Source: https://www.vennedey.net/postfix-tempmail
postfix-tempmail
implements a Postfix socketmap table lookup service for temporary trashmail-like e-mail addresses.
The idea is to generate an e-mail address from a date and a secret. Everyone who knows the secret (you and your mail server) will be able to generate the e-mail address for a given date. This e-mail address can then be used to sign up for a service or generated dynamically and published on your website and will only be valid for the current day.
Here is an example PHP code
$secret = "<Your secret>";
echo substr(md5(date("Ymd").$secret),0,8).'@example.com';
This will print a different e-mail address like [email protected]
for every day.
One problem with this technique is that if someone starts writing an e-mail at 23:59, he likely won't be finished before the address he uses expires. To solve this, two temporary addresses will always be valid: The one generated from the current date, and the one generated from yesterday's date.
To make this work with postfix
, we need a way to map the temporary addresses to a permanent address. This is done by postfix-tempmail
.
postfix-tempmail
comes as simple bash implementation of a socketmap table lookup service. This means that postfix-tempmail
can be queried by postfix
using TCP/IP and Unix domain sockets.
postfix-tempmail
is hosted on GitHub and can be installed with the following instructions:
root@mailhost:~# apt-get install git socat
root@mailhost:~# git clone https://github.com/68b32/postfix-tempmail.git
root@mailhost:~# install -o postfix -g root -m 0460 postfix-tempmail/tempmail.cf /etc/postfix
root@mailhost:~# install -o postfix -g root -m 0550 postfix-tempmail/postfix-tempmail /usr/local/bin
root@mailhost:~# install -o postfix -g root -m 0750 -d /var/spool/postfix/postfix-tempmail
root@mailhost:~# install -o root -g root -m 0644 postfix-tempmail/postfix-tempmail.service /etc/systemd/system
root@mailhost:~# systemctl daemon-reload
Once postfix-tempmail
is installed, it needs to be configured. The configuration is done in /etc/postfix/tempmail.cf
. Most likely only the first three variables needs to be configured.
-
SHARED_SECRET
The secret as described above. This will be used to generate the temporary e-mail addresses. -
DOMAIN
The domain of the generated e-mail addresses. -
MAILDROP
The address that is mapped to the temporary addresses. This is where mail sent to temporary addresses is delivered to. -
LENGTH
This parameter sets the length of the part of the e-mail address before the@
. -
SOCKETMAP_SOCKET_TYPE
Type of socket to be used for communication withpostfix
.
unix
: Use Unix domain socket (seeSOCKETMAP_UNIX_SOCKET_*
variables for further configuration).
inet
: Use TCP/IP socket (seeSOCKETMAP_INET_*
variables for further configuration). -
SOCKETMAP_UNIX_SOCKET_PATH
The path of the Unix Domain Socket. -
SOCKETMAP_UNIX_SOCKET_OWNER_UID
The owner UID of the Unix Domain Socket. -
SOCKETMAP_UNIX_SOCKET_OWNER_GID
The owner GID of the Unix Domain Socket. -
SOCKETMAP_UNIX_SOCKET_MODE
The permissions for the Unix Domain Socket. -
SOCKETMAP_INET_INTERFACE
The IP of the interface to listen to ininet
mode. -
SOCKETMAP_INET_PORT
The TCP port to listen to ininet
mode. -
SOCKETMAP_NAME
The name of the service as required by the socket map protocol. This name has to be provided in postfix'svirtual_alias_maps
directive. -
SOCKETMAP_MAX_NETSTRING_LENGTH
The maximum length allowed for apostfix
query. The default of512
is more than sufficient. -
PARSER_RUN_UID
The UID the parser process should be run with. Use this only if you run the listener process asroot
(not recommended).
In the default configuration the listener process runs as user postfix
. This can be changed in the systemd unit file /etc/systemd/system/postfix-tempmail.service
. When changing the user and using Unix domain sockets, make sure to allow the user running postfix-tempmail
to access the socket by configuring SOCKETMAP_UNIX_SOCKET_OWNER_*
and SOCKETMAP_UNIX_SOCKET_MODE
properly. Also be aware that the socket needs to be accessible by the postfix
process which might run chrooted (/var/spool/postfix
).
To test the configuration, first run postfix-tempmail
without arguments to list the current addresses.
root@mailhost:~# postfix-tempmail
[email protected]
[email protected]
Now start the listener and query for the addresses using the postmap
command.
root@mailhost:~# systemctl start postfix-tempmail
root@mailhost:~# postmap -q [email protected] socketmap:unix:/var/spool/postfix/postfix-tempmail/socket:tempmail
[email protected]
root@mailhost:~# postmap -q [email protected] socketmap:unix:/var/spool/postfix/postfix-tempmail/socket:tempmail
[email protected]
root@mailhost:~# postmap -q [email protected] socketmap:unix:/var/spool/postfix/postfix-tempmail/socket:tempmail
If this does not work, check systemctl status postfix-tempmail -l
for errors.
To activate postfix-tempmail
in postfix
append it to the virtual_alias_maps
directive in /etc/postfix/main.cf
. Be aware that postfix
usually runs in a chroot (/var/spool/postfix
), so that the path to the Unix domain socket needs to be given accordingly.
virtual_alias_maps = ... socketmap:unix:/postfix-tempmail/socket:tempmail
Reload postfix
, and try to send an e-mail to your temporary address.
root@mailhost:~# systemctl reload postfix
Enable postfix-tempmail
to start on boot just before postfix
.
root@mailhost:~# systemctl enable postfix-tempmail
Created symlink from /etc/systemd/system/postfix.service.wants/postfix-tempmail.service to /etc/systemd/system/postfix-tempmail.service.