Before we proceed to our part of the configuration we must disable a feature that was set when Tuomos Postfix RPM was installed. Remember it comes built with support for the Cyrus-IMAP Server? We're not going to use the Cyrus-IMAP Server in this HOWTO. So let's disable this setting, as we don't want it to interfere with our setup at the moment.
Postfix main configuration is done in the /etc/postfix/main.cf. Use your favorite editor to edit the file. We are going to use vi throughout this HOWTO.
[firstname.lastname@example.org]# vi /etc/postfix/main.cf
We will not need mailbox_transport = lmtp:unix:/var/imap/socket/lmtp because this is a setting that applies not only but especially for Cyrus-IMAP server which we will not be using. Find the line that reads mailbox_transport = lmtp:unix:/var/imap/socket/lmtp and disable it. When you are done it should read as follows:
#mailbox_transport = lmtp:unix:/file/name #mailbox_transport = cyrus #mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
Now it's time to grab some good old paper and a pencil. You will need these infos that are specific to your domain and network later. But then you should be able to focus on incorporating these.
These are the parameters that will be used in the HOWTO. You will have to provide your own.
The $mydomain parameter specifies the local internet domain name.. If you don't run a DNS server or don't have access to one provide a domain name.
We will use example.com throughout this HOWTO as this domain is reserved for use in documentation.
When we set this value we will add it to the parameter $mydomain in main.cf.
The $myhostname parameter specifies the internet hostname of this mail system. Postfix needs to know its fully qualified domainname (FQDN). It will append this to all local users unless specified different by us.
When we set this value we will add it to the parameter $myhostname in main.cf.
We need this to tell Postfix that the IP that your Mail client (for testing purposes) comes from is allowed to use Postfix as a relay.
When we set this parameter, we'll set $mynetworks in main.cf.
Now that you have put your parameters down, we'll edit main.cf and put them into place.
[email@example.com]# vi /etc/postfix/main.cf
Search for mydomain = and you'll find #mydomain = domain.name
We uncomment the line and set the value we defined in Q1. The $mydomain parameter of this HOWTO now reads as follows:
[HOWTO SETTING] mydomain = example.com
Search for myhostname = and you'll find #myhostname = host.domain.name
We uncomment the line and set the value we defined in Q2. The $myhostname parameter of this HOWTO now reads as follows:
[HOWTO SETTING] myhostname = mail.example.com
Search for mynetworks = and you'll find #mynetworks = 220.127.116.11/28, 127.0.0.0/8 and two more entries for $mynetworks. We'll be using the style of the first one.
We uncomment the line and add the value we defined in Q2 and remove 18.104.22.168/28. The $mynetworks parameter of this HOWTO now reads as follows:
[HOWTO SETTING] mynetworks = 172.16.0.0/24, 127.0.0.0/8
Remember that we disabled a few lines that came with the RPM? We will now set these in their context. It's not that Postfix needs the parameters in a certain order. It just makes it easier for us humans to find them where they belong ;-)
Tuomo fixed that in his recent SRPMS. Still you will have to enable these.
Search for alias_maps = and you'll find #alias_maps = dbm:/etc/aliases and three more lines that offer different values.
We uncomment the second line and set the value to hash:/etc/postfix/aliases. Our alias_maps parameter now reads as follows:
alias_maps = hash:/etc/postfix/aliases
Search for alias_database = and you'll find #alias_database = dbm:/etc/aliases and three more lines that offer different values.
We uncomment the third line and set the value to hash:/etc/postfix/aliases. Our alias_database parameter now reads as follows:
alias_database = hash:/etc/postfix/aliases
That's it for a start. We're still away from having a sophisticated SMTP server that saves us a lot of work and is a real pain to spammers, but we're very close to fire up Postfix and send our first message.
Postfix doesn't want to bother us with information into detailed depth unless we ask it to. Since we are still setting Postfix up and testing functions we might run into problems while doing that. So we'll have Postfix being more detailed about what's going on when it gets its work done. This will save us lot of time when we look for errors!
