08-02-2019, 03:58 PM
Use Postfix to get email from your Fedora system
<div><p>Communication is key. Your computer might be trying to tell you something important. But if your mail transport agent (<a rel="noreferrer noopener" aria-label="MTA (opens in a new tab)" href="https://en.wikipedia.org/wiki/Message_transfer_agent" target="_blank">MTA</a>) isn’t properly configured, you might not be getting the notifications. Postfix is a MTA <a href="https://en.wikipedia.org/wiki/Postfix_(software)">that’s easy to configure and known for a strong security record</a>. Follow these steps to ensure that email notifications sent from local services will get routed to your internet email account through the Postfix MTA.</p>
<p> <span id="more-29016"></span> </p>
<h2>Install packages</h2>
<p>Use <em>dnf </em>to install the required packages (<a href="https://fedoramagazine.org/howto-use-sudo/">you configured </a><em><a href="https://fedoramagazine.org/howto-use-sudo/">sudo</a></em><a href="https://fedoramagazine.org/howto-use-sudo/">, right?</a>):</p>
<pre class="wp-block-preformatted">$ sudo -i
# dnf install postfix mailx</pre>
<p>If you previously had a different MTA configured, you may need to set Postfix to be the system default. Use the <em>alternatives</em> command to set your system default MTA:</p>
<pre class="wp-block-preformatted">$ <strong>sudo alternatives --config mta</strong>
There are 2 programs which provide 'mta'. Selection Command
*+ 1 /usr/sbin/sendmail.sendmail 2 /usr/sbin/sendmail.postfix
Enter to keep the current selection[+], or type selection number: 2</pre>
<h2>Create a <em>password_maps</em> file</h2>
<p>You will need to create a Postfix lookup table entry containing the email address and password of the account that you want to use to for sending email:</p>
<pre class="wp-block-preformatted"># [email protected]
# MY_EMAIL_PASSWORD=abcdefghijklmnop
# MY_SMTP_SERVER=smtp.gmail.com
# MY_SMTP_SERVER_PORT=587
# echo "[$MY_SMTP_SERVER]:$MY_SMTP_SERVER_PORT $MY_EMAIL_ADDRESS:$MY_EMAIL_PASSWORD" >> /etc/postfix/password_maps
# chmod 600 /etc/postfix/password_maps
# unset MY_EMAIL_PASSWORD
# history -c</pre>
<p>If you are using a Gmail account, you’ll need to configure an “app password” for Postfix, rather than using your gmail password. See “<a rel="noreferrer noopener" aria-label="Sign in using App Passwords (opens in a new tab)" href="https://support.google.com/accounts/answer/185833" target="_blank">Sign in using App Passwords</a>” for instructions on configuring an app password.</p>
<p>Next, you must run the <em>postmap</em> command against the Postfix lookup table to create or update the hashed version of the file that Postfix actually uses:</p>
<pre class="wp-block-preformatted"># postmap /etc/postfix/password_maps</pre>
<p>The hashed version will have the same file name but it will be suffixed with <em>.db</em>.</p>
<h2>Update the <em>main.cf</em> file</h2>
<p>Update Postfix’s <em>main.cf</em> configuration file to reference the Postfix lookup table you just created. Edit the file and add these lines.</p>
<pre class="wp-block-preformatted">relayhost = smtp.gmail.com:587
smtp_tls_security_level = verify
smtp_tls_mandatory_ciphers = high
smtp_tls_verify_cert_match = hostname
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/password_maps</pre>
<p>The example assumes you’re using Gmail for the <em>relayhost</em> setting, but you can substitute the correct hostname and port for the mail host to which your system should hand off mail for sending.</p>
<p>For the most up-to-date details about the above configuration options, see the man page:</p>
<pre class="wp-block-preformatted">$ man postconf.5</pre>
<h2>Enable, start, and test Postfix</h2>
<p>After you have updated the main.cf file, enable and start the Postfix service:</p>
<pre class="wp-block-preformatted"># systemctl enable --now postfix.service</pre>
<p>You can then exit your <em>sudo</em> session as root using the <em>exit</em> command or <strong>Ctrl+D</strong>. You should now be able to test your configuration with the <em>mail</em> command:</p>
<pre class="wp-block-preformatted">$ echo 'It worked!' | mail -s "Test: $(date)" [email protected]</pre>
<h2>Update services</h2>
<p>If you have services like <a rel="noreferrer noopener" aria-label="logwatch (opens in a new tab)" href="https://src.fedoraproject.org/rpms/logwatch" target="_blank">logwatch</a>, <a rel="noreferrer noopener" aria-label="mdadm (opens in a new tab)" href="https://fedoramagazine.org/mirror-your-system-drive-using-software-raid/" target="_blank">mdadm</a>, <a rel="noreferrer noopener" aria-label="fail2ban (opens in a new tab)" href="https://fedoraproject.org/wiki/Fail2ban_with_FirewallD" target="_blank">fail2ban</a>, <a rel="noreferrer noopener" aria-label="apcupsd (opens in a new tab)" href="https://src.fedoraproject.org/rpms/apcupsd" target="_blank">apcupsd</a> or <a href="https://www.linux.com/learn/automated-certificate-expiration-checks-centos" target="_blank" rel="noreferrer noopener" aria-label="certwatch (opens in a new tab)">certwatch</a> installed, you can now update their configurations so that their email notifications will go to your internet email address.</p>
<p>Optionally, you may want to configure all email that is sent to your local system’s root account to go to your internet email address. Add this line to the <em>/etc/aliases</em> file on your system (you’ll need to use <em>sudo</em> to edit this file, or switch to the <em>root</em> account first):</p>
<pre class="wp-block-preformatted">root: [email protected]</pre>
<p>Now run this command to re-read the aliases:</p>
<pre class="wp-block-preformatted"># newaliases</pre>
<ul>
<li>TIP: If you are using Gmail, you can <a rel="noreferrer noopener" aria-label="add an alpha-numeric mark (opens in a new tab)" href="https://gmail.googleblog.com/2008/03/2-hidden-ways-to-get-more-from-your.html" target="_blank">add an alpha-numeric mark</a> between your username and the <strong>@</strong> symbol as demonstrated above to make it easier to identify and filter the email that you will receive from your computer(s).</li>
</ul>
<h2>Troubleshooting</h2>
<p><strong>View the mail queue:</strong></p>
<pre class="wp-block-preformatted">$ mailq</pre>
<p><strong>Clear all email from the queues:</strong></p>
<pre class="wp-block-preformatted"># postsuper -d ALL</pre>
<p><strong>Filter the configuration settings for interesting values:</strong></p>
<pre class="wp-block-preformatted">$ postconf | grep "^relayhost\|^smtp_"</pre>
<p><strong>View the <em>postfix/smtp</em> logs:</strong></p>
<pre class="wp-block-preformatted">$ journalctl --no-pager -t postfix/smtp</pre>
<p><strong>Reload <em>postfix</em> after making configuration changes:</strong></p>
<pre class="wp-block-preformatted">$ systemctl reload postfix</pre>
<hr class="wp-block-separator" />
<p><em>Photo by </em><a href="https://unsplash.com/@sharonmccutcheon?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText"><em>Sharon McCutcheon</em></a><em> on <a href="https://unsplash.com/search/photos/envelopes?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a></em>.</p>
</div>
<div><p>Communication is key. Your computer might be trying to tell you something important. But if your mail transport agent (<a rel="noreferrer noopener" aria-label="MTA (opens in a new tab)" href="https://en.wikipedia.org/wiki/Message_transfer_agent" target="_blank">MTA</a>) isn’t properly configured, you might not be getting the notifications. Postfix is a MTA <a href="https://en.wikipedia.org/wiki/Postfix_(software)">that’s easy to configure and known for a strong security record</a>. Follow these steps to ensure that email notifications sent from local services will get routed to your internet email account through the Postfix MTA.</p>
<p> <span id="more-29016"></span> </p>
<h2>Install packages</h2>
<p>Use <em>dnf </em>to install the required packages (<a href="https://fedoramagazine.org/howto-use-sudo/">you configured </a><em><a href="https://fedoramagazine.org/howto-use-sudo/">sudo</a></em><a href="https://fedoramagazine.org/howto-use-sudo/">, right?</a>):</p>
<pre class="wp-block-preformatted">$ sudo -i
# dnf install postfix mailx</pre>
<p>If you previously had a different MTA configured, you may need to set Postfix to be the system default. Use the <em>alternatives</em> command to set your system default MTA:</p>
<pre class="wp-block-preformatted">$ <strong>sudo alternatives --config mta</strong>
There are 2 programs which provide 'mta'. Selection Command
*+ 1 /usr/sbin/sendmail.sendmail 2 /usr/sbin/sendmail.postfix
Enter to keep the current selection[+], or type selection number: 2</pre>
<h2>Create a <em>password_maps</em> file</h2>
<p>You will need to create a Postfix lookup table entry containing the email address and password of the account that you want to use to for sending email:</p>
<pre class="wp-block-preformatted"># [email protected]
# MY_EMAIL_PASSWORD=abcdefghijklmnop
# MY_SMTP_SERVER=smtp.gmail.com
# MY_SMTP_SERVER_PORT=587
# echo "[$MY_SMTP_SERVER]:$MY_SMTP_SERVER_PORT $MY_EMAIL_ADDRESS:$MY_EMAIL_PASSWORD" >> /etc/postfix/password_maps
# chmod 600 /etc/postfix/password_maps
# unset MY_EMAIL_PASSWORD
# history -c</pre>
<p>If you are using a Gmail account, you’ll need to configure an “app password” for Postfix, rather than using your gmail password. See “<a rel="noreferrer noopener" aria-label="Sign in using App Passwords (opens in a new tab)" href="https://support.google.com/accounts/answer/185833" target="_blank">Sign in using App Passwords</a>” for instructions on configuring an app password.</p>
