diff options
Diffstat (limited to 'html/STANDARD_CONFIGURATION_README.html')
-rw-r--r-- | html/STANDARD_CONFIGURATION_README.html | 851 |
1 files changed, 851 insertions, 0 deletions
diff --git a/html/STANDARD_CONFIGURATION_README.html b/html/STANDARD_CONFIGURATION_README.html new file mode 100644 index 0000000..ee076f6 --- /dev/null +++ b/html/STANDARD_CONFIGURATION_README.html @@ -0,0 +1,851 @@ +<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" + "http://www.w3.org/TR/html4/loose.dtd"> + +<html> + +<head> + +<title>Postfix Standard Configuration Examples</title> + +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> + +</head> + +<body> + +<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Standard Configuration Examples</h1> + +<hr> + +<h2>Purpose of this document</h2> + +<p> This document presents a number of typical Postfix configurations. +This document should be reviewed after you have followed the basic +configuration steps as described in the <a href="BASIC_CONFIGURATION_README.html">BASIC_CONFIGURATION_README</a> +document. In particular, do not proceed here if you don't already +have Postfix working for local mail submission and for local mail +delivery. </p> + +<p> The first part of this document presents standard configurations +that each solve one specific problem. </p> + +<ul> + +<li><a href="#stand_alone">Postfix on a stand-alone Internet host</a> + +<li><a href="#null_client">Postfix on a null client</a> + +<li><a href="#local_network">Postfix on a local network</a> + +<li><a href="#firewall">Postfix email firewall/gateway</a> + +</ul> + +<p> The second part of this document presents additional configurations +for hosts in specific environments. </p> + +<ul> + +<li><a href="#some_local">Delivering some but not all accounts locally</a> + +<li><a href="#intranet">Running Postfix behind a firewall</a> + +<li><a href="#backup">Configuring Postfix as primary or backup MX host for a remote +site</a> + +<li><a href="#dialup">Postfix on a dialup machine</a> + +<li><a href="#fantasy">Postfix on hosts without a real +Internet hostname</a> + +</ul> + +<h2><a name="stand_alone">Postfix on a stand-alone Internet host</a></h2> + +<p> Postfix should work out of the box without change on a stand-alone +machine that has direct Internet access. At least, that is how +Postfix installs when you download the Postfix source code via +<a href="http://www.postfix.org/">http://www.postfix.org/</a>. </p> + +<p> You can use the command "<b>postconf -n</b>" to find out what +settings are overruled by your <a href="postconf.5.html">main.cf</a>. Besides a few pathname +settings, few parameters should be set on a stand-alone box, beyond +what is covered in the <a href="BASIC_CONFIGURATION_README.html">BASIC_CONFIGURATION_README</a> document: </p> + +<blockquote> +<pre> +/etc/postfix/<a href="postconf.5.html">main.cf</a>: + # Optional: send mail as user@domainname instead of user@hostname. + #<a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a> + + # Optional: specify NAT/proxy external address. + #<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> = 1.2.3.4 + + # Alternative 1: don't relay mail from other hosts. + <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = host + <a href="postconf.5.html#relay_domains">relay_domains</a> = + + # Alternative 2: relay mail from local clients only. + # <a href="postconf.5.html#mynetworks">mynetworks</a> = 192.168.1.0/28 + # <a href="postconf.5.html#relay_domains">relay_domains</a> = +</pre> +</blockquote> + +<p> See also the section "<a href="#fantasy">Postfix on hosts without +a real Internet hostname</a>" if this is applicable to your configuration. +</p> + +<h2><a name="null_client">Postfix on a null client</a></h2> + +<p> A null client is a machine that can only send mail. It receives no +mail from the network, and it does not deliver any mail locally. A +null client typically uses POP, IMAP or NFS for mailbox access. </p> + +<p> In this example we assume that the Internet domain name is +"example.com" and that the machine is named "hostname.example.com". +As usual, the examples show only parameters that are not left at +their default settings. </p> + +<blockquote> +<pre> +1 /etc/postfix/<a href="postconf.5.html">main.cf</a>: +2 <a href="postconf.5.html#myhostname">myhostname</a> = hostname.example.com +3 <a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a> +4 <a href="postconf.5.html#relayhost">relayhost</a> = $<a href="postconf.5.html#mydomain">mydomain</a> +5 <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only +6 <a href="postconf.5.html#mydestination">mydestination</a> = +</pre> +</blockquote> + +<p> Translation: </p> + +<ul> + +<li> <p> Line 2: Set <a href="postconf.5.html#myhostname">myhostname</a> to hostname.example.com, in case +the machine name isn't set to a fully-qualified domain name (use +the command "postconf -d <a href="postconf.5.html#myhostname">myhostname</a>" to find out what the machine +name is). </p> + +<li> <p> Line 2: The <a href="postconf.5.html#myhostname">myhostname</a> value also provides the default +value for the <a href="postconf.5.html#mydomain">mydomain</a> parameter (here, "<a href="postconf.5.html#mydomain">mydomain</a> = example.com"). +</p> + +<li> <p> Line 3: Send mail as "user@example.com" (instead of +"user@hostname.example.com"), so that nothing ever has a reason +to send mail to "user@hostname.example.com". </p> + +<li> <p> Line 4: Forward all mail to the mail server that is +responsible for the "example.com" domain. This prevents mail from +getting stuck on the null client if it is turned off while some +remote destination is unreachable. Specify a real hostname +here if your "example.com" domain has no MX record. </p> + +<li> <p> Line 5: Do not accept mail from the network. </p> + +<li> <p> Line 6: Disable local mail delivery. All mail goes to +the mail server as specified in line 4. </p> + +</ul> + +<h2><a name="local_network">Postfix on a local network</a></h2> + +<p> This section describes a local area network environment of one +main server and multiple other systems that send and receive email. +As usual we assume that the Internet domain name is "example.com". +All systems are configured to send mail as "user@example.com", and +all systems receive mail for "user@hostname.example.com". The main +server also receives mail for "user@example.com". We call this +machine by the name of mailhost.example.com. </p> + +<p> A drawback of sending mail as "user@example.com" is that mail +for "root" and other system accounts is also sent to the central +mailhost. See the section "<a href="#some_local">Delivering some +but not all accounts locally</a>" below for possible solutions. +</p> + +<p> As usual, the examples show only parameters that are not left +at their default settings. </p> + +<p> First we present the non-mailhost configuration, because it is +the simpler one. This machine sends mail as "user@example.com" and +is the final destination for "user@hostname.example.com". </p> + +<blockquote> +<pre> +1 /etc/postfix/<a href="postconf.5.html">main.cf</a>: +2 <a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a> +3 <a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 10.0.0.0/24 +4 <a href="postconf.5.html#relay_domains">relay_domains</a> = +5 # Optional: forward all non-local mail to mailhost +6 #<a href="postconf.5.html#relayhost">relayhost</a> = $<a href="postconf.5.html#mydomain">mydomain</a> +</pre> +</blockquote> + +<p> Translation: </p> + +<ul> + +<li> <p> Line 2: Send mail as "user@example.com". </p> + +<li> <p> Line 3: Specify the trusted networks. </p> + +<li> <p> Line 4: This host does not relay mail from untrusted networks. </p> + +<li> <p> Line 6: This is needed if no direct Internet access is +available. See also below, "<a href="#firewall">Postfix behind +a firewall</a>". </p> + +</ul> + +<p> Next we present the mailhost configuration. This machine sends +mail as "user@example.com" and is the final destination for +"user@hostname.example.com" as well as "user@example.com". </p> + +<blockquote> +<pre> + 1 DNS: + 2 example.com IN MX 10 mailhost.example.com. + 3 + 4 /etc/postfix/<a href="postconf.5.html">main.cf</a>: + 5 <a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a> + 6 <a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a> localhost.$<a href="postconf.5.html#mydomain">mydomain</a> localhost $<a href="postconf.5.html#mydomain">mydomain</a> + 7 <a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 10.0.0.0/24 + 8 <a href="postconf.5.html#relay_domains">relay_domains</a> = + 9 # Optional: forward all non-local mail to firewall +10 #<a href="postconf.5.html#relayhost">relayhost</a> = [firewall.example.com] +</pre> +</blockquote> + +<p> Translation: </p> + +<ul> + +<li> <p> Line 2: Send mail for the domain "example.com" to the +machine mailhost.example.com. Remember to specify the "." at the +end of the line. </p> + +<li> <p> Line 5: Send mail as "user@example.com". </p> + +<li> <p> Line 6: This host is the final mail destination for the +"example.com" domain, in addition to the names of the machine +itself. </p> + +<li> <p> Line 7: Specify the trusted networks. </p> + +<li> <p> Line 8: This host does not relay mail from untrusted networks. </p> + +<li> <p> Line 10: This is needed only when the mailhost has to +forward non-local mail via a mail server on a firewall. The +<tt>[]</tt> forces Postfix to do no MX record lookups. </p> + +</ul> + +<p> In an environment like this, users access their mailbox in one +or more of the following ways: + +<ul> + +<li> <p> Mailbox access via NFS or equivalent. </p> + +<li> <p> Mailbox access via POP or IMAP. </p> + +<li> <p> Mailbox on the user's preferred machine. </p> + +</ul> + +<p> In the latter case, each user has an alias on the mailhost that +forwards mail to her preferred machine: </p> + +<blockquote> +<pre> +/etc/aliases: + joe: joe@joes.preferred.machine + jane: jane@janes.preferred.machine +</pre> +</blockquote> + +<p> On some systems the alias database is not in /etc/aliases. To +find out the location for your system, execute the command "<b>postconf +<a href="postconf.5.html#alias_maps">alias_maps</a></b>". </p> + +<p> Execute the command "<b>newaliases</b>" whenever you change +the aliases file. </p> + +<h2><a name="firewall">Postfix email firewall/gateway</a></h2> + +<p> The idea is to set up a Postfix email firewall/gateway that +forwards mail for "example.com" to an inside gateway machine but +rejects mail for "anything.example.com". There is only one problem: +with "<a href="postconf.5.html#relay_domains">relay_domains</a> = example.com", the firewall normally also +accepts mail for "anything.example.com". That would not be right. +</p> + +<p> Note: this example requires Postfix version 2.0 and later. To find +out what Postfix version you have, execute the command "<b>postconf +<a href="postconf.5.html#mail_version">mail_version</a></b>". </p> + +<p> The solution is presented in multiple parts. This first part +gets rid of local mail delivery on the firewall, making the firewall +harder to break. </p> + +<blockquote> +<pre> +1 /etc/postfix/<a href="postconf.5.html">main.cf</a>: +2 <a href="postconf.5.html#myorigin">myorigin</a> = example.com +3 <a href="postconf.5.html#mydestination">mydestination</a> = +4 <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = +5 <a href="postconf.5.html#local_transport">local_transport</a> = <a href="error.8.html">error</a>:local mail delivery is disabled +6 +7 /etc/postfix/<a href="master.5.html">master.cf</a>: +8 Comment out the local delivery agent +</pre> +</blockquote> + +<p> Translation: </p> + +<ul> + +<li> <p> Line 2: Send mail from this machine as "user@example.com", +so that no reason exists to send mail to "user@firewall.example.com". +</p> + +<li> <p> Lines 3-8: Disable local mail delivery on the firewall +machine. </p> + +</ul> + +<p> For the sake of technical correctness the firewall must be able +to receive mail for postmaster@[firewall ip address]. Reportedly, +some things actually expect this ability to exist. The second part +of the solution therefore adds support for postmaster@[firewall ip +address], and as a bonus we do abuse@[firewall ip address] as well. +All the mail to these two accounts is forwarded to an inside address. +</p> + +<blockquote> +<pre> +1 /etc/postfix/<a href="postconf.5.html">main.cf</a>: +2 <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual +3 +4 /etc/postfix/virtual: +5 postmaster postmaster@example.com +6 abuse abuse@example.com +</pre> +</blockquote> + +<p> Translation: </p> + +<ul> + +<li> <p> Because <a href="postconf.5.html#mydestination">mydestination</a> is empty (see the previous example), +only address literals matching $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> +are deemed local. So "localpart@[a.d.d.r]" can be matched as simply +"localpart" in <a href="canonical.5.html">canonical(5)</a> and <a href="virtual.5.html">virtual(5)</a>. This avoids the need to +specify firewall IP addresses in Postfix configuration files. </p> + +</ul> + +<p> The last part of the solution does the email forwarding, which +is the real purpose of the firewall email function. </p> + +<blockquote> +<pre> + 1 /etc/postfix/<a href="postconf.5.html">main.cf</a>: + 2 <a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 12.34.56.0/24 + 3 <a href="postconf.5.html#relay_domains">relay_domains</a> = example.com + 4 <a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> = + 5 <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> smtpd_access_maps +<br> + 6a # Postfix 2.10 and later support separate relay control and + 7a # spam control. + 8a <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> = + 9a <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> +10a <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = ...spam blocking rules.... +<br> + 6b # Older configurations combine relay control and spam control. To + 7b # use this with Postfix ≥ 2.10 specify "<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>=". + 8b <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = + 9b <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> +10b ...spam blocking rules.... +<br> +11 <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/relay_recipients +12 <a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport +13 +14 /etc/postfix/relay_recipients: +15 user1@example.com x +16 user2@example.com x +17 . . . +18 +19 /etc/postfix/transport: +20 example.com <a href="smtp.8.html">smtp</a>:[inside-gateway.example.com] +</pre> +</blockquote> + +<p> Translation: </p> + +<ul> + +<li><p> Lines 1-10: Accept mail from local systems in $<a href="postconf.5.html#mynetworks">mynetworks</a>, +and accept mail from outside for "user@example.com" but not for +"user@anything.example.com". The magic is in lines 4-5. </p> + +<li> <p> Lines 11, 13-16: Define the list of valid addresses in the +"example.com" domain that can receive mail from the Internet. This +prevents the mail queue from filling up with undeliverable +MAILER-DAEMON messages. If you can't maintain a list of valid +recipients then you must specify "<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> =" (that +is, an empty value), or you must specify an "@example.com x" +wild-card in the relay_recipients table. </p> + +<li> <p> Lines 12, 19-20: Route mail for "example.com" to the inside +gateway machine. The <tt>[]</tt> forces Postfix to do no MX lookup. +</p> + +</ul> + +<p>Specify <b>dbm</b> instead of <b>hash</b> if your system uses +<b>dbm</b> files instead of <b>db</b> files. To find out what lookup +tables Postfix supports, use the command "<b>postconf -m</b>". </p> + +<p> Execute the command "<b>postmap /etc/postfix/relay_recipients</b>" +whenever you change the relay_recipients table. </p> + +<p> Execute the command "<b>postmap /etc/postfix/transport</b>" +whenever you change the transport table. </p> + +<p> In some installations, there may be separate instances of Postfix +processing inbound and outbound mail on a multi-homed firewall. The +inbound Postfix instance has an SMTP server listening on the external +firewall interface, and the outbound Postfix instance has an SMTP server +listening on the internal interface. In such a configuration is it is +tempting to configure $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> in each instance with just the +corresponding interface