@patrickbenkoetter

How can I create a custom #postfix submission port on one specific internal network interface for a #docker container?

Docker elho with the container id and the regular submission port requires encryption which docker doesn't like because the valid CN doesn't match the IP […]

I finally managed to configure Postfix correctly as my SMTP on my home server. Now I can use it to send email notifications for Nextcloud, Watchtower and Uptime Kuma (and can ditch Discord for that purpose)

#selfhosting #postfix #discord #homeserver #smtp

Postfix 3.11 MTA Released With REQUIRETLS Support Postfix 3.11 mail server released with REQUIRETLS support, TLS improvements, JSON output tools, and guidance for migrating away from Berkeley DB.

Postfix 3.11 mail server released with REQUIRETLS support, TLS improvements, JSON output tools, and guidance for migrating away from Berkeley DB.
linuxiac.com/postfix-3-11...

#Postfix #MTA #OpenSource

Love updating my #ArchLinux #VServer.
Especially when there are Major Version Upgrades.
Like #postgresl so that my rssfeeder or #matrix Server stopped working.
And upgrading databases are always fun.

But even worse with #dovecot and anything mail/ #postfix related.

FUN two days

Vždycky jsem byl fanoušek polozapomenutých a umírajících technologií. Proto jest zde první verze mojí představy jak má vypadat #mailserver:

#Postfix #Dovecot #RspamD #MySQL #PostfixAdmin #Ansible

galaxy.ansible.com/ui/standalone/roles/Vite...

Der #Postfix in meiner #Yunohost installation spackt seit irgendeinem Update rum. Konkret geht das SASL Relay nicht mehr. Auch ein händischer postmap wird nur mit einem

"postmap: fatal: open database /etc/postfix/sasl_passwd.db: File exists"

quittiert. Datei existiert natürlich nicht weshalb […]

VitexSoftware's 2026 update - get code, inspiration or nothing :)=~ by Vitexus · Pull Request #961 · postfixadmin/postfixadmin 🚀 What is new here Complete Debian packaging system with debconf integration DKIM web management interface configuration Automated installation and setup through package manager Multi-language ins...

My #PostfixAdmin - #Postfix #PHP

https://github.com/postfixadmin/postfixadmin/pull/961

Customised Server Login Message and WordPress Email Problem # How Customising My Server’s Login Message Fixed a Years-Old WordPress Email Problem I rarely log into my web server. Maybe a handful of times a year — when something breaks, when I’m curious about resource usage, or when I remember that I probably should check on things. The server runs WordPress, and WordPress mostly takes care of itself. Updates install automatically. Backups happen on schedule. The whole point of self-hosting on a managed droplet is that you set it up once and then forget about it. But there’s a contradiction in that forgetting. If you never look at something, you never notice when it’s quietly broken. * * * Ubuntu servers display a Message of the Day when you connect via SSH. On a DigitalOcean WordPress droplet, this includes system statistics, pending security updates, and a verbose welcome message explaining setup steps you completed years ago. It’s useful the first time. By the tenth login, it’s noise. I wanted something more practical. When I do log in, I want to know immediately if anything is wrong. Are the essential services running? Is my SSL certificate about to expire? A dashboard, essentially, but one that appears automatically without requiring me to remember commands. The MOTD is generated by executable scripts in `/etc/update-motd.d/`. Each script runs in numerical order at login. Creating a custom one is straightforward: sudo vim /etc/update-motd.d/52-custom sudo chmod +x /etc/update-motd.d/52-custom I added colour-coded service checks — green for running, red for down: #!/bin/bash # Colours RED='\033[0;31m' GREEN='\033[0;32m' NC='\033[0m' # No colour echo "" echo "=== Services ===" systemctl is-active --quiet apache2 && echo -e "Apache: ${GREEN}Running${NC}" || echo -e "Apache: ${RED}DOWN${NC}" systemctl is-active --quiet mysql && echo -e "MySQL: ${GREEN}Running${NC}" || echo -e "MySQL: ${RED}DOWN${NC}" systemctl is-active --quiet php8.3-fpm && echo -e "PHP-FPM: ${GREEN}Running${NC}" || echo -e "PHP-FPM: ${RED}DOWN${NC}" systemctl is-active --quiet ufw && echo -e "UFW: ${GREEN}Running${NC}" || echo -e "UFW: ${RED}DOWN${NC}" systemctl is-active --quiet fail2ban && echo -e "Fail2Ban: ${GREEN}Running${NC}" || echo -e "Fail2Ban: ${RED}DOWN${NC}" systemctl is-active --quiet redis-server && echo -e "Redis: ${GREEN}Running${NC}" || echo -e "Redis: ${RED}DOWN${NC}" A small aside: the glob pattern `php*-fpm` doesn’t work with `systemctl`. You need the exact service name — `php8.3-fpm` in my case. I spent ten minutes puzzled by a false “DOWN” status before checking with `systemctl list-units | grep php`. Minor frustrations like this are part of the territory. * * * While reviewing running processes to decide what else to monitor, I noticed Postfix was active. Postfix is a mail transfer agent. It handles sending email from the server. And it was running fine, had apparently been running fine for years. Which raised a question: when was the last time I received an email from WordPress? I thought about it. Comment notifications? No. Password reset confirmations? No. Plugin update alerts? No. I couldn’t recall a single one. A quick test: echo "Test email" | mail -s "Test" my-email@example.com The mail log showed the message being accepted locally. Then nothing. No delivery confirmation, no bounce, no error. The email simply vanished into the void. This had been broken for years. Possibly since I first set up the droplet. And I’d never noticed because I never looked. * * * Here’s what I’d missed during initial setup: DigitalOcean blocks outbound traffic on port 25 at the infrastructure level. This isn’t a firewall rule you can modify from within your droplet. It’s a spam prevention measure applied by default, outside your control. WordPress uses PHP’s `mail()` function, which hands messages to the local mail transfer agent. Postfix accepts the message, queues it, and attempts delivery on port 25. The connection fails silently. WordPress never receives an error. The mail log shows nothing obviously wrong. The failure is invisible at every level. PHP thinks it succeeded. Postfix thinks it’s trying. WordPress has no idea. And because I rarely log in and never checked, the problem persisted for years. You can request DigitalOcean remove this block, but they often decline for newer accounts. My account is over a decade old, so I might have had luck asking. But the cleaner solution is to relay mail through an authenticated SMTP server on port 587 or 465 — ports that aren’t blocked. * * * My email is hosted with the same provider that handles my domain. They offer SMTP access, which means I can configure Postfix to route all outbound mail through their servers instead of attempting direct delivery. First, verify the port is reachable: nc -zv mail.your-provider.com 587 If that succeeds, configure the relay: sudo postconf -e "relayhost = [mail.your-provider.com]:587" sudo postconf -e "smtp_sasl_auth_enable = yes" sudo postconf -e "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd" sudo postconf -e "smtp_sasl_security_options = noanonymous" sudo postconf -e "smtp_tls_security_level = encrypt" sudo postconf -e "smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt" Create a credentials file: sudo vim /etc/postfix/sasl_passwd Add authentication details: [mail.your-provider.com]:587 your-email@example.com:your-password Secure the file, hash it, and restart: sudo chmod 600 /etc/postfix/sasl_passwd sudo postmap /etc/postfix/sasl_passwd sudo systemctl restart postfix Test again: echo "Test from server" | mail -s "Relay test" your-email@example.com sudo tail -f /var/log/mail.log This time the log showed `status=sent` with `relay=mail.your-provider.com`. The email arrived within seconds. * * * My email hosting provider supports STARTTLS — the connection starts unencrypted and upgrades to TLS after a handshake. They also support implicit TLS — encrypted from the first byte. Implicit TLS is _marginally_ more secure. STARTTLS is theoretically vulnerable to downgrade attacks where a man-in-the-middle strips the encryption command before the client can upgrade. The Postfix setting `smtp_tls_security_level = encrypt` mitigates this by refusing to send if TLS negotiation fails, so the practical difference is small. Still, I prefer the belt-and-braces approach. My provider supports both, so I switched to implicit TLS: sudo postconf -e "relayhost = [mail.your-provider.com]:465" sudo postconf -e "smtp_tls_wrappermode = yes" One fewer attack vector, even a theoretical one. * * * If your website and email share the same domain — as mine do — there’s a potential snag. Postfix might consider itself authoritative for that domain and attempt local delivery instead of relaying externally. Check with: postconf mydestination If your domain appears in the output, you’ll need to remove it. In my case, only localhost variants were listed, so mail to my domain correctly relayed through the external server. Worth verifying, though. * * * The final MOTD script monitors all the services I care about: #!/bin/bash RED='\033[0;31m' GREEN='\033[0;32m' NC='\033[0m' echo "" echo "=== Services ===" systemctl is-active --quiet apache2 && echo -e "Apache: ${GREEN}Running${NC}" || echo -e "Apache: ${RED}DOWN${NC}" systemctl is-active --quiet mysql && echo -e "MySQL: ${GREEN}Running${NC}" || echo -e "MySQL: ${RED}DOWN${NC}" systemctl is-active --quiet php8.3-fpm && echo -e "PHP-FPM: ${GREEN}Running${NC}" || echo -e "PHP-FPM: ${RED}DOWN${NC}" systemctl is-active --quiet ufw && echo -e "UFW: ${GREEN}Running${NC}" || echo -e "UFW: ${RED}DOWN${NC}" systemctl is-active --quiet fail2ban && echo -e "Fail2Ban: ${GREEN}Running${NC}" || echo -e "Fail2Ban: ${RED}DOWN${NC}" systemctl is-active --quiet redis-server && echo -e "Redis: ${GREEN}Running${NC}" || echo -e "Redis: ${RED}DOWN${NC}" echo "" echo "=== SSL Expiry ===" echo -n "example.com: " openssl s_client -connect example.com:443 -servername example.com 2>/dev/null | openssl x509 -noout -enddate 2>/dev/null | cut -d= -f2 echo "" echo "=== Credentials ===" echo "MySQL passwords: /some_protected_directory/.digitalocean_password" Now every login gives me immediate visibility into service health, certificate status, and a reminder of where database credentials live. Useful when you only connect a few times a year. * * * The email problem wasn’t obscure. Thousands of people run WordPress on DigitalOcean droplets. The SMTP/port 25 block is documented. The failure mode is well-known. I just never looked. That’s the uncomfortable part. The system worked exactly as designed — mine and theirs. DigitalOcean blocked spam. Postfix accepted mail. WordPress sent notifications. Everything was functioning correctly from its own perspective. The failure existed only in the gap between them, visible only if you checked. I didn’t check. For years. Sometimes the most mundane housekeeping — tidying up a login message — leads you to problems you didn’t know you had. Not because the problems were hidden, but because you never thought to look. ### Like this: Like Loading...

