When reviewing metrics in Zabbix, sometimes it’s not enough to just check the Current problems section on the dashboard. Zabbix has many additional ways to notify the administrator about certain events. One of them, which interests me, is configuring SMTP to send emails directly via Zabbix. I will describe in detail how to set up this configuration.

In fact, this important configuration is done in three stages:

• Configuring user email
• Configuring SMTP
• Configuring notifications

After completing these steps, it will be necessary to check whether everything works correctly.

Configuring user email

For a user to receive emails, their address must be set in the account. To do this, go to the Users → Users menu, select the required user from the list, and go to the Media tab.

In the Media section, click Add. A Media window will open, where you just need to enter the user’s email and click Add. In this window, you can also set the schedule for sending emails and specify the type of event that will trigger an email. In other words, this configuration is quite flexible.

After saving the changes, the email address will be linked to the user, and you can proceed to the next step.

Configuring SMTP

The main settings are found under Alerts → Media types. From the list of available types, choose Email. Initially, you need to fill in the values on the Media type form. The Message templates and Options tabs can be configured later.

For testing, I created a dedicated email account specifically for Zabbix. Emails will be sent on behalf of this user. Now, using this information, you need to fill in the following fields:

Media type

• Name – Email
• Type – Email
• Email provider – Generic SMTP
• SMTP server – mail.yourdomain.com
• SMTP server port – 465
• Email – [email protected]
• SMTP helo – <mail.yourdomain.com>
• Connection security – SSL/TLS
• SSL verify peer – Checkbox
• SSL verify host – Checkbox
• Authentication – Username and password
• Username – [email protected]
• Password – <password>
• Message format – HTMLPlain text
• Description – Postfix server for sending notifications from Zabbix
• Enabled – Checkbox

To ensure the settings are correct, you can immediately test sending a test message. To do this, click the Test button, select the recipient, optionally write a message, and send the test email.

Once the test email is received, you can move on to the next stage – configuring notifications.

Configuring notifications

Notification settings are located under Alerts → Actions → Trigger actions. In this window, you will already see a list of created notification triggers, but we will create a new one by clicking the Create action button.

In the New action window, fill in the following fields:

On the Action tab:

• Name – Email notification
• Conditions – Select the appropriate trigger, for example, the one responsible for CPU temperature
• Enabled – Checkbox

On the Operations tab, I configured only Operations action by clicking Add in this block. In this window, you only need to change two fields:

• Send to users – select the recipient from the list
• Send to media type – select the previously created media type – email

I decided to uncheck the following options: Notify about canceled escalations, Pause operations for symptom problems, Pause operations for suppressed problems. During notification testing, you can re-enable them if needed.

After completing this step, save the settings and notifications.

Viewing activity

To see the activity of email sending, go to Reports → Action log, where you will be able to view all successful or unsuccessful actions that were executed.

Conclusion

Configuring SMTP in Zabbix is a straightforward but crucial process that significantly enhances monitoring efficiency. Thanks to this configuration, the administrator can receive timely notifications about system issues without constantly checking the dashboard.

The process consists of clearly defined steps: setting up the user’s email, configuring SMTP parameters, and defining notification rules. Each of these stages is logical and easy to verify through built-in test tools.

However, it’s worth noting a potential nuance — notifications may not reach standard users even if everything is set up correctly. This may be due to additional permissions or configuration peculiarities within Zabbix. If you encounter a similar situation, I encourage you to share your solution, as this could help others who are trying to implement the same functionality.

Since my Raspberry Pi already has Postfix + Dovecot installed and configured via a DB connection, there is a need to administer mailboxes. For the convenience of administration, it is implemented through the web interface by the PostfixAdmin service. How to install and configure this service, I will describe step by step in this post.

