usage: some devices on internal network send diagnostic emails; keep those emails in internal network by setting up a smtp server which delivers emails directly to existing dovecot mail server using lmtp.
install postfix on qnap running dovecot
reference: https://wiki.qnap.com/wiki/Postfix
addgroup postfix
adduser -D -H -G postfix postfix
addgroup postdrop
export PATH=/opt/bin:/opt/sbin:$PATH
ln -s /opt/include /usr/include
cd /opt/src
wget –no-check-certificate https://de.postfix.org/ftpmirror/official/postfix-2.11.11.tar.gz
tar -xzf postfix-2.11.11.tar.gz
cd postfix-2.11.11
export CCARGS=’-I/opt/include -L/opt/lib -DDEF_COMMAND_DIR=\”/opt/sbin\” \
-I/opt/include/sasl -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\”dovecot\” \
-DHAS_SSL -I/opt/include/openssl -DUSE_TLS\
-DDEF_CONFIG_DIR=\”/opt/etc/postfix\” -DDEF_DAEMON_DIR=\”/opt/libexec/postfix\” -DDEF_DATA_DIR=\”/opt/var/lib/postfix\” \
-DDEF_MAILQ_PATH=\”/usr/bin/mailq\” -DDEF_HTML_DIR=\”/opt/share/doc/postfix/html\” -DDEF_MANPAGE_DIR=\”/opt/man\” \
-DDEF_NEWALIAS_PATH=\”/opt/bin/newaliases\” -DDEF_QUEUE_DIR=\”/opt/var/spool/postfix\” \
-DDEF_README_DIR=\”/opt/share/doc/postfix/readme\” -DDEF_SENDMAIL_PATH=\”/opt/sbin/sendmail\”‘
export AUXLIBS=’-lcrypto -lssl’
export LD_LIBRARY_PATH=/opt/lib
(else postconf, called by post-install, does not find libdb)
make tidy
make
replace #!/bin/sh by #!/opt/bin/bash in makedefs and post-install
edit post-install: search for chown
– replace chown root by chown admin
– in case of chown $owner (followed by chgrp $group) add these lines above the line with chown (at 2 places)
case $owner in root) owner=admin;; esac
case $group in root) group=administrators;; esac
make install
edit scripts:
/opt/libexec/postfix/postfix-script
replace #!/bin/sh by #!/opt/bin/bash
and add below
export PATH=/opt/bin:/opt/sbin:$PATH
export LD_LIBRARY_PATH=/opt/lib
postfix requires a domainname:
- either workaround: so set in /etc/hosts of mail clients
192.168.0.123 myserver myserver.local
if hostname of the mailserver is myserver- set in /opt/etc/postfix/main.cf
myhostname = myserver.local
mydestination = myserver, myserver.local, localhost
mynetworks = 127.0.0.0/8 192.168.123.0/24
- set in /opt/etc/postfix/main.cf
- or better: if you own mydomain.tld and if you have access to dns settings
- create A record: mail.internal.mydomain.tld 192.168.0.123
- create MX record: internal.mydomain.tld pointing to mail.internal.mydomain.tld
- set in /opt/etc/postfix/main.cf
myhostname = mail.internal.mydomain.tld
mydestination = internal.mydomain.tld, myserver, myserver.local, localhost
mynetworks = 127.0.0.0/8 192.168.123.0/24 - use qnap web admin interface to create a normal user myname
mailaddress is then myname@internal.mydomain.tld
computers on 192.168.123.0/24 can send mails by smtp without authentication
using mailserver mail.internal.mydomain.tld
for debugging: postfix logs to syslogd which does not run by default on qnap
- start syslogd: syslogd
display messages with: tail -f /var/log/messages
when finished: killall syslogd - increase verbosity of postfix by editing /opt/libexec/postfix
replace master -w by master -vvv -w - restart postfix:
postfix stop
postfix start
connect by lmtp with dovecot for non virtual user setup
mailbox_transport = lmtp:unix:private/dovecot-lmtp (in main.cf)
reference https://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL
and https://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP
using /opt/var/spool/postfix/private/auth
and /opt/var/spool/postfix/private/dovecot-lmtp
after everything works non existing users can be rejected by postfix (main.cf)
smtpd_recipient_restrictions = reject_unverified_recipient
main config: service lmtp has to be enabled
if sasl auth is configured port 587 udp and tcp has to be added to etc services!
submission 587/tcp
submission 587/udp
so add to postfix start script
cat /etc/services |grep -q “[^0-9]587/tcp” || echo “submission 587/tcp” >>/etc/services
cat /etc/services |grep -q “[^0-9]587/udp” || echo “submission 587/udp” >>/etc/services
ln -s /opt/lib/libdb-4.2.so /lib
(last line because LD_LIBRARY_PATH=/opt/lib does not work for every subprocess of postfix)
problem when using dovecot with simple unix system users in default config:
postfix gives mail_user@mail_domain to lmtp but dovecot passdb of type shadow
and userdb of type passwd want mail_user (without @mail_domain suffix)
workaround: switch to passwd-file type of db for passdb and for userdb
which allows with args = username_format=%n to skip @mail_domain
Set in /opt/etc/dovecot/conf.d/auth-system.conf.ext:
service auth {
user = $default_internal_user
group = administrators
}
service auth-worker {
user = $default_internal_user
group = administrators
}
passdb {
driver = passwd-file
args = scheme=md5-crypt username_format=%n /etc/shadow
}
userdb {
driver = passwd-file
args = username_format=%n /etc/passwd
}
service auth {
unix_listener /opt/var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
result: mails from local network can be sent to qnap users using smtp on port 25 without authentication
todo configure certs for tls; test smtp(s) auth