====== Postfix ======

------------------------------------------------------------------------------------------------------------------------------------------------\\

====== Simple setup for printer liaison ======

<WRAP center round box >
on Raspberry Pi for Office 365 Direct Send

<code>
inet_interfaces = all
inet_protocols = all
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains = 
masquerade_exceptions = root
mydestination = $myhostname, localhost.$mydomain, localhost
myhostname = mailserver1.contorseau.com
mynetworks_style = subnet
#mynetworks = 127.0.0.0/8 10.1.0.0/16
relayhost = contorseau-com.mail.protection.outlook.com:25


</code>


^ DNS entry ^ Value |
| SPF |	v=spf1 ip4:<Static IP Address> include:spf.protection.outlook.com ~all |


From <https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365> 

SpamHaus Blocked List - remove IP by going to bottom of "view details" 

https://www.spamhaus.org/query/ip/xx.xxx.xxx.xxx

Don’t panic!
The inclusion of your IP address on the Policy Blocklist (PBL) is standard for the vast majority of internet users and is not the result of your actions. Here are some key PBL facts for your understanding:
	• Being on this list does not mean you won’t be able to send emails.
	• You do not need to request removal from PBL.
	• This listing is controlled by your Internet Service Provider (ISP), not Spamhaus.
	• Your ISP lists ranges of IP addresses that shouldn’t be sending email directly to the internet.
	• Typically, IPs of broadband or dial-up customers will be included in this list.
	• This is part of Internet best practices enacted to protect all users.

From <https://check.spamhaus.org/> 


</WRAP>
 
====== Postfix Smtp sasl TLS ======


<WRAP center round box >

I need to use postfix to send email from openSUSE Leap 42.3, I configured it using Yast → Network Services → Mail Server, then in the outgoing mail, I selected use TLS and I did the configuration under Authentication option (so I placed the domain of the outgoing server, the username and the password of the email that I am going to use it).

https://forums.opensuse.org/t/postfix-for-sending-email-on-port-465-using-ssl/140203

<code>
# enable SASL authentication
smtp_sasl_auth_enable = yes

# disallow methods that allow anonymous authentication.
smtp_sasl_security_options = noanonymous

# where to find sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

# Enable STARTTLS encryption
smtp_use_tls = yes

# where to find CA certificates
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

Had to also include
smtp_tls_security_level = encrypt
smtp_tls_wrappermode = yes

view with journalctl 

</code>

https://www.linode.com/docs/guides/postfix-smtp-debian7/

</WRAP>

====== Viewing Postfix Syslog ======

<WRAP center round box >

When your Postfix service logs into the Syslog, you can view these logs with the journactl utility. If you don't know what is the journald and journactl, you can read the tutorial How to Control Journald with Journalctl.

Let's view the Syslog records that belongs to the Postfix service by executing journactl:
 

    $ journalctl -u postfix@-.service


https://betterstack.com/community/guides/logging/how-to-start-logging-with-postfix/

</WRAP>




====== Reference ======

https://calomel.org/postfix.html

http://www.patrickpatoray.com/index.php?Page=47

http://bsdwiki.reedmedia.net/wiki/View_the_Sendmail_or_Postfix_mail_queue.html


====== xrdp on openSuse ======

<WRAP center round box >
2023-11-12

xrdp from X11:RemoteDesktop project
Select Your Operating System

From <https://software.opensuse.org/download/package?package=xrdp&project=X11%3ARemoteDesktop> 

</WRAP>





====== mailq ======

mailq - list que


====== Postfix Server ======

  * Do not add user to Postfix Server with Yast **User Manager** Password as Xxyy0000
    * This test should fail - can test with<code>testsaslauthd - u username -p password -s smtp</code>
  * Setup email routing in Postfix
    * use: Kate editor "Management" session
      * Change file virtual
        * If person leaves - Make Alias with person's email address to forward to someone else
      * Change file transport
        * Add pointer to **smtp.server.COM**
        * Some special cases go to the exchange system  firstname.lastname@domain.com smtp:[192.0.2.2]"
      * Then run postmap /etc/postfix/transport
      * Then run postmap /etc/postfix/virtual
  * If added to Yast then add user from Batch update list on Postfix Server
    * use: Kate editor "Management" session.
    * Change** Emailaddresses.txt** to Add user.

====== Delete One from Postfix Mail Queue ======

<code bash>
sudo postsuper -d D45F2E4478
</code>

http://linux.die.net/man/1/postsuper

====== Empty Postfix Mail Queue ======

<code>sudo postsuper -d ALL</code>

====== Send all email now ======

<code linux>
postqueue -f
</code>

http://linux.die.net/man/1/postqueue

====== List all email now ======

<code linux>
postqueue -p
</code>

====== test sasl authorization ======

<code linux>
testsaslauthd -u username -p password -s smtp
</code>

====== library.linode.com/beginners-guide ======

http://library.linode.com/beginners-guide/



====== Postfix relayhost ======

From: http://www.freelock.com/kb/postfix-relayhost

These are the basic steps to set up Postfix to use SMTP Authentication to send mail through a relay host.

<code>Set up a password maps file (/etc/postfix/sasl_passwd) as follows:

mail.ispserver.com username:password

chown root:root /etc/postfix/sasl_passwd; chmod 600 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd
In /etc/postfix/main.cf:

**Note:** relayhost=[2345.2345.23454.2345]:1025


relayhost = mail.ispserver.com
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =

postfix reload
</code>

Also, if this is the first SASL service installed on the machine, make sure there's an appropriate SASL plugin installed:

<code>urpmi --media main libsasl2-plug-login libsasl2-plug-plain--</code>


That should do it! Postfix will log into the relay host using the smtp auth username and password. It's possible to set different logins for different servers, by adding more lines to the map file. Security options must be cleared to allow plaintext logins.

