Quick Configuration of Postfix Mail server



Posted: Sunday, July 09, 2006

by
hedaya

Postfix Configuration

This report gives idea about my work and my conclusion on my work with Postfix. 1. The documentation about Postfix can be found in www.postfix.org. In this site you can find the most helpful information to configure postfix. But in this report I will give idea about the basic configuration without going deep for the moment. 2. Attached an explanation about how the mail is processed inside the Postfix. 3. The postfix that come with Redhat 9 is version 1, while a Postfix version 2 supports a lot more functions, so my work actually is based on Postfix version 1 with its limitation. 4. First, it is better to build BIND server, I created the master zone localdomain.msft owned by my machine linux1.localdomain.msft and after that I restarted the BIND service (service named restart). 5. I restarted the Postfix service, by (service postfix restart) 6. Then, I modified the /etc/postfix/main.cf file to have the initial configuration a) The myhostname parameter describes the fully-qualified domain name of the machine running the Postfix system. myhostname = linux1.localdomain.msft The mydomain parameter specifies the parent domain of $myhostname. mydomain = localdomain.msft b) The mynetworks parameter lists all networks that this machine somehow trusts. Default (Trust SMTP clients in the IP subnetworks that Postfix is connected to): mynetworks_style = subnet Alternatively, you can specify the mynetworks list by hand, in which case Postfix ignores the mynetworks_style setting. mynetworks = 10.12.0.0/16, 127.0.0.0/8 c) The inet_interfaces parameter specifies all network interface addresses that the Postfix system should listen on. The default is to listen on all active interfaces. inet_interfaces = all d) The myorigin parameter specifies the domain that appears in mail that is posted on this machine. The default is to use the local machine name, $myhostname, which defaults to the name of the machine. myorigin = $myhostname (default) e) The mydestination parameter specifies what domains this machine will deliver locally, instead of forwarding to another machine. The default is to receive mail for the machine itself. If your machine is a mail server for its entire domain, you must list $mydomain as well. mydestination = $myhostname localhost.$mydomain f) Clients to relay mail for: By default, Postfix will relay mail for clients in authorized networks and in authorized domains. Authorized client networks are defined by the mynetworks parameter. The default is to authorize all clients in the IP subnetworks that the local machine is attached to. Authorized client domains are by defined by the relay_domains configuration parameter. The default setting trusts clients with hostnames below the domain(s) listed in mydestination. g) Trouble to report to the postmaster: The Postfix system itself also reports problems to the postmaster alias. You may not be interested in all types of trouble reports, so this reporting mechanism is configurable. The default is to report only serious problems (resource, software) to postmaster notify_classes = resource, software h) After I make the changes, I must reload postfix (service postfix reload) 7. Example: From: Sana@linux1.localdomain.msft, To: Sana@linux1.localdomain.msft The email will be delivered to sana@linux1.localdomain.msft But when I give From: Sana@linux1.localdomain.msft, To: Sana@localdomain.msft The email will not be delivered When I give From: Sana@linux1.localdomain.msft, To: hasooly@gov.ps The email will not be delivered. 8. Address Rewriting: Before the cleanup daemon runs an address through any lookup table, it first rewrites the address to the standard user@fully.qualified.domain form, by sending the address to the trivial-rewrite daemon. The purpose of rewriting to standard form is to reduce the number of entries needed in lookup tables. Example From: Sana@linux1.localdomain.msft, To: Sana The email will be delivered to Sana@linux1.localdomain.msft 9. Canonical Address Mapping: Before the cleanup daemon stores inbound mail into the incoming queue, it uses the canonical table to rewrite all addresses in message envelopes and in message headers, local or remote. Example, /etc/postfix/ main.cf canonical_maps = hash:/etc/postfix/canonical /etc/postfix/canonical userx sana@linux1.localdomain.msft usery sameera@linux1.localdomain.msft Then I have to make postmap /etc/postfix/canonical/, service postfix reload. Then I tested it, From: Sana@linux1.localdomain.msft, To: userx I see the email is delivered to sana@linux1.localdomain.msft 10. Address Masquarding: Address masquerading is a method to hide all hosts inside a domain behind their mail gateway, and to make it appear as if the mail comes from the gateway itself, instead of from individual machines. Example main.cf masquerade_domains = $mydomain Then I have to reload postfix. I tested it From: Sana@linux1.localdomain.msft, To: Sana@linux1.localdomain.msft I see the email is written to sana@localdomain.msft Subtle point: by default, address masquerading is applied only to message headers and to envelope sender addresses, but not to envelope recipients. This allows you to use address masquerading on a mail gateway machine, while still being able to forward mail from outside to users on individual machines. 11. Virtual Address Mapping: After applying the canonical and masquerade mappings, the cleanup daemon uses the virtual table to redirect mail for all recipients, local or remote. The mapping affects only envelope recipients it has no effect on message headers or envelope senders. Virtual lookups are useful to redirect mail for virtual domains to real user mailboxes, and to redirect mail for domains that no longer exist. Example /etc/postfix/main.cf virtual_maps = hash:/etc/postfix/virtual /etc/postfix/virtual userx@yahoo.net sana@linux1.localdomain.msft Then, I make service postfix reload, and postmap /etc/postfix/virtual. From: Sana@linux1.localdomain.msft, To: userx@yahoo.net The email will be delivered to sana@linux1.localdomain.msft and written (To: userx.yahoo.net). 12. Relocated users table: Next, the queue manager runs each recipient name through the relocated database. This table provides information on how to reach users that no longer have an account, or what to do with mail for entire domains that no longer exist. When mail is sent to an address that is listed in this table, the message is bounced with an informative message. Example /etc/postfix/main.cf relocated_maps = hash:/etc/postfix/relocated /etc/postfix/relocated user10@linux1.localdomain.msft Then, I make service postfix reload, and postmap /etc/postfix/relocated, then test From: Sana@linux1.localdomain.msft, To: user10@linux1.localdomain.msft A message appear that the user transferred 13. Mail transport switch Once the queue manager has established the destination of a message, the optional transport table controls how the message will be delivered (this table is used by the address rewriting and resolving daemon). By default, everything is sent via the smtp transport. The transport table can be used to send mail to specific sites via UUCP, or to send mail to a really broken mail system that can handle only one SMTP connection at a time. /etc/postfix/main.cf transport_maps = hash:/etc/postfix/transport /etc/postfix/transport .ps smtp : 10.12.0.31 .com smtp : 10.12.0.31 .localdomain.msft local : Then, I make service postfix reload, and postmap /etc/postfix/transport, then test From: Sana@linux1.localdomain.msft, To: hasooly@gov.ps The email is delivered to my account hasooly@gov.ps, but I cant replay back. 14. Mail from inside interanet The simplest way to set up Postfix on a host inside a firewalled network is to send all your mail to an intranet mail gateway, and to let that mail gateway take care of forwarding. a. Send mail as user@domain: /etc/postfix/main.cf: myorigin = $mydomain b. Forward all mail to an intranet mail gateway, except for mail for the local machine: /etc/postfix/main.cf: relayhost = [10.12.0.31] c. If your intranet does not use DNS internally, you have to disable DNS lookups as well: /etc/postfix/main.cf: disable_dns_lookups = yes I tested the relayhost and I found it works well 15. In addition to the above you can configure Postfix to deliver intranet mail directly instead of sending it via the intranet mail gateway. Specify routing information for the internal domain in the transport table, and enable transport table lookups. /etc/postfix/transport: .com smtp: .ps smtp: .localdomain.msft local: !!!important!!! /etc/postfix/main.cf: transport_maps = hash:/etc/postfix/transport 16. When mail is to be delivered locally, the local delivery agent runs each local recipient name through the aliases database. The mapping does not affect addresses in message headers. Local aliases are typically used to implement distribution lists, or to direct mail for standard aliases such as postmaster to real people. Alias lookups are enabled by default. The default configuration depends on the system environment, but it is typically one of the following: alias_maps = hash:/etc/aliases. The path to the alias database file is controlled via the alias_database configuration parameter. The value is system dependent. Usually it is one of the following: alias_database = hash:/etc/aliases (4.4BSD, LINUX) 17. Per-user .forward files (Not tested) Users can control their own mail delivery by specifying destinations in a file called .forward in their home directories. The syntax of these files is the same as with system aliases, except that the lookup key and colon are not present 18. Non-existent users (Not tested): When the local delivery agent finds that a message recipient does not exist, the message is normally bounced to the sender ("user unknown"). Sometimes it is desirable to forward mail for non-existing recipients to another machine. For this purpose you can specify an alternative destination with the luser_relay configuration parameter. Alternatively, mail for non-existent recipients can be delegated to an entirely different message transport, as specified with the fallback_transport configuration parameter. 19. UCE Control Postfix offers a variety of parameters that limit the delivery of unsolicited commercial email (UCE). • Header filtering • Body filtering • Client hostname/address restrictions • Require HELO (EHLO) command • HELO (EHLO) hostname restrictions • Require strict RFC 821-style envelope addresses • Sender address restrictions • Recipient address restrictions • ETRN command restrictions • Generic restrictions • Additional UCE control parameters 20. Header Filtering The header_checks parameter restricts what is allowed in message headers. Patterns are applied to entire logical message headers, even when a header spans multiple lines of text. (main.cf): header_checks = regexp:/etc/postfix/header_checks header_checks = pcre:/etc/postfix/header_checks (header_checks): /^to: *hasooly@gov.ps$/ REJECT Then make service postfix reload. When tested, From: Sana@linux1.localdomain.msft, To: hasooly@gov.ps I give a message that mail cant accepted. 21. Client hostname/address restrictions The smtpd_client_restrictions parameter restricts what clients this system accepts SMTP connections from. By default, this restriction is applied when the client sends the RCPT TO command. In order to have the restriction take effect as soon as possible, specify smtpd_delay_reject = no in the Postfix main.cf configuration file. Example: smtpd_client_restrictions = hash:/etc/postfix/access smtpd_client_restrictions = permit_mynetworks, reject_unknown_client I tested it and it work ok 22. Sender address restrictions The smtpd_sender_restrictions parameter restricts what sender addresses this system accepts in MAIL FROM commands. By default, this restriction is applied when the client sends the RCPT TO command. In order to have the restriction take effect as soon as possible, specify smtpd_delay_reject = yes in the Postfix main.cf configuration file. Example: smtpd_sender_restrictions=hash:/etc/postfix/access, reject_unknown_sender I tested it and work well. 23. The smtpd_recipient_restrictions parameter restricts what recipient addresses this system accepts in RCPT TO commands. Default: smtpd_recipient_restrictions = permit_mynetworks, check_relay_domains By default, the Postfix SMTP server relays mail: • from trusted clients whose IP address matches $mynetworks, • from trusted clients whose hostname matches $relay_domains or a subdomain thereof, • from untrusted clients to destinations that match $relay_domains or a subdomain thereof, except for addresses that contain sender-specified routing (user@elsewhere@domain). In addition to the above, the Postfix SMTP server by default accepts mail for which Postfix is the final destination: • to destinations that match $inet_interfaces, • to destinations that match $mydestination, • to destinations that match $virtual_maps. Example: smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination I tested and it and work well 24. The log files can be found in /var/log/maillog or in /var/log/mail. 25. The mail boxes can be found in /var/mail/ or in /var/spool/mail

By Dr. Hedaya Alasooly

This Article has been viewed 2,777 times. (Not updated in real-time.)
No comments yet.
We want your comments! If you can read this, you don't have javascript enabled, so you can't use this comment system. Please enable javascript.