Requirements for PostfixAdmin

To install PostfixAdmin, I don’t need to install anything additionally, because many services were installed at the previous stage – when installing Postfix and Zabbix. However, it will not be superfluous to check already existing packages and dependencies. For the rest of this article, I will assume that we already have all dependencies installed and configured, namely:

• PHP – php php-mbstring php-intl php-imap php-curl php-mysql php-xml php-sqlite3
• Apache – apache2
• MariaDB – mariadb-client mariadb-server
• Related packages – unzip git composer

Before starting, as always, you need to update the packages:

sudo apt update && sudo apt upgrade

After checking and installing the necessary dependencies, proceed to the installation of PostfixAdmin

Installing PostfixAdmin

PostfixAdmin is downloaded via the git repository.

cd /var/www/html
sudo git clone https://github.com/postfixadmin/postfixadmin.git
sudo chown -R www-data:www-data postfixadmin
cd postfixadmin

To streamline the installation process, you can run the install.sh file, which will install composer, the PHP libraries, and the templates_c directory. This will save you from making mistakes in the future.

chmod +x install.sh
./install.sh

After installation, you can go to the database.

Creating a database for PostfixAdmin

To do this, you need to connect to an already existing or newly created database:

sudo mysql -u root -p<password>

Creating a database and a user, and providing access for this user to interact with the database:

CREATE DATABASE postfixadmin CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'postfixuser'@'localhost' IDENTIFIED BY '<password>';
GRANT ALL PRIVILEGES ON postfixadmin.* TO 'postfixuser'@'localhost';
FLUSH PRIVILEGES;
EXIT;

After the database and the user are defined, proceed to the PostfixAdmin configuration settings

Editing the configuration

The main files are already in the directory at: /var/www/html/postfixadmin. In this directory, instead of editing the main config.inc.php file, you need to create a config.local.php file and write the main configuration parameters there. This configuration file will not be overwritten or corrupted in future updates.

sudo nano config.local.php

In it, we change or add the following lines:

$CONF['configured'] = true;
$CONF['default_language'] = 'en';
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfixuser';
$CONF['database_password'] = '<Password>';
$CONF['database_name'] = 'postfixadmin';
$CONF['encrypt'] = 'dovecot:SHA512-CRYPT';

Creating an Apache virtual host

Since Apache can have many virtual hosts, you need to create another one for PostfixAdmin.

sudo nano /etc/apache2/sites-available/postfixadmin.conf

With the following parameters:

<VirtualHost *:80>
    ServerAdmin admin@localhost
    DocumentRoot /var/www/html/postfixadmin/public
    ServerName postfixadmin.local

    <Directory /var/www/postfixadmin/public>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/postfixadmin_error.log
    CustomLog ${APACHE_LOG_DIR}/postfixadmin_access.log combined
</VirtualHost>

But if you want PostfixAdmin to be accessible only from your local network, replace the <Directory> block with your subnet with the following:

<Directory /var/www/html/postfixadmin>
    Require ip 127.0.0.1
    Require ip 192.168.0.0/24
</Directory>

In order for the changes to take effect, you need to activate the site:

sudo a2ensite postfixadmin.conf
sudo a2enmod rewrite
sudo systemctl reload apache2

Since no one except the server knows about the postfixadmin.local domain anymore, in order not to register this domain separately on each host, I added this entry in the settings of my UXG Lite router: Settings -> Routing -> DNS -> Create Entry -> entry type A. Such settings are applied locally almost instantly.

After restarting the Apache server, you can go to the web interface at the address: http://postfixadmin.local/setup.php

PostfixAdmin web service configuration

The first visit to http://postfixadmin.local/setup.php will prompt you to generate a hash for the password you just created. This hash must be entered in the configuration file config.local.php

$CONF['setup_password'] = '$2y$10$.tW14352cmjVC3N07u9MQOphugNCl5tIOAdwhYLs21XT7/TwR7Lo.';

In most cases, the user may also encounter errors that are fatal for further configuration. Therefore, if you did not encounter an error when generating the hash, then all the flags should be green. Unfortunately, I also encountered errors that are quite lively discussed on the Internet, namely:

• Password Hashing – attempted to use configured encrypt backend (dovecot:SHA512-CRYPT) triggered an error: /usr/bin/doveadm pw failed, see error log for details
• You will have problems logging into PostfixAdmin.
• Check out our Dovecot documentation at https://github.com/postfixadmin/postfixadmin/blob/master/DOCUMENTS/DOVECOT.txt, specifically around ‘3. Permissions’.

