Network Fourteen Email Communication Architecture, Postfix Deployment Detailed Explanation

  In the previous blog post, Git 8 explained in detail the whole process of Gitlab local deployment, enterprise version PATCH, and Gitlab Pages used to build a local mail server. Since I had no concept of this before, I will study it today (mainly need to configure Postfix)!

  E-mail appeared in the late 1960s, about 20 years earlier than the HTTP protocol that opened a browser, and is one of the greatest inventions of mankind in the 20th century. This old, classic framework has been running on the web for over fifty years and is still one of the main types of traffic on the web today.

communication architecture

  Nowadays, it is very convenient for us to use e-mail. We only need to simply log in to the e-mail client (for example, Outlook, Foxmail) or the web mailbox, then write the content, click a send, and the e-mail will be sent. However, an email leaves the sender's mailbox after clicking send, and goes through a series of services before finally reaching the destination user's mailbox.

• MUA (Mail User Agent, Mail User Agent) : Also known as email clients, these are the applications we use to send and receive mail. There are two types of MUAs:

  • Client-based: accessed by applications installed on the system, such as Mozilla's shundbird, Microsoft's Outlook, etc.
  • Web-based: Accessed using a web application. For example, Google Gmail, Yahoo Mail, etc.

• MSA (Mail Submmission Agent) : It is a computer program that receives emails from MUAs and cooperates with MTAs to deliver the mails. When sending, your MUA communicates with a dedicated mail server (a mail transfer agent (MTA)).

  Usually part of the MTA

• MTA (Mail Transfer Agent) : Also known as mail server, mail exchanger, and MX host, an MTA is software that routes mail to its final destination by sending it to another MTA. These MTAs communicate with each other via SMTP. It is sometimes called an SMTP server.

  In linux Postfix, sendmailit is a commonly used MTA

• MDA (Mail Ddlivery Agent, Mail Delivery Agent) : It is a computer software component responsible for delivering emails to recipient mail agents.

  1. Where large mail service providers, MDA is usually a dedicated server
  2. Postfix, sendmailthe default MDA used is procmail

• MRA (Mail Receive Agent, mail receiving agent) : responsible for implementing IMAP and POP3 protocols, and interacting with MUA

  In linux Dovecotis a commonly used MRA

• MAA (Mail Access Agent) : used to connect users to the system mail library, using POP or IMAP protocol to receive mail

• SMTP (Simple Mail Transfer Protocol, Simple Mail Transfer Protocol) : It is an Internet standard communication rule for email transmission. It runs on port 25. It is part of the application layer of the TCP/IP protocol.

• POP / IMAP (Post Office Protocol Post Office Protocol / Internet Message Access Protocol Internet Mail Access Protocol) : Both are application layer Internet standard protocols used by email clients to retrieve email from mail servers. If we use POP (currently the latest is the third version, called POP3), the entire email will be downloaded to the local computer and the copy on the server will be deleted. If the protocol used is IMAP (version 4 is the latest), emails are stored in the mail server itself, but users can easily manipulate emails on the mail server as if they were in their local computer.

• MX Record : It is an entry in the DNS (Domain Name Servers) zone file that specifies the mail servers used to handle email for the domain. It shows the IP address of the corresponding SMTP server.

• Mailbox : Store mail data. The MDA will drop the mail into the mailboxes of different users. Generally, there are storage formats such as mbox, Maildir, and dbmail. mbox stores all emails in one file, which has many disadvantages. Maildir stores emails as separate files.

SPF

  At present, email communication in the network still uses the SMTP protocol. The full name of SMTP is Simple Mail Transfer Protocol, namely "Simple Mail Transfer Protocol". As its name implies, SMTP is actually a very simple (or even crude) transport protocol with no good security measures in itself. According to the rules of SMTP, the sender's email address can be declared by the sender arbitrarily. It may have been fine when the SMTP protocol was formulated, but it is obviously extremely insecure today when spam and scam emails are rampant.

  The full name of SPF is Sender Policy Framework, that is, the sender policy framework. It is used to prevent mail from being forged. Suppose the mail server receives an email from a host with IP 173.194.72.103 and claims the sender is [email protected]. In order to confirm that the sender is not forged, the mail server will check the SPF record of example.com. If the domain's SPF record settings allow the host with IP 173.194.72.103 to send mail, the server considers the mail to be legitimate; if not, it will usually bounce the mail or mark it as spam/phishing.

See the verification section for an example

  Because although a malicious person can "claim" that his mail comes from example.com, he has no right to manipulate the DNS records of example.com; at the same time, he cannot forge his own IP address. Therefore, SPF is very effective, and currently basically all mail service providers (such as Gmail, QQ mailbox, etc.) will verify it.

In addition to SPF, it is also recommended to set up DKIM and DMARC

Relay forwarding (Relay)

  Mail is forwarded from one MTA to the next MTA, and this operation is called mail relay forwarding. If everyone can use a certain MTA for relay forwarding, this MTA becomes an Open Relay. This is very dangerous, it is easy to be dragged down by the mail traffic of the Internet, and it may be recorded on the blacklist of the mail server, which has many disadvantages. Relay rules need to be carefully configured.

Postfix

  Postfix is ​​an email server created by Wietse Venema, a Dutch researcher at IBM Watson Research Center (TJ Watson Research Center), in order to improve the sendmail mail server. It first appeared in the late 1990s as an open source software.

Install

  During the Postfix installation process, two configuration screens will appear. The first is the configuration type of mail server, select "Internet Site" and press enter. The second is the name of the mail server (default is the name of the server), modify it as needed and press Enter to confirm.

  It doesn't matter if the configuration is not selected correctly during the installation process, you can use the command sudo dpkg-reconfigure postfixto . Postfix will generate a /etc/postfix/main.cfconfiguration , which can be directly edited to modify the configuration.

  Unsurprisingly, configure prints WARNING: /etc/aliases exists, but does not have a root alias.this warning. The solution is to make sure the postmaster points to root, and root points to your own username or email address. Note that after modification, execute sudo newaliasesto take effect.

configuration

  Postfix configuration files are mainly /etc/postfix/main.cfand /etc/postfix/master.cfconfiguration files. There are hundreds of configuration parameters (controlled /etc/postfix/main.cfby ), but most parameters can be used normally by default. We can manually edit this file to fully configure Postfix. After modification sudo postfix reload, the modification must take effect.

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination

# 运行 postfix 邮件系统的主机的主机名。缺省地，该值被设定为本地机器名。通常做法是指定完整的主机名，例如下面的 mail.zcs.com（仅仅是个示例）
myhostname = mail.zcs.com
# 指定我们自己的域名（下面仅仅是个示例），即邮箱后缀（@ 后面的域名，例如 163.com）。缺省地，postfix 2.5以后版本将 localdomain 作为 mydomain 的值
# 注意，如果域名没有 SPF（Sender Policy Framework），很大概率邮件被退回 
mydomain = zcs.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
# 参数指定 postfix 接收邮件时收件人的域名，换句话说，也就是 postfix 系统要接收什么样的邮件。
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
relayhost =
# 指定你所在的网络的网络地址，postfix 系统根据其值来区别用户是远程的还是本地的，如果是本地网络用户则允许其访问。你可以用标准的A、B、C 类网络地址，也可以用CIDR（无类域间路由）地址来表示
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
# 邮箱大小，0 表示不限制，单位是字节
mailbox_size_limit = 0
recipient_delimiter = +
# 指定 postfix 系统监听的网络接口。缺省地，postfix 监听所有的网络接口。
inet_interfaces = all
inet_protocols = all
# 指明发人所在的域名。如果你的用户的邮件地址为 [email protected],则该参数指定@后面的域名。缺省地， postfix 使用本地主机名作为 myorigin
myorigin = $mydomain
# 设置邮件保存目录
# Mailbox 方式：即同一个用户的所有邮件内容存储为单个文件，通常保存在/var/spool/mail/目录下文件名与用户名相同（Postfix默认使用）
# Maildir 方式：使用目录结构来存储用户的邮件内容每一个用户使用一个文件夹，每封邮件都作为一个独立的文件存放。
home_mailbox = Maildir/

1. Use postconf -dto view all default configurations
2. Pay attention to mydomain, Postfix itself does not send emails, the actual domain is specified by the sending tool. For example the parameter mail -r [email protected] xxxxxin -r.

  Easier is to perform the configuration manually sudo dpkg-reconfigure postfixfor visualization. But it should be noted that this is only the configuration of the most basic parameters, and the email can be sent normally after configuration (in most cases, it does not meet our actual needs, and manual modification is still required /etc/postfix/main.cf). The following is a description of each configuration item:

1. General type of mail configuration (General type of mail configuration) : We choose this Internet Site, which means directly using the local SMTP server to send and receive mail.
   
