Postfix Mail Server Configuration
Server Training - Mail Server

  Postfix Mail Server Configuration

 

Postfix, designed by Wietse Venema, is a mail server built with security in mind and specifically designed to replace Sendmail. The project began development in a security sensitive atmosphere. This secure focus has had a major advantage over a product like Sendmail that was created in a non-hostile environment and then had to be adapted to protect users form the evils of the common day.  Postfix simplicity and focus on security are both major reasons why it is selected over Sendmail. This tutorial will show you how to configure a basic Postfix Mail server for CentOS,OpenSuse and Ubuntu.

postfix

Postfix Server Training

SPAM and Virus Control

Configuration

Postfix Configuration

Control SPAM 

Postfix Mailbox

Postfix  Design

 

Postfix Gateway

MobileUsers

 

  Postfix Statistics

 

 

Attack Protection

 

1.Change the MTA
The default MTA may be Sendmail or another MTA that has been already set up.  In order to make sure that Postfix is the default you can use the alternatives program with Centos or uninstall Sendmail.

To select an alternative from those MTAs available use this command:

alternatives --config mta

You will see this output which will allow you to choose an MTA using a number.

alternatives --config mta

There are 2 programs which provide 'mta'.

Selection Command

-----------------------------------------------

* 1 /usr/sbin/sendmail.sendmail

+ 2 /usr/sbin/sendmail.postfix

Enter to keep the current selection[+], or type selection number:


2. Configure the Hostname in the smtpd Banner
When your mail server connects to another mail server to transfer messages it performs a HELO which sends it's hostname to the other server. This is one of the reasons your hostname is so important. In fact, many servers in order to verify the integrity of mail exchanges will do a DNS lookup to verify the FQDN (Fully Qualified Domain Name) matches what if provided in the HELO. If they do not match some servers will not allow the transfer of mail. Therefore, make sure your FQDN is what is present in the HELO.

myhostname

Postfix requires a fully qualified domain name or FQDN. A FQDN includes the hostname of the server as well as the domain name like this:

mail.example.com

This includes the hostname “mail” and the domain name “example.com”.

The command hostname will give you the hostname for the server. It is important that this be a canonical name, in other words if the server hostname is mail and the domain is bigstrike.org the canonical hostname would be mail.bigstrike.org.

To find the hostname of the server type this command: 

hostname

To change the hostname of the server add the hostname after the command: 

hostname mail.example.com

Hostname is important for Postfix because it uses a parameter myhostname which in turn determines a parameter mydomain. These are two necessary parameters for starting Postfix.

Creating a Fully Qualified Domain Name
Postfix provides a utility that enables you to change the hostname into a FQDN. Use the command postconf with the -e option for editing Here is an example: 

postconf -e myhostname=mail.bigstrike.org

Setting myhostname is important because a Fully Qualified Domain Name will also change the setting for mydomain. If your FQDN is mail.example.com then the parameter form mydomain is automatically example.com.

 

8 Week Course for $499.95  ORDER NOW

 Don't Outsource Your Mail Server, Learn how to run it yourself!
Postfix Training

We specialize in helping companies become independent of outsourcing Linux services.
8 Week Course for $499.95  ORDER NOW

 

 

3. Edit /etc/postfix/main.cf
First, make a backup of your files located in the /etc/postfix directory. This will provide a reference of changes you have made as well as give you a rescue file so you can start over after a mistake. Now edit the myhostname parameter to provide the FQDN.

myhostname = mail.example.com

Postfix is smart enough to understand that the domain listed in myhostname is the domain for the server. You can also set the mydomain parameter.

mydomain = example.com

Set your inet_interfaces to all.

inet_interfaces = all

4. Configure Relays

Postfix will not allow any relaying of mail for any domains by default. It will relay mail for the localhost but all other relays must be explicitly set. In the initial configuration for a one domain server, this setting for allowing your domain to relay mail is found in the mydestination parameter.

mydestination = $mydomain

If you would like to also accept mail for your hostname you may also add this information to the configuration.

mydestination = $mydomain, $myhostname

If you have created CNAMEs in your DNS settings for your domain that would also need to be added here. A CNAME (Canonical Name) is like an alias, www for example. If you want to accept mail for these they must be entered as well. If they do not fit on one line you can enter a new one on each line with a space in front of them as Postfix will not recognize them without a space.

mydestination =

    $mydomain,

    $myhostname,

    www.$mydomain,

    tech.$mydomain

Each line ends with a comma and starts with a space.

5 .Configure Outgoing Domain
The outgoing domain parameter provides a way to verify where mail came from. This parameter setting will be used by Postfix whenever mail is sent for an address that is not fully qualified. Again,this setting is located in the main.cf file.

myorigin = $mydomain

This parameter is a way for Postfix to set a domain name when the user sends an email and no domain name is specified in the envelope or header address. The default value of myorigin is the value of myhostname, again another reason myhostname is important to set up.

Here is how this all works. If the myhostname is:
mail.example.com

And if the user who sends mail is mike, then the resulting mail return address is: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

username@myhostname(FQDN)

If users do not want the hostname of the server in the return address then set the myorigin to this parameter:

myorigin = $mydomain

Now using the example above the return address for the user mike will be:

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

username@domain

The last example is usually what people like.

