Skip to Content
Last modified by Alexandru Pentilescu on 2025/02/09 14:17
From version 8.1
edited by Alexandru Pentilescu
on 2024/05/19 14:28
Change comment: There is no comment for this version
To version 11.1
edited by Alexandru Pentilescu
on 2024/05/19 14:43
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -5,6 +5,8 @@
5 5  
6 6  But why do we even need an SMTP server in the first place? Well, we don't really need one but, at the end of the day, it's very handy to have one, nonetheless.
7 7  
8 +{{toc/}}
9 +
8 8  = How does email work?=
9 9  Email works on different levels but the general gist of it is that it all boils down to SMTP servers acting as the backbone of all email providers.
10 10  SMTP is a protocol that allows email servers to send an email from one another, either encrypted with TLS on port 25 using the STARTTLS command, or even in plaintext.
... ... @@ -193,7 +193,36 @@
193 193  
194 194  Note, you need sudo privileges to read the mail.log file, as it is owned by the syslog user and it has restricted reading privileges.
195 195  
198 += Opening up port 587 for SMTP traffic =
199 +Certain services refuse to accept STARTTLS traffic on port 25, as is open, by default, on Postfix (looking at you, Gitea). To account for them, we must open port 587 to attain this. To do so, we must open the master.cf configuration file (mine was under "/etc/postfix/master.cf") and add the following line:
196 196  
201 +{{code}}
202 +smtp inet n - y - - smtpd
203 +587 inet n - n - - smtpd
204 +{{/code}}
205 +
206 +The smtp line was already there. I only added the 587 line. This instructs Postfix to bind itself to the 587 port, such that, any services wanting to reach that port in order to start a STARTTLS connection, wil be able to do so.
207 +
208 +Once this is done, restart the Postfix daemon with a systemctl restart command and everything should almost be done. Almost.
209 +
210 +Ubuntu server also comes preinstalled with a firewall utility that will deny traffic towards its own port 587. This can be an impediment. As such, please allow traffic from your docker containers to be able to reach this port:
211 +
212 +{{code language="bash"}}
213 +sudo ufw allow from 172.16.0.0/16 to any port 587
214 +{{/code}}
215 +
216 +If you recall from above, 172.16.0.0/16 was the IP range we configured for our docker engine to use when assigning IPs to its container networks. So that command will effectively allow all traffic originating from docker containers to be explicitly allowed to reach the host's own 587 port, to be able to initiate a STARTTLS encrypted channel.
217 +
218 +While you're on it, you may also do
219 +
220 +{{code language="bash"}}
221 +sudo ufw status numbered
222 +sudo ufw delete <rule number for opening port 25>
223 +{{/code}}
224 +
225 +to delete the firewall rules that allow full access to port 25. This solved an issue where Google would spam my Gmail inbox with unnecessary garbage because it was trying to relay bounced email notifications to me, which was highly annoying to say the least.
226 +
227 +Please note, though, that
197 197  = Wrapping it up=
198 198  That's it! As soon as you finish editing the main configuration file, please remember to restart the Postfix service afterwards so that the changes can take effect immediately (or reboot the machine).
199 199