2004-04-27 08:12:43 +04:00
|
|
|
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
|
|
|
|
"http://www.w3.org/TR/html4/loose.dtd">
|
|
|
|
|
|
|
|
<html>
|
|
|
|
|
|
|
|
<head>
|
|
|
|
|
|
|
|
<title>Postfix Standard Configuration Examples</title>
|
|
|
|
|
|
|
|
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
|
|
|
|
|
|
|
|
</head>
|
|
|
|
|
|
|
|
<body>
|
|
|
|
|
|
|
|
<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Standard Configuration Examples</h1>
|
|
|
|
|
|
|
|
<hr>
|
|
|
|
|
|
|
|
<h2>Purpose of this document</h2>
|
|
|
|
|
|
|
|
<p> This document presents a number of typical Postfix configurations.
|
|
|
|
This document should be reviewed after you have followed the basic
|
|
|
|
configuration steps as described in the BASIC_CONFIGURATION_README
|
|
|
|
document. In particular, do not proceed here if you don't already
|
|
|
|
have Postfix working for local mail submission and for local mail
|
|
|
|
delivery. </p>
|
|
|
|
|
|
|
|
<p> The first part of this document presents standard configurations
|
|
|
|
that each solve one specific problem. </p>
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
|
|
<li><a href="#stand_alone">Postfix on a stand-alone Internet host</a>
|
|
|
|
|
|
|
|
<li><a href="#null_client">Postfix on a null client</a>
|
|
|
|
|
|
|
|
<li><a href="#local_network">Postfix on a local network</a>
|
|
|
|
|
|
|
|
<li><a href="#firewall">Postfix email firewall/gateway</a>
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
|
|
<p> The second part of this document presents additional configurations
|
|
|
|
for hosts in specific environments. </p>
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
|
|
<li><a href="#some_local">Delivering some but not all accounts locally</a>
|
|
|
|
|
|
|
|
<li><a href="#intranet">Running Postfix behind a firewall</a>
|
|
|
|
|
2005-08-19 01:00:20 +04:00
|
|
|
<li><a href="#backup">Configuring Postfix as primary or backup MX host for a remote
|
2004-04-27 08:12:43 +04:00
|
|
|
site</a>
|
|
|
|
|
|
|
|
<li><a href="#dialup">Postfix on a dialup machine</a>
|
|
|
|
|
|
|
|
<li><a href="#fantasy">Postfix on hosts without a real
|
2005-08-19 01:00:20 +04:00
|
|
|
Internet hostname</a>
|
2004-04-27 08:12:43 +04:00
|
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
|
|
<h2><a name="stand_alone">Postfix on a stand-alone Internet host</a></h2>
|
|
|
|
|
|
|
|
<p> Postfix should work out of the box without change on a stand-alone
|
|
|
|
machine that has direct Internet access. At least, that is how
|
|
|
|
Postfix installs when you download the Postfix source code via
|
|
|
|
http://www.postfix.org/. </p>
|
|
|
|
|
2005-08-19 01:00:20 +04:00
|
|
|
<p> You can use the command "<b>postconf -n</b>" to find out what
|
|
|
|
settings are overruled by your main.cf. Besides a few pathname
|
|
|
|
settings, few parameters should be set on a stand-alone box, beyond
|
|
|
|
what is covered in the BASIC_CONFIGURATION_README document: </p>
|
2004-04-27 08:12:43 +04:00
|
|
|
|
|
|
|
<blockquote>
|
|
|
|
<pre>
|
|
|
|
/etc/postfix/main.cf:
|
|
|
|
# Optional: send mail as user@domainname instead of user@hostname.
|
|
|
|
#myorigin = $mydomain
|
|
|
|
|
|
|
|
# Optional: specify NAT/proxy external address.
|
|
|
|
#proxy_interfaces = 1.2.3.4
|
|
|
|
|
|
|
|
# Don't relay mail from other hosts.
|
|
|
|
mynetworks_style = host
|
|
|
|
relay_domains =
|
|
|
|
</pre>
|
|
|
|
</blockquote>
|
|
|
|
|
|
|
|
<p> See also the section "<a href="#fantasy">Postfix on hosts without
|
2005-08-19 01:00:20 +04:00
|
|
|
a real Internet hostname</a>" if this is applicable to your configuration.
|
2004-04-27 08:12:43 +04:00
|
|
|
</p>
|
|
|
|
|
|
|
|
<h2><a name="null_client">Postfix on a null client</a></h2>
|
|
|
|
|
|
|
|
<p> A null client is a machine that can only send mail. It receives no
|
|
|
|
mail from the network, and it does not deliver any mail locally. A
|
|
|
|
null client typically uses POP, IMAP or NFS for mailbox access. </p>
|
|
|
|
|
|
|
|
<p> In this example we assume that the Internet domain name is
|
|
|
|
"example.com" and that the machine is named "nullclient.example.com".
