Postfix Configuration
This report gives idea about my work and my conclusion on my work with Postfix.
1. The documentation about Postfix can be found in www.postfix.org. In this site you can find the most helpful information to configure postfix. But in this report I will give idea about the basic configuration without going deep for the moment.
2. Attached an explanation about how the mail is processed inside the Postfix.
3. The postfix that come with Redhat 9 is version 1, while a Postfix version 2 supports a lot more functions, so my work actually is based on Postfix version 1 with its limitation.
4. First, it is better to build BIND server, I created the master zone
localdomain.msft owned by my machine linux1.localdomain.msft and after that I restarted the BIND service (service named restart).
5. I restarted the Postfix service, by (service postfix restart)
6. Then, I modified the /etc/postfix/main.cf file to have the initial configuration
a) The myhostname parameter describes the fully-qualified domain name of the
machine running the Postfix system.
myhostname = linux1.localdomain.msft
The mydomain parameter specifies the parent domain of $myhostname.
mydomain = localdomain.msft
b) The mynetworks parameter lists all networks that this machine somehow trusts.
Default (Trust SMTP clients in the IP subnetworks that Postfix is connected to):
mynetworks_style = subnet
Alternatively, you can specify the mynetworks list by hand, in which case Postfix ignores the mynetworks_style setting.
mynetworks = 10.12.0.0/16, 127.0.0.0/8
c) The inet_interfaces parameter specifies all network interface addresses that the Postfix system should listen on. The default is to listen on all active interfaces.
inet_interfaces = all
d) The myorigin parameter specifies the domain that appears in mail that is posted on this machine. The default is to use the local machine name, $myhostname, which defaults to the name of the machine.
myorigin = $myhostname (default)
e) The mydestination parameter specifies what domains this machine will deliver locally, instead of forwarding to another machine. The default is to receive mail for the machine itself. If your machine is a mail server for its entire domain, you must list $mydomain as well.
mydestination = $myhostname localhost.$mydomain
f) Clients to relay mail for: By default, Postfix will relay mail for clients in authorized networks and in authorized domains.
Authorized client networks are defined by the mynetworks parameter. The default is to authorize all clients in the IP subnetworks that the local machine is attached to.
Authorized client domains are by defined by the relay_domains configuration parameter. The default setting trusts clients with hostnames below the domain(s) listed in mydestination.
g) Trouble to report to the postmaster: The Postfix system itself also reports problems to the postmaster alias. You may not be interested in all types of trouble reports, so this reporting mechanism is configurable. The default is to report only serious problems (resource, software) to postmaster
notify_classes = resource, software
h) After I make the changes, I must reload postfix (service postfix reload)
7. Example:
From: Sana@linux1.localdomain.msft, To: Sana@linux1.localdomain.msft
The email will be delivered to sana@linux1.localdomain.msft
But when I give
From: Sana@linux1.localdomain.msft, To: Sana@localdomain.msft
The email will not be delivered
When I give
From: Sana@linux1.localdomain.msft, To: hasooly@gov.ps
The email will not be delivered.
8. Address Rewriting: Before the cleanup daemon runs an address through any lookup table, it first rewrites the address to the standard user@fully.qualified.domain form, by sending the address to the trivial-rewrite daemon. The purpose of rewriting to standard form is to reduce the number of entries needed in lookup tables.
Example
From: Sana@linux1.localdomain.msft, To: Sana
The email will be delivered to Sana@linux1.localdomain.msft
9. Canonical Address Mapping:
Before the cleanup daemon stores inbound mail into the incoming queue, it uses
the canonical table to rewrite all addresses in message envelopes and in message
headers, local or remote. Example,
/etc/postfix/ main.cf
canonical_maps = hash:/etc/postfix/canonical
/etc/postfix/canonical
userx sana@linux1.localdomain.msft
usery sameera@linux1.localdomain.msft
Then I have to make postmap /etc/postfix/canonical/, service postfix reload.