From: http://www.howtoforge.com/postfix_relaying_through_another_mailserver

====== Setup Postfix ======

  * **Enable postfix.service**
    * <code>systemctl enable postfix.service</code>
    * Postfix runs at level 3 and 5
    * postfix automatically starts


====== difference between service and systemctl ======

http://forums.fedoraforum.org/showthread.php?t=261945

service operates on the files in /etc/init.d and was used in conjunction with the old init system. systemctl operates on the files in /lib/systemd . If there is a file for your service in /lib/systemd it will use that first and if not it will fall back to the file in /etc/init.d

**systemctl**

http://fedoraproject.org/wiki/Systemd

http://crashmag.net/useful-systemd-commands

**List the current run level**

<code>systemctl list-units --type=target</code>

====== Postfix Quick Summary ======

http://www.akadia.com/services/postfix_mta.html

====== test saslauthd ======

 
<code>testsaslauthd - u username -p password -s smtp</code>

====== Systemd_Cheatsheet ======

http://fedoraproject.org/wiki/SysVinit_to_Systemd_Cheatsheet


^  systemd Command  ^  Notes  |
|systemctl start frobozz.service|Used to start a service (not reboot persistent)|
|systemctl stop frobozz.service|Used to stop a service (not reboot persistent)|
|systemctl restart frobozz.service|Used to stop and then start a service|
|systemctl reload frobozz.service|When supported, reloads the config file without interrupting pending operations.|
|systemctl condrestart frobozz.service|Restarts if the service is already running.|
|systemctl status frobozz.service|Tells whether a service is currently running.|
|ls /lib/systemd/system/*.service /etc/systemd/system/*.service systemctl list-units ~-~-all|Used to list the services that can be started or stopped\\ Used to list all the services and other units|
|systemctl enable frobozz.service|Turn the service on, for start at next boot, or other trigger.|
|systemctl disable frobozz.service|Turn the service off for the next reboot, or any other trigger.|
|systemctl is-enabled frobozz.service|Used to check whether a service is configured to start or not in the current environment.|
|ls /etc/systemd/system/*.wants/frobozz.service|Used to list what levels this service is configured on or off|
|systemctl daemon-reload|Used when you create a new service file or modify any configuration|


^  sysvinit Runlevel  ^  systemd Target  ^  Notes  |
|0|runlevel0.target, poweroff.target|Halt the system.|
|1, s, single|runlevel1.target, rescue.target|Single user mode.|
|2, 4|runlevel2.target, runlevel4.target, multi-user.target|User-defined/Site-specific runlevels. By default, identical to 3.|
|3|runlevel3.target, multi-user.target|Multi-user, non-graphical. Users can usually login via multiple consoles or via the network.|
|5|runlevel5.target, graphical.target|Multi-user, graphical. Usually has all the services of runlevel 3 plus a graphical login.|
|6|runlevel6.target, reboot.target|Reboot|
|emergency|emergency.target|Emergency shell|

====== /lib/systemd/system/postfix.service ======

<code>
# This file is part of package postfix.
#
# Copyright (c) 2011 SuSE LINUX Products GmbH, Germany.
# Author: Werner Fink
# Please send feedback to http://www.suse.de/feedback
#
# Description:
#
#  Used to start the postfix Mail Transport Agent service
#  which handles all mails stored at /var/spool/postfix/ and
#  all connections on port 25 aka smtp at localhost as well
#  as on all other network interfaces.
#

[Unit]
Description=Postfix Mail Transport Agent
Requires=var-run.mount nss-lookup.target network.target remote-fs.target syslog.target time-sync.target
After=var-run.mount nss-lookup.target network.target remote-fs.target syslog.target time-sync.target
Wants=amavis.service mysql.service cyrus.service ldap.service openslp.service ypbind.service
After=amavis.service mysql.service cyrus.service ldap.service openslp.service ypbind.service
Before=mail-transfer-agent.target
Conflicts=sendmail.service exim.service

[Service]
Type=forking
PIDFile=/var/spool/postfix/pid/master.pid
ExecStartPre=-/bin/echo 'Starting mail service (Postfix)'
EnvironmentFile=-/etc/sysconfig/postfix
ExecStartPre=/etc/postfix/system/update_chroot
ExecStartPre=/etc/postfix/system/rebuild_tables
ExecStart=/usr/sbin/postfix start
ExecStartPost=/etc/postfix/system/wait_qmgr 60
ExecStartPost=/etc/postfix/system/cond_slp register
ExecReload=/usr/sbin/postfix reload
ExecReload=/usr/sbin/postfix flush
ExecStop=/usr/sbin/postfix stop
ExecStopPost=/etc/postfix/system/cond_slp deregister

[Install]
WantedBy=multi-user.target
</code>

====== Managing the Mail Queue ======

  * Listing the mail queue
    * <code>mailq</code>
  * Delete One from Postfix Mail Queue
    * <code>sudo postsuper -d D45F2E4478</code>
  * Empty Postfix Mail Queue
    * <code>sudo postsuper -d ALL</code>
  * Send all email now
    * <code>postqueue -f</code>
  * The postcat command displays the content of a message in a mail queue.
    * <code>postcat -q F2B9715C0B3</code>
  * The postconf command displays all the configuration parametere
    * <code>postconf | grep "qu"</code>


http://www.patrickpatoray.com/index.php?Page=47

http://bsdwiki.reedmedia.net/wiki/View_the_Sendmail_or_Postfix_mail_queue.html

====== bounce_queue_lifetime ======

|**bounce_queue_lifetime** (default: 5d)|The maximal time a bounce message is queued before it is considered undeliverable.\\ By default, this is the same as the queue life time for regular mail.\\ Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).\\ The default time unit is d (days).\\ Specify 0 when mail delivery should be tried only once.\\ This feature is available in Postfix 2.1 and later.|
|**maximal_queue_lifetime** (default: 5d)|The maximal time a message is queued before it is sent back as undeliverable.\\ Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).\\ The default time unit is d (days).\\ Specify 0 when mail delivery should be tried only once.|

====== Must Read: Acting as a relay server ======

http://www200.pair.com/mecham/spam/reject_unverified.html

====== Postfix can answer "550 No Such User Here." ======

|**relay_recipient_maps** (default: empty)|Optional lookup tables with all valid addresses in the domains that match $relay_domains.\\ Specify @domain as a wild-card for domains that have no valid recipient list, and become a source of backscatter mail:\\  Postfix accepts spam for non-existent recipients and then floods innocent people with undeliverable mail.\\ Technically, tables listed with $relay_recipient_maps are used as lists:\\  Postfix needs to know only if a lookup string is found or not, but it does not use the result from table lookup.\\ If this parameter is non-empty, then the Postfix SMTP server will reject mail to unknown relay users. This feature is off by default.\\ See also the relay domains address class in the ADDRESS_CLASS_README file.|

Example:

<code>
relay_recipient_maps = hash:/etc/postfix/relay_recipients
</code>

This feature is available in Postfix 2.0 and later.


**INPUT FILE FORMAT**

http://www.postfix.org/postmap.23454.html

  * The format of a lookup table input file is as follows:
    * A table entry has the form
    * **key whitespace value**

====== Postfix - Exchange Server Mailrelay to Postfix ======

http://postfix.state-of-mind.de/patrick.koetter/mailrelay/

http://www-personal.umich.edu/~malth/gaptuning/postfix/

====== Catch-all for Postfix ======

Only works for virtual addresses not assigned to real mailboxes. we are not defining many emails that go to real addresses.

http://www.postfix.org/VIRTUAL_README.html

<code> 5 /etc/postfix/virtual:
 6     postmaster@example.com postmaster
 7     info@example.com       joe
 8     sales@example.com      jane
 9     # Uncomment entry below to implement a catch-all address
10     # @example.com         jim
11     ...virtual aliases for more domains...
</code>

Line 10: the commented out entry (text after #) shows how one would implement a catch-all virtual alias that receives mail for every example.com address not listed in the virtual alias file. This is not without risk. Spammers nowadays try to send mail from (or mail to) every possible name that they can think of. A catch-all mailbox is likely to receive many spam messages, and many bounces for spam messages that were sent in the name of anything@example.com.

====== Postfix SMTP AUTH ======

http://postfix.state-of-mind.de/patrick.koetter/smtpauth/index.html

====== Copy All Messages ======

|always_bcc (default: empty)|Optional address that receives a "blind carbon copy" of each message that is received by the Postfix mail system.\\  Note: if mail to the BCC address bounces it will be returned to the sender.\\  Note: automatic BCC recipients are produced only for new mail. To avoid mailer loops, automatic BCC recipients are not generated after Postfix forwards mail internally, or after Postfix generates mail itself.|

====== Standard Accounts ======

3.5 Are there any other addresses I should accept?

You should also accept mail sent to what are known as 'role' accounts. These are some standard addresses that are defined by RFC 2142. RFC 2142 is a recommendation, not a requirement, but you should accept mail sent to 'postmaster' (which is a required address - see RFC 822) and 'abuse' as a minimum.

The addresses recommended by RFC 2142 are:

<code>
postmaster
abuse
webmaster
info
sales
security
hostmaster
support
marketing
noc
usenet
news
www
uucp
ftp
These are in roughly descending order of importance. Most sites support the first seven, 
but the others are really optional: if you don't use the 'uucp' program (a very old program
from the early days of the Internet), there's no need for you to have 'uucp@mydomain'.
</code>
Be aware that spammers will send spam to all these addresses.

====== warning: not enough free space in mail queue: < 1.5*message size limit ======

http://readlist.com/lists/lists.debian.org/debian-user/2/11860.html

  * What does df say?
    * <code>df -lh</code>

====== Delivering messages to the Users ======

It is interesting that we are using postfix to deliver messages to people but no local mailboxes are used.
We have specified each and every address in the transport file so that they are sent to specific smtp servers.