|
|
|
|
As usual, the examples show only parameters that are not left at
|
|
|
|
their default settings. </p>
|
|
|
|
|
|
|
|
<blockquote>
|
|
|
|
<pre>
|
|
|
|
1 /etc/postfix/main.cf:
|
|
|
|
2 myorigin = $mydomain
|
|
|
|
3 relayhost = $mydomain
|
|
|
|
4 inet_interfaces = 127.0.0.1
|
|
|
|
5 local_transport = error:local delivery is disabled
|
|
|
|
6
|
|
|
|
7 /etc/postfix/master.cf:
|
|
|
|
8 Comment out the local delivery agent entry
|
|
|
|
</pre>
|
|
|
|
</blockquote>
|
|
|
|
|
|
|
|
<p> Translation: </p>
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
|
|
<li> <p> Line 2: Send mail as "user@example.com" (instead of
|
|
|
|
"user@nullclient.example.com"), so that nothing ever has a reason
|
|
|
|
to send mail to "user@nullclient.example.com". </p>
|
|
|
|
|
|
|
|
<li> <p> Line 3: Forward all mail to the mail server that is
|
|
|
|
responsible for the "example.com" domain. This prevents mail from
|
|
|
|
getting stuck on the null client if it is turned off while some
|
|
|
|
remote destination is unreachable. </p>
|
|
|
|
|
|
|
|
<li> <p> Line 4: Do not accept mail from the network. </p>
|
|
|
|
|
|
|
|
<li> <p> Lines 5-8: Disable local mail delivery. All mail goes to
|
|
|
|
the mail server as specified in line 3. </p>
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
|
|
<h2><a name="local_network">Postfix on a local network</a></h2>
|
|
|
|
|
|
|
|
<p> This section describes a local area network environment of one
|
|
|
|
main server and multiple other systems that send and receive email.
|
|
|
|
As usual we assume that the Internet domain name is "example.com".
|
|
|
|
All systems are configured to send mail as "user@example.com", and
|
|
|
|
all systems receive mail for "user@hostname.example.com". The main
|
|
|
|
server also receives mail for "user@example.com". We call this
|
|
|
|
machine by the name of mailhost.example.com. </p>
|
|
|
|
|
|
|
|
<p> A drawback of sending mail as "user@example.com" is that mail
|
|
|
|
for "root" and other system accounts is also sent to the central
|
|
|
|
mailhost. See the section "<a href="#some_local">Delivering some
|
|
|
|
but not all accounts locally</a>" below for possible solutions.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p> As usual, the examples show only parameters that are not left
|
|
|
|
at their default settings. </p>
|
|
|
|
|
|
|
|
<p> First we present the non-mailhost configuration, because it is
|
|
|
|
the simpler one. This machine sends mail as "user@example.com" and
|
|
|
|
is final destination for "user@hostname.example.com". </p>
|
|
|
|
|
|
|
|
<blockquote>
|
|
|
|
<pre>
|
|
|
|
1 /etc/postfix/main.cf:
|
|
|
|
2 myorigin = $mydomain
|
|
|
|
3 mynetworks = 127.0.0.0/8 10.0.0.0/24
|
|
|
|
4 relay_domains =
|
|
|
|
5 # Optional: forward all non-local mail to mailhost
|
|
|
|
6 #relayhost = $mydomain
|
|
|
|
</pre>
|
|
|
|
</blockquote>
|
|
|
|
|
|
|
|
<p> Translation: </p>
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
|
|
<li> <p> Line 2: Send mail as "user@example.com". </p>
|
|
|
|
|
|
|
|
<li> <p> Line 3: Specify the trusted networks. </p>
|
|
|
|
|
|
|
|
<li> <p> Line 4: This host does not relay mail from untrusted networks. </p>
|
|
|
|
|
|
|
|
<li> <p> Line 6: This is needed if no direct Internet access is
|
|
|
|
available. See also below, "<a href="#firewall">Postfix behind
|
|
|
|
a firewall</a>". </p>
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
|
|
<p> Next we present the mailhost configuration. This machine sends
|
|
|
|
mail as "user@example.com" and is final destination for
|
|
|
|
"user@hostname.example.com" as well as "user@example.com". </p>
|
|
|
|
|
|
|
|
<blockquote>
|
|
|
|
<pre>
|
|
|
|
1 DNS:
|
|
|
|
2 example.com IN MX 10 mailhost.example.com.
