Cover image for Postfix: The Definitive Guide

Book description

Postfix is a Mail Transfer Agent (MTA): software that mail servers use to route email. Postfix is highly respected by experts for its secure design and tremendous reliability. And new users like it because it's so simple to configure. In fact, Postfix has been adopted as the default MTA on Mac OS X. It is also compatible with sendmail, so that existing scripts and programs continue to work seamlessly after it is installed. Postfix was written by well-known security expert Wietse Venema, who reviewed this book intensively during its entire development. Author Kyle Dent covers a wide range of Postfix tasks, from virtual hosting to controls for unsolicited commercial email. While basic configuration of Postfix is easy, every site has unique needs that call for a certain amount of study. This book, with careful background explanations and generous examples, eases readers from the basic configuration to the full power of Postfix. It discusses the Postfix interfaces to various tools that round out a fully scalable and highly secure email system. These tools include POP, IMAP, LDAP, MySQL, Simple Authentication and Security Layer (SASL), and Transport Layer Security (TLS, an upgrade of SSL). A reference section for Postfix configuration parameters and an installation guide are included. Topics include:

  • Basic installation and configuration

  • DNS configuration for email

  • Working with POP/IMAP servers

  • Hosting multiple domains (virtual hosting)

  • Mailing lists

  • Handling unsolicited email (spam blocking)

  • Security through SASL and TLS

From compiling and installing Postfix to troubleshooting, Postfix: The Definitive Guide offers system administrators and anyone who deals with Postfix an all-in-one, comprehensive tutorial and reference to this MTA.

Table of Contents

  1. Postfix: The Definitive Guide
    1. SPECIAL OFFER: Upgrade this ebook with O’Reilly
    2. Foreword
    3. Preface
      1. Audience
      2. Organization
      3. Conventions Used in This Book
      4. Comments and Questions
      5. Acknowledgments
    4. 1. Introduction
      1. 1.1. Postfix Origins and Philosophy
      2. 1.2. Email and the Internet
        1. 1.2.1. Email Components
        2. 1.2.2. Major Email Protocols
          1. 1.2.2.1. SMTP and email submission
          2. 1.2.2.2. POP/IMAP and mailbox access
      3. 1.3. The Role of Postfix
      4. 1.4. Postfix Security
        1. 1.4.1. Modular Design
        2. 1.4.2. Shells and Processes
        3. 1.4.3. Security by Design
      5. 1.5. Additional Information and How to Obtain Postfix
    5. 2. Prerequisites
      1. 2.1. Unix Topics
        1. 2.1.1. Login Names and UID Numbers
        2. 2.1.2. Pseudo-Accounts
        3. 2.1.3. Standard Input/Standard Output
        4. 2.1.4. The Superuser
        5. 2.1.5. Command Prompts
        6. 2.1.6. Long Lines
        7. 2.1.7. ManPages
      2. 2.2. Email Topics
        1. 2.2.1. RFCs
        2. 2.2.2. Email Agents
        3. 2.2.3. The Postmaster
        4. 2.2.4. Reject or Bounce
        5. 2.2.5. Envelope Addresses and Message Headers
        6. 2.2.6. Local Parts of Email Addresses
        7. 2.2.7. Email Message Format
          1. 2.2.7.1. RFC 2822 messages
        8. 2.2.8. The SMTP Protocol
    6. 3. Postfix Architecture
      1. 3.1. Postfix Components
      2. 3.2. How Messages Enter the Postfix System
        1. 3.2.1. Local Email Submission
        2. 3.2.2. Email from the Network
        3. 3.2.3. Postfix Email Notifications
        4. 3.2.4. Email Forwarding
      3. 3.3. The Postfix Queue
      4. 3.4. Mail Delivery
        1. 3.4.1. Local Delivery
        2. 3.4.2. Virtual Alias Messages
        3. 3.4.3. Virtual Mailbox Messages
        4. 3.4.4. Relay Messages
        5. 3.4.5. Other Messages
        6. 3.4.6. Other Delivery Agents
          1. 3.4.6.1. Delivery via LMTP
          2. 3.4.6.2. Pipe delivery
      5. 3.5. Tracing a Message Through Postfix
    7. 4. General Configuration and Administration
      1. 4.1. Starting Postfix the First Time
      2. 4.2. Configuration Files
        1. 4.2.1. The main.cf Configuration File
          1. 4.2.1.1. Line continuation
          2. 4.2.1.2. Configuration variables
          3. 4.2.1.3. Multiple values
        2. 4.2.2. Lookup Tables
          1. 4.2.2.1. Lookup table format
          2. 4.2.2.2. Database formats
          3. 4.2.2.3. Search order
          4. 4.2.2.4. Lookup tables and simple lists
          5. 4.2.2.5. Regular expression tables
        3. 4.2.3. Other Formats
        4. 4.2.4. Alias Files
          1. 4.2.4.1. Locating aliases
          2. 4.2.4.2. Building alias database files
          3. 4.2.4.3. Alias file format
          4. 4.2.4.4. Alias restrictions
          5. 4.2.4.5. Important aliases
      3. 4.3. Important Configuration Considerations
        1. 4.3.1. Configuring Your MTA Identity
          1. 4.3.1.1. myhostname and mydomain
          2. 4.3.1.2. myorigin
          3. 4.3.1.3. mydestination
        2. 4.3.2. Relay Control
          1. 4.3.2.1. Restricting relay access
          2. 4.3.2.2. SMTP authentication
          3. 4.3.2.3. Dynamic IP solutions
          4. 4.3.2.4. Certificate authentication
      4. 4.4. Administration
        1. 4.4.1. Logging
        2. 4.4.2. Starting, Stopping, and Reloading Postfix
        3. 4.4.3. Running Postfix at System Startup
          1. 4.4.3.1. Do it yourself
        4. 4.4.4. Queue Management
      5. 4.5. master.cf
      6. 4.6. Receiving Limits
      7. 4.7. Rewriting Addresses
        1. 4.7.1. Canonical Addresses
        2. 4.7.2. Masquerading Hostnames
        3. 4.7.3. Relocated Users
        4. 4.7.4. Unknown Users
      8. 4.8. chroot
      9. 4.9. Documentation
    8. 5. Queue Management
      1. 5.1. How qmgr Works
        1. 5.1.1. Deferred Mail
        2. 5.1.2. Queue Scheduling
        3. 5.1.3. Message Delivery
        4. 5.1.4. Corrupt Messages
        5. 5.1.5. Error Notifications
      2. 5.2. Queue Tools
        1. 5.2.1. Listing the Queue
        2. 5.2.2. Deleting Messages
        3. 5.2.3. Holding Messages
        4. 5.2.4. Requeuing Messages
        5. 5.2.5. Displaying Messages
        6. 5.2.6. Flushing Messages
    9. 6. Email and DNS
      1. 6.1. DNS Overview
      2. 6.2. Email Routing
      3. 6.3. Postfix and DNS
        1. 6.3.1. DNS and Sending Mail
          1. 6.3.1.1. Configuration options
          2. 6.3.1.2. Reverse PTR records
        2. 6.3.2. DNS and Receiving Mail
      4. 6.4. Common Problems
    10. 7. Local Delivery and POP/IMAP
      1. 7.1. Postfix Delivery Transports
      2. 7.2. Message Store Formats
        1. 7.2.1. The Mbox Format
        2. 7.2.2. The Maildir Format
        3. 7.2.3. Mbox Versus Maildir
      3. 7.3. Local Delivery
        1. 7.3.1. .forward Files
        2. 7.3.2. Alias Deliveries
        3. 7.3.3. Mailbox Delivery
      4. 7.4. POP and IMAP
        1. 7.4.1. POP Versus IMAP
        2. 7.4.2. Postfix and POP/IMAP Servers
      5. 7.5. Local Mail Transfer Protocol
        1. 7.5.1. Postfix and Cyrus IMAP
        2. 7.5.2. A Postfix and Cyrus IMAP Example
    11. 8. Hosting Multiple Domains
      1. 8.1. Shared Domains with System Accounts
      2. 8.2. Separate Domains with System Accounts
      3. 8.3. Separate Domains with Virtual Accounts
        1. 8.3.1. Mailbox File Ownership
        2. 8.3.2. Virtual Aliases
        3. 8.3.3. Catchall Addresses
          1. 8.3.3.1. Virtual mailbox catchall
          2. 8.3.3.2. Virtual alias catchall
      4. 8.4. Separate Message Store
      5. 8.5. Delivery to Commands
        1. 8.5.1. Configuring a Virtual Auto-Responder
        2. 8.5.2. Configuring a Virtual Mailing List Manager
    12. 9. Mail Relaying
      1. 9.1. Backup MX
        1. 9.1.1. Relay Recipients
        2. 9.1.2. Fast Flushing
      2. 9.2. Transport Maps
        1. 9.2.1. Postponing Mail Delivery
          1. 9.2.1.1. Deferring mail relay
          2. 9.2.1.2. Deferring delivery
      3. 9.3. Inbound Mail Gateway
      4. 9.4. Outbound Mail Relay
      5. 9.5. UUCP, Fax, and Other Deliveries
    13. 10. Mailing Lists
      1. 10.1. Simple Mailing Lists
        1. 10.1.1. Mailing-List Owners
        2. 10.1.2. Separate List Files
        3. 10.1.3. Additional Alias Files
        4. 10.1.4. Creating a Simple Mailing List
        5. 10.1.5. Testing Your List
      2. 10.2. Mailing-List Managers
        1. 10.2.1. Majordomo
          1. 10.2.1.1. Creating a Majordomo list
          2. 10.2.1.2. Potential problems
        2. 10.2.2. Mailman
          1. 10.2.2.1. Creating a Mailman list
    14. 11. Blocking Unsolicited Bulk Email
      1. 11.1. The Nature of Spam
      2. 11.2. The Problem of Spam
      3. 11.3. Open Relays
      4. 11.4. Spam Detection
        1. 11.4.1. Client-Based Spam Detection
          1. 11.4.1.1. DNS-based blacklists
        2. 11.4.2. Content-Based Spam Detection
        3. 11.4.3. Detection Difficulties
      5. 11.5. Anti-Spam Actions
      6. 11.6. Postfix Configuration
      7. 11.7. Client-Detection Rules
        1. 11.7.1. The SMTP Conversation (Briefly)
        2. 11.7.2. Listing Restrictions
          1. 11.7.2.1. How restrictions work
          2. 11.7.2.2. Testing new restrictions
          3. 11.7.2.3. A simple example
        3. 11.7.3. Restriction Definitions
          1. 11.7.3.1. Access maps
          2. 11.7.3.2. Other client-checking restrictions
          3. 11.7.3.3. Strict syntax restrictions
          4. 11.7.3.4. DNS restrictions
          5. 11.7.3.5. Real-time blacklists
          6. 11.7.3.6. Generic restrictions
        4. 11.7.4. Tracing a Restriction List
      8. 11.8. Strict Syntax Parameters
      9. 11.9. Content-Checking
        1. 11.9.1. Content Checking Configuration
        2. 11.9.2. Content Checking Actions
        3. 11.9.3. Comparing Patterns
      10. 11.10. Customized Restriction Classes
        1. 11.10.1. Sample Restriction Classes
      11. 11.11. Postfix Anti-Spam Example
    15. 12. SASL Authentication
      1. 12.1. SASL Overview
        1. 12.1.1. Choosing an Authentication Mechanism
        2. 12.1.2. Choosing an Authentication Framework
      2. 12.2. Postfix and SASL
      3. 12.3. Configuring Postfix for SASL
        1. 12.3.1. Specifying a Framework
          1. 12.3.1.1. Unix passwords
          2. 12.3.1.2. SASL passwords
        2. 12.3.2. Configuring Postfix
          1. 12.3.2.1. Enabling SASL
          2. 12.3.2.2. Preventing sender spoofing
          3. 12.3.2.3. Permitting authenticated users
          4. 12.3.2.4. Specifying mechanisms
        3. 12.3.3. Configuration Summary
      4. 12.4. Testing Your Authentication Configuration
      5. 12.5. SMTP Client Authentication
        1. 12.5.1. Procedure to Enable SMTP Client Authentication
    16. 13. Transport Layer Security
      1. 13.1. Postfix and TLS
      2. 13.2. TLS Certificates
        1. 13.2.1. Becoming a CA
        2. 13.2.2. Generating Server Certificates
        3. 13.2.3. Installing CA Certificates
        4. 13.2.4. Postfix/TLS Configuration
        5. 13.2.5. Postfix/TLS Configuration Summary
        6. 13.2.6. Requiring Client-Side Certificates
          1. 13.2.6.1. Creating client certificates
          2. 13.2.6.2. Configuring client-side certificate authentication
        7. 13.2.7. Configuring TLS/SMTP Client
    17. 14. Content Filtering
      1. 14.1. Command-Based Filtering
        1. 14.1.1. Configuration
      2. 14.2. Daemon-Based Filtering
        1. 14.2.1. Configuration
          1. 14.2.1.1. Creating a pseudoaccount
          2. 14.2.1.2. Installing a content filter
          3. 14.2.1.3. Configuring additional Postfix components
          4. 14.2.1.4. Turning on filtering
        2. 14.2.2. Daemon-Based Filter Example
      3. 14.3. Other Considerations
    18. 15. External Databases
      1. 15.1. MySQL
        1. 15.1.1. MySQL Configuration
          1. 15.1.1.1. MySQL parameters
        2. 15.1.2. MySQL Example
          1. 15.1.2.1. Configuring local_recipient_maps
          2. 15.1.2.2. Configuring alias_maps
          3. 15.1.2.3. Configuring virtual domains
      2. 15.2. LDAP
        1. 15.2.1. LDAP Configuration
        2. 15.2.2. LDAP Example
          1. 15.2.2.1. Configuring local_recipient_maps
          2. 15.2.2.2. Configuring transport_maps
    19. A. Configuration Parameters
      1. A.1. Postfix Parameter Reference
        1. 2bounce_notice_recipient
        2. access_map_reject_code
        3. alias_maps
        4. allow_mail_to_files
        5. allow_percent_hack
        6. alternate_config_directories
        7. append_at_myorigin
        8. authorized_verp_clients
        9. berkeley_db_read_buffer_size
        10. biff
        11. body_checks_size_limit
        12. bounce_service_name
        13. canonical_maps
        14. command_directory
        15. command_time_limit
        16. content_filter
        17. daemon_timeout
        18. debug_peer_list
        19. default_destination_concurrency_limit
        20. default_extra_recipient_limit
        21. default_process_limit
        22. default_recipient_limit
        23. default_verp_delimiters
        24. defer_service_name
        25. delay_notice_recipient
        26. deliver_lock_attempts
        27. disable_dns_lookups
        28. disable_mime_output_conversion
        29. disable_vrfy_command
        30. double_bounce_sender
        31. empty_address_recipient
        32. error_service_name
        33. export_environment
        34. fallback_relay
        35. fast_flush_domains
        36. fast_flush_refresh_time
        37. fork_attempts
        38. forward_expansion_filter
        39. hash_queue_depth
        40. header_address_token_limit
        41. header_size_limit
        42. home_mailbox
        43. ignore_mx_lookup_error
        44. in_flow_delay
        45. initial_destination_concurrency
        46. ipc_idle
        47. line_length_limit
        48. lmtp_connect_timeout
        49. lmtp_data_init_timeout
        50. lmtp_lhlo_timeout
        51. lmtp_quit_timeout
        52. lmtp_rset_timeout
        53. lmtp_tcp_port
        54. local_destination_concurrency_limit
        55. local_recipient_maps
        56. luser_relay
        57. mail_owner
        58. mail_spool_directory
        59. mailbox_command
        60. mailbox_delivery_lock
        61. mailbox_transport
        62. manpage_directory
        63. masquerade_domains
        64. max_idle
        65. maximal_backoff_time
        66. message_size_limit
        67. mime_header_checks
        68. minimal_backoff_time
        69. mydomain
        70. mynetworks
        71. myorigin
        72. newaliases_path
        73. notify_classes
        74. parent_domain_matches_subdomains
        75. pickup_service_name
        76. process_id_directory
        77. proxy_interfaces
        78. qmgr_clog_warn_time
        79. qmgr_message_active_limit
        80. qmgr_message_recipient_minimum
        81. qmqpd_error_delay
        82. queue_directory
        83. queue_run_delay
        84. rbl_reply_maps
        85. recipient_canonical_maps
        86. reject_code
        87. relay_domains_reject_code
        88. relay_transport
        89. relocated_maps
        90. resolve_dequoted_address
        91. sample_directory
        92. sendmail_path
        93. setgid_group
        94. showq_service_name
        95. smtp_bind_address
        96. smtp_data_done_timeout
        97. smtp_data_xfer_timeout
        98. smtp_destination_recipient_limit
        99. smtp_helo_timeout
        100. smtp_mail_timeout
        101. smtp_pix_workaround_delay_time
        102. smtp_quit_timeout
        103. smtp_rcpt_timeout
        104. smtp_skip_5xx_greeting
        105. smtpd_banner
        106. smtpd_data_restrictions
        107. smtpd_error_sleep_time
        108. smtpd_expansion_filter
        109. smtpd_helo_required
        110. smtpd_history_flush_threshold
        111. smtpd_noop_commands
        112. smtpd_recipient_limit
        113. smtpd_restriction_classes
        114. smtpd_soft_error_limit
        115. soft_bounce
        116. strict_7bit_headers
        117. strict_8bitmime_body
        118. strict_rfc821_envelopes
        119. swap_bangpath
        120. syslog_name
        121. transport_retry_time
        122. undisclosed_recipients_header
        123. unknown_client_reject_code
        124. unknown_local_recipient_reject_code
        125. unknown_virtual_alias_reject_code
        126. verp_delimiter_filter
        127. virtual_alias_maps
        128. virtual_mailbox_base
        129. virtual_mailbox_limit
        130. virtual_mailbox_maps
        131. virtual_transport
    20. B. Postfix Commands
    21. C. Compiling and Installing Postfix
      1. C.1. Obtaining Postfix
      2. C.2. Postfix Compiling Primer
        1. C.2.1. Compiler Options
        2. C.2.2. Linker Options
      3. C.3. Building Postfix
        1. C.3.1. Customizing Your Build
        2. C.3.2. Modifying Postfix Defaults
      4. C.4. Installation
        1. C.4.1. Upgrading
      5. C.5. Compiling Add-on Packages
        1. C.5.1. Cyrus SASL
        2. C.5.2. TLS
        3. C.5.3. MySQL
        4. C.5.4. LDAP
      6. C.6. Common Problems
        1. C.6.1. Compile Time
        2. C.6.2. Runtime
      7. C.7. Wrapping Things Up
    22. D. Frequently Asked Questions
    23. Index
    24. About the Author
    25. Colophon
    26. SPECIAL OFFER: Upgrade this ebook with O’Reilly