432 lines
10 KiB
HTML
432 lines
10 KiB
HTML
<html>
|
|
|
|
<head>
|
|
|
|
<title> Postfix Configuration - Basics </title>
|
|
|
|
</head>
|
|
|
|
<body>
|
|
|
|
<h1><a href="big-picture.html"><img src="small-picture.gif" width="115" height="45"></a> Postfix Configuration - Basics </h1>
|
|
|
|
<hr>
|
|
|
|
<a href="index.html">Up one level</a> | Basic Configuration | <a
|
|
href="uce.html">UCE Controls</a> | <a href="rate.html"> Rate
|
|
Controls</a> | <a href="resource.html"> Resource Controls</a> | <a
|
|
href="rewrite.html"> Address Manipulation </a>
|
|
|
|
<h2> Introduction </h2>
|
|
|
|
Postfix has several hundred configuration parameters that are controlled
|
|
via the <b>main.cf</b> file. Fortunately, they have sensible
|
|
default values. In most cases, you need to configure only two or
|
|
three parameters before you can use the Postfix mail system:
|
|
|
|
<ul>
|
|
|
|
<li> <a href="#myorigin"> What domain to use in outbound mail </a>
|
|
|
|
<p>
|
|
|
|
<li> <a href="#mydestination"> What domains to receive mail for
|
|
</a>
|
|
<p>
|
|
|
|
<li> <a href="#relaying"> What clients to relay mail for </a>
|
|
|
|
</ul>
|
|
|
|
The default values for many other configuration parameters are
|
|
derived from just these.
|
|
|
|
<p>
|
|
|
|
The next parameter of interest controls the amount of mail sent
|
|
to the local postmaster:
|
|
|
|
<ul>
|
|
|
|
<li> <a href="#notify"> What trouble to report to the postmaster
|
|
</a>
|
|
|
|
</ul>
|
|
|
|
<p>
|
|
|
|
By the way, if you change parameters of a running Postfix system,
|
|
don't forget to issue a <b>postfix reload</b> command.
|
|
|
|
<p>
|
|
|
|
If you run Postfix on a virtual network interface, or if your
|
|
machine runs other mailers on virtual interfaces, you'll have to
|
|
look at the other parameters listed here as well:
|
|
|
|
<ul>
|
|
|
|
<li> <a href="#myhostname"> My own hostname </a>
|
|
|
|
<p>
|
|
|
|
<li> <a href="#mydomain"> My own domain name </a>
|
|
|
|
<p>
|
|
|
|
<li> <a href="#mynetworks"> My own networks </a>
|
|
|
|
<p>
|
|
|
|
<li> <a href="#inet_interfaces"> My own network addresses </a>
|
|
|
|
</ul>
|
|
|
|
<a name="myorigin"> <h2> What domain to use in outbound mail </h2> </a>
|
|
|
|
The <b>myorigin</b> parameter specifies the domain that appears in
|
|
mail that is posted on this machine. The default is to use the
|
|
local machine name, <b><a href="#myhostname"> $myhostname</a>, </b>
|
|
which defaults to the name of the machine. Unless you are running
|
|
a really small site, you probably want to change that into <b><a
|
|
href="#mydomain"> $mydomain</a>,</b> which defaults to the parent
|
|
domain of the machine name.
|
|
|
|
<p>
|
|
|
|
<dl>
|
|
|
|
<dt> Examples:
|
|
|
|
<p>
|
|
|
|
<dd> <b>myorigin = $myhostname</b> (default)
|
|
|
|
<dd> <b>myorigin = $mydomain</b> (probably desirable)
|
|
|
|
</dl>
|
|
|
|
<a name="mydestination"> <h2> What domains to receive mail for
|
|
</h2> </a>
|
|
|
|
The <b>mydestination</b> parameter specifies what domains this
|
|
machine will deliver locally, instead of forwarding to another
|
|
machine. The default is to receive mail for the machine itself.
|
|
|
|
<p>
|
|
|
|
You can specify zero or more domain names, <i>/file/name</i> patterns
|
|
and/or <i>type:name</i> lookup tables, separated by whitespace
|
|
and/or commas. A <i>/file/name</i> is replaced by its contents;
|
|
<i>type:name</i> requests that a table lookup is done, typically
|
|
from a <a href="rewrite.html#virtual">virtual</a> database.
|
|
|
|
<p>
|
|
|
|
If your machine is a mail server for its entire domain, you must
|
|
list <b>$mydomain</b> as well.
|
|
|
|
<p>
|
|
|
|
<dl> Examples:
|
|
|
|
<p>
|
|
|
|
<dl>
|
|
|
|
<dt> Default setting:
|
|
|
|
<dd> <b>mydestination = $myhostname localhost.$mydomain</b>
|
|
|
|
<p>
|
|
|
|
<dt> Domain-wide mail server:
|
|
|
|
<dd> <b>mydestination = $myhostname localhost.$mydomain $mydomain
|
|
</b>
|
|
|
|
<p>
|
|
|
|
<dt> Host with multiple DNS A records:
|
|
|
|
<dd> <b>mydestination = $myhostname localhost.$mydomain www.$mydomain
|
|
ftp.$mydomain</b>
|
|
|
|
</dl>
|
|
|
|
<p>
|
|
|
|
Caution: in order to avoid mail delivery loops, you must list all
|
|
hostnames of the machine, including $myhostname, and localhost.$mydomain.
