Installing Postfix on Fedora using Local Databases

This article is written with the goal of building an email server that will recive mail for users with local UNIX accounts from multiple domains if you wish. You can relay all outbound email threw your ISP's SMTP server using your ISP username and password. Then allow your users to use both IMAP or POP3 or webmail to read there email.

Postfix is a rewrite of sendmail with more security in place also most people consider postfix a much faster and easer to use program.

This page was written for Fedora 8 running Postfix 2.4.5 with Dovecot 1.0.7. This setup is for a server running with local users and virtual domains. Also includes Spamassassin 3.2.3, ClamAV 0.92, & SASL Authentication 2.1.22.

This is my notes on installing and setting up my mail server. Any usernames or passwords are not valid on my network.

Besides setting up postfix you also need to make sure your firewall is open for port 25 in order to receive emails.

Install Prerequisites for Postfix
yum -y install postfix cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain cyrus-sasl-md5

Configuring Postfix
First you will wont to modify the /etc/postfix/main.cf file, the main Postfix Config file. vim /etc/postfix/main.cf The first thing to edit in the config file is myhostname = mail.mattrude.com Enable SMTP Authentication smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated, check_relay_domains

Relaying Mail through a off site Mail Server (comcast.net)
In order to relay mail threw an off site email server you need to authenticate with the off site server using cyrus. Add the following to your /etc/postfix/main.cf file. relayhost = [smtp.comcast.net]:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd Now you need to create your /etc/postfix/sasl_passwd file. vim /etc/postfix/sasl_passwd

smtp.comcast.net username:password And build the database postmap /etc/postfix/sasl_passwd

Setting up A Virtual Domain using Local System Accounts
In this section we are using the local system users in the virtual domain. All users need to be added to the local system with tools such as adduser & passwd. After you have added the new user to the system you can added them to the virtualdomain's alias map.

In order to setup a virtual domain first you will need to add the following two line to the /etc/postfix/main.cf file. virtual_alias_domains = virtualdomain.com virtual_alias_maps = hash:/etc/postfix/virtual Now you need to setup the virtual domain map file. vim /etc/postfix/virtual And Add user1@virtualdomain.com   user1 user2@virtualdomain.com   user2 user3@virtualdomain.com   user3 info@virtualdomain.com    user1, user2, user3 @virtualdomain.com        user1     # All emails go to the user1 account After you have setup the files you need to build the database. postmap /etc/postfix/virtual And reload postfix postfix reload

Setting up the Virtual Users Database
In order to setup a virtual users first you will need to add the following lines to the /etc/postfix/main.cf file. virtual_mailbox_domains = virtualdomain.com virtual_mailbox_base = /var/spool/virtualmailboxes virtual_mailbox_maps = hash:/etc/postfix/virtualmailboxes virtual_minimum_uid = 100 virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 Then create the virtual mailbox directory. mkdir /var/spool/virtualmailboxes Then one for each domain mkdir /var/spool/virtualmailboxes/virtualdomain.com chown 5000:5000 /var/mail/virtualmailboxes Now create the /etc/postfix/virtualmailboxes file see Setting up the Aliases Database from above for more information. junk@virtualdomain.com   virtualdomain.com/junk/ Now as before create the database. postmap /etc/postfix/virtualmailboxes And Reload Postfix postfix reload
 * !!!Remember to remove the virtual_alias_domains entry from above!!!
 * 1) virtual_alias_domains = virtualdomain.com

Setting up the Aliases Database
In this section we are only working with the postfix's default domain. These settings have no affect on any virtual domains.

To use aliases first make sure you have the entry's in your /etc/postfix/main.cf file, something like this: alias_maps = hash:/etc/postfix/aliases alias_database = hash:/etc/postfix/aliases And also down lower make sure: local_recipient_maps = unix:passwd.byname $alias_maps Next lets add entry's to our /etc/postfix/aliases file. postmaster:matt info:matt, sandy milly:milly@other.domin.com Now lets create the databased hash file, and reload postfix /usr/bin/newaliases postfix reload

Setting up SASL Authentication
We need to make sure that saslauthd is running and if not start it. /sbin/service chkeconfig start /sbin/chkconfig saslauthd on /sbin/chkconfig --list saslauthd

Setting up Spamassassin to Postfix's Mail Processing
This section assumes you have a running Spamassassin installation.

In /etc/postfix/master.cf, add -o content_filter=spamassassin smtp     inet  n       -       -       -       -       smtpd -o content_filter=spamassassin spamassassin unix -    n       n       -       -       pipe user=nobody argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
 * 1) service type  private unpriv  chroot  wakeup  maxproc command + args
 * 2)               (yes)   (yes)   (yes)   (never) (50)
 * 1)               (yes)   (yes)   (yes)   (never) (50)
 * Then, at the end of the file, you must tell postfix what the content filter "spamassassin" should do. Add the following lines:

Setting up the Clam Anti-Virus system with ClamSMTP
This section assumes you have a running ClamAV installation and a running ClamSMTP daemon.

First in /etc/postfix/main.cf, add: content_filter = scan:127.0.0.1:10025 receive_override_options = no_address_mappings Then in /etc/postfix/master.cf, add: scan     unix  -       -       n       -       16      smtp -o smtp_send_xforward_command=yes 127.0.0.1:10026 inet n -       n       -       16      smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host -o smtpd_authorized_xforward_hosts=127.0.0.0/8
 * 1) AV scan filter (used by content_filter)
 * 1) For injecting mail back into postfix from the filter

Setting up SPF filter for inbound mail
Were going to use python-postfix-policyd-spf 0.6.1 from openspf.org. wget http://www.openspf.org/blobs/pypolicyd-spf-0.6.1.tar.gz tar -xzf pypolicyd-spf-0.6.1.tar.gz cd pypolicyd-spf-0.6.1 ./setup.py build cd build/scripts-2.5/ cp policyd-spf /usr/local/bin/policyd-spf cd ../lib cp policydspfsupp.py /usr/lib/python2.5/policydspfsupp.py cd ../../ mkdir /etc/python-policyd-spf/ cp policyd-spf.conf /etc/python-policyd-spf/policyd-spf.conf cp policyd-spf.1 /usr/share/man/man1/policyd-spf.1 cp policyd-spf.conf.5 /usr/share/man/man5/policyd-spf.conf.5 Next we need to update the main.cf file /etc/postfix/main.cf

As close to the bottom of your smtpd_recipient_restrictions as you can but above any DNSBL add the following. smtpd_recipient_restrictions = check_policy_service unix:private/policy policy_time_limit = 3600 Now we need to setup the master.cf file /etc/postfix/master.cf

Testing Postfix

 * http://www.abuse.net/relay.html