|
|
|
|
3
|
|
|
|
4 /etc/postfix/main.cf:
|
|
|
|
5 myorigin = $mydomain
|
|
|
|
6 mydestination = $myhostname localhost.$mydomain localhost $mydomain
|
|
|
|
7 mynetworks = 127.0.0.0/8 10.0.0.0/24
|
|
|
|
8 relay_domains =
|
|
|
|
9 # Optional: forward all non-local mail to firewall
|
|
|
|
10 #relayhost = [firewall.example.com]
|
|
|
|
</pre>
|
|
|
|
</blockquote>
|
|
|
|
|
|
|
|
<p> Translation: </p>
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
|
|
<li> <p> Line 2: Send mail for the domain "example.com" to the
|
|
|
|
machine mailhost.example.com. Remember to specify the "." at the
|
|
|
|
end of the line. </p>
|
|
|
|
|
|
|
|
<li> <p> Line 5: Send mail as "user@example.com". </p>
|
|
|
|
|
|
|
|
<li> <p> Line 6: This host is the final mail destination for the
|
|
|
|
"example.com" domain, in addition to the names of the machine
|
|
|
|
itself. </p>
|
|
|
|
|
|
|
|
<li> <p> Line 7: Specify the trusted networks. </p>
|
|
|
|
|
|
|
|
<li> <p> Line 8: This host does not relay mail from untrusted networks. </p>
|
|
|
|
|
|
|
|
<li> <p> Line 10: This is needed only when the mailhost has to
|
|
|
|
forward non-local mail via a mail server on a firewall. The
|
|
|
|
<tt>[]</tt> forces Postfix to do no MX record lookups. </p>
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
|
|
<p> In an environment like this, users access their mailbox in one
|
|
|
|
or more of the following ways:
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
|
|
<li> <p> Mailbox access via NFS or equivalent. </p>
|
|
|
|
|
|
|
|
<li> <p> Mailbox access via POP or IMAP. </p>
|
|
|
|
|
|
|
|
<li> <p> Mailbox on the user's preferred machine. </p>
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
|
|
<p> In the latter case, each user has an alias on the mailhost that
|
|
|
|
forwards mail to her preferred machine: </p>
|
|
|
|
|
|
|
|
<blockquote>
|
|
|
|
<pre>
|
|
|
|
/etc/aliases:
|
|
|
|
joe: joe@joes.preferred.machine
|
|
|
|
jane: jane@janes.preferred.machine
|
|
|
|
</pre>
|
|
|
|
</blockquote>
|
|
|
|
|
|
|
|
<p> On some systems the alias database is not in /etc/aliases. To
|
2005-08-19 01:00:20 +04:00
|
|
|
find out the location for your system, execute the command "<b>postconf
|
|
|
|
alias_maps</b>". </p>
|
2004-04-27 08:12:43 +04:00
|
|
|
|
2005-08-19 01:00:20 +04:00
|
|
|
<p> Execute the command "<b>newaliases</b>" whenever you change
|
|
|
|
the aliases file. </p>
|
2004-04-27 08:12:43 +04:00
|
|
|
|
|
|
|
<h2><a name="firewall">Postfix email firewall/gateway</a></h2>
|
|
|
|
|
|
|
|
<p> The idea is to set up a Postfix email firewall/gateway that
|
|
|
|
forwards mail for "example.com" to an inside gateway machine but
|
|
|
|
rejects mail for "anything.example.com". There is only one problem:
|
|
|
|
with "relay_domains = example.com", the firewall normally also
|
|
|
|
accepts mail for "anything.example.com". That would not be right.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p> Note: this example requires Postfix version 2.0 and later. To find
|
2005-08-19 01:00:20 +04:00
|
|
|
out what Postfix version you have, execute the command "<b>postconf
|
|
|
|
mail_version</b>". </p>
|
2004-04-27 08:12:43 +04:00
|
|
|
|
|
|
|
<p> The solution is presented in multiple parts. This first part
|
|
|
|
gets rid of local mail delivery on the firewall, making the firewall
|
|
|
|
harder to break. </p>
|
|
|
|
|
|
|
|
<blockquote>
|
|
|
|
<pre>
|
|
|
|
1 /etc/postfix/main.cf:
|
|
|
|
2 myorigin = example.com
|
|
|
|
3 mydestination =
|
|
|
|
4 local_recipient_maps =
|
|
|
|
5 local_transport = error:local mail delivery is disabled
|
|
|
|
6
|
|
|
|
7 /etc/postfix/master.cf:
|
|
|
|
8 Comment out the local delivery agent
|
|
|
|
</pre>
|
|
|
|
</blockquote>
|
|
|
|
|
|
|
|
<p> Translation: </p>
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
|
|
<li> <p> Line 2: Send mail from this machine as "user@example.com",
|
|
|
|
so that no reason exists to send mail to "user@firewall.example.com".
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<li> <p> Lines 3-8: Disable local mail delivery on the firewall
|
|
|
|
machine. </p>
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
|
|
<p> For the sake of technical correctness the firewall must be able
|
|
|
|
to receive mail for postmaster@[firewall ip address]. Reportedly,
|
|
|
|
some things actually expect this ability to exist. The second part
|
|
|
|
of the solution therefore adds support for postmaster@[firewall ip
|
|
|
|
address], and as a bonus we do abuse@[firewall ip address] as well.
|
|
|
|
All the mail to these two accounts is forwarded to an inside address.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<blockquote>
|
|
|
|
<pre>
|
|
|
|
1 /etc/postfix/main.cf:
|
|
|
|
2 virtual_alias_maps = hash:/etc/postfix/virtual
|
|
|
|
3
|
|
|
|
4 /etc/postfix/virtual:
|
|
|
|
5 postmaster postmaster@example.com
|
|
|
|
6 abuse abuse@example.com
|
|
|
|
</pre>
|
|
|
|
</blockquote>
|
|
|
|
|
|
|
|
<p> Translation: </p>
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
|
|
<li> <p> Because mydestination is empty (see the previous example),
|
|
|
|
only address literals matching $inet_interfaces or $proxy_interfaces
|
|
|
|
are deemed local. So "localpart@[a.d.d.r]" can be matched as simply
|
|
|
|
"localpart" in canonical(5) and virtual(5). This avoids the need to
|
|
|
|
specify firewall IP addresses into Postfix configuration files. </p>
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
|
|
<p> The last part of the solution does the email forwarding, which
|
|
|
|
is the real purpose of the firewall email function. </p>
|
|
|
|
|
|
|
|
<blockquote>
|
|
|
|
<pre>
|
|
|
|
1 /etc/postfix/main.cf:
|
|
|
|
2 mynetworks = 127.0.0.0/8 12.34.56.0/24
|
|
|
|
3 relay_domains = example.com
|
|
|
|
4 parent_domain_matches_subdomains =
|
|
|
|
5 debug_peer_list smtpd_access_maps
|
|
|
|
6 smtpd_recipient_restrictions =
|
|
|
|
7 permit_mynetworks reject_unauth_destination
|
|
|
|
8
|
|
|
|
9 relay_recipient_maps = hash:/etc/postfix/relay_recipients
|
|
|
|
10 transport_maps = hash:/etc/postfix/transport
|
|
|
|
11
|
|
|
|
12 /etc/postfix/relay_recipients:
|
|
|
|
13 user1@example.com x
|
|
|
|
14 user2@example.com x
|
|
|
|
15 . . .
