Linux Mail Server Setup and Howto Guide » Postfix

Backup Incoming Mail in Postfix

consultant — Sun, 13 Dec 2009 03:59:27 +0000

This article will show you how to copy incoming mail to another mail server using the blind carbon copy (BCC) feature in Postfix. This capability is useful for backup, archive or disaster recovery purposes.

1. Edit the file /etc/postfix/main.cf and add the lines below.

recipient_bcc_maps = pcre:/etc/postfix/backup_bcc.pcre
transport_maps = hash:/etc/postfix/transport
smtp_generic_maps = pcre:/etc/postfix/generic.pcre

2. Create the file /etc/postfix/backup_bcc.pcre containing

/^(.*)@acme\.local$/ $1@backup.invalid

which tells Postfix to BCC emails to the domain backup.invalid.

Email for	BCC to
johndoe@acme.local	johndoe@backup.invalid
janedoe@acme.local	janedoe@backup.invalid

3. Edit the file /etc/postfix/transport and add the line below.

backup.invalid smtp:[192.168.1.4]

Replace the IP address with the IP address of your backup mail server.

Next, type in the command below to convert it to a database file.

postmap /etc/postfix/transport

This tells Postfix to send all emails for the domain backup.invalid to the specified mail server.

4. Create the file /etc/postfix/generic.pcre containing

/^(.*)@backup\.invalid$/ $1@acme.local

which tells Postfix to change the email address back to the original recipient before sending it out.

BCC to	Email for
johndoe@backup.invalid	johndoe@acme.local
janedoe@backup.invalid	janedoe@acme.local

5. Restart the Postfix or MailScanner service if you have installed it. Learn how to start and stop services here.

The destination Postfix server can be configured to accept emails without validating the recipient.

If you encounter any problems, check the log file at /var/log/maillog.

Postfix Backup MX

consultant — Sat, 14 Nov 2009 15:42:49 +0000

Postfix can be configured to act as a backup mail server. A backup MX server accepts mail if the primary mail server goes down and will forward all mails in its queue if the primary mail server goes back online.

This article describes how to configure Postfix to act as a backup MX server.

Configuring Postfix

1. Edit the file /etc/postfix/main.cf and update the lines below.

mynetworks = 127.0.0.0/8
relay_domains = $mydestination acme.local
smtpd_recipient_restrictions = permit_mynetworks, 
    reject_unauth_destination
transport_maps = hash:/etc/postfix/transport

Replace acme.local with your own domain name.

2. Edit the file /etc/postfix/transport and add the line below.

acme.local :[192.168.3.1]

Replace acme.local with your own domain name and 192.168.3.1 with the hostname or IP address of your primary mail server.

3. Type the line command below to create a transport database file.

postmap /etc/postfix/transport

4. Restart the Postfix or MailScanner service if you have installed it. Learn how to start and stop services here.

5. You should now be able to send mails to your backup mail server and those mails will be automatically forwarded to your primary mail server. See Test Postfix using Telnet.

Backup MX Notes

It is easy to setup a backup mail server but you also need to consider the items below.

Add DNS MX Record. In order for your backup mail server to be identified over the internet, you need to add a lower priority DNS MX record. A higher number means lower priority.

Domain TTL Priority Mail Server Name

acme.local 86400 10 mail.acme.local

acme.local 86400 20 mail2.acme.local
Add Antivirus and Antispam Filtering. Make sure to have the same or better virus and spam protection in your backup mail server as you have in your primary mail server. Otherwise, viruses and spams will be entering your inbox through the backdoor.
Verify Recipient. If possible, you also need to apply the same recipient verification method you used in your primary mail server. This will allow your backup mail server to reject all invalid recipient address instead of having the primary mail server bounce the forwarded emails with invalid recipients. Use the relay_recipient_maps setting in /etc/postfix/main.cf to specify the valid recipients.
Relay Only. In your /etc/postfix/main.cf, make sure the relay domain is not found in mydestination, virtual_alias_domains and virtual_mailbox_domains. Otherwise, the backup mail server will not forward emails to the primary mail server and will instead store it into its own mailbox.
Use IP Address. By specifying the hostname or IP address in the transport file, the DNS MX lookup can be eliminated. Specifying the IP address will be even better since this will eliminate the need for any DNS lookup. It will also avoid relay loopback problems if you are using port forwarding in your backup mail server.
Flush Mail Queue. You can force Postfix to immediately send all the mail in its queue by typing in the command below. This useful after bringing the primary mail server back online to eliminate the waiting period for the backup mail server to resend mails in its queue.
```
postfix flush
```

