Wiki Index All Recent Edit Bottom

Postfix Setup and Management

1.   Postfix
1.1   Installing Postfix
2.   Configuring Postfix
2.1   Default Settings
2.2   smtpd Settings
2.3   Relay Settings
2.4   Mail system account
3.   Adding Mail Accounts
4.   Adding Aliases
5.   Postfix Virtual Domain Management Script
5.1   Virtual Mailbox Location
6.   Testing

Postfix

Installing Postfix

Install postfix with CDB support and dovecot-common (to get the essential dovecot utilities).

 aptitude install postfix postfix-cdb postfix-pcre dovecot-common mailutils

When the auto-configuration asks you questions about postfix during the installation, just select "No Configuration". dpkg is going to install all of the configuration files for Postfix into /etc/postfix, so go there, and create the file main.cf:

 touch /etc/postfix/main.cf

Configuring Postfix

Start by filling in the basic information:

The main.cf file can be edited using two different methods. You can use your favorite text editor, or you can use the built-in postfix tool postconf.

The real benefit of the postconf tool is that it has some built in error checking, and it eliminates the possibility of 'weirdness' due to carriage returns, line feeds, odd quotes, etc.

That said, I won't be using it in this guide ;-)

Default Settings

By default Postfix is configured to query '/etc/aliases' and NIS for email aliases. I don't run NIS or use '/etc/aliases', so I add the following to override the default behavior and also stops warning: dict_nis_init: NIS domain name not set - NIS lookups disabled appearing in the logs.

 # Defaults
 
 alias_maps =
 append_dot_mydomain = no
 biff = no
 disable_vrfy_command = yes
 myhostname = mail.example.org
 mydestination = $myhostname, localhost, locahost.localdomain
 mynetworks = 127.0.0.0/8, 192.168.1.0/24
 myorigin = mail.example.org
 recipient_delimiter = +
 strict_rfc821_envelopes = yes

smtpd Settings

When connecting to the smtpd port, Postfix displays your hostname and identifies itself as a Postfix server. We will change the banner displayed when you first connect to include our hostname and the phrase "NO UCE". There is a proposed US federal law that unsolicited commercial email cannot be sent through a server that includes the string NO UCE in the 220 greeting line. Not that I believe people will actually follow this, I just wanted to get rid of Postfix in the header as it is nobody else's business.

 # smtpd Settings
 
 smtpd_banner = $myhostname NO UCE ESMTP
 smtpd_helo_required = yes
 smtpd_soft_error_limit = 5
 smtpd_hard_error_limit = 10

Relay Settings

I used to host my email server at home I needed to relay outbound emails via my ISPs SMTP server. Not doing so runs the risk of my outbound emails getting rejected by RBL tests.

 # Relaying
 
 relayhost = [relay.plus.net]

Some ISPs will require that you also authenticate via SMTP Auth. In which case you will also require something like the following...

 smtp_sasl_auth_enable = yes
 smtp_sasl_password_maps = cdb:/etc/postfix/sasl_passwd

The username and password for smtp.yourisp.com must be stored in '/etc/postfix/sasl_passwd'.

 echo "smtp.yourisp.com   yourusername:yourpassword" > /etc/postfix/sasl_passwd

'/etc/postfix/sasl_passwd' must be owned by root, and noone else should have read access to that file.

 chown root:root /etc/postfix/sasl_passwd
 chmod 600 /etc/postfix/sasl_passwd

Now we must convert '/etc/postfix/sasl_passwd' into a format that Postfix can read.

 postmap cdb:/etc/postfix/sasl_passwd

This will create the file '/etc/postfix/sasl_passwd.db'

Mail system account

Next, create a system account called 'vmail'. This account will be used to access all email on behalf of the user. While giving one single account the ability to read all email might seem like a security risk, if the server is properly configured an secured, there's nothing to worry about. The vmail account is simply a dummy account used to retrieve email.

It uses the standard "mail" group, with the default (Debian) gid of 8. You can create the user and directory like this, change the uid of 150 to suite your preferences.

 useradd -r --uid 150 --gid mail -d /home/virtual/ -s /sbin/nologin -c "Virtual Mail" vmail

The next step is to create a subdirectory called virtual inside /etc/postfix. This directory will house all the virtual hosting information:

 mkdir -p /etc/postfix/virtual/accounts

Add the following parameters to /etc/postfix/main.cf.

 # Virtual Users
 
 virtual_mailbox_domains = cdb:/etc/postfix/virtual/domains.txt
 virtual_mailbox_maps = cdb:/etc/postfix/virtual/mailboxes.txt
 virtual_alias_maps = cdb:/etc/postfix/virtual/aliases.txt
 virtual_mailbox_base = /home/virtual
 virtual_uid_maps = static:150
 virtual_gid_maps = static:8

Now create the (empty) postfix maps and rebuild them.

 touch /etc/postfix/virtual/domains.txt
 touch /etc/postfix/virtual/mailboxes.txt
 touch /etc/postfix/virtual/aliases.txt
 postmap cdb:/etc/postfix/virtual/domains.txt
 postmap cdb:/etc/postfix/virtual/mailboxes.txt
 postmap cdb:/etc/postfix/virtual/aliases.txt

This is all you actually need to get a fully functional mail server running with standard system user accounts. However, I don't want standard system user accounts, I want virtual accounts.

Finally, reload Postfix...

 /etc/init.d/postfix reload

..and check /var/log/mail.info for errors. If it looks clean move on :-)

Adding Mail Accounts

I have created a simple shell script to build the virtual domains and mailbox for Postfix and Dovecot, from an even simpler directory/file hierarchy.

First create a directory for one of the domains you want to host.

 mkdir -p /etc/postfix/virtual/accounts/example.org/

Then simply create a file, for each mailbox you want to host in this domain. The file contains the plain text password for the mailbox. For example...

 echo "Wilma1" > /etc/postfix/virtual/accounts/example.org/fred
 echo "Betty1" > /etc/postfix/virtual/accounts/example.org/barny

The above has created the basic configuration for fred@example.org and barny@example.org.

Adding Aliases

The following creates the aliases.txt file to show an example of how aliases are created.

 cat > /etc/postfix/virtual/aliases.txt << EOF
 fredandbarny@example.org      fred@example.org,barny@example.org
 EOF

You can, of course, just edit /etc/postfix/virtual/aliases.txt with your favourite editor.

Postfix Virtual Domain Management Script

The script below is will parse /etc/postfix/virtual/accounts and update the postfix and dovecot virtual domain and virtual mailbox configurations.

 vi /usr/local/bin/virtual-mail-rebuild.sh

After you have created the script, make it executable.

 chmod 755 /usr/local/bin/virtual-mail-rebuild.sh

Each time you add/delete a virtual mailbox, change a virtual mailbox password, or update the aliases.txt, you should run /usr/local/bin/virtual-mail-rebuild.sh as root and then reload Postfix.

Virtual Mailbox Location

If virtual_mailbox_base has a value of /home/virtual, the full path of the mailbox for fred@example.org will be:

 /home/virtual/example.org/var/spool/mail/fred/

The added slash at the end means that the mailbox will be in Maildir format as opposed to mbox.

Testing

Once everything is set up, reload Postfix:

 /etc/init.d/postfix reload

If no errors are given, everything should work. You can test this like so:

 telnet localhost 25
 helo
 mail from: bob@someplace.com
 rcpt to: fred@example.org
 data
 Hello Fred!
 .
 quit

Now check the /home/virtual/example.org/var/spool/mail/fred/new directory and there should be a piece of mail waiting!

References

• http://adminspotting.net/building-a-messaging-server
• http://www.howtoforge.com/postfix_mysql_dovecot_dspam_clamav_postgrey_rbl_debian_etch
• http://johnny.chadda.se/2007/04/15/mail-server-howto-postfix-and-dovecot-with-mysql-and-tlsssl-postgrey-and-dspam/
• http://flakshack.com/anti-spam/wiki/index.php?page=Debian
• https://help.ubuntu.com/community/Dovecot
• http://svn.cs278.org/~network/conf/postfix/gateways/
• http://noc.cs278.org/wiki/E-Mail/SMTP#TLS

$Id: PostfixSetup,v 1.33 2008/08/13 17:10:44 martin Exp $

Wiki Index All Recent Edit Top