In order to enable verbose logging we have to append a string that is passed to the smtpd when it is started. This is done in /etc/postfix/master.cf.
[firstname.lastname@example.org]# vi /etc/postfix/master.cf
search for smtpd and append -v.
When your done it should look like this:
# ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (50) # ========================================================================== smtp inet n - n - - smtpd -v
That's it for our first basic setup. Postfix should now be configured to accept messages from the local machine and from any machine who's IP matches the IP Range you specified when you answered Q3.
We'll be sending quite some mail in this HOWTO. But to whom? We need a valid user on the local machine!
[email@example.com]# adduser test [firstname.lastname@example.org]# passwd test
This HOWTO sends mail to the user test. It's password is testpass.
Feel free to add your own user, but remind that you'll have to replace our values with yours throughout this HOWTO.
Now it's time to start Postfix for the first time:
[email@example.com]# /etc/init.d/postfix start
You can tell it's up from the feedback the init script provides; but will the Postfix-Server die after a few seconds because something is wrong?
Let's check the process list and pipe it's output to grep which will grab for the string postfix in the output.
[firstname.lastname@example.org]# ps axf | grep postfix 7547 ? S 0:00 /usr/libexec/postfix/master
Still there. OK, time to send our first mail. If it's gone check /var/log/maillog for error messages.
First we will verify that we are able to send mail on localhost to user test. This is the simpliest testcase that we have. If we succeed we will move on sending mails to test from a Mail client that does not run on our Postfix server.
[email@example.com]# mail test Subject: Test from localhost Test #1 . Cc: [firstname.lastname@example.org]#
In case you are not familiar with the program mail:
Procedure 6. Send mail from CLI using mail
Did Postfix deliver our mail? We'll check by simply letting less open the file in /var/spool/mail for the user test.
[email@example.com]# less /var/spool/mail/test From firstname.lastname@example.org Fri Mar 15 21:09:54 2002 Return-Path: <email@example.com> Delivered-To: firstname.lastname@example.org Received: by mail.example.com (Postfix, from userid 0) id 029E640789; Fri, 15 Mar 2002 21:09:53 +0100 (CET) To: email@example.com Subject: Test from localhost Message-Id: <20020315200953.029E640789@mail.example.com> Date: Fri, 15 Mar 2002 21:09:53 +0100 (CET) From: firstname.lastname@example.org (root) Test #1
So it got delivered. Good. Let's go on to send some mail from another host.
The simpliest Mail client we can think of is a telnet client that connects to the SMTP port 25. We'll be doing it the hard way, because we want to exclude side effects that might be introduced by other, more comfortable Mail clients.
Look at the paper where you answered a few questions. It's time for Q4. We use 172.16.0.2 for our Postfix server. You'll have to replace this IP with yours in the following statement.
First we will see if we can deliver mail to a local user.
Procedure 7. Telnet session: Deliver mail to a local user
On your remote machine we telnet 172.16.0.2 25
Postfix comes up and greets us with it's smtpd banner:
220 mail.example.com ESMTP Postfix
We say hello and introduce ourselves:
Postfix offers it's services:
250-mail.example.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-XVERP 250 8BITMIME
We tell where this testmail is coming from:
We tell Postfix where this mail is going to:
We tell Postfix that we'll be sending data
354 End data with <CR><LF>.<CR><LF>
We write our message
Test from remote host Test #2 .
250 Ok: queued as 9BB3F40789
Good. The mail got delivered. Time to end this session.
So, we have just send our first mail from a remote host to a local user on the Postfix server. But what if we wanted Postfix not do deliver to a local user, but to relay the message for us to another user on a remote host?