Domain	TTL	Priority	Mail Server Name
acme.local	86400	10	mail.acme.local
acme.local	86400	20	mail2.acme.local

Postfix Vacation Autoresponder

consultant — Sat, 11 Jul 2009 10:54:08 +0000

This article describes how to configure a vacation autoresponder in Postfix mail server so email senders can be informed when the recipient is not available.

Installing the Vacation Perl Script

1. Install Postfix Admin. We are not going to actually use Postfix Admin, we are just going to leverage its excellent vacation message infrastructure. You can skip this part if you are actually using Postfix Admin to manage your Postfix mail server.

2. Add the RPMforge repository. The RPMforge repository is needed to install the required modules for the vacation.pl script.

3. Type in the command below to install the required Perl modules.

yum install perl-MIME-EncWords perl-MIME-Charset
   perl-Email-Valid perl-Mail-Sendmail

4. Create a new user named vacation. Change the Login Shell to /sbin/nologin, this user account should not be used for logging in. Learn how to use the User Manager application here.

5. Type in the commands below to copy vacation.pl to the vacation user home directory.

cd /home/vacation
wget www.linuxmail.info/files/vacation.pl
chown vacation:vacation vacation.pl
chmod 700 vacation.pl

6. Type in the command below to test vacation.pl. No error should appear.

./vacation.pl

Configuring Postfix

1. Edit the file /etc/postfix/transport and add the line below.

vacation.invalid vacation:

Next, type in the command below to convert it to a database file.

postmap /etc/postfix/transport

2. Edit the file /etc/postfix/master.cf and add the line below.

vacation unix - n n - - pipe flags=Rq user=vacation
   argv=/home/vacation/vacation.pl ${recipient} ${original_recipient}

${original_recipient} requires at least Postfix 2.5 but you can remove it if you prefer not to upgrade. It enables vacation.pl to work with aliases like in the example below.

Email (original recipient)	Forwards to (recipient)
john@acme.local	johndoe@acme.local
jane@acme.local	janedoe@acme.local

3. Create the file /etc/postfix/mysql-aliases.cf containing the lines below.

host = localhost
user = postfix
password = your_password
dbname = postfix
table = alias
select_field = goto
where_field = address
additional_conditions = and active = '1'

user, password, dbname should match your PostfixAdmin settings.

4. Edit the file /etc/postfix/main.cf and add the lines below.

virtual_alias_maps = mysql:/etc/postfix/mysql-aliases.cf
transport_maps = hash:/etc/postfix/transport

If you already have an existing virtual_alias_maps, add the mysql-aliases into the end like the one below.

virtual_alias_maps = ldap:/etc/postfix/ldap-groups.cf,
  mysql:/etc/postfix/mysql-aliases.cf

If adding the vacation domain conflicts with your existing virtual_alias_maps, use recipient_bcc_maps instead and replace /etc/postfix/mysql-aliases.cf with the lines below.

host = localhost
user = postfix
password = your_password
dbname = postfix
table = vacation
select_field = email
where_field = email
additional_conditions = and active = '1'
result_format = %u@vacation.invalid

5. Restart the Postfix or MailScanner service if you have installed it. Learn how to start and stop services here.

6. Send an email to test@vacation.invalid. You should get an automated reply.

Configuring the Vacation Perl Script

1. Create the file /home/vacation/vacation.conf containing the lines below.

$db_username = 'postfix';
$db_password = 'secret';
$db_name     = 'postfix';
$test_mode   = 0;
1;

$db_username, $db_password, $db_name should match your PostfixAdmin settings.

2. Install the SquirrelMail Postfix Admin Plugin and set a vacation message and to a user.

3. Verify your vacation setting by typing the command below.

postmap -q johndoe@acme.local mysql:/etc/postfix/mysql-aliases.cf

Replace johndoe@acme.local with the email address where you have configured a vacation message. The output should contain an email address for the vacation.invalid domain.

4. Send an email to the user with a vacation message. You should receive an automatic reply.

If you encounter any problems, check the log file at /var/log/maillog.

Handling Multiple Domains with Postfix Admin in RHEL/CentOS 5

consultant — Sun, 22 Feb 2009 16:42:05 +0000

This article will show you how to configure Postfix and Dovecot to handle multiple domains stored in MySQL. Postfix Admin is used to manage the domains, mailboxes and aliases in MySQL. See How to Install Postfix Admin to setup the MySQL database that will be used by Postfix and Dovecot.

Creating the Virtual Mail User Account

Since the user names will be stored in MySQL, we will have to create a user that will be the owner for all the files belonging to the MySQL user names.

1. Create a new user, we will call it vmail. Change the Login Shell to /sbin/nologin, this user account should not be used for logging in. Learn how to use the User Manager application here.

2. Take note of the User ID and Home Directory of vmail.

3. Click the Groups tab and now note down the Group ID of vmail. We’ll be needing all of them later.

Configuring Postfix

1. Install a version of Postfix with MySQL support.

2. Create the file /etc/postfix/mysql-domains.cf containing the lines below.

host = localhost
user = postfix
password = your_password
dbname = postfix
table = domain
select_field = domain
where_field = domain
additional_conditions = and backupmx = '0' and active = '1'

3. Test /etc/postfix/mysql-domains.cf using the command below.

postmap -q acme.com mysql:/etc/postfix/mysql-domains.cf

Replace acme.com with your own domain name. It should echo your domain.

4. Create the file /etc/postfix/mysql-users.cf containing the lines below.

host = localhost
user = postfix
password = your_password
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
additional_conditions = and active = '1'
result_format = %sMaildir/

5. Test /etc/postfix/mysql-users.cf using the command below.

postmap -q johndoe@acme.com mysql:/etc/postfix/mysql-users.cf

Replace johndoe@acme.com with your own email address. You should see the mailbox path.

6. Create the file /etc/postfix/mysql-aliases.cf containing the lines below.

host = localhost
user = postfix
password = your_password
dbname = postfix
table = alias
select_field = goto
where_field = address
additional_conditions = and active = '1'

7. Test /etc/postfix/mysql-aliases.cf using the command below.

postmap -q john@acme.com mysql:/etc/postfix/mysql-aliases.cf

Replace john@acme.com with your own alias address. You should see the destination email.

8. Edit the postfix configuration file /etc/postfix/main.cf and edit the line below.

mydestination = $myhostname, localhost.$mydomain, localhost

and add the lines below

virtual_mailbox_domains = mysql:/etc/postfix/mysql-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-users.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-aliases.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:501
virtual_gid_maps = static:501

virtual_mailbox_base, virtual_uid_maps and virtual_gid_maps should contain the home directory, user id and group id of vmail respectively.

Make sure $mydomain in mydestination has been removed, otherwise the lookup will not work and you will get a “User unknown in local recipient table” error.

9. Restart the Postfix or MailScanner service if you have installed it. Learn how to start and stop services here.

10. You should now be able to send email to addresses found in MySQL. See Test Postfix using Telnet and try using MySQL email addresses instead of the system user names.

