选题: Getting started with Postfix, an open source mail transfer agent

2025-01-25 23:11:02 +08:00 · 2018-08-10 11:01:44 +08:00 · 2018-08-10 11:01:44 +08:00 · 9a578908d3
commit 9a578908d3
parent 4f3ade4f66
1 changed files with 334 additions and 0 deletions
--- a/sources/tech/20180809
+++ b/sources/tech/20180809
@ -0,0 +1,334 @@
+Getting started with Postfix, an open source mail transfer agent
+======
+
+![](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/email_mail_box_envelope_send.jpg?itok=bbJOPIWl)
+
+[Postfix][1] is a great program that routes and delivers email to accounts that are external to the system. It is currently used by approximately [33% of internet mail servers][2]. In this article, I'll explain how you can use Postfix to send mail using Gmail with two-factor authentication enabled.
+
+Before you get Postfix up and running, however, you need to have some items lined up. Following are instructions on how to get it working on a number of distros.
+
+### Prerequisites
+
+  * An installed OS (Ubuntu/Debian/Fedora/Centos/Arch/FreeBSD/OpenSUSE)
+  * A Google account with two-factor authentication
+  * A working internet connection
+
+
+
+### Step 1: Prepare Google
+
+Open a web browser and log into your Google account. Once you’re in, go to your settings by clicking your picture and selecting "Google Account.” Click “Sign-in & security” and scroll down to "App passwords.” Use your password to log in. Then you can create a new app password (I named mine "postfix Setup”).
+
+![](https://opensource.com/sites/default/files/uploads/google_setup_1_app_passwords.png)
+
+Note the crazy password (shown below), which I will use throughout this article.
+
+![](https://opensource.com/sites/default/files/uploads/google_setup_2_generated_password.png)
+
+### Step 2: Install Postfix
+
+Before you can configure the mail client, you need to install it. You must also install either the `mailutils` or `mailx` utility, depending on the OS you're using. Here's how to install it for each OS:
+
+**Debian/Ubuntu** :
+```
+apt-get update && apt-get install postfix mailutils
+
+```
+
+**Fedora** :
+```
+dnf update && dnf install postfix mailx
+
+```
+
+**Centos** :
+```
+yum update && yum install postfix mailx cyrus-sasl cyrus-sasl-plain
+
+```
+
+**Arch** :
+```
+pacman -Sy postfix mailutils
+
+```
+
+**FreeBSD** :
+```
+portsnap fetch extract update
+
+cd /usr/ports/mail/postfix
+
+make config
+
+```
+
+In the configuration dialog, select "SASL support." All other options can remain the same.
+
+From there: `make install clean`
+
+Install `mailx` from the binary package: `pkg install mailx`
+
+**OpenSUSE** :
+```
+zypper update && zypper install postfix mailx cyrus-sasl
+
+```
+
+### Step 3: Set up Gmail authentication
+
+Once you've installed Postfix, you can set up Gmail authentication. Since you have created the app password, you need to put it in a configuration file and lock it down so no one else can see it. Fortunately, this is simple to do:
+
+**Ubuntu/Debian/Fedora/Centos/Arch/OpenSUSE** :
+```
+vim /etc/postfix/sasl_passwd
+
+```
+
+Add this line:
+```
+[smtp.gmail.com]:587   ben.heffron@gmail.com:thgcaypbpslnvgce
+
+```
+
+Save and close the file. Since your Gmail password is stored as plaintext, make the file accessible only by root to be extra safe.
+```
+chmod 600 /etc/postfix/sasl_passwd
+
+```
+
+**FreeBSD** :
+```
+vim /usr/local/etc/postfix/sasl_passwd
+
+```
+
+Add this line:
+```
+[smtp.gmail.com]:587    ben.heffron@gmail.com:thgcaypbpslnvgce
+
+```
+
+Save and close the file. Since your Gmail password is stored as plaintext, make the file accessible only by root to be extra safe.
+```
+chmod 600 /usr/local/etc/postfix/sasl_passwd
+
+```
+
+![](https://opensource.com/sites/default/files/uploads/google_setup_3_vim_config.png)
+
+### Step 4: Get Postfix moving
+
+This step is the "meat and potatoes"—everything you've done so far has been preparation.
+
+Postfix gets its configuration from the `main.cf` file, so the settings in this file are critical. For Google, it is mandatory to enable the correct SSL settings.
+
+Here are the six options you need to enter or update on the `main.cf` to make it work with Gmail (from the [SASL readme][3]):
+
+  * The **smtp_sasl_auth_enable** setting enables client-side authentication. We will configure the client’s username and password information in the second part of the example.
+  * The **relayhost** setting forces the Postfix SMTP to send all remote messages to the specified mail server instead of trying to deliver them directly to their destination.
+  * With the **smtp_sasl_password_maps** parameter, we configure the Postfix SMTP client to send username and password information to the mail gateway server.
