Tag: postfix

Have root send as a different address using postfix

If you have scripts or other services that run as root that need to send to outside email addresses, via postfix, without being root@hostname, this is what you need to do:

    1.  sudo vi /etc/postfix/generic

      root name@tld.com

    2. sudo vi /etc/postfix/main.cf

      smtp_generic_maps = hash:/etc/postfix/generic

    3. sudo postmap /etc/postfix/generic
    4. sudo systemctl restart postfix

Done! Now root will send as name@tld.com instead. Substitute whatever you want for name@tld.com

Android cannot delete emails from IMAP server

I’ve been having an odd problem with being unable to delete emails from the Inbox of my self-hosted email account from my Android phone, using the Gmail app, using IMAP. When I would delete a message, a copy would be created in the Trash folder, but the original would remain in the inbox – when viewed from webmail. When I refreshed the inbox, the original would reappear on my phone.

At first, I thought the problem was permissions on /var/mail – so I did various changes such as chmod 1775, but to no avail.

I then remembered that I had recently re-setup my mail account on my phone, and realized that maybe it wasn’t using IMAP previously. So, I deleted the account, set it up again as POP3, and enabled server-side deletion. It worked!

It turns out that most mobile IMAP clients do not support the ability to achieve true server-side deletion. Using POP3 is an easy alternative and there is no harm. Yes, POP3 is an outdated and cruddy protocol, but in the end, it works.

Postfix: TLS is required, but our TLS engine is unavailable

Recently, emails sent from my Postfix mail server to my Gmail account were getting tagged as ‘insecure’. Come to find out, they were no longer sending with TLS. They were defaulting back to open SMTP over port 25. Why? Because Debian’s ca-certificates.crt had updated and that removed the CA needed to make my site’s certificate valid – and I use that same certificate to encrypt my TLS SMTP traffic.

First, to diagnose the problem, I forced TLS in my main.cf and turned on TLS logging with the following settings:

smtp_enforce_tls=yes
smtp_tls_loglevel=1

I then restarted Postfix with:

sudo service postfix restart

After restarting, Postfix provides the following error in its logs when attempting to send email:

TLS is required, but our TLS engine is unavailable

Earlier in the log file, it indicates a failure to load the CA file that validates the cert and key files. So, here’s the solution:

  1. Make sure your cert and CA files are located in /etc/ssl/certs
  2. Run the following command: sudo update-ca-certificates –fresh
  3. Then go to your Postfix main.cf and verify the following lines are there (and comment out any conflicting lines): 
     smtpd_use_tls=yes
 smtp_use_tls=yes
 smtpd_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
 smtpd_tls_cert_file=/etc/ssl/certs/YOUR_CERT.crt
 smtpd_tls_key_file=/etc/ssl/YOUR_PRIVATE_KEY.key
 smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
 smtp_tls_key_file=/etc/ssl/YOUR_PRIVATE_KEY.key
 smtp_tls_cert_file=/etc/ssl/certs/YOUR_CERT.crt
 smtpd_tls_security_level=encrypt
 smtp_tls_security_level=encrypt
  4. Restart the Postfix service again.
  5. Send an email to an @gmail.com address – you should no longer see the unlocked icon under the sender information.