Configuring Dovecot

1. Create the file /etc/dovecot-mysql.conf containing the lines below.

driver = mysql
connect = host=localhost dbname=postfix user=postfix password=password
default_pass_scheme = PLAIN
password_query = SELECT password FROM mailbox WHERE username = '%u'

2. Edit the file /etc/dovecot.conf and change the value of the following keys below.

auth_username_format = %Lu

passdb sql {
  args = /etc/dovecot-mysql.conf
}

userdb static {
  args = uid=501 gid=501 home=/home/vmail/%d/%n
}

uid, gid and home should contain the user id, group id and home directory respectively of the vmail user account.

Comment out all the other passdb and userdb sections except for those specified above to ensure that nothing will conflict with our MySQL virtual accounts.

3. Restart the dovecot service. Learn how to start and stop services here.

4. You should now be able to login using the user names found in MySQL. See Test Dovecot using Telnet and try using MySQL user names instead of the system user names.

If you encounter any problems, check the log file at /var/log/maillog.

How to Install Postfix Admin in RHEL/CentOS 5

consultant — Sun, 22 Feb 2009 16:38:42 +0000

Postfix Admin is a web based interface used to manage mailboxes, virtual domains and aliases. This article will show you how to install Postfix Admin to simplify management of mailboxes, domains and aliases.

Installing Postfix Admin

1. Install the Postfix Admin requirements using the command below.

yum install mysql-server php-mysql php-imap

2. Download the latest stable version of Postfix Admin in .tar.gz format here. Assuming you got the file postfixadmin-2.2.1.1.tar.gz and it is located on your Desktop, type in the commands below to extract and to put it into its proper directory.

cd /usr/share
tar -xvzf ~/Desktop/postfixadmin-2.2.1.1.tar.gz
mv postfixadmin-2.2.1.1 postfixadmin

The PostfixAdmin archive has to be extracted directly into the /usr/share directory to enable Linux to apply the proper SELinux Context into the files.

3. Edit the file /usr/share/postfixadmin/config.inc.php and update the following lines below.

$CONF['configured'] = true;
$CONF['postfix_admin_url'] = '/postfixadmin';
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix';
$CONF['database_password'] = 'your_password';
$CONF['database_name'] = 'postfix';
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';
$CONF['encrypt'] = 'cleartext';
$CONF['emailcheck_resolve_domain] = 'NO';

Creating the Postfix Admin Database

1. Start the mysqld service. Learn how to start and stop services here.

2. Launch the MySQL command line tool using the command below.

mysql -u root -p

The default root password of MySQL is a blank password. Next, create a new MySQL database for Postfix Admin using the commands below.

mysql> CREATE DATABASE postfix;
mysql> CREATE USER postfix@localhost IDENTIFIED BY 'your_password';
mysql> GRANT ALL PRIVILEGES ON postfix.* TO postfix;

Configuring the Postfix Admin Web Application

1. Create the file /etc/httpd/conf.d/postfixadmin.conf containing the line below.

Alias /postfixadmin /usr/share/postfixadmin

2. Start or restart the httpd service. Learn how to start and stop services here.

3. Go to the Postfix Admin setup page at http://localhost/postfixadmin/setup.php and fill in the setup password. Next, click the Generate password hash.

4. Get the generated setup password hash and put it into the file /usr/share/postfixadmin/config.inc.php. Next, fill in the Setup password, Admin and Password and Password (again). Finally, click Add Admin to create a new admin account.

5. Go to the Postfix Admin login page at http://localhost/postfixadmin/ and login using your newly created admin account.

6. Congratulations, it works.

If you encounter any problems, check the log file at /var/log/httpd/error_log.

Postfix with MySQL in RHEL/CentOS 5

consultant — Tue, 06 Jan 2009 22:54:56 +0000

The version of Postfix that comes with Red Hat Enterprise Linux 5 or CentOS 5 does not support MySQL lookups. You can build your own custom Postfix RPM or get a prebuilt RPM from the CentOS Plus repository. You can use the CentOS repository in RHEL since CentOS is binary compatible with RHEL. This article describes how to install Postfix with MySQL lookup table support from the CentOS Plus repository.