====== Using Command Line to Add Batch of Users to Postfix Machine ======

[[attach:msg00454.pdf|Yast Command Line Add User]]


[[http://mzugec.blogspot.com/2008/06/command-line-interface.html|Yast Command Line Interface]]

====== DNS Info (Reference) ======

<code>
/etc/resolv.conf
</code>

http://www.linux.org/docs/ldp/howto/DNS-HOWTO.html

====== Postfix message size limit and mailbox limit ======

http://muhdzamri.blogspot.com/2007/02/postfix-mailbox-size-limit-and-message.html

====== Set IP's Who can Automatically Send Through Postfix ======

<code>
mynetworks = 2345.2345.23454.0/28, 127.0.0.0/8
</code>

====== main.cfg file format ======

http://www.postfix.org/postconf.5.html

====== Resource Controls ======

http://www.postfix.org/resource.html

<code>
postconf (list the postfix configuration)

postconf  | grep size

postconf -d (list the defaults for postfix)
</code>

====== Display of Postfix Configuration "size" Search ======

<code>Machine2:~ # postconf -d | grep size
berkeley_db_create_buffer_size = 16777216
berkeley_db_read_buffer_size = 131072
body_checks_size_limit = 51200
bounce_size_limit = 50000
header_size_limit = 102400
mailbox_size_limit = 51200000
message_size_limit = 10240000
</code>

====== Configure Postfix For Relaying all Mail Through mail45.safesecureweb.com ======

We do not relay
<code>#------------------- relay -----------------------------------------------------
#relayhost = mail45.safesecureweb.com
</code>
But we are set up do do so if need be!

<code>#------------------- smtp (outgoing) -----------------------------------------------------
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = 
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
</code>

==== Reference ====

[[http://www.howtoforge.com/postfix_relaying_through_another_mailserver]]

To configure our Postfix server for relaying emails through smtp.example.com, we run

<code>postconf -e 'relayhost = smtp.example.com'
postconf -e 'smtp_sasl_auth_enable = yes'
postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd'
postconf -e 'smtp_sasl_security_options ='
</code>

====== Use TLS (Transport Layer Security) ======

http://www.postfix.org/postconf.5.html#smtp_tls_security_level

The default SMTP TLS security level for the Postfix SMTP client; when a non-empty value is specified, this overrides the obsolete parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.


https://help.ubuntu.com/community/Postfix

Generate certificates to be used for TLS encryption and/or certificate Authentication:

====== broken_sasl_auth_clients ======

broken_sasl_auth_clients = yes

Was configured in  Postfix 2012-02-20 and before. Do not think we need this. although ASSP had some problems with authorization of Exchange due to outdated AUTH command.

Enable inter-operability with remote SMTP clients that implement an obsolete version of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook Express version 4 and MicroSoft Exchange version 5.0.

Specify "broken_sasl_auth_clients = yes" to have Postfix advertise AUTH support in a non-standard way.

====== smtpd_sender_dependent_authentication ======

<code>smtpd_sender_dependent_authentication = yes - Not A Valid Parameter</code>



====== local domain class for  ======

|Domain names are listed with the mydestination parameter.|mydestination =  $myhostname, localhost.$mydomain, mailserver.domain.com\\ myhostname = mailserver2.domain.com,\\ localhost.$mydomain = (localhost.(default of myhostname - first component = domain.com)) = localhost.domain.com,\\ mailserver1.domain.com|
|This domain class also includes mail for user@[ipaddress] when the IP address is listed with the inet_interfaces | inet_interfaces = all = 1222.1628.2122.22345|
|or proxy_interfaces parameters. |proxy_interfaces = 2246.2246.2246.2246, 22345.2345.2345.2345|

====== The virtual alias domain class ======

each recipient address is aliased to a local UNIX system account or to a remote address.

|Domain names|<code>
virtual_alias_domains = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual
</code>|

Every address must be aliased to some other address.

====== Virtual Domains ======

[[http://www.akadia.com/services/postfix_separate_mailboxes.html]]


====== Postfix On New Server ======

------------------------------------------------------------------------------------------------------------------------------------------------\\

====== Steps to Install Postfix on ASSP Server as a backup. ======

== Setup Postfix ==


[[Postfix|See "Setup Postfix"]]

== Copy Files ==

  * /etc **aliases**
    * forward the **root** email to something meaningful like **default@domain.com**
    * Aliases are rather simple to set up. You should add any aliases that you want under the heading: # Put your local aliases here. If you want to alias root so that it is delivered to default@domain, then you would do the following:
root: default@domain.com
You can add as many aliases as you want for a person. When you are done, you MUST run the following command for Postfix to load the aliases (starting and stopping Postfix will NOT reload the aliases file):
**sudo newaliases**
**postalias /etc/aliases**

  * /etc/postfix **main.cf**
    * Copy as is

  * /etc/postfix **master.cf**
    * Just change the port to 1025

  * /etc/postfix **sasl_passwd**
    * postmap /etc/postfix/sasl_passwd

  * /etc/postfix **transport**
    * Copy as is

  * /etc/postfix **virtual**
    * Copy as is

  * **etc/sasl2/smtpd.conf**
    * if this file has been changed

== Add Users For SMTP Authorization ==

  * **Emailaddresses.txt**
    * copy file and modify for newest list of users
    * remove all "spaces" before or after the "commas" (spaces cause errors and the individual is skipped)

  * **suse_AddNewusers**
    * reads Emailaddresses.txt and adds to users through yast
    * the file Emailaddresses.txt must be referenced as full path like "/root/Desktop/Emailaddresses.txt".

  * **Test Authentication**
    * testsaslauthd - u username -p password -s smtp

== Run Services ==

  * **postfix**
  * **saslauthd**

====== SASL_README ======

http://www.postfix.org/SASL_README.html

====== Individual Command Lines in main.cf ======

  * alias_maps = hash:/etc/aliases
    * Default has two aliase databases. I think one is setup by suse install. We do use the alias file.

  * biff = no
    * Suse install changes this. Sets the biff notification service off.

