This page is part of the EmailServer article.
Switch to Postfix
We need to switch from the
To switch, do the following:
# yum -t install postfix
# yum -t install system-switch-mail
The first 2
You will be presented with a choice on screen, go for
Let's first make a backup copy of these config files, just in case:
# cp master.cf master.cf.ORIGINAL
# cp main.cf main.cf.ORIGINAL
Now, edit the
myorigin = $mydomain
This says that mail sent from your server will take the form email@example.com.
Note that by default, $myhostname and $mydomain are automatically derived from your machine's name. This name should be a Fully Qualified Domain Name (FQDM) like mail.example.com.
mydestination = $myhostname localhost.$mydomain localhost $mydomain
Defines which domains you want to receive mail for. We should always allow the variations of localhost so the server can accept mail sent to itself, and $myhostname and $mydomain ensure that you will get mail sent to both mail.example.com and example.com.
mynetworks_style = subnet
Allows people on the local network to be able to use the server to relay their emails. People from outside the subnet (outside of the IP addresses defined by your network's netmask, such as 255.255.255.0) will not be able to use the server to send email. This is safe, you never want unknown people from the Internet to be able to relay their mail through your server: it would only take a few minutes for your machine to become a spam hub.
relay_domains = $mydestination
Authorises people from the outside to send email that is supposed to be for us.
notify_classes = resource, software
Defines what sort of information should be sent to the postmaster when there is a problem. There are more options to that, but using too many could flood your mailbox.
Confirms we're not using any external relays as we want the server to deliver our emails directly to other servers. If your ISP doesn't let you send emails by yourself (some block port 25), then you can put their own email server there [mail.isp.com] (including the brackets). Any mail you sent through your server will be given to your ISP's email server for delivery. Note that this is not very reliable as ISP have usually no guarantee that your email will be delivered to its destination: you're in effect sending your mail through a black hole.
proxy_interfaces = 18.104.22.168
Is only needed if your server is not directly connected to the Internet but is for instance behind a firewall that uses Port Forwarding to redirect traffic to it on a local subnet (for instance, your server address is 192.168.0.1 or another reserved LAN IP Class). In that case, you have to tell Postfix what is the outside address of the mail server (replace 22.214.171.124 by whatever is your real IP). Note though that if you don't have a fixed IP, this can be a bit annoying and you may be better off with connecting the server directly to the Internet and using iptables as a good internal firewall.
inet_interfaces = all
Makes Postfix listen to all interfaces for email.
message_size_limit = 20971520
Limits the size of emails. Here we set it to 20MB which should be more than enough for most systems. It's a good idea to set a limit. I've have users trying to send 150MB emails to people who only had a dial-up connection (since delivery to the server from the local network is fast, people tend not to notice much the size of the emails they send).
masquerade_domains = $mydomain
Ensures that mail from other hosts being sent through the server gets rewritten with our domain name correctly appended. this means that if firstname.lastname@example.org sends an email through the server, it will be rewritten as email@example.com.
mail_name = MyOwnPostOffice
Optional and replaces the default name returned by Postfix. It's not a bad idea to replace the default string as it is par of the messages exchanged every time an email is being delivered. Potentially, it could allow someone to use that information to exploit a known security hole (the default string contains the full version number of Postfix).
home_mailbox = email/
If that directive is present, it will tell Postfix to deliver messages to the
Note: you do not need to create the directories: Postfix will do that for you if they don't exist.
As we've discussed before, ensuring that your server is locked down is vital if you don't want to become the next spam relay.
SASL is a way of authenticating users when they are trying to send mail. It uses a variety of methods and it's fairly flexible, at the expense of being simple.
To ensure proper SASL authentication, add the following to your
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
The first line enables authentication for email being sent through the server from the outside (allowing roaming users to send email from the Internet).
For security reasons, Postfix runs as an unprivileged user, meaning that it doesn't have access to your password files.
Fortunately, this is already installed on Fedora and probably on most distributions as well. Just to be sure, do the following from the prompt:
# yum -t install cyrus-sasl
The only configuration that tells
mech_list: plain login
Note: on other Linux systems, this file may be missing or may be located under
Make sure you restart the
The minimum alias that must be set-up is for the postmaster who will receive errors and warnings issued by Postfix:
The administrator user must have been created and you should probably the one using that account regularly to check for issues.
Note: after every modification of the alias file, you must run
To add more aliases, just add them to
Don't forget to run
Aliases are ok, but not very powerful, especially if you're hosting multiple domains and want a mail sent to firstname.lastname@example.org be redirected to john while a mail to email@example.com should go to suzan.
In that case, edit the
Here, anything sent to any variation of Susan's email address will be redirected to Susan's account, regardless of the domain they were sent to: firstname.lastname@example.org and email@example.com will be dropped into Susan's mailbox.
For email sent to sales, Suzan will be the recipient for example.com and John for myhome.com.
Any other email sent to invalid addresses (one that does not have a defined account, alias or virtual entry defined on the system) at example.com will be sent to John. This is a catch-all definition, but it is generally preferable to use a separate account for it as it will receive all spam sent to the servers to accounts that do not exist.