Thursday, February 18, 2010

4. Postfix Aliases & .forward file

    The common entries in aliases file are postmaster, abuse etc. The default aliases file is located at the /etc/aliases used by Postfix. Also postfix will install the aliases file inside the directory /etc/postfix. The text file is converted to a db file using newaliases command. Aliases file are subjected to grow very large (If it is large company they will have numerous alias entries ), as a result the MTA's will be in much advantage to place these alias entries in a database format for fast and reliable enquiry. The aliases database are by default in "Hash" format. Postfix supports Hash, DBMS etc.
# file /etc/aliases.db
Check your aliases.db file with above command.

Aliases Type
    We already have a detailed description about aliases - Refer Below URL
Postfix aliases file has same format as sendmail server use. In fact aliases feature has been taken from sendmail.

Convert Sendmail Aliases File To Postfix
      The change that have to be made in the aliases file is adding the postfix user aliases pointing to user root Thus converting a sendmail aliases file to postfix.
#vim /etc/aliases
postfix: root
# newaliases
# postfix reload
    This is the aliases requirement for the postfix daemon according to postfix documentation. Also we can use the aliases file that created with the installation of postfix. This can be useful if we are creating a new mail server.

Forwarding(Making use of the .forward file) in Postfix
     As in Sendmail if we define a local .forward file in the users home directory Postfix similar to sendmail will attempt to process the ~/.forward file. This .forward file follows the similar syntax as the /etc/aliases file. Any msgs destined to a user can be further forwarded or redirected using .forward file. It allows the user to have control on forwarding the mails.
For Eg:-
The Vacation program is setup by using this .forward file

Setting up Vacation Program
   Go to the home directory of the user 
# cd ~
   Enter the out of office msg
# vim .vacation.msg
Hi thanks for the mail.. I will revert back once I am back
Create the .forward file
# vim .forward
\user, "|/usr/bin/vacation user"
      \user makes postfix to no further look up in the aliases.This enables the vacation program once a mail reaches the user mail box
# vacation -i
This initialise the vacation.db file. This instruct postfix to respond for all the incoming msgs.
Test the vacation program by sending mail to the "user". The user will return a mail with the contends on .vacation.msg

3. Postfix - Local Mail

Working Architecture of Postfix Local Mail
          When a msg is submitted by a local user on the system msgs are place in to "/var/spool/postfix/maildrop" directory. This process can be done by the "sendmail" binary that installed along with the Postfix installation. The msgs can be placed in to the directory with or without the "master" process (Postfix Master daemon). In other words even if the MTA is down the users can place msgs into the queue (maildrop directory) using "sendmail" binary using the process "postdrop". From this maildrop directiory the process called "/usr/libexec/postfix/pickup" which picks up the msgs. This process is spawned by the "master" program. The "pickup" process then feeds the locally submitted msgs to the "cleanup" process. The cleanup process takes care of addressing. Addressing means it fills the missing From & To address with FQDN. Then it moves the msg to the "incoming" queue directory in "/var/spool/postfix". From here the "qmgr" pickups the msgs and delivers based on the next architecture, like smtp, lmtp, local(for local mailing), virtual, pipe etc. The qmgr is responsible for delivering the msg either using local mailing or using the combination of local mailing and SMTP.

Configuring postfix to route the Local Mails
Dumping all the configuration parameters to screen
# postconf
The postconf command with no option prints all the configuration parameters of Postfix.

We need the following parameters in /etc/postfix/
# vim /etc/postfix/
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, nis:mail.aliases
Now check the aliases.db file existence
# ls -al /etc/alilases.db
If the file is not existing have to create it with the following command
# newaliases
This command will create a new aliases database with respect to /etc/aliases file. With out the aliases file the local mailing is not possible."Unlike sendmail postfix includes its own local mailer.It is able to deliver msgs locally with out the assistance of third party program such as maildrop, procmail etc". This means that the Postfix has its own local mail delivery capability.
# postfix restart
Testing Postfix Local Mailing.
Send a mail using the Postfix sendmail version binary in MSP mode to a user using the following command
# sendmail -v user
Subject: Testing postfix
Ctrl + d
Check the delivery status by following method
# mailq
This will echo any msgs are in the queue. Successful mail delivery makes this queue empty
# tail /var/log/maillog
The log shows the exact status of the mail. Now login and check the user mailbox
MAILCHECK=60 is the shell variable that cheks the mail in users inbox.

Wednesday, February 17, 2010

2. Postfix Post Installation and Initial Configuration

Postfix has 2 key configuration files
1. configuration file role is to drive the master process and if necessary spawn additional daemons to manage our environment according to the configuration.
# cat /etc/postfix/
    /usr/libexec/postfix/master is the binary which was installed by the postfix, reads the file and based on the directives in the file the master binary knows which daemons has to be started.
For Eg:- Since the smtp service is mentioned in the file it starts the daemon smtpd.
The file format or header values of various columns in the file is as below:
service    type    private    unpriv    chroot    wakeup   maxproc    command    + args
    This is the service name provided by the daemon. eg:- smtp, qmgr, rewrite
    This defines whether the service is (inet) internet based, or unix named socket (fifo) or unix domain socket(unix) etc. inet are tcp or udp protocol based daemons
    Only the local services can be configured as the private.
    Service can run as unprivate mode
    This defines the daemon about running in chrooted environment.
    This defines the wake up intervals for each services, For eg:- qmgr has 300. pickup has interval 60 by default. This makes the flexibility of postfix installation that each and every process has been carried out by separate binaries and the properties of those binaries can be defined in file.
    This defines the max process that can be invoked
command  + args:
    This defines the actual command to start the daemon with any required additional arguments.
If a "-" (hyphen) is defined then that means use the default configuration option for the given service
The file is responsible for spawning all the binaries of postfix service.

2. contains the directives to drive postfix on our environment.
The key directives that has to be configured for running the postfix with minimal configuration is defined below
Open the file and change the key derivatives
# vim /etc/postfix/
myhostname = mail.$mydomain
# the host name can be FQDN or host.domain format or just the hostname itself
mydomain =
myorigin = $mydomain
# This option is for sending the mail.This pertains the msgs are sourced from the local machine. This tells the postfix how to present the from address in the msg header and envolop even if it sending the msg to same system. The above example will send the locally generated mail with the address
# myorigin = $myhostname
    This option will make postfix to send mail with the envelop with full host name(FQDN because the myhostname is defined as hostname.$mydomain), i.e
mydestination = $myhostname, localhost, localhost.$mydomain
# This tells the postfix that which hosts and domains the postfix receives the mails for. This is the replacement of the local-host-names file.
    These are the main configuration changes that needed to start postfix with minimal configurations. Now save the file and start the postfix
# postfix start
# ps -ax |grep master
    Here now we can see that master process is running
# netstat -ntulpn | grep :25
    The port 25 is opened and listening. The master process is running now, which resembles like the inted daemon in Linux machine, because it spawns the binary when necessary.

Configuring postfix to recieve mail having the To address as
    Until and unless we specify the following options the postfix server will not be able to accept the mail for the given domian.
# vim /etc/postfix/
mydomains =
mydestination = $myhostname, $mydomain, localhost.localdomain
relay_domains = $mydestination
# postfix reload
    The "mydestination" derivative tells postfix that for which domains it recieves the mail for.
With out the domain information entry in all the three derivatives the postfix will not be able to handle the msgs destined to the With out this entry the postfix will bounce back the msg to the client saying the "msg loop back to my self".

Tuesday, February 16, 2010

1. Postfix Installation

    In December of 1998, IBM released Secure Mailer as open source software providing a new, freely available alternative to the nearly universal Sendmail program. The program, more commonly known in open-source circles as Postfix, attempts to be fast, easy to administer, and secure. Originally written in 1997 by Wietse Venema at the IBM Thomas J. Watson Research Center and first released in December 1998, Postfix continues as of 2010 to be actively developed by its creator and a small number of contributors. The software is also known under its former names VMailer and IBM Secure Mailer. One of the primary goals of Postfix is to be widely implemented in order to make the most significant impact on the performance and security of Internet email overall. Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different.

Features of Postfix

Download & Install Postfix
    Download the latest version of source from Download the PGP key and signature as well to verify the source code integrity.Postfix released versions of packages are denoted as postfix.xx.xx.xx.tgz. For example in package postfix.2.6.5.tgz the version can be defined as postfix.MajorRelease.MinorRelease.patch level.tgz.
After downloading we have to match the gpg keys before compiling and installing the package
# gpg --import wiestse.pgp
    The GPG is compatible with the PGP. The above command imports the PGP key downloaded from the Postfix website.
# gpg --list-keys
    Lists all the keys that have imported to GPG.
# gpg --verify postfix-xx.xx.xx.tgz.sig postfix-xx.xx.xx.tgz
    It gives the information about the signature. If there any critical error occurs, have to be taken care and a fresh source code package has to downloaded.

# tar -zxvf postfix-xx.xx.xx.tgz
    Extracts the postfix package and creates the new directory structure named postfix-xx.xx.xx.
    It is better to remove all the Mailer programs in the system before installation of the source.
Inside the extracted package the "conf" directory contains the configuration files that moves to /etc/postfix directory after installation. Directory "examples" contains the advanced secured configurations of postfix which includes chroot-setup, qmail-local(how to operate with Qmail), And ways to define the smtp-policy etc. Many binaries such as Sendmail and Postfix tend to run as root. But Postfix has an exception that, Postfix primarily runs as user "postfix", but some of the components need the root privilages such as binding to port 25.
Other directory called "html" contains the documentation of postfix in HTML format so that we can brows through a web client locally. "man" folder contains the man pages that can be copied to system while installation. "src" sub directory holds all the codes for the binaries that produces as a result of the compilation process.

Compiling and Installing  Postfix
Pre-Requisites before compiling Postfix:
    1. As root have to add user & group called postfix and a separate group called "postdrop".
# groupadd postfix
# useradd -g postfix -s /bin/false postfix
    The user postfix doesn't need to have a shell access.
# groupadd postdrop
    2. Backup the binaries which will be over written by postfix installation.
        newaliases - Which generates the aliases
        mailq         - enumerates the mails in the queue
        sendmail    - the Sendmail binaries
            Now backup these binaries, just a renaming will be sufficient. Because all Linux distros ships with a Mailer agent which may contain these binaries.
Compile and install postfix
# cd postfix-2.6.5/
# make
    This makes the binaries with default options.
# make install
    This will install the binaries in to the system folders.
While executing this command, postfix will ask certain questions including the following:-
The install_root - The temp space for installation location
The default configuration directory
The daemon directory
Path of the administrative user command directory
Queue directory
The sendmail path (The postfix provides a sendmail compatible binary which accepts all the command line options that sendmail do)
newalialses path
mailq path
The mail owner
setgid group (here we defines the mail submission group, i.e, postdrop. It is equvalent to sendmail's MSP)
The html documentation location
The man page directory (install with respect to the $MANPATH variable)
Readme file access etc
    After providing the information,the Postfix installation process will start (copies the binaries into the path).

Installed binaries and files:
     This folder contains the binaries which runs as daemons in background as well some applications that are invoke upon necessary. Main binaries are qmgr, cleanup, flush, smtpd. The most important binary is the master binary, which starts while we invoke the postfix daemon (service postfix start).
    This folder will be containing postalias, postcat, postfix, sendmail, etc
    This folder contains folders called Postfix. Postfix perform all of his mail handling in this "postfix" directory including.
    This folder contains the key configuration files

Initial configuration before starting the postfix at very first time
    With the default configuration, Postfix returns the warning of hostname is not fully qualified. The hostname search is done by postfix using the binary "hostname ". This returns the short hostname. The FQDN returns with the command "hostname -f". The mailing is relying upon the proper name so its vital to specify the proper FQDN in /etc/postfix/ Same way we have to define the myorigin,mydestination and mynetworks parameter in same file. /etc/aliases file should be set and the "newalialses" binary should be executed before starting the postfix service.