Cover image for Postfix: The Definitive Guide

Book Description

Postfix is a Mail Transfer Agent (MTA): software that mail servers use to route email. Postfix is highly respected by experts for its secure design and tremendous reliability. And new users like it because it's so simple to configure. In fact, Postfix has been adopted as the default MTA on Mac OS X. It is also compatible with sendmail, so that existing scripts and programs continue to work seamlessly after it is installed. Postfix was written by well-known security expert Wietse Venema, who reviewed this book intensively during its entire development. Author Kyle Dent covers a wide range of Postfix tasks, from virtual hosting to controls for unsolicited commercial email. While basic configuration of Postfix is easy, every site has unique needs that call for a certain amount of study. This book, with careful background explanations and generous examples, eases readers from the basic configuration to the full power of Postfix. It discusses the Postfix interfaces to various tools that round out a fully scalable and highly secure email system. These tools include POP, IMAP, LDAP, MySQL, Simple Authentication and Security Layer (SASL), and Transport Layer Security (TLS, an upgrade of SSL). A reference section for Postfix configuration parameters and an installation guide are included. Topics include:

  • Basic installation and configuration

  • DNS configuration for email

  • Working with POP/IMAP servers

  • Hosting multiple domains (virtual hosting)

  • Mailing lists

  • Handling unsolicited email (spam blocking)

  • Security through SASL and TLS

  • From compiling and installing Postfix to troubleshooting, Postfix: The Definitive Guide offers system administrators and anyone who deals with Postfix an all-in-one, comprehensive tutorial and reference to this MTA.

    Table of Contents

    1. Postfix: The Definitive Guide
      1. SPECIAL OFFER: Upgrade this ebook with O’Reilly
      2. Foreword
      3. Preface
        1. Audience
        2. Organization
        3. Conventions Used in This Book
        4. Comments and Questions
        5. Acknowledgments
      4. 1. Introduction
        1. 1.1. Postfix Origins and Philosophy
        2. 1.2. Email and the Internet
          1. 1.2.1. Email Components
          2. 1.2.2. Major Email Protocols
            1. 1.2.2.1. SMTP and email submission
            2. 1.2.2.2. POP/IMAP and mailbox access
        3. 1.3. The Role of Postfix
        4. 1.4. Postfix Security
          1. 1.4.1. Modular Design
          2. 1.4.2. Shells and Processes
          3. 1.4.3. Security by Design
        5. 1.5. Additional Information and How to Obtain Postfix
      5. 2. Prerequisites
        1. 2.1. Unix Topics
          1. 2.1.1. Login Names and UID Numbers
          2. 2.1.2. Pseudo-Accounts
          3. 2.1.3. Standard Input/Standard Output
          4. 2.1.4. The Superuser
          5. 2.1.5. Command Prompts
          6. 2.1.6. Long Lines
          7. 2.1.7. ManPages
        2. 2.2. Email Topics
          1. 2.2.1. RFCs
          2. 2.2.2. Email Agents
          3. 2.2.3. The Postmaster
          4. 2.2.4. Reject or Bounce
          5. 2.2.5. Envelope Addresses and Message Headers
          6. 2.2.6. Local Parts of Email Addresses
          7. 2.2.7. Email Message Format
            1. 2.2.7.1. RFC 2822 messages
          8. 2.2.8. The SMTP Protocol
      6. 3. Postfix Architecture
        1. 3.1. Postfix Components
        2. 3.2. How Messages Enter the Postfix System
          1. 3.2.1. Local Email Submission
          2. 3.2.2. Email from the Network
          3. 3.2.3. Postfix Email Notifications
          4. 3.2.4. Email Forwarding
        3. 3.3. The Postfix Queue
        4. 3.4. Mail Delivery
          1. 3.4.1. Local Delivery
          2. 3.4.2. Virtual Alias Messages
          3. 3.4.3. Virtual Mailbox Messages
          4. 3.4.4. Relay Messages
          5. 3.4.5. Other Messages
          6. 3.4.6. Other Delivery Agents
            1. 3.4.6.1. Delivery via LMTP
            2. 3.4.6.2. Pipe delivery
        5. 3.5. Tracing a Message Through Postfix
      7. 4. General Configuration and Administration
        1. 4.1. Starting Postfix the First Time
        2. 4.2. Configuration Files
          1. 4.2.1. The main.cf Configuration File
            1. 4.2.1.1. Line continuation
            2. 4.2.1.2. Configuration variables
            3. 4.2.1.3. Multiple values
          2. 4.2.2. Lookup Tables
            1. 4.2.2.1. Lookup table format
            2. 4.2.2.2. Database formats
            3. 4.2.2.3. Search order
            4. 4.2.2.4. Lookup tables and simple lists
            5. 4.2.2.5. Regular expression tables
          3. 4.2.3. Other Formats
          4. 4.2.4. Alias Files
            1. 4.2.4.1. Locating aliases
            2. 4.2.4.2. Building alias database files
            3. 4.2.4.3. Alias file format
            4. 4.2.4.4. Alias restrictions
            5. 4.2.4.5. Important aliases
        3. 4.3. Important Configuration Considerations
          1. 4.3.1. Configuring Your MTA Identity
            1. 4.3.1.1. myhostname and mydomain
            2. 4.3.1.2. myorigin
            3. 4.3.1.3. mydestination
          2. 4.3.2. Relay Control
            1. 4.3.2.1. Restricting relay access
            2. 4.3.2.2. SMTP authentication
            3. 4.3.2.3. Dynamic IP solutions
            4. 4.3.2.4. Certificate authentication
        4. 4.4. Administration
          1. 4.4.1. Logging
          2. 4.4.2. Starting, Stopping, and Reloading Postfix
          3. 4.4.3. Running Postfix at System Startup
            1. 4.4.3.1. Do it yourself
          4. 4.4.4. Queue Management
        5. 4.5. master.cf
        6. 4.6. Receiving Limits
        7. 4.7. Rewriting Addresses
          1. 4.7.1. Canonical Addresses
          2. 4.7.2. Masquerading Hostnames
          3. 4.7.3. Relocated Users
          4. 4.7.4. Unknown Users
        8. 4.8. chroot
        9. 4.9. Documentation
      8. 5. Queue Management
        1. 5.1. How qmgr Works
          1. 5.1.1. Deferred Mail
          2. 5.1.2. Queue Scheduling
          3. 5.1.3. Message Delivery
          4. 5.1.4. Corrupt Messages
          5. 5.1.5. Error Notifications
        2. 5.2. Queue Tools
          1. 5.2.1. Listing the Queue
          2. 5.2.2. Deleting Messages
          3. 5.2.3. Holding Messages
          4. 5.2.4. Requeuing Messages
          5. 5.2.5. Displaying Messages
          6. 5.2.6. Flushing Messages
      9. 6. Email and DNS
        1. 6.1. DNS Overview
        2. 6.2. Email Routing
        3. 6.3. Postfix and DNS
          1. 6.3.1. DNS and Sending Mail
            1. 6.3.1.1. Configuration options
            2. 6.3.1.2. Reverse PTR records
          2. 6.3.2. DNS and Receiving Mail
        4. 6.4. Common Problems
      10. 7. Local Delivery and POP/IMAP
        1. 7.1. Postfix Delivery Transports
        2. 7.2. Message Store Formats
          1. 7.2.1. The Mbox Format
          2. 7.2.2. The Maildir Format
          3. 7.2.3. Mbox Versus Maildir
        3. 7.3. Local Delivery
          1. 7.3.1. .forward Files
          2. 7.3.2. Alias Deliveries
          3. 7.3.3. Mailbox Delivery
        4. 7.4. POP and IMAP
          1. 7.4.1. POP Versus IMAP
          2. 7.4.2. Postfix and POP/IMAP Servers
        5. 7.5. Local Mail Transfer Protocol
          1. 7.5.1. Postfix and Cyrus IMAP
          2. 7.5.2. A Postfix and Cyrus IMAP Example
      11. 8. Hosting Multiple Domains
        1. 8.1. Shared Domains with System Accounts
        2. 8.2. Separate Domains with System Accounts
        3. 8.3. Separate Domains with Virtual Accounts
          1. 8.3.1. Mailbox File Ownership
          2. 8.3.2. Virtual Aliases
          3. 8.3.3. Catchall Addresses
            1. 8.3.3.1. Virtual mailbox catchall
            2. 8.3.3.2. Virtual alias catchall
        4. 8.4. Separate Message Store
        5. 8.5. Delivery to Commands
          1. 8.5.1. Configuring a Virtual Auto-Responder
          2. 8.5.2. Configuring a Virtual Mailing List Manager
      12. 9. Mail Relaying
        1. 9.1. Backup MX
          1. 9.1.1. Relay Recipients
          2. 9.1.2. Fast Flushing
        2. 9.2. Transport Maps
          1. 9.2.1. Postponing Mail Delivery
            1. 9.2.1.1. Deferring mail relay
            2. 9.2.1.2. Deferring delivery
        3. 9.3. Inbound Mail Gateway
        4. 9.4. Outbound Mail Relay
        5. 9.5. UUCP, Fax, and Other Deliveries
      13. 10. Mailing Lists
        1. 10.1. Simple Mailing Lists
          1. 10.1.1. Mailing-List Owners
          2. 10.1.2. Separate List Files
          3. 10.1.3. Additional Alias Files
          4. 10.1.4. Creating a Simple Mailing List
          5. 10.1.5. Testing Your List
        2. 10.2. Mailing-List Managers
          1. 10.2.1. Majordomo
            1. 10.2.1.1. Creating a Majordomo list
            2. 10.2.1.2. Potential problems
          2. 10.2.2. Mailman
            1. 10.2.2.1. Creating a Mailman list
      14. 11. Blocking Unsolicited Bulk Email
        1. 11.1. The Nature of Spam
        2. 11.2. The Problem of Spam
        3. 11.3. Open Relays
        4. 11.4. Spam Detection
          1. 11.4.1. Client-Based Spam Detection
            1. 11.4.1.1. DNS-based blacklists
          2. 11.4.2. Content-Based Spam Detection
          3. 11.4.3. Detection Difficulties
        5. 11.5. Anti-Spam Actions
        6. 11.6. Postfix Configuration
        7. 11.7. Client-Detection Rules
          1. 11.7.1. The SMTP Conversation (Briefly)
          2. 11.7.2. Listing Restrictions
            1. 11.7.2.1. How restrictions work
            2. 11.7.2.2. Testing new restrictions
            3. 11.7.2.3. A simple example
          3. 11.7.3. Restriction Definitions
            1. 11.7.3.1. Access maps
            2. 11.7.3.2. Other client-checking restrictions
            3. 11.7.3.3. Strict syntax restrictions
            4. 11.7.3.4. DNS restrictions
            5. 11.7.3.5. Real-time blacklists
            6. 11.7.3.6. Generic restrictions
          4. 11.7.4. Tracing a Restriction List
        8. 11.8. Strict Syntax Parameters
        9. 11.9. Content-Checking
          1. 11.9.1. Content Checking Configuration
          2. 11.9.2. Content Checking Actions
          3. 11.9.3. Comparing Patterns
        10. 11.10. Customized Restriction Classes
          1. 11.10.1. Sample Restriction Classes
        11. 11.11. Postfix Anti-Spam Example
      15. 12. SASL Authentication
        1. 12.1. SASL Overview
          1. 12.1.1. Choosing an Authentication Mechanism
          2. 12.1.2. Choosing an Authentication Framework
        2. 12.2. Postfix and SASL
        3. 12.3. Configuring Postfix for SASL
          1. 12.3.1. Specifying a Framework
            1. 12.3.1.1. Unix passwords
            2. 12.3.1.2. SASL passwords
          2. 12.3.2. Configuring Postfix
            1. 12.3.2.1. Enabling SASL
            2. 12.3.2.2. Preventing sender spoofing
            3. 12.3.2.3. Permitting authenticated users
            4. 12.3.2.4. Specifying mechanisms
          3. 12.3.3. Configuration Summary
        4. 12.4. Testing Your Authentication Configuration
        5. 12.5. SMTP Client Authentication
          1. 12.5.1. Procedure to Enable SMTP Client Authentication
      16. 13. Transport Layer Security
        1. 13.1. Postfix and TLS
        2. 13.2. TLS Certificates
          1. 13.2.1. Becoming a CA
          2. 13.2.2. Generating Server Certificates
          3. 13.2.3. Installing CA Certificates
          4. 13.2.4. Postfix/TLS Configuration
          5. 13.2.5. Postfix/TLS Configuration Summary
          6. 13.2.6. Requiring Client-Side Certificates
            1. 13.2.6.1. Creating client certificates
            2. 13.2.6.2. Configuring client-side certificate authentication
          7. 13.2.7. Configuring TLS/SMTP Client
      17. 14. Content Filtering
        1. 14.1. Command-Based Filtering
          1. 14.1.1. Configuration
        2. 14.2. Daemon-Based Filtering
          1. 14.2.1. Configuration
            1. 14.2.1.1. Creating a pseudoaccount
            2. 14.2.1.2. Installing a content filter
            3. 14.2.1.3. Configuring additional Postfix components
            4. 14.2.1.4. Turning on filtering
          2. 14.2.2. Daemon-Based Filter Example
        3. 14.3. Other Considerations
      18. 15. External Databases
        1. 15.1. MySQL
          1. 15.1.1. MySQL Configuration
            1. 15.1.1.1. MySQL parameters
          2. 15.1.2. MySQL Example
            1. 15.1.2.1. Configuring local_recipient_maps
            2. 15.1.2.2. Configuring alias_maps
            3. 15.1.2.3. Configuring virtual domains
        2. 15.2. LDAP
          1. 15.2.1. LDAP Configuration
          2. 15.2.2. LDAP Example
            1. 15.2.2.1. Configuring local_recipient_maps
            2. 15.2.2.2. Configuring transport_maps
      19. A. Configuration Parameters
        1. A.1. Postfix Parameter Reference
          1. 2bounce_notice_recipient
          2. access_map_reject_code
          3. alias_maps
          4. allow_mail_to_files
          5. allow_percent_hack
          6. alternate_config_directories
          7. append_at_myorigin
          8. authorized_verp_clients
          9. berkeley_db_read_buffer_size
          10. biff
          11. body_checks_size_limit
          12. bounce_service_name
          13. canonical_maps
          14. command_directory
          15. command_time_limit
          16. content_filter
          17. daemon_timeout
          18. debug_peer_list
          19. default_destination_concurrency_limit
          20. default_extra_recipient_limit
          21. default_process_limit
          22. default_recipient_limit
          23. default_verp_delimiters
          24. defer_service_name
          25. delay_notice_recipient
          26. deliver_lock_attempts
          27. disable_dns_lookups
          28. disable_mime_output_conversion
          29. disable_vrfy_command
          30. double_bounce_sender
          31. empty_address_recipient
          32. error_service_name
          33. export_environment
          34. fallback_relay
          35. fast_flush_domains
          36. fast_flush_refresh_time
          37. fork_attempts
          38. forward_expansion_filter
          39. hash_queue_depth
          40. header_address_token_limit
          41. header_size_limit
          42. home_mailbox
          43. ignore_mx_lookup_error
          44. in_flow_delay
          45. initial_destination_concurrency
          46. ipc_idle
          47. line_length_limit
          48. lmtp_connect_timeout
          49. lmtp_data_init_timeout
          50. lmtp_lhlo_timeout
          51. lmtp_quit_timeout
          52. lmtp_rset_timeout
          53. lmtp_tcp_port
          54. local_destination_concurrency_limit
          55. local_recipient_maps
          56. luser_relay
          57. mail_owner
          58. mail_spool_directory
          59. mailbox_command
          60. mailbox_delivery_lock
          61. mailbox_transport
          62. manpage_directory
          63. masquerade_domains
          64. max_idle
          65. maximal_backoff_time
          66. message_size_limit
          67. mime_header_checks
          68. minimal_backoff_time
          69. mydomain
          70. mynetworks
          71. myorigin
          72. newaliases_path
          73. notify_classes
          74. parent_domain_matches_subdomains
          75. pickup_service_name
          76. process_id_directory
          77. proxy_interfaces
          78. qmgr_clog_warn_time
          79. qmgr_message_active_limit
          80. qmgr_message_recipient_minimum
          81. qmqpd_error_delay
          82. queue_directory
          83. queue_run_delay
          84. rbl_reply_maps
          85. recipient_canonical_maps
          86. reject_code
          87. relay_domains_reject_code
          88. relay_transport
          89. relocated_maps
          90. resolve_dequoted_address
          91. sample_directory
          92. sendmail_path
          93. setgid_group
          94. showq_service_name
          95. smtp_bind_address
          96. smtp_data_done_timeout
          97. smtp_data_xfer_timeout
          98. smtp_destination_recipient_limit
          99. smtp_helo_timeout
          100. smtp_mail_timeout
          101. smtp_pix_workaround_delay_time
          102. smtp_quit_timeout
          103. smtp_rcpt_timeout
          104. smtp_skip_5xx_greeting
          105. smtpd_banner
          106. smtpd_data_restrictions
          107. smtpd_error_sleep_time
          108. smtpd_expansion_filter
          109. smtpd_helo_required
          110. smtpd_history_flush_threshold
          111. smtpd_noop_commands
          112. smtpd_recipient_limit
          113. smtpd_restriction_classes
          114. smtpd_soft_error_limit
          115. soft_bounce
          116. strict_7bit_headers
          117. strict_8bitmime_body
          118. strict_rfc821_envelopes
          119. swap_bangpath
          120. syslog_name
          121. transport_retry_time
          122. undisclosed_recipients_header
          123. unknown_client_reject_code
          124. unknown_local_recipient_reject_code
          125. unknown_virtual_alias_reject_code
          126. verp_delimiter_filter
          127. virtual_alias_maps
          128. virtual_mailbox_base
          129. virtual_mailbox_limit
          130. virtual_mailbox_maps
          131. virtual_transport
      20. B. Postfix Commands
      21. C. Compiling and Installing Postfix
        1. C.1. Obtaining Postfix
        2. C.2. Postfix Compiling Primer
          1. C.2.1. Compiler Options
          2. C.2.2. Linker Options
        3. C.3. Building Postfix
          1. C.3.1. Customizing Your Build
          2. C.3.2. Modifying Postfix Defaults
        4. C.4. Installation
          1. C.4.1. Upgrading
        5. C.5. Compiling Add-on Packages
          1. C.5.1. Cyrus SASL
          2. C.5.2. TLS
          3. C.5.3. MySQL
          4. C.5.4. LDAP
        6. C.6. Common Problems
          1. C.6.1. Compile Time
          2. C.6.2. Runtime
        7. C.7. Wrapping Things Up
      22. D. Frequently Asked Questions
      23. Index
      24. About the Author
      25. Colophon
      26. SPECIAL OFFER: Upgrade this ebook with O’Reilly