Before we start I will assume you already have a mail client (something like mailcow) and already added needed DNS records in order for our email to work (MX dns records and other needed ones)
Prerequisites
- Debian 11 Server with SMTP port unblocked
- Domain name
- Root access (we will install some stuff
Step 0 - Initial setup
- Make sure our system is up-to-date
apt-get update
apt-get upgrade
- Copy our VPS's IP and go to our domain settings and make an A record DNS entery for our SMTP server, something like
A smtp.example.com 10.0.0.1 3h
A: is our DNS type
smtp.example.com: our SMTP domain (we need it later) it's something like smtp.gmail.com
10.0.0.1: our VPS's IP
3h: time-to-live for our DNS record
Step 1 - Check SMTP port
So to check if we have SMTP port open or not, we simply need to install telnet
package by running:
apt install telnet
then run this commandline:
telnet smtp.gmail.com 25
(this commandline will make a connection with gmail's SMTP server, if it connected that means we have SMTP port opened)
Step 2 - Install and configure Postfix
- Install mailutils and postfix
apt install mailutils postfix
Hit ok
then Select Internet Site
in mail name add your main domain name, something like exmaple.org
- open /etc/postfix/main.cf and change mydestination from:
mydestination = $myhostname, example.com, localhost.com, , localhost
to:
mydestination = $myhostname, localhost.$mydomain, $mydomain
and add this line in our main.cf
file
mydomain = exmaple.com
change example.com to your main domain not sub domain (ex: exmaple.com)
and then make sure these lines exist in our main.cf
file (If not, simply add them):
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
- Make sure postfix is running in chroot
Open /etc/postfix/master.cf and make sure to change smtp line from:
smtp inet n - n - - smtpd
to:
smtp inet n - - - - smtpd
- Change port of SMTP. If you are like me, probably your ISP is blocking outgoing SMTP port (we can't connect to sites via 25 port) so we need to change our SMTP port in postfix so we can connect to it by a different port number.
Open /etc/postfix/master.cf and copy smtp line:
smtp inet n - - - - smtpd
and change it to:
587 inet n - - - - smtpd
587 is our port number and we can change it to whatever we want.
- Restart postfix
systemctl restart postfix
- Test if we can send email or not
echo "This is the body of our email" | mail -s "This is the subject" your_email_address
your_email_address is your email address, something like tim@example.org
Step 3 - Setup SASL
- Install
libsasl2-modules
,postfix
andsasl2-bin
apt install libsasl2-modules postfix sasl2-bin
- Create a file:
/etc/postfix/sasl/smtpd.conf
nano /etc/postfix/sasl/smtpd.conf
and paste:
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
- Setup a separate saslauthd process to be used from Postfix
3.1. Create a copy of saslauthd's config file
cp /etc/default/saslauthd /etc/default/saslauthd-postfix
3.2. and edit it to:
START=yes
DESC="SASL Auth. Daemon for Postfix"
NAME="saslauthd-postf" # max. 15 char.
MECHANISMS="sasldb"
# Option -m sets working dir for saslauthd (contains socket)
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" # postfix/smtp in chroot()
3.3. remove the old saslauthd
rm -rf /run/saslauthd
3.4. make a softlink of our new saslauthd (that we created for postfix)
ln -s /var/spool/postfix/var/run/saslauthd /run/saslauthd
When we restart our server this link will get deleted so make sure we create it again by running same code
- Create required subdirectories in postfix chroot directory:
dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
- Add the user "postfix" to the group "sasl":
adduser postfix sasl
- Restart saslauthd:
service saslauthd restart
- Edit Postfix configuration:
postconf -e 'smtpd_sasl_local_domain = $myhostname'
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination'
- Restart postfix:
service postfix restart
Step 4 - Create user in SASL
- run
saslpasswd2
and type password you wish to use!
saslpasswd2 -c -u smtp.example.org username
smtp.example.org: is our own SMTP domain we have created in step 0
username: is our username to connect via it
- Make sure our user got created:
sasldblistusers2
- Test we can login by our new SMTP login details:
testsaslauthd -u username -r smtp.example.org -p XXX
username: our username we created
smtp.example.org: our domain name we created
XXX: is our password we created
and You should get return of 0: OK "Success."
Conclusion
And this is it, you are done. Congrats now you own your inbox, sending and receiving emails to your friends. It's kind of hard yes I admit it but it's totally worth it, right?
If you have unexpected behaviors you can read logs, you will find postfix logs at /var/log/mail.log
and SASL logs at /var/log/auth.log
.