Setup your own email server (MTA) on the cheap - part 6
You’ve now got an MTA using PostFix and it works beautifully – and in my case it has been for a month now. If you’re paying attention there are a couple of things you may have noticed.
Gmail doesn’t actually have an issue with the quantity of mail, it has an issue with the quantity of messages that are failing DKIM or, in our case, SPF. Fortunately, some people smarter than me have already thought of this issue and built postsrsd. Here’s what I did to set this up:
1. Install postsrsd, of course:
sudo apt-get install postsrsd
2. Update postfix to use postsrsd:
sudo postconf -e "sender_canonical_maps = tcp:127.0.0.1:10001"
sudo postconf -e "sender_canonical_classes = envelope_sender"
sudo postconf -e "recipient_canonical_maps = tcp:127.0.0.1:10002"
sudo postconf -e "recipient_canonical_classes = envelope_recipient"
3. Update postsrs configuration. Open /etc/default/postsrsd in your favourite editor and edit these lines:
Uncomment the SRS_EXCLUDE_DOMAINS line and add your local domains. this stops emails your send from being rewritten
SRS_EXCLUDE_DOMAINS=domain.com,.domain.com
Edit the SRS_DOMAIN line and set it to your default domain
SRS_DOMAIN=domain.com
4. Finally, reload everything and you should be on your way
sudo service postsrsd restart
sudo service postfix restart
That’s it, messages will now be passed to postsrsd and forwarded messages will have their “envelope_sender” updated to show it coming from your domain. This means Gmail’s SPF checks can now pass.
Big thanks to these sources:
https://www.mind-it.info/2014/02/22/forward-postfix-spf-srs/
Setup Steps with links:
- When you go to “Show Original” in Gmail it shows that SPF on incoming messages has failed.
- After a while Gmail’s SMTP server will respond that they’re throttling you because of the quantity of suspicious mail you send.
Gmail doesn’t actually have an issue with the quantity of mail, it has an issue with the quantity of messages that are failing DKIM or, in our case, SPF. Fortunately, some people smarter than me have already thought of this issue and built postsrsd. Here’s what I did to set this up:
1. Install postsrsd, of course:
sudo apt-get install postsrsd
2. Update postfix to use postsrsd:
sudo postconf -e "sender_canonical_maps = tcp:127.0.0.1:10001"
sudo postconf -e "sender_canonical_classes = envelope_sender"
sudo postconf -e "recipient_canonical_maps = tcp:127.0.0.1:10002"
sudo postconf -e "recipient_canonical_classes = envelope_recipient"
3. Update postsrs configuration. Open /etc/default/postsrsd in your favourite editor and edit these lines:
Uncomment the SRS_EXCLUDE_DOMAINS line and add your local domains. this stops emails your send from being rewritten
SRS_EXCLUDE_DOMAINS=domain.com,.domain.com
Edit the SRS_DOMAIN line and set it to your default domain
SRS_DOMAIN=domain.com
4. Finally, reload everything and you should be on your way
sudo service postsrsd restart
sudo service postfix restart
That’s it, messages will now be passed to postsrsd and forwarded messages will have their “envelope_sender” updated to show it coming from your domain. This means Gmail’s SPF checks can now pass.
Big thanks to these sources:
https://www.mind-it.info/2014/02/22/forward-postfix-spf-srs/
Setup Steps with links:
- Setup PostFix with email address forwarding
- Setup sending and use LetsEncrypt to secure the SMTP server
- Setup SPAMAssassain so Gmail or Yahoo don’tblock us for passing on dodgy emails
- Setup ClamAV to block viruses, these will get you blocked too
- Setup DKIM using opendkim to check DKIM on incoming and sign our outgoing mail
- > Update sender addresses so SPF passes for forwarded messages
- Use Fail2Ban to block brute force attempts on our server
Comments