|
|
|
|
16
|
|
|
|
17 /etc/postfix/transport:
|
|
|
|
18 example.com smtp:[inside-gateway.example.com]
|
|
|
|
</pre>
|
|
|
|
</blockquote>
|
|
|
|
|
|
|
|
<p> Translation: </p>
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
|
|
<li><p> Lines 1-7: Accept mail from local systems in $mynetworks,
|
|
|
|
and accept mail from outside for "user@example.com" but not for
|
|
|
|
"user@anything.example.com". The magic is in lines 4-5. </p>
|
|
|
|
|
|
|
|
<li> <p> Lines 9, 12-14: Define the list of valid addresses in the
|
|
|
|
"example.com" domain that can receive mail from the Internet. This
|
|
|
|
prevents the mail queue from filling up with undeliverable
|
|
|
|
MAILER-DAEMON messages. If you can't maintain a list of valid
|
|
|
|
recipients then you must specify "relay_recipient_maps =" (that
|
|
|
|
is, an empty value), or you must specify an "@example.com x"
|
|
|
|
wild-card in the relay_recipients table. </p>
|
|
|
|
|
|
|
|
<li> <p> Lines 10, 17-18: Route mail for "example.com" to the inside
|
|
|
|
gateway machine. The <tt>[]</tt> forces Postfix to do no MX lookup.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
|
2005-08-19 01:00:20 +04:00
|
|
|
<p>Specify <b>dbm</b> instead of <b>hash</b> if your system uses
|
|
|
|
<b>dbm</b> files instead of <b>db</b> files. To find out what lookup
|
|
|
|
tables Postfix supports, use the command "<b>postconf -m</b>". </p>
|
2004-04-27 08:12:43 +04:00
|
|
|
|
2005-08-19 01:00:20 +04:00
|
|
|
<p> Execute the command "<b>postmap /etc/postfix/relay_recipients</b>"
|
2004-04-27 08:12:43 +04:00
|
|
|
whenever you change the relay_recipients table. </p>
|
|
|
|
|
2005-08-19 01:00:20 +04:00
|
|
|
<p> Execute the command "<b>postmap /etc/postfix/transport</b>"
|
2004-04-27 08:12:43 +04:00
|
|
|
whenever you change the transport table. </p>
|
|
|
|
|
|
|
|
<h2><a name="some_local">Delivering some but not all accounts
|
|
|
|
locally</a></h2>
|
|
|
|
|
|
|
|
<p> A drawback of sending mail as "user@example.com" (instead of
|
|
|
|
"user@hostname.example.com") is that mail for "root" and other
|
|
|
|
system accounts is also sent to the central mailhost. In order to
|
|
|
|
deliver such accounts locally, you can set up virtual aliases as
|
|
|
|
follows: </p>
|
|
|
|
|
|
|
|
<blockquote>
|
|
|
|
<pre>
|
|
|
|
1 /etc/postfix/main.cf:
|
|
|
|
2 virtual_alias_maps = hash:/etc/postfix/virtual
|
|
|
|
3
|
|
|
|
4 /etc/postfix/virtual:
|
|
|
|
5 root root@localhost
|
|
|
|
6 . . .
