Postfix

postfix(1) is an SMTP mail transfer agent.

Installation

Most Linux and BSD distributions offer a postfix package.

For systemd-capable systems, start and enable postfix.service.

For BSD distributions, try:

postfix start

Containers

postfix(1) is designed to be launched from userspace, rather than being a binary that can be invoked in the foreground. However, a new start-fg subcommand was added in version 3.3.

Consider the following Dockerfile as a template.

FROM alpine:latest
RUN apk add --no-cache postfix
EXPOSE 25
CMD ["postfix", "start-fg"]

To publish this service on an interface like 10.0.0.1, try:

sudo docker build --tag postfix .
sudo docker run --detach --name my-postfix \
  --restart=always \
  --publish 10.0.0.1:25:25 \
  postfix

Usage

For unencrypted and unauthenticated connections, try a connection string like smtp+insecure+none://example.com:25.

When running a server that listens on port 465, with

Configuration

Before trying to configure Postfix, ensure that you understand the design of Postfix.

See also encryption and authentication.

Receiving Mail

Set myhostname and mydomain to the fully-qualified names. Set mydomains to the set of all 'trusted' networks. Set mydestination to the set of all domains that should be considered 'local'.

myhostname = www1.example.com
mydomain = example.com
mynetworks = 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
mydestination = $myhostname $mydomain www.$mydomain localhost localhost.localdomain

By default mail is only accepted...

• from clients in trusted networks ($mynetworks)

• from clients that authenticated with SASL

• for remote addresses matching $relay_domains

• for local addresses found in $mydestination (defaulting to $myhostname, localhost.$mydomain, and localhost)

To adjust restrictions, try configuring smtpd_relay_restrictions or (the older and less-preferred method) smtpd_recipient_restrictions.

Routing Mail

To route mail based on the recipient domain, try:

transport_maps = lmdb:/etc/postfix/transport

A transport(5) file (i.e. /etc/postfix/transport) looks like:

admin@localhost      relay:[smtp.gmail.com]:587
service1.example.com lmtp:unix:/path/to/service.sock
example.com          lmtp:0.0.0.0:24
.example.com         lmtp:0.0.0.0:24
localhost            local
.localdomain         local
*                    relay:[smtp.gmail.com]:587

The first part of each line is a pattern. The second part is an instruction:

• a local instruction attempts local delivery to the specified address

  • a bare local instruction expands to the local_transport setting, which itself defaults to local:$myhostname

• a lmtp instruction forwards mail to an LMTP server

• a smtp instruction forwards mail to an SMTP server

• a relay instruction causes mail to relayed

Bracketing an address prevents a MX record lookup; the A record alone is looked up and used naively. If even A record lookup should be skipped (i.e. for a name defined in the hosts file), additionally specify smtp_dns_support_level = disabled.

Domains prefixed with a dot (.) are a pattern for all subdomains. The example above captures localhost and *.localdomain for local delivery.

The asterisk (*) domain is a fallback route, used only if nothing else matches.

The matching happens in the hierarchical order shown above: by full address, then by full domain part, then by subdomain part, and finally the fallback.

Run postmap /etc/postfix/transport and a hashed file will be produced. If your postmap(1) does not use LMDB, replace the lmdb: with whatever algorithm was used.

Address Rewriting

See here.

Posting Mail

master(8) expects mail posted locally to use $myhostname as the sender's domain. To override this, set myorigin.

myorigin = $mydomain

Administration

Testing the service

Install mailx and send an empty email.

To test mail relay to external hosts, try:

mail -s 'Test Email' '[email protected]' </dev/null

Alternatively, try using telnet.

Reviewing the queue

Two useful administrative utilities exist for reviewing the mail queue: postqueue(1) and postcat(1).

To view the mail queue, try:

postqueue -p

This will display the queued messages, the senders and recipients, and a mail ID.

To force all queued mail to be sent now, run:

postqueue -f

To instead force a singular message to be send now, run:

postqueue -i MAILID

To instead inspect a message in the queue, try:

postcat -vq MAILID

See also

postfix(1)

Postfix project documentation

CategoryRicottone