Then I tested it,
From: Sana@linux1.localdomain.msft, To: userx
I see the email is delivered to sana@linux1.localdomain.msft
10. Address Masquarding:
Address masquerading is a method to hide all hosts inside a domain behind their mail gateway, and to make it appear as if the mail comes from the gateway itself, instead of from individual machines. Example
main.cf
masquerade_domains = $mydomain
Then I have to reload postfix. I tested it
From: Sana@linux1.localdomain.msft, To: Sana@linux1.localdomain.msft
I see the email is written to sana@localdomain.msft
Subtle point: by default, address masquerading is applied only to message headers and to envelope sender addresses, but not to envelope recipients. This allows you to use address masquerading on a mail gateway machine, while still being able to forward mail from outside to users on individual machines.
11. Virtual Address Mapping:
After applying the canonical and masquerade mappings, the cleanup daemon uses the virtual table to redirect mail for all recipients, local or remote. The mapping affects only envelope recipients it has no effect on message headers or envelope senders. Virtual lookups are useful to redirect mail for virtual domains to real user mailboxes, and to redirect mail for domains that no longer exist. Example
/etc/postfix/main.cf
virtual_maps = hash:/etc/postfix/virtual
/etc/postfix/virtual
userx@yahoo.net sana@linux1.localdomain.msft
Then, I make service postfix reload, and postmap /etc/postfix/virtual.
From: Sana@linux1.localdomain.msft, To: userx@yahoo.net
The email will be delivered to sana@linux1.localdomain.msft and written (To: userx.yahoo.net).
12. Relocated users table: Next, the queue manager runs each recipient name through the relocated database. This table provides information on how to reach users that no longer have an account, or what to do with mail for entire domains that no longer exist. When mail is sent to an address that is listed in this table, the message is bounced with an informative message. Example
/etc/postfix/main.cf
relocated_maps = hash:/etc/postfix/relocated
/etc/postfix/relocated
user10@linux1.localdomain.msft
Then, I make service postfix reload, and postmap /etc/postfix/relocated, then test
From: Sana@linux1.localdomain.msft, To: user10@linux1.localdomain.msft
A message appear that the user transferred
13. Mail transport switch
Once the queue manager has established the destination of a message, the optional transport table controls how the message will be delivered (this table is used by the address rewriting and resolving daemon). By default, everything is sent via the smtp transport. The transport table can be used to send mail to specific sites via UUCP, or to send mail to a really broken mail system that can handle only one SMTP connection at a time.
/etc/postfix/main.cf
transport_maps = hash:/etc/postfix/transport
/etc/postfix/transport
.ps smtp : 10.12.0.31
.com smtp : 10.12.0.31
.localdomain.msft local :
Then, I make service postfix reload, and postmap /etc/postfix/transport, then test
From: Sana@linux1.localdomain.msft, To: hasooly@gov.ps
The email is delivered to my account hasooly@gov.ps, but I cant replay back.
14. Mail from inside interanet
The simplest way to set up Postfix on a host inside a firewalled network is to send all your mail to an intranet mail gateway, and to let that mail gateway take care of forwarding.
a. Send mail as user@domain:
/etc/postfix/main.cf: myorigin = $mydomain
b. Forward all mail to an intranet mail gateway, except for mail for the local machine:
/etc/postfix/main.cf:
relayhost = [10.12.0.31]
c. If your intranet does not use DNS internally, you have to disable DNS lookups as well:
/etc/postfix/main.cf: disable_dns_lookups = yes
I tested the relayhost and I found it works well
15. In addition to the above you can configure Postfix to deliver intranet mail directly instead of sending it via the intranet mail gateway. Specify routing information for the internal domain in the transport table, and enable transport table lookups.
/etc/postfix/transport:
.com smtp:
.ps smtp:
.localdomain.msft local: !!!important!!!
/etc/postfix/main.cf:
transport_maps = hash:/etc/postfix/transport
16. When mail is to be delivered locally, the local delivery agent runs each local recipient name through the aliases database. The mapping does not affect addresses in message headers. Local aliases are typically used to implement distribution lists, or to direct mail for standard aliases such as postmaster to real people. Alias lookups are enabled by default. The default configuration depends on the system environment, but it is typically one of the following: alias_maps = hash:/etc/aliases. The path to the alias database file is controlled via the alias_database configuration parameter. The value is system dependent. Usually it is one of the following:
alias_database = hash:/etc/aliases (4.4BSD, LINUX)
17. Per-user .forward files (Not tested)
Users can control their own mail delivery by specifying destinations in a file
called .forward in their home directories. The syntax of these files is the same as
with system aliases, except that the lookup key and colon are not present
18. Non-existent users (Not tested):
When the local delivery agent finds that a message recipient does not exist, the message is normally bounced to the sender ("user unknown"). Sometimes it is desirable to forward mail for non-existing recipients to another machine. For this purpose you can specify an alternative destination with the luser_relay configuration parameter. Alternatively, mail for non-existent recipients can be delegated to an entirely different message transport, as specified with the fallback_transport configuration parameter.
19. UCE Control
Postfix offers a variety of parameters that limit the delivery of unsolicited commercial email (UCE).
Header filtering
Body filtering
Client hostname/address restrictions
Require HELO (EHLO) command
HELO (EHLO) hostname restrictions
Require strict RFC 821-style envelope addresses
Sender address restrictions
Recipient address restrictions
ETRN command restrictions
Generic restrictions
Additional UCE control parameters
20. Header Filtering
The header_checks parameter restricts what is allowed in message headers. Patterns are applied to entire logical message headers, even when a header spans multiple lines of text.
(main.cf):
header_checks = regexp:/etc/postfix/header_checks
header_checks = pcre:/etc/postfix/header_checks
(header_checks):
/^to: *hasooly@gov.ps$/ REJECT
Then make service postfix reload. When tested,
From: Sana@linux1.localdomain.msft, To: hasooly@gov.ps
I give a message that mail cant accepted.
21. Client hostname/address restrictions
The smtpd_client_restrictions parameter restricts what clients this system accepts SMTP connections from.
By default, this restriction is applied when the client sends the RCPT TO command. In order to have the restriction take effect as soon as possible, specify smtpd_delay_reject = no in the Postfix main.cf configuration file.
Example:
smtpd_client_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions = permit_mynetworks, reject_unknown_client
I tested it and it work ok
22. Sender address restrictions
The smtpd_sender_restrictions parameter restricts what sender addresses this system accepts in MAIL FROM commands.
By default, this restriction is applied when the client sends the RCPT TO command. In order to have the restriction take effect as soon as possible, specify smtpd_delay_reject = yes in the Postfix main.cf configuration file.
Example:
smtpd_sender_restrictions=hash:/etc/postfix/access,
reject_unknown_sender
I tested it and work well.
23. The smtpd_recipient_restrictions parameter restricts what recipient addresses this system accepts in RCPT TO commands.
Default:
smtpd_recipient_restrictions = permit_mynetworks, check_relay_domains
By default, the Postfix SMTP server relays mail:
from trusted clients whose IP address matches $mynetworks,
from trusted clients whose hostname matches $relay_domains or a subdomain thereof,
from untrusted clients to destinations that match $relay_domains or a subdomain thereof, except for addresses that contain sender-specified routing (user@elsewhere@domain).
In addition to the above, the Postfix SMTP server by default accepts mail for which Postfix is the final destination:
to destinations that match $inet_interfaces,
to destinations that match $mydestination,
to destinations that match $virtual_maps.
Example:
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination
I tested and it and work well
24. The log files can be found in /var/log/maillog or in /var/log/mail.
25. The mail boxes can be found in /var/mail/ or in /var/spool/mail
By Dr. Hedaya Alasooly |
