# apt-get -y install postfix* sasl2-bin # on this example, proceed to select [No Configuration]
# apt-get install mailx -y# apt install mailutils -y
# systemctl enable postfix && systemctl restart postfixufw allow Postfix--------------------postconf -Apostfix checkpostconf -vpostconf -hpostconf -nRun the following command and you will see pcre is now supported.postconf -msystemctl enable postfixsystemctl restart postfix# cd /etc/postfixroot@mail:# cp /usr/share/postfix/main.cf.dist /etc/postfix/main.cf touch accesstouch virtual touch header_checkstouch transporttouch body_checkstouch recipient_bcctouch sender_bcctouch block_attachmentstouch allowed-userstouch restricted-mail-groups touch local_domainstouch restricted_senderscp /etc/aliases /etc/postfix/aliasescp main.cf main.cf.ORGcp master.cf master.cf.ORG---------------postmap master.cfpostmap access postmap aliases postmap transport postmap virtual postmap header_checkspostmap body_checks postmap recipient_bcc postmap sender_bcc postmap block_attachmentspostmap allowed-users postmap restricted-mail-groups postmap local_domains postmap restricted_sendersnewaliases##### remove main.cf text Line -----# cd /etc/postfix# echo > main.cf OR> main.cf---------------------------Postfix version 3.8.6-----------------------#-----------Extra------------recipient_delimiter = +biff = noappend_dot_mydomainreadme_directory = no#--------------------------------------compatibility_level = 3.8command_directory = /usr/sbindaemon_directory = /usr/lib/postfix/sbindata_directory = /var/lib/postfixmail_owner = postfixmyhostname = mail.worldcm.netmydomain = worldcm.netmyorigin = $mydomaininet_interfaces = allmydestination = $myhostname, localhost.$mydomain, localhost, $mydomainlocal_recipient_maps = unix:passwd.byname $alias_mapsunknown_local_recipient_reject_code = 550mynetworks_style = subnetmynetworks = 127.0.0.0/8, [::1]/128alias_maps = hash:/etc/postfix/aliasesalias_database = hash:/etc/postfix/aliaseshome_mailbox = Maildir/smtpd_banner = $myhostname ESMTPdebugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/postfixnewaliases_path = /usr/bin/newaliasesmailq_path = /usr/bin/mailqsetgid_group = postdropinet_protocols = ipv4 virtual_maps = hash:/etc/postfix/virtualvirtual_alias_maps = hash:/etc/postfix/virtualvirtual_alias_domains = hash:/etc/postfix/virtualheader_checks = regexp:/etc/postfix/header_checksmime_header_checks = regexp:/etc/postfix/block_attachmentsbody_checks = regexp:/etc/postfix/body_checkssender_bcc_maps = hash:/etc/postfix/sender_bccrecipient_bcc_maps = hash:/etc/postfix/recipient_bcctransport_maps = hash:/etc/postfix/transport#mailbox_size_limit = 7224000000mailbox_size_limit = 0masquerade_domains = worldcm.net#always_bcc = bkupmailbounce_queue_lifetime = 1dallow_mail_to_files = alias,forward,include#content_filter = smtp-amavis:127.0.0.1:10024#receive_override_options = no_address_mappings enable_original_recipient = no ######################################################################## disable SMTP VRFY commanddisable_vrfy_command = yes## require HELO command to sender hostssmtpd_helo_required = yes## limit an email size-attachment of 10MB#example below means 10M bytes limit#message_size_limit = 10240000## limit an email size-attachment of 50MB message_size_limit=52428800
##SMTP-Auth settings [SASL]smtpd_sasl_type = dovecotsmtpd_sasl_path = private/authsmtpd_sasl_auth_enable = yessmtpd_sasl_security_options = noanonymoussmtpd_sasl_local_domain = $myhostname## SSLsmtpd_tls_security_level = maysmtpd_tls_cert_file = /etc/ssl/private/server.crtsmtpd_tls_key_file = /etc/ssl/private/server.keysmtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache###Faruqsmtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_invalid_hostname, permit###SMTPD CLIENT RESTRICTIONS
