My Blog

I borrowed this article from unixreview.com. It was originally posted by Joe “Zonker” Brockmeier in June of 2005 at www.unixreview.com… The example he lays out works. I was able to send email to my gmail account about 10 minutes later. I didn’t use my own dns server for the MX record though. My domain is registered through yahoo and they allow me to edit my dns records. So I made an entry for my debian server and added the server name to the mx record. This is a real bare-bones install, but a bare-bones install of postfix is often needed by other packages (such as Nagios to name one).

This month, I’ll look at setting up Postfix on a Debian Sarge system. Since “Sarge” is in freeze now, it shouldn’t be too much longer before it’s officially released — even though many of us have been running it for our production systems for some time already.

By default, Debian’s MTA is Exim. I have nothing against Exim, but I also happen to like Postfix. Unfortunately, the documentation for setting up Postfix on Debian is a bit scarce, so I’ll cover the steps I’ve taken. In this month’s column, I’ll cover installing Postfix from Debian packages, configuring Postfix for SMTP authentication, setting up a virtual domain, and also setting up a POP3 daemon. (Note that the POP3 daemon is not actually part of Postfix, but it’s likely something that one would want running all the same.)

Installing Postfix

The beauty part of this is that installing Postfix is dead easy using APT. To start, you’ll want to install the following packages:

* postfix
* postfix-tls
* sasl2-bin
* libsasl2
* libsasl2-modules
* popa3d

To install, run apt-get update to make sure your package lists are up to date. (It doesn’t take long for the package list to get out of sync with the repositories.) Next, run apt-get install packagename for any packages you wish to install.

If you want to see where the package puts all of its files, run dpkg -L packagename. So, for example, to see where Postfix puts all of its files, run “dpkg -L postfix.” This comes in handy quite often. The first file that we’re looking for in this case is main.cf.dist, which is in /usr/share/postfix.

Configuring Postfix

The main Postfix configuration file is, appropriately enough, main.cf. This file is located in /etc/postfix. When you install Postfix from packages, you’ll have a short main.cf, but it won’t be useful for much. The file main.cf.dist distributed with the Postfix packages has many of the possible configuration parameters that are not listed in /etc/postfix/main.cf, though not all of the possible parameters. See the postconf man page for additional configuration parameters.

To start with, the default configuration is pretty bare. It only includes the smtpd_banner, biff, append_dot_mydomain, and delay_warning_time parameters. We’ll add a few additional parameters so that Postfix will operate as a normal mail server and allow users to send and receive mail:

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
myhostname = mail.mydomain.net
mydomain = mydomain.net
myorigin = $mydomain
inet_interfaces = all
mydestination = $mydomain, localhost.$mydomain, localhost
mynetworks = 127.0.0.0/8

If you like, you can edit the smtpd_banner, though it’s not necessary. The append_dot_mydomain value simply tells Postfix that it doesn’t need to append “@mydomain.com” to outgoing mail, because the Mail User Agent (MUA) will usually do this for you.

The myhostname, mydomain, and myorigin parameters should all be fairly self-explanatory. I’ve seen the inet_interfaces parameter trip a few folks, though. If you don’t set this, Postfix won’t necessarily be listening for incoming mail from the outside world. I’ve set this to “all,” but you can choose to be more discriminating and listen only on a specific interface. For example, inet_interfaces = $myhostname or inet_interfaces = ip address where “ip address” is the IP on your host on which you want to accept mail.

The mydestination parameter tells Postfix what domain(s) to accept mail for. By default, Postfix will reject any mail to a domain not listed in mydestination, even if that domain resolves to the server.

SMTP Authentication

Next, it’s time to set up SMTP authentication so that your users can actually send mail using their favorite mail clients.

Add the following parameters to your main.cf:

smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = mydomain.net smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_security_options = noanonymous

The first parameter, smtpd_sasl_auth_enable, tells Postfix to actually advertise SMTP AUTH. The next parameter, sasl_sasl_local_domain, is the domain allowed to send mail through your server. The smtp_recipient_restrictions parameter tells Postfix to allow users from “mynetworks” to send mail, to permit authenticated users to send mail, and to reject others.

Note that Postfix will need to be restarted when changing most values in main.cf. We’re not quite ready to start sending and receiving mail just yet, though.

Aliases

Most of the time, you’ll want to enable a few system aliases. You can add new aliases in /etc/aliases. This will map an alias to a system user, or you can map the alias to a user on a different system. The syntax is pretty simple:

postmaster: user
root: user
bob: bob@yahoo.com

However, you’re not done after adding the user to /etc/aliases. In addition to adding the alias, you need to let Postfix know about it. To do so, run newaliases to regenerate /etc/aliases.db.

To ensure that Postfix looks for aliases, you’ll need to add the following lines to your main.cf:

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

And, because Postfix runs chroot’ed on Debian, you’ll also want to add to the /etc/init.d/postfix line that says:

FILES=”etc/localtime etc/services etc/resolv.conf etc/hosts \
etc/nsswitch.conf etc/sasldb2 etc/aliases

This will copy the necessary files to /var/spool/postfix/etc, which is where Postfix will be looking.

Setting up POP3

Once you’ve installed the popa3d package, there’s not much left to do, really. It uses system accounts to authenticate, so it’s worth noting that this isn’t the world’s most secure solution. If your server lives behind a firewall, then it’s not really an issue. You could also set up a secure tunnel to retreive mail or look into setting up a more secure method of retreiving mail, which I’ll explain next month.

Virtual domains

Odds are, you may want to receive mail for a few virtual domains as well as your main domain. To enable virtual domains for Postfix, add the following to main.cf:

virtual_alias_domains = myvirtualdomain.net
virtual_alias_maps = hash:/etc/postfix/virtual

To set up users in the virtual table, the syntax is as follows:

user@myvirtualdomain.net user
sally@myvirtualdomain.net sally

As with the aliases file, Postfix does not recognize new virtual aliases just because you’ve added them to the file. You’ll also need to run postmap /etc/postfix/virtual.

At this point, you should be able to restart Postfix and begin sending and receiving mail. If you run into any trouble, the mail logs are /var/log/mail.log, /var/log/mail.info, and /var/log/mail.err.

That’s all for this month. Next month, I’ll cover setting up IMAP and authenticating over SSL.

Related posts:

1. setting up samba on debian 3.1
2. setup an easy ftp server on debian 3.1 linux

This entry was posted on Saturday, March 10th, 2007 at 10:35 am and is filed under Linux. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.