Configure Postfix to use Office365 SMTP Relay on Ubuntu 18.04

Configure Postfix to use Office365 SMTP Relay on Ubuntu 18.04

In this post I’ll show how to install and configure Postfix on Ubuntu 16.04 to use Office 365 services like smarthost/mail relay.

apt-get upgrade
apt-get update
apt-get install postfix sasl2-bin mailutils

sasl2-bin is an API thet implement Cyrus SASL API, and permit to integrate authentication mechanisms in Postfix
mailutils is a simple mail commands that will help testing our configuration.

During the Postfix configuration in request “General type of mail configuation” select “Internet Site”, and set your “System mail name” to use your FQDN (Fully Qualified Domain Name): in my case mailserver.infpressapochista.local
You can use the next command to obtain your FQDN.

hostname –fqdn
Now we need to define the credentials that will be used to establish the connection with Office 365 smtp server.
Create a file called sasl_passwd in /etc/postfix that contains the credentials: the username and password.

[smtp.office365.com]:587 usernameOffice365@domainOffice365.it:password
Att.: Replace usernameOffice365@domainOffice365.it and password with the appropriate credentials.
Postfix for some config files doesn’t use the flat ascii format, but uses a hash version of the same files that allows quicker lookup/retrieval.
This is one of them !

postmap hash:/etc/postfix/sasl_passwd
This command create an hash version of sasl_passwd plain ascii file: in /etc/postfix you should see sasl_passwd and sasl_passwd.db in the list.

Using Office 365 smtp we can only send mail (FROM field in email header) as the user we are connecting with, or an another account specified in office365 (Send As permission).

For this reason we need to configure postfix to modify the from field for all the outgoing mail.
Create a file called sender_canonical in /etc/postfix.

nano /etc/postfix/sender_canonical
Here you can add the next line.

/.+/ usernameOffice365@domainOffice365.it
Att.: Replace usernameOffice365@domainOffice365.it with the same account used in /etc/postfix/sasl_passwd or an another enabled account.
Create the hash version.

postmap hash:/etc/postfix/sender_canonical
For security purposes let’s make sure the owner of the files created above is the root user and the permissions are 644.

chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
chmod 644 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
chown root:root /etc/postfix/sender_canonical /etc/postfix/sender_canonical.db
chmod 644 /etc/postfix/sender_canonical /etc/postfix/sender_canonical.db
I prefer to use TLS to transmit mail.

cp /etc/ssl/certs/thawte_Primary_Root_CA.pem /etc/postfix/cacert.pem
Now we can configure Postfix to use this files. Edit /etc/postfix/main.cf and add/modify the following lines to our main.cf

…..
inet_protocols = ipv4
relayhost = [smtp.office365.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = may
sender_canonical_maps = regexp:/etc/postfix/sender_canonical
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes
…..
Att.: The line inet_protocols = ipv4 force postfix to use only ipv4.

Restart Posfix.

service postfix restart
Now we can send a test message to see if everything worked. Create a file like /etc/postfix/mailtest.txt

to: emailto@domain.it
subject:Subject Test
Att.: Replace emailto@domain.it with the address you want to send your test to.

sendmail -v emailto@domanin.it < /etc/postfix/mailtest.txt Att.: Replace emailto@domain.it with the address you want to send your test to. If your test fails you can check the mail.log file to try and determine why.

tail – f /var/log/mail.log
Att.: After making changes be sure to restart Postfix before testing.
service postfix restart

Ref::

Configure Postfix to use Office365 SMTP Relay on Ubuntu 16.04

Nginx: 413 – Request Entity Too Large Error at Ubuntu and Solution

Nginx: 413 – Request Entity Too Large Error and Solution

Nginx configuration

To fix this issue edit your nginx.conf. Open the Terminal or login to the remote server using ssh client. Type the following command to edit your nginx.conf using a text editor such as vi or joe or nano:
# vi /etc/nginx/nginx.conf

Use nano text editor:
$ sudo nano /etc/nginx/nginx.conf

Must be run as root:
# vi /usr/local/nginx/conf/nginx.conf

Add the following line to http or server or location context to increase the size limit in nginx.conf, enter:

