group ID with other accounts, and that owns no other files
# or processes on the system. In particular, don't specify nobody or daemon.
# PLEASE USE A DEDICATED USER ID AND GROUP ID.
#
# debian: default, leave un-commented
#mail_owner = postfix
# macos: uncomment
#mail_owner = _postfix
# The group ownership of set-gid Postfix commands and of group-writable
# Postfix directories.
#
# debian: default, leave commented-out
#setgid_group = postdrop
# macos: uncomment
#setgid_group = _postdrop
##::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
## MTA Identification
##::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
# The internet hostname of this mail system.
#
myhostname = ironbark.home.arpa
# The domain name that locally-posted mail appears to come from, and
# that locally posted mail is delivered to.
#
# debian: default, leave commented-out
#myorigin = /etc/mailname
# macos: default, leave commented-out
#myorigin = $hostname
# The list of domains that are delivered via the $local_transport mail
# delivery transport.
#
mydestination = ironbark .$mydomain ironbark localhost.$mydomain localhost
# The list of "trusted" remote SMTP clients that have more privileges
# than "strangers". In particular, "trusted" SMTP clients are allowed
# to relay mail through Postfix.
#
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
##::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
## LOCAL RECEIVE
##::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
## SENDMAIL(1) :::::::::::::::::::::::::::::::::::::::::::::::::::::::
##::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
## LOCAL DELIVERY
##::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
## LOCAL(8) - LOCAL MAIL DELIVERY ::::::::::::::::::::::::::::::::::::
## Compatability
# Whether or not to use the local biff service.
#
biff = no
## Delivery Method
# The alias databases that are used for local(8) delivery.
#
alias_maps = hash:/etc/aliases
# The alias databases for local(8) delivery that are updated with
# "newaliases" or with "sendmail -bi".
#
alias_database = hash:/etc/aliases
# The set of characters that can separate a user name from its
# extension (example: user+foo), or a .forward file name from its
# extension (example: .forward+foo).
#
recipient_delimiter = +
## Resource Controls
# The maximal size of any local(8) individual mailbox or maildir
# file, or zero (no limit).
#
mailbox_size_limit = 0
## TRIVIAL-REWRITE(8) ::::::::::::::::::::::::::::::::::::::::::::::::
## Address Rewriting Rules
# With locally submitted mail, append the string ".$mydomain" to
# addresses that have no ".domain" information.
#
append_dot_mydomain = no
##::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
## NETWORK RECEIVE
##::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
# The network interface addresses that this mail system receives mail on.
# The parameter also controls delivery of mail to user@[ip.address].
#
inet_interfaces = loopback-only
# The Internet protocols Postfix will attempt to use when making or
# accepting connections.
#
inet_protocols = ipv4, ipv6
##::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
## NETWORK DELIVERY
##::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
# The next-hop destination(s) for non-local mail; overrides
# non-local domains in recipient addresses.
#
# debian (except buster):
relayhost = smtp.geddy.au , mail.isp .com.au
# buster: uncomment one
#relayhost = smtp.geddy.au
#relayhost = mail.isp .com.au
# macos: requires :port, uncomment one
#relayhost = smtp.geddy.au :587
#relayhost = mail.isp .com.au:25
## SMTP(8) - SMTP/LMTP CLIENT ::::::::::::::::::::::::::::::::::::::::
# Optional lookup tables that perform address rewriting in the
# Postfix SMTP client, typically to transform a locally valid
# address into a globally valid address when sending mail across
# the Internet.
# i.e. convert local (internal) domain to external domain
#
smtp_generic_maps = hash:/etc/postfix/generic
## SASL
# Enable SASL authentication in the Postfix SMTP client.
#
smtp_sasl_auth_enable = yes
# Optional Postfix SMTP client lookup tables with one user-
# name:password entry per sender, remote hostname or next-hop
# domain.
#
# ensure 'relayhost=' value in sasl maps
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
# Postfix SMTP client SASL security options; as of Postfix 2.3 the
# list of available features depends on the SASL client implemen-
# tation that is selected with smtp_sasl_type.
#
smtp_sasl_security_options = noanonymous
## SSL or STARTTLS
# The default SMTP TLS security level for the Postfix SMTP client;
# when a non-empty value is specified, this overrides the obsolete
# parameters smtp_use_tls, smtp_enforce_tls, and
# smtp_tls_enforce_peername.
#
# select one (except macos; STARTTLS only)
# STARTTLS
smtp_tls_security_level = may
# SSL/TLS
#smtp_tls_security_level = encrypt
# The external entropy source for the in-memory tlsmgr(8) pseudo
# random number generator (PRNG) pool.
#
#tls_random_source = dev:/dev/urandom
graham:/etc/postfix sudo vi sasl_password
/etc/postfix/sasl_password
new file
# passwords to SMTP servers
smtp.geddy.au robot@geddy.au :robot 's password
mail.isp .com.au isp-username :isp-password
Ensure the relay hosts in sasl_password
match the
relayhosts
in main.cf
by name,
and by ports if any.
Example presumes the domain mail server has an account robot
for automated connections.
Some other account might be more suitable for that server.
The file contains clear text passwords
so be wary of its perms.
graham:/etc/postfix sudo chmod 600 sasl_password
graham:/etc/postfix sudo postmap sasl_passwd
graham:/etc/postfix sudo vi /etc/aliases
/etc/aliases
replace all content
# local delivery address aliases
postmaster: root
admin: root
root: root@geddy.au
graham: fred.nerk@geddy.au
nobody: /dev/null
Ensure root
forwarded to reliable destination.
Add local system accounts (e.g. graham
)
if they exchange email.
graham:/etc/postfix sudo newaliases
graham:/etc/postfix sudo vi generic
/etc/postfix/generic
replace all content
# rewrite local address headers inside message that is being sent.
# the delivery address has already been formulated, probably as an alias
# local address have been configured using local domain
root@ironbark.home.arpa root+ironbark @geddy.au
graham @ironbark.home.arpa fred.nerk +ironbark @geddy.au
# catch all
@ironbark.home.arpa root+ironbark @geddy.au
Add rewrites for any email-active local system users,
such as graham @localhost
→
fred.nerk @geddy.au
above.
graham:/etc/postfix sudo postmap generic
graham:/etc/postfix sudo vi master.cf
/etc/postfix/master.cf
add highlighted lines
relay unix - - y - - smtp
# macos: comment out -o syslog_name
-o syslog_name=postfix/$service_name
# macos: add -o smtp_fallback_relay
scache unix - - y - 1 scache
# macos: comment out postlog (datagram not supported)
postlog unix-dgram n - n - 1 postlogd
graham:/etc/postfix sudo systemctl start postfix # start postfix again
graham:/etc/postfix sudo systemctl status postfix
Confirm postfix started without errors.
graham:/etc/postfix sudo postsuper -d ALL # purge outgoing mail queue
graham:/etc/postfix mailx -s test root < /dev/null
graham:/etc/postfix mailq
Testing: confirm outgoing queue empty and message arrived where
root
mail is redirected.