|
|
|
|
</pre>
|
|
|
|
</blockquote>
|
|
|
|
|
|
|
|
<p> Translation: </p>
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
|
|
<li> <p> Line 5: As described in the virtual(5) manual page, the
|
|
|
|
bare name "root" matches "root@site" when "site" is equal to
|
|
|
|
$myorigin, when "site" is listed in $mydestination, or when it
|
|
|
|
matches $inet_interfaces or $proxy_interfaces. </p>
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
|
2005-08-19 01:00:20 +04:00
|
|
|
<p> In some installations, there may be separate instances of Postfix
|
|
|
|
processing inbound and outbound mail on a multi-homed firewall. The
|
|
|
|
inbound Postfix instance has an SMTP server listening on the external
|
|
|
|
firewall interface, and the outbound Postfix instance has an SMTP server
|
|
|
|
listening on the internal interface. In such a configuration is it is
|
|
|
|
tempting to configure $inet_interfaces in each instance with just the
|
|
|
|
corresponding interface address. </p>
|
|
|
|
|
|
|
|
<p> In most cases, using inet_interfaces in this way will not work,
|
|
|
|
because as documented in the $inet_interfaces reference manual, the
|
|
|
|
smtp(8) delivery agent will also use the specified interface address
|
|
|
|
as the source address for outbound connections and will be unable to
|
|
|
|
reach hosts on "the other side" of the firewall. The symptoms are that
|
|
|
|
the firewall is unable to connect to hosts that are in fact up. See the
|
|
|
|
inet_interfaces parameter documentation for suggested work-arounds.</p>
|
|
|
|
|
2004-04-27 08:12:43 +04:00
|
|
|
<h2><a name="intranet">Running Postfix behind a firewall</a></h2>
|
|
|
|
|
|
|
|
<p> The simplest way to set up Postfix on a host behind a firewalled
|
|
|
|
network is to send all mail to a gateway host, and to let that mail
|
|
|
|
host take care of internal and external forwarding. Examples of that
|
|
|
|
are shown in the <a href="#local_network">local area network</a>
|
|
|
|
section above. A more sophisticated approach is to send only external
|
|
|
|
mail to the gateway host, and to send intranet mail directly.
|
|
|
|
That's what Wietse does at work. </p>
|
|
|
|
|
|
|
|
<p> Note: this example requires Postfix version 2.0 and later. To find
|
2005-08-19 01:00:20 +04:00
|
|
|
out what Postfix version you have, execute the command "<b>postconf
|
|
|
|
mail_version</b>". </p>
|
2004-04-27 08:12:43 +04:00
|
|
|
|
|
|
|
<p> The following example presents additional configuration. You
|
|
|
|
need to combine this with basic configuration information as
|
|
|
|
discussed the first half of this document. </p>
|
|
|
|
|
|
|
|
<blockquote>
|
|
|
|
<pre>
|
|
|
|
1 /etc/postfix/main.cf:
|
|
|
|
2 transport_maps = hash:/etc/postfix/transport
|
|
|
|
3 relayhost =
|
|
|
|
4 # Optional for a machine that isn't "always on"
|
|
|
|
5 #fallback_relay = [gateway.example.com]
|
|
|
|
6
|
|
|
|
7 /etc/postfix/transport:
|
|
|
|
8 # Internal delivery.
|
|
|
|
9 example.com :
|
|
|
|
10 .example.com :
|
|
|
|
11 # External delivery.
|
|
|
|
12 * smtp:[gateway.example.com]
|
|
|
|
</pre>
|
|
|
|
</blockquote>
|
|
|
|
|
|
|
|
<p> Translation: </p>
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
|
|
<li> <p> Lines 2, 7-12: Request that intranet mail is delivered
|
|
|
|
directly, and that external mail is given to a gateway. Obviously,
|
|
|
|
this example assumes that the organization uses DNS MX records
|
|
|
|
internally. The <tt>[]</tt> forces Postfix to do no MX lookup.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<li> <p> Line 3: IMPORTANT: do not specify a relayhost in main.cf.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<li> <p> Line 5: This prevents mail from being stuck in the queue
|
|
|
|
when the machine is turned off. Postfix tries to deliver mail
|
|
|
|
directly, and gives undeliverable mail to a gateway. </p>
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
|
2005-08-19 01:00:20 +04:00
|
|
|
<p> Specify <b>dbm</b> instead of <b>hash</b> if your system uses
|
|
|
|
<b>dbm</b> files instead of <b>db</b> files. To find out what lookup
|
|
|
|
tables Postfix supports, use the command "<b>postconf -m</b>". </p>
|
2004-04-27 08:12:43 +04:00
|
|
|
|
2005-08-19 01:00:20 +04:00
|
|
|
<p> Execute the command "<b>postmap /etc/postfix/transport</b>" whenever
|
2004-04-27 08:12:43 +04:00
|
|
|
you edit the transport table. </p>
|
|
|
|
|
2005-08-19 01:00:20 +04:00
|
|
|
<h2><a name="backup">Configuring Postfix as primary or backup MX host for a remote site</a></h2>
|
2004-04-27 08:12:43 +04:00
|
|
|
|
|
|
|
<p> This section presents additional configuration. You need to
|
|
|
|
combine this with basic configuration information as discussed the
|
|
|
|
first half of this document. </p>
|
|
|
|
|
|
|
|
<p> When your system is SECONDARY MX host for a remote site this
|
|
|
|
is all you need: </p>
|
|
|
|
|
|
|
|
<blockquote>
|
|
|
|
<pre>
|
|
|
|
1 DNS:
|
|
|
|
2 the.backed-up.domain.tld IN MX 100 your.machine.tld.
|
|
|
|
3
|
|
|
|
4 /etc/postfix/main.cf:
|
|
|
|
5 relay_domains = . . . the.backed-up.domain.tld
|
|
|
|
6 smtpd_recipient_restrictions =
|
|
|
|
7 permit_mynetworks reject_unauth_destination
|
|
|
|
8
|
|
|
|
9 # You must specify your NAT/proxy external address.
|
|
|
|
10 #proxy_interfaces = 1.2.3.4
|
|
|
|
11
|
|
|
|
12 relay_recipient_maps = hash:/etc/postfix/relay_recipients
|
|
|
|
13
|
|
|
|
14 /etc/postfix/relay_recipients:
|
|
|
|
15 user1@the.backed-up.domain.tld x
|
|
|
|
16 user2@the.backed-up.domain.tld x
|
|
|
|
17 . . .
