Linux Postfix Configuration:

Configure a Linux eMail Server

Also see:

This tutorial covers the configuration of a Linux email server using the Postfix MTA (Mail Transfer Agent). Virtual hosting is also covered to allow one to perform email services for multiple domains. The following configuration is for recieving inbound email.

Related YoLinux Tutorials:

°Linux eMail server tutorial

°Sendmail server configuration

°Mailman Installation / Configuration

°Internet Security

°Security tools

°Linux Networking

°YoLinux Tutorials Index

Free Information Technology Magazines and Document Downloads
TradePub link image

Free Information Technology Software and Development Magazine Subscriptions and Document Downloads

Postfix Configuration:

Postfix is infinitely configurable to suit your needs. For large corporations and ISPs, Postfix can be configured to use a mySQL backend instead of using configuration files. Thus a quick insert or delete of a record can add users, domains, etc. This tutorial configures Postfix to receive email using local configuration files.

Postfix configuration file: /etc/postfix/main.cf

(Red Hat, Fedora, Suse and Ubuntu!)

Basic: 

# Common for all Postfix configurations:
smtpd_banner = $myhostname ESMTP $mail_name      - Mail RFC requirement. RHEL5: uncomment this line
biff = no                             - Turn off local user mail notification
mailbox_size_limit = 0                - Zero implies no limit
recipient_delimiter = +               - RHEL5: uncomment this line
append_dot_mydomain = no              - appending .domain is the MUA's job
                                        Can not send email to partial domain user@partialdomainname, 
                                        only full domains
mail_spool_directory = /var/mail      - RHEL5: uncomment this line

Allow no relay or outbound SMTP:

Add to file main.cf: 
relayhost =
mynetworks = 127.0.0.1/32
inet_interfaces = all          - Interfaces to listen on. Comma separated list eg. localhost, hostname

Receive email for local users: (multiple domains can be specified but an email sent to Michael is not distinguished between domains. One Michael for all domains.)

Add to file main.cf: 
myhostname = mail.megawebhost.com
mydomain = megawebhost.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
# All domains listed in mydestination are subject to /etc/aliases mapping.
# Do not list domains to be used with virtual hosts!
mydestination = $mydomain $myhostname alternateName1 localhost.localdomain localhost

Virtual host:
(receive email for multiple domains. Users distinguished between domains. Email recipient ed@megacorp.com is different than ed@charity.com)
Add this definition to support virtual hosts:

Add to file main.cf: 
# After edting file /etc/postfix/valias.txt
# run command: postmap /etc/postfix/valias.txt
# to create hash db file.
virtual_alias_maps = hash:/etc/postfix/valias.txt
# Use local unix account mailboxes for these domains
virtual_alias_domains = /etc/postfix/vhosts.txt

Add anti-SPAM measures:

Add to file main.cf: 
# Place all of the restrictions into the smtpd_recipient_restrictions:
smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
unknown_address_reject_code  = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code   = 554

smtpd_recipient_restrictions =
#    permit_mynetworks,
#    permit_sasl_authenticated,
    reject_unauth_destination,
    reject_invalid_hostname,
    reject_unauth_pipelining,
    reject_non_fqdn_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_sender_domain,
    reject_unknown_recipient_domain,
#    check_client_access hash:/etc/postfix/maps/access_client,
#    check_helo_access hash:/etc/postfix/maps/access_helo,
#    check_sender_access hash:/etc/postfix/maps/access_sender,
    check_sender_access hash:/etc/postfix/access_sender,
#    check_recipient_access hash:/etc/postfix/maps/access_recipient,
#    reject_rhsbl_client blackhole.securitysage.com,  THIS SITE IS RETIRED
#    reject_rhsbl_sender blackhole.securitysage.com,  THIS SITE IS RETIRED
#    reject_rbl_client relays.ordb.org,  THIS SITE IS RETIRED
    reject_rbl_client blackholes.easynet.nl,
    reject_rbl_client cbl.abuseat.org,
# reject_rbl_client proxies.blackholes.wirehub.net, THIS SITE IS RETIRED
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client zen.spamhaus.org,  
    reject_rbl_client opm.blitzed.org,
    reject_rbl_client dnsbl.njabl.org,
    reject_rbl_client list.dsbl.org,
    reject_rbl_client multihop.dsbl.org,
    reject_rbl_client dul.dnsbl.sorbs.net,
    permit

smtpd_data_restrictions =
    reject_unauth_pipelining,
    permit
Note:
  • SpamHaus combines three blackhole lists: Exploits block list (exploited systems): xbl.spamhaus.org, Policy block list (non-MTA IP): pbl.spamhaus.org and Spamhaus block list: sbl.spamhaus.org, into one "zen.spamhaus.org".

Limit denial of service attacks:

Add to file main.cf: 
default_process_limit = 100
smtpd_client_connection_count_limit = 10
smtpd_client_connection_rate_limit = 30
header_size_limit = 51200
smtp_recipient_limit = 100

File: /etc/postfix/vhosts.txt 

    
megacorp.com
charityX.org
productX.com
Domains listed here should NOT be listed with the "mydestination" directive.

