Installing Postfix on Fedora using Local Databases

This article is written with the goal of building an email server that will recive mail for users with local UNIX accounts from multiple domains if you wish. You can relay all outbound email threw your ISP's SMTP server using your ISP username and password. Then allow your users to use both IMAP or POP3 or webmail to read there email.

Postfix is a rewrite of sendmail with more security in place also most people consider postfix a much faster and easer to use program.

This page was written for Fedora 8 running Postfix 2.4.5 with Dovecot 1.0.7. This setup is for a server running with local users and virtual domains. Also includes Spamassassin 3.2.3, ClamAV 0.92, & SASL Authentication 2.1.22.

This is my notes on installing and setting up my mail server. Any usernames or passwords are not valid on my network.

Besides setting up postfix you also need to make sure your firewall is open for port 25 in order to receive emails.

Install Prerequisites for Postfix

yum -y install postfix cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain cyrus-sasl-md5

Configuring Postfix

First you will wont to modify the /etc/postfix/main.cf file, the main Postfix Config file.

vim /etc/postfix/main.cf

The first thing to edit in the config file is

myhostname = mail.mattrude.com

Enable SMTP Authentication

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, check_relay_domains

Relaying Mail through a off site Mail Server (comcast.net)

In order to relay mail threw an off site email server you need to authenticate with the off site server using cyrus. Add the following to your /etc/postfix/main.cf file.

relayhost = [smtp.comcast.net]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

Now you need to create your /etc/postfix/sasl_passwd file.

vim /etc/postfix/sasl_passwd

smtp.comcast.net username:password

And build the database

postmap /etc/postfix/sasl_passwd

Setting up A Virtual Domain using Local System Accounts

In this section we are using the local system users in the virtual domain. All users need to be added to the local system with tools such as adduser & passwd. After you have added the new user to the system you can added them to the virtualdomain's alias map.

In order to setup a virtual domain first you will need to add the following two line to the /etc/postfix/main.cf file.

virtual_alias_domains = virtualdomain.com
virtual_alias_maps = hash:/etc/postfix/virtual

Now you need to setup the virtual domain map file.

vim /etc/postfix/virtual

And Add

[email protected]    user1
[email protected]    user2
[email protected]    user3
[email protected]     user1, user2, user3
@virtualdomain.com         user1     # All emails go to the user1 account

After you have setup the files you need to build the database.

postmap /etc/postfix/virtual

And reload postfix

postfix reload

Setting up the Virtual Users Database

In order to setup a virtual users first you will need to add the following lines to the /etc/postfix/main.cf file.

• !!!Remember to remove the virtual_alias_domains entry from above!!!

#virtual_alias_domains = virtualdomain.com
virtual_mailbox_domains = virtualdomain.com
virtual_mailbox_base = /var/spool/virtualmailboxes
virtual_mailbox_maps = hash:/etc/postfix/virtualmailboxes
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

Then create the virtual mailbox directory.

mkdir /var/spool/virtualmailboxes

Then one for each domain

mkdir /var/spool/virtualmailboxes/virtualdomain.com
chown 5000:5000 /var/mail/virtualmailboxes

Now create the /etc/postfix/virtualmailboxes file see Setting up the Aliases Database from above for more information.

[email protected]    virtualdomain.com/junk/

Now as before create the database.

postmap /etc/postfix/virtualmailboxes

And Reload Postfix

postfix reload

Setting up the Aliases Database

In this section we are only working with the postfix's default domain. These settings have no affect on any virtual domains.

To use aliases first make sure you have the entry's in your /etc/postfix/main.cf file, something like this:

alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases

And also down lower make sure:

local_recipient_maps = unix:passwd.byname $alias_maps

Next lets add entry's to our /etc/postfix/aliases file.

postmaster:matt
info:matt, sandy
milly:[email protected]

Now lets create the databased hash file, and reload postfix

/usr/bin/newaliases
postfix reload

Setting up SASL Authentication

We need to make sure that saslauthd is running and if not start it.

/sbin/service chkeconfig start
/sbin/chkconfig saslauthd on
/sbin/chkconfig --list saslauthd

Setting up Spamassassin to Postfix's Mail Processing

This section assumes you have a running Spamassassin installation.

In /etc/postfix/master.cf, add -o content_filter=spamassassin

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (50)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd                
         -o content_filter=spamassassin

• Then, at the end of the file, you must tell postfix what the content filter "spamassassin" should do. Add the following lines:

spamassassin unix -     n       n       -       -       pipe
       user=nobody argv=/usr/bin/spamc -f -e
       /usr/sbin/sendmail -oi -f ${sender} ${recipient}

Setting up the Clam Anti-Virus system with ClamSMTP

This section assumes you have a running ClamAV installation and a running ClamSMTP daemon.

First in /etc/postfix/main.cf, add:

content_filter = scan:127.0.0.1:10025
receive_override_options = no_address_mappings

Then in /etc/postfix/master.cf, add:

# AV scan filter (used by content_filter)
scan      unix  -       -       n       -       16      smtp
        -o smtp_send_xforward_command=yes
# For injecting mail back into postfix from the filter
127.0.0.1:10026 inet  n -       n       -       16      smtpd
        -o content_filter=
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_helo_restrictions=
        -o smtpd_client_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks_style=host
        -o smtpd_authorized_xforward_hosts=127.0.0.0/8

Setting up SPF filter for inbound mail

Were going to use python-postfix-policyd-spf 0.6.1 from openspf.org.

wget http://www.openspf.org/blobs/pypolicyd-spf-0.6.1.tar.gz
tar -xzf pypolicyd-spf-0.6.1.tar.gz
cd pypolicyd-spf-0.6.1
./setup.py build
cd build/scripts-2.5/
cp policyd-spf /usr/local/bin/policyd-spf
cd ../lib
cp policydspfsupp.py /usr/lib/python2.5/policydspfsupp.py
cd ../../
mkdir /etc/python-policyd-spf/
cp policyd-spf.conf /etc/python-policyd-spf/policyd-spf.conf
cp policyd-spf.1 /usr/share/man/man1/policyd-spf.1
cp policyd-spf.conf.5 /usr/share/man/man5/policyd-spf.conf.5

Next we need to update the main.cf file /etc/postfix/main.cf

As close to the bottom of your smtpd_recipient_restrictions as you can but above any DNSBL add the following.

smtpd_recipient_restrictions =
  check_policy_service unix:private/policy
policy_time_limit = 3600

Now we need to setup the master.cf file /etc/postfix/master.cf

Testing Postfix

• http://www.abuse.net/relay.html

References

• http://www.postfix.org/postconf.5.html
• http://www.postfix.org/faq.html
• http://news.softpedia.com/news/HOWTO-Setup-A-Mail-Server-On-FC6-39412.shtml
• http://www.seaglass.com/postfix/faq.html

SASL References

• http://www.postfix.org/SASL_README.html
• http://www.thecabal.org/~devin/postfix/smtp-auth.txt
• http://postfix.state-of-mind.de/patrick.koetter/smtpauth/