6. Changes Necessary for Network Connections

Just like Sendmail, Postfix will not accept connections from other computers until you take a few steps to enable it. There are several lines that must be uncommented and then your configuration placed in it. The example will assume that your domain is bigstrike.org and the FQDM is mail.bigstrike.org. Be sure to put in the correct network for your settings.

mydomain = example.com
myorigin = $mydomain
myhostname = mail.example.com
mydestination = $myhostname, localhost, localhost.$mydomain
mynetworks = 192.168.3.0/24
inet_interfaces = all

Now restart Postfix.

service postfix restart
or
/etc/init.d/postfix restart

7. root Mail Configuration
Postfix has a focus on security, especially when it comes to running programs as root. As a result, Postfix will deliver mail to root locally but it will not allow other programs to run as root. This means that programs like procmail cannot be used to deliver mail to the root user. Therefore you will need to create an alias for the root user so that mail that is intended for root will be delivered to a non-privileged user.

Edit /etc/aliases and create a line like this:

root: mike

Whatever user you choose make sure that it is an account that is on the system. Do not use the admin account as it is tied to other things on the system.

Once you have added the username run the command:

newaliases

8. Testing the Current Configuration

It is important to test Postfix in stages so that you can confirm you current work before you go further.

Verify that Postfix is running:

/etc/init.d/postfix start

/etc/init.d/postfix stop

/etc/init.d/postfix reload

Now send a test message to root. Note the sendmail binary is provided by Postfix as a way to make migration from Sendmail to Postfix easier.

For Centos use this command:

# echo test | /usr/sbin/sendmail -f root root

tail -f /var/log/maillog

For Suse and Ubuntu use this command:

# echo test | /usr/sbin/sendmail -f root root

tail /var/log/mail.log

When you view the log file, you should see similar information to this. Remember, in the example the user who will receive root mail is mike, be sure you check the user that you create.


Feb 17 18:29:21 mail sendmail[17437]: m1I2TLAf017437: from=root, size=5, class=0, nrcpts=1, msgid=< This e-mail address is being protected from spambots. You need JavaScript enabled to view it >, relay=root@localhost

Feb 17 18:29:21 mail postfix/smtpd[17438]: connect from mail.example.com[127.0.0.1]

Feb 17 18:29:21 mail postfix/smtpd[17438]: A11F7724374: client=mail.example.com[127.0.0.1]

Feb 17 18:29:21 mail postfix/cleanup[17441]: A11F7724374: message-id=< This e-mail address is being protected from spambots. You need JavaScript enabled to view it >

Feb 17 18:29:21 mail postfix/qmgr[17433]: A11F7724374: from=< This e-mail address is being protected from spambots. You need JavaScript enabled to view it >, size=504, nrcpt=1 (queue active)

Feb 17 18:29:21 mail sendmail[17437]: m1I2TLAf017437: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30005, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as A11F7724374)

Feb 17 18:29:21 mail postfix/smtpd[17438]: disconnect from mail.example.com[127.0.0.1]

Feb 17 18:29:21 mail postfix/local[17442]: A11F7724374: to=< This e-mail address is being protected from spambots. You need JavaScript enabled to view it >, orig_to=< This e-mail address is being protected from spambots. You need JavaScript enabled to view it >, relay=local, delay=0.06, delays=0.05/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox)

Feb 17 18:29:21 mail postfix/qmgr[17433]: A11F7724374: removed

This shows the process of how the mail moves from one module of postfix to the next.

If you do this command you should see your mail:

less /var/mail/mike

From This e-mail address is being protected from spambots. You need JavaScript enabled to view it Sun Feb 17 18:29:21 2008

Return-Path: < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >

X-Original-To: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Delivered-To: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Received: from mail.example.com (mail.example.com [127.0.0.1])

by mail.example.com (Postfix) with ESMTP id A11F7724374

for < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >; Sun, 17 Feb 2008 18:29:21 -0800 (PST)

Received: (from root@localhost)

by mail.example.com (8.13.8/8.13.8/Submit) id m1I2TLAf017437

for root; Sun, 17 Feb 2008 18:29:21 -0800

Date: Sun, 17 Feb 2008 18:29:21 -0800

From: root < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >

Message-Id: < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >

To: undisclosed-recipients:;

test

There it is a working Postfix.


You may also want to test from a telnet session. First, install telnet if it is not installed:

Centos Command:

yum install telnet

Ubuntu Command:

sudo apt-get install telnet

Use the commands in blue, be sure to place a “.” on a line by itself after your message. So it should look like this:

This is a test email from telnet.

.

Note the “.” is on a line by itself.


# telnet localhost 25

or

# telnet mail.example.com 25

Trying 127.0.0.1...

Connected to mail.example.com.

Escape character is '^]'.

220 mail.example.com ESMTP Postfix

HELO mike.example.com

250 mail.example.com

MAIL FROM: < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >

250 Ok

RCPT TO: <mike@localhost>

250 Ok

DATA

354 End data with <CR><LF>.<CR><LF>

This is a test mail from telnet.

.

250 Ok: queued as 276E1794BF1

QUIT

221 Bye

Connection closed by foreign host.

Now check the mail for mike (or whatever user).

less /var/mail/mike


From This e-mail address is being protected from spambots. You need JavaScript enabled to view it Sun Feb 17 18:42:49 2008

Return-Path: < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >

X-Original-To: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Delivered-To: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Received: from root.example.com (mail.example.com [127.0.0.1])

by mail.example.com (Postfix) with SMTP id 1B4BB724372

for < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >; Sun, 17 Feb 2008 18:41:15 -0800 (PST)

Message-Id: < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >

Date: Sun, 17 Feb 2008 18:41:15 -0800 (PST)

From: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

To: undisclosed-recipients:;

This is a test mail from telnet.


Now mail has been confirmed working two different ways.

Copyright CyberMontana Inc. and BeginLinux.com
All rights reserved. Cannot be reproduced without written permission. Box 1262 Trout Creek, MT 59874