1. Edit the file /etc/yum.repos.d/CentOS-Base.repo or its equivalent in RHEL and edit the lines below.

[base]
exclude=postfix

[update]
exclude=postfix

[centosplus]
enabled=1
includepkgs=postfix

If you are using RHEL, add the lines below under the centosplus section.

name=CentOS-$releasever - Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5

2. Type yum remove postfix in a terminal window to remove the standard version of Postfix.

3. Type yum install postfix to install the version of Postfix found in the CentOS Plus repository.

4. To verify MySQL support, type postconf -m and check if mysql is found in the output.

Bypass Postfix SMTP Authentication Based on IP Address

consultant — Sun, 19 Oct 2008 14:17:20 +0000

SMTP Authentication prevents unauthorized user from sending out spam mails. But some applications do not support SMTP Authentication. Example of these are web applications with mail sending features (Microsoft Office Sharepoint Server, PHP based applications, etc).

One solution to this problem is to bypass SMTP authentication for certain IP addresses. This article will show you how to configure Postfix to allow outbound mail without requiring authentication for authorized IP addresses.

1. Edit the file /etc/postfix/main.cf and add the authorized IP addresses into mynetworks.

2. Check the value of smtpd_recipient_restrictions to make sure that permit_mynetworks is the first value to ensure that nothing will prevent it from being restricted.

3. Restart the Postfix service or the MailScanner service if you have integrated MailScanner into Postfix.

4. Test Postfix by sending from the authorized IP address to an email address outside your domain.

Postfix Howtos

consultant — Sun, 20 Apr 2008 13:58:17 +0000

These are the collection of Postfix howtos available on this site.

General Information

Postfix with SMTP Authentication

SASL

Others

Bypass Postfix SMTP Authentication for authorized IP addresses

Postfix with Antispam/Antivirus

Postfix Virtual User Accounts

Postfix and Active Directory

User Accounts

Others

Postfix Quota

consultant — Sun, 20 Apr 2008 06:30:20 +0000

Postfix does not support mailbox quota. But thanks to Anderson Nadal’s Postfix Virtual Delivery Agent (VDA) patches, it can. To use the Postfix VDA requires two things, first Postfix must be built with the VDA patches and second, virtual user accounts must be used. You can get the Postfix RPM with VDA patches here.

If you have installed Postfix with VDA and your Postfix is configured for virtual user accounts, you can proceed to Configure Postfix VDA section.

Create the Virtual Mail User Account

1. Create a new user, we will call it vmail. Change the Login Shell to /sbin/nologin, this user account should not be used for logging in. Learn how to use the User Manager application here.

2. Take note of the User ID and Home Directory of vmail.

3. Click the Groups tab and now note down the Group ID of vmail. We’ll be needing all of them later.

Configure Postfix for Virtual User Accounts

1. Edit the postfix configuration file /etc/postfix/main.cf and edit the line below

mydestination = $myhostname, localhost.$mydomain, localhost

and add the lines below

virtual_mailbox_domains = $mydomain
virtual_mailbox_base = /home/vmail/
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_uid_maps = static:501
virtual_gid_maps = static:501

virtual_mailbox_base, virtual_uid_maps and virtual_gid_maps should contain the home directory, user id and group id of vmail respectively.

2. Create the file /etc/postfix/vmailbox containing the mapping from an email address to a mailbox path relative to virtual_mailbox_base. See the example below.

johndoe@acme.local johndoe/Maildir/
janedoe@acme.local janedoe/Maildir/

You can generate the vmailbox file automatically by executing

getent passwd | grep /bin/bash | sed 's/\([^:]*\):.*/\1@acme.local \1\/Maildir\//' > /etc/postfix/vmailbox

After creating this file, execute postmap /etc/postfix/vmailbox. This will generate /etc/postfix/vmailbox.db, the actual file that will be used for the lookup.