Again we telnet 172.16.0.2 25. We'll do as before with the only difference that this time we send to a remote (aka non-local) user. Since you've just seen the procedure, we'll just summarize this session (S: = server, C: = client):
S: 220 mail.example.com ESMTP Postfix C: EHLO example.com S: 250-mail.example.com S: 250-PIPELINING S: 250-SIZE 10240000 S: 250-VRFY S: 250-ETRN S: 250-XVERP S: 250 8BITMIME C: mail from:<email@example.com> S: 250 Ok C: rcpt to:<firstname.lastname@example.org> S: 250 Ok C: data S: 354 End data with <CR><LF>.<CR><LF> C: Testmail relaying mail from email@example.com to firstname.lastname@example.org C: Test #3 C: . S: 250 Ok: queued as 84BA64078A C: quit S: 221 Bye
Now it's up to you to send mail to a remote user through the Postfix server. But behold, don't close your telnet program after the session. You'll need some of the information that was specific to your session in a few paragraphs from now.
Why did relaying work for us?
We were able to relay a message using Postfix, because Postfix knows the remote machine is part of the network (see: mynetworks) that it permits relaying.
Before we will configure SMTP AUTH there's something that we have to take care of...
Remember that we've just sent a mail to email@example.com. Since the Postfix server in our HOWTO is not connected to the real world it hardly will be able to deliver the message. So what is Postfix doing with the mail at the moment? It's still trying, holding the mail in the queue...
Time to learn something about a helper application that comes with Postfix which is used to remove mails from Postfix' mqueue: postsuper
When you delete a mail it goes like this: postsuper -d MESSAGEID
Every message has it's unique ID provided by Postfix when it accepts a message. This MESSAGEID was given to us, when we did our telnet session. Have a look at the second last message that Postfix gave us in the HOWTO before we quit the session.
250 Ok: queued as 84BA64078A
84BA64078A is our HOWTOS' MESSAGEID.
Look at your telnet program. What is your MESSAGEID?
At the command prompt enter:
[firstname.lastname@example.org]# postsuper -d MESSAGEID postsuper: MESSAGEID: removed postsuper: Deleted: 1 message [email@example.com]#
We removed the undeliverable mail. Postfix should feel better now... ;-)
Let's do it the XP way and define and test a test before we do the configuration. Huh? Read on...
Since our remote machine is part of the network defined in mynetworks it will be allowed to relay no matter if we configured SMTP AUTH correctly or not. This will not help us to prove, our configuration for SMTP AUTH works.
In order to gain valid results whether relaying with SMTP AUTH works the way we want it, we'll have to ensure that we are not part of $mynetworks. We do this by simply removing our subnet from the $mynetworks parameter and only let the IP range for localhost remain.
[firstname.lastname@example.org]# vi /etc/postfix/main.cf
We reduce mynetworks = 172.16.0.0/24, 127.0.0.0/8 to mynetworks = 127.0.0.0/8.
It should look like this:
mynetworks = 127.0.0.0/8
In order to let the changes be known to Postfix we must restart it.
[email@example.com]# postfix reload postfix/postfix-script: refreshing the Postfix mail system
Let's prove that our test setup will not allow us to relay messages. We telnet from our remote machine. Keep in mind that relaying means: Sending a message through Postfix to a remote user. The value we provide with RCPT TO: must not be a local user.
This is the transcript from our session:
S: 220 mail.example.com ESMTP Postfix C: EHLO example.com S: 250-mail.example.com S: 250-PIPELINING S: 250-SIZE 10240000 S: 250-VRFY S: 250-ETRN S: 250-XVERP S: 250 8BITMIME C: MAIL FROM:<firstname.lastname@example.org> S: 250 Ok C: RCPT TO:<email@example.com> S: 554 <firstname.lastname@example.org>: Recipient address rejected: Relay access denied C: QUIT S: 221 Bye
Postfix will not allow us to relay mails to remote users. Now that we've configured this we can go on and add SASL which will provide us with the functionality to relay even if we are not part of Postfix' network.
We gathered informations to use for configuration.
We configured Postfix to give us basic functionality.
We added a user for testing purposes.
Then we sent testmessages from localhost to a local user,
from a remote machine to a local user and
from the remote machine to a remote user.
We did this the hard way in order to exclude failures that could be introduced by more complex Mail clients
We successfully deleted a non-deliverable message from Postfix without stopping it or manually deleting files from it's mail queue.
We prepared Postfix to reject relaying for our network in order to prove SASL to work correctly later on.