Linux in a Windows World

13.3. Configuring Postfix

Postfix is an alternative to sendmail that ships with most major Linux distributions, although many of them don't install it by default. If your distribution doesn't ship with Postfix but you want to try it, check the Postfix home page (http://www.postfix.org) for source code download links. You might be able to install a binary package intended for another distribution, but chances are you'll need to modify or replace the SysV startup scripts.

As with sendmail, configuring Postfix for your network requires understanding the main Postfix configuration files. You can then set the main Postfix options, including those relating to addressing, relaying, and spam control.

Postfix is a very complex server, so this chapter can present only the basics of its configuration. For more information, consult the documentation at the Postfix web site or a book on the subject, such as Postfix: The Definitive Guide (O'Reilly).

13.3.1. Postfix Configuration Files

Linux Postfix binary packages typically store configuration files in /etc/postfix. The main configuration file in this directory is main.cf, which controls the overall Postfix configuration. This file consists of comments, which are denoted by lines beginning with hash marks (#) and option lines of the form:

variable = value

The variable is typically a descriptive name, such as relayhost to set the hostname of another SMTP server that's to act as a mail relay. The value can be a hostname, IP address, filename, or other string. Sometimes a value can have multiple components, separated by commas. A value can also refer to an earlier variable by name: precede the earlier variable name by a dollar sign ($), as in myorigin = $mydomain to set the myorigin variable to be identical to mydomain.

The default main.cf file is extremely well commented, so you can learn a great deal about the configuration and how you can change it by reading the comments. Further information, including information on obscure options not mentioned in the default comments, can be found in the online Postfix documentation.

After making changes to main.cf, you should tell Postfix about those changes. The simplest way to do this is to type postfix reload.

In addition to the main.cf file, Postfix relies on several other configuration files. Most of these are binary database file with filenames ending in .db. These files are similar in purpose to sendmail's database files; they control username aliases, relay host mapping, and so on. Like the sendmail files, the Postfix database files are generated from plain-text files that typically take the same name as the database file but without the .db extension. Some of these files are described in upcoming sections.

13.3.2. Postfix Address Options

The Postfix address options begin with setting the server's name. As with sendmail, Postfix uses gethostbyname( ) to determine the computer's hostname and sets the hostname it reports to other systems appropriately. You can override this feature by setting myhostname:

myhostname = smtp.pangaea.edu

Two related options are mydomain and myorigin. The first of these sets the server's Internet domain; it defaults to the value of $myhostname minus its first component, as in pangaea.edu if $myhostname is smtp.pangaea.edu. The myorigin variable sets the hostname that Postfix appends to email addresses that don't specify a hostname. The default value is $mydomain, but you can change this to $myhostname or any other value, as appropriate.

If you want to force outgoing mail to have a particular return hostname, you can use the masquerade_domains option. You pass a domain name to this option, and hostnames within that domain are stripped down to the domain portion. For instance, if you set this option to pangaea.edu, and a user sends mail that has a return address of linnaeus@gingko.pangaea.edu, Postfix changes the outgoing address to linnaeus@pangaea.edu. This can be a handy option for coping with clients that insist on adding their own hostnames to outgoing mail. Mail with return addresses outside of the pangaea.edu domain are unaffected by this line, though. The masquerade_classes option affects the precise parts of the mail that are affected. You can set this to one or more of envelope_sender (the sender in the mail envelope), header_sender (the sender in the mail header), and header_recipient (the recipient in the mail header, typically used to strip hostnames from incoming mail). Typically, one or both of the first two options is used.

Still more complete address rewriting can be accomplished with the help of a file called sender_canonical. You specify the use of this file with the sender_canonical_maps option in main.cf:

sender_canonical_maps = hash:/etc/postfix/sender_canonical

You then edit the sender_canonical file so that each line holds an original email address or address fragment followed by the address or matching fragment you want substituted:

FETCHMAIL-DAEMON@localhost postmaster@pangaea.edu @mandragora.example.com @pangaea.edu

These lines tell Postfix to replace FETCHMAIL-DAEMON@localhost with postmaster@pangaea.edu and to change any address at mandragora.example.com with the matching address at pangaea.edu. Once you've edited this file, type postmap sender_canonical. This command creates a sender_canonical.db file from the text-mode sender_canonical file.