  * broken_sasl_auth_clients = yes
    * allow obsolete authorization like old outlook express

  * canonical_maps = hash:/etc/postfix/canonical
    * Turned on but we do not use.

  * daemon_directory = /usr/lib/postfix
    * Suse install.

  * html_directory = /usr/share/doc/packages/postfix/html
    * Suse install

  * inet_protocols = all
    * ipv4 or ipv6 depending on OS

  * mailbox_size_limit = 0
    * Eliminate size limit. we really do not keep any mail on server

  * manpage_directory = /usr/share/man
    * Suse install

  * masquerade_exceptions = root
    * Eliminate any changing of **root** by masquerading

  * mydestination = $myhostname, localhost.$mydomain, mailserver1.domain.com
    * This we setup as our local destinations

  * mydomain = domain.com
    * our domain

  * myhostname = mailserver2.domain.com
    * name of this mailserver

  * mynetworks = 2345.2345.23454.0/28, 127.0.0.0/8
    * On our network some of the servers get cart blank to email through this postfix server.

  * mynetworks_style = subnet
    * Postfix ignores this when mynetworks is specified by hand. (Which we do.)
 
  * myorigin = $mydomain
    * domain.com

  * proxy_interfaces = 2345.2345.2345.2345, 2345.2345.2345.2345
    * our external ip addresses

  * readme_directory = /usr/share/doc/packages/postfix/README_FILES
    * Suse install

  * relay_domains = $mydestination, domainname.com, domainnamegroup.net
    * The domains that we freely relay to because this is the end of the line

  * relocated_maps = hash:/etc/postfix/relocated
    * Set but we do not use

  * sample_directory = /usr/share/doc/packages/postfix/samples
    * Suse install

  * sender_canonical_maps = hash:/etc/postfix/sender_canonical
    * Set but we do no use.

  * setgid_group = maildrop
    * Suse install.

  * smtp_sasl_auth_enable = yes
    * We want authentication on sending.

  * smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    * Username and password for sending through another smtp host. We do not use now but use to send through hostmysite.

  * smtp_sasl_security_options = 
    * Options are for dis-allowing

  * smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

  * smtpd_sasl_auth_enable = yes

  * transport_maps = hash:/etc/postfix/transport
    * every person must be accounted for in this file

  * virtual_alias_domains = hash:/etc/postfix/virtual

  * virtual_alias_maps = hash:/etc/postfix/virtual
    * maps multiple email addresses to one user
    * can map one email address to multiple email addresses

  * virtual_mailbox_maps = hash:/etc/postfix/virtualMailbox
    * not used


====== Postfix ======

------------------------------------------------------------------------------------------------------------------------------------------------\\

====== Postfix relayhost ======

From: http://www.freelock.com/kb/postfix-relayhost

These are the basic steps to set up Postfix to use SMTP Authentication to send mail through a relay host.

<code>Set up a password maps file (/etc/postfix/sasl_passwd) as follows:

mail.ispserver.com username:password

chown root:root /etc/postfix/sasl_passwd; chmod 600 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd
In /etc/postfix/main.cf:

**Note:** relayhost=[192.168.1.246]:1025


relayhost = mail.ispserver.com
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =

postfix reload
</code>

Also, if this is the first SASL service installed on the machine, make sure there's an appropriate SASL plugin installed:

<code>urpmi --media main libsasl2-plug-login libsasl2-plug-plain--</code>


That should do it! Postfix will log into the relay host using the smtp auth username and password. It's possible to set different logins for different servers, by adding more lines to the map file. Security options must be cleared to allow plaintext logins.

From: http://www.howtoforge.com/postfix_relaying_through_another_mailserver

====== Setup Postfix ======

  * **Enable postfix.service**
    * <code>systemctl enable postfix.service</code>
    * Postfix runs at level 3 and 5
    * postfix automatically starts


====== difference between service and systemctl ======

http://forums.fedoraforum.org/showthread.php?t=261945

service operates on the files in /etc/init.d and was used in conjunction with the old init system. systemctl operates on the files in /lib/systemd . If there is a file for your service in /lib/systemd it will use that first and if not it will fall back to the file in /etc/init.d

**systemctl**

http://fedoraproject.org/wiki/Systemd

http://crashmag.net/useful-systemd-commands

**List the current run level**

<code>systemctl list-units --type=target</code>

====== Postfix Quick Summary ======

http://www.akadia.com/services/postfix_mta.html

====== test saslauthd ======

 
<code>testsaslauthd - u username -p password -s smtp</code>

====== Systemd_Cheatsheet ======

http://fedoraproject.org/wiki/SysVinit_to_Systemd_Cheatsheet


^  systemd Command  ^  Notes  |
|systemctl start frobozz.service|Used to start a service (not reboot persistent)|
|systemctl stop frobozz.service|Used to stop a service (not reboot persistent)|
|systemctl restart frobozz.service|Used to stop and then start a service|
|systemctl reload frobozz.service|When supported, reloads the config file without interrupting pending operations.|
|systemctl condrestart frobozz.service|Restarts if the service is already running.|
|systemctl status frobozz.service|Tells whether a service is currently running.|
|ls /lib/systemd/system/*.service /etc/systemd/system/*.service systemctl list-units ~-~-all|Used to list the services that can be started or stopped\\ Used to list all the services and other units|
|systemctl enable frobozz.service|Turn the service on, for start at next boot, or other trigger.|
|systemctl disable frobozz.service|Turn the service off for the next reboot, or any other trigger.|
|systemctl is-enabled frobozz.service|Used to check whether a service is configured to start or not in the current environment.|
|ls /etc/systemd/system/*.wants/frobozz.service|Used to list what levels this service is configured on or off|
|systemctl daemon-reload|Used when you create a new service file or modify any configuration|


^  sysvinit Runlevel  ^  systemd Target  ^  Notes  |
|0|runlevel0.target, poweroff.target|Halt the system.|
|1, s, single|runlevel1.target, rescue.target|Single user mode.|
|2, 4|runlevel2.target, runlevel4.target, multi-user.target|User-defined/Site-specific runlevels. By default, identical to 3.|
|3|runlevel3.target, multi-user.target|Multi-user, non-graphical. Users can usually login via multiple consoles or via the network.|
|5|runlevel5.target, graphical.target|Multi-user, graphical. Usually has all the services of runlevel 3 plus a graphical login.|
|6|runlevel6.target, reboot.target|Reboot|
|emergency|emergency.target|Emergency shell|

====== /lib/systemd/system/postfix.service ======

<code>
# This file is part of package postfix.
#
# Copyright (c) 2011 SuSE LINUX Products GmbH, Germany.
# Author: Werner Fink
# Please send feedback to http://www.suse.de/feedback
#
# Description:
#
#  Used to start the postfix Mail Transport Agent service
#  which handles all mails stored at /var/spool/postfix/ and
#  all connections on port 25 aka smtp at localhost as well
#  as on all other network interfaces.
#

[Unit]
Description=Postfix Mail Transport Agent
Requires=var-run.mount nss-lookup.target network.target remote-fs.target syslog.target time-sync.target
After=var-run.mount nss-lookup.target network.target remote-fs.target syslog.target time-sync.target
Wants=amavis.service mysql.service cyrus.service ldap.service openslp.service ypbind.service
After=amavis.service mysql.service cyrus.service ldap.service openslp.service ypbind.service
Before=mail-transfer-agent.target
Conflicts=sendmail.service exim.service

[Service]
Type=forking
PIDFile=/var/spool/postfix/pid/master.pid
ExecStartPre=-/bin/echo 'Starting mail service (Postfix)'
EnvironmentFile=-/etc/sysconfig/postfix
ExecStartPre=/etc/postfix/system/update_chroot
ExecStartPre=/etc/postfix/system/rebuild_tables
ExecStart=/usr/sbin/postfix start
ExecStartPost=/etc/postfix/system/wait_qmgr 60
ExecStartPost=/etc/postfix/system/cond_slp register
ExecReload=/usr/sbin/postfix reload
ExecReload=/usr/sbin/postfix flush
ExecStop=/usr/sbin/postfix stop
ExecStopPost=/etc/postfix/system/cond_slp deregister

[Install]
WantedBy=multi-user.target
</code>

====== Managing the Mail Queue ======

  * Listing the mail queue
    * <code>mailq</code>
  * Delete One from Postfix Mail Queue
    * <code>sudo postsuper -d D45F2E4478</code>
  * Empty Postfix Mail Queue
    * <code>sudo postsuper -d ALL</code>
  * Send all email now
    * <code>postqueue -f</code>
  * The postcat command displays the content of a message in a mail queue.
    * <code>postcat -q F2B9715C0B3</code>
  * The postconf command displays all the configuration parametere
    * <code>postconf | grep "qu"</code>


http://www.patrickpatoray.com/index.php?Page=47

http://bsdwiki.reedmedia.net/wiki/View_the_Sendmail_or_Postfix_mail_queue.html

====== bounce_queue_lifetime ======

|**bounce_queue_lifetime** (default: 5d)|The maximal time a bounce message is queued before it is considered undeliverable.\\ By default, this is the same as the queue life time for regular mail.\\ Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).\\ The default time unit is d (days).\\ Specify 0 when mail delivery should be tried only once.\\ This feature is available in Postfix 2.1 and later.|
|**maximal_queue_lifetime** (default: 5d)|The maximal time a message is queued before it is sent back as undeliverable.\\ Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).\\ The default time unit is d (days).\\ Specify 0 when mail delivery should be tried only once.|

====== Must Read: Acting as a relay server ======

http://www200.pair.com/mecham/spam/reject_unverified.html

====== Postfix can answer "550 No Such User Here." ======

|**relay_recipient_maps** (default: empty)|Optional lookup tables with all valid addresses in the domains that match $relay_domains.\\ Specify @domain as a wild-card for domains that have no valid recipient list, and become a source of backscatter mail:\\  Postfix accepts spam for non-existent recipients and then floods innocent people with undeliverable mail.\\ Technically, tables listed with $relay_recipient_maps are used as lists:\\  Postfix needs to know only if a lookup string is found or not, but it does not use the result from table lookup.\\ If this parameter is non-empty, then the Postfix SMTP server will reject mail to unknown relay users. This feature is off by default.\\ See also the relay domains address class in the ADDRESS_CLASS_README file.|

Example:

<code>
relay_recipient_maps = hash:/etc/postfix/relay_recipients
</code>

This feature is available in Postfix 2.0 and later.


