Postfix, designed by Wietse Venema, is a mail server built with security in mind and specifically designed to replace Sendmail. The project began development in a security sensitive atmosphere. This secure focus has had a major advantage over a product like Sendmail that was created in a non-hostile environment and then had to be adapted to protect users form the evils of the common day. Postfix simplicity and focus on security are both major reasons why it is selected over Sendmail. This tutorial will show you how to configure a basic Postfix Mail server for CentOS,OpenSuse and Ubuntu.
Related Postfix Training
Postfix Configuration
Postfix Mail Server Design
Control SPAM with Postfix
Postfix Mailbox Changes
Postfix Mail Gateway
Postfix Mail Server Course
1.Change the MTA
The default MTA may be Sendmail or another MTA that has been already set up. In order to make sure that Postfix is the default you can use the alternatives program with Centos or uninstall Sendmail.
To select an alternative from those MTAs available use this command:
alternatives --config mta
You will see this output which will allow you to choose an MTA using a number.
alternatives --config mta
There are 2 programs which provide 'mta'.
Selection Command
-----------------------------------------------
* 1 /usr/sbin/sendmail.sendmail
+ 2 /usr/sbin/sendmail.postfix
Enter to keep the current selection[+], or type selection number:
2. Configure the Hostname in the smtpd Banner
When your mail server connects to another mail server to transfer messages it performs a HELO which sends it's hostname to the other server. This is one of the reasons your hostname is so important. In fact, many servers in order to verify the integrity of mail exchanges will do a DNS lookup to verify the FQDN (Fully Qualified Domain Name) matches what if provided in the HELO. If they do not match some servers will not allow the transfer of mail. Therefore, make sure your FQDN is what is present in the HELO.
myhostname
Postfix requires a fully qualified domain name or FQDN. A FQDN includes the hostname of the server as well as the domain name like this:
mail.example.com
This includes the hostname “mail” and the domain name “example.com”.
The command hostname will give you the hostname for the server. It is important that this be a canonical name, in other words if the server hostname is mail and the domain is bigstrike.org the canonical hostname would be mail.bigstrike.org.
To find the hostname of the server type this command:
hostnameTo change the hostname of the server add the hostname after the command:
hostname mail.example.comHostname is important for Postfix because it uses a parameter myhostname which in turn determines a parameter mydomain. These are two necessary parameters for starting Postfix.
Creating a Fully Qualified Domain Name
Postfix provides a utility that enables you to change the hostname into a FQDN. Use the command postconf with the -e option for editing Here is an example:
postconf -e myhostname=mail.bigstrike.org
Setting myhostname is important because a Fully Qualified Domain Name will also change the setting for mydomain. If your FQDN is mail.example.com then the parameter form mydomain is automatically example.com.
3. Edit /etc/postfix/main.cf
First, make a backup of your files located in the /etc/postfix directory. This will provide a reference of changes you have made as well as give you a rescue file so you can start over after a mistake. Now edit the myhostname parameter to provide the FQDN.
myhostname = mail.example.com
Postfix is smart enough to understand that the domain listed in myhostname is the domain for the server. You can also set the mydomain parameter.
mydomain = example.com
Set your inet_interfaces to all.
inet_interfaces = all
4. Configure Relays
Postfix will not allow any relaying of mail for any domains by default. It will relay mail for the localhost but all other relays must be explicitly set. In the initial configuration for a one domain server, this setting for allowing your domain to relay mail is found in the mydestination parameter.
mydestination = $mydomain
If you would like to also accept mail for your hostname you may also add this information to the configuration.
mydestination = $mydomain, $myhostname
If you have created CNAMEs in your DNS settings for your domain that would also need to be added here. A CNAME (Canonical Name) is like an alias, www for example. If you want to accept mail for these they must be entered as well. If they do not fit on one line you can enter a new one on each line with a space in front of them as Postfix will not recognize them without a space.
mydestination =
$mydomain,
$myhostname,
www.$mydomain,
tech.$mydomain
Each line ends with a comma and starts with a space.
5 .Configure Outgoing Domain
The outgoing domain parameter provides a way to verify where mail came from. This parameter setting will be used by Postfix whenever mail is sent for an address that is not fully qualified. Again,this setting is located in the main.cf file.
myorigin = $mydomain
This parameter is a way for Postfix to set a domain name when the user sends an email and no domain name is specified in the envelope or header address. The default value of myorigin is the value of myhostname, again another reason myhostname is important to set up.
Here is how this all works. If the myhostname is:
mail.example.com
And if the user who sends mail is mike, then the resulting mail return address is: mike@mail.example.commike@mail.example.com
username@myhostname(FQDN)
If users do not want the hostname of the server in the return address then set the myorigin to this parameter:
myorigin = $mydomain
Now using the example above the return address for the user mike will be:
mike@example.commike@example.com
username@domain
The last example is usually what people like.
6. Changes Necessary for Network Connections
Just like Sendmail, Postfix will not accept connections from other computers until you take a few steps to enable it. There are several lines that must be uncommented and then your configuration placed in it. The example will assume that your domain is bigstrike.org and the FQDM is mail.bigstrike.org. Be sure to put in the correct network for your settings.
mydomain = example.com
myorigin = $mydomain
myhostname = mail.example.com
mydestination = $myhostname, localhost, localhost.$mydomain
mynetworks = 192.168.3.0/24
inet_interfaces = all
Now restart Postfix.
service postfix restart
or
/etc/init.d/postfix restart
7. root Mail Configuration
Postfix has a focus on security, especially when it comes to running programs as root. As a result, Postfix will deliver mail to root locally but it will not allow other programs to run as root. This means that programs like procmail cannot be used to deliver mail to the root user. Therefore you will need to create an alias for the root user so that mail that is intended for root will be delivered to a non-privileged user.
