/
Installing and Configuring outgoing mail

Installing and Configuring outgoing mail

Owned by Mike Tango Bravo
Last updated: Nov 22, 2024
4 min read

For different services, we need to be able to send email messages. For example, when someone registers a new tasting experience for YDIYOI or mints and NFT, we need to send an email message to the winery. Or when a token holder redeems bottles of wine, we should be able to send a confirmation email to the token holders email address.

This requires setting up an SMTP server that can deliver email on our server. Unfortunately, most hosting providers block port 25 for outgoing SMTP, so we need to configure an SMTP relay.

Fortunately, OpenVino uses http://protonmail.ch We are big fans of the secure, encrypted service ProtonMail offers and have been “Visionary” subscribers for some time. But to use ProtonMail as a “headless” service from the command-line requires that we setup a few things:

Postfix - the popular SMTP server for linux (replacement for sendmail)

Protonmail Bridge - an encrypted relay that receives connections from Postfix and forwards messages over an encrypted channel to Protonmail.

pass - a password encryption storage program

Create new email account

First, create a new email account on protonmail (paid subscription). In this case: NFT@OpenVino.org

This is done on settings for http://protonmail.com

Install postfix

Install the postfix packages:

sudo apt-get install postfix

Configure postfix

Edit the postfix main.cf file

relayhost = [127.0.0.1]:1025

Comment out the line

#smtp_tls_CApath = /etc/pki/tls/certs

Add the following at the end of the file

smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_tls_CApath = /etc/ssl/certs smtp_use_tls = yes sender_canonical_maps = regexp:/etc/postfix/canonical

The canonical file needs to be updated, by adding the following last line:

/.*/ nft@openvino.org

Next the SMTP account details we got from ProtonMails (which will be different from the login account details.)

sudo vi /etc/postfix/sasl_passwd [127.0.0.1]:1025 nft@openvino.org:fdsafdsafsdafdasfdsa

Secure this file

sudo chmod 0600 /etc/postfix/sasl_passwd sudo chown root:root /etc/postfix/sasl_passwd

Run Postmap to generate the DB file

sudo postmap /etc/postfix/sasl_passwd

Since postfix will be connecting to the bridge with STARTSSL, it will need to validate the bridge certificate. Symlinking the self-signed certificate will be necessary:

sudo ln -s /root/.config/protonmail/bridge/cert.pem /etc/ssl/certs/protonmail-bridge.pem

Restart postfix

sudo systemctl restart postfix sudo systemctl status postfix sudo tail /var/log/maillog

Install the Protonmail bridge

Download the protonmail bridge

wget https://proton.me/download/bridge/protonmail-bridge-2.1.3-1.x86_64.rpm

Download the public key `bridge_pubkey.gpg` to the current working directory 

wget https://proton.me/download/bridge_pubkey.gpg

Add the key signature to the package repository

sudo rpm --import bridge_pubkey.gpg

Check the integrity of the package

sudo rpm --checksig protonmail-bridge-2.1.3-1.x86_64.rpm

Install protonmail bridge

sudo dnf install protonmail-bridge-2.1.3-1.x86_64.rpm

Install the mailx command-line email client:

[mtb@sierra ~]$ sudo dnf install mailx Last metadata expiration check: 0:00:32 ago on Thu 23 Jun 2022 07:23:03 PM UTC. Dependencies resolved. ==================================================================================================== Package Architecture Version Repository Size ==================================================================================================== Installing: mailx x86_64 12.5-29.el8 baseos 256 k Transaction Summary ==================================================================================================== Install 1 Package Total download size: 256 k Installed size: 474 k Is this ok [y/N]: y Downloading Packages: mailx-12.5-29.el8.x86_64.rpm 1.4 MB/s | 256 kB 00:00 ---------------------------------------------------------------------------------------------------- Total 135 kB/s | 256 kB 00:01 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : mailx-12.5-29.el8.x86_64 1/1 Running scriptlet: mailx-12.5-29.el8.x86_64 1/1 Verifying : mailx-12.5-29.el8.x86_64 1/1 Installed: mailx-12.5-29.el8.x86_64

Install pass:

sudo dnf install pass

Create a passphrase-free a gpg key:

sudo gpg --batch --passphrase '' --quick-gen-key 'ProtonMail Bridge' default default never

This creates a new password database in pass (pass calls the database password store). And the GPG key ProtonMail Bridge can be used to open the database.

sudo pass init "ProtonMail Bridge"

We have to set up protonmail-bridge interactively in advance. First, start the protonmail-bridge in command-line mode:

protonmail-bridge --cli

Start ProtonMail Bridge in command-line mode

Welcome to ProtonMail Bridge interactive shell ___....___ ^^ __..-:'':__:..:__:'':-..__ _.-:__:.-:'': : : :'':-.:__:-._ .':.-: : : : : : : : : :._:'. _ :.': : : : : : : : : : : :'.: _ [ ]: : : : : : : : : : : : : :[ ] [ ]: : : : : : : : : : : : : :[ ] :::::::::[ ]:__:__:__:__:__:__:__:__:__:__:__:__:__:[ ]::::::::::: !!!!!!!!![ ]!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!![ ]!!!!!!!!!!! ^^^^^^^^^[ ]^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^[ ]^^^^^^^^^^^ [ ] [ ] [ ] [ ] jgs [ ] [ ] ~~^_~^~/ \~^-~^~ _~^-~_^~-^~_^~~-^~_~^~-~_~-^~_^/ \~^ ~~_ ^ >>>

Login to Protonmail:

>>> login Username: openvinomail Password: Authenticating ... Adding account ... Account openvinomail was added successfully.

Set protonmail-bridge in split mode

>>> change mode Are you sure you want to change the mode for account openvinomail to split mode? yes/no: yes Address mode for account openvinomail changed to split mode

Find the SMTP settings for nft@openvino.org

>>> info Configuration for nft@openvino.org IMAP Settings Address: 127.0.0.1 IMAP port: 1143 Username: nft@openvino.org Password: fdsafdsafdsafdsafdsa Security: STARTTLS SMTP Settings Address: 127.0.0.1 SMTP port: 1025 Username: nft@openvino.org Password: fdsafdsafdsafdsafdsa Security: STARTTLS

Create a service file

sudo vi /etc/systemd/system/protonmailbridge.service

Configure postfix

Edit the postfix main.cf file

relayhost = [127.0.0.1]:1025

Comment out the line

#smtp_tls_CApath = /etc/pki/tls/certs

Add the following at the end of the file

smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_tls_CApath = /etc/ssl/certs smtp_use_tls = yes sender_canonical_maps = regexp:/etc/postfix/canonical

The canonical file needs to be updated, by adding the following last line:

/.*/ nft@openvino.org

Next the SMTP account details we got from ProtonMails (which will be different from the login account details.)

sudo vi /etc/postfix/sasl_passwd [127.0.0.1]:1025 nft@openvino.org:fdsafdsafsdafdasfdsa

Secure this file

sudo chmod 0600 /etc/postfix/sasl_passwd sudo chown root:root /etc/postfix/sasl_passwd

Run Postmap to generate the DB file

sudo postmap /etc/postfix/sasl_passwd

Since postfix will be connecting to the bridge with STARTSSL, it will need to validate the bridge certificate. Symlinking the self-signed certificate will be necessary:

sudo ln -s /root/.config/protonmail/bridge/cert.pem /etc/ssl/certs/protonmail-bridge.pem

Restart postfix

sudo systemctl restart postfix sudo systemctl status postfix sudo tail /var/log/maillog

Related content