Setup Ubuntu to send mail via a remote SMTP server

We will configure a server running Ubuntu to send all mail out to a remote email address via an SMTP server. This is a redo of these instructions..

Again, I just copied an instructional as here. Cant be bothered copying it here, but I did all those steps, except I commented out this line:

#smtp_tls_CAfile = /etc/postfix/cacert.pem

Because eh.

I looked at this log and got some useful info: /var/log/mail.log

SMTPS wrappermode (TCP port 465) requires setting "smtp_tls_wrappermode = yes", and "smtp_tls_security_level = encrypt" (or stronger) 

So I added those lines to my config file.
Then in testing I noticed that yay it actually sent the mail, although it bounced due to the ‘from address’ not being configured properly, so we create this file:
sudo nano /etc/postfix/generic with these contents:

username@hostname name@domain 
@hostname name@domain  
#use 'postmap /etc/postfix/generic' to hash this file 
#then 'service postfix restart'  

Where hostname is the hostname for the machine, and name@domain is the sender address, which usually needs to be valid with the SMTP server – although Google actually allows improper addresses. You could create different instances for different users, i.e one for root perhaps
Then add this line to the config:
smtp_generic_maps = hash:/etc/postfix/generic

Note that the hostname field needs to correspond as with
hostname –fqdn
and can be edited here
sudo nano /etc/hosts

I set the following in the main.cf
mydestination = localhost
meaning that only mail for localhost will be held on the machine

Finally:
sudo postmap /etc/postfix/generic
sudo service postfix restart

Done

Spinning Up Ubuntu 16.04 on a VPS instance

  • My VPS provider (Vultr) allows inserting a public key at the time of a new instance creation, so I created a new key using an existing Linux command line:
    ssh-keygen -t rsa
  • Name server hostname (I used these instructions (archive) for hostname)
  • Set reverse DNS in VPS server console equal to FQDN
  • Change SSH port & disable password authentication with
    sudo nano "/etc/ssh/sshd_config"
    then restart ssh
    sudo systemctl restart ssh
  • create non root user, copy .ssh folder from root to their profile, making sure to chown newuser for the authorized_keys file, and add the user to group sudo – sudo addgroup groupname.
  • Add auto security updates.
    sudo apt-get install unattended-upgrades
    sudo dpkg-reconfigure unattended-upgrades
    sudo nano /etc/apt/apt.conf.d/50unattended-upgrades **requires root email for notifications*
  • Set time zone
    sudo dpkg-reconfigure tzdata

OpenVPN Server on Ubuntu 16.04

Following this guide.

NOTE 1: In the part where they edit /etc/openvpn/server.conf

I edited the server directive to read:
server 192.168.155.0 255.255.255.0

then my UFW rules are

# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to ens3 (change to the interface you discovered!)
-A POSTROUTING -s 192.168.155.0/24 -o ens3 -j MASQUERADE
COMMIT
# END OPENVPN RULES
Continue reading “OpenVPN Server on Ubuntu 16.04”