|
|
|
|
</pre>
|
|
|
|
</blockquote>
|
|
|
|
|
|
|
|
<p> When your system is PRIMARY MX host for a remote site you
|
|
|
|
need the above, plus: </p>
|
|
|
|
|
|
|
|
<blockquote>
|
|
|
|
<pre>
|
|
|
|
18 /etc/postfix/main.cf:
|
|
|
|
19 transport_maps = hash:/etc/postfix/transport
|
|
|
|
20
|
|
|
|
21 /etc/postfix/transport:
|
|
|
|
22 the.backed-up.domain.tld relay:[their.mail.host.tld]
|
|
|
|
</pre>
|
|
|
|
</blockquote>
|
|
|
|
|
|
|
|
<p> Important notes:
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
|
|
<li><p>Do not list the.backed-up.domain.tld in mydestination.</p>
|
|
|
|
|
|
|
|
<li><p>Do not list the.backed-up.domain.tld in virtual_alias_domains.</p>
|
|
|
|
|
|
|
|
<li><p>Do not list the.backed-up.domain.tld in virtual_mailbox_domains.</p>
|
|
|
|
|
|
|
|
<li> <p> Lines 1-7: Forward mail from the Internet for
|
|
|
|
"the.backed-up.domain.tld" to the primary MX host for that domain.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<li> <p> Line 10: This is a must if Postfix receives mail via a
|
|
|
|
NAT relay or proxy that presents a different IP address to the
|
|
|
|
world than the local machine. </p>
|
|
|
|
|
|
|
|
<li> <p> Lines 12-16: Define the list of valid addresses in the
|
|
|
|
"the.backed-up.domain.tld" domain. This prevents your mail queue
|
|
|
|
from filling up with undeliverable MAILER-DAEMON messages. If you
|
|
|
|
can't maintain a list of valid recipients then you must specify
|
|
|
|
"relay_recipient_maps =" (that is, an empty value), or you must
|
|
|
|
specify an "@example.com x" wild-card in the relay_recipients
|
|
|
|
table. </p>
|
|
|
|
|
|
|
|
<li> <p> Line 22: The <tt>[]</tt> forces Postfix to do no MX lookup. </p>
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
|
2005-08-19 01:00:20 +04:00
|
|
|
<p> Specify <b>dbm</b> instead of <b>hash</b> if your system uses
|
|
|
|
<b>dbm</b> files instead of <b>db</b> files. To find out what lookup
|
|
|
|
tables Postfix supports, use the command "<b>postconf -m</b>". </p>
|
|
|
|
|
|
|
|
<p> Execute the command "<b>postmap /etc/postfix/transport</b>"
|
|
|
|
whenever you change the transport table. </p>
|
|
|
|
|
|
|
|
<p> NOTE: Do not use the fallback_relay feature when relaying mail
|
|
|
|
for a backup or primary MX domain. Mail would loop between the
|
|
|
|
Postfix MX host and the fallback_relay host when the final destination
|
|
|
|
is unavailable. </p>
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
|
|
<li> In main.cf specify "<tt>relay_transport = relay</tt>",
|
|
|
|
|
|
|
|
<li> In master.cf specify "<tt>-o fallback_relay =</tt>" at the
|
|
|
|
end of the <tt>relay</tt> entry.
|
|
|
|
|
|
|
|
<li> In transport maps, specify "<tt>relay:<i>nexthop...</i></tt>"
|
|
|
|
as the right-hand side for backup or primary MX domain entries.
|
|
|
|
|
|
|
|
</ul>
|
2004-04-27 08:12:43 +04:00
|
|
|
|
2005-08-19 01:00:20 +04:00
|
|
|
<p> These are default settings in Postfix version 2.2 and later.
|
|
|
|
</p>
|
2004-04-27 08:12:43 +04:00
|
|
|
|
|
|
|
<h2><a name="dialup">Postfix on a dialup machine</a></h2>
|
|
|
|
|
|
|
|
<p> This section applies to dialup connections that are down most
|
|
|
|
of the time. For dialup connections that are up 24x7, see the <a
|
|
|
|
href="#local_network">local area network</a> section above. </p>
|
|
|
|
|
|
|
|
<p> This section presents additional configuration. You need to
|
|
|
|
combine this with basic configuration information as discussed the
|
|
|
|
first half of this document. </p>
|
|
|
|
|
2005-08-19 01:00:20 +04:00
|
|
|
<p> If you do not have your own hostname and IP address (usually
|
|
|
|
with dialup, cable TV or DSL connections) then you should also
|
|
|
|
study the section on "<a href="#fantasy">Postfix on hosts without
|
|
|
|
a real Internet hostname</a>". </p>
|
2004-04-27 08:12:43 +04:00
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
|
|
<li> Route all outgoing mail to your network provider.
|
|
|
|
|
|
|
|
<p> If your machine is disconnected most of the time, there isn't
|
|
|
|
a lot of opportunity for Postfix to deliver mail to hard-to-reach
|
|
|
|
corners of the Internet. It's better to give the mail to a machine
|
|
|
|
that is connected all the time. In the example below, the <tt>[]</tt>
|
|
|
|
prevents Postfix from trying to look up DNS MX records. </p>
|
|
|
|
|
|
|
|
<pre>
|
|
|
|
/etc/postfix/main.cf:
|
|
|
|
relayhost = [smtprelay.someprovider.com]
|
|
|
|
</pre>
|
|
|
|
|
|
|
|
<li> <p><a name="spontaneous_smtp">Disable spontaneous SMTP mail
|
|
|
|
delivery (if using on-demand dialup IP only).</a> </p>
|
|
|
|
|
|
|
|
<p> Normally, Postfix attempts to deliver outbound mail at its convenience.
|
|
|
|
If your machine uses on-demand dialup IP, this causes your system
|
|
|
|
to place a telephone call whenever you submit new mail, and whenever
|
|
|
|
Postfix retries to deliver delayed mail. To prevent such telephone
|
|
|
|
calls from being placed, disable spontaneous SMTP mail deliveries. </p>
|
|
|
|
|
|
|
|
<pre>
|
|
|
|
/etc/postfix/main.cf:
|
|
|
|
defer_transports = smtp (Only for on-demand dialup IP hosts)
|
|
|
|
</pre>
|
|
|
|
|
|
|
|
<li> <p>Disable SMTP client DNS lookups (dialup LAN only).</p>
|
|
|
|
|
|
|
|
<pre>
|
|
|
|
/etc/postfix/main.cf:
|
|
|
|
disable_dns_lookups = yes (Only for on-demand dialup IP hosts)
|
|
|
|
</pre>
|
|
|
|
|
|
|
|
<li> Flush the mail queue whenever the Internet link is established.
|
|
|
|
|
|
|
|
<p> Put the following command into your PPP or SLIP dialup scripts: </p>
|
|
|
|
|
|
|
|
<pre>
|
|
|
|
/usr/sbin/sendmail -q (whenever the Internet link is up)
|
|
|
|
</pre>
|
|
|
|
|
2005-08-19 01:00:20 +04:00
|
|
|
<p> The exact location of the Postfix sendmail command is system-specific.
|
|
|
|
Use the command "<b>postconf sendmail_path</b>" to find out where the
|
2004-04-27 08:12:43 +04:00
|
|
|
Postfix sendmail command is located on your machine. </p>
|
|
|
|
|
|
|
|
<p> In order to find out if the mail queue is flushed, use something
|
|
|
|
like: </p>
|
|
|
|
|
|
|
|
<pre>
|
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
# Start mail deliveries.
|
|
|
|
/usr/sbin/sendmail -q
|
|
|
|
|
|
|
|
# Allow deliveries to start.
|
|
|
|
sleep 10
|
|
|
|
|
|
|
|
# Loop until all messages have been tried at least once.
|
|
|
|
while mailq | grep '^[^ ]*\*' >/dev/null
|
|
|
|
do
|
|
|
|
sleep 10
|
|
|
|
done
|
|
|
|
</pre>
|
|
|
|
|
|
|
|
<p> If you have disabled <a href="#spontaneous_smtp">spontaneous
|
2005-08-19 01:00:20 +04:00
|
|
|
SMTP mail delivery</a>, you also need to run the "<b>sendmail -q</b>"
|
2004-04-27 08:12:43 +04:00
|
|
|
command every now and then while the dialup link is up, so that
|
|
|
|
newly-posted mail is flushed from the queue. </p>
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
|
2005-08-19 01:00:20 +04:00
|
|
|
<h2><a name="fantasy">Postfix on hosts without a real Internet
|
|
|
|
hostname</a></h2>
|
2004-04-27 08:12:43 +04:00
|
|
|
|
2005-08-19 01:00:20 +04:00
|
|
|
<p> This section is for hosts that don't have their own Internet
|
|
|
|
hostname. Typically these are systems that get a dynamic IP address
|
|
|
|
via DHCP or via dialup. Postfix will let you send and receive mail
|
|
|
|
just fine between accounts on a machine with a fantasy name. However,
|
|
|
|
you cannot use a fantasy hostname in your email address when sending
|
2004-04-27 08:12:43 +04:00
|
|
|
mail into the Internet, because no-one would be able to reply to
|
2005-08-19 01:00:20 +04:00
|
|
|
your mail. In fact, more and more sites refuse mail addresses with
|
|
|
|
non-existent domain names. </p>
|
|
|
|
|
|
|
|
<p> Note: the following information is Postfix version dependent.
