We chose Postfix due to its modern design and security record. It also has a license that we can live with more easily than qmail.
We generally configure Postfix in one of 2 configurations: outbound only, and outbound plus inbound. Outbound only is pretty simple; inbound configuration is quite a bit more complex.
Be sure that the "Firewall" procedure has been completed. Several ports will need to be open for testing inbound email.
Debian comes with Exim 4 installed. We'll need to remove that, so we can replace it with Postfix. It's best to remove it before-hand, so that we can reliably remove all the associated configurations files:
sudo apt-get purge 'exim4*'
Install the package:
sudo apt-get install postfix
You will (probably) be presented with some warnings and instructions in text menus. Hit OK
after reading the instructions. Select No Configuration
when prompted for the type of configuration – we'll configure everything manually.
All Postfix configuration options are detailed in the postconf(5) man page.
The postconf utility won't create a config file if it doesn't exist, so create it manually:
sudo touch /etc/postfix/main.cf
Set the host and domain names:
sudo postconf -e "myhostname=`hostname -f`" sudo postconf -e "mydomain=`hostname -d`"
Tell the SMTP server what domains to accept email for. (Do NOT list any VIRTUAL domains here. The distinguishing feature of non-virtual domains is that any real user ID that exists on the box – or is listed in the aliases file – is a valid address in the domain; the valid addresses in a virtual domain have to be explicitly listed in the virtual alias map.) For outbound-only systems, we only want to list "localhost" and "$myhostname":
sudo postconf -e 'mydestination=localhost, $myhostname'
Add our domain name to any addresses that are not specified:
sudo postconf -e 'myorigin=$mydomain'
Denote which systems can send outbound email (without having to authenticate). We also include a separate file to list any additional IPs that are allowed to relay through us. See the Relay section below.
sudo postconf -e 'mynetworks=127.0.0.0/8, hash:/etc/postfix/mynetworks'
Assuming /etc/postfix/mynetworks
doesn't already exist, create it. We shouldn't need to add any addresses for an outbound-only email server:
sudo sh -c 'cat > /etc/postfix/mynetworks' << 'EOD' # These IPs are allowed to relay through our SMTP servers. # NOTE: The 2nd field is not used, but you'll get warnings from postmap if you leave it out. EOD sudo postmap /etc/postfix/mynetworks
Set what the SMTP server should say when a client connects. We keep the version info out, for security reasons:
sudo postconf -e 'smtpd_banner=$myhostname ESMTP $mail_name'
Set the mail aliases file. (Note that the aliases file is special in 3 ways: it exists outside the /etc/postfix
directory for historical reasons; it uses a colon (':') to separate the left side from the right; and you use the newaliases
command after updating it, instead of the postmap
command.)
sudo postconf -e 'alias_maps=hash:/etc/aliases' sudo postconf -e 'alias_database=hash:/etc/aliases'
Set maximum sizes for messages (50 MB) and mailboxes (1 GB):
sudo postconf -e 'message_size_limit=50000000' sudo postconf -e 'mailbox_size_limit=1000000000'
By default, Postfix will keep trying to send an email for 5 days, before it gives up and tells you that it had a problem. That seems rather long, so we reduce it to 1 day:
sudo postconf -e 'maximal_queue_lifetime=1d' sudo postconf -e 'bounce_queue_lifetime=1d'
Allow email addressed to 'username+foo', so the user can have multiple virtual sub-addresses:
sudo postconf -e 'recipient_delimiter=+'
For outbound-only email servers, we want the SMTP server listen only on the localhost interface:
sudo postconf -e 'inet_interfaces=127.0.0.1'
The Mailman documentation recommends the following setting. It ensures that emails to unknown local addresses will generate a permanent error, not a transient error in which the client will keep re-trying.
sudo postconf -e 'unknown_local_recipient_reject_code=550'
First check to ensure that the configuration files are valid. (If it returns without printing anything, then the configuration is valid.)
sudo postfix check
Make sure that there's an /etc/aliases.db
file:
sudo newaliases
Start the Postfix daemons:
sudo /etc/init.d/postfix start
To make sure the daemons are running, you can check the process table:
ps auxw | grep postfix
This should show the 3 daemon processes. It should look something like this:
root 14126 0.0 0.2 3656 1328 ? Ss 22:04 0:00 /usr/lib/postfix/master postfix 14129 0.0 0.2 2964 1096 ? S 22:04 0:00 pickup -l -t fifo -u -c postfix 14130 0.0 0.2 2996 1116 ? S 22:04 0:00 qmgr -l -t fifo -u -c
There are several things to test in the email system architecture.
sudo netstat -nlp | grep -E ':25|Recv-Q'
This should show the Postfix master
process listening on port 25. In our configuration, it's listening only on local address 127.0.0.1.
telnet localhost 25
Make sure the banner looks OK, then type quit
to close the connection.
sendmail your_email@address.com <<EOF Subject: Testing outbound email. This is a test. EOF
Make sure it's delivered. Check /var/log/mail.log
To completely wipe away the installation and configuration:
sudo apt-get purge postfix
The Postfix web site has a lot of good documentation.
The Debian install is chrooted by default.
To get a list of all the default configuration options, run postconf -d
.
/var/log/mail.log
file without having to use sudo.