Postfix: A Secure and Easy-to-Use MTA
Pages: 1, 2
Setting the Production Environment
If you're running Postfix in a production environment, you'll need to add
some additional configurations such as a Primary MX, Virtual Domains, Host
Relays and a Secondary MX. Some of these options require building a hash style
database. Postfix uses a utility called
postmap, a replacement
makemap with a similar syntax.
Primary MX entries
If your machine accepts mail for domains outside your network, setting the
primary MX entries correctly is a critical component in the Postfix
configuration. This is accomplished by editing
appending to the end of the file:
relay_domains = $mydestination, /usr/local/etc/postfix/relay-domains
Edit the file
relay-domains according to this format:
another_domain.com second_domain.com third_domain.com
Secondary MX entries
In the event your server is used as a secondary exchanger as defined in the
DNS record (MX), you may define allowable domains by editing
main.cf and adding the line:
relay_domains = $mydestination the.backed-up.domain.com
You may optionally choose to allow the world to MX through your host. Edit
smtpd.cf, then add the line:
smtpd_recipient_restrictions = permit_mx_backup
Remember to reload Postfix after changing
Virtual Hosting is the ability to receive and redirect mail for a user of another domain, not our own, to a local user or a user on a remote system. For example, firstname.lastname@example.org might redirect to joe@localhost, or email@example.com may also redirect to joe@another_domain.com.
Creating a Virtual Domain is accomplished by editing
and appending to the end of the file:
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual
Edit the file
virtual according to this format, the same as of
virtusertable under Sendmail:
firstname.lastname@example.org user@localhost # or email@example.com
Then, hash it to a database.
% postmap /usr/local/etc/postfix/virtual < /usr/local/etc/postfix/virtual
If you allow your host to act as an SMTP relay, you need to configure the
relay options under
main.cf. Under the section
Control, look to
mynetworks for a list of variable options.
In this example, we allow relaying based on two network subnets. This means
that hosts within the class C ranges of 220.127.116.11 and localhost 127 can
mynetworks = 18.104.22.168/24, 127.0.0.0/8
If you run into problems or require additional configuration sets, I suggest consulting the Postfix FAQ.
# Global Postfix configuration file. This file lists only a subset # of all 250+ parameters. See the sample-xxx.cf files for a full list. # NOTE - CHANGE NO MORE THAN 2-3 PARAMETERS AT A TIME, AND TEST IF # POSTFIX STILL WORKS AFTER EVERY CHANGE. queue_directory = /var/spool/postfix command_directory = /usr/local/sbin daemon_directory = /usr/local/libexec/postfix mail_owner = postfix myhostname = bar.foo.com mydomain = foo.com myorigin = $bar.foo.com unknown_local_recipient_reject_code = 450 # Here is the MX (mx) stuff relay_domains = $mydestination, /usr/local/etc/postfix/relay-domains # The aliases alias_maps = hash:/usr/local/etc/postfix/aliases alias_database = hash:/usr/local/etc/postfix/aliases debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin \ xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/local/sbin/sendmail newaliases_path = /usr/local/bin/newaliases mailq_path = /usr/local/bin/mailq setgid_group = maildrop manpage_directory = /usr/local/man sample_directory = /usr/local/etc/postfix/samples readme_directory = no # Here is the Virtual User stuff virtual_alias_maps = hash:/usr/local/etc/postfix/virtual # Allow local and remote network to relay through this machine mynetworks = 22.214.171.124/24, 127.0.0.0/8
Postfix uses the same start parameters as Sendmail, so most existing
start-scripts should suffice. In the unlikely event your sendmail-ish scripts
fail or hang, try starting Postfix from
rc.local or, under BSD,
/usr/local/etc/rc.d/postfix.sh. The syntax is:
% /usr/local/sbin/postfix start &
Postfix is a robust, secure MTA. I was impressed with the ease of installation, well-defined documentation, and its ability to receive and relay mail without complex configuration. I've compiled Postfix under Solaris, various flavors of BSD, Slackware, and Red Hat. A wide range of add-on software including phpMailAdmin helps add an additional layer of functionality. Today I see Postfix as a major contender in the race for secure E-mail communications.
Glenn Graham has been working with telecommunications since 1977.
Return to the Linux DevCenter.