Edit /etc/aliases and create a line like this:
root: mike
Whatever user you choose make sure that it is an account that is on the system. Do not use the admin account as it is tied to other things on the system.
Once you have added the username run the command:
newaliases
8. Testing the Current Configuration
It is important to test Postfix in stages so that you can confirm you current work before you go further.
Verify that Postfix is running:
/etc/init.d/postfix start
/etc/init.d/postfix stop
/etc/init.d/postfix reload
Now send a test message to root. Note the sendmail binary is provided by Postfix as a way to make migration from Sendmail to Postfix easier.
For Centos use this command:
# echo test | /usr/sbin/sendmail -f root root
tail -f /var/log/maillog
For Suse and Ubuntu use this command:
# echo test | /usr/sbin/sendmail -f root root
tail /var/log/mail.log
When you view the log file, you should see similar information to this. Remember, in the example the user who will receive root mail is mike, be sure you check the user that you create.
Feb 17 18:29:21 mail sendmail[17437]: m1I2TLAf017437: from=root, size=5, class=0, nrcpts=1, msgid=< 200802180229.m1I2TLAf017437@mail.example.com200802180229.m1I2TLAf017437@mail.example.com>, relay=root@localhost
Feb 17 18:29:21 mail postfix/smtpd[17438]: connect from mail.example.com[127.0.0.1]
Feb 17 18:29:21 mail postfix/smtpd[17438]: A11F7724374: client=mail.example.com[127.0.0.1]
Feb 17 18:29:21 mail postfix/cleanup[17441]: A11F7724374: message-id=< 200802180229.m1I2TLAf017437@mail.example.com200802180229.m1I2TLAf017437@mail.example.com>
Feb 17 18:29:21 mail postfix/qmgr[17433]: A11F7724374: from=< root@mail.example.comroot@mail.example.com>, size=504, nrcpt=1 (queue active)
Feb 17 18:29:21 mail sendmail[17437]: m1I2TLAf017437: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30005, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as A11F7724374)
Feb 17 18:29:21 mail postfix/smtpd[17438]: disconnect from mail.example.com[127.0.0.1]
Feb 17 18:29:21 mail postfix/local[17442]: A11F7724374: to=< mike@example.commike@example.com>, orig_to=< root@mail.example.comroot@mail.example.com>, relay=local, delay=0.06, delays=0.05/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
Feb 17 18:29:21 mail postfix/qmgr[17433]: A11F7724374: removed
This shows the process of how the mail moves from one module of postfix to the next.
If you do this command you should see your mail:
less /var/mail/mike
From root@mail.example.comroot@mail.example.com Sun Feb 17 18:29:21 2008
Return-Path: < root@mail.example.comroot@mail.example.com>
X-Original-To: root@mail.example.comroot@mail.example.com
Delivered-To: root@mail.example.comroot@mail.example.com
Received: from mail.example.com (mail.example.com [127.0.0.1])
by mail.example.com (Postfix) with ESMTP id A11F7724374
for < root@mail.example.comroot@mail.example.com>; Sun, 17 Feb 2008 18:29:21 -0800 (PST)
Received: (from root@localhost)
by mail.example.com (8.13.8/8.13.8/Submit) id m1I2TLAf017437
for root; Sun, 17 Feb 2008 18:29:21 -0800
Date: Sun, 17 Feb 2008 18:29:21 -0800
From: root < root@mail.example.comroot@mail.example.com>
Message-Id: < 200802180229.m1I2TLAf017437@mail.example.com200802180229.m1I2TLAf017437@mail.example.com>
To: undisclosed-recipients:;
test
There it is a working Postfix.
You may also want to test from a telnet session. First, install telnet if it is not installed:
Centos Command:
yum install telnet
Ubuntu Command:
sudo apt-get install telnet
Use the commands in blue, be sure to place a “.” on a line by itself after your message. So it should look like this:
This is a test email from telnet.
.
Note the “.” is on a line by itself.
# telnet localhost 25
or
# telnet mail.example.com 25
Trying 127.0.0.1...
Connected to mail.example.com.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix
HELO mike.example.com
250 mail.example.com
MAIL FROM: < root@example.comroot@example.com>
250 Ok
RCPT TO:
250 Ok
DATA
354 End data with
This is a test mail from telnet.
.
250 Ok: queued as 276E1794BF1
QUIT
221 Bye
Connection closed by foreign host.
Now check the mail for mike (or whatever user).
less /var/mail/mike
From root.example.com@example.comroot.example.com@example.com Sun Feb 17 18:42:49 2008
Return-Path: < root.example.com@example.comroot.example.com@example.com>
X-Original-To: mike@example.commike@example.com
Delivered-To: mike@example.commike@example.com
Received: from root.example.com (mail.example.com [127.0.0.1])
by mail.example.com (Postfix) with SMTP id 1B4BB724372
for < mike@example.commike@example.com>; Sun, 17 Feb 2008 18:41:15 -0800 (PST)
Message-Id: < 20080218024135.1B4BB724372@mail.example.com20080218024135.1B4BB724372@mail.example.com>
Date: Sun, 17 Feb 2008 18:41:15 -0800 (PST)
From: root.example.com@example.comroot.example.com@example.com
To: undisclosed-recipients:;
This is a test mail from telnet.
Now mail has been confirmed working two different ways.
http://beginlinux.com/index.php/server_training/mail-server/1041-postfix-mail-server-set-up
No comments:
Post a Comment