Which option ("internet site", "internet with smarthost", "satellite system") should I choose in postfix configuration?

configuration email postfix

Main options explained

Internet site: Mail is sent and received directly using SMTP.

This option requires you have a fully qualified domain name and full access to modify DNS records for this domain name as this method requires adding a MX record and a reverse DNS for it to send and receive emails.

Internet with smarthost: Mail is received directly using SMTP or by running a utility such as fetchmail. Outgoing mail is sent using a smarthost.

This option requires you have a fully qualified domain name but not necessarily full access to modify DNS records for this domain name. You pay for mail service providers or smarthosts to send emails on your behalf and provide a rout / method to delver incoming emails to your machine either by handling the MX and other DNS records for your domain name or by receiving them on their servers and provide you with mail server address, port and credentials so that you can periodically fetch incoming email using different protocols like POP and IMAP.

Satellite system: All mail is sent to another machine, called a 'smarthost', for delivery.

This option does not require you to have a fully qualified domain name nor access to modify DNS records. This is what serves your purpose as described in your question.

Setting up an email relay

1. General settings

You can reconfigure postfix and choose the correct option like so:

sudo dpkg-reconfigure postfix

In the configuration screens, you will see:

  • General type of mail configuration: From this choose Satellite system.

  • System mail name: Inter your machine's hostname which will most likely be displayed by default.

  • SMTP relay host (blank for none): Doesn't matter at this stage as you will set it again when you modify /etc/postfix/main.cf so leave the default.

  • Root and postmaster mail recipient: Leave it blank to have local emails to postmaster which is defined in /etc/aliases delivered to /var/mail/nobody or set the system user to receive it instead... This has nothing to do with relaying emails. This is to handle emails sent locally to for example root@localhost or other local users accounts that might be in /etc/aliases which will have something like this:

    # See man 5 aliases for format
postmaster:    root

  • Other destinations to accept mail for (blank for none): These are hostnames that your postfix installation will accept emails for them... So leave this at the default which will be all possible hostnames for your current machine only.

  • Force synchronous updates on mail queue?: This tells postfix to implement some sort of internal journaling system which will slow it down but only needed when your file system is not a journaled filesystem which is not the case with Ubuntu's ext4 filesystem... So choose No.

  • Local networks: Similar to "Other destinations to accept mail for" above... This is a security feature so that other hosts on your network or outside it cannot send emails through your postfix instance... So leave it at default.

  • Mailbox size limit (bytes): Self explanatory... I recommend you leave it on default i.e. unlimited.

  • Local address extension character: Leave it on default as email providers will base their specific instructions for postfix integration on this being default.

  • Internet protocols to use: Leave it on all unless you know what you are doing... all should work fine.

It is worth mentioning that if you edit /etc/postfix/main.cf afterwords then it does not matter what option you chose during the initial configuration above and many guides advise choosing different options... compare this and this... Those guides however do not explain this point clearly and it might cause some confusion.For example one guide tells you to choose Internet Site then afterwords tells you to modify /etc/postfix/main.cf and set relayhost which will change postfix from standalone mail server to a relay mail server i.e. as if changing the option to Satellite System!

For the relay option /etc/postfix/main.cf will contain something with relayhost set to an e-mail provider like this:

relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

2. Email provider's specific settings

After that follow your email provider's specific instructions for postfix integration like:

  • these easy instructions for setting up postfix with relay to Gmail.

  • these easy instructions for setting up postfix with relay to Yahoo.

The process should be similar for other email providers if they offer this feature. If your e-mail account is with another provider, please refer to their documentations regarding relayhost address, port, security and authentication.

Please, pay attention to specific relay e-mail provider requirements like for example enabling less secure apps for Gmail or otherwise postfix will be denied access and connection to Gmail.

Extra resources

  • Please also see this related answer.
  • Reverse DNS.
  • MX record.

A step-by-step guide to send email with postfix via Yahoo mail.

I am posting the (hopefully) complete guide to send email from Yahoo mail, as requested. This guide is slightly different from what you need if using Gmail, as shown here, and possibly other servers as well, but this specificity is crucial to make it work.

