Postfix Mail Server with catch all E-Mails
Posted by Shahid Installing a mail server, using Postfix, that is based on virtual users and domains.
Introduction
Postfix has several hundred configuration parameters that are controlled via the etc’/postfix/main.cf’ file. Fortunately, they have sensible default values. In most cases, you need to configure only two or three parameters before you can use the Postfix mail system:
Step 1. Installing Postfix Mail Server
$ apt-get install postfix postfix-mysql
POSTFIX Default settings:
There is 3 main files that need to get your attention:
- /etc/mailname : the visible mail name of the system
- /etc/aliases : Postfix local alias database format
- /etc/postfix/main.cf : Postfix configuration parameters
Step 2. Edit the following files
etc/mailname : This is where you set the domain name of the system, has seen by the other. It needs, in most cases, to look like a real domain name, otherwise, the next smtp server on the road might refuse the mails originating from your machine.
In this example, I choose debuntu.local.
/etc/aliases :
The place you define aliases. For instance, it is quite good to redirect all mail to root to your normal user.
Add
# Added by installer for initial user
root: myuser
From now on, you will be able to get system notice using mutt with your myuser user.
/etc/postfix/main.cf :
A sample main.cf file
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA’s job.
append_dot_mydomain = no
# Uncomment the next line to generate “delayed mail” warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, foo.com, localhost.localdomain, localhost
relayhost = foo.com
relay_domains = foo.com
mynetworks_style = subnet
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_alias_maps = hash:/etc/postfix/virtual
What domain to use in outbound mail
The myorigin parameter specifies the domain that appears in mail that is posted on this machine.
- Examples:
- myorigin = $myhostname (default)
- myorigin = $mydomain (probably desirable)
What domains to receive mail for
The mydestination parameter specifies what domains this machine will deliver locally, instead of forwarding to another machine. The default is to receive mail for the machine itself.
You can specify zero or more domain names, /file/name patterns and/or type:name lookup tables, separated by whitespace and/or commas. A /file/name is replaced by its contents; type:name requests that a table lookup is done.
If your machine is a mail server for its entire domain, you must list $mydomain as well.
Examples:
- Default setting:
- mydestination = $myhostname localhost.$mydomain
- Domain-wide mail server:
- mydestination = $myhostname localhost.$mydomain $mydomain
- Host with multiple DNS A records:
- mydestination = $myhostname localhost.$mydomain www.$mydomain ftp.$mydomain
What clients to relay mail for
By default, Postfix will relay mail for clients in authorized networks.
Authorized client networks are defined by the mynetworks parameter. The default is to authorize all clients in the IP subnetworks that the local machine is attached to.
My own hostname
The myhostname parameter describes the fully-qualified domain name of the machine running the Postfix system. $myhostname appears as the default value in many other Postfix configuration parameters.
By default, myhostname is set to the local machine name. If your machine name is not in fully-qualified domain name form, or if you run Postfix on a virtual interface, you will have to specify the fully-qualified domain name that the mail system should use.
- Examples:
- myhostname = host.local.domain (local hostname is not FQDN)
- myhostname = host.virtual.domain (virtual interface)
- myhostname = virtual.domain (virtual interface)
My own domain name
The mydomain parameter specifies the parent domain of $myhostname. By default it is derived from $myhostname by stripping off the first part (unless the result would be a top-level domain).
- Examples:
- mydomain = local.domain
- mydomain = virtual.domain (virtual interface)
My own networks
The mynetworks parameter lists all networks that this machine somehow trusts. This information can be used by the anti-UCE features to recognize trusted SMTP clients that are allowed to relay mail through Postfix.
You can specify the list of trusted networks in the main.cf file, or you can let Postfix deduce the list for you. The default is to let Postfix do the work for you.
- Default:
- mynetworks_style = subnet
- The meaning of the styles is as follows:
- class
- Trust SMTP clients in the class A/B/C networks that Postfix is connected to. Don’t do this with a dialup site – it would cause Postfix to “trust” your entire provider’s network. Instead, specify an explicit mynetworks list by hand, as described below.