address. </p> + +<p> In most cases, using <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> in this way will not work, +because as documented in the $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> reference manual, the +<a href="smtp.8.html">smtp(8)</a> delivery agent will also use the specified interface address +as the source address for outbound connections and will be unable to +reach hosts on "the other side" of the firewall. The symptoms are that +the firewall is unable to connect to hosts that are in fact up. See the +<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> parameter documentation for suggested work-arounds.</p> + +<h2><a name="some_local">Delivering some but not all accounts +locally</a></h2> + +<p> A drawback of sending mail as "user@example.com" (instead of +"user@hostname.example.com") is that mail for "root" and other +system accounts is also sent to the central mailhost. In order to +deliver such accounts locally, you can set up virtual aliases as +follows: </p> + +<blockquote> +<pre> +1 /etc/postfix/<a href="postconf.5.html">main.cf</a>: +2 <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual +3 +4 /etc/postfix/virtual: +5 root root@localhost +6 . . . +</pre> +</blockquote> + +<p> Translation: </p> + +<ul> + +<li> <p> Line 5: As described in the <a href="virtual.5.html">virtual(5)</a> manual page, the +bare name "root" matches "root@site" when "site" is equal to +$<a href="postconf.5.html#myorigin">myorigin</a>, when "site" is listed in $<a href="postconf.5.html#mydestination">mydestination</a>, or when it +matches $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. </p> + +</ul> + +<p> Execute the command "<b>postmap /etc/postfix/virtual</b>" after +editing the file. </p> + +<h2><a name="intranet">Running Postfix behind a firewall</a></h2> + +<p> The simplest way to set up Postfix on a host behind a firewalled +network is to send all mail to a gateway host, and to let that mail +host take care of internal and external forwarding. Examples of that +are shown in the <a href="#local_network">local area network</a> +section above. A more sophisticated approach is to send only external +mail to the gateway host, and to send intranet mail directly. </p> + +<p> Note: this example requires Postfix version 2.0 and later. To find +out what Postfix version you have, execute the command "<b>postconf +<a href="postconf.5.html#mail_version">mail_version</a></b>". </p> + +<p> The following example presents additional configuration. You +need to combine this with basic configuration information as +discussed in the first half of this document. </p> + +<blockquote> +<pre> + 1 /etc/postfix/<a href="postconf.5.html">main.cf</a>: + 2 <a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport + 3 <a href="postconf.5.html#relayhost">relayhost</a> = + 4 # Optional for a machine that isn't "always on" + 5 #<a href="postconf.5.html#fallback_relay">fallback_relay</a> = [gateway.example.com] + 6 + 7 /etc/postfix/transport: + 8 # Internal delivery. + 9 example.com : +10 .example.com : +11 # External delivery. +12 * <a href="smtp.8.html">smtp</a>:[gateway.example.com] +</pre> +</blockquote> + +<p> Translation: </p> + +<ul> + +<li> <p> Lines 2, 7-12: Request that intranet mail is delivered +directly, and that external mail is given to a gateway. Obviously, +this example assumes that the organization uses DNS MX records +internally. The <tt>[]</tt> forces Postfix to do no MX lookup. +</p> + +<li> <p> Line 3: IMPORTANT: do not specify a <a href="postconf.5.html#relayhost">relayhost</a> in <a href="postconf.5.html">main.cf</a>. +</p> + +<li> <p> Line 5: This prevents mail from being stuck in the queue +when the machine is turned off. Postfix tries to deliver mail +directly, and gives undeliverable mail to a gateway. </p> + +</ul> + +<p> Specify <b>dbm</b> instead of <b>hash</b> if your system uses +<b>dbm</b> files instead of <b>db</b> files. To find out what lookup +tables Postfix supports, use the command "<b>postconf -m</b>". </p> + +<p> Execute the command "<b>postmap /etc/postfix/transport</b>" whenever +you