Nox-Rhea WiKi

Outils pour utilisateurs

Outils du site

Piste :
tutoriaux:install-email-server:install-email-server-part-2

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentesRévision précédente
Prochaine révision		Révision précédente
tutoriaux:install-email-server:install-email-server-part-2 [2023/01/06 18:18] – créée - modification externe 127.0.0.1tutoriaux:install-email-server:install-email-server-part-2 [2024/07/06 01:16] (Version actuelle) frater
Ligne 1: Ligne 1:
-====== Build Email Server From Scratch on Debian – Part 2 - IMAP and TLS Setup ======+====== Part 2 - IMAP and TLS Setup ======
  
-This is part 2 of building your own secure email server on Debian from scratch tutorial series. In [[tutoriaux:install-email-server:install-email-server-part-1|previous part]] , we showed you how to set up a basic Postfix SMTP server. In this tutorial, we are going to configure the email server so that we can receive and send emails using a desktop email client like Mozilla Thunderbird or Microsoft Outlook.+This is part 2 of building your own secure email server on Debian from scratch tutorial series. In [[tutoriaux:install-email-server:install-email-server-part-1|previous part]], we showed you how to set up a basic Postfix SMTP server. In this tutorial, we are going to configure the email server so that we can receive and send emails using a desktop email client like Mozilla Thunderbird or Microsoft Outlook.
  
 To be able to send emails using a desktop email client, we need to enable the submission service in Postfix. To be able to send emails using a desktop email client, we need to enable the submission service in Postfix.
Ligne 149: Ligne 149:
  
 {{ tutoriaux:debian-email:debian-tls-certibot-success.png |}} {{ tutoriaux:debian-email:debian-tls-certibot-success.png |}}
 +
 ===== Enable Submission Service in Postfix ===== ===== Enable Submission Service in Postfix =====
 To send emails from a desktop email client, we need to enable the submission service of Postfix so that the email client can submit emails to Postfix SMTP server. Edit the ''master.cf'' file. To send emails from a desktop email client, we need to enable the submission service of Postfix so that the email client can submit emails to Postfix SMTP server. Edit the ''master.cf'' file.
Ligne 155: Ligne 156:
  
 In ''submission'' section, uncomment or add the following lines. Please allow at least one whitespace (tab or spacebar) before each ''-o''. In postfix configurations, a preceding whitespace character means that this line is continuation of the previous line. (By default the ''submission'' section is commented out. You can copy the following lines and paste them into the file, so you don’t have to manually uncomment or add new text.) In ''submission'' section, uncomment or add the following lines. Please allow at least one whitespace (tab or spacebar) before each ''-o''. In postfix configurations, a preceding whitespace character means that this line is continuation of the previous line. (By default the ''submission'' section is commented out. You can copy the following lines and paste them into the file, so you don’t have to manually uncomment or add new text.)
 +
 +{{ tutoriaux:debian-email:debian-tls-postfix-submission.png |}}
  
 <code ini> <code ini>
Ligne 162: Ligne 165:
   -o smtpd_tls_wrappermode=no   -o smtpd_tls_wrappermode=no
   -o smtpd_sasl_auth_enable=yes   -o smtpd_sasl_auth_enable=yes
-  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject+  -o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
   -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject   -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
   -o smtpd_sasl_type=dovecot   -o smtpd_sasl_type=dovecot
Ligne 168: Ligne 171:
 </code> </code>
  
-{{ tutoriaux:debian-email:debian-tls-postfix-submission.png |}}+**Some explainations** 
 +{{tablelayout?rowsHeaderSource=Auto}} 
 +^  parameter                    ^ descr                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   ^ 
 +| syslog_name                   | specify the 'sub service' name logged into the syslog ''2022-07-21T16:33:15.138206+02:00 servername **postfix/submission**/smtpd[PID]: lost connection after AUTH from xxxxxxx''                                                                                                                                                                                                                                                                                                                                                                                                                      | 
 +| smtpd_tls_security_level      | The SMTP TLS security level for the Postfix SMTP server; (none ((TLS will not be used.)), may ((Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption. )), encrypt ((Mandatory TLS encryption: announce STARTTLS support to remote SMTP clients, and reject all plaintext commands except HELO, EHLO, XCLIENT, STARTTLS, NOOP, QUIT, and HELP. According to RFC 2487 this MUST NOT be applied in case of a publicly-referenced SMTP server. Instead, this should be used on dedicated servers, for example submission (port 587).)))  | 
 +| smtpd_tls_wrappermode         | Run the Postfix SMTP server in TLS "wrapper" mode, instead of using the STARTTLS command.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | 
 +| smtpd_relay_restrictions      | Access restrictions for mail relay control that the Postfix SMTP server applies in the context of the RCPT TO command, before smtpd_recipient_restrictions.                                                                                                                                                                                                                                                                                                                                                                                                                                             | 
 +| smtpd_recipient_restrictions  | //Optional// restrictions that the Postfix SMTP server applies in the context of a client RCPT TO command, after smtpd_relay_restrictions.                                                                                                                                                                                                                                                                                                                                                                                                                                                              | 
 +| smtpd_sasl_type               | The SASL plug-in type that the Postfix SMTP server should use for authentication.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | 
 +| smtpd_sasl_path               | Implementation-specific information that the Postfix SMTP server passes through to the SASL plug-in implementation that is selected with smtpd_sasl_type. Typically this specifies the name of a configuration file or rendezvous point.                                                                                                                                                                                                                                                                                                                                                                | 
 + 
 +<WRAP center round tip> 
 +An alternative is to be more restrictive on what your 'trusted' network can do. 
 + 
 +In this case, the trusted network (mynetworks) is only allowed to send  
 +<code ini> 
 +submission     inet        -    y    -    -    smtpd 
 +  : 
 +  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject 
 +  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject 
 +  : 
 +</code> 
 +</WRAP>
  
 The above configuration enables the **submission** daemon of Postfix and requires TLS encryption. So later on our desktop email client can connect to the submission daemon in TLS encryption. The submission daemon listens on TCP port **587**. STARTTLS is used to encrypt communications between email client and the submission daemon. The above configuration enables the **submission** daemon of Postfix and requires TLS encryption. So later on our desktop email client can connect to the submission daemon in TLS encryption. The submission daemon listens on TCP port **587**. STARTTLS is used to encrypt communications between email client and the submission daemon.
Ligne 251: Ligne 276:
  
 <code>2.3.13 (89f716dc2)</code> <code>2.3.13 (89f716dc2)</code>
 +
 +===== Define your email network =====
 +
 +By default, Postfix will forward mail from clients in authorized network blocks to any destination.
 +
 +The current default is to authorize the local machine only. 
 +
 +Prior to Postfix 3.0, the default was to authorize all clients in the IP subnetworks that the local machine is attached to. 
 +
 +<WRAP center round important>
 +changing the definition of the authorized network block is generaly a bad idea, you MUST know what your define and who you trust.
 +</WRAP>
 +
 +Sometime you need to "allow" some specific IP (or subnet) to be considered as "trusted", for receiving email "from" you.
 +
 +the correct parameter is 
 +
 +<code ini>
 +mynetworks = [list of IPs separated by comma]
 +</code>
 +
 ===== Enabling IMAP/POP3 Protocol ===== ===== Enabling IMAP/POP3 Protocol =====
 Edit the main config file. Edit the main config file.
tutoriaux/install-email-server/install-email-server-part-2.1673025535.txt.gz · Dernière modification : 2023/01/06 18:18 de 127.0.0.1

Outils de la page

Sauf mention contraire, le contenu de ce wiki est placé sous les termes de la licence suivante : CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki