Configuring Postfix

From Zanecorpwiki

Contents 1 Overview 2 Setting Local Domains 3 Bad Names 4 Set up Reverse DNS 5 Authentication 5.1 SASL 6 Protect Yourself against Spam

Overview

Postfix is a mail relay program. It's used to send mail and receive mail on the host. In most cases, postfix runs on an always-on server, sending and receiving mail for it's domain(s). End users will connect from client applications like Thunderbird to pickup, view, and send mail through the postfix server.

Setting Local Domains

These are the domains that the server handles. These domains are 'fully qualified', not top level, so if you're setting up a mail server for all of 'foo.com', then you need, at a minimum, include the mail server's specific network name in the list, ala 'mail.foo.com,foo.com'. Otherwise aliases won't work since (in this setup) aliases get re-rewritten as if they go to the host machine. The FQN paradigm may seem odd if you only deal in 'one server per domain', but large institutions will often have several servers acting as intra-domain relays.

Note you can set up a machine for many domains at once, and the machine itself need not be in the domain for which it handles mail. In my business, Liquid Labs, my domain is liquid-labs.com, and so I set up mail machines for domains like 'foomail.liquid-labs.com'. The local domain for that machine would thus have to be 'foomail.liquid-labs.com,foo.com'.

A single server can handle multiple domains, so we might have 'foomail.liquid-labs.com,foo.com,specialfoo.com,anotherfoo.com'.

Local domains are set in /etc/sysconfig/postfix and loaded via 'SuSEconfig -module postfix'.

UNLESS you set ORIGINS...

Bad Names

By default, postfix bounces mail to users it doesn't know. The problem is a lot of spam comes in with invalid users and guessed/common names. The bounced mail becomes spam itself. Postfix's default behavior in this matter is historical and not a good idea.

To fix this, go into '/etc/postfix/main.cf' and set 'local_recipient_maps ='. This override's the default behavior of using the host's local users as a filter for valid addresses'.

Next, set 'luser_relay = spamking'. Spamking is our catchall account where spam gets sent to. This allows us to check for important emails that might have gotten erroneously flagged. (TODO: refer to spamassassin setup). Postfix will now relay mail addressed to unknown users to the spamking account.

Set up Reverse DNS

Contact your ISP and request that they set up reverse DNS for your mail server. Some mail servers will not talk to yours unless you have a valid reverse DNS entry.

It is not recommended, however, that you require reverse-DNS yourself. First: reverse DNS breaks the idea of DNS and can be problematic for smaller institutions to control. Second: it doesn't really help. Spammers can have valid reverse DNS entries and there's much better ways to determine whether mail is legit or not.

Authentication

SASL

TODO: This section will ref SASL notes once we create that page

make sure that you have the following modules installed, without them, everything will seem OK, but authentication may not work:

• cyrus-sasl
• cyrus-sasl-crammd5
• cyrus-sasl-digestmd5
• cyrus-sasl-plain
• cyrus-sasl-saslauthd

Protect Yourself against Spam

A subject deserving of of it's own section.