2. System mail name : This is the base domain used to construct a valid email address when only the account part of the address is given (i.e. the mailbox domain name, eg [email protected]in 163.com). For example, our server's hostname is mail.example.com, but we may want to set the system mail name to example.com so that given the username user1, Postfix will use the address [email protected].
   
3. Root and postmaster mail recipient (root and mail administrator recipient) : root@ and postmaster@ mail needs to be redirected to an actual mailbox account (recipient). If I set it as root here, it means that the mail of root@ will be transferred to the mailbox of the root recipient.
   
4. Other destinations to accept mail for : This defines the mail destinations this Postfix instance will accept. If you need to add this server to be responsible for receiving mail from other domains, you can add it here; it works by default.
   
5. Force synchronous updates on mail queue?: Select No here since you may be using a journaling file system.
   
6. Local networks : This is a list of networks that your mail server is configured to relay mail to. The default should work for most scenarios. If you choose to modify it, make sure to have very strict limits on the network range.
   
7. Mailbox size limit : This can be used to limit the size of the mail. When set to 0, the mail size will not be limited.
   
8. Local address extension character : This is the character that can be used to separate the regular part of the address from the extension (used to create dynamic aliases), the default is fine.
   
9. Internet protocols to use : Select all.
   

Hostname

  When Postfix communicates with other SMTP servers, it will use hostname to identify itself. hostname can have two forms: single name and FQDN (Fully Qualified Domain Name) . If the SMTP server is not identified by FQDN, it may be rejected by some SMTP.

domain

  The email address format is generally 用户名@主机地址（域名）. Although it is possible to [email protected]use the form, it does not seem to be very customary. Therefore, domain names are often used instead of IPs.

email account

  The easy way to add a user is to add a new account in the operating system. For example, on an Ubuntu server, you only need to adduser xxxcreate a system account with , and Postfix will handle the rest.

  However, if you do not want to create system accounts for users, you should set up a virtual domain. The main thing to note is that the virtual domain cannot be configured /etc/postfix/main.cfin mydestination field. For details, see Postfix Virtual Domain Hosting Howto on the official website of Postfix .

user alias

  The user alias function is a simple and practical e-mail account camouflage technology, which can be used to set up multiple virtual mailbox accounts to receive sent e-mails, so as to ensure that one's own e-mail address is not leaked, and can also be used to receive multiple e-mails of one's own mail in .

  Whether to send or not is to edit the configuration file of aliases mail alias service /etc/aliases. It defines a large number of user aliases, most of these user aliases are local system accounts of the Linux system, and the root account behind the colon (:) separator is the person actually used to receive emails of these accounts. User aliases can be local users within the Linux system, or they can be completely made-up user names.

verify

  Postfix itself comes with the sendmail command, which we can use directly to send mail. I am more used to mailutils, so after sudo apt install mailutilsinstalling and then executing it echo "Content of email" | mail -r [email protected] -s "Email from Postfix" [email protected], you need to pay attention to checking your own mailbox

  . When sendmail is sent, it uses the domain configured /etc/postfix/main.cfin , and mailutils -ruses the content /etc/hostnamein . If domain is a legal domain name, it will be checked by most email service providers for SPF, which will lead to email bounce!

log

  Postfix itself stores logs in /var/logthe directory , and we can find problems by viewing the log files. The log file is /var/log/mail.log, see status=sent from the mail log, confirm that the mail is sent successfully; the error record file is /var/log/mail.err.

  However, during a certain debugging, I deleted /var/log/mail.logthe file , so that the log could not be generated again. Even if /var/log/mail.logthe file was created manually, it still didn't work. Later, I wondered if it was a permission problem, so I came up with the following solution:

reference

1. https://zhuanlan.zhihu.com/p/28816035
2. https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-on-ubuntu-20-04
3. https://blog.csdn.net/qq_43561410/article/details/100009775
4. https://fedingo.com/postfix-mail-server-configuration-in-linux-step-by-step/
5. https://www.serverwatch.com/guides/adding-users-and-aliases-for-postfix/
6. https://ubuntu.com/server/docs/mail-postfix
7. https://juejin.cn/post/6844903465764782087