What is Postfix?
Postfix is a popular open-source mail transfer agent (MTA) used to route and deliver emails on Unix-like operating systems, including Linux. It is a fast, secure, and easy-to-configure alternative to Sendmail, commonly used by mail servers.
What is Mastodon?
Mastodon is a free, open-source, decentralized social network that operates as part of the Fediverse (a network of interconnected but independent social platforms). Unlike centralized platforms like Twitter, Mastodon allows users to join or host their own servers (instances) while still interacting with users on other instances.
Key Features of Postfix:
- Security Focused: Designed to minimize risks and vulnerabilities.
- Performance Optimized: Efficiently handles a high volume of emails.
- Easy Configuration: Uses simple configuration files (
/etc/postfix/main.cfand/etc/postfix/master.cf). - Spam & Abuse Control: Includes built-in anti-spam and anti-relay protections.
- Flexible: Supports integration with other email tools like Dovecot, SpamAssassin, and DKIM.
Common Use Cases:
- Mail Servers: Used for handling email sending and receiving.
- Relay Host: Can act as a relay server to forward emails.
- SMTP Gateway: Works as an SMTP relay for outgoing emails.
Relationship of Postfix and Mastodon
Mastodon and Postfix interoperate because Mastodon, as a federated social network, needs an email server to send emails for user registrations, notifications, and password resets. Postfix serves as the Mail Transfer Agent (MTA) that Mastodon uses to send these emails.
How Mastodon Uses Postfix:
When you configure Postfix MTA for use with Mastodon, you can expect the following workflow:
- Mastodon Generates Emails:
- When a user registers, requests a password reset, or receives a notification, Mastodon generates an email.
- Postfix Handles Email Sending:
- Mastodon forwards the email to Postfix, which then relays it to the recipient’s mail server (e.g., Gmail, Outlook).
- Postfix can either send emails directly or relay them through an SMTP provider like Gmail, Mailgun, or SendGrid.
Prerequisites
Before we discuss how to configure Postfix MTA for use with Mastodon, ensure that you have:
- A server running Mastodon (e.g., Ubuntu 22.04, Debian 11)
- A valid domain name (e.g.,
example.com) – Register a Domain from just $1.99/yr - An SMTP relay service (optional but recommended, e.g., SendGrid, Mailgun, Self-Hosted)
- Proper DNS records configured (SPF, DKIM, and DMARC) – See Guide: Getting Started with DNS Manager
How to Configure Postfix MTA for Use with Mastodon Server
To configure Postfix for use with Mastodon server, follow the steps provided:
-
Install Postfix
Install Postfix using the package manager:
sudo apt update && sudo apt install postfix
During installation, select ‘Internet Site’ and set your fully qualified domain name (FQDN), e.g.,
mail.example.com. -
Configure Postfix
Edit the main Postfix configuration file:
sudo nano /etc/postfix/main.cf
Modify or add the following parameters:
# Basic settings myhostname = mail.example.com myorigin = example.com inet_interfaces = all inet_protocols = ipv4 relayhost = [smtp-relay.example.com]:587 # Security settings smtpd_tls_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem smtpd_tls_key_file=/etc/letsencrypt/live/example.com/privkey.pem smtpd_use_tls=yes smtp_tls_security_level = may smtp_tls_loglevel = 1 smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt # Authentication smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous # Queue and delivery optimizations maximal_queue_lifetime = 1d bounce_queue_lifetime = 4h smtp_connection_cache_on_demand = no smtp_connection_cache_time_limit = 2s
-
Set Up SMTP Authentication (If Using a Relay)
Create the authentication file:
sudo nano /etc/postfix/sasl_passwd
Add your SMTP relay credentials:
[smtp-relay.example.com]:587 username:password
Secure and process the file:
sudo chmod 600 /etc/postfix/sasl_passwd sudo postmap /etc/postfix/sasl_passwd
-
Configure DNS Records
Ensure your domain has the following records:
SPF Record (TXT Record):
v=spf1 include:_spf.example.com ~all
DKIM Record (Generated via your SMTP provider)
DMARC Record (TXT Record):
v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@example.com;
-
Restart and Test Postfix
Restart Postfix to apply changes:
sudo systemctl restart postfix sudo systemctl enable postfix
Send a test email:
echo "Test Email from Mastodon" | mail -s "Test" your-email@example.com
Check logs for issues:
sudo tail -f /var/log/mail.log
-
Install PostfixAdmin (Optional)
PostfixAdmin is a web-based interface for managing Postfix virtual domains and users. To install PostfixAdmin, follow the steps below:
-
Install Dependencies
sudo apt install php php-fpm php-mbstring php-intl php-xml php-mysql mariadb-server unzip
-
Create Database for PostfixAdmin
sudo mysql -u root -p
Inside MySQL:
CREATE DATABASE postfixadmin; CREATE USER 'postfixadmin'@'localhost' IDENTIFIED BY 'strongpassword'; GRANT ALL PRIVILEGES ON postfixadmin.* TO 'postfixadmin'@'localhost'; FLUSH PRIVILEGES; EXIT;
-
Download and Configure PostfixAdmin
cd /var/www/html sudo wget https://github.com/postfixadmin/postfixadmin/archive/refs/tags/postfixadmin-3.3.10.tar.gz sudo tar -xvzf postfixadmin-3.3.10.tar.gz sudo mv postfixadmin-postfixadmin-3.3.10 postfixadmin cd postfixadmin sudo cp config.local.php config.inc.php sudo nano config.inc.php
Modify database settings:
$CONF['database_type'] = 'mysqli'; $CONF['database_host'] = 'localhost'; $CONF['database_user'] = 'postfixadmin'; $CONF['database_password'] = 'strongpassword'; $CONF['database_name'] = 'postfixadmin';
Save and exit.
-
Set File Permissions
sudo chown -R www-data:www-data /var/www/html/postfixadmin sudo chmod -R 755 /var/www/html/postfixadmin
-
Configure Apache
sudo nano /etc/apache2/sites-available/postfixadmin.conf
Add:
<VirtualHost *:80> ServerAdmin admin@example.com DocumentRoot /var/www/html/postfixadmin/public ServerName mail.example.com <Directory /var/www/html/postfixadmin/public> AllowOverride All Require all granted </Directory> </VirtualHost>Enable and restart Apache:
sudo a2ensite postfixadmin.conf sudo systemctl restart apache2
-
-
Configure Mastodon to Use Postfix
Edit the
.env.productionfile in your Mastodon directory:SMTP_SERVER=127.0.0.1 SMTP_PORT=25 SMTP_LOGIN= SMTP_PASSWORD= SMTP_FROM_ADDRESS='noreply@example.com'
Restart Mastodon:
cd /home/mastodon/live RAILS_ENV=production bin/tootctl restart
-
Harden Security
- Restrict Relay Access:
smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination
- Limit Failed Login Attempts:
smtpd_client_restrictions = permit_mynetworks, reject_unknown_client_hostname, reject_rbl_client zen.spamhaus.org
- Enable DANE (optional):
smtp_tls_security_level = dane
- Restrict Relay Access:
-
Monitor and Maintain
Regularly monitor logs:
sudo journalctl -u postfix -n 50 --no-pager
Use
postqueue -pto check mail queue.
Conclusion
You now know how to configure Postfix MTA for use with Mastodon.
By following these best practices, you ensure a secure, reliable, and optimized email setup for your Mastodon server. Postfix will efficiently handle email notifications, password resets, and other mail-related tasks, enhancing the user experience.
[…] An e-mail delivery service or other SMTP server (Guide: How to Configure Postfix MTA for Use with Mastodon) […]