Postfix is a secure Mail Transfer Agent

Postfix

Installing and Configuring Postfix on Debian

apt-get install postfix

cat /var/log/mail.log

postconf -e "myorgin = example.com"

postconf -e "myhostname=server1.example.com"

postconf -e "relay_domains = example.com, example2.com, example3.com"

postfix reload

telnet localhost 25

Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 server1.example.com ESMTP Postfix (Debian/GNU)

mail from:<you@youremail.com>
rcpt to:<user@example.com>
data
To: user@example.com
From: you@youremail.com
Subject: Hey my first email
This is my first email on debian postfix after installing configuring it.
It was easy. See you

.

quit

qshape
mailq
qshape deferred
postsuper
postsuper -r ALL   (requeue all emails)

anti-spam: smtp restrictions

smtpd_recipient_restrictions = reject_invalid_hostname,
        reject_unknown_recipient_domain,
        reject_unauth_destination,
        reject_rbl_client sbl.spamhaus.org,
        permit

smtpd_helo_restrictions = reject_invalid_helo_hostname,
        reject_non_fqdn_helo_hostname,
        reject_unknown_helo_hostname

anti-spam: Using RBL Lists

Insert this in your /etc/postfix/main.cf:

smtpd_client_restrictions = reject_rbl_client dnsbl.sorbs.net

See what rbl is about: http://www.us.sorbs.net/mailsystems/postfix2.shtml

and avoid such blacklists]

Debian Anti-Spam Anti-Virus Gateway Email Server

Postfix and sbcglobal/yahoo/att

apt-get postfix-tls libsasl2-modules

postconf -e "relayhost = [smtp.sbcglobal.yahoo.com]:587"
postconf -e "smtp_sasl_auth_enable = yes"
postconf -e "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd"
postconf -e "smtp_sasl_security_options = noanonymous"

[smtp.sbcglobal.yahoo.com]:587 username@sbcglobal.net:mypassword

chmod 600 /etc/postfix/sasl_passwd

postmap /etc/postfix/sasl_passwd

postfix reload

Forward Emails

postconf -e "alias_maps = hash:/etc/aliases"

root: lucas

lucas: myemail@example.com

lucas: lucas myemail@example.com

newaliases

/etc/init.d/postfix reload

Virtual Emails

postconf -e "virtual_alias_maps = hash:/etc/postfix/virtual"

vi /etc/postfix/virtual

postmaster info@example.com
abuse info@example.com
someemail lucas

postmap /etc/postfix/virtual

/etc/init.d/postfix reload

Maildir

postconf -e "home_mailbox = Maildir/"
postconf -e "mailbox_command ="

Mutt

vi /etc/Muttrc

set folder="~/Maildir"
set mask="!^\\.[^.]"
set mbox="~/Maildir"
set record="+.Sent"
set postponed="+.Drafts"
set spoolfile="~/Maildir"

Postfix and mailing lists

Mailman with Postfix

apt-get install mailman

newlist mailman

/etc/init.d/mailman start

relay_domains = example.com, lists.example.com

alias_maps = hash:/etc/aliases,hash:/var/lib/mailman/data/aliases

postconf -e "transport_maps = hash:/etc/postfix/transport"
postconf -e "mailman_destination_recipient_limit = 1"

mailman unix  -       n       n       -       -       pipe
   flags=FR user=list
   argv=/var/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}

lists.example.com    mailman:

postmap /etc/postfix/transport

MTA = 'Postfix'
DEB_LISTMASTER = 'postmaster@example.com'
POSTFIX_STYLE_VIRTUAL_DOMAIN = ['lists.example.com']

/etc/init.d/postfix reload
/etc/init.d/mailman restart

newlist list_name

Alias /pipermail/ /var/lib/mailman/archives/public/
Alias /images/mailman/ /usr/share/images/mailman/

http://lists.yourwebsite.com/cgi-bin/mailman/listinfo/list_name/

Advanced options

SPF and multiple external ip addresses

Explanation

I have some systems that are networked on an internal private ip address subnet (192.168.0.0/16). For a few reasons I email reports and such to <user>@mail.internal where user is an address that is not valid for receiving mail via the external interfaces. These systems also share a public ip address subnet so they could email each other that way, but I'd prefer they didn't for local addresses. I have published SPF records for the public mail servers because all of our mail routes through those servers so if others care to check they can ignore email claiming to be from us but being delivered from other servers as per our SPF record.

Recently I have expanded the ip addresses these systems are using externally to support multiple instances of port-based services like https (adding :oddport doesn't impress the customers.) I could have expanded or added more liberal SPF record values, or added more forward and reverse DNS records but I wanted to stick with less ip addresses.

So to recap my system has:

By using the settings in /etc/postfix/master.cf, /etc/postfix/main.cf and /etc/postfix/transport as outlined above I was able to get my outgoing smtp traffic to use my SPF published ip address once again.

Make SPF and multiple external ip addresses

If you are trying to implement SPF records while binding to one external ip address and still working with dual-homed multiple ip aliased systems, or have any other reason to support multi-homed systems with multiple ip addresses but want to limit postfix to use only two of them try this.

 smtp      unix  -       -       -       -       -       smtp
        -o smtp_bind_address=<spf published ip address>
 smtpinternal      unix  -       -       -       -       -       smtp
        -o smtp_bind_address=<internal ip address>

 transport_maps = hash:/etc/postfix/transport

 .internal smtpinternal:

Just postmap /etc/postfix/transport, invoke-rc.d postfix stop and invoke-rc.d postfix start and you should be in business. Email to <user>@<system>.internal will be delivered via the internal interface/ip address all other email will be delivered via default methods which means internet mail will go out the the spf published ip address.

Optional:

Postfix and Sasl

External links

MyWiki: Postfix (last edited 2009-09-06 02:50:34 by localhost)