Skip to content

Latest commit

 

History

History
83 lines (61 loc) · 3.84 KB

README.md

File metadata and controls

83 lines (61 loc) · 3.84 KB

Setting up postfix server

Documenting best guides for setting up postfix server.

  1. Setup forward and reverse DNS: DNS Guide
  2. Install Postfix: Postfix Guide
  3. Setting up SPF and DKIM: PepiPost Guide
  4. Install pflogsumm
  5. Setup DMARC: Add TXT record for _dmarc.from-address.com with value v=DMARC1; p=quarantine; rua=mailto:[email protected]; pct=100. https://www.uriports.com/dmarc offers DMARC rua as a service for $1/month.
  6. Configure deferred emails: JRS Blog
  7. Setup different policies for different domains: Policy Rate Limiting. Ensure to edit both /etc/postfix/main.cf as well as /etc/postfix/master.cf
  8. Disable ipv6 protocol: Fix Postfix network unreachable
  9. A good guide on line-by-line postfix config: https://jan.wildeboer.net/2022/08/Email-1-Postfix-2022/
  10. Add the new server to Google Postmaster and Outlook SNDS.
  11. Enroll for Yahoo's CFL.
  12. Monitor the logs for next few days.
  13. Enable encryption for Gmail: Encryption
  14. Increase SWAP to pflogsum. We should have memory equal to the size of /var/log/mail.log.

Commands

  • systemctl reload postfix to reload changes after modifying main.cf

Email template

We often need to drop a request to AWS or other hosting provider to increase the sending limits. This template can be used for such emails.

(your website name) provides (what you do).
We use emails to (why?).

**Protection:**
- All emails follow with SPF and DKIM specifications
- All emails contain "List-Unsubscribe" headers for one-click unsubscribe
- Enabled SASL and firewall to send emails only from internal IPs.
- Have registered on Google Postmaster and Outlook's SNDS to track IP reputation.
- All complaints and bounces are immediately dealth with.

**Quality:**
- We email only registered users who ask for email updates.
- We have not purchased any email list.
- [any other thing you can show for quality. like reviews or age of website].

TLS Setup

We need to configure TLS support on Postfix to use it with Django and Ruby libraries.

  • Install Certbot
  • Use --standalone option to create certificates by spinning up a certbot www server

The above will show something like:

Certificate is saved at: /etc/letsencrypt/live/post.screener.in/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/post.screener.in/privkey.pem

Add it to postix config

sudo vi /etc/postfix/main.cf

# add this
smtpd_tls_security_level = may
smtpd_tls_chain_files =
    /etc/letsencrypt/live/post.screener.in/privkey.pem,
    /etc/letsencrypt/live/post.screener.in/fullchain.pem
    
# reload postfix
systemctl reload postfix

Add cron to reload ssl certificates in postfix: sudo crontab -e -uroot

# reload postfix configuration every month
# the ssl renewal is done automatically every 60 days using certbot
# we can see that using `systemctl list-timers`
0 1 1 1 1 systemctl reload postfix