**INPUT FILE FORMAT**

http://www.postfix.org/postmap.1.html

  * The format of a lookup table input file is as follows:
    * A table entry has the form
    * **key whitespace value**

====== Postfix - Exchange Server Mailrelay to Postfix ======

http://postfix.state-of-mind.de/patrick.koetter/mailrelay/

http://www-personal.umich.edu/~malth/gaptuning/postfix/

====== Catch-all for Postfix ======

Only works for virtual addresses not assigned to real mailboxes. We are not defining many emails that go to real addresses.

http://www.postfix.org/VIRTUAL_README.html

<code> 5 /etc/postfix/virtual:
 6     postmaster@example.com postmaster
 7     info@example.com       joe
 8     sales@example.com      jane
 9     # Uncomment entry below to implement a catch-all address
10     # @example.com         jim
11     ...virtual aliases for more domains...
</code>

Line 10: the commented out entry (text after #) shows how one would implement a catch-all virtual alias that receives mail for every example.com address not listed in the virtual alias file. This is not without risk. Spammers nowadays try to send mail from (or mail to) every possible name that they can think of. A catch-all mailbox is likely to receive many spam messages, and many bounces for spam messages that were sent in the name of anything@example.com.

====== Postfix SMTP AUTH ======

http://postfix.state-of-mind.de/patrick.koetter/smtpauth/index.html

====== Copy All Messages ======

|always_bcc (default: empty)|Optional address that receives a "blind carbon copy" of each message that is received by the Postfix mail system.\\  Note: if mail to the BCC address bounces it will be returned to the sender.\\  Note: automatic BCC recipients are produced only for new mail. To avoid mailer loops, automatic BCC recipients are not generated after Postfix forwards mail internally, or after Postfix generates mail itself.|

====== Standard Accounts ======

3.5 Are there any other addresses I should accept?

You should also accept mail sent to what are known as 'role' accounts. These are some standard addresses that are defined by RFC 2142. RFC 2142 is a recommendation, not a requirement, but you should accept mail sent to 'postmaster' (which is a required address - see RFC 822) and 'abuse' as a minimum.

The addresses recommended by RFC 2142 are:

<code>
postmaster
abuse
webmaster
info
sales
security
hostmaster
support
marketing
noc
usenet
news
www
uucp
ftp
These are in roughly descending order of importance. Most sites support the first seven, 
but the others are really optional: if you don't use the 'uucp' program (a very old program
from the early days of the Internet), there's no need for you to have 'uucp@mydomain'.
</code>
Be aware that spammers will send spam to all these addresses.

====== warning: not enough free space in mail queue: < 1.5*message size limit ======

http://readlist.com/lists/lists.debian.org/debian-user/2/11860.html

  * What does df say?
    * <code>df -lh</code>

====== Delivering messages to the Users ======

It is interesting that we are using postfix to deliver messages to people but no local mailboxes are used.
We have specified each and every address in the transport file so that they are sent to specific smtp servers.

====== Using Command Line to Add Batch of Users to Postfix Machine ======

[[attach:msg00454.pdf|Yast Command Line Add User]]


[[http://mzugec.blogspot.com/2008/06/command-line-interface.html|Yast Command Line Interface]]

====== DNS Info (Reference) ======

<code>
/etc/resolv.conf
</code>

http://www.linux.org/docs/ldp/howto/DNS-HOWTO.html

====== Postfix message size limit and mailbox limit ======

http://muhdzamri.blogspot.com/2007/02/postfix-mailbox-size-limit-and-message.html

====== Set IP's Who can Automatically Send Through Postfix ======

<code>
mynetworks = 192.168.1.0/28, 127.0.0.0/8
</code>

====== main.cfg file format ======

http://www.postfix.org/postconf.5.html

====== Resource Controls ======

http://www.postfix.org/resource.html

<code>
postconf (list the postfix configuration)

postconf  | grep size

postconf -d (list the defaults for postfix)
</code>

====== Display of Postfix Configuration "size" Search ======

<code>Machine2:~ # postconf -d | grep size
berkeley_db_create_buffer_size = 16777216
berkeley_db_read_buffer_size = 131072
body_checks_size_limit = 51200
bounce_size_limit = 50000
header_size_limit = 102400
mailbox_size_limit = 51200000
message_size_limit = 10240000
</code>

====== Configure Postfix For Relaying all Mail Through mail.x.com ======

We do not relay
<code>#------------------- relay -----------------------------------------------------
#relayhost = mail45.x.com
</code>
But we are set up do do so if need be!

<code>#------------------- smtp (outgoing) -----------------------------------------------------
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = 
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
</code>

==== Reference ====

[[http://www.howtoforge.com/postfix_relaying_through_another_mailserver]]

To configure our Postfix server for relaying emails through smtp.example.com, we run

<code>postconf -e 'relayhost = smtp.example.com'
postconf -e 'smtp_sasl_auth_enable = yes'
postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd'
postconf -e 'smtp_sasl_security_options ='
</code>

====== Use TLS (Transport Layer Security) ======

http://www.postfix.org/postconf.5.html#smtp_tls_security_level

The default SMTP TLS security level for the Postfix SMTP client; when a non-empty value is specified, this overrides the obsolete parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.


https://help.ubuntu.com/community/Postfix

Generate certificates to be used for TLS encryption and/or certificate Authentication:

====== broken_sasl_auth_clients ======

broken_sasl_auth_clients = yes

Was configured in Postfix 2012-02-20 and before. Do not think we need this. although ASSP had some problems with authorization of Exchange due to outdated AUTH command.

Enable inter-operability with remote SMTP clients that implement an obsolete version of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook Express version 4 and MicroSoft Exchange version 5.0.

Specify "broken_sasl_auth_clients = yes" to have Postfix advertise AUTH support in a non-standard way.