#postfix #wordpressemail #implicittls

islandinthenet.com/customised-server-login-...

#postfix #wordpressemail #implicittls

#thunderbird 146 and also befor makes some problems with #ipv6.

e.g. sending a mail, sends the mail immediately and the bcc shows up immediately too, but hangs on copying to sent folder. one 2nd or 3rd try it copies the file. its #postfix and #dovecot .

already searched, but nothing found on […]

Dear #lazyweb, weird email #postfix spam issues with Google Mail, mail from my dev server keeps going to spam but if you look at the mail headers it says:

spf=pass
dmarc=pass

So wtf? How can I stop it going to spam? 😩

RFC 8689: SMTP Require TLS Option The SMTP STARTTLS option, used in negotiating transport-level encryption of SMTP connections, is not as useful from a security standpoint as it might be because of its opportunistic nature; message de...

Happy to see that #Postfix has now got REQUIRETLS support (SMTP Require TLS Option - RFC 8689), written by @jimfenton.bsky.social and published in december 2019.

A big step forward imho, and I hope to see more client & server support for REQUIRETLS in 2026!

datatracker.ietf.org/doc/rfc8689/

Configure Postfix on Ubuntu VPS Linux & DNS Projects for ₹1500-12500 INR. I have an Ubuntu-based VPS that I want to turn into a reliable mail-sending host using Postfix. The instance is fresh; nothing h

#Debian #DNS #Firewall #Linux #Postfix #SMTP #SSL #Ubuntu

Origin | Interest | Match

Heads up if you use #Dovecot as local delivery agent with #Postfix and upgrade to Dovecot to 2.4 (e.g. because you go to #Debian trixie):

Dovecot 2.3 -> 2.4 has incompatible configuration changes. These cause the dovecot-lda to fail. That causes postfix to reject/bounce(!) incoming email until […]

Professional email on your domain, hosted by you. Postfix + secure configs = privacy and brand control. Call us for a quick setup. 📭

https://smt-acc.com

#SmartAccounts #OpenSource #Postfix

Autoresponder-, Ticket- & Support-Spam? - NET73 Plötzlich trudeln Mails ein, die ich nie initiiert hatte: Support-Bestätigungen, Autoresponder, sogar Ticket-IDs aus fremden Systemen. Die Inhalte wirken echt – sauber signiert, oft aus seriösen Tools...

Antworten aus Ticket-Systemen, "vielen Dank für ihre Anfrage"-Mails, #Spam, etc., obwohl man nirgendwo ein Ticket eröffnet hat oder gar Support-Anfragen gestellt hat?
Aktuell ist eine sehr stark verbreitete Spam-Masche im Umlauf, die wie folgt funktioniert: (Header-Analyse im Blog) #postfix #linux

Manage invoices, receipts and customer messages from your own email server. Postfix is open source, reliable and cost‑effective — call us to set it up and integrate with your systems. 📭

https://smt-acc.com

#SmartAccounts #OpenSource #Postfix

Privacy = ownership. Host your own email with Postfix and keep full control of your data. Need help with setup or deliverability? DM or call us to get started. ✉️🔒

https://smt-acc.com

#SmartAccounts #OpenSource #Postfix

How to fix opendkim-testkey command running into DNS query timeout When the opendkim-testkey command runs into errors and shows dns query time out, it could be related to the default setting to use the DNS Root servers for queries.

OpenDKIM is a way to sign your outgoing e-mails with #DKIM. It nicely integrates into a #Postfix setup.
But on a particular mail server I ran into #DNS issues during the verification step. The WHY and the FIX in my latest blog post.
www.claudiokuenzler.com/blog/1509/ho...

La mise à jour de #Dovecot 2.3 à 2.4 m'a pris beaucoup trop d'heures de debug mais c'est (enfin !!!) résolu avec un local.conf au poil ! Serveurs à jour sous #Debian Trixie donc ! 🥳
#Mailserver #Postfix #Selfhosting #Hapilaps

Want full control over your email? Move off big providers and run a secure Postfix mail server for your business or personal domain. We’ll install, secure and monitor it — call us for support. 📭

https://smt-acc.com

#SmartAccounts #OpenSource #Postfix

Ich habe meine bisherigen Erfahrungen zum sehr holprigen Zusammenspiel meines Mailservers (Debian, Postfix, Yunohost) mit dem Microsoft Exchange Server der neuen Schule meines Kindes (und der dort eingesetzten Mailingliste) im Blog ausführlich zusammengefasst […]

Ich habe meine bisherigen Erfahrungen zum sehr holprigen Zusammenspiel meines Mailservers (Debian, Postfix, Yunohost) mit dem Microsoft Exchange Server der neuen Schule meines Kindes (und der dort eingesetzten Mailingliste) im Blog ausführlich zusammengefasst […]

The last 2-3 days there was a significant slow down with message sending, sometimes 15 seconds, via the default #chatmail relay .... Wasn't a CPU/RAM or other resource problem but a software configuration / implementation problem. After some hours of debugging it was solved by providing the […]