|
|
|
|
</dl>
|
|
|
|
<a name="relaying"> <h2> What clients to relay mail for </h2> </a>
|
|
|
|
By default, Postfix will relay mail for clients in authorized
|
|
networks and in authorized domains.
|
|
|
|
<p>
|
|
|
|
Authorized client networks are defined by the <a
|
|
href="#mynetworks">mynetworks</a> parameter. The default is to
|
|
authorize all clients in the IP subnetworks that the local machine
|
|
is attached to.
|
|
|
|
<p>
|
|
|
|
Authorized client domains are by defined by the <a
|
|
href="uce.html#relay_domains"> relay_domains</a> configuration
|
|
parameter. The default setting trusts clients with hostnames below
|
|
the domain(s) listed in <a href="#mydestination">mydestination</a>.
|
|
|
|
<a name="notify"> <h2> What trouble to report to the postmaster
|
|
</h2> </a>
|
|
|
|
You should set up a <b>postmaster</b> <a
|
|
href="rewrite.html#aliases">alias</a> that points to a human person.
|
|
This alias is required to exist, so that people can report mail
|
|
delivery problems.
|
|
|
|
<p>
|
|
|
|
The Postfix system itself also reports problems to the postmaster
|
|
alias. You may not be interested in all types of trouble reports,
|
|
so this reporting mechanism is configurable. The default is to
|
|
report only serious problems (resource, software) to postmaster:
|
|
|
|
<p>
|
|
|
|
<dl>
|
|
|
|
<dt> Default:
|
|
|
|
<dd> <b>notify_classes = resource, software</b>
|
|
|
|
<p>
|
|
|
|
<dt>The meaning of the classes is as follows:
|
|
|
|
<p>
|
|
|
|
<dl>
|
|
|
|
<dt> <b>bounce</b> <dd> Send postmaster copies of undeliverable
|
|
mail. If mail is undeliverable, a so-called single bounce message
|
|
is sent, with a copy of the message that was not delivered. For
|
|
privacy reasons, the postmaster copy of a single bounce message is
|
|
truncated after the original message headers. If a single bounce
|
|
message is undeliverable, the postmaster receives a double bounce
|
|
message with a copy of the entire single bounce message. See also
|
|
the <a href="rewrite.html#luser_relay"> luser_relay</a> feature.
|
|
|
|
<p>
|
|
|
|
<dt> <b>2bounce</b> <dd> Send double bounces to the postmaster.
|
|
|
|
<p>
|
|
|
|
<dt> <b>delay</b> <dd> Inform the postmaster of delayed mail.
|
|
In this case, the postmaster receives message headers only.
|
|
|
|
<p>
|
|
|
|
<dt> <b>policy</b> <dd> Inform the postmaster of client requests
|
|
that were rejected because of (UCE) policy restrictions. The
|
|
postmaster receives a transcript of the entire SMTP session.
|
|
|
|
<p>
|
|
|
|
<dt> <b>protocol</b> <dd> Inform the postmaster of protocol errors
|
|
(client or server side) or attempts by a client to execute
|
|
unimplemented commands. The postmaster receives a transcript of
|
|
the entire SMTP session.
|
|
|
|
<p>
|
|
|
|
<dt> <b>resource</b> <dd> Inform the postmaster of mail not delivered
|
|
due to resource problems (for example, queue file write errors).
|
|
|
|
<p>
|
|
|
|
<dt> <b>software</b> <dd> Inform the postmaster of mail not delivered
|
|
due to software problems.
|
|
|
|
</dl>
|
|
|
|
</dl>
|
|
|
|
<a name="myhostname"> <h2> My own hostname </h2> </a>
|
|
|
|
The <b>myhostname</b> parameter describes the fully-qualified domain
|
|
name of the machine running the Postfix system. <b> $myhostname</b>
|
|
appears as the default value in many other Postfix configuration
|
|
parameters.
|
|
|
|
<p>
|
|
|
|
By default, <b>myhostname</b> is set to the local machine name.
|
|
If your machine name is not in fully-qualified domain name form,
|
|
or if you run Postfix on a virtual interface, you will have to
|
|
specify the fully-qualified domain name that the mail system
|
|
should use.
|
|
|
|
<dl>
|
|
|
|
<dt> Examples:
|
|
|
|
<p>
|
|
|
|
<dd> <b>myhostname = host.local.domain</b> (local hostname is not
|
|
FQDN)
|
|
|
|
<dd> <b>myhostname = host.virtual.domain</b> (virtual interface)
|
|
|
|
<dd> <b>myhostname = virtual.domain</b> (virtual interface)
|
|
|
|
</dl>
|
|
|
|
<a name="mydomain"> <h2> My own domain name </h2> </a>
|
|
|
|
The <b>mydomain</b> parameter specifies the parent domain of
|
|
<b>$myhostname.</b> By default it is derived from <b> $myhostname</b>
|
|
by stripping off the first part (unless the result would be a
|
|
top-level domain).
|
|
|
|
<dl>
|
|
|
|
<dt> Examples:
|
|
|
|
<p>
|
|
|
|
<dd> <b>mydomain = local.domain</b>
|
|
|
|
<dd> <b>mydomain = virtual.domain</b> (virtual interface)
|
|
|
|
</dl>
|
|
|
|
<a name="mynetworks"> <h2> My own networks </h2> </a>
|
|
|
|
The <b>mynetworks</b> parameter lists all networks that this machine
|
|
somehow trusts. This information can be used by the <a href="uce.html">
|
|
anti-UCE</a> features to recognize trusted SMTP clients that are
|
|
allowed to relay mail through Postfix.
|
|
|
|
<p>
|
|
|
|
You can specify the list of trusted networks in the <b>main.cf</b>
|
|
file, or you can let Postfix deduce the list for you. The default
|
|
is to let Postfix do the work for you.
|
|
|
|
<p>
|
|
|
|
<dl>
|
|
|
|
<dt> Default:
|
|
|
|
<dd> <b>mynetworks_style = subnet</b>
|
|
|
|
<p>
|
|
|
|
<dt>The meaning of the styles is as follows:
|
|
|
|
<p>
|
|
|
|
<dl>
|
|
|
|
<dt> <b>class</b> <dd> Trust SMTP clients in the class A/B/C networks
|
|
that Postfix is connected to. <b>Don't do this with a dialup site
|
|
- it would cause Postfix to "trust" your entire provider's network.
|
|
Instead, specify an explicit mynetworks list by hand, as described
|
|
below</b>.
|
|
|
|
<p>
|
|
|
|
<dt> <b>subnet</b> (default) <dd> Trust SMTP clients in the IP
|
|
subnetworks that Postfix is connected to.
|
|
|
|
<p>
|
|
|
|
<dt> <b>host</b> <dd> Trust only the local machine.
|
|
|
|
</dl>
|
|
|
|
</dl>
|
|
|
|
<p>
|
|
|
|
Alternatively, you can specify the <b>mynetworks</b> list by hand,
|
|
in which case Postfix ignores the <b>mynetworks_style</b> setting.
|
|
To specify the list of trusted networks by hand, specify network
|
|
blocks in CIDR (network/mask) notation, for example:
|
|
|
|
<p>
|
|
|
|
<dl>
|
|
|
|
<dd> <b>mynetworks = 168.100.189.0/28, 127.0.0.0/8</b>
|
|
|
|
</dl>
|
|
|
|
<p>
|
|
|
|
You can also specify the absolute pathname of a pattern file instead
|
|
of listing the patterns in the <b>main.cf</b> file.
|
|
|
|
<a name="inet_interfaces"> <h2> My own network addresses </h2> </a>
|
|
|
|
The <b>inet_interfaces</b> parameter specifies all network interface
|
|
addresses that the Postfix system should listen on; mail addressed
|
|
to <i>user</i>@[<i>network address</i>] will be delivered locally,
|
|
as if it is addressed to a domain listed in <b> $mydestination.
|
|
</b>
|
|
|
|
<p>
|
|
|
|
The default is to listen on all active interfaces. If you run
|
|
mailers on virtual interfaces, you will have to specify what
|
|
interfaces to listen on.
|
|
|
|
<p>
|
|
|
|
You even have to specify explicit machine interfaces for the
|
|
non-virtual mailer that receives mail for the machine itself: the
|
|
non-virtual mailer should never listen on the virtual interfaces
|
|
or you would have a mailer loop.
|
|
|
|
<dl>
|
|
|
|
<dt> Examples:
|
|
|
|
<p>
|
|
|
|
<dl>
|
|
|
|
<dt> Default:
|
|
|
|
<dd> <b>inet_interfaces = all</b>
|
|
|
|
<p>
|
|
|
|
<dt> Host running virtual mailers:
|
|
|
|
<dd> <b>inet_interfaces = virtual.host.name</b> (virtual domain)
|
|
|
|
<dd> <b>inet_interfaces = $myhostname localhost.$mydomain</b>
|
|
(non-virtual mailer)
|
|
|
|
</dl>
|
|
|
|
</dl>
|
|
|
|
<hr>
|
|
|
|
<a href="index.html">Up one level</a> | Basic Configuration | <a
|
|
href="uce.html">UCE Controls</a> | <a href="rate.html"> Rate
|
|
Controls</a> | <a href="resource.html"> Resource Controls</a> | <a
|
|
href="rewrite.html"> Address Manipulation </a>
|
|
|
|
</body>
|
|
|
|
</html>
|