Postfix

From DikapediaV2
Revision as of 14:21, 11 September 2024 by Ardika Sulistija (talk | contribs) (Created page with "<b>Best Postfix Documentation</b>: http://www.postfix.org/BASIC_CONFIGURATION_README.html <b>postfix</b> - Postfix control program The postfix(1) command controls the operation of the Postfix mail system. To submit mail, use the Postfix sendmail(1) command. Postfix has several hundred configuration parameters that are controlled via the <b>main.cf</b> file. Fortunately, all parameters have sensible default values. <u>In many cases, you need to configure only two or t...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Best Postfix Documentation: http://www.postfix.org/BASIC_CONFIGURATION_README.html


postfix - Postfix control program

The postfix(1) command controls the operation of the Postfix mail system. To submit mail, use the Postfix sendmail(1) command.

Postfix has several hundred configuration parameters that are controlled via the main.cf file. Fortunately, all parameters have sensible default values. In many cases, you need to configure only two or three parameters before you can start to play with the mail system.


Postfix Configuration Files


By default, Postfix configuration files are in /etc/postfix. The two most important files are main.cf and master.cf;


In /etc/postfix/main.cf you will have to set up a minimal number of configuration parameters. Postfix configuration parameters resemble shell variables, with two important differences: the first one is that Postfix does not know about quotes like the UNIX shell does.


You specify a configuration parameter as:

/etc/postfix/main.cf:

parameter = value

and you use it by putting a "$" character in front of its name:

other_parameter = $parameter


Whenever you make a change to the main.cf or master.cf file, execute the following command as root in order to refresh a running mail system:

$ postfix reload # or
$ systemctl restart postfix


Learn more here: Best Postfix Documentation: http://www.postfix.org/BASIC_CONFIGURATION_README.html


What Domain Name to use in Outbound Mail



The myorigin parameter specifies the domain that appears in mail that is posted on this machine. The default is to use the local machine name, $myhostname, which defaults to the name of the machine. Unless you are running a really small site, you probably want to change that into $mydomain, which defaults to the parent domain of the machine name.


For the sake of consistency between sender and recipient addresses, myorigin also specifies the domain name that is appended to an unqualified recipient address.


Examples (specify only one of the following): /etc/postfix/main.cf:

myorigin = $myhostname (default: send mail as "user@$myhostname")
myorigin = $mydomain   (probably desirable: "user@$mydomain")


Learn more here: Best Postfix Documentation: http://www.postfix.org/BASIC_CONFIGURATION_README.html


What Domains to Receive Mail For



The mydestination parameter specifies what domains this machine will deliver locally, instead of forwarding to another machine. The default is to receive mail for the machine itself.

Example 1: default setting.

mydestination = $myhostname localhost.$mydomain localhost

Example 2: domain-wide mail server.

mydestination = $myhostname localhost.$mydomain localhost $mydomain

Example 3: host with multiple DNS A records.

 mydestination = $myhostname localhost.$mydomain localhost www.$mydomain ftp.$mydomain


Caution: in order to avoid mail delivery loops, you must list all hostnames of the machine, including $myhostname, and localhost.$mydomain.


Learn more here: Best Postfix Documentation: http://www.postfix.org/BASIC_CONFIGURATION_README.html



What Clients to Relay Mail From



By default, Postfix will forward mail from clients in authorized network blocks to any destination. Authorized networks are defined with the mynetworks configuration parameter. The current default is to authorize the local machine only. Prior to Postfix 3.0, the default was to authorize all clients in the IP subnetworks that the local machine is attached to.


IMPORTANT: If your machine is connected to a wide area network then the "mynetworks_style = host" setting may be too friendly.


Examples (specify only one of the following):

mynetworks_style = subnet  (not safe on a wide area network/default)
mynetworks_style = host    (authorize local machine only)

mynetworks = 127.0.0.0/8   (authorize local machine only)
mynetworks = 127.0.0.0/8 168.100.189.2/32 (authorize local machine) 
mynetworks = 127.0.0.0/8 168.100.189.2/28 (authorize local networks) 


You can specify the trusted networks in the main.cf file, or you can let Postfix do the work for you. The default is to let Postfix do the work. The result depends on the mynetworks_styl parameter value.


