Category: CategoryMail


Postfix Configuration

See documentation at: * http://www.linuxsecurity.com/docs/Postfix-EnGarde-HOWTO.html * http://online.securityfocus.com/infocus/1606 * http://www.postfix.org

Configuration files are in /etc/postfix. The main configuration file is main.cf.

Configure main.cf

Set hostname:

myhostname = me.mydomain.org

Set mydestination, these are considered local:

mydestination = $myhostname localhost.$mydomain $mydomain 

Set mynetworks to allow access for clients from local net:

mynetworks = 127.0.0.0/8, 192.168.100.0/28

Set postmaster alias to a local user. The aliases are defined in /etc/aliases. Run newaliases or postalias aliases to update aliases.db. After each update run postfix reload.

Maybe set notify_classes so that postmaster gets informed about troubles.

Set relay-host to pop.myprovider.com.

Use virtual-host mapping. This maps incoming mails to new destination. Add the following to main.cf:

    virtual_maps = hash:/etc/postfix/virtual

I use virtual mapping for my gmx and t-online mails.

     me@gmx.net    me@mydomain.org

Run

$ postmap virtual

to create the hashtable.

Run

$ /etc/init.d/postfix restart

so that postfix reloads the changes.

Add the following to main.cf to masquerade domain names:

masquerade_domains = $mydomain
masquerade_exceptions = root

Postfix with smtp-auth on client-side

see: * http://www.thecabal.org/~devin/postfix/smtp-auth.txt * http://sdb.suse.de/de/sdb/html/rsimai_imap_smtp_auth.html

We need postfix-tls and cyrus-sasl.

add the following to main.cf:

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous, noplaintext

Create a file saslpasswd with the content:

mail.provider.com     username:password

run

$ postmap sasl_passwd

to create sasl_passwd.db.

Use ssl for transmission

Create Openssl key as described in OpenSsl. Copy keys to /etc/postfix:

$ cd /usr/lib/ssl/misc
$ cp newcert.pm /etc/postfix/cert.pem
$ cp cp key.pm /etc/postfix/key.pem
$ cp demoCA/cacert.pem /etc/postfix/CAcert.pem
$ chmod 400 *.pem

For client-side add the following to main.cf.

smtp_use_tls = yes
smtp_tls_key_file = /etc/postfix/key.pem
smtp_tls_cert_file = /etc/postfix/cert.pem
smtp_tls_CA_file = /etc/postfix/CAcert.pem

You may acitvate smtps and submission in master.cf for server-side ssl/tls (see Postfix book).

see also

OfflineMail FetchMail

Hint

PostFix makes a copy of resolv.conf to /var/spool/postfix/etc/resolv.conf. When this copy is not uptodate then you may encounter dns problems in PostFix though the normal dns lookups are working.