Synology & SMTP

This box runs Linux and many of my favourite services so can handle Postfix, Dovecot, SpamAssassin and many others that are documented here. There are a few quirks though. After all it is highly stylised and GUI based so the configs are driven by the web interface. That just needs some careful consideration as they will be overwritten every time the server starts. So you just need to ensure you edit the “template” files that the GUI will apply.

Adding SMTP support for TLS

Normally you’d edit the Postfix config file /volume1/@appstore/MailServer/etc/main.cf, but as this gets overwritten you need to make changes to /var/packages/MailServer/target/etc/template/main.template file instead.

Here are the changes/additions made to the end of the file to get TLS working to recipient servers, I also commented out the authenticated header as I don’t want external recipients knowing too much about the setup of my server and users:

# smtpd_sasl_authenticated_header = yes 
 smtpd_use_tls=true
 smtpd_tls_mandatory_protocols = TLSv1
 smtpd_tls_mandatory_ciphers = medium
 smtp_tls_loglevel=1
 smtp_tls_security_level=may
 smtp_tls_mandatory_protocols = TLSv1
 smtp_tls_mandatory_ciphers = medium
 smtp_tls_note_starttls_offer=yes
 smtpd_tls_received_header=yes

There’s already a header_checks added in to help us to obfuscate our internal details:

header_checks = regexp:/var/packages/MailServer/target/etc/header_checks

So here’s the header_checks file:
Content of /etc/postfix/header_checks so it removes headers with the internal IP range:

/^Received:.*\[192\.168\.[0-9]\.[0-9]/ IGNORE
 /^Received:.*\[127\.0\.0\.1/ IGNORE