When receiving mail, Postfix uses the mydestination variable to determine what addresses it's to treat as local. Mail addressed to any user at any of the $mydestination addresses is passed to local users; mail addressed to other addresses is relayed to that address, assuming relaying is authorized. You can set multiple hostnames for mydestination by separating them with commas, as in:

mydestination = $myhostname, localhost.$mydomain, mail.pangaea.edu

13.3.3. Postfix Relay Options

Most default Postfix configurations relay mail from the local network and deliver mail directly to the destination server without using an outgoing relay. Thus, if you want to fine-tune your relay configuration or use an outgoing mail relay system, you must adjust your Postfix configuration. You may also want to make changes if you want Postfix to deliver incoming mail to other servers, such as to Microsoft Exchange servers, using Postfix as a spam filter, mail sorter, or in some role other than the final destination system.

13.3.3.1 Configuring Postfix to relay mail

The default Postfix configuration relays mail under certain limited circumstances:

  • The sender is on one of the $mynetworks networks. This defaults to the IP subnet on which the computer resides, but you can change it by setting mynetworks to a list of IP address ranges or by pointing to a file that holds this information. Alternatively, you can change mynetworks_style. This variable defaults to subnet, which sets the default behavior; however, you can set it to host, which causes Postfix to trust only the local machine. Setting mynetworks_style to class causes Postfix to trust the computers on the same class A, B, or C subnet on which it resides, which often (but not always) results in the same behavior as setting it to subnet.

  • The sender is in one of the domains specified by relay_domains. This variable defaults to $mydestination.

  • The sender is attempting to relay mail to a computer in $relay_domains or to a computer on the $mynetworks networks.

Overall, these defaults are laxer than those of sendmail. If you don't want your computer to relay mail at all, you should restrict these settings:

mynetworks = 127.0.0.0/8 relay_domains = smtp.pangaea.edu

The first line tells Postfix to relay only mail from the localhost address. The second sets the relay domain to the server's hostname (you should adjust it for your system, of course). A configuration that relays for some computers and networks, but not quite the default set, is also possible; for instance:

mynetworks = 127.0.0.0/8, 172.24.0.0/16, 192.168.24.0/24 relay_domains = $mydestination, pangaea.edu

This configuration tells Postfix to relay mail for two subnets by IP address, for the local domain ($mydestination), and for the pangaea.edu domain.

13.3.3.2 Configuring Postfix to use a relay

If Postfix should send mail through another computer as a relay, you should use the relayhost option to do the job. This option accepts a hostname as an option; Postfix sends mail through that system. Alternatively, you can provide a domain name if that domain's MX record points to an appropriate server. For instance, suppose you want to relay mail through relay.pangaea.edu:

relayhost = relay.pangaea.edu

If you're in the same domain as the outgoing mail relay and if your domain's MX record points to the server you want to use, you can use $mydomain as the value of this option. Doing so has the advantage of adjusting automatically should you change your mail relay; Postfix can track the change using the MX record in your DNS server.

If your local DNS server is unreliable or if you use non-DNS methods of local name resolution, you may want to include the disable_dns_lookups = yes option. Ordinarily, Postfix uses DNS in preference to other name resolution methods; disabling this causes Postfix to use whatever name resolution methods are defined locally, such as your /etc/hosts file.

13.3.3.3 Configuring Postfix to forward mail

Postfix, like sendmail, can serve as a system that forwards incoming mail to its final destination. (Figure 13-2 illustrates this configuration.) The most basic method of configuring such a system is to use what Postfix refers to as a transport map. You point to a file containing this map with the transport_maps option:

transport_maps = hash:/etc/postfix/transport

Such a line may already be present in your default configuration, so check for it before adding it. As with other Postfix references to outside databases, this one uses a text-mode file (/etc/postfix/transport) that's used to create a binary database with a similar name (/etc/postfix/transport.db). The plaintext file has a format that's similar to sendmail's mailertable. For instance, you can have Postfix deliver messages addressed to users in the subnet1.pangaea.edu subdomain to exchange1.pangaea.edu and use Procmail with the /etc/procmailrcs/exchange2 configuration file for addresses in the subnet2.pangaea.edu subdomain with a configuration like the following:

.subnet1.pangaea.edu smtp:exchange1.pangaea.edu subnet1.pangaea.edu smtp:exchange1.pangaea.edu .subnet2.pangaea.edu procmail:/etc/procmailrcs/exchange2 subnet2.pangaea.edu procmail:/etc/procmailrcs/exchange2

This configuration actually includes two lines for each subdomain. The lines with names that begin with dots (.subnet1.pangaea.edu and .subnet2.pangaea.edu) handle mail explicitly addressed to systems within the subdomain. The lines with names that lack leading dots handle mail addressed to the subdomain itself (such as ben@subnet1.pangaea.edu).

    Категории