Postfix configuration - AtlasOfLivingAustralia/documentation Wiki

Intro

Some modules of LA needs to send emails to your users (like user accounts activation emails, biocache for the download notifications, the alert and DOI service), so they install the postfix package (*).

With the default postfix configuration, probably emails, if delivered, will go to the user's spam folder (because is not verified that your server can send emails from your domain out of the box). So you have to tune postfix a bit.

For instance, the CAS or the alerts playbooks install postfix but you should do some extra reconfiguration to fit your email provider, domain, etc. dpkg-reconfigure postfix can help there (for instance to configure your server like a 'Satellite' and sending emails using a full email server) but you can do it also via ansible.

Instead to setup a full email system capable or send and receive emails from/to accounts, we recommend to configure these postfix mail servers just to send emails from a typical [email protected] or [email protected] account through your external organization main your.l-a.site server. So you will need to create or request one of these accounts in your @your.l-a.site mail server and configure in postfix this user and password.

Postfix manual re-configuration

You should follow some postfix tutorial to some more advanced configuration (like email authentication). That is, if you have a [email protected] account in your email provider, you have to dpkg re-configure your CAS postfix as relay, and use this [email protected] account authenticated to your email server. Follow some tutorial like this one or if you are using gmail like this other one.

You have to know some details about your support account (email server ports, etc) prior to configure postfix.

Using ansible to configure postfix

If you prefer to configure postfix using ansible, the role oefenweb.postfix works well and have many options that probably fit well with you mail provider. See its README, but for instance, the following configuration worked for us.

Imagine that this is your-inventory.ini:

l-a.site
biocache.l-a.site
auth.l-a.site

[postfix_ala_servers]
biocache.l-a.site
auth.l-a.site

and this your postfix.yml playbook:

- hosts: postfix_ala_servers
  become: yes
  vars:
    postfix_aliases:
      - user: root
        alias: [email protected]
    postfix_relayhost: mail.your.l-a.site
    postfix_relaytls: true
    postfix_sasl_user: '[email protected]'
    postfix_sasl_password: 'NoReplyAccountPassword'
    postfix_relayhost_port: 587
    postfix_smtpd_relay_restrictions: ['permit_mynetworks', 'permit_sasl_authenticated', 'defer_unauth_destination']
  roles:
    - oefenweb.postfix
  tasks:
     - name: install swaks for mail send testing
       package:
         name: swaks
         state: present
  tags: postfix_ala

Later you can run:

ansible-playbook -i your_inventory.ini ./postfix.yml --become --user ubuntu

to have your postfix servers correctly configured.

Testing emails send from your server

Install swaks to test emails, that is, manually:

sudo apt install swaks

but the previous playbook installs it for you.

A you should test with something like:

swaks -f [email protected] --to [email protected] -server localhost

You should test other domains like @yahoo @hotmail etc and see if emails are send and received correctly.

If you cannot send emails using postfix you can try first to send via swaks directly without postfix to verify that you have all your server data corrects and the email send works:

swaks -S -t [email protected] -s smtp.gmail.com:587 -tls [email protected] --header "Test" --auth-pass=somepasswd

(*) For now, biocache-service playbook doesn't install postfix, so you should install it manually or with the help of the previous role.