CNK's blog

A Send-Only Email Server

Our ZenPhoto install wants to be able to notify us when there are new comments. I also may eventually want to set up exception notifications for some of my dynamic sites. At least for now, I don’t want to run a full-blown mail server for our domains; I don’t want to deal with spam detection and restricting who can use the mail server to relay mail, etc. But I know that many of the common Unix email servers can be configured so that they don’t receive mail and only send mail if it originates on one or more specific servers. I don’t have a lot of experience setting up mail servers. The ones I am most familiar with are qmail (which is what ArsDigita used everywhere) and Postfix. I am betting that it will be easier to set up Postfix on Ubuntu so let’s look for some instructions.

Installing Postfix

There are some promising looking instructions on the Digital Ocean site - for Postfix on Ubuntu 14.04. Postfix is apparently the default mail server for Ubuntu because sudo apt-get install mailutils installs postfix as one of the “additional packages”. The install process asked me two questions: what kind of mail server configuration I needed (I chose ‘Internet Site’), and what is the domain name for the mail server. I debated whether I should leave this set to the hostname for the server, which is a subdomain of one of our domains, or if I should set it to just the domain. Tim may have our domain name registrar set up for email forwarding for the domain so it may be slightly safer to configure this mail server with the subdomain. And it will make it a lot clearer to me where the email is coming from.

$ sudo apt-get install mailutils
...
... Lots of install info....
...
Setting up postfix (2.11.0-1ubuntu1) ...
Adding group `postfix' (GID 114) ...
Done.
Adding system user `postfix' (UID 106) ...
Adding new user `postfix' (UID 106) with group `postfix' ...
Not creating home directory `/var/spool/postfix'.
Creating /etc/postfix/dynamicmaps.cf
Adding tcp map entry to /etc/postfix/dynamicmaps.cf
Adding sqlite map entry to /etc/postfix/dynamicmaps.cf
Adding group `postdrop' (GID 115) ...
Done.
setting myhostname: trickster.ictinike.org
setting alias maps
setting alias database
changing /etc/mailname to trickster.ictinike.org
setting myorigin
setting destinations: trickster.ictinike.org, localhost.ictinike.org,
, localhost
setting relayhost:
setting mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
setting mailbox_size_limit: 0
setting recipient_delimiter: +
setting inet_interfaces: all
setting inet_protocols: all
/etc/aliases does not exist, creating it.
WARNING: /etc/aliases exists, but does not have a root alias.

Postfix is now set up with a default configuration.  If you need to
make changes, edit /etc/postfix/main.cf (and others) as needed.
To view Postfix configuration values, see postconf(1).

After modifying main.cf, be sure to run '/etc/init.d/postfix reload'.

Running newaliases
 * Stopping Postfix Mail Transport Agent postfix
    ...done.
 * Starting Postfix Mail Transport Agent postfix
    ...done.
Processing triggers for ufw (0.34~rc-0ubuntu2) ...
Processing triggers for ureadahead (0.100.0-16) ...
Setting up mailutils (1:2.99.98-1.1) ...
update-alternatives: using /usr/bin/frm.mailutils to provide /usr/bin/frm (frm) in auto mode
update-alternatives: using /usr/bin/from.mailutils to provide /usr/bin/from (from) in auto mode
update-alternatives: using /usr/bin/messages.mailutils to provide /usr/bin/messages (messages) in auto mode
update-alternatives: using /usr/bin/movemail.mailutils to provide /usr/bin/movemail (movemail) in auto mode
update-alternatives: using /usr/bin/readmsg.mailutils to provide /usr/bin/readmsg (readmsg) in auto mode
update-alternatives: using /usr/bin/dotlock.mailutils to provide /usr/bin/dotlock (dotlock) in auto mode
update-alternatives: using /usr/bin/mail.mailutils to provide /usr/bin/mailx (mailx) in auto mode
Processing triggers for libc-bin (2.19-0ubuntu6.6) ...

Configuring Postfix to only accept mail from localhost

The installer had set up Postfix to listen on all available interfaces. So netstat -ltpn shows

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      2028/mysqld
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      11341/sshd
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      15201/master
tcp6       0      0 :::80                   :::*                    LISTEN      2176/apache2
tcp6       0      0 :::22                   :::*                    LISTEN      11341/sshd
tcp6       0      0 :::25                   :::*                    LISTEN      15201/master

So, following the instructions, I edited /etc/postfix/main.cf and changed inet_interfaces = all to inet_interfaces = localhost and restarted the postfix service. Now I see postfix only on the local interface (ipv4 and ipv6):

tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      15405/master
tcp6       0      0 ::1:25                  :::*                    LISTEN      15405/master

I tested email sending with: echo "test email body" | mail -s "Test email" cnk@<destination> and it went through just fine. YEAH!

Now, I need to forward system mail (e.g. root mail) to me. To do this, I need to add a line to /etc/aliases for root + the destination emails. Then I got the new entries in /etc/aliases into /etc/aliases.db by running the newaliases command. I tested the new root works by sending a second test email: echo "test email body" | mail -s "Test email for root" root And this one also got to me.

There was an additional section about how to protect my domain from being used for spam - especially in this case, being impersonated. The article on setting up an SPF record doesn’t look too hard - if the service we are using to do DNS lets us set that up. I’ll have to look into it when we are switching DNS.

Configuring Email in ZenPhoto

Having the ability to get root mail is good - but the main reason I wanted email on this server was for ZenPhoto’s comment functionality. So now, on the plugin page of the ZenPhoto admin site, there is a Mail tab with two options. For now I chose zenphoto_sendmail which just uses the PHP mail facility to send mail using the local mail server.

Comments