mynetworks_style = host
smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
myhostname=my_host.my_third_level.marzocchi.net
mydomain=my_third_level.marzocchi.net
myorigin=$mydomain
relayhost=[127.0.0.1]:11125
# Enable SASL authentication in the Postfix SMTP client.
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options=noanonymous
# Disable Transport Layer Security (TLS), i.e. SSL.
#
smtp_use_tls=no
#smtp_tls_security_level=encrypt
Sections
OmniOS: Postfix And Stunnel
Setting the system to send email to the outside world
This article is part of a series focused on the building and setup of a home-NAS based on ZFS and OmniOS. The index is located here: An OmniOS ZFS Fileserver.
I was setting up the OmniOS server to keep track of several parameters, for example the health of the different hard disks, so I needed a way to send email to external mailboxes.
As first step, I checked the availability:
$ pkg info -r postfix
Name: service/network/smtp/postfix
Summary: Postfix Mail Transport Agent
State: Not installed
Publisher: uulm.mawi
Version: 2.10.2 (2.10.2)
Build Release: 5.11
Branch: 0.151006
Packaging Date: Mon Sep 16 12:37:47 2013
Size: 31.86 MB
FMRI: pkg://uulm.mawi/service/network/smtp/postfix@2.10.2,5.11-0.151006:20130916T123747Z
Name: omniti/network/smtp/postfix
Summary: Postfix mail server
State: Not installed
Publisher: ms.omniti.com
Version: 2.10.2 (2.10.2)
Build Release: 5.11
Branch: 0.151006
Packaging Date: Tue Oct 8 20:27:38 2013
Size: 30.00 MB
FMRI: pkg://ms.omniti.com/omniti/network/smtp/postfix@2.10.2,5.11-0.151006:20131008T202738Z
Name: service/network/smtp/postfix
Summary: Postfix Mail Transport Agent
State: Not installed
Publisher: uulm.mawi
Version: 2.10.2 (2.10.2)
Build Release: 5.11
Branch: 0.151006
Packaging Date: Mon Sep 16 12:37:47 2013
Size: 31.86 MB
FMRI: pkg://uulm.mawi/service/network/smtp/postfix@2.10.2,5.11-0.151006:20130916T123747Z
Name: omniti/network/smtp/postfix
Summary: Postfix mail server
State: Not installed
Publisher: ms.omniti.com
Version: 2.10.2 (2.10.2)
Build Release: 5.11
Branch: 0.151006
Packaging Date: Tue Oct 8 20:27:38 2013
Size: 30.00 MB
FMRI: pkg://ms.omniti.com/omniti/network/smtp/postfix@2.10.2,5.11-0.151006:20131008T202738Z
The two repositories are providing the same version, but I know from past experiences that the official one is updated less frequently (check the different package dates: 2013-09-16 vs 2013-10-08), so I installed the uulm-mawi version:
$ pkg install pkg://uulm.mawi/service/network/smtp/postfix@2.10.2,5.11-0.151006:20130916T123747Z
I configured the settings as suggested in several websites, with some additional modifications because my home network is associated to a third-level domain.
However, the setup was not working, because the server accepts only SMTP (unencrypted) or SMTPS (SMTP through an explicit TLS-SSL channel, port 465), while postfix can do only SMTP, ESMTP (SMTP with the addition of STARTTLS, port 25) or Submission (SMTP with forced authentication, port 587).
As solution, I had to use postfix without encryption and then stunnel to produce an explicit TLS-SSL tunnel. More specifically, I used for postfix main.cf:
that deactivates encryption. The other options are useful to keep the information about the third level domains in the outgoing headers.
It is important to set the correct permissions and owner to the /etc/postfix/sasl_passwd file and then to generate the hash correctly:
$ pfexec chmod 600 /etc/postfix/sasl_passwd
$ pfexec chown root:root /etc/postfix/sasl_passwd
$ pfexec postmap hash:/etc/postfix/sasl_passwd
$ pfexec chown root:root /etc/postfix/sasl_passwd
$ pfexec postmap hash:/etc/postfix/sasl_passwd
Then I installed stunnel:
$ pkg info -r stunnel
Name: omniti/network/stunnel
Summary: stunnel SSL encryption wrapper
State: Installed
Publisher: ms.omniti.com
Version: 4.53 (4.53)
Build Release: 5.11
Branch: 0.151002
Packaging Date: Thu Jul 19 18:13:33 2012
Size: 687.39 kB
FMRI: pkg://ms.omniti.com/omniti/network/stunnel@4.53,5.11-0.151002:20120719T181333Z
$ pkg install stunnel
Name: omniti/network/stunnel
Summary: stunnel SSL encryption wrapper
State: Installed
Publisher: ms.omniti.com
Version: 4.53 (4.53)
Build Release: 5.11
Branch: 0.151002
Packaging Date: Thu Jul 19 18:13:33 2012
Size: 687.39 kB
FMRI: pkg://ms.omniti.com/omniti/network/stunnel@4.53,5.11-0.151002:20120719T181333Z
$ pkg install stunnel
Stunnel was run with the following configuration:
chroot = /opt/omni/var/lib/stunnel/
setuid = stunnel
setgid = stunnel
pid =
output = /stunnel.log
cert = /opt/omni/etc/stunnel/mail.pem
options = NO_SSLv2
[smtp-tls-wrapper]
accept = 11125
client = yes
connect = ssl0.ovh.net:465
;delay = yes
setuid = stunnel
setgid = stunnel
pid =
output = /stunnel.log
cert = /opt/omni/etc/stunnel/mail.pem
options = NO_SSLv2
[smtp-tls-wrapper]
accept = 11125
client = yes
connect = ssl0.ovh.net:465
;delay = yes
I used the attached SMF configuration to load stunnel as SMF service.
Update 2015-09-19
The precompiled packages have not been updated in a while, so I decided to compile postfix myself. Since it took a while due to missing SASL and HASH support, the info for a successful compilation are available on GitHub/stefri. In the future I would compile a package, but this time I compiled the normal binary, so I skipped the "-DDEF_COMMAND_DIR=\"/usr/local/sbin\" -DDEF_DAEMON_DIR=\"/usr/local/libexec/postfix\".
Author: Olaf Marzocchi
First revision: 2014-01-01.
Last revision: 2015-09-19.