Postfix

= Basic Postfix HOWTO =

Introduction
Over the years, postfix has become the new defacto standard amongs MTA's. It has beaten qmail which in turn had taken down sendmail from the throne. This document wil describe how to setup and test a basic postfix server.

Pre-installation
Depending on the used USE flag settings and other installed packages on the system, such as a different MTA (e.g. ssmtp, exim, qmail, sendmail, etc.) postfix may be blocked or worse. By default gentoo has installed installed which may block postfix from installing. If portage cannot unmerge the block, it may be required to manually uninstall ssmtp.

Installation
Postfix uas several useflags that may desired for certain bigger setups. Though they can be set already none will be used as this is supposed to install, configure and test a basic postfix server.

Fully Qualified Domain Name (FQDN)
Though not entirely related, for a MTA to function properly, it is imperative that its hostname is set up correctly. Under Gentoo /etc/conf.d/hostname and /etc/conf.d/net are the files responsible for this. In this example the mailserver is named foo' on the domain example.com''.

Verifying that the FQDN is setup properly for the domain.

If for any reason the FQDN cannot be set properly, postfix needs to be told what it's FQDN is. Otherwise leave it at its commented default.

Trust and Relay
This is one really important thing to get right. By default, postfix install is pretty tight, only allowing users on the same subnet as the mail server to relay through postfix. If this gets messed around with, it can potentially open the door to all users from anywhere. It is begging for abuse by spam merchants and the domain will be quickly blacklisted. Kind of defeats the purpose of setting up a personal mail server, if nobody will talk or listen to it.

Since later, relay control will be through SMTP Authorization later, postfix can be tightened even further then default. It is much easier to test if internal systems aren't allowed to relay either. Nobody gets to go through. Also it has the benefit, if an internal system is compromised, they cannot use it as launch pad to gain open relay access to the mail server. Long and short of it is, that only the mail server itself is considered a trusted system, all others must login.

Address extensions
Postfix has a neat feature called address extensions. With address extensions it becomes possible to have several aliases under one mailbox. The way it works if a message arrives for testuser+spam@example.com postfix will try to deliver the message to testuser+spam first, if no such user is found, it will be delivered to testuser@example.com. This can be quite useful for all these sites that require email address registration. Signing up with testuser+somesite@example.com would allow one to easily filter and trace where a message originated from. If for example some unsolicited mail was delivered to that address, it could have come from somesite. Also amavis will later use this to deliver spam.

maildir
When postfix completes merging and the USEflag for mailbox is set, it adds the mailbox directive in at the bottom of the file, instead of the section where it should be. It is recommended to move the home_mailbox = .maildir/ to its appropriate location to simplify merging of updates later.

Finally for testing purposes it is recommended to temporarly enable these features.

Soft-Bounce
Soft-Bounce decreases chances of mail going all over the place due to an invalid setup.

Verbose SMTP
Before testing the basic mail server, the verbose flag of the smtp server should be enabled by adding a -v to the smtp daemon.

That is all that will be configured for now. There are other parameters that other HOWTO's would want to change already, but they are not needed yet. They will be setup later when virtual users are being setup with the database connection.

Starting Postfix
Before starting postfix for the first time, the local alias database has to be compiled. If this is not done, postfix may seem to start normally, but won't work and the log will be spammed by errors.

The default local alias database contains rfc required default local accounts and pseudo accounts. Simply run the newaliases command to generate the database.

Now it is time to start postfix for the very first time.

It can be very usefull to monitor the mail log file using tail -f.

Testing Postfix
Now that postfix is running properly, it should accept connection from telnet on port 25 and send mail to anywhere in the world. Replace the example @. with a real e-mail address to see it work.

Looking at /var/log/mail.log it can be verified that the message got properly relayed.

Performing the same test from a different host should fail, as it is untrusted.