Postfix - basic settings in main.cf

Following from the postfix installation article, we can now look at the main.cf file and see what the settings are and what they mean.

Note that at this stage we are dealing with a single domain for our email needs. Later articles will look at multiple domains and virtual users.


Modular

One of the key aspects of understanding and administering postfix is that it is designed to be a modular package.

By that, I mean that the base installation itself is fairly small and the vast majority of the 'usual' mail administration, such as anti-spam and anti-virus, are actually conducted by third party packages like SpamAssassin .

Although those particular aspects are for a later article, we can begin to see the modular nature of postfix when we look at the main.cf file.

Many settings refer to other files on the Slice. This setup can, at first, seem slightly confusing and the initial reaction may be to hard code the data rather than reference another file with a single word in it.

I would advise sticking with the modular premise of postfix and editing multiple files for what may seem like one simple setting.

It makes a lot more sense when we start adding multiple domains, users and aliases to our setup.

main.cf

So what is this main.cf file?

Let's take a look:

sudo nano /etc/postfix/main.cf

I won't paste it here as we are only going to look at one section of the file but you can see it consists of, roughly, three sections.

The first consists of several settings such as smtpd_banner and biff. The second has settings for TLS parameters - more of which in later artcles.

The section we want to look at is the last one and looks like this on the demo slice:

myhostname = mail.demoslice.com

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

myorigin = /etc/mailname
mydestination = mail.demoslice.com, localhost.demoslice.com, , localhost

relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

Note that some of the settings already have the hostname from the base postfix installation.

Settings

Although some of the settings may be self explanatory, let's go through some of them so we have a better understanding of the nature of postfix and what we can do with it at this early stage.

myhostname

Having harped on about the modular nature of postfix, it is only natural that the first setting we come to is hard coded...

Anyway, this was set during the postfix installation when we entered the domain name we wanted to use. This also matches the Slice hostname.

aliases

Aliases are ways of delivering mail to different users without having to set up dozens of different accounts.

The default settings in the main.cf are good and reference another file:

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

Have a look at the file:

sudo nano /etc/aliases

You will see a list of names followed by 'root'. In these instances, mail delivered to the first name will actually be delivered to the second name.

We don't need to setup the postmaster, news, webmaster, abuse, etc users for postfix as mail delivered to those names will be sent to root.

Using the same syntax, we can have all mail for root delivered to our admin user by adding this line:

root: demo

Remember, 'demo' is the main admin users for this Slice.

You may notice that there will be up to three changes in delivery destination:

Mail sent to 'mailer-daemon' is sent to postmaster.

Mail to postmaster is sent to root, and we have just added that all mail sent to root is sent to the main admin user 'demo'.

You are, of course, free to adjust the aliases as you see fit, but instead of changing all the 'root' users in the file, it is easier and quicker to add the one line as shown above - this also makes for easier migration/administration at a later date.

If you have changed the aliases file you must then refresh the aliases database or any changes will not be affected:

sudo newaliases

myorigin

This setting is important as internal emails from packages such as cron jobs do not supply full mail 'credentials' such as sender email. They use the 'myorigin' setting.

As such, it needs to be set to the main hostname of the Slice.

By default, the setting refers to the '/etc/mailname' file. Let's have a look at the contents:

cat /etc/mailname

The output on mine is:

mail.demoslice.com

Which is no real surprise as that is what we set when installing postfix.

However, there is another way of setting 'myorigin' and that is to use '$mydomain' in the main.cf file like this:

myorigin = $mydomain

We haven't specifically set the $mydomain variable at any point but postfix gets the information from the 'myhostname' setting - parsing the hostname to gain the main domain name.

The advantage of setting the myorigin this way is that it makes for easier administration at a later date as only one setting (myhostname) needs changing - all the others take the change from that.

mydestination

Although we have not set the Slice to receive mail (we will do that in the next article), this setting defines from which domain(s) it will accept mail.

The default looks like this:

mydestination = mail.demoslice.com, localhost.demoslice.com, , localhost

That is fine for our needs as we are, at this stage, setting up mail for a single domain but, like the 'myorigin' setting, we can reduce future administration by using the '$mydomain' variable like so:

mydestination = $mydomain, localhost.$mydomain, localhost

Again, using the variable saves a lot of possible administrative headaches at a later date.

relayhosts

For our setup we do not need this setting so you can leave that blank.

mynetworks

Defines the network to use. The default includes IPv6 settings which can be removed, leaving:

mynetworks = 127.0.0.0/8

The rest

The remaining settings can also be left at this stage.

They will come into play later on when we look at some more complex configurations but, for the moment, they are not needed and can be left at the defaults.

Final settings

After the changes we have made, the last section in my main.cf looks like this:

myhostname = mail.demoslice.com

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

myorigin = $mydomain
mydestination = $mydomain, localhost.$mydomain, localhost

relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

Restart

As with all packages, once you have made any changes to the configuration, you will need to restart it:

sudo /etc/init.d/postfix restart

Once that is done, we can conduct a quick test.

Send mail

As with all administrative changes (not that we made many changes here), it is always a good idea to test them.

Send mail to a working email address:

mail user@example.com
Subject: test
test
.
Cc:

You should receive an email from the correct user and the correct domain - check the headers to see if they are correct.

Summary

Getting involved in the configuration of postfix can be a daunting task.

This introduction should help with the basics and shows that postfix is simple in its approach and design and how using variables instead of hard coding domain names can save time and effort in any future administration.

PickledOnion

Article Comments:

Jose commented Thu Jul 31 16:28:53 UTC 2008:

Remember to /etc/init.d/postfix restart before you try to send mail after you've done the following changes.

PickledOnion commented Thu Jul 31 17:46:11 UTC 2008:

Jose,

Good point - thanks for pointing that out.

I'll update the article.

PickledOnion

Kamal Thakur commented Sun Aug 17 16:23:13 UTC 2008:

Great....

Waw. I can send e-mails from command lines.. I am eager to see it working as graphical interface.

fauzan commented Thu Aug 21 21:37:16 UTC 2008:

We haven't specifically set the $mydomain variable at any point but postfix gets the information from the 'myhostname' setting - parsing the hostname to gain the main domain name.

My postfix didn't set $mydomain as above. The email I received was from admin@com. I set $mydomain myself with the line:

mydomain = $myhostname

After that, my email is being sent correctly, from admin@comiczinexpressions.com :)

Ishaan commented Tue Aug 26 22:14:26 UTC 2008:

Fauzan: I think $mydomain was set correctly in your case. If comiczinexpressions.com was your hostname, then postfix would have parsed it and come up with com as your main domain name. I may be wrong, but I believe that your hostname should be a subdomain of your main domain.

anush commented Mon Oct 20 05:32:01 UTC 2008:

To Fauzan's point - if your slice acts as both web and mail server (in which case the "mail" sub-domain would not really be applicable), you should be using $myhostname instead of $mydomain. Not sure if its strictly "best practice" though?

anush commented Mon Oct 20 06:31:07 UTC 2008:

I take my last comment back. If your slice is does a bunch of things (web, mail, etc) and you dont want to name it mail.demoslice.com, pick another hostname. It can be something fun like an actor, artist or cartoon character (raphael.demoslice.com). Now, everything should work fine if you follow the article.

fauzan commented Thu Oct 30 19:19:40 UTC 2008:

thanks all! :)

Baruch commented Thu Dec 04 23:59:14 UTC 2008:

I wonder what the difference is between:

/etc/init.d/postfix restart

and

postfix reload

?

Mike commented Wed Dec 10 00:58:17 UTC 2008:

If you use something like Google Apps to check your email, you may prefer to leave $mydomain out of mydestination. That way, emails from your server to your domain will end up in your usual inbox rather than your inbox on your Slice.

mydestination = localhost.$myhostname, localhost

stensi commented Tue Dec 23 20:18:18 UTC 2008:

Awesome article, however I'd really appreciate seeing how to setup postfix to use multiple domains instead.

Advice on how to setup anti-spam and anti-virus measures would also be great!

stensi commented Tue Dec 23 21:46:15 UTC 2008:

I feel silly, there already are articles for what I wanted :)

http://articles.slicehost.com/email

danpar commented Mon Jan 19 02:33:44 UTC 2009:

It looks like you have a small typo. "relayhosts" should be "relayhost"

PickledOnion commented Mon Jan 19 11:24:30 UTC 2009:

Hi danpar,

I can't find an instance of 'relayhosts'? Can you let me know where you see that?

Both the code blocks that show the relayhost code have it correctly.

Cheers, PickledOnion

doremon commented Wed Jan 21 05:00:16 UTC 2009:

Hi all,Please help me. I config the same this document but i can : sendmail in local, receive email. But i can't send mail to another server( ex: gmail ). When i look at the mail log. i saw error : "Name service error for name=gmail.com type MX: Host not found, try again". But i can ping gmail. Please, help me why and solution. Thanks

Gabriel commented Fri Jan 23 20:21:43 UTC 2009:

Great Tutorials! Question though, why do you remove the IPv6 settings from the mynetworks line? new to all the vps stuff, so thanks. -Gabe

sac commented Wed Feb 04 21:12:42 UTC 2009:

Great tutorial as always. However one small problem. After the first postfix setup page, the test email was received perfectly fine. After changes were made to the main.cf file, (setup pg 2) the next test email was sent to junk via my mail.app. Ideas?

sac commented Wed Feb 04 21:22:14 UTC 2009:

I see my prob is with the $mydomain shortcut. If used, test emails go junk, if not, things are A-Ok.

jack commented Thu Feb 26 14:30:58 UTC 2009:

Right now I can send e-mail from the command line successfully. However, I receive the mail as: "demo@mydomain.com" (replacing demo with my username of course). However, what if I want something like "no-reply@mydomain.com" or "sales@mydomain.com". How would I achieve that? Thanks?

ritesh commented Sun Mar 01 14:53:42 UTC 2009:

when i am trying to send mail, iin hotmail, it is marking my mail as junk. What do i need to do. I have updated a records , mx records , and Ns records , as well as from ,my host name also please let me know what do i need to do. Thanks

John commented Fri Apr 17 04:14:42 UTC 2009:

I'm new to slicehost and linux alltogether and really have no idea.

All your articles are great and make everyhting so simple. What other websites make hard and frustrating yours are a walk in the park

Good job and keep it up!

sky debaun commented Mon May 18 09:10:15 UTC 2009:

I had an issue with not being able to send email via Thunderbird, or connect via telnet (from my local machine) to any port other than 80. I had to add the port I wanted postfix to listen to in /etc/postfix/master.cf (use > postfix reload after wards) Not sure where or if I missed this info, but after following the email tutorials this is what it took for me to send email from Thunderbird. None the less, great tutorials. Thanks for the how to P

Rowan Wookey commented Mon May 25 09:51:15 UTC 2009:

This line mydestination = $mydomain, localhost.$mydomain, localhost

Should read

mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost

When I set my hostname to xxx.mydomain.com mail wouldn't be sent without the $myhostname, I imagine this is because the $mydomain variable is the mydomain.com so doesn't include the xxx part

Rowan Wookey commented Thu Jun 18 15:20:37 UTC 2009:

If you mail server for receiving mail for your domain isn't the same server as the one sending mail you need to remove $mydomain from mydestination otherwise it will deliver the mail locally.

Revision commented Tue Aug 04 16:31:08 UTC 2009:

I had a serious backscatter spam problem off my postfix install. Identical to the configuration in this article but using hash table lookups instead of mysql. Perhaps that was related, but regardless I ended up addressing it by using the following modifications to main.cf:

smtpd_recipient_restrictions = 
    permit_mynetworks, 
    permit_sasl_authenticated, 
    reject_unauth_destination,
    reject_unknown_recipient_domain,
    reject_unknown_sender_domain,
    reject_unverified_recipient,
    reject_non_fqdn_recipient,
    reject_non_fqdn_sender,
    reject_invalid_hostname

and also added the following, though it may not have been necessary:

local_recipient_maps = $virtual_alias_maps

Derk commented Thu Aug 06 00:18:02 UTC 2009:

The article says that we should set myorigin=$mydomain but I found that it only works if set as myorigin=$myhostname This needs to be corrected in the "Final Settings" listing as well.

:-)

Jim Van Belkum commented Mon Nov 02 01:30:16 UTC 2009:

I followed the excellent instructions here and can send email from my slice, but I cannot receive email to my slice. Any suggestions?

