Postfix for the Linux business desktop

Many of the popular Linux distributions today include Postfix (written by Wietse Venema) as their choice for default mail transport agent. I’ve come to really appreciate the benefits of Postfix as a sendmail replacement. The advantages of Postfix include enhanced security, relatively simple configuration, and excellent performance.

This article is excerpted from the newly published book Moving to the Linux Business Desktop.

Postfix’s increased security comes partly from its modular design. Each process handles some portion of the mail delivery cycle and none of these processes run setuid root. As has been observed, Postfix doesn’t even trust itself.

In most Linux installations, the configuration files for Postfix are located in the /etc/postfix directory. This is also where you will find access control files, user alias definitions, and so on. Every Postfix installation I’ve seen also provides a number of sample configuration files for a huge number of parameters to help you fine-tune your own installation. These sample files, such as sample-smtp.cf, are heavily documented. I recommend that, at some point, you have a look through them to see what else might be of benefit to you. I’m going to cover the most important and basic parameters in the main configuration file that is called, oddly enough, main.cf.

Using your favorite editor, open main.cf and look for the following lines:

myhostname = gateway.mycompany.dom
mydomain = mycompany.dom

As you can see, the first variables of interest here have to do with defining your own fully-qualified domain name (FQDN). You may or may not have to set these. On my own mail server, these two parameters remain commented out. That’s because if your system is properly configured with a domain name server (DNS), you don’t actually need to enter this information. $myhostname is derived from your server’s FQDN which, in my example, is gateway.mycompany.dom. The $mydomain variable is further identified by stripping off the server part of the FQDN and leaving the domain behind, for example mycompany.dom.

The next variable of interest is closely tied to the last two:

mydestination = $myhostname, localhost.$mydomain, mycompany.dom, mysecondcompany.dom, mythirdcompany.dom, someotherdomain.dom

Notice that the line above can wrap on multiple lines, but for readability, you could rewrite it using multiple lines. As long as you included a comma between each entry but the last, feel free to get creative. Here is the same line reformatted:

mydestination =

$myhostname,
localhost.$mydomain,
mycompany.dom,
mysecondcompany.dom,
mythirdcompany.dom,
someotherdomain.dom

The $mydestination variable is a list of all the domains and systems for which your server will accept mail. These are your local domains (not necessarily the same as a localhost). On my server, I process mail and receive mail for a dozen or so different domains. In the above example, I could receive mail for user@localhost, user@mysecondcompany.dom, user@someotherdomain.dom, and so on.

Some companies do not route the mail directly from their servers. In some cases, usually when your own network uses a single, shared connection, your ISP may not allow you to directly send your own mail. Some go so far as to block port 25 (SMTP) as a means of protecting against spam. In these situations, you may have to specify an external relay host, usually your ISP’s mail server. Use the command:

relayhost = myisp.mailserver.dom


Quick Tip: I mentioned that some settings were already properly defaulted on my system, such as the hostname. Aside from the variables I’ve given you above, Postfix often works right out of the box with the default settings. What are those settings? You can find out by typing postconf.

Stopping and restarting Postfix

After making configuration changes, you need to let the postfix program know about them. Luckily, it isn’t necessary to shut down the postfix system to do this. You simply can tell postfix to reload its configuration by using the command:

postfix reload

If, at this point, you happen to be watching the output of your /var/log/maillog file, you should see something like this:

Apr 17 20:54:51 gateway postfix/master[24819]: reload configuration

Of course, if need be, you can shut down postfix entirely and then restart it with these two commands:

postfix stop
postfix start

Setting up users and aliases

One of the things you will likely want to do is create an alias for your office (or perhaps several aliases). This is a fairly simple process. Aliases are also useful if you want to add something like sales@mycompany.dom that you want redirected to two salespeople. Another useful alias, office@mycompany.dom, sends mail to everybody. Here’s how it’s done.

The file you need to edit is called aliases. The location of the aliases database is defined in main.cf like this:

alias_database = hash:/etc/postfix/aliases

Using your favorite editor, open the file. The format of the aliases file is simple:

alias_name: real_name1,real_name2,real_name3, . . .

The alias_name part is the name for which you are creating the alias. In the preceding example, this is sales or office. After the colon, press Tab (or just insert spaces) and type your list of user names separated by commas. White space at the beginning of a line implies the continuation of an alias. Here’s an example using office:

office: john,myrtle,bonnie,gilbert,elvis,tux

The six email addresses listed after office: will receive copies of any mail addressed to office@mycompany.dom. Now, save your work and run the command:

newaliases

When I showed you how to add aliases and rebuild the database, I also mentioned the line in main.cf where the aliases database is defined:

alias_database = hash:/etc/postfix/aliases

As we go along here, I’m going to mention a few other databases. The hash: prefix that you see before the path to the database defines the format. In the case of the aliases file, there is also an aliases.db, which the newaliases command creates. Another way to create this database would be with the postmap command:

postmap hash:/etc/postfix/aliases

This literally means make a hash database called aliases.db from the aliases text file. If you do this, you don’t need to run newaliases or restart postfix. The same technique can be applied to some of the other hash databases I will be covering shortly.

Setting up the POP3 or IMAP server

Most email clients use either POP3 or IMAP for reading email. The POP3 and IMAP servers listen for mail pickup requests from users. Both protocols are usually part of the imap package. To check if you have imap installed, use this version of the rpm command:

rpm -q imap

If the system responds with imap-2002d or something of the sort, the package is already loaded. If not, mount your distribution CD-ROM and install imap. You may also need to activate those services in the /etc/xinetd.d directory. You’ll find paragraphs there for IMAP and POP3. The key is to make sure the services aren’t disabled. Here’s what my pop-3 file looks like:

service pop-3

{
        socket_type             = stream
        protocol                = tcp
        wait                    = no
        user                    = root
        server                  = /usr/sbin/ipop3d
        disable                 = no
}

As long as disable is set to no, the service is active. You will now need to refresh the xinetd process for this change to take effect. Find the process ID for xinetd, and send a SIGHUP to it. Careful with that -1! Remember that forgetting the hyphen in this case could down the whole system because init, the master process, has a PID of 1.

kill -1 'cat /var/run/xinetd.pid'

Now that you have everything running, it’s time to get fancy. We’ll cover some more advanced Postfix tricks next time.