Barebones postfix install for Ubuntu

This article describes how to install a postfix mail server with no extras or optimization. It's intended only for users who are experienced administrators or who just want a basic mail server installed for a single purpose like sending email alerts from another service.


Why "barebones"?

A barebones article is intended for users who just want to get a software package up and running with the default options and no frills. It's best used by either experienced Linux administrators or users needing to get a package installed to satisfy a prerequisite without going through extensive customization. Most users are advised to use the more in-depth tutorials found elsewhere in the Slicehost articles repository so they can better learn the software they are implementing.

For a more comprehensive survey of this topic, check the links in the "Further reading" section at the end of the article.

Installing postfix

Run the following commands:

sudo aptitude update

sudo aptitude install postfix

Postfix will ask you to select an install type. Unless you know for certain you want a different install type, choose "Internet Site".

Next postfix will ask for your default email domain name. When an email is sent from an account on your slice (like an alert from a program), this value will be appended to the account name. If you set this value to "example.com", emails sent by root on your slice would have the "from" address of "root@example.com".

Adding iptables rules for postfix (optional)

The default Ubuntu images for Slicehost do not have iptables configured to restrict any ports.

If you have added iptables restrictions yourself you will need to open input ports only if you intend this mail server to receive email intended for your domain. You would also need to open ports if you intend to allow mail clients to send email through your mail server, but this is not recommended and will not be covered in this article. To allow email to come in to your mail server you can add the following iptables rules:

-I INPUT -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
-I OUTPUT -p tcp --sport 25 -m state --state NEW,ESTABLISHED -j ACCEPT

Starting and stopping postfix

You can start postfix with:

sudo /etc/init.d/postfix start

Note that the first time postfix launches may take a little longer than normal as it parses configuration files for the first time.

Similarly, you can stop postfix with:

sudo /etc/init.d/postfix stop

You can also issue a restart command to postfix with:

sudo /etc/init.d/postfix restart

Starting postfix at boot time

Ensure postfix will start when the slice reboots by running:

sudo /usr/sbin/update-rc.d postfix defaults

Log files

Postfix's logging is handled by the system's syslog daemon, so log file locations are configured in /etc/syslog.conf. By default the mail logs are located in the directory:

/var/log

You will need to use sudo to view the logs.

Three of the log files filter entries according to severity (informational, warning, and error):

/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err

The mail.log file acts as a combined log of the above three types of mail events:

/var/log/mail.log

Configuration files

Postfix's main configuration directory is:

/etc/postfix

The main.cf file

Postfix's main configuration file is:

/etc/postfix/main.cf

Some important highlights from that file include:

myhostname = slicename

The "myhostname" entry is the fully-qualified domain name postfix will use when reporting its address to other mail servers. Set the "myhostname" value to a full domain name (like "mail.example.com").

myorigin = /etc/mailname

The "myorigin" entry refers to the default domain address for outgoing emails. It points to a file, "/etc/mailname", which contains the address you entered during the installation process (normally your base domain name).

mydestination = example.com, mail.example.com, slicename, slicename.example.com, localhost.example.com, localhost.localdomain, localhost

The "mydestination" entry lists all domains for which this mail server is qualified to receive email. It's important that all address possibilities are covered to prevent mail bounce loops. Bounce loops happen when mail is sent that should be handled by your mail server but postfix is not configured to handle it (resulting in postfix repeatedly bouncing the email back to itself). Entries should include any variants of your slicename and localhost, as well as the address you used for the "myorigin" value.

inet_interfaces = all

The "inet_interfaces" entry controls which IP addresses postfix will listen to for connections. The default is to listen to all active interfaces, which is desirable if you intend to receive email for your domain on this mail server. To restrict postfix to only listen to connections on the local machine (so email can be sent from the slice but not received there), change that entry to:

inet_interfaces = loopback-only

After changing the main.cf file you can tell postfix to reload its settings without restarting by running:

/usr/sbin/postfix reload

Other configuration files

Two other files store important configuration information for postfix. The first is:

/etc/mailname

As mentioned in the discussion of the "myorigin" setting above, the mailname file contains the fully-qualified domain name of your slice as postfix will report it to other mail servers.