edit the transport table. </p> + +<h2><a name="backup">Configuring Postfix as primary or backup MX host for a remote site</a></h2> + +<p> This section presents additional configuration. You need to +combine this with basic configuration information as discussed in the +first half of this document. </p> + +<p> When your system is SECONDARY MX host for a remote site this +is all you need: </p> + +<blockquote> +<pre> + 1 DNS: + 2 the.backed-up.domain.tld IN MX 100 your.machine.tld. + 3 + 4 /etc/postfix/<a href="postconf.5.html">main.cf</a>: + 5 <a href="postconf.5.html#relay_domains">relay_domains</a> = . . . the.backed-up.domain.tld +<br> + 6a # Postfix 2.10 and later support separate relay control and + 7a # spam control. + 8a <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> = + 9a <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> +10a <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = ...spam blocking rules.... +<br> + 6b # Older configurations combine relay control and spam control. To + 7b # use this with Postfix ≥ 2.10 specify "<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>=". + 8b <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = + 9b <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> +10b ...spam blocking rules.... +<br> +11 # You must specify your NAT/proxy external address. +12 #<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> = 1.2.3.4 +13 +14 <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/relay_recipients +15 +16 /etc/postfix/relay_recipients: +17 user1@the.backed-up.domain.tld x +18 user2@the.backed-up.domain.tld x +19 . . . +</pre> +</blockquote> + +<p> When your system is PRIMARY MX host for a remote site you +need the above, plus: </p> + +<blockquote> +<pre> +20 /etc/postfix/<a href="postconf.5.html">main.cf</a>: +21 <a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport +22 +23 /etc/postfix/transport: +24 the.backed-up.domain.tld relay:[their.mail.host.tld] +</pre> +</blockquote> + +<p> Important notes: + +<ul> + +<li><p>Do not list the.backed-up.domain.tld in <a href="postconf.5.html#mydestination">mydestination</a>.</p> + +<li><p>Do not list the.backed-up.domain.tld in <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>.</p> + +<li><p>Do not list the.backed-up.domain.tld in <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.</p> + +<li> <p> Lines 1-9: Forward mail from the Internet for +"the.backed-up.domain.tld" to the primary MX host for that domain. +</p> + +<li> <p> Line 12: This is a must if Postfix receives mail via a +NAT relay or proxy that presents a different IP address to the +world than the local machine. </p> + +<li> <p> Lines 14-18: Define the list of valid addresses in the +"the.backed-up.domain.tld" domain. This prevents your mail queue +from filling up with undeliverable MAILER-DAEMON messages. If you +can't maintain a list of valid recipients then you must specify +"<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> =" (that is, an empty value), or you must +specify an "@the.backed-up.domain.tld x" wild-card in the +relay_recipients table. </p> + +<li> <p> Line 24: The <tt>[]</tt> forces Postfix to do no MX lookup. </p> + +</ul> + +<p> Specify <b>dbm</b> instead of <b>hash</b> if your system uses +<b>dbm</b> files instead of <b>db</b> files. To find out what lookup +tables Postfix supports, use the command "<b>postconf -m</b>". </p> + +<p> Execute the command "<b>postmap /etc/postfix/transport</b>" +whenever you change the transport table. </p> + +<p> NOTE for Postfix < 2.2: Do not use the <a href="postconf.5.html#fallback_relay">fallback_relay</a> feature +when relaying mail +for a backup or primary MX domain. Mail would loop between the +Postfix MX host and the <a href="postconf.5.html#fallback_relay">fallback_relay</a> host when the final destination +is unavailable. </p> + +<ul> + +<li> In <a href="postconf.5.html">main.cf</a> specify "<tt><a href="postconf.5.html#relay_transport">relay_transport</a> = relay</tt>", + +<li> In <a href="master.5.html">master.cf</a> specify "<tt>-o <a href="postconf.5.html#fallback_relay">fallback_relay</a> =</tt>" at the +end of the <tt>relay</tt> entry. + +<li> In transport maps, specify "<tt>relay:<i>nexthop...