Example shows 2 domains in 1 IP address && 1 postfix instance. All redirected to Gmail.
First domain used as myhostname and is main domain. Others is virtual_alias_domains
Dovecot configured to use passwd database without IMAP && POP3. SMTP auth only
Gmail configured to send emails from our domains (using smtp TLS port 25).
DNS && SPF && PTR records. Example provided.
Brief config overview
Domains /etc/postfix/main.cf
myhostname = example.com
virtual_alias_domains = example.net
Gmail /etc/postfix/virtual (update after edit `postmap /etc/postfix/virtual`)
[email protected] -> [email protected]
[email protected] -> [email protected]
@example.net -> [email protected] # example.net configured as catch all
Alias Accounts /etc/dovecot/passwd
Email Password
[email protected] qwerty
[email protected] qwertypacman -S postfix dovecotmv /etc/postfix/main.cf /etc/postfix/main.cf.bak
nano /etc/postfix/main.cf
#/etc/postfix/main.cf
#
# Virtual server setup. Redirect all mail
# Do not list myhostname inside virtual_alias_domains
#
myhostname = example.com
virtual_alias_domains = example.net
virtual_alias_maps = hash:/etc/postfix/virtual
# dovecot auth
smtpd_sasl_auth_enable=yes
smtpd_sasl_type=dovecot
smtpd_sasl_path=private/auth
smtpd_sasl_security_options=noanonymous
smtpd_sasl_local_domain=$myhostname
smtpd_client_restrictions=permit_sasl_authenticated, reject_unknown_client_hostname
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA
smtp_tls_session_cache_timeout = 3600s
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# org main.cf content
compatibility_level = 2
queue_directory = /var/spool/postfix
command_directory = /usr/bin
daemon_directory = /usr/lib/postfix/bin
data_directory = /var/lib/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/postfix/aliases
alias_database = $alias_maps
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/bin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /etc/postfix
readme_directory = /usr/share/doc/postfix
inet_protocols = ipv4
meta_directory = /etc/postfix
shlib_directory = /usr/lib/postfix
# smtpd TLS
tls_random_source = dev:/dev/urandom
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_loglevel = 1
smtpd_tls_cert_file = /etc/postfix/cert-yyyymmdd-hhmmss.pem
smtpd_tls_key_file = /etc/postfix/key-yyyymmdd-hhmmss.pem
smtpd_tls_received_header = yes
smtpd_tls_security_level = encrypt
# smtp TLS
smtp_tls_loglevel = 1
# may should be used. encrypt will reject emails from apple inc. cause they not using TLS
smtp_tls_security_level = may
Generate cert and key file. Change smtpd_tls_cert_file smtpd_tls_key_file to new files.
postfix tls new-server-key
Create aliases.db Empty but if missing will log errors.
newaliases
example.net configured as catch all
mv /etc/postfix/virtual /etc/postfix/virtual.bak
nano /etc/postfix/virtual
#/etc/postfix/virtual
[email protected] [email protected]
[email protected] [email protected]
@example.net [email protected]
Update db after edit with
postmap /etc/postfix/virtual
Config only for postfix-smtp auth. Not listen to any interfaces (no IMAP && POP3 access).
nano /etc/dovecot/dovecot.conf
#/etc/dovecot/dovecot.conf
protocols = none
auth_debug = yes
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
user = root
}
passdb {
driver = passwd-file
args = /etc/dovecot/passwd
}
nano /etc/dovecot/passwd
#/etc/dovecot/passwd
# https://wiki2.dovecot.org/AuthDatabase/PasswdFile
# EMAIL:{PASSWORD_TYPE}PASSWORD
[email protected]:{PLAIN}qwerty
[email protected]:{PLAIN}qwerty
systemctl enable postfix
systemctl enable dovecot
systemctl start postfix
systemctl start dovecot
systemctl status postfix
systemctl status dovecot
DNS records for example.com example.net
Assume our IPv4 is 203.0.113.1, IPv6 is 2001:DB8::1 and we have www alias.
If your DNS settings doesn't support @ use example.com. and example.net. instead.
Name Type Value TTL
@ A 203.0.113.1 600 seconds
@ AAAA 2001:DB8::1 600 seconds
www CNAME @ 1 Hour
@ MX @(Priority:0) 1 Hour
@ TXT v=spf1 mx ~all 1 Hour
PTR records typically owned by your host provider. It must point to myhostname
It SHOULD work to prevent mail going into SPAM. New TLDs such as .xyz .top etc. are banned globally. Consider switch to .com .org .net .info etc.
Veryfing records.
DIG
# dig +noall +answer example.com any | grep -E 'MX|TXT'
example.com. 786 IN MX 0 example.com.
example.com. 786 IN TXT "v=spf1 mx ~all"
# dig +noall +answer example.net any | grep -E 'MX|TXT'
example.net. 786 IN MX 0 example.net.
example.net. 786 IN TXT "v=spf1 mx ~all"
HOST
# host example.com
example.com has address 203.0.113.1
example.com has IPv6 address 2001:DB8::1
example.com mail is handled by 0 example.com.
# host example.net
example.net has address 203.0.113.1
example.net has IPv6 address 2001:DB8::1
example.net mail is handled by 0 example.net.
# host 203.0.113.1
1.113.0.203.in-addr.arpa domain name pointer example.com.
Alias setup https://support.google.com/mail/answer/22370
Enter user and password from /etc/dovecot/passwd
G Suite Administrator Help
Bulk Senders Guidelines
About SPF Records
About DKIM
CENTOS DKIM INSTALL
About DMARC