There are many methods to solve the access problem, but I will cover only two of them:

It is necessary to create a new configuration file for SSL keys, copy only the parameters of SSL keys to this file, add a link to the auxiliary SSL file at the end of the main dovecot configuration file, change the rights and owner for this file and restart dovecot to apply the changes.

This method is probably one of the simplest, but the danger lies in the fact that, for example, if wordpress and a mail server are installed on the server, then an attacker who gains unauthorized access to the www-data user will be able to gain access to all resources belonging to the Dovecot group, for example: sockets, configs, caches, logs with usernames. I tried this option for educational purposes, but I do not recommend it, but I will share the settings:

sudo nano /etc/dovecot/conf.d/ssl-keys.conf
# add path to certificates
ssl_cert = ...
ssl_key = ...

sudo nano /etc/dovecot/conf.d/10-ssl.conf
# remove or comment out these lines
ssl_cert = ...
ssl_key = ...

sudo nano /etc/dovecot/dovecot.conf
# add a link to the new file at the end of the file
!include_try /etc/dovecot/conf.d/ssl-keys.conf

# change permissions and owner of new file add www-data to dovecot group 
sudo chown root:root /etc/dovecot/conf.d/ssl-keys.conf
sudo chmod 644 /etc/dovecot/conf.d/ssl-keys.conf
sudo usermod -aG dovecot www-data

# restart services
sudo systemctl restart dovecot apache2

It provides isolation between the web server and the mail server by giving the www-data user permission to the certificates, but this method did not work for me!

sudo setfacl -R -m u:www-data:rx /etc/letsencrypt/live/ /etc/letsencrypt/archive/
sudo setfacl -R -m u:www-data:rwx /var/run/dovecot/stats-reader /var/run/dovecot/stats-writer

After making changes, reload the page and enter the superadministrator password again. The solution worked for me, so my errors disappeared.

Let’s move on, namely the creation of a superuser! To do this, you need to fill out a form with 4 fields:

• Setup password – enter the current password
• Admin – email for super administrator login
• Password – complex password
• Password (again) – repeat a complex password

After that, click on the Add Admin button.

The successful creation will be indicated by the line:

After the superuser is created, you can log in and continue with the settings. To do this, go to the login page http://postfixadmin.local/login.php

We enter the data of the super administrator that was created in the previous step and continue the settings.

This is what the dashboard looks like

Add a domain

On the dashboard, click the Overview button, and a window opens where you need to create a domain. Click the Add Domain button

In the Add a new domain window, there will be several fields that need to be filled in:

• Domain – my domain for mail as on this site – ostrich.kyiv.ua
• Description – the usual description, the field is not mandatory, but I filled it – Ostrich mail domain
• Forwards – is the number of forwarding mailboxes, I entered 15, I think it’s enough
• Mailboxes – is the total number of mailboxes that can be created in this mail server, I entered 15, I think it’s enough
• Mail server – is backup MX – there should not be a checkmark, because this is the main server and not a secondary one
• Active – the check mark must be there for the domain to be active
• Add default mail aliases – if checked, 4 aliases will be created: abuse, hostmaster, postmaster, webmaster

Add a mailbox

On the dashboard, click the Add Mailboxes button, and the Create a new mailbox for your domain window opens. where you need to fill out a form for a new user.