- subnet (default)
- Trust SMTP clients in the IP subnetworks that Postfix is connected to.
- host
- Trust only the local machine.
Alternatively, you can specify the mynetworks list by hand, in which case Postfix ignores the mynetworks_style setting. To specify the list of trusted networks by hand, specify network blocks in CIDR (network/mask) notation, for example:
- mynetworks = 168.100.189.0/28, 127.0.0.0/8
You can also specify the absolute pathname of a pattern file instead of listing the patterns in the main.cf file.
The inet_interfaces parameter specifies all network interface addresses that the Postfix system should listen on; mail addressed to user@[network address] will be delivered locally, as if it is addressed to a domain listed in $mydestination.
The default is to listen on all active interfaces. If you run mailers on virtual interfaces, you will have to specify what interfaces to listen on.
You even have to specify explicit machine interfaces for the non-virtual mailer that receives mail for the machine itself: the non-virtual mailer should never listen on the virtual interfaces or you would have a mailer loop.
- Examples:
- Default:
- inet_interfaces = all
- Host running virtual mailers:
- inet_interfaces = virtual.host.tld (virtual domain)
- inet_interfaces = $myhostname localhost.$mydomain (non-virtual mailer)
What delivery method: direct or indirect
By default, Postfix tries to deliver mail directly to the Internet. Depending on your local conditions this may not be possible or desirable. For example, your system may be turned off outside office hours, it may be behind a firewall, or it may be connected via a provider who does not allow direct mail to the Internet. In those cases you need to configure Postfix to deliver mail indirectly via a relay host.
Examples (specify only one of the following):
/etc/postfix/main.cf
relayhost = (default: direct delivery to Internet)
relayhost = $mydomain (deliver via local mailhub)
relayhost = [mail.$mydomain] (deliver via local mailhub)
relayhost = [mail.isp.tld] (deliver via provider mailhub)
The form enclosed with [] eliminates DNS MX lookups. Don’t worry if you don’t know what that means.
What destinations to relay mail to
By default, Postfix will forward mail from strangers (clients outside authorized networks) to authorized remote destinations only. Authorized remote destinations are defined with the relay_domains configuration parameter. The default is to authorize all domains (and subdomains) of the domains listed with the mydestination parameter.
Examples (specify only one of the following):
/etc/postfix/main.cf:
relay_domains = $mydestination (default)
relay_domains = (safe: never forward mail from strangers)
relay_domains = $mydomain (forward mail to my domain and subdomains)
Virtual Alias Domain
The place we are going to make a few changes. Let’s say I want to be able to relay mail sent to user at mydomain.org to my personnal adress chantra@foo.bar.
In the first place I need to define a virtual alias domain.
Add
virtual_alias_domains = mydomain.org
Then, we need to tell postfix where the alias database is:
virtual_alias_maps = hash:/etc/postfix/virtual
Step 3. Create New File virtual
Adding those 2 lines is sufficient to make your box treat the mail sent to debuntu.org. Now, we need to tell postfix what to do with the mails.
Create and Edit the file /etc/postfix/virtual and add:
chantra@mydomain.org chantra@foobar.org
localuser@mydomain.org myuser
@mydomain.org catch-all@foobar.org
At the first line, we say that we want all the mail to chantra@mydomain.org to be forwarded to chantra@foobar.org.
On the second line we tell postfix to deliver the mails to localuser@mydomain.org to the Unix user myuser.
On line 3, we define a catch-all adress which will forward any mails to mail account to the mail account catch-all@foobar.org
Step 4. Generating .db file
Now we need to regenerate the aliases database as well as the virtual mail aliases database. To do so, execute the following commands:
root@laptop:~#newaliases
root@laptop:~#postmap /etc/postfix/virtual
Step 5. Setting fully qualified domin name (eg: example.com)
Add the fully qualifed domin name to the file /etc/mailname
$ vi /etc/mailname
Step 6. Restart Postfix
And restart postfix:
root@laptop:~#/etc/init.d/postfix restart
