Date: Mon, 4 Dec 2000 15:00:07 -0500 From: Corvin Russell <corvinr@sympatico.ca> Message-ID: <20001204150007.A1432@cloud.of.unknowing.org> Subject: sample Postfix configuration for home-user newbies Postfix is definitely aimed at people who are running larger mailservers, however, as we all discover when we install linux on our home computer, as soon as we use unix mail clients we need an MTA. There is no HOW-TO-like document for the home user who is not really interested in running a mailserver. So I will just explain my setup and how I did it. I use Postfix, Mutt, and Fetchmail. Fetchmail retrieves my mail from the ISP's server. It is ridiculously easy to configure with the graphical fetchmailconf utility. Postfix does local delivery and also delivers outbound mail, or rather, hands it to my ISP for delivery. Now, while I have a domain name, I have not gotten around to switching to an ISP that will give me a static IP (I will do soon), nor am I interested in fiddling with dynamic ip hosting. So that was my problem with postfix. To solve it I configured postfix with a simple canonical rewriting rule. Is it kosher/halal? I really don't know. But it was the first thing I tried and it worked. Probably if I submitted my configuration to the postfix-users group, I would get a hiding. But they don't need to know :-) Now, rather than look at the big long file in /etc/postfix/main.cf, we can use the command 'postconf -n' to print out all the uncommented lines. We get alphabetically listed output that looks like so: <p>alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin daemon_directory = /usr/lib/postfix debug_peer_level = 2 default_destination_concurrency_limit = 10 default_privs = nobody default_transport = smtp home_mailbox = Maildir/ inet_interfaces = $myhostname, localhost local_destination_concurrency_limit = 2 mail_owner = postfix mydestination = $myhostname, localhost.$mydomain, $mydomain, localhost mydomain = unknowing.org myhostname = cloud.of.unknowing.org myorigin = sympatico.ca program_directory = /usr/lib/postfix queue_directory = /var/spool/postfix relay_domains = $mydestination, $virtual_domains, sympatico.ca relayhost = smtp1.sympatico.ca relocated_maps = hash:/etc/postfix/relocated smtpd_sender_restrictions = hash:/etc/postfix/access transport_maps = hash:/etc/postfix/transport virtual_maps = hash:/etc/postfix/virtual #Now, the same output with my comments. ________________________________________________________ alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases #These lines just source the system alias file/db. Remember, after #changing /etc/aliases, you must execute 'postalias #/etc/aliases'. 'postfix reload' updates postfix immediately, #otherwise there is a one minute delay. canonical_maps = hash:/etc/postfix/canonical #This sources the canonical map file, where you tell Postfix how to #rewrite specified addresses. 'postmap /etc/postfix/canonical ; #postfix reload' after changing. command_directory = /usr/sbin #This is system-specific, but here is where this commands are in #SuSE. Postfix commands are named the same as Sendmail commands. #This allows Postfix to be a 'drop-in' replacement for Sendmail. daemon_directory = /usr/lib/postfix debug_peer_level = 2 #Home user probably doesn't need to fiddle with this. default_destination_concurrency_limit = 10 #Home user: no need to fiddle with this. default_privs = nobody #This has to do with Postfix's running privileges. On that subject, #make sure to edit /etc/postfix/master.cf to chroot as much as #possible. See below. default_transport = smtp #Not likely you will need to change this. home_mailbox = Maildir/ #I use Maildir for preference, the default is unix mbox inet_interfaces = $myhostname, localhost #As you can see, I have postfix configured *not* to listen on any #external ports. Since I have fetchmail collect my mail, there is no #need to have posftix listening as daemon. This is just an added #security risk. local_destination_concurrency_limit = 2 mail_owner = postfix #Don't need to fiddle with these. mydestination = $myhostname, localhost.$mydomain, $mydomain, localhost #This specifies all the domains postfix will deliver for. Since #Fetchmail collects my mail, and since fetchmail is configured to #replace the remote address with my local address, I don't need to #consider sympatico.ca as a destination. <p>mydomain = unknowing.org #This is my domain. But don't try sending mail to it! myhostname = cloud.of.unknowing.org #Ditto myorigin = sympatico.ca #This specifies the address that postfix will make it look like my #mail came from. Since I am the only user on this box, and since i #have only one ISP account, this will not present problems for me. If #your setup is different, you might have to tweak. program_directory = /usr/lib/postfix queue_directory = /var/spool/postfix relay_domains = $mydestination, $virtual_domains, sympatico.ca #There is no instance in which I would really relay mail for #sympatico.ca (or anyone else). That could probably be removed. relayhost = smtp1.sympatico.ca #This tells postfix not to attempt to deliver the mail itself. #Instead, it hands the mail to smtp1.sympatico.ca. This saves time #and system expense for DNS lookups, retries etc. Might as well let #your ISP do that, your box will not do it better. relocated_maps = hash:/etc/postfix/relocated smtpd_sender_restrictions = hash:/etc/postfix/access transport_maps = hash:/etc/postfix/transport virtual_maps = hash:/etc/postfix/virtual #I don't use any of the above. #One final note. AFAIK the only header that is important for routing #or DNS lookups (and so for anti-spam measures etc.) is the #return-path header at the very top of the email. This should be set #by the last MTA to hand off the mail, i.e. the penultimate MTA in the #chain. Normally, this is your ISP's MTA. It should always be the #address that you will receive mail at. If this is not happening, your #configuration is wrong. All the other things can be fiddled with. #Ideally, the message ID will be globally unique, and the best way to #ensure this is to use a hostname that is known to be unique. But in #practice it matters little and the chance of harmful ambiguity is #pitiably small. Correct me if I am wrong, but I believe this ID is #set by the MUA. An alternate way of setting it is to use your whole #email address as the identifying portion. Normally, this will be #unique. But don't ask me where or how to do it. <p>___________________________________________________ #Then, to complete my setup I have one line in /etc/postfix/canonical: root root@cloud.of.unknowing.org #This prevents mail to root from being rewritten with $myorigin. #Otherwise my mail would go to root@sympatico.ca (which is probably #/dev/null) #and one line in /etc/aliases, in addition to all the other lines: root: corvinr@cloud.of.unknowing.org #This sends mail to root to my user account. In both these cases, I #might have used the environment variables ($localhost e.g.), but to #forestall any ambiguity I did not. Of course, that is more work when #these variables are changed. Btw, on a related topic, your /etc/hosts, #/etc/host.conf, and /etc/resolv.conf must all be properly configured #for postfix to work. With the SuSE installation there are no other #issues, however, on FreeBSD I had to mkdir /var/spool/postfix/etc and #chmod it to 755, then copy /etc/services to /var/spool/postfix/etc/ #and chmod that to 444. <p><p>Finally, I believe you should make sure to edit /etc/postfix/master.cf so that it looks like the following, i.e. chroot as much as possible (gurus please correct): # SPECIFY ONLY PROGRAMS THAT ARE WRITTEN TO RUN AS POSTFIX DAEMONS. # ALL DAEMONS SPECIFIED HERE MUST SPEAK A POSTFIX-INTERNAL PROTOCOL. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (50) # ========================================================================== smtp inet n - y - - smtpd pickup fifo n n y 60 1 pickup cleanup unix - - y - 0 cleanup qmgr fifo n - y 5 1 qmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce smtp unix - - y - - smtp showq unix n - y - - showq error unix - - y - - error local unix - n n - - local cyrus unix - n n - - pipe flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} uucp unix - n n - - pipe flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail# ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=F. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient <p><p><p><p> -- Corvin Russell <corvinr@sympatico.ca>