• Username – username (mailbox) for the ostrich.kyiv.ua domain
• Password – complex password
• Password (again) – repeat a complex password
• Name – the full name of the user
• Quota – for the test user, I set a quota of 10 megabytes, but if the field is empty, then the quota is not applied
• Active – ticked to activate this email
• Send Welcome mail – check the box to receive a welcome mail from the server when testing the mail client
• Other e-mail – mailbox for password recovery

After filling out the form, click Add Mailbox and the mail is instantly created

Postfix and Dovecot configuration

I previously created three configuration files, they need to be changed, namely to replace the username, password and name of the database for connection, the SQL query remains unchanged. I have these files at the base address: /etc/postfix/

• mysql-virtual-mailbox-domains.cf

user = postfixuser
password = <password>
hosts = 127.0.0.1m
dbname = postfixadmin
query = SELECT domain FROM domain WHERE domain='%s' AND active = 1

• mysql-virtual-mailbox-maps.cf

user = postfixuser
password = <password>
hosts = 127.0.0.1
dbname = postfixadmin
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1

• mysql-virtual-alias-maps.cf

user = postfixuser
password = <password>
hosts = 127.0.0.1
dbname = postfixadmin
query = SELECT goto FROM alias WHERE address='%s' AND active = 1

The database connection configuration must also be written in the dovecot-sql.conf.ext file

driver = mysql
connect = host=127.0.0.1 dbname=postfixadmin user=postfixuser password=<password>
default_pass_scheme = SHA512-CRYPT
password_query = SELECT username as user, password FROM mailbox WHERE username = '%u' AND active = 1

No more changes to the configuration should be made, so you can reload the services and check the mail

sudo systemctl restart postfix
sudo systemctl restart dovecot

Checking mail

If thunderbird was previously configured, it will continue to work in normal mode, provided that the mailbox password has not been changed. The same thing happened to me, when I opened the mail client, I received a welcome letter from the server, which indicates that the settings are correct.

Conclusions

Using services or applications greatly facilitates administration. If you are considering a Postfix mail server in a large organization, then PostfixAdmin will be a fairly simple and convenient tool for managing mail user accounts.

Postfix is a popular Mail Transfer Agent (MTA) that allows email forwarding through various mechanisms. This guide covers user-level forwarding.

My Postfix is configured to store email in the home user directory. It means each system user has its own mailbox. You can see this feature in the /etc/postfix/main.cf file:

home_mailbox = Maildir/

Since users are created as local system accounts, email forwarding needs to be handled using the ~/.forward file for each specific user.

Need to perform configuration and test by the next steps:

• Creating the Forwarding File
• Identifying Forwarded Emails
• Verifying Forwarding

Creating the Forwarding File

To create the forwarding file, use the terminal with sudo rights. In this example, I will use the “ostrich” account.

sudo nano /home/ostrich/.forward

Add only the address to which emails will be forwarded

[email protected]

With this setup, forwarded emails will not be saved on the server. To keep the forwarded emails on the server, you need to add the user’s name followed by a slash before the forwarding address. This way, the forwarded email will remain on the server.

\ostrich, [email protected]

After saving the changes, it’s recommended to change the file’s permissions

chmod 600 /home/ostrich/.forward
chown ostrich:ostrich /home/ostrich/.forward

Identifying Forwarded Emails

In Postfix, it’s possible to add an identifier or signature to forwarded emails. I will do this using header_checks. This method allows modifying the message headers before forwarding.

In the main.cf configuration file, add the following line:

header_checks = regexp:/etc/postfix/header_checks

Since this file doesn’t exist yet, create it and add the header modification line

sudo nano /etc/postfix/header_checks

Add the following line

/^Received:/ PREPEND X-Forwarded-By: Ostrich Mail

This line adds a new header X-Forwarded-By: Ostrich Mail to each email that passes through Postfix and contains a Received header.

After that, restart the Postfix service

systemctl restart postfix

Now, let’s move on to test

Verifying Forwarding

I sent an email from my Gmail account to my Ostrich account, which was then forwarded to my Hotmail server.

After logging in to Hotmail, I opened the email and reviewed the headers.

X-Forwarded-By: Ostrich Mail

The X-Forwarded-By header was present, confirming that the settings were correctly applied, and the service was working as expected

Conclusion

The email forwarding process in Postfix can be efficiently configured by setting up the ~/.forward file and utilizing the header_checks to add identifiers like X-Forwarded-By. This ensures both the proper forwarding of messages and clear identification of forwarded emails.