The other file is:

/etc/aliases

The aliases file contains the aliases that control what addresses will handle emails to certain accounts that do not exist on your slice. The default entries cover many standard addresses, like "postmaster" to receive problem reports from postfix, and "abuse" to receive complaints regarding misuse of your mail server. All of these addresses forward to the "root" account on your slice by default. You can also specify an external email address as the recipient for an alias, so you could redirect all email from root to your own email address by adding a line to the aliases file such as:

root: joebob@demoslice.com

If you edit the /etc/aliases file you should run the following command to ensure postfix will discover the changes:

sudo /usr/bin/newaliases

DNS modifications

You will need to make one or two DNS changes to ensure smooth operation of your mail server.

You will want to configure reverse DNS for the address postfix is reporting to other mail servers. Many mail servers will reject email as spam if the IP address the mail server is using does not resolve back to the same domain name in reverse DNS. For example, if you set up postfix to use the hostname of "mail.example.com" and that resolves to the IP address "1.2.3.4", configure reverse DNS for "1.2.3.4" to resolve to "mail.example.com".

If you intend to receive email for your domain through this slice you will need to edit the MX record for your domain to point it to the host name you are using for postfix. If your domain is "example.com" and postfix is usng the hostname "mail.example.com", you would set the MX record for example.com to "mail.example.com".

If you are using Slicehost to handle your DNS you can make these changes in the SliceManager's DNS tab. The MX records can be set in the "Domains" section, and the "Reverse DNS" section can be used to edit reverse DNS entries for IP addresses.

The Spamhaus policy block list

Spamhaus is a service that assists ISPs with preventing unsolicited email (spam) from passing through their mail servers. One of the tools Spamhaus employs is a "Policy Block List" which lists IP addresses that belong to a hosting provider (such as Slicehost) and blocks them by default. This means that it is likely that a new slice, or one that hasn't been used as a mail server before, will be on their policy block list. Being on the PBL doesn't mean your address is blocked for spamming. The list is only there as a precaution against potential abuse.

Fortunately it's easy to check the Spamhaus PBL to see if your slice's IP address is on the list, and it's also easy to remove it. Go to the Spamhaus Block List Removal Center and enter your IP address. If your IP address is listed in the PBL you will be provided with a link you can use to remove it from the block list. Note that the removal process requires the use of an email account that is not part of a free service (like gmail.com or hotmail.com), but you will be able to use an address that delivers mail to your newly configured mail server for verification purposes.

Further reading

For more in-depth tutorials on postfix and on accessing email postfix receives, you should visit Slicehost's Email article repository.

The postfix web site includes links to the postfix documentation as well as mailing lists and external resources.

  • -- Jered

Article Comments:

J commented Thu Jul 22 16:17:22 UTC 2010:

Firstly, thanks for the best articles anywhere.

I got the whole postfix thing up and running, thanks for that, but for some reason I always need to start postfix manually after every reboot.

running "$ sudo /usr/sbin/update-rc.d postfix defaults" just gives me: "System startup links for /etc/init.d/postfix already exist."

Any suggestions?

Thanks.

Jered commented Thu Jul 22 17:38:14 UTC 2010:

Odd. You might try running "sudo /usr/sbin/update-rc.d postfix remove", then run "sudo /usr/sbin/update-rc.d postfix defaults" again. That might clear up whatever weirdness has postfix's startup script not running.

Failing that, you can set the init scripts up manually. Take a look in "/etc/rc2.d". That directory should contain a symlink for postfix (probably named "S20postfix"). If it doesn't, you can create one by running "sudo ln -s ../init.d/postfix /etc/rc2.d/S20postfix". Then to make sure postfix shuts down properly when it needs to, run "sudo ln -s ../init.d/postfix /etc/rc6.d/K20postfix" and "sudo ln -s ../init.d/postfix /etc/rc0.d/K20postfix" and "sudo ln -s ../init.d/postfix /etc/rc1.d/K20postfix". Those manual commands cover most of what update-rc.d should have done, anyway (it would also add links for runlevels 3 through 5, which you're unlikely to need anyway).

All that said, the scripts may be in place and working, but there may be a problem with postfix trying to start during the boot process. Take a look in postfix's logs after a reboot to see if there are any errors reported there, or in /var/log/messages, or in /var/log/dmesg.

scott commented Wed Jun 08 06:50:04 UTC 2011:

refer to this link http://sudhanshuraheja.com/2009/02/slicehost-setup-outgoing-mail-google-apps-postfix/ if you are using google apps to control your mail. by following these instructions you are telling postfix that your email is setup up on Google Apps, not the server.

Khojguru commented Mon Oct 15 09:18:06 UTC 2012:

Good read for setting the email server on ubuntu.

Want to comment?


(not made public)

(optional)

(use plain text or Markdown syntax)