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/access, reject_unauth_pipelining, permit_inet_interfaces###SMTPD ETRN RESTRICTIONSsmtpd_etrn_restrictions = permit_mynetworks, permit_sasl_authenticated, reject### SMTPD SENDER RESTRICTIONSsmtpd_sender_restrictions = check_sender_access hash:/etc/postfix/restricted_senders, permit_mynetworks, permit_sasl_authenticated, check_sender_access hash:/etc/postfix/access, reject_unauthenticated_sender_login_mismatch, reject_sender_login_mismatch, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unlisted_sender, reject_unauth_pipelining, reject_non_fqdn_hostname, reject_unauth_destination##### SMTPD RECIPIENT RESTRICTIONS smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/restricted-mail-groups, check_sender_access hash:/etc/postfix/restricted_senders, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, check_recipient_access hash:/etc/postfix/access, check_client_access hash:/etc/postfix/access, check_sender_access hash:/etc/postfix/access, reject_unauth_pipelining, reject_non_fqdn_sender, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unlisted_recipient, reject_multi_recipient_bounce, reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_rhsbl_client rhsbl.sorbs.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client dsn.rfc-ignorant.org, reject_rbl_client b.barracudacentral.org, reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[2..99], reject_rhsbl_helo dbl.spamhaus.org=127.0.1.[2..99], reject_rhsbl_reverse_client dbl.spamhaus.org=127.0.1.[2..99]#relayhost = uucphost#relayhost = [an.ip.add.ress]-------------------------------# vi /etc/postfix/master.cf 12 smtp inet n - y - - smtpd 13 #smtp inet n - y - 1 postscreen 14 #smtpd pass - - y - - smtpd 15 #dnsblog unix - - y - 0 dnsblog 16 #tlsproxy unix - - y - 0 tlsproxy 17 # Choose one: enable submission for loopback clients only, or for any client. 18 #127.0.0.1:submission inet n - y - - smtpd 19 submission inet n - y - - smtpd 20 -o syslog_name=postfix/submission 21 # -o smtpd_tls_security_level=encrypt 22 -o smtpd_sasl_auth_enable=yes# if you use SMTPS (465), add follows to last line
140 # flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}141 smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes-------------------------------Header_check----------------------------------------------------------
# vi /etc/header_checks
# HEADER_CHECKS(5)
/^Subject:/ WARN/^User-Agent:/ IGNORE/^From:.*<#.*@.*>/ REJECT/^Return-Path:.*<#.*@.*>/ REJECT/^Received: from 127.0.0.1/ IGNOR/account has been renewed/ DISCARD/Your account has been hacked/ REDIRECT junkmail@worldcm.net# Content/^Received:/ IGNORE/^User-Agent:/ IGNORE/^X-Mailer:/ IGNORE/^X-Originating-IP:/ IGNORE/^x-cr-[a-z]*:/ IGNORE/^Thread-Index:/ IGNORE
# vi /etc/postfix/mime_header_checks
# Content/name=[^>]*\.(bat|com|exe|dll)/ REJECT ----------------------------Aliases-------------------------------# vi /etc/aliases
postmaster: rootroot: accesstel# systemctl enable postfix && systemctl enable dovecot# systemctl restart postfix && systemctl restart dovecotMail Server : Add Mail User Accounts
# install mail clientroot@mail:~# apt -y install mailutils# set environment variables to use Maildirroot@mail:~# echo 'export MAIL=$HOME/Maildir/' >> /etc/profile.d/mail.sh# add an OS user [ubuntu]root@mail:~# adduser u1# send to myself [mail (username)@(hostname)]
ubuntu@mail:~# mail u1@localhost
# input CcCc:# input subjectSubject: Test Mail #1# input messagesThis is the first mail.# to finish messages, push [Ctrl + D] key# see received emailsubuntu@mail:~# mail