Postfix featured image

Installing and Configuring Postfix as a Send-only SMTP Server on Ubuntu 20.04

Postfix is a popular free and open-source software that acts as a mail transfer agent (MTA). The job of Postfix is to route and deliver emails. Besides the classic usage, Postfix can also be configured to send emails by local applications only.

This application of Postfix is a useful trick to deploy in various situations. For example, it can be used when sending email notifications regularly, working with a third-party email service provider with limited outbound traffic, etc. Compared to any full-fledge SMTP server, Postfix is a lighter alternative that at the same time retains the necessary functionalities.

In this tutorial, check out how to install and configure Postfix as a send-only SMTP server on Ubuntu.

Prerequisites

In order to follow this guide,  you need to fulfill the following prerequisites:

Installing Postfix

Once the preconditions are met, the server is ready to deploy Postfix. The simplest way of installing Postfix is to install the mailutils package. It’s directly available from the official Ubuntu repos.

First, launch a terminal, and update the APT package database:

Package Update

Then, you can install Postfix:

Install MailUtils

During the installation process, the following configuration window will pop up. The default option is Internet Site. To confirm the selection, press TAB to move the cursor to the next section. Then, hit Enter:

Mail Server Config

The next step will ask for the System mail name. It will be the name assigned to the server at the time of creation. As described in the script, if the mail address for the local host is “[email protected],” then the System mail name would be example.org:

Mail Name Config

Note that the configuration script can also be triggered anytime later using the following command:

Configuring Postfix

At this step, Postfix will be configured to send and receive emails only from localhost. This requires Postfix to listen on the loopback interface. It’s the virtual network interface that the server uses for internal communication. Next, open the Postfix configuration file using your text editor of choice:

Change the value of inet_interface to loopback-only:

Inet Interface

Another directive that you have to change is mydestination. It defines the list of domains that are delivered via the local_transport mail delivery transport. The default value will be something like this:

Mydestination Old

Change its value to the following:

Mydestination

In case your domain is actually a subdomain and you want the emails to appear as if sent from the main domain, add the following directive at the end of the Postfix configuration. It will remove the subdomain from the email address:

Postfix Masquerade Domains

To take the changes into effect, restart Postfix:

restart_postfix

Testing the SMTP Server

Assuming the configuration process went successfully, it’s time to test it. In order to do that, check whether Postfix can send an email to an external email account using the mail command. It’s a part of the mailutils package:

The message should arrive at the email address specified. At this point, all the emails sent are unencrypted. Service providers will generally tag such emails as spam, so ensure to check the spam section for the email’s arrival.

If the mail command reports an error or the email didn’t arrive after a prolonged period of time, re-check the Postfix configuration and ensure that the server name and hostname are set properly. With this configuration, the emails will appear to be sent from the following address:

Here, the username will be the username of the server user that ran the mail command.

Forwarding System Mail

We’ve successfully verified that the email server is properly configured and functional. Now it has to be configured to forward email for root. All the system-generated messages sent to the server will get forwarded to an external email address. For email recipients, the /etc/aliases file contains the list of alternate names. Open it using your text editor of choice:

By default, it will look like this:

Postfix Aliases

At the end of the file, add the following line:

Postfix Newaliases

It tells that the emails sent to root will be forwarded to an email address. To take the change into effect, run the following command. It will rebuild the alias database that the mail command uses:

sudo newaliases

Next, you need to test if the change was successful. Send a test email to root:

The email should arrive at the specified email address. Don’t forget to check the spam folder as there’s no encryption configured yet.

Enabling SMTP Encryption

Sending emails in unencrypted format is a risky move. To ensure safety, it’s required to have SMTP encryption enabled. To achieve this, we’ll be requesting a free TLS certificate from Let’s Encrypt for your domain.

For Ubuntu, it’s the Certbot tool that does the job. Thankfully, it’s directly available from the official Ubuntu repo. Install Certbot with the following command:

Postfix Install certbot

Assuming the server has UFW configured, it’s necessary to have port 80 open so that domain verification can take place. Run the following command to enable it:

ufw allow Postfix

Now, run Certbot to generate a certificate. It commands Certbot to issue certificates with a 4096-bit RSA key. The verification will take place via port 80 (HTTP):

The output will be something like this:

The key will be stored in the following directory:

Now that your certificate is generated, open the Postfix configuration file in a text editor:

Find the section TLS parameters:

Postfix tls conf old

After that, change the value of the directives smtpd_tls_cert_file and smtpd_tls_key_file:

Postfix tls conf

Next, save and close the file. To take the changes into effect, restart Postfix:

Finally, send a dummy email again to a target email address:

The email should now appear normally like other emails. If you check the technical info of the email, it will appear encrypted.

Final Thoughts

Congratulations! You’ve successfully configured a send-only email server, powered by Postfix. The email transactions are also secure using an appropriate encryption key.

For more ways to optimize email transfer check out this tutorial The Best Ways to Use Google’s SMTP Server.

Happy computing!