3. Restart the Postfix or MailScanner service if you have installed MailScanner. Learn how to start and stop services here.

4. Try sending an email. See Test Postfix using Telnet. New mails should now be stored under the path specified in virtual_mailbox_base.

Configure Dovecot Virtual User Accounts

1. Edit the file /etc/dovecot.conf and change the value of the following keys below

userdb static {
  args = uid=501 gid=501 home=/home/vmail/%u
}

uid, gid and home should contain the user id, group id and home directory respectively of the vmail user account.

You should also comment out the userdb passwd section, otherwise it will override the values in userdb static above.

2. Restart the dovecot service. Learn how to start and stop services here.

3. Test Dovecot using Telnet. You should be able to read the recently sent mail which was stored in a new location.

Configure Postfix VDA

1. Edit the postfix configuration file /etc/postfix/main.cf and add the lines below

virtual_mailbox_limit_override = yes
virtual_mailbox_limit_maps = hash:/etc/postfix/vquota

2. Create the file /etc/postfix/vquota containing the mapping from an email address to the maximum mailbox quota in bytes. If you wish to be exact, 1KB equals 1024 bytes while 1MB equals 1024KB or 1048576 bytes.

johndoe@acme.local 10485760
janedoe@acme.local 2097152

John Doe got a 10MB quota while Jane Doe got 2MB.

After creating this file, execute postmap /etc/postfix/vquota. This will generate /etc/postfix/vquota.db, the actual file that will be used for the lookup.

If you use Active Directory as your Postfix virtual user accounts source, you can use the maxStorage attribute instead to store the quota. Just copy your ldap-users.cf configuration and save it as ldap-quota.cf. Next change samaccountname to maxstorage in the result_attribute line and remove the result_format line. In your main.cf, use ldap:/etc/postfix/ldap-quota.cf as your virtual_mailbox_limit_maps. In Windows, you can use ADSI Edit to access and modify the value of maxStorage.

3. Restart the Postfix or MailScanner service if you have installed MailScanner. Learn how to start and stop services here.

4. Test Postfix using Telnet. Try using a very small quota limit so you can test the quota feature.

Postfix Aliases and Mailing List

consultant — Tue, 15 Apr 2008 02:04:42 +0000

You can create a text file in Postfix containing an alias email and several destination emails. There are two ways to implement aliasing and mailing list in Postfix depending on how it is configured.

For System Accounts

Your Postfix is configured to use system accounts if your configuration file has something like

mydestination = $mydomain

or sending to a non-existent account gives the error message

Recipient address rejected: User unknown in local recipient table

1. Edit the file /etc/aliases. The file has the form

alias: address1,address2

If address has the same domain as yours, you can leave it out. Thus you can use the /etc/aliases file to alias an email address or to build a mailing list.

2. Type in the command newaliases in a terminal window. This will rebuild the aliases database file.

For Virtual Accounts

Your Postfix is configured to use virtual accounts if your configuration file has something like

virtual_mailbox_domains = $mydomain

or sending to a non-existent account gives the error message

Recipient address rejected: User unknown in virtual mailbox table

1. Edit the file /etc/aliases. The file has the form

alias address1,address2

2. Generate the database file for valias using the command

postmap /etc/postfix/valias

3. Test your database file using the command

postmap -q group@acme.local /etc/postfix/valias

Replace group@acme.local with a valid alias entry. You should see the destination emails.

4. Edit the file /etc/postfix/main.cf and add the line below to your virtual settings section

virtual_alias_maps = hash:/etc/postfix/valias

If you are using virtual accounts, instead of maintaining a text file containing the aliases and mailing list, it would be better if you can work with your virtual accounts source. See the links below for examples

To Test Postfix

1. Restart the Postfix service. But if you installed MailScanner, then restart MailScanner instead. This will immediately reload the aliases database file instead of after a few minutes.

2. You should now be able to send email to addresses found in your aliases file. See Test Postfix using Telnet and try using the alias email addresses.