5210R: Postfix, SNI for Email and Maildir

Posted by: mstauber Category: General

A larger set of updates has been published for BlueOnyx 5210R, which add Postfix, SNI for the MTA and Maildir support.

We just published a set of around 50 YUM updates for 5210R that extend existing installs with new features. These mostly revolve around the email integration in BlueOnyx 5210R:


As you can see in the above image: It's now possible to choose which MTA you want to use. BlueOnyx traditionally used Sendmail since the beginning, but now you have the option to switch your BlueOnyx 5210R to Postfix (v.3.5.2) instead. And you can in fact - at any time - switch back and forth between Sendmail and Postfix via the GUI.

Postfix is much more modern than Sendmail and and easier to configure to whatever needs you have. The config files of Postfix are located in /etc/postfix/ and the two main files you'll want to edit might be /etc/postfix/main.cf and /etc/postfix/master.cf. Edits can be done with your favorite text editor or via the "postconf" command. There is also the subdirectory /etc/postfix/milters.d/, which will allow you to easily integrate your own milters - if you want to. An example file is included in that directory.

Current versions of BlueOnyx 5210R that receive this set of YUM updates will continue to use Sendmail until the time that you choose to manually switch your 5210R to Postfix via the GUI.

Future versions of BlueOnyx 5210R will ship with Postfix enabled by default, but can be switched back to Sendmail by you in the same fashion.

Server Name Indication (SNI)

One of the strong points of Postfix is that it supports Server Name Indication (SNI). We already added support for SNI into Dovecot recently. The new Postfix in BlueOnyx 5210R also has it out of the box. Meaning: Postfix not only supports TLS via the GUI's SSL certificate. No, it also uses the SSL certificates for all Vsites that have SSL enabled. So if your server is named www.server.com and one of your users from www.customer.com connects with his email client to TLS on port 25 or 587, then the user will NOT get a "SSL certificate mismatch", because Postfix answers with the SSL certificate of the Vsite for the SSL enabled Vsite that the client connected to. This should help to ease a lot of your usual support issues.

Mailbox Format: Mbox / Maildir

Traditionally BlueOnyx uses the Mbox format for storing emails on the server. A popular alternative is be Maildir. Both have their benefits and drawbacks, but for large mailboxes and performance Maildir is often recommended. BlueOnyx 5210R now allows you to switch from the traditional Mbox to the Maildir format and back.

HOWEVER: Please note that you should use this feature with caution! When you switch the Mailbox Format, then all mailboxes on the server must be converted from the old format to the new format. Otherwise all emails in them are inaccessible.

Any such conversion rocks the boat and might ruffle some feathers. Conversions from Mbox to Maildir are usually smoth. From Maildir to Mbox? Not so much. Maildir allows folders and subfolders for Email and during the conversion from Maildir to Mbox you risk loss of emails, but also all emails will be merged back from subfolders into the inbox. Your users might not like that very much.

There is a new checkbox in the GUI, called "Convert Mailboxes". This will convert all mailboxes (that have actual emails in them) from one format to the other. The later being the one that is selected under "Mailbox Format" when you save the changes in that GUI page.

VERY IMPORTANT: If you have many mailboxes or very large mailboxes, then you SHOULD consider to run the conversion from the shell as "root" instead. The command for that is /usr/sausalito/sbin/mbox_maildir_convert.pl :

[root@jarvis ~]# /usr/sausalito/sbin/mbox_maildir_convert.pl 
│ BlueOnyx Mbox/Maildir & Maildir/Mbox converter │

usage: /usr/sausalito/sbin/mbox_maildir_convert.pl [OPTIONS]

Example: /usr/sausalito/sbin/mbox_maildir_convert.pl --mbox
Example: /usr/sausalito/sbin/mbox_maildir_convert.pl --maildir

--mbox Converts all mailboxes to mbox format
--maildir Converts all mailboxes to maildir format
-h|--help This help text

That way you prevent GUI time-outs during the conversion and can directly see if there are any issues. In any case: During a run of this conversion utility *one* backup of "mbox" and the "Maildir" directory will be made. So it would be wise to assure that users have sufficient disk quota to hold at least two times the quantity of their current emails.

Related new BlueOnyx Shop PKGs

AV-SPAM: If you are using the AV-SPAM on 5210R and want to use Postfix, then you should update to the AV-SPAM v7.1.0 (or newer), which has just been released. It has provisions for both Sendmail and Postfix.

Clam AV: We also released an updated ClamAV v0.102.3-1, which has provisions for usage with both Sendmail and Postfix. If you are using the AV-SPAM, then please update Clam AV to the latest version as well.-

Fail2ban: Fail2ban also has provisions to monitor Postfix for malicious access requests. We just released an updated Fail2ban PKG, which allows you to enable monitoring of the Services 'postfix', 'postfis-sasl' and 'postfix-rbl'. If you want to switch to Postfix and currently have Fail2ban installed, then please also consider getting the latest Fail2ban from the BlueOnyx shop.

Technical aspects of the Postfix integration

CentOS 8 ships with a version of Postfix that doesn't support SNI yet, because it's way too old. Therefore BlueOnyx 5210R uses the latest Postfix v3.5.2 and will continue to deliver updates for the Postfix service during the lifetime of CentOS 8 and 5210R.

We also wanted to avoid that the Sendmail and Postfix configurations drift apart - in case you ever want to or need to switch back. Therefore the BlueOnyx GUI continues to write all config changes and updates to the Sendmail configuration. On every "systemctl start postfix" or "systemctl restart postfix" our special Postfix Systemd Unit-File will parse the Sendmail configuration and will extract all relevant information that it needs to build a Postfix configuration on the fly. The main config file of Postfix (/etc/postfix/main.cf) receives just a few "on the fly" modifications in order to set just the GUI configurable options. Such as max message size, maximum number of email recipients and a few other parameters. This gives you a larger leeway to make your own changes to /etc/postfix/main.cf should you find these necessary. The GUI uses "postconf" to edit selected values, which avoids dumping anything that you added manually. Unless you tried to change one of the parameters that the GUI insists on managing itself. If you want to modify the Postfix configuration yourself and wonder which parameters the GUI will always overwrite, then you should consult /usr/sausalito/bin/blueonyx-postfix-confgen. That is the dynamic config file generator that Postfix calls on every startup.

As always: If you have any questions or issues with this update, then please don't hesitate to file a support request via the BlueOnyx GUI or ask on the BlueOnyx mailing list.

Jun 11, 2020 Category: General Posted by: mstauber
Next page: Features