Postfix is a replacement tool for the well known Sendmail. I prefered Postfix over Sendmail
because of the numerous security leaks that were found in the Sendmail-daemon.
Postfix is robust and easy to setup. It acts as a MTA (mail transfer agent) that can
receive your mail and drop it into a local-mailbox.
First of all, what is Postfix?
It is Wietse Venema's attempt to provide an alternative to the widely-used sendmail program.
Sendmail is responsible for most of the e-mail delivered on the Internet.
With an estimated 100 million users, that's billions of messages daily. A stunning number.
Postfix attempts to be fast, easy to administer, and secure, while at the same time being
sendmail compatible enough to not upset existing users.
The homepage of Postfix
Red Hat Postfix HowTo
Postfix stuff http://www.kagekaze.org/postfix/
Protect against SPAM on http://www.ordb.org/faq/#usage_postfix
As I'm using a Red-Hat system to install Postfix, the easiest way to install it is by downloading
the latest RPM.
One word of advice...don't install the package yet...just download it. Installation-techniques follow
in the next session.
Before you can install the Postfix packages, you need to remove the existing sendmail-packages.
If you havn't installed them, you can skip to the part where we start installing Postfix.
To check wether Sendmail exists use this :
rpm -qa | grep "sendmail"
Before erasing all of Sendmail, it would be wise to backup the existing files which you could
need for Postfix. This can be your aliases file (/etc/aliases by default).
Just copy these to a save location.
First thing to do would be to stop the existing Sendmail daemon.
The fact is that even when you remove the sendmail-packages, the daemon will still run because
it's already loaded in memory.
You can't just remove the Sendmail packages one by one. When you try to do this, there will be
a dependency-error. The trick is to remove them all in one step with :
rpm -e sendmail sendmail-doc sendmail-cf --nodeps
Now the installation of Postfix is quite straightforward :
rpm -Uvh postfix.rpm
Postfix installs his config-files in /etc/postfix/
In fact, there are only two files you should really consider when configuring Postfix.
First of them is install.cf.
This file contains the data that Postfix needs to start up with. Take a look at the contents of
# This file was generated by INSTALL.sh
The other file is main.cf. With this config-file you can adjust the settings
how Postfix really works.
I'll cover the settings that needs adjustments for your own personal domain.
First, you need to specify where Postfix can stores his queues.
Normally, this will be the same directory where the previous Sendmail stores his queues.
queue_directory = /var/spool/postfix
Next, specify the command-directory and daemon-directory.
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
Now, you have to specify the user that will be the owner of most Postfix processes.
This has to be an existing user. I think it is wise to dedicate one user for this purpose
and make sure that this user doesn't own any other files or directories.
mail_owner = mail
You have to specify an internet-hostname and domainname. This value is used as a parameter for
many other configuration parameters. The domainname is in normal circumstances the
hostname minus the host-part.
myhostname = mail.mydomain.com
In order to send mail correctly, you need to specify an origin.
mydomain = mydomain.com
myorigin = $myhostname
And off course when you want to send mail, you would also like to receive mail, don't you?
Specify the network interface on which postfix should listen and the domains
for which Postfix should receive mail.
inet_interfaces = all
In order to do some address-rewriting you should add something in the section covering
"address rewriting" :
mydestination = $myhostname, localhost.$mydomain, $mydomain
masquerade_domains = mydomain.com
With aliases you can bind several mail-addresses to an account. This is handled by :
alias_maps = hash:/etc/postfix/aliases
The mail_spool_directory parameter specifies the directory where UNIX-style mailboxes are kept.
alias_database = hash:/etc/postfix/aliases
mail_spool_directory = /var/mail
The mailbox_command parameter specifies the optional external command to use instead of
mailbox_command = /usr/bin/procmail
You need to specify a list of networks that are local to this machine (for relay-considerations).
mynetworks = 192.168.0.0/24, 127.0.0.0/8
When you want to specify a specific banner when someone logs into the mail-server you can do
this with :
smtpd_banner = $myhostname ESMTP Welcome to my mailserver
To limit the message and mailbox size and the number of consecutive recipients,
you can use these settings :
message_size_limit = 5240000
That's about all for a standard configuration. It is always possible to review all the settings
of Postfix with a single command-tool
mailbox_size_limit = 12240000
smtpd_recipient_limit = 150
This will result in a long list that contains all the settings.