====== smtpd_sender_dependent_authentication ======

<code>smtpd_sender_dependent_authentication = yes - Not A Valid Parameter</code>



====== local domain class  ======

|Domain names are listed with the mydestination parameter.|mydestination =  $myhostname, localhost.$mydomain, mailserver1.x.com\\ myhostname = mailserver2.x.com,\\ localhost.$mydomain = (localhost.(default of myhostname - first component = x.com)) = localhost.x.com,\\ mailserver1.x.com|
|This domain class also includes mail for user@[ipaddress] when the IP address is listed with the inet_interfaces | inet_interfaces = all = 192.168.1.246|
|or proxy_interfaces parameters. |proxy_interfaces = 1121.199.1213.1130, 1.1.1.1|

====== The virtual alias domain class ======

each recipient address is aliased to a local UNIX system account or to a remote address.

|Domain names|<code>
virtual_alias_domains = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual
</code>|

Every address must be aliased to some other address.

====== Virtual Domains ======

[[http://www.akadia.com/services/postfix_separate_mailboxes.html]]


====== Postfix On New Server ======

------------------------------------------------------------------------------------------------------------------------------------------------\\

====== Steps to Install Postfix on ASSP Server as a backup. ======

== Setup Postfix ==


[[Postfix|See "Setup Postfix"]]

== Copy Files ==

  * /etc **aliases**
    * forward the **root** email to something meaningful like **default@x.com**
    * Aliases are rather simple to set up. You should add any aliases that you want under the heading: # Put your local aliases here. If you want to alias root so that it is delivered to default@x, then you would do the following:
root: default@x.com
You can add as many aliases as you want for a person. When you are done, you MUST run the following command for Postfix to load the aliases (starting and stopping Postfix will NOT reload the aliases file):
**sudo newaliases**
**postalias /etc/aliases**

  * /etc/postfix **main.cf**
    * Copy as is

  * /etc/postfix **master.cf**
    * Just change the port to 1025

  * /etc/postfix **sasl_passwd**
    * postmap /etc/postfix/sasl_passwd

  * /etc/postfix **transport**
    * Copy as is

  * /etc/postfix **virtual**
    * Copy as is

  * **etc/sasl2/smtpd.conf**
    * if this file has been changed

== Add Users For SMTP Authorization ==

  * **Emailaddresses.txt**
    * copy file and modify for newest list of users
    * remove all "spaces" before or after the "commas" (spaces cause errors and the individual is skipped)

  * **x_AddNewusers**
    * reads Emailaddresses.txt and adds to users through yast
    * the file Emailaddresses.txt must be referenced as full path like "/root/Desktop/Emailaddresses.txt".

  * **Test Authentication**
    * testsaslauthd - u username -p password -s smtp

== Run Services ==

  * **postfix**
  * **saslauthd**

====== SASL_README ======

http://www.postfix.org/SASL_README.html

====== Individual Command Lines in main.cf ======

  * alias_maps = hash:/etc/aliases
    * Default has two aliase databases. I think one is setup by suse install. We do use the alias file.

  * biff = no
    * Suse install changes this. Sets the biff notification service off.

  * broken_sasl_auth_clients = yes
    * allow obsolete authorization like old outlook express

  * canonical_maps = hash:/etc/postfix/canonical
    * Turned on but we do not use.

  * daemon_directory = /usr/lib/postfix
    * Suse install.

  * html_directory = /usr/share/doc/packages/postfix/html
    * Suse install

  * inet_protocols = all
    * ipv4 or ipv6 depending on OS

  * mailbox_size_limit = 0
    * Eliminate size limit. we really do not keep any mail on server

  * manpage_directory = /usr/share/man
    * Suse install

  * masquerade_exceptions = root
    * Eliminate any changing of **root** by masquerading

  * mydestination = $myhostname, localhost.$mydomain, mailserver1.x.com
    * This we setup as our local destinations

  * mydomain = x.com
    * our domain

  * myhostname = mailserver2.x.com
    * name of this mailserver

  * mynetworks = 192.168.1.0/28, 127.0.0.0/8
    * On our network some of the servers get cart blank to email through this postfix server.

  * mynetworks_style = subnet
    * Postfix ignores this when mynetworks is specified by hand. (Which we do.)
 
  * myorigin = $mydomain
    * x.com

  * proxy_interfaces = 2.1.2.1, 7.1.1.1
    * our external ip addresses

  * readme_directory = /usr/share/doc/packages/postfix/README_FILES
    * Suse install

  * relay_domains = $mydestination, x.com, xgroup.net
    * The domains that we freely relay to because this is the end of the line

  * relocated_maps = hash:/etc/postfix/relocated
    * Set but we do not use

  * sample_directory = /usr/share/doc/packages/postfix/samples
    * Suse install

  * sender_canonical_maps = hash:/etc/postfix/sender_canonical
    * Set but we do no use.

  * setgid_group = maildrop
    * Suse install.

  * smtp_sasl_auth_enable = yes
    * We want authentication on sending.

  * smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    * Username and password for sending through another smtp host. We do not use now but use to send through hostmysite.

  * smtp_sasl_security_options = 
    * Options are for dis-allowing

  * smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

  * smtpd_sasl_auth_enable = yes

  * transport_maps = hash:/etc/postfix/transport
    * every person must be accounted for in this file

  * virtual_alias_domains = hash:/etc/postfix/virtual

  * virtual_alias_maps = hash:/etc/postfix/virtual
    * maps multiple email addresses to one user
    * can map one email address to multiple email addresses

  * virtual_mailbox_maps = hash:/etc/postfix/virtualMailbox
    * not used