...

Choose your upstream relay

First If you have installed things on Debian/Ubuntu before, you know that the apt-get install  process asks you some configuration questions. So before diving in, we need to decide how Postfix is going to deliver emails. Typical options are:

...

Rather than send email via someone, why not just email users directly? I.e. when Postfix is asked to email joe@example.com, it will looks up the example.com  MX record and fires off an email to it.have our mail server send to their mail server directly? You know, like email was designed to work - decentralized, peer-to-peer, not beholden on giant gatekeeping corporations?

Well, you can do that, and it is in fact my favourite option. Email is the last great decentralized protocol that still more or less works. The problem is spam, and more specifically the countermeasures that large email providers take to avoid spam. Your little mail server, sending legitimate Jira emails, may not be trusted when it connects directly to a recipient's mail server, and your Jira notifications may not be delivered. You can increase the deliverability odds by following best practices, but you may be unlucky, e.g. if you unknowningly share a IP netblock with a known spammerSending email directly is generally not recommended due to deliverability concerns: your emails might be marked as spam, particularly if your Jira server's IP address block does not have a good sender reputation.

Despite legitimate worries over deliverability, sending directly is my favourite option because:

• it avoids the arbitrary sending limits imposed by most email service providers.
• It generally works:
  • This is anecdata, but I administer a few smaller instances, and one very high volume 2000-user Jira, sending about 17k emails per day to many academic domains. We very rarely (say, once a year) have problems in the form of bounced mails, or complaints from users.
  • My theory is that the sheer volume of Jira email works in its favour. Spam filters track reputation: a torrent of similar emails, once marked as legitimate, will continue to be let through. Spam filters won't even bother to track reputation of a sporadic email sender. Your recipient could mark an email as legitimate and it won't matter: by the time you send another email, the spam filter has forgotten.
• when it works, it is zero cost
  • ...except from the initial setup cost of learning and configuring TLS, SPF, DKIM, DMARC and Postfix. But that's fun! Read Small Mailserver Best Current Practices to see what
• when it doesn't work, it's not catastrophic. A few users might find Jira notifications in their spam folder, and will have to click 'Not spam' until the filter learns.
• Email As noted earlier, email is the last great decentralized part of the internet, and we (technical folks) should do our part to keep it open. Every independent SMTP server promotes diversity and helps to keep the bastards honest.

...

Run apt-get install postfix  to install Postfix. You will be prompted to enter values in a series of 'debconf' setup screens. The first screen confronts us with the relay-or-send-directly choice discussed above:

The options mean:

Pick Satellite system  if you wish to relay through a mail service provider, or Internet Site if you wish to send email directly. Then accept the defaults.

...

1. Create a system account whose mailbox will accumulate catch-all emails:

   Code Block
   useradd --no-create-home --comment "Postfix may re-route to this user mailbox" usercatchallmailcatchall

   (or skip this step and just use root  below)
   
   

2. Add a virtual_alias_maps parameter to your /etc/postfix/main.cf :

   Code Block
   # Map *@monitoring.redradishtech.com to jeff@redradishtech.com virtual_alias_maps = hashregexp:/etc/postfix/virtual_alias

   and postfix reload 

3. Create /etc/postfix/virtual_alias  containing:

   Code Block
   # Reroute all email, sending it to root's local mailbox #/.*@.*/ mailcatchall

   
   

4. Then make virtual_alias.db   (assuming you installed the Makefile shown earlier)

...