I would like to add some special notes.
When you're sending mail from a machine on your LAN, the local-ip will be visible in the message-header.
To avoid this, add this rule to the main.cf file.
header_checks = regexp:/etc/postfix/header_filter.regexp
This rule rewrites the header and depends on the file /etc/postfix/header_filter.regexp.
This file contains the following :
content of /etc/postfix/header_filter.regexp
Make sure that after each line, there are no trailing spaces.
Also, if your provider insists on using his SMTP-server (you are prevented from contacting
any other mail-server), you should use the relay-setting. This is done with :
relayhost = smtp.myisp.com
One of the first things you should do is set an alias for the root-mail. Once you have
installed Postfix, it will be impossible to receive mail as root. So you need to setup an
aliases for this account.
These settings are handled by the file /etc/postfix/aliases. When you edit
this there will be a line saying :
By this setting, all mail for root will be moved to the local-mailbox of johndoe.
You can specify as many aliases as you want with the syntax
After you have specified the new aliases, save your file. To activate the changes,
issue the command :
With the RPM-installation of Postfix, it's extremely easy to start and stop the service.
/etc/init.d/postfix start | stop
When you have changed some settings you don't need to restart everything, you only need
to reload the settings with
That's all there is what is concerning my configuration. Don't forget that there are lots of other
options that you can change when using Postfix. Please read carefully through the documentation.
There are still some security-related issues I'de like to mention here. Some of them
are already noted above (like the default message size and mailbox size).
By default the installation of Postfix is already security-minded. An out-of-the-box install
could be enough for most users but still, some tweaking could not hurt. All of the
following settings are in the main.cf-file (except if otherwise stated).
Replace your mailbanner (the text one sees when telnetting to your port 25) with something
smtpd_banner = $myhostname ESMTP Mailshredder has some goodies for you
$myhostname is RFC-required.
When your mailhost isn't a super-beast in way of performance, it would be wise to restrict
the number of Postfix processes. This can be done with
default_process_limit = 50
You can also control the number of processes on a service-by-service basis in master.cf.
There's a way in which you can restrict the numbers of connection that are made to your server.
number of messages to the same local recipient to be delivered at the same time
When you want to use Postfix as a backup mailserver change these settings in
local_destination_concurrency_limit = 2
number of messages to the same local recipient sent at the same time
default_destination_concurrency_limit = 10
relay_domains = $mydestination the.backed-up.domain.tld
Create a map-file with the hosts to reject :
smtpd_recipient_restrictions = permit_mynetworks check_relay_domains
When you have saved this file you need to create a postmap-file from this plain-text file with :
Now open up
main.cf in your favorite editor and add this line
smtpd_client_restrictions = check_sender_access hash:/etc/postfix/mymapfile
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/mymapfile
I'm not sure if it's _client_ or _sender_; I had some trouble getting it to work with _client_
(in fact, it never did); _sender_ gave no problem at all. If some Postfix-guru can point this out for me, I'de be very happy.
For the changes to take effect, you will need to restart the Postfix-daemon.
A good guide on stopping spam and other things can be found at
If you want to forward e-mail that's for an in-existant account there's a solution with the
luser = firstname.lastname@example.org
This will redirect all undeliverable e-mail to email@example.com.
If you receive any errors during compilation like
this could be the indication that you are either missing the Berkeley DB support or that it resides somewhere in a non-default location
on your system. Perhaps you have installed Berkeley DB from source and not through any package-system. In order to compile postfix,
you have to use these commands :
make makefiles CCARGS="-DHAS_DB -I/usr/local//BerkeleyDB.4.1/include" \