</i></tt>" +as the right-hand side for backup or primary MX domain entries. + +</ul> + +<p> These are default settings in Postfix version 2.2 and later. +</p> + +<h2><a name="dialup">Postfix on a dialup machine</a></h2> + +<p> This section applies to dialup connections that are down most +of the time. For dialup connections that are up 24x7, see the <a +href="#local_network">local area network</a> section above. </p> + +<p> This section presents additional configuration. You need to +combine this with basic configuration information as discussed in the +first half of this document. </p> + +<p> If you do not have your own hostname and IP address (usually +with dialup, cable TV or DSL connections) then you should also +study the section on "<a href="#fantasy">Postfix on hosts without +a real Internet hostname</a>". </p> + +<ul> + +<li> Route all outgoing mail to your network provider. + +<p> If your machine is disconnected most of the time, there isn't +a lot of opportunity for Postfix to deliver mail to hard-to-reach +corners of the Internet. It's better to give the mail to a machine +that is connected all the time. In the example below, the <tt>[]</tt> +prevents Postfix from trying to look up DNS MX records. </p> + +<pre> +/etc/postfix/<a href="postconf.5.html">main.cf</a>: + <a href="postconf.5.html#relayhost">relayhost</a> = [smtprelay.someprovider.com] +</pre> + +<li> <p><a name="spontaneous_smtp">Disable spontaneous SMTP mail +delivery (if using on-demand dialup IP only).</a> </p> + +<p> Normally, Postfix attempts to deliver outbound mail at its convenience. +If your machine uses on-demand dialup IP, this causes your system +to place a telephone call whenever you submit new mail, and whenever +Postfix retries to deliver delayed mail. To prevent such telephone +calls from being placed, disable spontaneous SMTP mail deliveries. </p> + +<pre> +/etc/postfix/<a href="postconf.5.html">main.cf</a>: + <a href="postconf.5.html#defer_transports">defer_transports</a> = smtp (Only for on-demand dialup IP hosts) +</pre> + +<li> <p>Disable SMTP client DNS lookups (dialup LAN only).</p> + +<pre> +/etc/postfix/<a href="postconf.5.html">main.cf</a>: + <a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> = yes (Only for on-demand dialup IP hosts) +</pre> + +<li> Flush the mail queue whenever the Internet link is established. + +<p> Put the following command into your PPP or SLIP dialup scripts: </p> + +<pre> +/usr/sbin/sendmail -q (whenever the Internet link is up) +</pre> + +<p> The exact location of the Postfix sendmail command is system-specific. +Use the command "<b>postconf <a href="postconf.5.html#sendmail_path">sendmail_path</a></b>" to find out where the +Postfix sendmail command is located on your machine. </p> + +<p> In order to find out if the mail queue is flushed, use something +like: </p> + +<pre> +#!/bin/sh + +# Start mail deliveries. +/usr/sbin/sendmail -q + +# Allow deliveries to start. +sleep 10 + +# Loop until all messages have been tried at least once. +while mailq | grep '^[^ ]*\*' >/dev/null +do + sleep 10 +done +</pre> + +<p> If you have disabled <a href="#spontaneous_smtp">spontaneous +SMTP mail delivery</a>, you also need to run the "<b>sendmail -q</b>" +command every now and then while the dialup link is up, so that +newly-posted mail is flushed from the queue. </p> + +</ul> + +<h2><a name="fantasy">Postfix on hosts without a real Internet +hostname</a></h2> + +<p> This section is for hosts that don't have their own Internet +hostname. Typically these are systems that get a dynamic IP address +via DHCP or via dialup. Postfix will let you send and receive mail +just fine between accounts on a machine with a fantasy name. However, +you cannot use a fantasy hostname in your email address when sending +mail into the Internet, because no-one would be able to reply to +your mail. In fact, more and more sites refuse mail addresses with +non-existent domain names. </p> + +<p> Note: the following information