Installing Postfix on Fedora using Local Databases
Note: This Page was written with Fedora 7 & 8 in mind, and may not work correctly with other versions or distributions.
This article is written with the goal of building an email server that will recive mail for users with local UNIX accounts from multiple domains if you wish. You can relay all outbound email threw your ISP's SMTP server using your ISP username and password. Then allow your users to use both IMAP or POP3 or webmail to read there email.
Postfix is a rewrite of sendmail with more security in place also most people consider postfix a much faster and easer to use program.
This page was written for Fedora 8 running Postfix 2.4.5 with Dovecot 1.0.7. This setup is for a server running with local users and virtual domains. Also includes Spamassassin 3.2.3, ClamAV 0.92, & SASL Authentication 2.1.22.
This is my notes on installing and setting up my mail server. Any usernames or passwords are not valid on my network.
Besides setting up postfix you also need to make sure your firewall is open for port 25 in order to receive emails.
Install Prerequisites for Postfix[edit | edit source]
yum -y install postfix cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain cyrus-sasl-md5
Configuring Postfix[edit | edit source]
First you will wont to modify the /etc/postfix/main.cf file, the main Postfix Config file.
vim /etc/postfix/main.cf
The first thing to edit in the config file is
myhostname = mail.mattrude.com
Enable SMTP Authentication
smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated, check_relay_domains
Relaying Mail through a off site Mail Server (comcast.net)[edit | edit source]
In order to relay mail threw an off site email server you need to authenticate with the off site server using cyrus. Add the following to your /etc/postfix/main.cf file.
relayhost = [smtp.comcast.net]:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
Now you need to create your /etc/postfix/sasl_passwd file.
vim /etc/postfix/sasl_passwd
smtp.comcast.net username:password
And build the database
postmap /etc/postfix/sasl_passwd
Setting up A Virtual Domain using Local System Accounts[edit | edit source]
In this section we are using the local system users in the virtual domain. All users need to be added to the local system with tools such as adduser & passwd. After you have added the new user to the system you can added them to the virtualdomain's alias map.
In order to setup a virtual domain first you will need to add the following two line to the /etc/postfix/main.cf file.
virtual_alias_domains = virtualdomain.com virtual_alias_maps = hash:/etc/postfix/virtual
Now you need to setup the virtual domain map file.
vim /etc/postfix/virtual
And Add
[email protected] user1 [email protected] user2 [email protected] user3 [email protected] user1, user2, user3 @virtualdomain.com user1 # All emails go to the user1 account
After you have setup the files you need to build the database.
postmap /etc/postfix/virtual
And reload postfix
postfix reload
Setting up the Virtual Users Database[edit | edit source]
In order to setup a virtual users first you will need to add the following lines to the /etc/postfix/main.cf file.
- !!!Remember to remove the virtual_alias_domains entry from above!!!
#virtual_alias_domains = virtualdomain.com virtual_mailbox_domains = virtualdomain.com virtual_mailbox_base = /var/spool/virtualmailboxes virtual_mailbox_maps = hash:/etc/postfix/virtualmailboxes virtual_minimum_uid = 100 virtual_uid_maps = static:5000 virtual_gid_maps = static:5000
Then create the virtual mailbox directory.
mkdir /var/spool/virtualmailboxes
Then one for each domain
mkdir /var/spool/virtualmailboxes/virtualdomain.com chown 5000:5000 /var/mail/virtualmailboxes
Now create the /etc/postfix/virtualmailboxes file see Setting up the Aliases Database from above for more information.
[email protected] virtualdomain.com/junk/
Now as before create the database.
postmap /etc/postfix/virtualmailboxes
And Reload Postfix
postfix reload
Setting up the Aliases Database[edit | edit source]
In this section we are only working with the postfix's default domain. These settings have no affect on any virtual domains.
To use aliases first make sure you have the entry's in your /etc/postfix/main.cf file, something like this:
alias_maps = hash:/etc/postfix/aliases alias_database = hash:/etc/postfix/aliases
And also down lower make sure:
local_recipient_maps = unix:passwd.byname $alias_maps
Next lets add entry's to our /etc/postfix/aliases file.
postmaster:matt info:matt, sandy milly:[email protected]
Now lets create the databased hash file, and reload postfix
/usr/bin/newaliases postfix reload
Setting up SASL Authentication[edit | edit source]
We need to make sure that saslauthd is running and if not start it.
/sbin/service chkeconfig start /sbin/chkconfig saslauthd on /sbin/chkconfig --list saslauthd
Setting up Spamassassin to Postfix's Mail Processing[edit | edit source]
This section assumes you have a running Spamassassin installation.
In /etc/postfix/master.cf, add -o content_filter=spamassassin
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (50)
# ==========================================================================
smtp inet n - - - - smtpd
-o content_filter=spamassassin
- Then, at the end of the file, you must tell postfix what the content filter "spamassassin" should do. Add the following lines:
spamassassin unix - n n - - pipe
user=nobody argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
Setting up the Clam Anti-Virus system with ClamSMTP[edit | edit source]
This section assumes you have a running ClamAV installation and a running ClamSMTP daemon.
First in /etc/postfix/main.cf, add:
content_filter = scan:127.0.0.1:10025 receive_override_options = no_address_mappings
Then in /etc/postfix/master.cf, add:
# AV scan filter (used by content_filter)
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
# For injecting mail back into postfix from the filter
127.0.0.1:10026 inet n - n - 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
Setting up SPF filter for inbound mail[edit | edit source]
Were going to use python-postfix-policyd-spf 0.6.1 from openspf.org.
wget http://www.openspf.org/blobs/pypolicyd-spf-0.6.1.tar.gz tar -xzf pypolicyd-spf-0.6.1.tar.gz cd pypolicyd-spf-0.6.1 ./setup.py build cd build/scripts-2.5/ cp policyd-spf /usr/local/bin/policyd-spf cd ../lib cp policydspfsupp.py /usr/lib/python2.5/policydspfsupp.py cd ../../ mkdir /etc/python-policyd-spf/ cp policyd-spf.conf /etc/python-policyd-spf/policyd-spf.conf cp policyd-spf.1 /usr/share/man/man1/policyd-spf.1 cp policyd-spf.conf.5 /usr/share/man/man5/policyd-spf.conf.5
Next we need to update the main.cf file /etc/postfix/main.cf
As close to the bottom of your smtpd_recipient_restrictions as you can but above any DNSBL add the following.
smtpd_recipient_restrictions = check_policy_service unix:private/policy policy_time_limit = 3600
Now we need to setup the master.cf file /etc/postfix/master.cf
Testing Postfix[edit | edit source]
References[edit | edit source]
- http://www.postfix.org/postconf.5.html
- http://www.postfix.org/faq.html
- http://news.softpedia.com/news/HOWTO-Setup-A-Mail-Server-On-FC6-39412.shtml
- http://www.seaglass.com/postfix/faq.html
SASL References