setting up postfix

Hey there everybody,

as this is my first post let me quickly introduce myself:

my name is Matt (as my real name would be hard to pronounce by non-german natives), I’m 25 yr old and currently I’m the admin of a small root-server hosted by well known OVH.

As I started by renting the server I looked for a solution for my own mail-server and since I’ve stucked to the groupware solution Citadel/UX. As support for PHP5 was dropped I moved from 13.2 to tumbleweed, another reason was that the current version of citadel of that time had some issues fixed in the tumbleweed release.

So my system ran for about 1 1/2 year, and with update somewhen around mid-october my citadel got stuck again with same database issues it had when I moved to tumbleweed.

As I figured out the time I switched releases as now it’s some wired bug with the database subsystem citadel uses: berkeley-db.

So I went to the support-forum then and got no reply, so I didn’t this time as I aspected I wouldn’t get any response now.

As this happend the first time I searched for other solutions, as I did now, and came up with a set-up guide for postfix linked to postfixadmin and dovecot via mysql.

I tried it then and tried it now again, but as the newest tutorial I could find was back from 2015 it didn’t worked with current releases.

What I’m looking for: an easy to configure mail system with tls-support for TCP/25 (rather: enforcement for of TLS for inter-mta communication - but as I searched the net this could cause problems with many servers not configured for inter-mta TLS) and IMAP/143 and SMTP/587 over STARTTLS for client communications.
As to be honest: postfixadmin may offer some easy administration after its setup-up correctly, but the out-of-box version installed with zypper need many adjustments to get it running. So it wouldn’t be my tool of choice.

The needed pre-requirements as correct DNS-records (A, MX and reverse PTR) and certificates signed by a well known CA (StartSSL.com) are already met, so my last set-up with citadel/ux ran perfectly.
I would preffere to also use the database as the massage-storage, too. But as I searched the web, this doesn’t seem to be a widely used configuration.

But as it seems I’m unable to get the basic setup described in some older tutorials up and running I’m here to request some help to set-up an easy but secure mail-system for personal and small community use.

I’ve also tried some other groupware solutions, but some of them simply failed to install with not so helpfull logs and others was just to over-the-top buiseness solutions not met my requirements. To be honest: some of them required a registered licence even for personal use.

I’m hoping for some hints how you guys set-up your mail-systems in order to get mine up and running again after about a month of non-availbility.

If any additional information needed for me to provide for you just let me know.

In hope to get some help and apprecating any who spend free time for my problem,

Matt

First,
In future posts, try to be as succinct as possible, and if you have a specific problem (or problems), hightlight those.

In general all mail servers are not that different although their subsystems may be different (like how they store their messages, in a database or as text files). They all should be able to communicate using standard protocols with other mail servers.

So, starting with the above you should find that setting up some default configuration supporting SMTP/SMTPS, IMAP/IMAPS, POP3/SPOP/POPS should be possible using the mailserver’s documentation. Each of the protocol pairs I listed are different and has nothing to do with another (so don’t go about mixing up SMTP with IMAPS for example which you described in your post).

Then, you have the groupware features that support collaboration like shared files/folders, mail lists, address books and more. There might even be a collaboration suite of apps that might include projects, chat or some other real time communication, all utilizing the common authentication and authorization as the account used to log in to use the email services.

Now, your subject line specifically…
Email servers generally support two types of SMTP architectures usually provided by apps like Postfix and Sendmail… It can be a “plugin” type(aka MTA for Mail Transport Agent) where the SMTP app is integrated with the mailserver, or it can be standalone. If standalone, then that version of Postfix can come from anywhere including the OSS and would be configured in standard ways. On the other hand, if it’s a plugin, then only the external interface is typically configurable because the other side would be “fixed” to the mail server so any configuration would not be modifiable.

A quick skim of the Citadel documentation suggests that by default it has an MTA architecture(so don’t turn it off without good reason), so your SMTP should pretty much be an internal process and not require any configuration. In other words, don’t install Postfix without good reason and if you do, then it should be configured as a standalone SMTP relay.