is Postfix version dependent. +To find out what Postfix version you have, execute the command +"<b>postconf <a href="postconf.5.html#mail_version">mail_version</a></b>". </p> + +<h3>Solution 1: Postfix version 2.2 and later </h3> + +<p> Postfix 2.2 uses the <a href="generic.5.html">generic(5)</a> address mapping to replace +local fantasy email addresses by valid Internet addresses. This +mapping happens ONLY when mail leaves the machine; not when you +send mail between users on the same machine. </p> + +<p> The following example presents additional configuration. You +need to combine this with basic configuration information as +discussed in the first half of this document. </p> + +<blockquote> +<pre> +1 /etc/postfix/<a href="postconf.5.html">main.cf</a>: +2 <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/generic +3 +4 /etc/postfix/generic: +5 his@localdomain.local hisaccount@hisisp.example +6 her@localdomain.local heraccount@herisp.example +7 @localdomain.local hisaccount+local@hisisp.example +</pre> +</blockquote> + +<p> When mail is sent to a remote host via SMTP: </p> + +<ul> + +<li> <p> Line 5 replaces <i>his@localdomain.local</i> by his ISP +mail address, </p> + +<li> <p> Line 6 replaces <i>her@localdomain.local</i> by her ISP +mail address, and </p> + +<li> <p> Line 7 replaces other local addresses by his ISP account, +with an address extension of +<i>local</i> (this example assumes +that the ISP supports "+" style address extensions). </p> + +</ul> + +<p>Specify <b>dbm</b> instead of <b>hash</b> if your system uses +<b>dbm</b> files instead of <b>db</b> files. To find out what lookup +tables Postfix supports, use the command "<b>postconf -m</b>". </p> + +<p> Execute the command "<b>postmap /etc/postfix/generic</b>" +whenever you change the generic table. </p> + +<h3>Solution 2: Postfix version 2.1 and earlier </h3> + +<p> The solution with older Postfix systems is to use valid +Internet addresses where possible, and to let Postfix map valid +Internet addresses to local fantasy addresses. With this, you can +send mail to the Internet and to local fantasy addresses, including +mail to local fantasy addresses that don't have a valid Internet +address of their own.</p> + +<p> The following example presents additional configuration. You +need to combine this with basic configuration information as +discussed in the first half of this document. </p> + +<blockquote> +<pre> + 1 /etc/postfix/<a href="postconf.5.html">main.cf</a>: + 2 <a href="postconf.5.html#myhostname">myhostname</a> = hostname.localdomain + 3 <a href="postconf.5.html#mydomain">mydomain</a> = localdomain + 4 + 5 <a href="postconf.5.html#canonical_maps">canonical_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/canonical + 6 + 7 <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual + 8 + 9 /etc/postfix/canonical: +10 your-login-name your-account@your-isp.com +11 +12 /etc/postfix/virtual: +13 your-account@your-isp.com your-login-name +</pre> +</blockquote> + +<p> Translation: </p> + +<ul> + +<li> <p> Lines 2-3: Substitute your fantasy hostname here. Do not +use a domain name that is already in use by real organizations +on the Internet. See <a href="https://tools.ietf.org/html/rfc2606">RFC 2606</a> for examples of domain +names that are guaranteed not to be owned by anyone. </p> + +<li> <p> Lines 5, 9, 10: This provides the mapping from +"your-login-name@hostname.localdomain" to "your-account@your-isp.com". +This part is required. </p> + +<li> <p> Lines 7, 12, 13: Deliver mail for "your-account@your-isp.com" +locally, instead of sending it to the ISP. This part is not required +but is convenient. + +</ul> + +<p>Specify <b>dbm</b> instead of <b>hash</b> if your system uses +<b>dbm</b> files instead of <b>db</b> files. To find out what lookup +tables Postfix supports, use the command "<b>postconf -m</b>". </p> + +<p> Execute the command "<b>postmap /etc/postfix/canonical</b>" +whenever you change the canonical table. </p> + +<p> Execute the command "<b>postmap /etc/postfix/virtual</b>" +whenever you change the virtual table. </p> + +</body> + +</html> |