Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

postfix #9

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

postfix #9

wants to merge 1 commit into from

Conversation

thistleknot
Copy link
Collaborator

@thistleknot thistleknot commented Feb 27, 2024

compare and enjoy

here are my bastardized instructions on how to setup postfix

idk if you even want to merge this... maybe it should just remain it's own branch, as it would break dependency on gmail... would likely need to be parameratized

I think it would be easier to use (and or a docker file)

docker run -d --name postfix
-e "ALLOWED_SENDER_DOMAINS=example.com"
-e "RELAYHOST=smtp.example.com:587"
-e "RELAYHOST_USERNAME=user@example.com"
-e "RELAYHOST_PASSWORD=securepassword"
-p 1587:587
--restart unless-stopped
boky/postfix

mkdir -p ~/postfix-config


/etc/postfix/main.cf:

mynetworks = 127.0.0.1/8, your.server.IP.address/32

myhostname = pve0.localdomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
inet_interfaces = all
virtual_alias_domains = localdomain.com
virtual_alias_maps = hash:/etc/postfix/virtual

nano /etc/postfix/virtual
    root@localdomain.com	root
    rocket@localdomain.com	root
    larry@localdomain.com	root
    orion@localdomain.com	root
    nebula@localdomain.com	root
    castor@localdomain.com	root
    aires@localdomain.com	root
    nova@localdomain.com	root
    altair@localdomain.com	root
    mira@localdomain.com	root
    ariel@localdomain.com	root
    lyra@localdomain.com	root
    aster@localdomain.com	root
    leo@localdomain.com	root
    electra@localdomain.com	root
    devatlas@localdomain.com	root

postmap /etc/postfix/virtual

sudo systemctl restart postfix

cd agents
sed -i 's/semantic-life.com/localdomain.com/g' agents.json

setup auth
/etc/postfix/main.cf

virtual_mailbox_domains = localdomain.com
virtual_mailbox_maps = hash:/etc/postfix/virtual_mailboxes
virtual_alias_maps = hash:/etc/postfix/virtual

/etc/postfix/virtual_mailboxes
atat@localdomain.com   localdomain.com/ATAT/

pip install python-dotenv

nano.env

OPENAI_API_KEY=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
SMTP_PASSWORD=
COMPANY_NAME=apcrg
DOMAIN_NAME=localdomain.com
SMTP_USERNAME=
SMTP_PORT=465
IMAP_SERVER=localhost
SMTP_SERVER=localhost


pip install flask PyPDF2 tiktoken

pip install -r extensions/openai/requirements.txt

python main.py

modify every .py that mentions os.getenv

every mention of import openai
openai.api_base = 'http://127.0.0.1:5000/v1'


sudo dnf install dovecot

nano /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no
auth_mechanisms = plain login

nano /etc/dovecot/conf.d/10-mail.conf
mkdir ~/Maildir
#mail_location = maildir:~/Maildir
mail_location = mbox:~/mail:INBOX=/var/mail/%u



nano /etc/dovecot/conf.d/10-master.conf
service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }
}

sudo nano /etc/postfix/main.cf

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname

sudo systemctl restart dovecot postfix

sudo adduser emailuser
sudo passwd emailuser

/etc/postfix/virtual
emailuser@localdomain.com    root
postmap /etc/postfix/virtual
systemctl restart postfix

echo "Test email body" | mail -s "Test Email Subject" emailuser@localdomain.com


delete 1-17

dnsmasq

echo "Test email body" | mail -s "Test Email" rocket@localdomain.com



nano ~/postfix-config/aliases

info: john
support: jane

nano ~/postfix-config/Dockerfile

FROM boky/postfix
COPY aliases /etc/aliases
RUN postalias /etc/aliases


docker build -t my-custom-postfix .


nano /etc/postfix/master.cf

#587
submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_tls_auth_only=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject


#465
smtps     inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject

postfix reload

systemctl restart postfix

(base) [root@pve0 ATAT]# (echo "EHLO localhost"; echo "AUTH LOGIN"; echo "ZW1haWx1c2Vy"; echo "MTIzNA=="; echo "MAIL FROM:<sender@example.com>"; echo "RCPT TO:<recipient@example.com>"; echo "DATA"; echo "Subject: Test Email"; echo "This is a test email sent from CLI."; echo "."; echo "QUIT") | openssl s_client -connect localhost:587 -starttls smtp -crlf
CONNECTED(00000003)












plaintext
Copy code
# Setup directories and base configurations
mkdir -p ~/postfix-config

# Update Postfix configuration
nano /etc/postfix/main.cf
plaintext
Copy code
mynetworks = 127.0.0.1/8, [your.server.IP.address]/32
myhostname = pve0.localdomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
inet_interfaces = all
virtual_alias_domains = localdomain.com
virtual_alias_maps = hash:/etc/postfix/virtual
plaintext
Copy code
# Define virtual aliases
nano /etc/postfix/virtual
plaintext
Copy code
rocket@localdomain.com   root
larry@localdomain.com    root
orion@localdomain.com    root
# add other aliases as needed
plaintext
Copy code
# Update virtual mailbox mappings (if needed)
# nano /etc/postfix/virtual_mailboxes

# Apply Postfix configurations
postmap /etc/postfix/virtual
# postmap /etc/postfix/virtual_mailboxes (if used)
sudo systemctl restart postfix

# Update Dovecot configurations for authentication
nano /etc/dovecot/conf.d/10-auth.conf
plaintext
Copy code
disable_plaintext_auth = no
auth_mechanisms = plain login
plaintext
Copy code
nano /etc/dovecot/conf.d/10-mail.conf
plaintext
Copy code
mail_location = maildir:~/Maildir
plaintext
Copy code
nano /etc/dovecot/conf.d/10-master.conf
plaintext
Copy code
# Ensure the following block is uncommented and properly configured
service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }
}
plaintext
Copy code
# Update Postfix configuration for Dovecot SASL
nano /etc/postfix/main.cf
plaintext
Copy code
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
plaintext
Copy code
# Restart Dovecot and Postfix to apply changes
sudo systemctl restart dovecot postfix

# Create an email user for testing
sudo adduser emailuser
sudo passwd emailuser

# Update and apply Postfix virtual mappings again (if modified)
postmap /etc/postfix/virtual

# Enable Submission (587) and SMTPS (465) in Postfix
nano /etc/postfix/master.cf
plaintext
Copy code
# Uncomment or add the submission and smtps sections with the following options
submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject

smtps     inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
plaintext
Copy code
# Reload Postfix to apply the new settings
postfix reload
systemctl restart postfix

# Test sending an email with swaks
swaks --to emailuser@localdomain.com --from sender@localdomain.com --server localhost:587 --data "Subject: Test Email\n\nThis is a test email sent from swaks."
Note: Replace [your.server.IP.address] with your actual server IP address. For testing with swaks, ensure you have installed swaks on your system. Adjust the --to and --from parameters in the swaks command to match your setup.



openssl s_client -connect localhost:993 -crlf

a login emailuser 1234
b select inbox
c search all

chown -R mail:dovecot /var/mail
chmod 777 -R /var/mail
python test_email.py

    Ensure that the mailbox directory (/var/mail or individual user mail directories) is accessible by both the root and dovecot users, considering Dovecot processes might need to read or write to these directories.

    Adjust the permissions carefully, considering security implications. While setting permissions to 777 (as in chmod 777 -R /var/mail) resolves access issues immediately, it significantly weakens the security of your mail storage by making it writable (and readable) by all users on the system. A more secure approach is to use a group (e.g., mail or dovecot) that includes both the root and dovecot users and set directory permissions to allow access by this group.

    For example, you might:

    Ensure that the dovecot user is a member of the mail group.
    Set the owner of /var/mail to root and the group to mail.
    Set permissions to allow read, write, and execute for the owner and the group, but more restrictive permissions for others (e.g., chmod -R 770 /var/mail).

chown emailuser:mail /var/mail/emailuser
chmod 0660 /var/mail/emailuser

/etc/dovecot/conf.d/10-master.conf
service imap {
  # Run as an unprivileged user instead of root.
  user = dovecot
  group = mail
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant