The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,497 other followers

Archive for the ‘postfix’ Category

Some Postfix configuration guidelines

Posted by jpluimers on 2019/02/08

Not just for Postfix are the first two guidelines:

  • Change one thing at a time
  • Save known working configurations

For the latter, I’m using etckeeper pushing to an external git repository hoster.

For Postfix are the others from [WayBackPostfix Configuration Guidelines.

One tip that’s missing, but saved my life numerous of times:

In /etc/postfix/main.cfg do not use this line ever:

inet_interfaces = $myhostname

If the resolving (through DNS or hosts file) of $myhostname fails for any reason in the future, then Postfix will not start at all, but in stead emit a fatal error like this:

/usr/sbin/postconf: fatal: parameter inet_interfaces: no local interface found for

Specify exact interfaces in stead, like any of these:

inet_interfaces = all

inet_interfaces = localhost

inet_interfaces =


Posted in *nix, *nix-tools, postfix, Power User | Leave a Comment »

‪Dear #lazyweb, can anyone point me to a modern email server setup (just emai…

Posted by jpluimers on 2019/02/01

Summary from [WayBack]‪ Dear #lazyweb, can anyone point me to a modern email server setup (just email) with letsencrypt, some spam filter, multi domain preferably on RHEL/Cent… – Jan Wildeboer – Google+

  • many SMTP servers on the interwebs do not have proper TLS setups, so do not require remote SMTP servers to deliver email with a proper certificate
  • delivering mail via SMTP using STARTTLS with a proper certificate yourself is a good step forward
  • postfix
  • dovecot
  • greylisting (although in practice it does not make much of a difference any more)
  • fail2ban
  • dnsbl (often called rbl)
  • spamassasin
  • rspamd (supports SPF, DKIM and many others)
  • letsencrypt automation can be tough, so here is a small wrapper: [WayBack] GitHub – DrGlitchMX/update-letsencrypt: Tiny script for updating “Let’s Encrypt!” certificates from cron
  • it helps having letsencrypt and the mail server to be on one machine:
    • multidomain let’s encrypt cert that has my webserver name and the mailserver in the Subject Alternative Names field. As both are on the same machine certbot can automatically update it and I just point Postfix and Dovecot to the LE files.
  • Hans-Martin Mosner SMTP as-is is just not suitable for the kind of decentralized mail that you would prefer. You need some mechanism to determine which mail senders to trust and which not. Cryptography is suitable at the MUA level and should be used much more, but at the MTA level, TLS for privacy and SPF(bleh) or DKIM(meh) for sender domain authentication are basically your only weapons -much too weak. The PGP web of trust must be considered a failed experiment – who of your mail contacts uses PGP properly or at all? Ironically the only secure messaging solutions for the masses are centralized.

Things to do:

  • find a proper multi-MX fallback setup guide for postfix


Read the rest of this entry »

Posted in *nix, *nix-tools, Communications Development, Development, Internet protocol suite, postfix, Power User, SMTP | Leave a Comment »

For my postfix studies…

Posted by jpluimers on 2018/03/02

Some links that I will extend in the future:


Posted in *nix, *nix-tools, postfix, Power User | Leave a Comment »

Fixing Invalid HELO’s –

Posted by jpluimers on 2017/12/08

for postfix and sendmail: [WayBackFixing Invalid HELO’s –

Posted in *nix, *nix-tools, postfix, Power User, sendmail | Leave a Comment »

TLS tests for your mail server

Posted by jpluimers on 2017/11/09

Need to do some more research on this to ensure I didn’t goof up:


Posted in *nix, *nix-tools, Communications Development, Development, Internet protocol suite, postfix, Power User, Security, sendmail, SMTP | Leave a Comment »

%d bloggers like this: