KBTAG: kben10000143
URL: http://www.securityportal.com/lskb/10000100/kben10000143.html
Date created: 08/08/2000
Date modified: 10/08/2000
Date removed:
Authors(s): Kurt Seifried seifried@securityportal.com
Topic: Postfix mail server
Keywords: Network/Email
Postfix is a mail transfer agent (MTA) aimed at security, speed, ease of configuration, generally things Sendmail fails miserably at. I would highly recommend replacing Sendmail with Postfix.
The only portion of Postfix that runs as root is a master control program, aptly called master, it calls several other programs to process mail to the queue (pickup), a program to manage the queue, wait for incoming connections, deferred mail delivers and so on (qmgr), a program to actually send and receive the mail (smtpd) and so on. Each part of Postfix is very well thought out, and usually does one or two tasks, very well. For example instead of the sendmail model where queued mail simply gets dumped into /var/spool/mqueue, in Postfix there is a world accessible directory called maildrop which is checked by pickup, which feeds the data to cleanup which moves the mail (if its properly formatted and so on) to a secure queue directory for actual processing.
The primary configuration files are held in /etc/postfix, and there are several primary configuration files you must have:
master.cf
Controls the behavior of the various helper programs, are they chrooted, maximum number of processes they may run and so forth. Its probably best to leave the defaults on most mail servers unless you need to do some tuning for high loads or securing the server (i.e. chrooting it).
main.cf
This file is as close to sendmail.cf as you will get (for purpose, as for layout its quite different). It is well commented and sets all the major variables, and the locations and format of various files containing information such as virtual user mappings and related information.
Here is a list of variables and file locations you will typically have to set, the /etc/postfix/main.cf file is usually heavily commented. Please note the following examples of main.cf entries are not a complete main.cf.
# what is the machines hostname? myhostname = mail.example.org
# what is the domain name? mydomain = example.org
# what do I label mail as from? myorigin = $mydomain
# which interfaces do I run on? All of them usually. inet_interfaces = all
# a file containing a list of host names and fully qualified domains names I # receive mail for, usually they are listed like: # mydestination = localhost, $myhostname, etc # but I much prefer to keep them listed in a file. mydestination = /etc/postfix/mydestination
# map of incoming usernames. man 5 virtual virtual_maps = hash:/etc/postfix/virtual
# alias mappings (like /etc/aliases in sendmail), man 5 aliases alias_maps = hash:/etc/postfix/aliases
# alias database, you might have different settings. man 5 aliases alias_database = hash:/etc/postfix/aliases
# where to deliver email, Mailbox format or Maildir (traditional /var/spool/mail). home_mailbox = Maildir/
# where to keep mail, usually /var/spool/mail/ but you can easily change it mail_spool_directory = /var/spool/mail
# what command do we use to deliver email? /usr/bin/procmail is the default but if # you want to use scanmail which is the AMaViS anti-virus tie in software simply put: mailbox_command = /usr/sbin/scanmails
# who do I relay email for, again you can list them, or keep them in a file (one # per line). relay_domains = /etc/postfix/relaydomains
# list of local networks (by default we relay mail for these hosts). mynetworks = 10.0.0.0/24, 127.0.0.0/8
# what do we display to people connecting to port 25? By default it displays the # version number which I do not. smtpd_banner = $myhostname ESMTP $mail_name
Generally speaking any files that simply list one item per line (like /etc/postfix/mydestination or /etc/postfix/relaydomains) are usually just stored as a flat text file. Files that contain mappings (i.e. aliases, where you have entries like root: someuser) should be turned into hashed database files for speed (you can specify the type of file as hash, dbm, etc.).
You can also limit message sizes with:
message_size_limit = 2048000
where the number is simply the size in bytes.
Like most IBM products, Postfix has a very funky license, but appears to be mostly open source and free.
Postfix is available at: http://www.postfix.org/. You can binary postfix packages from:
ftp://contrib.redhat.com/contrib/libc6/i386/
ftp://ftp.debian.org/pub/debian/dists/potato/main/binary-i386/mail/
ftp://ftp.suse.com/pub/suse/i386/6.2/suse/n1/