# set client body size to 2M #
client_max_body_size 2M;

The client_max_body_size directive assigns the maximum accepted body size of client request, indicated by the line Content-Length in the header of request. If size is greater the given one, then the client gets the error “Request Entity Too Large” (413).
Save and close the file. Reload the nginx webserver, enter:
# /usr/local/nginx/sbin/nginx -s reload

Use nginx itself to reload it:
# /sbin/nginx -s reload

For RHEL/CentOS/Debian/Ubuntu Linux, try:
# service nginx reload

If you are using systemd based system run:
$ sudo systemctl reload nginx.service

PHP configuration (optional)

Your php installation also put limits on upload file size. Edit php.ini and set the following directives

;This sets the maximum amount of memory in bytes that a script is allowed to allocate
memory_limit = 32M

;The maximum size of an uploaded file.
upload_max_filesize = 2M

;Sets max size of post data allowed. This setting also affects file upload. To upload large files, this value must be larger than upload_max_filesize
post_max_size = 3M
If you are using PHP-FPM, restart it as follows:
$ sudo systemctl restart php-fpm
## OR ##
$ sudo systemctl restart php7.0-fpm.service
## OR ##
$ sudo /usr/local/etc/rc.d/php-fpm restart

Save and close the file. Make sure you reload/restart back-end apache or nginx web server as per your setup.

Enable Remote Connections Mysql Ubuntu

To expose MySQL to anything other than localhost you will have to have the following line

For mysql version 5.6 and below

uncommented in /etc/mysql/my.cnf and assigned to your computers IP address and not loopback

For mysql version 5.7 and above

uncommented in /etc/mysql/mysql.conf.d/mysqld.cnf and assigned to your computers IP address and not loopback

#Replace xxx with your IP Address
bind-address = xxx.xxx.xxx.xxx
Or add a bind-address = 0.0.0.0 if you don’t want to specify the IP

Then stop and restart MySQL with the new my.cnf entry. Once running go to the terminal and enter the following command.

lsof -i -P | grep :3306
That should come back something like this with your actual IP in the xxx’s

mysqld 1046 mysql 10u IPv4 5203 0t0 TCP xxx.xxx.xxx.xxx:3306 (LISTEN)
If the above statement returns correctly you will then be able to accept remote users. However for a remote user to connect with the correct priveleges you need to have that user created in both the localhost and ‘%’ as in.

CREATE USER ‘myuser’@’localhost’ IDENTIFIED BY ‘mypass’;
CREATE USER ‘myuser’@’%’ IDENTIFIED BY ‘mypass’;
then,

GRANT ALL ON *.* TO ‘myuser’@’localhost’;
GRANT ALL ON *.* TO ‘myuser’@’%’;
and finally,

FLUSH PRIVILEGES;
EXIT;

Restart Mysql service and test again with new user to mysql from remote access.

View files permissions in ubuntu

If you want to see the the permission of a file you can use ls -l /path/to/file command.

For example

ls -l testfilename
-rwxr-xr-x 1 10490 floppy 17242 May 8 2013 testfilename

What does this mean ?

First – represents a regular file. It gives you a hint of the type of object it is. It can have following values.

d (directory)
c (character device)
l (symlink)
p (named pipe)
s (socket)
b (block device)
D (door)
– (regular file)

r represents read permission.
w represents write permission and
x represents executable permission.

First combination of rwx represents permission for the owner .
Second combination of rwx represents permission for the group .
Third combination of rwx represents permission for the other of the file.

Octal notation

Permission of file can also be represented in octal notation.
In octal notation

Read or r is represented by 4,
Write or w is represented by 2
Execute x is represented by 1.

Sum of these three is use to represent the permission.

stat command can be used to view file permission in octal notation

stat -c “%a %n” /path/of/file
For example

stat -c “%a %n” testfilename
755 testfilename
Here you can see

For owner it is 4+2+1=7 (111 in binary)
For group it is 4+0+1=5 (101 in binary) and
For other it is 4+0+1=5 (101 in binary).

Ref:: https://askubuntu.com/questions/528411/how-do-you-view-file-permissions/528433#528433