- 1 Applicable RFC's
- 2 Postfix How-To's
- 3 Postfix Notes
- 4 Mini How-To's
- 4.1 To allow select users permission to send to a cretin address
- 4.2 To Reject select sender addresses
- 4.3 Require FQDN on all but some
- 4.4 To "Freeze" Postfix Delivery
- 4.5 Relay mail for a single domain to a different MX
- 4.6 Suspend delivery of mail per domain
- 4.7 Archiving Mail when sent from or to the outside only
- 5 Troubleshooting SMTP/ESMTP problems
- 6 Base configuration
- 7 Postfix Resources
Postfix is a free open source mail transfer agent (MTA), for the routing and delivery of email, written by Wietse Venema. It is intended as a fast, easy-to-administer, and secure alternative to the widely-used Sendmail MTA.
It is released under the IBM Public License 1.0.
Also see Postfix SQLite Admin for a quick Postfix interface.
- Installing Postfix on Fedora using MySQL
- Installing Postfix on Fedora using SQLite
- Installing Postfix on Fedora using LDAP
- Installing Postfix on Fedora using Local Users
- Compiling Postfix From Source on Fedora
- To Display the postfix queue
- Flush the queue: attempt to deliver all queued mail (Retry)
- To Requeue one messages in the message queue (Delete and resend)
postsuper -r <messages-id>
- To Requeue ALL messages in the message queue (Delete and resend)
postsuper -r ALL
- To Delete one message from the message queue
postsuper -d <messages-id>
- To Delete ALL messages from the message queue
postsuper -d ALL
- Client - A Client is the sending system.
- Recipient - A Recipient is the receiving email address.
- To Display the current running version of Postfix
postconf -d | grep mail_version
How the delay values are defined in the log
From the 2.3.13 Release Notes: [Feature 20051103] This release makes a beginning with a series of new attributes in Postfix logfile records. - Better insight into the nature of performance bottle necks, with detailed logging of delays in various stages of message delivery. Postfix logs additional delay information as "delays=a/b/c/d" where: a=time before queue manager, including message transmission; b=time in queue manager; c=connection setup time including DNS, HELO and TLS; d=message transmission time.
Postfix Logging Application
- http://www.enderunix.org/isoqlog/ - Isoqlog is an MTA log analysis program written in C with http pages
Postfix's SMTPD Recipient Restrictions
Things to keep in mind when using Postix's smtpd_recipient_restrictions.
- Evaluate each element in order
- If the result is DEFER or REJECT, stop! The "RCPT TO" command is rejected (or deferred)
- If the result is OK, stop! The "RCPT TO" command is accepted, unless implicit recipient validation finds that the recipient address is invalid (in which case the command is rejected).
- If the result is neutral (DUNNO), continue to the next element
- If the result is DEFER_IF_PERMIT (or DEFER_IF_REJECT), continue to the next element, but at the end the message will be deferred rather than permitted (or rejected) if not rejected (or permitted).
If permitting relay using client certificates, check_ccert_access and friends can also go above reject_unauth_destination.
To allow select users permission to send to a cretin address
So the idea here is to have an email address that you would only like a select few to have access to email to, for example, a everyone or all address. In this example we will be locking down the email address firstname.lastname@example.org and only allow the address email@example.com to send to it.
In /etc/postfix/main.cf add the following:
smtpd_restrictions_classes = restricted_recipient
- note: This is in smtpd_SENDER_restrictions to avoid becoming an open relay because of the "OK" below.
smtpd_sender_restrictions = check_recipient_access hash:/etc/postfix/restricted_recipient
restricted_recipient = check_sender_access hash:/etc/postfix/privileged_sender reject
To Reject select sender addresses
First start out by creating a file named /etc/postfix/rejected_addresses then add the following to it
This will be an hashed map table, so we need to create the hash
Next we need to add the map to our /etc/postfix/main.cffile. We will be adding this to the smtpd_recipient_restrictions section.
smtpd_recipient_restrictions = ... check_sender_access hash:/etc/postfix/rejected_addresses, ... reject_unauth_destination
Once complete reload postfix
Require FQDN on all but some
smtpd_recipient_restrictions = ... check_client_access cidr:/etc/postfix/client_cidr ...
22.214.171.124 OK 192.168.0.1/32 dunno 0.0.0.0/0 reject_non_fqdn_sender, reject_non_fqdn_recipient, ... ::/0 reject_non_fqdn_sender, reject_non_fqdn_recipient, ...
The first entry in the above file is the IP address of the known OK client. The "dunno" entry is your local network. dunno stats to act as if this entry failed and move on to the next. Not intuitive, but effective.