So,

Hello,

thank you for your reply, even it looks a bit unfinished.
I’m sorry if I lack the needed professionalism to post in good enough quality for this forum, I’m used to a small forum with a tight community. Let me try to be a bit more precise this time:

I’m aware of the protocls and thier different uses. Maybe it’s not clear enough what I asked. So I try it a bit different this time.
I’m looking for a small, easy to configure and secure mail-system with a minimum of additional modules. My requirements would be as follows:

standard STMP on TCP/25 for receiving mails from other MTAs - I’d like to enforce STARTTLS here so the mails get transported over a secure connection from the origin or to the destination MTA, but as I read in some posts on the net this could cause issues with some MTAs not correctly configured for TLS connections (missing the root-cert of my CA to verify, not able to use strong cipher suites my server would enforce, not supporting TLS at all, other mis-configurations) - so it might not be smart to just enforce TLS, but rather prefer it and only fallback to non-TLS connection if the other server doesn’t support it or the if the connection is not secure enough
SMTP on TCP/587 for submission from MUA - STARTTLS should be enforced as I’m the only one using this mail-server
IMAP on TCP/143 for receiving to MUA - also enforced STARTTLS
I know I could simply use SMTPS on TCP/465 and IMAPS on TCP/993, but they’re deprecated and TCP/465 already got re-asigned to some other service. As STARTTLS is the “modern” style this should be possible.
POP3 wouldn’t be needed at all - so no support for it required.

You mentioned groupware solutions, wich Citadel/UX is. But as it uses Berkeley-DB-files as backend-storage and has some wired bug in the current build wich prevents it from starting the MTA I can no longer use it. As this is the 2nd time this happen (first time could be solved by moving from 13.2 to tumbleweed - but such switch doesn’t work no more - all current builds for 13.2, 42.x, tumbleweed and factory are broken. As the citadel-package wasn’t updated in october my bet is on some bugs in current B-DB build causing this issues. Nevermind.
I also looked to other groupware solutions wich combine the needed parts, but some of them simply failed to install with log-output not helpful or doesn’t fit my needs. So I’d like to avoid such another heavy bloated up if possible, even they have some advantages for not-so-professional admins like me.

So I searched the net and got that postfix is used a lot in suse environments. So I tried to get it up and running. As the noob I am I tried the yast-setup first, but TBH - this seems to be more like a mashup of a local relay using some external SMTP and fetchmail. It’s not really useable to set-up a stand-alone MTA - or at least I’m not clever enough to get it working.
Well known additional parts to postfix are postfix-admin combined with either MySQL or PostgreSQL as config-backend, dovecot as IMAP/POP3 provider and some webmail like squirrelmail or roundcube. Sounds easy enough - some parts coupled loosely together by some common defined interfaces and protcols. And there some really good but old tutorials out there goin through it step by step. But I’m honest: I’m somehow not able to get them up and running even following them step by step and ending up with a really overloaded system with amavis and clamav (both of them I’m unable to get running since back when I rented the server in late 2014). Many time the last option was re-install of the entire system loosing anything else I had set-up like game- and web-server.

I can’t really point out where I’m failing as I’m not the crawling-throug-thousands-of-config-lines-guy but rather someone you maybe would call a “windows-one-click-kid”.
So all I asked if someone could point out some hints how you set-up your mail-system, or can point out to a current up-to-date tutorial (as I’m unable to find anything newer than early 2015).

Hopefully I pointed out my needs this time a bit better.

If groupware isn’t important to you,
Maybe you can try a very simple, basic mail server. Try deploying something very, very basic and it should at least be a useful experience which should be universally applicable to anything you might try afterwards.

So,
Although I have absolutely no experience in deploying any of these simple mailservers recently (been 'way more than a decade since I set up something so simple, yet it can always be something very useful in any network, possibly providing backup and archiving features to offload from main mail servers)…

One initial try might be to install what openSUSE recommends by installing the “Mail and News Server” pattern… Open YAST > Software Management and then the following
View (Patterns) > Server Functions > Mail and News Server

The above will automatically select a number of apps for your mail solution including
Postfix
Procmail
clama
cyrus-imapd
fetchmail
spamassasin

I noticed “yast2-mail” is not selected, so I don’t know if the above can be configured in any way by YAST, and it’s fairly full-featured, not on the bare-bones simple side… Or, install the pattern as I described above and then install the YAST module which I describe below and try it…

Alternatively, you might take a look at the following…

Taking a look at what YAST offers
View (Package Groups) > Productivity > Networking > Email > Servers

It looks like the simplest mail server listed is imap which can be installed using zypper if you wish. Since the imap mail server only handles incoming mail, be sure you also install postfix to

zypper in imap

I don’t know if it’s managable by YAST, but my guess is it probably is, so install and see if the yast mail module can configure imap and postfix. You can search for the YAST module in Software Manager or simply run the following from a root console

zypper in yast2-mail

After the above, you should see a YAST module “Mail Server” – Open it and try to configure your mail server.

HTH,
TSU

Thank you for your reply again, but sadly it didn’t jelped again.
As I already said: the yast-module yast2-mail doesn’t really support stand-alone mail-servers (maybe I should learn yast-devel and write a better one myself). It’s just to setup sendmail or postfix local as proxy using a remote smtp-server and to setup fetchmail to collect mails from other pop/imap servers. Even if it offers some setting called “enable direct receive” and can set some susefirewall-rules to open tcp/25, it doesn’t offer config options so I guess one would end up with an open relay using someones external mail-server - so I guess you could call it " how to turn your machine into a spam-mail-zombie".

I don’t have any problems using groupware solutions as they combine many modules and offer some config-panels for not-so-pro admins - but citadel was the one I used cause it was the only I got up and running. Other popular groupwares failed to setup or required a licence. So if have suggestions for a groupware - go ahead.

I just said I want to get to use postfix as it seems its one of the most common setups - even if it require additional modules like a MDA to work as a full mail-server. I found something that sounds it would fit my needs - it’s called mailcow and seems to be a basic script wich sets up some packages and offer an easy way of pre-config by a simple config-file. But I didn’t had time to test it yet. Maybe next weekend.

cya

Well, ok, it seems the edit-function is disabled here - nevermind. //EDIT: or is set to a brief time - much like my small community forum I belong to

Just a quick addition: I had a quick look inside mailcow - and it seems is a debian-only script (as much others these days - seems deb-based system prefered over rpm-based ones) - so I have to go through it step-by-step.
I’ll try this next weekend on a VM first to look if I can set it up as a test-system and see how much damage I have to enforce to my current system to get it up and running.

cya

Another quick update:

I just tried Kolab - and after tweaking the cert-generation-step (tested on a vm) to work the setup-scripts fails at config-roundcube - log says “config not defined” or something like this.

This is the kind of struggle I got into last time I tried other groupdware-solutions: the provided setup-scripts (in fact - some very old ones) fails with some wired bugs not able for me to solve just by log-output. That’s why I want to setup a basic system of postfix and needed additional parts - as I’m simply unable to install other solutions - with the exception of Citadel/UX - wich is currently stuck at some wired Berkeley-DB-bug (binaries and self-compiled from source).

Again just a quick update:

I’ve also tried Apache James wich is often refered to. But neither the compilation of source (as I’m a java-dev I understand the error-message and would likely be able to fix at least some of them - but as overall modules more than a couple 1000s errors thrown it would be simpler to re-write it from scratch than try to fix it in source) nor use of provided binaries (again lots of maybe fixable errors - but just to many and mostly caused by wrong dependency versions) works. It’s way out of reach from bein out-of-the-box useable pure-java solution.

If someone has experience with james you’re welcome for advise me how to fix the errors to get it up and running.

Hi

For what it is worth…

I am in the process of setting up a postfix/dovecot mail server and follow this (debian) tutorial. But I use openSUSE Leap 42.2

https://workaround.org/ispmail/jessie

Except for spamfilter setup this has worked out o.k.
Still working on that topic because the spamass-milter package is not available in Leap

Hey,

thanks for the reply, didn’t expected any more.

Currently I’m using Apache James - after I got it build successfully from source (wich is kind of a 50/50 game cause the git-repo is an active-dev-repo - so you can clone a commit that’s just not compileable). The Apache James project and its sub-packages are out-of-sync, so using the additional packages such as the dkim, sieve and spf ones isn’t possible. And also getting the web-client hupa build is difficult as you have to fix many dependencies yourself - and need an app-server as it’s also written in java.
I quickly set up a fresh vm and tried your link - but even on tumbleweed some of it doesn’t work - starting at package-list you need to tweak.

But thanks again for the reply anyways.
I guess I have to move to a deb-based system someday to get a good mail-server up and running.

Matt

Hi

I followed the link I had sent with Debian and CentOS7 - but failed. Probably because of my limited understanding of those distros. Using a normal LAMP setup.
So falling back onto openSUSE Leap 42.2, eventually worked! I did not have to fix dependencies though. Everything is from the main repos or from packages 1-click install. And I downloaded and installed Roundcube from their website because openSUSE had only the 1.1.x version available.