How to Install and Configure Postfix as send-only SMTP Server on Ubuntu 20.04
5 min read

How to Install and Configure Postfix as send-only SMTP Server on Ubuntu 20.04

In this tutorial, you will install and configure Postfix. Postfix is a Mail Transfer Agent. It is an application useful for sending and receiving emails.
How to Install and Configure Postfix as send-only SMTP Server on Ubuntu 20.04

Introduction

Before we begin talking about how to install and configure Postfix as a send-only SMTP Server on Ubuntu 20.04, let's understand - What is Postfix?

Postfix is a Mail Transfer Agent. It is an application useful for sending and receiving emails. Postfix is easily used to send emails by local applications. Also, if you manage a cloud server where the applications are to send the email notifications then, running a local, send-only SMTP server is a better choice.

In this tutorial, you will install and configure Postfix on Ubuntu 20.04.

Perquisites

  • Ubuntu 20.04 machine.
  • Complete the initial setup procedure. You should have a standard user account with sudo privileges.
  • A valid domain name, like example.com, is pointing to the server.

Step 1 - Installing Postfix

1) Firstly, you need to update the package database:

sudo apt update

2) Now, install Postfix using the below command:

sudo apt install mailutils

3) You will get to see the Postfix configuration window at the end of the installation process:

postfix configuration

4) The recommended option for your use case in Internet Options. Now, you need to press TAB and then Enter. If you are able to see the description text, then press TAB to select Ok and then hit ENTER.

5) If it doesn't come up automatically, you will have to run the following command:

sudo dpkg-reconfigure postfix

6) Now, you will get one more configuration prompt for the System main name:

postfix configuration

It should be similar to the name you assigned to the server you created earlier. Once you are done with it, press TAB and then hit ENTER.

The installation part is done, now you can start configuring it.

Step 2 - Configuring Postfix

1) Now, let's configure Postfix so that it can send and receive emails only from the server on which it is running - i.e. localhost.

Configure Postfix so that it can listen only on the loopback interface. For this to happen you will have to edit the configuration file main.cf which is stored under etc/postfix.

2) Edit it using the editor of your choice:

sudo nano /etc/postfix/main.cf

3) Search for the following lines in /etc/postfix/main.cf:

mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

4) Now, change the line inet_interfaces = all to inet_interfaces = loopback-only.

mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only

5) Now, modify mydestination which gives the list of domains delivered via local_transport.

mydestination = $myhostname, your_domain, localhost.com, , localhost

7) Change the line in the following manner:

mydestination = localhost.$mydomain, localhost, $myhostname

8) If your domain is a subdomain and you want email messages to appear as if they are sent from the main domain, add the following line at the end of main.cf:

masquerade_domains = your_main_domain

9) Now, save and close the file you were editing.

10) To restart Postfix, use the following command:

sudo systemctl restart postfix

Configuration to send email from your server is completed. You can test it by sending an example message to an email address.

Step 3 - Test SMTP Server to Send Emails

1) You will use mail command, which is part of the mailutils package that you installed previously for sending a test email:

echo "This is the body of the email" | mail -s "This is the subject line" [email protected]
Note: Make sure to replace your_email_address with a valid email that you can access.

2) Now, check your inbox if you have received the email or not. If it's not present in your inbox then check the spam folder. All your emails are unencrypted as of now, once you encrypt them, then the service provider won't consider it as spam.

3) If you are getting an error in the mail command or your email id undelivered even after a prolonged period then check if the Postfix configuration is valid or not.

4) Please note that the address in the From field will be in the [email protected]_domain format. Where your_user_name is the username of the server user from which you ran the command/

Step 4 - Forwarding System Mail

1) Now, you will set up email forwarding for root users. It helps in forwarding your system-generated messages to get forwarded to an external address.

You can find the list of alternate names for email recipients in /etc/aliases. You can edit them using the following command:

sudo nano /etc/aliases

2) It looks like the below command in the default state:

postmaster:    root

It specifies that the system-generated email are being sent to root.

3) Now, add the following line at the end of the file:

root:          your_email_address

4) Now, system-generated emails will be forwarded to the email you gave above. Make sure to replace your_email_address with your personal email. Once done, save and close the file.

5) Run the following command to apply the changes:

sudo newaliases

6) You will now test it, by sending an email to the root account by command:

echo "This is the body of the email" | mail -s "This is the subject line" root

You will then receive an email at your email address. If not, then check the spam folder.

Step 5 - Enable SMTP Protection

Now, let's enable the encryption by requesting a free TLS certificate from Let's Encrypt.

1) Install Certbot which is present by default in the Ubuntu Package Repository using the following command:

sudo apt install certbot

2) Type Y to confirm.

3) Now, enable the HTTP port 80 to complete the domain verification. Use the below command:

sudo ufw allow 80

You will get the below output:

Output

Output
Rule added
Rule added (v6)

4) After that, run Certbot to get a certificate:

sudo certbot certonly --standalone --rsa-key-size 4096 --agree-tos --preferred-challenges http -d your_domain

You will get an output like below:

Output

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for `your_domain`
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
 /etc/letsencrypt/live/your_domain/fullchain.pem
 Your key file has been saved at:
 /etc/letsencrypt/live/your_domain/privkey.pem
 Your cert will expire on 2020-07-11. To obtain a new or tweaked
 version of this certificate in the future, simply run certbot
 again. To non-interactively renew *all* of your certificates, run
 "certbot renew"
- If you like Certbot, please consider supporting our work by:

 Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 Donating to EFF:                    https://eff.org/donate-le

Your certificate and the private key is saved under /etc/letsencrypt/live/your_domain.

5) Now, open main.cf for editing:

sudo nano /etc/postfix/main.cf

6) Look for the below section in /etc/postfix/main.cf:

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may

smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

7) Replace your_domain with your domain to update your TLS settings:

# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/your_domain/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/your_domain/privkey.pem
smtpd_tls_security_level=may

smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

8) Save and close the file once you are done.

9) Restart Postfix to apply the changes.

sudo systemctl restart postfix

10) After that, try to send an email again using the below command:

echo "This is the body of an encrypted email" | mail -s "This is the subject line" your_email_address

Conclusion

We hope this tutorial helped you to install and configure Postfix as send-only SMTP Server on Ubuntu 20.04.

If you have any queries or doubts, please leave them in the comment below. We will be happy to answer them.