+  * Postfix SMTP client SASL security options are set using **smtp_sasl_security_options** , with a whole lot of options. In this case, it will be nothing; otherwise, Gmail won’t play nicely with Postfix.
+  * The **smtp_tls_CAfile** is a file containing CA certificates of root CAs trusted to sign either remote SMTP server certificates or intermediate CA certificates.
+  * From the [configure settings page:][4] **stmp_use_tls** uses TLS when a remote SMTP server announces STARTTLS support, the default is not using TLS.
+
+
+
+**Ubuntu/Debian/Arch**
+
+These three OSes keep their files (certificates and `main.cf`) in the same location, so this is all you need to put in there:
+```
+vim /etc/postfix/main.cf
+
+```
+
+If the following values aren’t there, add them:
+```
+relayhost = [smtp.gmail.com]:587
+
+smtp_use_tls = yes
+
+smtp_sasl_auth_enable = yes
+
+smtp_sasl_security_options =
+
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+
+```
+
+Save and close the file.
+
+**Fedora/CentOS**
+
+These two OSes are based on the same underpinnings, so they share the same updates.
+```
+vim /etc/postfix/main.cf
+
+```
+
+If the following values aren’t there, add them:
+```
+relayhost = [smtp.gmail.com]:587
+
+smtp_use_tls = yes
+
+smtp_sasl_auth_enable = yes
+
+smtp_sasl_security_options =
+
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+
+smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
+
+```
+
+Save and close the file.
+
+**OpenSUSE**
+```
+vim /etc/postfix/main.cf
+
+```
+
+If the following values aren’t there, add them:
+```
+relayhost = [smtp.gmail.com]:587
+
+smtp_use_tls = yes
+
+smtp_sasl_auth_enable = yes
+
+smtp_sasl_security_options =
+
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+
+smtp_tls_CAfile = /etc/ssl/ca-bundle.pem
+
+```
+
+Save and close the file.
+
+OpenSUSE also requires that you modify the Postfix master process configuration file `master.cf`. Open it for editing:
+```
+vim /etc/postfix/master.cf
+
+```
+
+Uncomment the line that reads:
+```
+#tlsmgr unix - - n 1000? 1 tlsmg
+
+```
+
+It should look like this:
+```
+tlsmgr unix - - n 1000? 1 tlsmg
+
+```
+
+Save and close the file.
+
+**FreeBSD**
+```
+vim /usr/local/etc/postfix/main.cf
+
+```
+
+If the following values aren’t there, add them:
+```
+relayhost = [smtp.gmail.com]:587
+
+smtp_use_tls = yes
+
+smtp_sasl_auth_enable = yes
+
+smtp_sasl_security_options =
+
+smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
+
+smtp_tls_CAfile = /etc/mail/certs/cacert.pem
+
+```
+
+Save and close the file.
+
+### Step 5: Set up the password file
+
+Remember that password file you created? Now you need to feed it into Postfix using `postmap`. This is part of the `mailutils` or `mailx` utilities.
+
+**Debian, Ubuntu, Fedora, CentOS, OpenSUSE, Arch Linux**
+```
+postmap /etc/postfix/sasl_passwd
+
+```
+
+**FreeBSD**
+```
+postmap /usr/local/etc/postfix/sasl_passwd
+
+```
+
+### Step 6: Get Postfix grooving
+
+To get all the settings and configurations working, you must restart Postfix.
+
+**Debian, Ubuntu, Fedora, CentOS, OpenSUSE, Arch Linux**
+
+These guys make it simple to restart:
+```
+systemctl restart postfix.service
+
+```
+
+**FreeBSD**
+
+To start Postfix at startup, edit `/etc/rc.conf`:
+```
+vim /etc/rc.conf
+
+```
+
+Add the line:
+```
+postfix_enable=YES
+
+```
+
+Save and close the file. Then start Postfix by running:
+```
+service postfix start
+
+```
+
+### Step 7: Test it
+
+Now for the big finale—time to test it to see if it works. The `mail` command is another tool installed with `mailutils` or `mailx`.
+```
+echo    Just testing my sendmail gmail relay" | mail -s "Sendmail gmail Relay" ben.heffron@gmail.com
+
+```
+
+This is what I used to test my settings, and then it came up in my Gmail.
+
+![](https://opensource.com/sites/default/files/uploads/google_setup_4_gmail.png)
+
+Now you can use Gmail with two-factor authentication in your Postfix setup.
+
+--------------------------------------------------------------------------------
+
+via: https://opensource.com/article/18/8/postfix-open-source-mail-transfer-agent
+
+作者：[Ben Heffron][a]
+选题：[lujun9972](https://github.com/lujun9972)
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:https://opensource.com/users/elheffe
+[1]:http://www.postfix.org/start.html
+[2]:http://www.securityspace.com/s_survey/data/man.201806/mxsurvey.html
+[3]:http://www.postfix.org/SASL_README.html
+[4]:http://www.postfix.org/postconf.5.html#smtp_tls_security_level