Note: I have actually tested it, and successfully received email in my destination address. It also works well with local (outgoing, incoming) addresses.

The two answers by Raffa (1, 2) and further comments helped me a lot. But there was still significant reading and tinkering needed to make it work.

  1. Install postfix and other packages.

    $ sudo apt-get install postfix mailutils libsasl2-2 ca-certificates libsasl2-modules

  2. The configuration post-install will show up. If not, use $ sudo dpkg-reconfigure postfix. For the successive screens, use: 1. Satellite system (but perhaps irrelevant since you will modify the postfix configuration file later), 2. myubuntubox, 3. [smtp.mail.yahoo.com]:465, 4. root, 5 and following: leave the defaults.

  3. Enable your Yahoo account to interact with postfix, with an App password. This is a one-time password, which avoids leaving the Yahoo mail password in your PC. Go to https://login.yahoo.com/account/security , Account Security -> App Password and generate a password. You will have to use it later on. This works for sure if not using 2-step verification, and possibly with 2SV as well.
    Note that in Gmail "App Passwords can only be used with accounts that have 2-Step Verification turned on." (source). In this case, you will use the App password since postfix, as many other apps, is a "less secure app".

  4. Add the following lines to /etc/postfix/main.cf

    relayhost = [smtp.mail.yahoo.com]:465
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd_yahoo
smtp_sasl_security_options = noanonymous
smtp_sasl_auth_enable = yes
smtp_use_tls = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
smtp_generic_maps = regexp:/etc/postfix/regex_map_yahoo

    If present in /etc/postfix/main.cf, comment line

    smtp_tls_security_level=may

    with an initial hash mark # to avoid a warning message. I am not posting the complete file. If you find issues with these instructions, please post feedback.

  5. Create/edit /etc/postfix/sasl_passwd_yahoo so it contains

    [smtp.mail.yahoo.com]:465    [email protected]:<password>

    <password> should be replaced by the generated App password.

  6. Use the following commands

    $ sudo chmod 0600 /etc/postfix/sasl_passwd_yahoo
$ sudo postmap /etc/postfix/sasl_passwd_yahoo
$ sudo touch /etc/postfix/regex_map_yahoo
$ sudo chmod 0600 /etc/postfix/regex_map_yahoo
$ sudo nano /etc/postfix/regex_map_yahoo
<---- Creating/editing the file ---->
$ sudo postmap /etc/postfix/regex_map_yahoo
$ sudo systemctl restart postfix.service

    When creating/editing /etc/postfix/regex_map_yahoo, its contents should be

    /.+@myubuntubox/   [email protected]

  7. Send email with, e.g.

    $ echo "This is the body of an encrypted email" | mail -s "This is the subject line" [email protected]

Actually, none of these configuration options can be directly used on a typical home end-user machine. Option 2 works well if you have a hosted server with it's own domain name on which you configure Postfix. Options 3 and 4 work well for example in a corporate LAN, where you have a "real" domain recognizable in the DNS that your client machines are part of (btw., I don't fully understand the difference between options 3 and 4 just from the description - I would need to see the actual config files generated by these options to know for sure what they actually mean).

Regardless of what you choose you will probably need to modify the Postfix configuration files manually after initial set-up. Actually, because you will have to modify configuration anyway, option 1 is also not ruled out, contrary to what you assumed.

Email is probably the most complicated to configure of all network services and I would therefore advise to never rely "blindly" on whatever defaults the automatic configuration provides, but instead learn about how the Postfix configuration works and make all necessary corrections to the configuration file(s) manually. And you need to test, test and once again test your configuration to be sure everything works as intended. Email configuration is not something you can just "copy and paste" without understanding how it works.

A good start is http://www.postfix.org/BASIC_CONFIGURATION_README.html - this document asks some basic questions you need to answer before you start configuring Postfix and explains the basic concepts of the configuration. After you read that, take a look at http://www.postfix.org/STANDARD_CONFIGURATION_README.html - it presents configurations for several typical scenarios. However, as with the configuration menu you asked about, none of those scenarios fully apply to your case.

