Categories
Linux Server

Configuring Ubuntu SMTP Server

This post details the process to create a standalone SMTP server on Ubuntu 12.04.4 LTS using Postfix.

As Microsoft do not provide basic SMTP services with Office 365 that will work with some of our services we had a requirement for a standalone SMTP server internally on our network. We only needed the ability to send email from various devices (Scan to email from Ricoh photocopiers, email services from our MIS service, etc.) so this process does not cover setting up a mail server to receive email.  As we restrict access by network we are not using any form of authentication on the SMTP server currently.

I suggest you configure the box to point to external DNS servers (Google’s 8.8.8.8 and 8.8.4.4 work great) rather than your internal servers so as to avoid having issues with missing MX records for your internal domain.

Also I suggest you follow the details configure shorewall firewall before following the steps below to configure a basic SMTP server.

  1. Install postfix
    sudo apt-get install postfix
  2. In the installation program enter the FQDN for the server
  3. Install mailutils
    sudo apt-get install mailutils
  4. Configure the networks which will be allowed to connect, including loopback. (10.111.0.0/24 is our printer subnet)
    sudo postconf -e "mynetworks = 127.0.0.0/8, 192.168.0.0/22, 10.111.0.0/24"
  5. Restart Postfix
    sudo /etc/init.d/postfix restart

The server should now be ready! If you don’t start seeing mail flow the postfix log is a good place to start:

tail /var/log/mail.log -f

Categories
Linux Server

Simple Shorewall config on Ubuntu server 12.04 LTS

Here are the steps I used to configure a simple Shorewall firewall on Ubuntu 12.04.

The firewall config below provides SSH and HTTP access only; all other ports are blocked. Obviously you can add additional services as required in step 5.

  1. Install the Shorewall firewall.
    sudo apt-get install shorewall
  2. Backup the original configuration.
    sudo cp -p /etc/shorewall/shorewall.conf /etc/shorewall/shorewall.conf.orig
  3. Copy the provided configuration for a single-interface machine.
    sudo cp -p /usr/share/doc/shorewall/examples/one-interface/* /etc/shorewall/
  4. Add rules to allow SSH and web access.
    sudo nano /etc/shorewall/rules
  5. Add the following to the bottom of the file
    SSH(ACCEPT)     net             $FW
    Web(ACCEPT)     net             $FW

    For SMTP (still allowing http):

    SSH(ACCEPT)     net             $FW
    Web(ACCEPT)     net             $FW
    SMTP(ACCEPT)    net             $FW
  6. Edit Ubuntu’s Shorewall config to allow the firewall to start.
     sudo nano /etc/default/shorewall
  7. Change startup from 0 to 1
  8. Start the firewall.
    sudo /etc/init.d/shorewall start
  9. Done!