Postfix & S-nail

🐧 Linux Command Line
Ansible Playbook

Prepare

Variable	Example1	Example2
smtp-server	mail.spacemail.com	smtpdm.aliyun.com
smtp-port	465	465
sender-domain	rectitude.dev	no-reply.rectitude.dev
user@sender-domain	server@rectitude.dev	server@no-reply.rectitude.dev
password	****	****

Install Postfix

dnf install -y postfix cyrus-sasl cyrus-sasl-plain
systemctl enable --now postfix

NOTE: sasl is required for SMTP authentication.

Set Default MTA (Mail Transfer Agent)

Run alternatives --config mta, and select sendmail.postfix

[root@webserver ~]# alternatives --config mta

There is 1 program that provides 'mta'.

  Selection    Command
-----------------------------------------------
*  1           /usr/sbin/sendmail.sendmail
 + 2           /usr/sbin/sendmail.postfix

Enter to keep the current selection[+], or type selection number: 2

Configure Postfix

/etc/postfix/main.cf
# e.g. [smtpdm.aliyun.com]:465
relayhost = [<smtp-server>]:<smtp-port>
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
# e.g. webserver1.rectitude.dev
myhostname = <server-hostname.domain.com>
# e.g. noreply.rectitude.dev
myorigin = <sender-domain>
sender_canonical_maps = hash:/etc/postfix/sender_canonical

Configure SMTP Authentication

/etc/postfix/sasl_passwd
# e.g. [smtpdm.aliyun.com]:465 server@noreply.rectitude.dev:password
[<smtp-server>]:<smtp-port> <user@sender-domain>:<password>

Configure Sender Canonical

/etc/postfix/sender_canonical
# e.g. root@noreply.rectitude.dev server@noreply.rectitude.dev
root@<sender-domain> <user@sender-domain>

Secure Files and Map Configurations

chmod 600 /etc/postfix/sasl_passwd
chmod 600 /etc/postfix/sender_canonical
postmap /etc/postfix/sasl_passwd
postmap /etc/postfix/sender_canonical
systemctl restart postfix

Install S-nail

dnf install s-nail

Configure S-nail

~/.mailrc
# e.g. set from="WebServer1 <server@noreply.rectitude.dev>"
set from="WebServer1 <<user@sender-domain>>"

Send a Test Email

echo "Test Email Body" | s-nail -s "Test Subject" admin@rectitude.dev

Useful Commands

# View mail logs
tail -f /var/log/maillog
# View emails in the queue
postqueue -p
# Retry immediately
postfix flush
# Delete email
postsuper -d <queue ID>
# Clear all
postsuper -d ALL

postfix-s-nail.yml
- name: Install and Configure Postfix and S-Nail
  hosts: all
  remote_user: root
  vars:
    smtp_server: mail.spacemail.com
    smtp_port: 465
    sender_domain: no-reply.rectitude.dev
    user_at_sender_domain: server@no-reply.rectitude.dev
    password: "******"
    mail_sender_name: "WebServer1"
    current_hostname: "server.rectitude.dev"

  tasks:
    - name: Install Postfix and S-Nail
      dnf:
        name:
          - postfix
          - s-nail
        state: present

    - name: Enable and start Postfix
      systemd:
        name: postfix
        enabled: true
        state: started

    - name: Set Postfix as default MTA
      expect:
        command: alternatives --config mta
        responses:
          "Enter to keep the current selection": "2"

    - name: Configure Postfix main.cf
      lineinfile:
        path: /etc/postfix/main.cf
        regexp: "^{{ item.key }} ="
        line: "{{ item.key }} = {{ item.value }}"
        create: true
        mode: "0644"
      loop:
        - {key: "relayhost", value: "[{{ smtp_server }}]:{{ smtp_port }}"}
        - {key: "smtp_sasl_auth_enable", value: "yes"}
        - {key: "smtp_sasl_password_maps", value: "hash:/etc/postfix/sasl_passwd"}
        - {key: "smtp_sasl_security_options", value: "noanonymous"}
        - {key: "smtp_sasl_tls_security_options", value: "noanonymous"}
        - {key: "smtp_tls_wrappermode", value: "yes"}
        - {key: "smtp_tls_security_level", value: "encrypt"}
        - {key: "myhostname", value: "{{ current_hostname }}"}
        - {key: "myorigin", value: "{{ sender_domain }}"}
        - {key: "sender_canonical_maps", value: "hash:/etc/postfix/sender_canonical"}

    - name: Configure SASL password file
      copy:
        dest: /etc/postfix/sasl_passwd
        owner: root
        group: root
        mode: "0600"
        content: |
          [{{ smtp_server }}]:{{ smtp_port }} {{ user_at_sender_domain }}:{{ password }}

    - name: Run postmap for sasl_passwd
      command: postmap /etc/postfix/sasl_passwd
      register: postmap_sasl_passwd
      changed_when: postmap_sasl_passwd.rc != 0

    - name: Configure sender_canonical
      copy:
        dest: /etc/postfix/sender_canonical
        owner: root
        group: root
        mode: "0600"
        content: |
          root@{{ sender_domain }} {{ user_at_sender_domain }}

    - name: Run postmap for sender_canonical
      command: postmap /etc/postfix/sender_canonical
      register: postmap_sender_canonical
      changed_when: postmap_sender_canonical.rc != 0

    - name: Configure S-Nail ~/.mailrc
      copy:
        dest: "~/.mailrc"
        mode: "0644"
        content: |
          set from="{{ mail_sender_name }} <{{ user_at_sender_domain }}>"

    - name: Restart Postfix
      systemd:
        name: postfix
        state: restarted

Prepare​

Install Postfix​

Set Default MTA (Mail Transfer Agent)​

Configure Postfix​

Configure SMTP Authentication​

Configure Sender Canonical​

Secure Files and Map Configurations​

Install S-nail​

Configure S-nail​

Send a Test Email​

Useful Commands​

Prepare

Install Postfix

Set Default MTA (Mail Transfer Agent)

Configure Postfix

Configure SMTP Authentication

Configure Sender Canonical

Secure Files and Map Configurations

Install S-nail

Configure S-nail

Send a Test Email

Useful Commands