To "Freeze" Postfix Delivery
By Freezing Postfix, your directing Postfix to queue all inbound mail, but not send any messages from it's queue. This is very use full in an emergency such as a virus attack or even just a internal outage that will prevent mail from being stored correctly. All inbound mail will be stored in the queue until released by the unfreeze command (or removed the config options and restarting Postfix). You will be able to see the message in the queue by running the 'postqueue -p' command.
To Freeze Postfix delivery and hold all mail in queue.
postconf -e master_service_disable=qmgr.fifo in_flow_delay=0 && postfix reload
To Unfreeze Postfix and deliver the queued mail.
postconf -e master_service_disable= in_flow_delay=1 && postfix reload
Relay mail for a single domain to a different MX
The below entry will route all traffic destine for 'example.com' to port 587 on 'smtp.example.net'.
Suspend delivery of mail per domain
firstname.lastname@example.org retry:4.4.1 Service unavailable mx.example.com retry:4.4.1 Service unavailable
Also be aware of the current value of maximal_queue_lifetime.
Archiving Mail when sent from or to the outside only
Use sender_bcc_maps or recipient_bcc_maps. Configure them so that the archive copy is made when the sender is remote OR the receiver is remote.
sender_bcc_maps = pcre:/etc/postfix/archive-check recipient_bcc_maps = pcre:/etc/postfix/archive-check
This is a predicate transformation, from (NOT (local AND local)), what you asked for, into ((NOT local) OR (NOT local)), shown above.
Troubleshooting SMTP/ESMTP problems
- See mini_sendmail for a quick and easy SMTP testing option.
- Or just download it from here Mini Sendmail 1.3.6.
Troubleshooting with 3rd Party Sites
With Plan Text Auth
telnet mail.example.com 25 220 mail.example.com ESMTP Postfix helo mail.example.com 250 mail.example.com mail from:email@example.com # Can be anything 250 2.1.0 Ok rcpt to:firstname.lastname@example.org # Must be a valid address 250 2.1.5 Ok data 354 Please start mail input. subject: test message This is a test message . 250 Mail queued for delivery. quit
If you are using TLS you will need to encrypt your username & password before transiting it.
- For PLAIN logins:
perl -MMIME::Base64 -e 'print encode_base64("\0username\0password");'
To connect to a server using TLS run something like this:
openssl s_client -connect mail.example.com:587 -starttls smtp
Now you can run one of the above telnet sessions. You will most likely still need to log in.
openssl s_client -connect mail.example.com:587 -starttls smtp 220 mail.example.com ESMTP Postfix ehlo mail.example.com 250-mail.example.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN auth plain AASDF654ASSDF654ASDF # Output form perl command above 235 2.7.0 Authentication successful mail from:email@example.com # Depending on server must be same as login 250 2.1.0 Ok rcpt to:firstname.lastname@example.org # Must be a valid address 250 2.1.5 Ok data 354 Please start mail input. subject: test message This is a test message . 250 Mail queued for delivery. quit
Troubleshooting Test Message
From: email@example.com Subject: This is a test message To: firstname.lastname@example.org This is a test message.
Troubleshooting SMTP Reciving Problems
- To change the greeting when you receive mail, please see
Troubleshooting Database lookups with postmap
- To see how an address will lookup
postmap -q email@example.com mysql:/etc/postfix/mysql_virtual_sender_maps.cf
The above command will display the address of who will receive this message, assuming it's not the same.
Troubleshooting Email Address validation
- Validator: http://www.mythic-beasts.com/~pdw/cgi-bin/emailvalidate
- Article: http://haacked.com/archive/2007/08/21/i-knew-how-to-validate-an-email-address-until-i.aspx
The local part (the section to the left of the @ symbol) may have any of the following characters:
So according to RFC 2822 & RFC 3696 the following are all valid E-Mail addresses (besides the fact that 'example.com' is a invalid domain).
- "Fred Bloggs"@example.com
The main.cf file stores site specific Postfix configuration parameters while master.cf defines daemon processes. The Postfix Basic Configuration tutorial covers the core settings that each site needs to consider.
The Postfix Standard Configuration Examples document discusses configuration settings for a few common environments.
More complex Postfix implementations include integration with (for example) SpamAssassin and support for multiple (virtual) domain names, where data in databases such as MySQL can drive complex configurations.
- Postfix Email Status Codes
- Content Filter
- Postfix before-queue Milter
- DomainKeys message signing and verification (dkfilter)
- Postfix Admin - Full Management system, and allows users to update there auto reply's and passwords.
- Korreio - Postfix Queue Manager
Pages in category "Postfix"
The following 19 pages are in this category, out of 19 total.
Media in category "Postfix"
The following 11 files are in this category, out of 11 total.