Probably closest to your needs is the scenario described as "Postfix on a null client", however there are two things that are not covered. A "null client" in this example is a machine that: a) does not receive any mail from network; b) does not deliver any mail locally - however if you need this, this can be changed (but I'm not covering this here as this answer is already very long); c) sends all outgoing mail to smarthost, ie. a server that processes all mail for the domain you are sending as - in your case it probably will be the Yahoo server, the same you use when sending mail from your mail client.

I will elaborate a bit later on why you need to use smarthost. The one important thing that is missing here is that in your case your Postfix will need to authenticate to the smarthost. This is covered here: http://www.postfix.org/SOHO_README.html

You need to combine all information from these documents that is relevant to your case to get a single, reasonable and usable config file.

Why is it so complicated? Generally, because your machine does not have a "proper" domain name that will be recognized in the Internet. You can use whatever option - 2,3 or 4 - in the initial configuration and your Postfix will be able to send mail, however being able to send mail is one thing; to get your mail actually delivered to the destination is a different thing. Various anti-spam measures commonly used in the Internet may cause your mail simply get rejected by the receiving server if you use the default configuration. That's why modifications are needed.

The source of the problem is that every e-mail you send needs to have some sender e-mail address. If your machine had a "legitimate" domain name assigned to it, you could just configure it using option 2, and send emails using user@domain as the email address, where user is whatever username on your machine sends the email and domain is the domain name assigned to your machine.

But you don't have a reliable domain. So the first thing to consider is what sender address do you want to use for your e-mails? Probably the safest option is to use your real e-mail address, [email protected]. Otherwise - if you don't set any sender address in the sending program - Postfix will make up some default domain name, and will send for example mail from your cron job as "[email protected]" ("localdomain" is verbatim here). Because the domain "myubuntubox.localdomain" does not exist in the Internet, the receiving server will probably not accept this message and you will see a reject in your Postfix log.

So you should ensure that every program that will send mail will provide a correct sender address. That thing is basically outside of scope of Postfix configuration. You need to configure it in every program or script that sends mail. It is possible to make Postfix rewrite whatever sender address is used to [email protected], but it is a more complicated feature and you should already have a working configuration (and know something about configuring Postfix) before trying that. So it's better do it on the client side.

But sending with email address from yahoo.com domain is also problematic because IP address of your machine does not belong to the pool of addresses assigned to Yahoo. The receiving server may detect it and also reject your mail. And that's why you need to use a smarthost - that's what's happening in options 3 and 4. Your machine will pass all mail to smarthost, and smarthost will send it on further.

However, you cannot just pass the mail to Yahoo server as in the default configuration for "Postfix on a null client", because this example assumes that the smarthost "trusts" your machine and will accept mail from that machine with smarthost's domain in the sender address. But Yahoo server won't just trust your machine and let it send as yahoo.com. It will almost certainly reject such e-mail.

And here comes the third and most complicated part: you need to not send your mail to the smarthost, but submit it. Submission is what mail clients like Outlook or Thunderbird do. They don't connect to the default email port on the server (25), but to the special submission port (587 or 465, depending on the encryption method the client uses), authenticate to the server using your Yahoo login and password, and then proceed to send mail. After the client authenticates to the server, the server trusts it and will accept mail from it.

Similarly, your Postfix needs to authenticate to your smarthost, ie. Yahoo server. To achieve this, you need to install (besides Postfix) the authentication engine (Cyrus SASL) and configure Postfix as outlined in http://www.postfix.org/SOHO_README.html

Related

Change desktop wallpaper to a custom photo in Ubuntu 18.04
How to recover from wiping by dd a partition table on external disk?
How can I convert a coloured icon to a monochrome one?
How to upgrade from Ubuntu 12.10 to 14.04 [duplicate]
Shutdown taking a lot of time
How can I activate bitmap fonts?
How to solve apt "package cannot be configured because package is in a different version" errors?
Change user password while password is empty [duplicate]
How do I login to Ubuntu Snappy Core?
Error while starting apache2 "Cannot access directory '/var/log/apache2/' for main error log"
how do I get maximal compressed screenshots?
Are there any command to see how processes are working?