This article describes how to install a postfix mail server with no extras or optimization. It's intended only for users who are experienced administrators or who just want a basic mail server installed for a single purpose like sending email alerts from another service.
A barebones article is intended for users who just want to get a software package up and running with the default options and no frills. It's best used by either experienced Linux administrators or users needing to get a package installed to satisfy a prerequisite without going through extensive customization. Most users are advised to use the more in-depth tutorials found elsewhere in the Slicehost articles repository so they can better learn the software they are implementing.
For a more comprehensive survey of this topic, check the links in the "Further reading" section at the end of the article.
Run the following commands:
sudo yum install postfix
Postfix will ask you to select an install type. Unless you know for certain you want a different install type, choose "Internet Site".
Next postfix will ask for your default email domain name. When an email is sent from an account on your slice (like an alert from a program), this value will be appended to the account name. If you set this value to "example.com", emails sent by root on your slice would have the "from" address of "firstname.lastname@example.org".
Adding iptables rules for postfix (optional)
The Slicehost articles on configuring CentOS slices close the ports postfix would use to receive email, as do the default CentOS iptables rules.
You will need to open input ports only if you intend this mail server to receive email intended for your domain. You would also need to open ports if you intend to allow mail clients to send email through your mail server, but this is not recommended and will not be covered in this article. To allow email to come in to your mail server you can add the following iptables rules:
sudo /sbin/iptables -I INPUT -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT sudo /sbin/iptables -I OUTPUT -p tcp --sport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
To save those rules so they'll take effect next time the slice is rebooted, run:
sudo service iptables save
Starting and stopping postfix
You can start postfix with:
sudo /etc/init.d/postfix start
Note that the first time postfix launches may take a little longer than normal as it parses configuration files for the first time.
Similarly, you can stop postfix with:
sudo /etc/init.d/postfix stop
You can also issue a restart command to postfix with:
sudo /etc/init.d/postfix restart
Starting postfix at boot time
Ensure postfix will start when the slice reboots by running:
sudo /sbin/chkconfig --add postfix sudo /sbin/chkconfig postfix on
Postfix's logging is handled by the system's syslog daemon, so log file locations are configured in /etc/syslog.conf. By default the mail logs are located in the directory:
You will need to use sudo to view the logs.
By default postfix log entries are directed to the maillog file:
Postfix's main configuration directory is:
The main.cf file
Postfix's main configuration file is:
Some important highlights from that file include:
myhostname = slicename
The "myhostname" entry is the fully-qualified domain name postfix will use when reporting its address to other mail servers. Set the "myhostname" value to a full domain name (like "mail.example.com").
myorigin = mail.example.com
The "myorigin" entry refers to the default domain address for outgoing emails. It should be the fully-qualified domain name of your slice as postfix will report it to other mail servers.
mydestination = example.com, mail.example.com, slicename, slicename.example.com, localhost.example.com, localhost.localdomain, localhost
The "mydestination" entry lists all domains for which this mail server is qualified to receive email. It's important that all address possibilities are covered to prevent mail bounce loops. Bounce loops happen when mail is sent that should be handled by your mail server but postfix is not configured to handle it (resulting in postfix repeatedly bouncing the email back to itself). Entries should include any variants of your slicename and localhost, as well as the address you used for the "myorigin" value.
inet_interfaces = localhost
The "inet_interfaces" entry controls which IP addresses postfix will listen to for connections. The default is to restrict postfix to only listen to connections on the local machine (so email can be sent from the slice but not received there). To listen to all active interfaces, which is only desirable if you intend to receive email for your domain on this mail server, change that entry to:
inet_interfaces = all
After changing the main.cf file you can tell postfix to reload its settings without restarting by running:
Other configuration files
One other file stores important configuration information for postfix:
The aliases file contains the aliases that control what addresses will handle emails to certain accounts that do not exist on your slice. The default entries cover many standard addresses, like "postmaster" to receive problem reports from postfix, and "abuse" to receive complaints regarding misuse of your mail server. All of these addresses forward to the "root" account on your slice by default. You can also specify an external email address as the recipient for an alias, so you could redirect all email from root to your own email address by adding a line to the aliases file such as:
If you edit the /etc/aliases file you should run the following command to ensure postfix will discover the changes:
You will need to make one or two DNS changes to ensure smooth operation of your mail server.
You will want to configure reverse DNS for the address postfix is reporting to other mail servers. Many mail servers will reject email as spam if the IP address the mail server is using does not resolve back to the same domain name in reverse DNS. For example, if you set up postfix to use the hostname of "mail.example.com" and that resolves to the IP address "22.214.171.124", configure reverse DNS for "126.96.36.199" to resolve to "mail.example.com".
If you intend to receive email for your domain through this slice you will need to edit the MX record for your domain to point it to the host name you are using for postfix. If your domain is "example.com" and postfix is usng the hostname "mail.example.com", you would set the MX record for example.com to "mail.example.com".
If you are using Slicehost to handle your DNS you can make these changes in the SliceManager's DNS tab. The MX records can be set in the "Domains" section, and the "Reverse DNS" section can be used to edit reverse DNS entries for IP addresses.
The Spamhaus policy block list
Spamhaus is a service that assists ISPs with preventing unsolicited email (spam) from passing through their mail servers. One of the tools Spamhaus employs is a "Policy Block List" which lists IP addresses that belong to a hosting provider (such as Slicehost) and blocks them by default. This means that it is likely that a new slice, or one that hasn't been used as a mail server before, will be on their policy block list. Being on the PBL doesn't mean your address is blocked for spamming. The list is only there as a precaution against potential abuse.
Fortunately it's easy to check the Spamhaus PBL to see if your slice's IP address is on the list, and it's also easy to remove it. Go to the Spamhaus Block List Removal Center and enter your IP address. If your IP address is listed in the PBL you will be provided with a link you can use to remove it from the block list. Note that the removal process requires the use of an email account that is not part of a free service (like gmail.com or hotmail.com), but you will be able to use an address that delivers mail to your newly configured mail server for verification purposes.
For more in-depth tutorials on postfix and on accessing email postfix receives, you should visit Slicehost's Email article repository.
- -- Jered