Specify "mynetworks_style = host" when Postfix should forward mail from only the local machine.


Specify "mynetworks_style = subnet" (the default) when Postfix should forward mail from SMTP clients in the same IP subnetworks as the local machine. On Linux, this works correctly only with interfaces specified with the "ifconfig" command.


Alternatively, you can specify the mynetworks list by hand, in which case Postfix ignores the mynetworks_style setting. To specify the list of trusted networks by hand, specify network blocks in CIDR (network/mask) notation, for example:

mynetworks = 168.100.189.0/28, 127.0.0.0/8
mynetworks = [CIDR/subnet of source instance]


You can also specify the absolute pathname of a pattern file instead of listing the patterns in the main.cf file.


Learn more here: Best Postfix Documentation: http://www.postfix.org/BASIC_CONFIGURATION_README.html



What Destinations to Relay Mail To



By default, Postfix will forward mail from strangers (clients outside authorized networks) to authorized remote destinations only. Authorized remote destinations are defined with the relay_domains configuration parameter. The default is to authorize all domains (and subdomains) of the domains listed with the mydestination parameter.

Examples (specify only one of the following):

   relay_domains = $mydestination (default)
   relay_domains =           (safe: never forward mail from strangers)
   relay_domains = $mydomain (forward mail to my domain and subdomains)


Learn more here: Best Postfix Documentation: http://www.postfix.org/BASIC_CONFIGURATION_README.html


What Delivery method: Direct or Indirect



By default, Postfix tries to deliver mail directly to the Internet.


Depending on your local conditions this may not be possible or desirable. For example, your system may be turned off outside office hours, it may be behind a firewall, or it may be connected via a provider who does not allow direct mail to the Internet.


In those cases you need to configure Postfix to deliver mail indirectly via a relay host.

Examples (specify only one of the following):

relayhost =                   (default: direct delivery to Internet)
relayhost = $mydomain         (deliver via local mailhub)
relayhost = [mail.$mydomain]  (deliver via local mailhub)
relayhost = [mail.isp.tld]    (deliver via provider mailhub)
relayhost = [ip of internal exchange server/destination]


The form enclosed with [] eliminates DNS MX lookups. Don't worry if you don't know what that means. Just be sure to specify the [] around the mailhub hostname that your ISP gave to you, otherwise mail may be mis-delivered.


Learn more here: Best Postfix Documentation: http://www.postfix.org/BASIC_CONFIGURATION_README.html


My Own Network Addresses



The inet_interfaces parameter specifies all network interface addresses that the Postfix system should listen on; mail addressed to "user@[network address]" will be delivered locally, as if it is addressed to a domain listed in $mydestination.


You can override the inet_interfaces setting in the Postfix master.cf file by prepending an IP address to a server name.


The default is to listen on all active interfaces. If you run mailers on virtual interfaces, you will have to specify what interfaces to listen on.

IMPORTANT: If you run MTAs on virtual interfaces you must specify explicit inet_interfaces values for the MTA that receives mail for the machine itself: this MTA should never listen on the virtual interfaces or you would have a mailer loop when a virtual MTA is down.

Example: default setting.

inet_interfaces = all

Example: host running one or more virtual mailers. For each Postfix instance, specify only one of the following.

inet_interfaces = virtual.host.tld         (virtual Postfix)
inet_interfaces = $myhostname localhost... (non-virtual Postfix)

Example: Loopback:

inet_interfaces = localhost


Note: you need to stop and start Postfix after changing this parameter.


Learn more here: Best Postfix Documentation: http://www.postfix.org/BASIC_CONFIGURATION_README.html


Postfix Logging



Log file: /var/log/maillog


To check

$ postfix check
$ egrep '(reject|warning|error|fatal|panic):' /some/log/file


Learn more here: Best Postfix Documentation: http://www.postfix.org/BASIC_CONFIGURATION_README.html



Work Experience



Configure Postfix Server to be a Relay server


6944138241

Source/Instance/Lambda ==> Postfix (instance) ==> Internal Exchange Server ==> Proofpoint ==> Destination.

In this scenario, the user's set up was that Postfix is supposed to essentially be a "pass-through" for emails coming from source, and forwards it to their internal exchange server, to send it to Proofpoint (proofpoint only accepts Office365 mail), and then Proofpoint sends the email out to the destination.


The error: Relay Access Denied.


Solution: 1. Modify the Postfix configuration file: /etc/postfix/main.cf

The inet_interfaces parameter specifies all network interface addresses that the Postfix system should listen on. If inet_interfaces = localhost, then when you run "$ netstat -tlpna" you will see loopback/localhost on the port (25).
inet_interfaces = all

2. By default, Postfix will forward mail from clients in authorized network blocks (subnets) to any destination. Authorized networks are defined with the mynetworks configuration parameter.

mynetworks = [source IP subnet]

3. By default, Postfix tries to deliver mail directly to the Internet. Depending on your local conditions this may not be possible or desirable. For example, your system may be turned off outside office hours, it may be behind a firewall, or it may be connected via a provider who does not allow direct mail to the Internet.

In those cases you need to configure Postfix to deliver mail indirectly via a relay host. Once we did this we were able to send mail from the Postfix server to the destination THROUGH the internal exchange server IP address.
relayhost = [internal exchange server Ip address]


Case summary/notes:

  • After I helped reconfigure Postfix, the Postfix instance is now able to send email out.
  • however, when another instance tried to send mail and use the Postfix instance as relay server to send email out, they were getting "Relay Access Denied" error.
  • Looking at the Postfix documentation[1], the parameter that control this behaviour is "mynetworks_style" and "mynetworks". By default, "mynetworks_style" is set to "subnet" meaning only instance from the same subnet as the Postfix instance would be able to relay through it.
  • To loosen this restriction, specify "mynetworks = 10.0.0.0/8" into the /etc/postfix/main.cf file. This successfully resolve the relay error and they were able to send email from the source instance.


How to fix Postfix/SMTP Network is unreachable error


Howto fix postfix/smtp Network is unreachable error https://www.e2enetworks.com/help/knowledge-base/howto-fix-postfixsmtp-network-is-unreachable-error/

How to configure: https://devops.ionos.com/tutorials/configure-a-postfix-relay-through-gmail-on-centos-7/ https://easyengine.io/tutorials/linux/ubuntu-postfix-gmail-smtp/


(SASL authentication failed; server smtp.gmail.com[108.177.15.109] said: 534-5.7.14 <https://accounts.google.com/signin/continue?sarp=1&scc=1&plt=AKgnsbt?534-5.7.14 3BdobI8Ya3TFPa14T3pnnT2erHQzE_1WGwWgWAG8-HEQ9JFf1IVe3CjwNLdjfz0mTq5RP?534-5.7.14 twD9wKNGruqcRmmN4Jai4ZijirtaVuicvrhntrsd4Q-1JYHA3SaChq-6kSMP_KPi>?534-5.7.14 Please log in via your web browser and then try again.?534-5.7.14 Learn more at?534 5.7.14 https://support.google.com/mail/answer/78754 s15sm56037482wrr.45 - gsmtp)

Fixes: https://support.google.com/mail/answer/7126229?visit_id=637196211510431921-874501428&rd=2#cantsignin
Per my experience, doing the "DisplayUnlockCaptcha" thing worked. https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-16-04 https://www.linux.com/training-tutorials/how-install-and-test-postfix-mail-server/ https://support.plesk.com/hc/en-us/articles/213914245-Mail-delivery-fails-Error-554-host-refused-to-talk-to-me http://www.techspacekh.com/configuring-postfix-to-relay-mail-to-local-exchange-mail-server-in-rhel-centos-7/