<p>Next, you must run the <em>postmap</em> command against the Postfix lookup table to create or update the hashed version of the file that Postfix actually uses:</p>
<pre class="wp-block-preformatted"># postmap /etc/postfix/password_maps</pre>
<p>The hashed version will have the same file name but it will be suffixed with <em>.db</em>.</p>
<h2>Update the <em>main.cf</em> file</h2>
<p>Update Postfix’s <em>main.cf</em> configuration file to reference the Postfix lookup table you just created. Edit the file and add these lines.</p>
<pre class="wp-block-preformatted">relayhost = smtp.gmail.com:587
smtp_tls_security_level = verify
smtp_tls_mandatory_ciphers = high
smtp_tls_verify_cert_match = hostname
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/password_maps</pre>
<p>The example assumes you’re using Gmail for the <em>relayhost</em> setting, but you can substitute the correct hostname and port for the mail host to which your system should hand off mail for sending.</p>
<p>For the most up-to-date details about the above configuration options, see the man page:</p>
<pre class="wp-block-preformatted">$ man postconf.5</pre>
<h2>Enable, start, and test Postfix</h2>
<p>After you have updated the main.cf file, enable and start the Postfix service:</p>
<pre class="wp-block-preformatted"># systemctl enable --now postfix.service</pre>
<p>You can then exit your <em>sudo</em> session as root using the <em>exit</em> command or <strong>Ctrl+D</strong>. You should now be able to test your configuration with the <em>mail</em> command:</p>
<pre class="wp-block-preformatted">$ echo 'It worked!' | mail -s "Test: $(date)" [email protected]</pre>
<h2>Update services</h2>
<p>If you have services like <a rel="noreferrer noopener" aria-label="logwatch (opens in a new tab)" href="https://src.fedoraproject.org/rpms/logwatch" target="_blank">logwatch</a>, <a rel="noreferrer noopener" aria-label="mdadm (opens in a new tab)" href="https://fedoramagazine.org/mirror-your-system-drive-using-software-raid/" target="_blank">mdadm</a>, <a rel="noreferrer noopener" aria-label="fail2ban (opens in a new tab)" href="https://fedoraproject.org/wiki/Fail2ban_with_FirewallD" target="_blank">fail2ban</a>, <a rel="noreferrer noopener" aria-label="apcupsd (opens in a new tab)" href="https://src.fedoraproject.org/rpms/apcupsd" target="_blank">apcupsd</a> or <a href="https://www.linux.com/learn/automated-certificate-expiration-checks-centos" target="_blank" rel="noreferrer noopener" aria-label="certwatch (opens in a new tab)">certwatch</a> installed, you can now update their configurations so that their email notifications will go to your internet email address.</p>
<p>Optionally, you may want to configure all email that is sent to your local system’s root account to go to your internet email address. Add this line to the <em>/etc/aliases</em> file on your system (you’ll need to use <em>sudo</em> to edit this file, or switch to the <em>root</em> account first):</p>
<pre class="wp-block-preformatted">root: [email protected]</pre>
<p>Now run this command to re-read the aliases:</p>
<pre class="wp-block-preformatted"># newaliases</pre>
<ul>
<li>TIP: If you are using Gmail, you can <a rel="noreferrer noopener" aria-label="add an alpha-numeric mark (opens in a new tab)" href="https://gmail.googleblog.com/2008/03/2-hidden-ways-to-get-more-from-your.html" target="_blank">add an alpha-numeric mark</a> between your username and the <strong>@</strong> symbol as demonstrated above to make it easier to identify and filter the email that you will receive from your computer(s).</li>
</ul>
<h2>Troubleshooting</h2>
<p><strong>View the mail queue:</strong></p>
<pre class="wp-block-preformatted">$ mailq</pre>
<p><strong>Clear all email from the queues:</strong></p>
<pre class="wp-block-preformatted"># postsuper -d ALL</pre>
<p><strong>Filter the configuration settings for interesting values:</strong></p>
<pre class="wp-block-preformatted">$ postconf | grep "^relayhost\|^smtp_"</pre>
<p><strong>View the <em>postfix/smtp</em> logs:</strong></p>
<pre class="wp-block-preformatted">$ journalctl --no-pager -t postfix/smtp</pre>
<p><strong>Reload <em>postfix</em> after making configuration changes:</strong></p>
<pre class="wp-block-preformatted">$ systemctl reload postfix</pre>
<hr class="wp-block-separator" />
<p><em>Photo by </em><a href="https://unsplash.com/@sharonmccutcheon?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText"><em>Sharon McCutcheon</em></a><em> on <a href="https://unsplash.com/search/photos/envelopes?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a></em>.</p>
</div>