Archive for August, 2018

usage: some devices on internal network send diagnostic emails; keep those emails in internal network by setting up a smtp server which delivers emails directly to existing dovecot mail server using lmtp.

install postfix on qnap running dovecot
reference: https://wiki.qnap.com/wiki/Postfix

addgroup postfix
adduser -D -H -G postfix postfix
addgroup postdrop

export PATH=/opt/bin:/opt/sbin:$PATH
ln -s /opt/include /usr/include
cd /opt/src
wget –no-check-certificate https://de.postfix.org/ftpmirror/official/postfix-2.11.11.tar.gz
tar -xzf postfix-2.11.11.tar.gz
cd postfix-2.11.11

export CCARGS=’-I/opt/include -L/opt/lib -DDEF_COMMAND_DIR=\”/opt/sbin\” \
-I/opt/include/sasl -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\”dovecot\” \
-DHAS_SSL -I/opt/include/openssl -DUSE_TLS\
-DDEF_CONFIG_DIR=\”/opt/etc/postfix\” -DDEF_DAEMON_DIR=\”/opt/libexec/postfix\” -DDEF_DATA_DIR=\”/opt/var/lib/postfix\” \
-DDEF_MAILQ_PATH=\”/usr/bin/mailq\” -DDEF_HTML_DIR=\”/opt/share/doc/postfix/html\” -DDEF_MANPAGE_DIR=\”/opt/man\” \
-DDEF_NEWALIAS_PATH=\”/opt/bin/newaliases\” -DDEF_QUEUE_DIR=\”/opt/var/spool/postfix\” \
-DDEF_README_DIR=\”/opt/share/doc/postfix/readme\” -DDEF_SENDMAIL_PATH=\”/opt/sbin/sendmail\”‘

export AUXLIBS=’-lcrypto -lssl’

export LD_LIBRARY_PATH=/opt/lib
(else postconf, called by post-install, does not find libdb)

make tidy
make

replace #!/bin/sh by #!/opt/bin/bash in makedefs and post-install

edit post-install: search for chown
– replace chown root by chown admin
– in case of chown $owner (followed by chgrp $group) add these lines above the line with chown (at 2 places)
case $owner in root) owner=admin;; esac
case $group in root) group=administrators;; esac

make install

edit scripts:
/opt/libexec/postfix/postfix-script
replace #!/bin/sh by #!/opt/bin/bash
and add below
export PATH=/opt/bin:/opt/sbin:$PATH
export LD_LIBRARY_PATH=/opt/lib

postfix requires a domainname:

  • either workaround: so set in /etc/hosts of mail clients
    192.168.0.123 myserver myserver.local
    if hostname of the mailserver is myserver

    • set in /opt/etc/postfix/main.cf
      myhostname = myserver.local
      mydestination = myserver, myserver.local, localhost
      mynetworks = 127.0.0.0/8 192.168.123.0/24
  • or better: if you own mydomain.tld and if you have access to dns settings
    • create A record: mail.internal.mydomain.tld 192.168.0.123
    • create MX record: internal.mydomain.tld pointing to mail.internal.mydomain.tld
    • set in /opt/etc/postfix/main.cf
      myhostname = mail.internal.mydomain.tld
      mydestination = internal.mydomain.tld, myserver, myserver.local, localhost
      mynetworks = 127.0.0.0/8 192.168.123.0/24
    • use qnap web admin interface to create a normal user myname
      mailaddress is then myname@internal.mydomain.tld
      computers on 192.168.123.0/24 can send mails by smtp without authentication
      using mailserver mail.internal.mydomain.tld

for debugging: postfix logs to syslogd which does not run by default on qnap

  • start syslogd: syslogd
    display messages with: tail -f /var/log/messages
    when finished: killall syslogd
  • increase verbosity of postfix by editing /opt/libexec/postfix
    replace master -w by master -vvv -w
  • restart postfix:
    postfix stop
    postfix start

connect by lmtp with dovecot for non virtual user setup
mailbox_transport = lmtp:unix:private/dovecot-lmtp (in main.cf)
reference https://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL
and https://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP

using /opt/var/spool/postfix/private/auth
and /opt/var/spool/postfix/private/dovecot-lmtp

after everything works non existing users can be rejected by postfix (main.cf)
smtpd_recipient_restrictions = reject_unverified_recipient

main config: service lmtp has to be enabled
if sasl auth is configured port 587 udp and tcp has to be added to etc services!
submission 587/tcp
submission 587/udp

so add to postfix start script
cat /etc/services |grep -q “[^0-9]587/tcp” || echo “submission 587/tcp” >>/etc/services
cat /etc/services |grep -q “[^0-9]587/udp” || echo “submission 587/udp” >>/etc/services
ln -s /opt/lib/libdb-4.2.so /lib
(last line because LD_LIBRARY_PATH=/opt/lib does not work for every subprocess of postfix)

problem when using dovecot with simple unix system users in default config:
postfix gives mail_user@mail_domain to lmtp but dovecot passdb of type shadow
and userdb of type passwd want mail_user (without @mail_domain suffix)

workaround: switch to passwd-file type of db for passdb and for userdb
which allows with args = username_format=%n to skip @mail_domain
Set in /opt/etc/dovecot/conf.d/auth-system.conf.ext:
service auth {
user = $default_internal_user
group = administrators
}
service auth-worker {
user = $default_internal_user
group = administrators
}

passdb {
driver = passwd-file
args = scheme=md5-crypt username_format=%n /etc/shadow
}
userdb {
driver = passwd-file
args = username_format=%n /etc/passwd
}

service auth {
unix_listener /opt/var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}

result: mails from local network can be sent to qnap users using smtp on port 25 without authentication

todo configure certs for tls; test smtp(s) auth