|
|
|
|
To find out what Postfix version you have, execute the command
|
|
|
|
"<b>postconf mail_version</b>". </p>
|
|
|
|
|
|
|
|
<h3>Solution 1: Postfix version 2.2 and later </h3>
|
|
|
|
|
|
|
|
<p> Postfix 2.2 uses the generic(5) address mapping to replace
|
|
|
|
local fantasy email addresses by valid Internet addresses. This
|
|
|
|
mapping happens ONLY when mail leaves the machine; not when you
|
|
|
|
send mail between users on the same machine. </p>
|
2004-04-27 08:12:43 +04:00
|
|
|
|
2005-08-19 01:00:20 +04:00
|
|
|
<p> The following example presents additional configuration. You
|
|
|
|
need to combine this with basic configuration information as
|
|
|
|
discussed the first half of this document. </p>
|
2004-04-27 08:12:43 +04:00
|
|
|
|
2005-08-19 01:00:20 +04:00
|
|
|
<blockquote>
|
|
|
|
<pre>
|
|
|
|
1 /etc/postfix/main.cf:
|
|
|
|
2 smtp_generic_maps = hash:/etc/postfix/generic
|
|
|
|
3
|
|
|
|
4 /etc/postfix/generic:
|
|
|
|
5 his@localdomain.local hisaccount@hisisp.example
|
|
|
|
6 her@localdomain.local heraccount@herisp.example
|
|
|
|
7 @localdomain.local hisaccount+local@hisisp.example
|
|
|
|
</pre>
|
|
|
|
</blockquote>
|
|
|
|
|
|
|
|
<p> When mail is sent to a remote host via SMTP: </p>
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
|
|
<li> <p> Line 5 replaces <i>his@localdomain.local</i> by his ISP
|
|
|
|
mail address, </p>
|
|
|
|
|
|
|
|
<li> <p> Line 6 replaces <i>her@localdomain.local</i> by her ISP
|
|
|
|
mail address, and </p>
|
|
|
|
|
|
|
|
<li> <p> Line 7 replaces other local addresses by his ISP account,
|
|
|
|
with an address extension of +<i>local</i> (this example assumes
|
|
|
|
that the ISP supports "+" style address extensions). </p>
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
|
|
<p>Specify <b>dbm</b> instead of <b>hash</b> if your system uses
|
|
|
|
<b>dbm</b> files instead of <b>db</b> files. To find out what lookup
|
|
|
|
tables Postfix supports, use the command "<b>postconf -m</b>". </p>
|
|
|
|
|
|
|
|
<p> Execute the command "<b>postmap /etc/postfix/generic</b>"
|
|
|
|
whenever you change the generic table. </p>
|
|
|
|
|
|
|
|
<h3>Solution 2: Postfix version 2.1 and earlier </h3>
|
|
|
|
|
|
|
|
<p> The solution with older Postfix systems is to use valid
|
2004-04-27 08:12:43 +04:00
|
|
|
Internet addresses where possible, and to let Postfix map valid
|
|
|
|
Internet addresses to local fantasy addresses. With this, you can
|
|
|
|
send mail to the Internet and to local fantasy addresses, including
|
|
|
|
mail to local fantasy addresses that don't have a valid Internet
|
|
|
|
address of their own.</p>
|
|
|
|
|
|
|
|
<p> The following example presents additional configuration. You
|
|
|
|
need to combine this with basic configuration information as
|
|
|
|
discussed the first half of this document. </p>
|
|
|
|
|
|
|
|
<blockquote>
|
|
|
|
<pre>
|
|
|
|
1 /etc/postfix/main.cf:
|
|
|
|
2 myhostname = hostname.localdomain
|
|
|
|
3 mydomain = localdomain
|
|
|
|
4
|
|
|
|
5 canonical_maps = hash:/etc/postfix/canonical
|
|
|
|
6
|
|
|
|
7 virtual_alias_maps = hash:/etc/postfix/virtual
|
|
|
|
8
|
|
|
|
9 /etc/postfix/canonical:
|
|
|
|
10 your-login-name your-account@your-isp.com
|
|
|
|
11
|
|
|
|
12 /etc/postfix/virtual:
|
|
|
|
13 your-account@your-isp.com your-login-name
|
|
|
|
</pre>
|
|
|
|
</blockquote>
|
|
|
|
|
|
|
|
<p> Translation: </p>
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
|
|
<li> <p> Lines 2-3: Substitute your fantasy hostname here. Do not
|
|
|
|
use a domain name that is already in use by real organizations
|
|
|
|
on the Internet. See RFC 2606 for examples of domain
|
|
|
|
names that are guaranteed not to be owned by anyone. </p>
|
|
|
|
|
|
|
|
<li> <p> Lines 5, 9, 10: This provides the mapping from
|
|
|
|
"your-login-name@hostname.localdomain" to "your-account@your-isp.com".
|
|
|
|
This part is required. </p>
|
|
|
|
|
|
|
|
<li> <p> Lines 7, 12, 13: Deliver mail for "your-account@your-isp.com"
|
|
|
|
locally, instead of sending it to the ISP. This part is not required
|
|
|
|
but is convenient.
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
|
2005-08-19 01:00:20 +04:00
|
|
|
<p>Specify <b>dbm</b> instead of <b>hash</b> if your system uses
|
|
|
|
<b>dbm</b> files instead of <b>db</b> files. To find out what lookup
|
|
|
|
tables Postfix supports, use the command "<b>postconf -m</b>". </p>
|
|
|
|
|
|
|
|
<p> Execute the command "<b>postmap /etc/postfix/canonical</b>"
|
|
|
|
whenever you change the canonical table. </p>
|
|
|
|
|
|
|
|
<p> Execute the command "<b>postmap /etc/postfix/virtual</b>"
|
|
|
|
whenever you change the virtual table. </p>
|
|
|
|
|
2004-04-27 08:12:43 +04:00
|
|
|
</body>
|
|
|
|
|
|
|
|
</html>
|