File: /etc/postfix/valias.txt

This file maps email addresses to local user names: 
joe@megacorp.com userjoe
joe@charityX.org userjoseph
info@productX.com userjoe
Upon creation or change, create the db file: postmap /etc/postfix/valias.txt
This creates the file /etc/postfix/valias.txt.db

File: /etc/postfix/access_sender 

0.0.0.0/8       REJECT Domain MX in broadcast network
10.0.0.0/8      REJECT Domain MX in RFC 1918 private network
127.0.0.0/8     REJECT Domain MX in loopback network
169.254.0.0/16  REJECT Domain MX in link local network
172.16.0.0/12   REJECT Domain MX in RFC 1918 private network
192.0.2.0/24    REJECT Domain MX in TEST-NET network
192.168.0/16    REJECT Domain MX in RFC 1918 private network
224.0.0.0/4     REJECT Domain MX in class D multicast network
240.0.0.0/5     REJECT Domain MX in class E reserved network
248.0.0.0/5     REJECT Domain MX in reserved network
Generate database file "access_sender.db": postmap /etc/postfix/access_sender
Used by main.cf directive check_sender_access hash:/etc/postfix/access_sender

Other access lists:

Postfix debugging and diagnostics: Look in log files for error messages.
  • Red Hat: /var/log/maillog
  • Ubuntu: /var/log/mail.log

Postfix configuration tutorials:

More examples:

Postfix and Mailman email list server integration and configuration:

Postfix can be configured three different ways to interface with Mailman. The following uses the /etc/aliases file for this configuration. Requires the following main.cf configuration: 

   alias_maps = hash:/etc/aliases
   alias_database = hash:/etc/aliases
File: /etc/aliases 
#
# regular aliases
#
info: user1
joe:  user1
theadore: ted
#
# mailman aliases
#
mailman:              "|/var/mailman/mail/mailman post mailman"
mailman-admin:        "|/var/mailman/mail/mailman admin mailman"
mailman-bounces:      "|/var/mailman/mail/mailman bounces mailman"
mailman-confirm:      "|/var/mailman/mail/mailman confirm mailman"
mailman-join:         "|/var/mailman/mail/mailman join mailman"
mailman-leave:        "|/var/mailman/mail/mailman leave mailman"
mailman-owner:        "|/var/mailman/mail/mailman owner mailman"
mailman-request:      "|/var/mailman/mail/mailman request mailman"
mailman-subscribe:    "|/var/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe:  "|/var/mailman/mail/mailman unsubscribe mailman"
#
megacorp:              "|/var/mailman/mail/mailman post megacorp"
megacorp-admin:        "|/var/mailman/mail/mailman admin megacorp"
megacorp-bounces:      "|/var/mailman/mail/mailman bounces megacorp"
megacorp-confirm:      "|/var/mailman/mail/mailman confirm megacorp"
megacorp-join:         "|/var/mailman/mail/mailman join megacorp"
megacorp-leave:        "|/var/mailman/mail/mailman leave megacorp"
megacorp-owner:        "|/var/mailman/mail/mailman owner megacorp"
megacorp-request:      "|/var/mailman/mail/mailman request megacorp"
megacorp-subscribe:    "|/var/mailman/mail/mailman subscribe megacorp"
megacorp-unsubscribe:  "|/var/mailman/mail/mailman unsubscribe megacorp"
#
These entries are generated by Mailman. See the YoLinux Mailman tutorial.

Links on Postfix and Mailman integration:
(Three different methodologies)

  1. Mailman configuration: part 1 - part2 - part3 (virtual hosts)
  2. Use regular expression in configuration: Nezo.net: example and tutorial.
    Example configuration including apache
  3. Python script to glue Postfix and Mailman together for domain "lists.example.com". This method does not require the creation of aliases.:

Postfix post-configuration and test:

Check if an open relay: (you do not want to be an open relay)

Links:

Books:

"Postfix"
by Richard Blum
ISBN #0672321149, Sams

Amazon.com
"Linux Email"
by Black, Koetter, Hilderbrandt, McDonald, Rusenko and Taylor.
ISBN #190481137X, Packt

I reviewed this book and found it to be a very complete discussion with examples of the installation, configuration, integration and use of Postfix, Courier POP/IMAP, SquirelMail, SpamAssassin, ClamAV and Cyrus SASL. It is concise and to the point. How to configure a Linux email server for the most popular and useful server configurations. This book is specific to the components listed and will get you up and running fast.

Amazon.com
"Stopping Spam"
by Alan Schwartz, Debby Russell (Editor), Simson Garfinkel
ISBN #156592388X, O'Reilly and Associates

Amazon.com
"Removing the Spam : Email Processing and Filtering"
by Geoff Mulligan
ISBN #0201379570, Addison-Wesley Networking Basics Series

Amazon.com
    Bookmark and Share

 
YoLinux.com Home Page
YoLinux Tutorial Index
Privacy Policy | Advertise with us | Feedback Form |
Unauthorized copying or redistribution prohibited.

Bookmark and Share

Copyright © 2000 - 2009 by Greg Ippolito