Jim

hongliu li commented Tue Nov 10 19:12:18 UTC 2009:

after install and config postfix, I could send email use linux email command.

But when I send email with my java application (java mail), I get following error:

javax.mail.SendFailedException: Invalid Addresses; nested exception is: com.sun.mail.smtp.SMTPAddressFailedException: 554 5.7.1 hongliuli@yahoo.com: Relay access denied

I even add my slice ip to configuration's relayhost, but no help.

Please help. thanks

khomkhay Phavoraxay commented Fri Jan 08 01:57:11 UTC 2010:

I would like to Install New mail Server by using Linux OS and Posfix mail agency

please help me

best regard

khomkhay Phavoray lao PDR

jday commented Tue Mar 23 13:16:19 UTC 2010:

I followed the tutorial and all went well until I tried to send an email from the command line. Never received the email. Looking at the mail.log:

host smtp.secureserver.net[xx.xxx.xxx.xxx.xx] refused to talk to me: 554-p3pismtp01-001.prod.phx3.secureserver.net 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation.

how do I fix my poor reputation?

Jered commented Tue Mar 23 13:51:42 UTC 2010:

I expect your slice's IP address is on the Spamhaus PBL, which is easy to fix. Check out this article for details.

jday commented Tue Mar 23 22:25:10 UTC 2010:

Thanks Jered, that did the trick!

jday commented Sat Mar 27 20:34:36 UTC 2010:

My new problem: mail pop3d: chdir Maildir: No such file or directory

I've sent an email to each email address in my users table and I can see my two domains listed under /home/vmail/

and if I peek inside the domain directory there is 'cur new tmp'

is there some other directory that I need?

Scott Rouse commented Fri Sep 10 01:35:10 UTC 2010:

Thanks for the great articles. In reference to Mike's comment above on 12/10/08, I've had trouble getting emails to go from my slice to addresses on the same domain using Google Apps.

In other words, if my site is http://www.example.com and myhostname is set to example.com, I am unable to send messages to any user @example.com. I can successfully send emails to any other users. I made the change Mike suggested (mydestination = localhost.example.com, localhost). My /var/log/mail.log file shows a "571 incorrect IP" error for mail sent to an @example.com address.

Thoughts?

Jered commented Fri Sep 10 04:48:03 UTC 2010:

Scott, try checking the SPF record for your domain. That error sounds like something you'd get if the SPF record restricts the IP addresses allowed to send mail for the domain, and your slice isn't on the list. You may need to add something like "include:www.example.com" to the SPF record.

Scott Rouse commented Tue Sep 14 01:02:11 UTC 2010:

Jered,

Thanks for the tip. I've tried setting the SPF record for my domain according to the link you provided and help docs I could find at Google/Postini.

It didn't seem to work, however. I still don't receive emails sent to @example.com addresses and get the 571 error in mail.log.

Any other suggestions?

Jered commented Tue Sep 14 04:22:02 UTC 2010:

The 571 error usually means a deliberate block of the email, and it usually comes up in relation to spam filters. Let's check another possibility, then: the Spamhaus PBL. Follow the instructions in that article to see if your slice's IP address is on their PBL, and to remove it if it is.

If it's not that...Hm. I'm not sure. You might email support@slicehost.com and ask them about it. They can at least check the DNS settings you have on your domain to see if anything jumps out at them (I could too, but they'd respond much more quickly than I do in comments).

It still sounds like some sort of spam filter to me, so hopefully it's the PBL (since that's easy to fix).

Stefan commented Fri Sep 24 20:09:52 UTC 2010:

I had the same problems with using myorigin = $mydomain. The email went to my internal folder with an error message. The sender was listed as user@info instead of user@site.info. I changed the command to myorigin = $myhostname and everything worked fine. I went one step further and commented out the earlier line myhostname = mail.demo.slice. The server worked and I presume it got myhostname from another file.

mathew commented Sat Jan 22 07:55:41 UTC 2011:

Why I am getting an error "Connection closed by foreign host."?

telnet srv1.xxxx.com 25 Trying 174.143.205.xx... Connected to srv1.xxxx.com. Escape character is '^]'. Connection closed by foreign host.

Want to comment?


(not made public)

(optional)

(use plain text or Markdown syntax)