Postfix: A Secure and Easy-to-Use MTA
Pages: 1, 2

Setting the Production Environment

If you're running Postfix in a production environment, you'll need to add some additional configurations such as a Primary MX, Virtual Domains, Host Relays and a Secondary MX. Some of these options require building a hash style database. Postfix uses a utility called postmap, a replacement for makemap with a similar syntax.

Primary MX entries

If your machine accepts mail for domains outside your network, setting the primary MX entries correctly is a critical component in the Postfix configuration. This is accomplished by editing main.cf and appending to the end of the file:

relay_domains = $mydestination, /usr/local/etc/postfix/relay-domains

Edit the file relay-domains according to this format:

another_domain.com
second_domain.com
third_domain.com

Secondary MX entries

In the event your server is used as a secondary exchanger as defined in the DNS record (MX), you may define allowable domains by editing main.cf and adding the line:

relay_domains = $mydestination the.backed-up.domain.com

You may optionally choose to allow the world to MX through your host. Edit smtpd.cf, then add the line:

smtpd_recipient_restrictions = permit_mx_backup

Remember to reload Postfix after changing main.cf.

Virtual hosting

Virtual Hosting is the ability to receive and redirect mail for a user of another domain, not our own, to a local user or a user on a remote system. For example, joe@foo.com might redirect to joe@localhost, or joe@foo.com may also redirect to joe@another_domain.com.

Creating a Virtual Domain is accomplished by editing main.cf and appending to the end of the file:

virtual_alias_maps = hash:/usr/local/etc/postfix/virtual

Edit the file virtual according to this format, the same as of virtusertable under Sendmail:

user@domain.com         
user@localhost
# or user@remote.domain

Then, hash it to a database.

% postmap /usr/local/etc/postfix/virtual < /usr/local/etc/postfix/virtual

Relay Domains

If you allow your host to act as an SMTP relay, you need to configure the relay options under main.cf. Under the section Trust and Control, look to mynetworks for a list of variable options. In this example, we allow relaying based on two network subnets. This means that hosts within the class C ranges of 168.100.189.0 and localhost 127 can relay.

mynetworks = 168.100.189.0/24, 127.0.0.0/8

If you run into problems or require additional configuration sets, I suggest consulting the Postfix FAQ.

Example configuration

# Global Postfix configuration file. This file lists only a subset
# of all 250+ parameters. See the sample-xxx.cf files for a full list.
# NOTE - CHANGE NO MORE THAN 2-3 PARAMETERS AT A TIME, AND TEST IF
# POSTFIX STILL WORKS AFTER EVERY CHANGE.
queue_directory   = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory   = /usr/local/libexec/postfix

mail_owner = postfix
myhostname = bar.foo.com
mydomain   = foo.com
myorigin   = $bar.foo.com

unknown_local_recipient_reject_code = 450

# Here is the MX (mx) stuff
relay_domains = $mydestination, /usr/local/etc/postfix/relay-domains

# The aliases
alias_maps     = hash:/usr/local/etc/postfix/aliases
alias_database = hash:/usr/local/etc/postfix/aliases

debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin \
	xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path   = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path      = /usr/local/bin/mailq

setgid_group    = maildrop

manpage_directory = /usr/local/man
sample_directory  = /usr/local/etc/postfix/samples
readme_directory  = no

# Here is the Virtual User stuff
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual

# Allow local and remote network to relay through this machine
mynetworks = 168.100.189.0/24, 127.0.0.0/8

Start scripts

Postfix uses the same start parameters as Sendmail, so most existing start-scripts should suffice. In the unlikely event your sendmail-ish scripts fail or hang, try starting Postfix from rc.local or, under BSD, /usr/local/etc/rc.d/postfix.sh. The syntax is:

% /usr/local/sbin/postfix start &

Summary

Postfix is a robust, secure MTA. I was impressed with the ease of installation, well-defined documentation, and its ability to receive and relay mail without complex configuration. I've compiled Postfix under Solaris, various flavors of BSD, Slackware, and Red Hat. A wide range of add-on software including phpMailAdmin helps add an additional layer of functionality. Today I see Postfix as a major contender in the race for secure E-mail communications.

Glenn Graham has been working with telecommunications since 1977.

Return to the Linux DevCenter.

Have a question about installation or configuration? Ask Glenn here.
You must be logged in to the O'Reilly Network to post a talkback.

Showing messages 1 through 9 of 9.

• About make world reinstalling sendmail bins..
  2004-04-30 13:43:14  thib [Reply | View]
  
  
  In FreeBSD you can set 'NO_SENDMAIL =true' in your make.conf wich we prevent the install of sendmail bins. I do now know about the other *BSD flavours.

• Good for stopping sobig.f too
  2003-08-24 14:03:36  anonymous2 [Reply | View]
  
  
  You can easily filter out sobig.f with postfix too. This can be done by adding "body_checks = regexp:/etc/postfix/body_checks" to main.cf, and creating a file named "body_checks" in /etc/postfix. Just add the following to the body_checks to accomplish filtering of .scr and .pif attachments:
  
  
  
  /[TAB SPACE]name=.*\.pif/ REJECT This mail server does not accept this type of attachment
  
  /[TABSPACE]name=.*\.scr/ REJECT This mail server does not accept this type of attachment
  
  
  
  where TAB is a tab character and SPACE is a space character. This has worked well for me.

• another reason to choose postfix...
  2003-08-23 04:34:52  anonymous2 [Reply | View]
  
  
  ...is that the upcoming Panther release of Mac OS X uses postfix as the default MTA. Once Panther is out and about, there will probably be a lot more people learning about, improving, and extending postfix.
• another reason to choose postfix...
  2003-08-31 07:57:04  anonymous2 [Reply | View]
  
  
  I got it in and it works fine but I can get my mail on the command line only. How would I configure the Apple Mail.app client to send and recieve via Postfix?
  Any help appreciated.
  thanks,
  Kevin.
• Great info here...
  2003-11-02 20:47:25  anonymous2 [Reply | View]
  
  
  http://www.roadstead.com/weblog/Tutorials/PostfixEnabler.html

• mailwrapper
  2003-08-22 05:23:52  kostikbel [Reply | View]
  
  
  Why do you recommend to do something with /usr/sbin/sendmail etc ? You already mentioned /etc/mail/mailer.conf, that (on the BSD systems, and you article is about BSD; Linuxes like Debian have alternatives) allow to point /usr/bin/sendmail to the postfix binary. Than you will have no troubles with make world, and everything will work as expected. Very strange.
• mailwrapper
  2003-10-29 07:31:40  anonymous2 [Reply | View]
  
  
  I think you are asking why there is a sendmail path in the config - sendmail_path = /usr/local/sbin/sendmail
  
  The reason is that some other application expect "sendmail" and the path is given for compatibility

• Non-rfc821 syntax
  2003-08-22 04:08:23  anonymous2 [Reply | View]
  
  
  Hi!
  
  This is wrong:
  RCPT TO: glenn@localhost
  
  Should be:
  RCPT TO:<glenn@localhost>
  
  You can enforce this by saying strict_rfc821_envelopes = yes
  on your main.cf file.
  
• Non-rfc821 syntax
  2008-01-22 05:33:24  4587 [Reply | View]
  
  
  Good , very good SITE !!! THANK YOU FOR THIS site!!
  Nice job!Can I put you link on my site?
  ------
  P.S [url=http://clarinex-buy.freecyberzone.com/buy%20clarinex%20/buy-clarinex.htm]buy clarinex[/url]
  [url=http://liverfan.freecyberzone.com/1/index.htm/]amaryl[/url]
  [url=http://amaryl-buy.freecyberzone.com/amaryl/buy-amaryl.htm]buy amaryl[/url]
  [url=http://liverfan.moy.su]liverfan[/url]