Category: CategoryMail

Postfix Configuration

See documentation at: * * *

Configuration files are in /etc/postfix. The main configuration file is


Set hostname:

myhostname =

Set mydestination, these are considered local:

mydestination = $myhostname localhost.$mydomain $mydomain 

Set mynetworks to allow access for clients from local net:

mynetworks =,

Set postmaster alias to a local user. The aliases are defined in /etc/aliases. Run newaliases or postalias aliases to update aliases.db. After each update run postfix reload.

Maybe set notify_classes so that postmaster gets informed about troubles.

Set relay-host to

Use virtual-host mapping. This maps incoming mails to new destination. Add the following to

    virtual_maps = hash:/etc/postfix/virtual

I use virtual mapping for my gmx and t-online mails.


$ postmap virtual

to create the hashtable.


$ /etc/init.d/postfix restart

so that postfix reloads the changes.

Add the following to to masquerade domain names:

masquerade_domains = $mydomain
masquerade_exceptions = root

Postfix with smtp-auth on client-side

see: * *

We need postfix-tls and cyrus-sasl.

add the following to

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous, noplaintext

Create a file saslpasswd with the content:     username:password


$ postmap sasl_passwd

to create sasl_passwd.db.

Use ssl for transmission

Create Openssl key as described in OpenSsl. Copy keys to /etc/postfix:

$ cd /usr/lib/ssl/misc
$ cp /etc/postfix/cert.pem
$ cp cp /etc/postfix/key.pem
$ cp demoCA/cacert.pem /etc/postfix/CAcert.pem
$ chmod 400 *.pem

For client-side add the following to

smtp_use_tls = yes
smtp_tls_key_file = /etc/postfix/key.pem
smtp_tls_cert_file = /etc/postfix/cert.pem
smtp_tls_CA_file = /etc/postfix/CAcert.pem

You may acitvate smtps and submission in for server-side ssl/tls (see Postfix book).

see also

OfflineMail FetchMail


PostFix makes a copy of resolv.conf to /var/spool/postfix/etc/resolv.conf. When this copy is not uptodate then you may encounter dns problems in PostFix though the normal dns lookups are working.