Category:Postfix
Postfix is a free open source mail transfer agent (MTA), for the routing and delivery of email, written by Wietse Venema. It is intended as a fast, easy-to-administer, and secure alternative to the widely-used Sendmail MTA.
It is released under the IBM Public License 1.0.
Postfix only sends and receives emails to other server, if your looking for IMAP or POP3 service look at Dovecot.
Also see Postfix SQLite Admin for a quick Postfix interface.
Applicable RFC's[edit | edit source]
Postfix How-To's[edit | edit source]
- Installing Postfix on Fedora using MySQL
- Installing Postfix on Fedora using SQLite
- Installing Postfix on Fedora using LDAP
- Installing Postfix on Fedora using Local Users
- Compiling Postfix From Source on Fedora
Postfix Notes[edit | edit source]
Postfix Queue[edit | edit source]
- To Display the postfix queue
postqueue -p
- Flush the queue: attempt to deliver all queued mail (Retry)
postqueue -f
- To Requeue one messages in the message queue (Delete and resend)
postsuper -r <messages-id>
- To Requeue ALL messages in the message queue (Delete and resend)
postsuper -r ALL
- To Delete one message from the message queue
postsuper -d <messages-id>
- To Delete ALL messages from the message queue
postsuper -d ALL
Postfix Terms[edit | edit source]
- Client - A Client is the sending system.
- Recipient - A Recipient is the receiving email address.
Postfix Version[edit | edit source]
- To Display the current running version of Postfix
postconf -d | grep mail_version
Postfix Log[edit | edit source]
How the delay values are defined in the log[edit | edit source]
From the 2.3.13 Release Notes: [Feature 20051103] This release makes a beginning with a series of new attributes in Postfix logfile records. - Better insight into the nature of performance bottle necks, with detailed logging of delays in various stages of message delivery. Postfix logs additional delay information as "delays=a/b/c/d" where: a=time before queue manager, including message transmission; b=time in queue manager; c=connection setup time including DNS, HELO and TLS; d=message transmission time.
Postfix Logging Application[edit | edit source]
- http://www.enderunix.org/isoqlog/ - Isoqlog is an MTA log analysis program written in C with http pages
Postfix's SMTPD Recipient Restrictions[edit | edit source]
Things to keep in mind when using Postix's smtpd_recipient_restrictions.
- Evaluate each element in order
- If the result is DEFER or REJECT, stop! The "RCPT TO" command is rejected (or deferred)
- If the result is OK, stop! The "RCPT TO" command is accepted, unless implicit recipient validation finds that the recipient address is invalid (in which case the command is rejected).
- If the result is neutral (DUNNO), continue to the next element
- If the result is DEFER_IF_PERMIT (or DEFER_IF_REJECT), continue to the next element, but at the end the message will be deferred rather than permitted (or rejected) if not rejected (or permitted).
If permitting relay using client certificates, check_ccert_access and friends can also go above reject_unauth_destination.
Mini How-To's[edit | edit source]
To allow select users permission to send to a cretin address[edit | edit source]
So the idea here is to have an email address that you would only like a select few to have access to email to, for example, a everyone or all address. In this example we will be locking down the email address [email protected] and only allow the address [email protected] to send to it.
In /etc/postfix/main.cf add the following:
smtpd_restrictions_classes = restricted_recipient
- note: This is in smtpd_SENDER_restrictions to avoid becoming an open relay because of the "OK" below.
smtpd_sender_restrictions = check_recipient_access hash:/etc/postfix/restricted_recipient
restricted_recipient = check_sender_access hash:/etc/postfix/privileged_sender reject
restricted_recipient:
[email protected] restricted_recipient
privileged_sender:
[email protected] OK
To Reject select sender addresses[edit | edit source]
First start out by creating a file named /etc/postfix/rejected_addresses then add the following to it
[email protected] REJECT
This will be an hashed map table, so we need to create the hash
postmap /etc/postfix/rejected_addresses
Next we need to add the map to our /etc/postfix/main.cffile. We will be adding this to the smtpd_recipient_restrictions section.
smtpd_recipient_restrictions = ... check_sender_access hash:/etc/postfix/rejected_addresses, ... reject_unauth_destination
Once complete reload postfix
postfix reload
Require FQDN on all but some[edit | edit source]
/etc/postfix/main.cf:
smtpd_recipient_restrictions = ... check_client_access cidr:/etc/postfix/client_cidr ...
/etc/postfix/client_cidr:
123.123.123.123 OK 192.168.0.1/32 dunno 0.0.0.0/0 reject_non_fqdn_sender, reject_non_fqdn_recipient, ... ::/0 reject_non_fqdn_sender, reject_non_fqdn_recipient, ...
The first entry in the above file is the IP address of the known OK client. The "dunno" entry is your local network. dunno stats to act as if this entry failed and move on to the next. Not intuitive, but effective.
To "Freeze" Postfix Delivery[edit | edit source]
By Freezing Postfix, your directing Postfix to queue all inbound mail, but not send any messages from it's queue. This is very use full in an emergency such as a virus attack or even just a internal outage that will prevent mail from being stored correctly. All inbound mail will be stored in the queue until released by the unfreeze command (or removed the config options and restarting Postfix). You will be able to see the message in the queue by running the 'postqueue -p' command.
To Freeze Postfix delivery and hold all mail in queue.
postconf -e master_service_disable=qmgr.fifo in_flow_delay=0 && postfix reload
To Unfreeze Postfix and deliver the queued mail.
postconf -e master_service_disable= in_flow_delay=1 && postfix reload
Relay mail for a single domain to a different MX[edit | edit source]
The below entry will route all traffic destine for 'example.com' to port 587 on 'smtp.example.net'.
- /etc/postfix/transport:
example.com smtp:[smtp.example.net]:587
Suspend delivery of mail per domain[edit | edit source]
- /etc/postfix/transport:
[email protected] retry:4.4.1 Service unavailable mx.example.com retry:4.4.1 Service unavailable
Also be aware of the current value of maximal_queue_lifetime.
postconf maximal_queue_lifetime
Archiving Mail when sent from or to the outside only[edit | edit source]
Use sender_bcc_maps or recipient_bcc_maps. Configure them so that the archive copy is made when the sender is remote OR the receiver is remote.
- /etc/postfix/main.cf:
sender_bcc_maps = pcre:/etc/postfix/archive-check recipient_bcc_maps = pcre:/etc/postfix/archive-check
- /etc/postfix/archive-check:
!/@example\.com$/ [email protected]
This is a predicate transformation, from (NOT (local AND local)), what you asked for, into ((NOT local) OR (NOT local)), shown above.
Troubleshooting SMTP/ESMTP problems[edit | edit source]
- See mini_sendmail for a quick and easy SMTP testing option.
- Or just download it from here Mini Sendmail 1.3.6.
Troubleshooting with 3rd Party Sites[edit | edit source]
Troubleshooting SMTP[edit | edit source]
With Plan Text Auth
telnet mail.example.com 25 220 mail.example.com ESMTP Postfix helo mail.example.com 250 mail.example.com mail from:[email protected] # Can be anything 250 2.1.0 Ok rcpt to:[email protected] # Must be a valid address 250 2.1.5 Ok data 354 Please start mail input. subject: test message This is a test message . 250 Mail queued for delivery. quit
Troubleshooting ESMTP[edit | edit source]
If you are using TLS you will need to encrypt your username & password before transiting it.
- For PLAIN logins:
perl -MMIME::Base64 -e 'print encode_base64("\0username\0password");'
Troubleshooting TLS[edit | edit source]
To connect to a server using TLS run something like this:
openssl s_client -connect mail.example.com:587 -starttls smtp
Now you can run one of the above telnet sessions. You will most likely still need to log in.
openssl s_client -connect mail.example.com:587 -starttls smtp 220 mail.example.com ESMTP Postfix ehlo mail.example.com 250-mail.example.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN auth plain AASDF654ASSDF654ASDF # Output form perl command above 235 2.7.0 Authentication successful mail from:[email protected] # Depending on server must be same as login 250 2.1.0 Ok rcpt to:[email protected] # Must be a valid address 250 2.1.5 Ok data 354 Please start mail input. subject: test message This is a test message . 250 Mail queued for delivery. quit
Troubleshooting Test Message[edit | edit source]
From: [email protected] Subject: This is a test message To: [email protected] This is a test message.
Troubleshooting SMTP Reciving Problems[edit | edit source]
- To change the greeting when you receive mail, please see
Troubleshooting Database lookups with postmap[edit | edit source]
- To see how an address will lookup
postmap -q [email protected] mysql:/etc/postfix/mysql_virtual_sender_maps.cf
The above command will display the address of who will receive this message, assuming it's not the same.
Troubleshooting Email Address validation[edit | edit source]
- Validator: http://www.mythic-beasts.com/~pdw/cgi-bin/emailvalidate
- Article: http://haacked.com/archive/2007/08/21/i-knew-how-to-validate-an-email-address-until-i.aspx
The local part (the section to the left of the @ symbol) may have any of the following characters:
^(?!\.)("([^"\r\\]|\\["\r\\])*"|([-a-z0-9!#$%&'*+/=?^_`{|}~] |(?@[a-z0-9][\w\.-]*[a-z0-9]\.[a-z][a-z\.]*[a-z]$
So according to RFC 2822 & RFC 3696 the following are all valid E-Mail addresses (besides the fact that 'example.com' is a invalid domain).
- "Abc\@def"@example.com
- "Fred Bloggs"@example.com
- "Joe\\Blow"@example.com
- "Abc@def"@example.com
- customer/[email protected]
- [email protected]
- !def!xyz%[email protected]
- [email protected]
Base configuration[edit | edit source]
The main.cf file stores site specific Postfix configuration parameters while master.cf defines daemon processes. The Postfix Basic Configuration tutorial covers the core settings that each site needs to consider.
The Postfix Standard Configuration Examples document discusses configuration settings for a few common environments.
The Postfix Address Rewriting document covers address rewriting and mail routing. The full documentation collection is at Postfix Documentation
More complex Postfix implementations include integration with (for example) SpamAssassin and support for multiple (virtual) domain names, where data in databases such as MySQL can drive complex configurations.[1]
Postfix Resources[edit | edit source]
- Postfix Email Status Codes
- Content Filter
- Postfix before-queue Milter
- DomainKeys message signing and verification (dkfilter)
- Postfix Admin - Full Management system, and allows users to update there auto reply's and passwords.
- Korreio - Postfix Queue Manager
References[edit | edit source]
Pages in category "Postfix"
The following 22 pages are in this category, out of 22 total.
C
I
P
Media in category "Postfix"
The following 11 files are in this category, out of 11 total.
-
Clamav setup.tgz ; 7 KB
-
Dkim-milter.sh ; 4 KB
-
Mbox to mdir converter.sh ; 8 KB
-
Mbox2maildir.tgz ; 42 KB
-
Mini sendmail-1.3.6.tar.gz ; 7 KB
-
Pflogsumm-1.1.1.tar.gz ; 44 KB
-
Postfix.spec ; 16 KB
-
Postfix.sqlite ; 39 KB
-
Sauserprefs imgs.tar.gz ; 1 KB