= Postfix =

'''`postfix(1)`''' is an [[Email/SMTP|SMTP]] [[Email/MTA|mail transfer agent]].

<<TableOfContents>>

----



== Installation ==

Most [[Linux]] and [[BSD]] distributions offer a `postfix` package.

For `systemd`-capable systems, [[Linux/Systemd|start and enable]] `postfix.service`.

For BSD distributions, try:

{{{
postfix start
}}}



=== Containers ===

`postfix(1)` is designed to be launched from userspace, rather than being a binary that can be invoked in the foreground. However, a new `start-fg` subcommand was added in version 3.3.

Consider the following [[Docker/Dockerfile|Dockerfile]] as a template.

{{{
FROM alpine:latest
RUN apk add --no-cache postfix
EXPOSE 25
CMD ["postfix", "start-fg"]
}}}

To publish this service on an interface like 10.0.0.1, try:

{{{
sudo docker build --tag postfix .
sudo docker run --detach --name my-postfix \
  --restart=always \
  --publish 10.0.0.1:25:25 \
  postfix
}}}

----



== Usage ==

For unencrypted and unauthenticated connections, try a connection string like `smtp+insecure+none://example.com:25`.

----



== Configuration ==

Before trying to configure Postfix, ensure that you understand the [[Postfix/Design|design]] of Postfix.

See also [[Postfix/Encryption|encryption]] and [[Postfix/Authentication|authentication]].



=== Receiving Mail ===

Set `myhostname` and `mydomain` to the fully-qualified names. Set `mydomains` to the set of all 'trusted' networks. Set `mydestination` to the set of all domains that should be considered 'local'.

{{{
myhostname = www1.example.com
mydomain = example.com
mynetworks = 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
mydestination = $myhostname $mydomain www.$mydomain localhost localhost.localdomain
}}}

By default mail is only accepted...

 * from clients in trusted networks (`$mynetworks`)
 * from clients that authenticated with SASL
 * for remote addresses matching `$relay_domains`
 * for local addresses found in `$mydestination` (defaulting to `$myhostname`, `localhost.$mydomain`, and `localhost`)

To adjust restrictions, try configuring `smtpd_relay_restrictions` or (the older and less-preferred method) `smtpd_recipient_restrictions`.



=== Routing Mail ===

To route mail based on the recipient domain, try:

{{{
transport_maps = lmdb:/etc/postfix/transport
}}}

A `transport(5)` file (i.e. `/etc/postfix/transport`) looks like:

{{{
admin@localhost      relay:[smtp.gmail.com]:587
service1.example.com lmtp:unix:/path/to/service.sock
example.com          lmtp:0.0.0.0:24
.example.com         lmtp:0.0.0.0:24
localhost            local
.localdomain         local
*                    relay:[smtp.gmail.com]:587
}}}

The first part of each line is a pattern. The second part is an instruction:

 * a `local` instruction attempts [[Postfix/LocalDelivery|local delivery]] to the specified address
   * a bare `local` instruction expands to the `local_transport` setting, which itself defaults to `local:$myhostname`
 * a `lmtp` instruction forwards mail to an [[Email/LMTP|LMTP]] server
 * a `smtp` instruction forwards mail to an [[Email/SMTP|SMTP]] server
 * a `relay` instruction causes mail to [[Postfix/Relaying|relayed]]

Bracketing an address prevents a [[Protocols/DNS#Records|MX record]] lookup; the [[Protocols/DNS#Records|A record]] alone is looked up and used naively. If even A record lookup should be skipped (i.e. for a name defined in the [[Linux/Hosts|hosts file]]), additionally specify `smtp_dns_support_level = disabled`.

Domains prefixed with a dot (`.`) are a pattern for all subdomains. The example above captures `localhost` and `*.localdomain` for local delivery.

The asterisk (`*`) domain is a fallback route, used only if nothing else matches.

The matching happens in the hierarchical order shown above: by full address, then by full domain part, then by subdomain part, and finally the fallback.

Run `postmap /etc/postfix/transport` and a hashed file will be produced. If your `postmap(1)` does not use LMDB, replace the `lmdb:` with whatever algorithm ''was'' used.



=== Address Rewriting ===

See [[Postfix/Rewriting|here]].



=== Posting Mail ===

`master(8)` expects mail posted locally to use `$myhostname` as the sender's domain. To override this, set `myorigin`.

{{{
myorigin = $mydomain
}}}

----



== Administration ==



=== Testing the service ===

Install `mailx` and send an empty email.

To test mail relay to external hosts, try:

{{{
mail -s 'Test Email' 'user@example.com' </dev/null
}}}

Alternatively, try using [[Telnet|telnet]].



=== Reviewing the queue ===

Two useful administrative utilities exist for reviewing the mail queue: `postqueue(1)` and `postcat(1)`.

To view the mail queue, try:

{{{
postqueue -p
}}}

This will display the queued messages, the senders and recipients, and a mail ID.

To force all queued mail to be sent now, run:

{{{
postqueue -f
}}}

To instead force a singular message to be send now, run:

{{{
postqueue -i MAILID
}}}

To instead inspect a message in the queue, try:

{{{
postcat -vq MAILID
}}}

----



== See also ==

[[https://man.archlinux.org/man/postfix.1|postfix(1)]]

[[https://www.postfix.org/documentation.html|Postfix project documentation]]



----
CategoryRicottone