BSD DevCenter
oreilly.comSafari Books Online.Conferences.

advertisement

BSD Content

All Articles

Big Scary Daemons

Free BSD Basics

OpenBSD Explained

Securing Small Networks


BSD Topics

Administration

Application Development

Archiving

Community

Compatibility Issues

Email

Firewalls

FreeBSD

Getting Started

Kernel

NetBSD

Networking

OpenBSD

Security

Web Design and Development


ONLamp Subjects

Linux

Apache

MySQL

Perl

PHP

Python

BSD


Postfix: A Secure and Easy-to-Use MTA
Pages: 1, 2

Setting the Production Environment

If you're running Postfix in a production environment, you'll need to add some additional configurations such as a Primary MX, Virtual Domains, Host Relays and a Secondary MX. Some of these options require building a hash style database. Postfix uses a utility called postmap, a replacement for makemap with a similar syntax.



Primary MX entries

If your machine accepts mail for domains outside your network, setting the primary MX entries correctly is a critical component in the Postfix configuration. This is accomplished by editing main.cf and appending to the end of the file: 

relay_domains = $mydestination, /usr/local/etc/postfix/relay-domains

Edit the file relay-domains according to this format:

another_domain.com
second_domain.com
third_domain.com

Secondary MX entries

In the event your server is used as a secondary exchanger as defined in the DNS record (MX), you may define allowable domains by editing main.cf and adding the line:

relay_domains = $mydestination the.backed-up.domain.com

You may optionally choose to allow the world to MX through your host. Edit smtpd.cf, then add the line: 

smtpd_recipient_restrictions = permit_mx_backup

Remember to reload Postfix after changing main.cf.

Virtual hosting

Virtual Hosting is the ability to receive and redirect mail for a user of another domain, not our own, to a local user or a user on a remote system. For example, joe@foo.com might redirect to joe@localhost, or joe@foo.com may also redirect to joe@another_domain.com.

Creating a Virtual Domain is accomplished by editing main.cf and appending to the end of the file:

virtual_alias_maps = hash:/usr/local/etc/postfix/virtual

Edit the file virtual according to this format, the same as of virtusertable under Sendmail: 

user@domain.com         
user@localhost
# or user@remote.domain

Then, hash it to a database.

% postmap /usr/local/etc/postfix/virtual < /usr/local/etc/postfix/virtual

Relay Domains

If you allow your host to act as an SMTP relay, you need to configure the relay options under main.cf. Under the section Trust and Control, look to mynetworks for a list of variable options. In this example, we allow relaying based on two network subnets. This means that hosts within the class C ranges of 168.100.189.0 and localhost 127 can relay.

mynetworks = 168.100.189.0/24, 127.0.0.0/8

If you run into problems or require additional configuration sets, I suggest consulting the Postfix FAQ.

Example configuration

# Global Postfix configuration file. This file lists only a subset
# of all 250+ parameters. See the sample-xxx.cf files for a full list.
# NOTE - CHANGE NO MORE THAN 2-3 PARAMETERS AT A TIME, AND TEST IF
# POSTFIX STILL WORKS AFTER EVERY CHANGE.
queue_directory   = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory   = /usr/local/libexec/postfix

mail_owner = postfix
myhostname = bar.foo.com
mydomain   = foo.com
myorigin   = $bar.foo.com

unknown_local_recipient_reject_code = 450

# Here is the MX (mx) stuff
relay_domains = $mydestination, /usr/local/etc/postfix/relay-domains

# The aliases
alias_maps     = hash:/usr/local/etc/postfix/aliases
alias_database = hash:/usr/local/etc/postfix/aliases

debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin \
	xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path   = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path      = /usr/local/bin/mailq

setgid_group    = maildrop

manpage_directory = /usr/local/man
sample_directory  = /usr/local/etc/postfix/samples
readme_directory  = no

# Here is the Virtual User stuff
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual

# Allow local and remote network to relay through this machine
mynetworks = 168.100.189.0/24, 127.0.0.0/8

Start scripts

Postfix uses the same start parameters as Sendmail, so most existing start-scripts should suffice. In the unlikely event your sendmail-ish scripts fail or hang, try starting Postfix from rc.local or, under BSD, /usr/local/etc/rc.d/postfix.sh. The syntax is:

% /usr/local/sbin/postfix start &

Summary

Postfix is a robust, secure MTA. I was impressed with the ease of installation, well-defined documentation, and its ability to receive and relay mail without complex configuration. I've compiled Postfix under Solaris, various flavors of BSD, Slackware, and Red Hat. A wide range of add-on software including phpMailAdmin helps add an additional layer of functionality. Today I see Postfix as a major contender in the race for secure E-mail communications.

Glenn Graham has been working with telecommunications since 1977.

Return to the Linux DevCenter.

Recommended for You

Sponsored by: