You are here: Foswiki>ATLAS Web>Postfix (28 Nov 2007, Xm)Edit Attach

What is Postfix?

Postfix is a mail transfer agent (MTA), a program for the routing and delivery of mail.

Mails to be delivered on the local machine are passed to a mail delivery agent (MDA) such as procmail.


mails to root should be transferd to loki's account. BUT: Refering to the log, lokis mail are redicted to root.

got it. Changed last line of /etc/aliases to root: loki, tells the system to redirect root's mail to loki's account. Don't forget to run /usr/bin/newaliases afterwards!

/etc/mailname <= domainname

/etc/hosts <= configure domainname for Addresspace

postsuper -d ALL removes all mails from queue. mailq Shows queued mails hostname (-f) Shows the Host.(Domainname)

In /etc/

A brief comparision of Postfix and Exim4

Postfix: a monolithic main configuration file;a strong emphasis on security;quite flexible in its configuration file, but not to the extent of Exim;extremely fast, more efficient than Exim but not to a noticeable on modern hardware degree even with very high load.

Exim4:a monolithic main configuration file;not as secure as Postfix, but seems to be quite secure enough for most normal applications;in exchange for a lower level of design security, it gives the versatility that Postfix cannot deliver.

Setup a mail server with Postfix (with SMTP-AUTH/TLS) and Courier

Postfix with SMTP-AUTH and Transport Layer Security (TLS)

1. Installation
sudo apt-get install postfix

Press return when the installation process asks questions, the configuration will be done later.

2. Basic Configuration:
sudo dpkg-reconfigure postfix

You will be asked some questions as the followings:
	General type of configuration? <-- Internet Site
	Where should mail for root go <-- NONE
	Mail name? <--
	Other destinations to accept mail for? (blank for none) <--,, localhost
	Force synchronous updates on mail queue? <-- No
	Local networks? <--
	Use procmail for local delivery? <-- Yes
	Mailbox size limit <-- 0
	Local address extension character? <-- +
	Internet protocols to use? <-- all is the FQND of your mail server.

3.Configure postfix to use SASL for SMTP AUTH with the postconf command. You can also directly manually edit the configuration file /etc/postfix/

Configure Postfix to do SMTP AUTH using SASL (saslauthd):
	postconf -e 'smtpd_sasl_local_domain ='
	postconf -e 'smtpd_sasl_auth_enable = yes'
	postconf -e 'smtpd_sasl_security_options = noanonymous'
	postconf -e 'broken_sasl_auth_clients = yes'
	postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
	postconf -e 'inet_interfaces = all'
Open the /etc/postfix/sasl/smtpd.conf file and add the following lines to end of the file:
	pwcheck_method: saslauthd
	mech_list: plain login
4.Configure the digital certificate for TLS as root. When asked questions, follow the instructions and answer appropriately.
	mkdir /etc/postfix/ssl
	cd /etc/postfix/ssl/
	openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
	chmod 600 smtpd.key
	openssl req -new -key smtpd.key -out smtpd.csr
	openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
	openssl rsa -in smtpd.key -out smtpd.key.unencrypted
	mv -f smtpd.key.unencrypted smtpd.key
	openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
	sudo mv smtpd.key /etc/ssl/private/
	sudo mv smtpd.crt /etc/ssl/certs/
	sudo mv cakey.pem /etc/ssl/private/
	sudo mv cacert.pem /etc/ssl/certs/
Here the self-signed certificate is used. In real pruduction environment, the digital certificate should be from a certificate authority.

5.Configure Postfix to do TLS encryption for both incoming and outgoing mail:
      postconf -e 'smtpd_tls_auth_only = no'
      postconf -e 'smtp_use_tls = yes'
      postconf -e 'smtpd_use_tls = yes'
      postconf -e 'smtp_tls_note_starttls_offer = yes'
      postconf -e 'smtpd_tls_key_file = /etc/ssl/private/smtpd.key'
      postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt'
      postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
      postconf -e 'smtpd_tls_loglevel = 1'
      postconf -e 'smtpd_tls_received_header = yes'
      postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
      postconf -e 'tls_random_source = dev:/dev/urandom'
      postconf -e 'myhostname ='
The postfix initial configuration is complete. Run the following command to start postfix daemon:
              sudo /etc/init.d/postfix start
Now the postfix daemon is installed, configured with SMTP AUTH and TLS and started successfully.

6. Configure SASL authenticaion to enable SMTP AUTH using SASL.

Postfix supports SMTP AUTH as defined in RFC2554. It is based on SASL. However it is still necessary to set up SASL authentication before you use SMTP function. The libsasl2, sasl2-bin and libsasl2-modules are necessary to enable SMTP AUTH using SASL.Install these applications if you have not.
	sudo apt-get install libsasl2 sasl2-bin
A few changes are necessary to make it work properly. Because Postfix runs chrooted in /var/spool/postfix, SASL needs to be configured to run in the false root (/var/run/saslauthd becomes /var/spool/postfix/var/run/saslauthd):
	mkdir -p /var/spool/postfix/var/run/saslauthd
	rm -rf /var/run/saslauthd
To activate saslauthd, edit the file /etc/default/saslauthd, and change or add the START variable. In order to configure saslauthd to run in the false root, add the PWDIR, PIDFILE and PARAMS variables. Finally, configure the MECHANISMS variable to your liking. The file should look like this:
	# This needs to be uncommented before saslauthd will be run
	# automatically


	# You must specify the authentication mechanisms you wish to use.
	# This defaults to "pam" for PAM support, but may also include
	# "shadow" or "sasldb", like this:
	# MECHANISMS="pam shadow"

Next, update the dpkg "state" of /var/spool/portfix/var/run/saslauthd. The saslauthd init script uses this setting to create the missing directory with the appropriate permissions and ownership:
        dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd
7. Testing.

Run the following command to start the SASL daemon:
              sudo /etc/init.d/saslauthd start
To see if SMTP-AUTH and TLS work properly, run the following command:
	telnet 25
If you see the following lines among others, then everything is working perfectly. Type quit to exit.
        250-AUTH LOGIN PLAIN
        250-AUTH=LOGIN PLAIN
        250 8BITMIME
Courier IMAP/Courier POP3

1. Install Courier-IMAP/Courier-IMAP-SSL (IMAPs on port 993) and Courier-POP3/Courier-POP3-SSL (POP3s on port 995)
        sudo apt-get install courier-authdaemon courier-base courier-imap courier-imap-ssl courier-pop courier-pop-ssl courier-ssl gamin libgamin0 libglib2.0-0
You will be asked two questions:
        Create directories for web-based administration ? <-- No
        SSL certificate required <-- Ok 
2.Set Postfix Support for Maildir-style Mailboxes. Courier IMAP/POP3 servers only work with Maildir format of mailboxes. A Maildir is a directory (often named Maildir under /home/username) with three subdirectories named tmp, new, and cur.

Configure Postfix to deliver emails to a user's Maildir:
	postconf -e 'home_mailbox = Maildir/'
	postconf -e 'mailbox_command ='
	/etc/init.d/postfix restart
3. mail account

In our case, we use system account. Create a system account and the home folder, then the mail will goes to ~/Maildir/new.

mbox and Maildir

Regarding to how to store e-mail messages, there are two major mailbox formats: mbox and Maildir.

mbox uses a single file to store each user's email message. This format simply appends each received message into a file called "inbox", that is, it is a single file per mail folder. Nearly all MTA's and POP/IMAP daemons know how to deliver to mbox. Because both SMTP and POP/IMAP servers read message from the mbox file, it raises a locking problem.

Maildir,thought as the replacer of the mbox format, stores the e-mail messages in separate files instead of one file. This sets up a directory structure whereby each message that is received is it's own file. At the present,Courier is the most widely used POP(S)/IMAP(S) that works with the Maildir format.

mbox has the advantage of being almost universally supported, but has the file-locking problem. Maildir is faster, less prone to corruption and avoiding the locking problems, but there are concerns about its ability to scale to handle large numbers of messages on some file systems. About the performance, Maildir is faster at locating, accessing and deleting a particular messsage. mbox is faster at delivering message.

Postfix Configuration on Node43

Postfix with SMTP-AUTH/TLS and Courier POP/IMAP are installed on Node43 for test. The main configuration file is at /etc/postfix/ It is using self-signed certificate. The mailbox format is Maildir.

1.The following are installed on node43 in additionally.
apt-get install postfix,telnet,courier-pop,courier-imap,libsasl2,sasl2-bin,libsasl2-modules,libdb3-util,procmail

2. Following above [["Setup a mail server with Postfix (with SMTP-AUTH/TLS) and Courier ]] "for the basic configuration.

3. To provide mail repaly function, set the relayhost = [] (IP address of the node0) in the

4. To translate external address for user logged on any node, set
local_header_rewrite_clients = permit_inet_interfaces,permit_mynetworks
sender_canonical_maps = regexp:/etc/postfix/sender_canonical 

 Then  edit the sender_canonical as followings:
/^account/ external_email_address

5. Everytime you make changes to, run postfix check before you run postfix reload.

6. In /etc/hosts, add	node35 node35 node43

7.mutt is installed to read email when you ssh to node43. To allow mutt to read Maildir format mailboxes, add the followings to /etc/Muttrc or put it at .muttrc under user's home folder:
set spoolfile=~/Maildir/
set mbox_type=Maildir
et folder=~/Maildir
set mbox=~/Maildir/
Topic revision: r1 - 28 Nov 2007, Xm
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback