Table of Contents for
Postfix: The Definitive Guide

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Postfix: The Definitive Guide by Kyle D. Dent Published by O'Reilly Media, Inc., 2003
  1. Postfix: The Definitive Guide
  2. Cover
  3. Postfix: The Definitive Guide
  4. Foreword
  5. Preface
  6. Audience
  7. Organization
  8. Conventions Used in This Book
  9. Comments and Questions
  10. Acknowledgments
  11. 1. Introduction
  12. 1.1. Postfix Origins and Philosophy
  13. 1.2. Email and the Internet
  14. 1.3. The Role of Postfix
  15. 1.4. Postfix Security
  16. 1.5. Additional Information and How to Obtain Postfix
  17. 2. Prerequisites
  18. 2.1. Unix Topics
  19. 2.2. Email Topics
  20. 3. Postfix Architecture
  21. 3.1. Postfix Components
  22. 3.2. How Messages Enter the Postfix System
  23. 3.3. The Postfix Queue
  24. 3.4. Mail Delivery
  25. 3.5. Tracing a Message Through Postfix
  26. 4. General Configuration and Administration
  27. 4.1. Starting Postfix the First Time
  28. 4.2. Configuration Files
  29. 4.3. Important Configuration Considerations
  30. 4.4. Administration
  31. 4.5. master.cf
  32. 4.6. Receiving Limits
  33. 4.7. Rewriting Addresses
  34. 4.8. chroot
  35. 4.9. Documentation
  36. 5. Queue Management
  37. 5.1. How qmgr Works
  38. 5.2. Queue Tools
  39. 6. Email and DNS
  40. 6.1. DNS Overview
  41. 6.2. Email Routing
  42. 6.3. Postfix and DNS
  43. 6.4. Common Problems
  44. 7. Local Delivery and POP/IMAP
  45. 7.1. Postfix Delivery Transports
  46. 7.2. Message Store Formats
  47. 7.3. Local Delivery
  48. 7.4. POP and IMAP
  49. 7.5. Local Mail Transfer Protocol
  50. 8. Hosting Multiple Domains
  51. 8.1. Shared Domains with System Accounts
  52. 8.2. Separate Domains with System Accounts
  53. 8.3. Separate Domains with Virtual Accounts
  54. 8.4. Separate Message Store
  55. 8.5. Delivery to Commands
  56. 9. Mail Relaying
  57. 9.1. Backup MX
  58. 9.2. Transport Maps
  59. 9.3. Inbound Mail Gateway
  60. 9.4. Outbound Mail Relay
  61. 9.5. UUCP, Fax, and Other Deliveries
  62. 10. Mailing Lists
  63. 10.1. Simple Mailing Lists
  64. 10.2. Mailing-List Managers
  65. 11. Blocking Unsolicited Bulk Email
  66. 11.1. The Nature of Spam
  67. 11.2. The Problem of Spam
  68. 11.3. Open Relays
  69. 11.4. Spam Detection
  70. 11.5. Anti-Spam Actions
  71. 11.6. Postfix Configuration
  72. 11.7. Client-Detection Rules
  73. 11.8. Strict Syntax Parameters
  74. 11.9. Content-Checking
  75. 11.10. Customized Restriction Classes
  76. 11.11. Postfix Anti-Spam Example
  77. 12. SASL Authentication
  78. 12.1. SASL Overview
  79. 12.2. Postfix and SASL
  80. 12.3. Configuring Postfix for SASL
  81. 12.4. Testing Your Authentication Configuration
  82. 12.5. SMTP Client Authentication
  83. 13. Transport Layer Security
  84. 13.1. Postfix and TLS
  85. 13.2. TLS Certificates
  86. 14. Content Filtering
  87. 14.1. Command-Based Filtering
  88. 14.2. Daemon-Based Filtering
  89. 14.3. Other Considerations
  90. 15. External Databases
  91. 15.1. MySQL
  92. 15.2. LDAP
  93. A. Configuration Parameters
  94. A.1. Postfix Parameter Reference
  95. 2bounce_notice_recipient
  96. access_map_reject_code
  97. alias_maps
  98. allow_mail_to_files
  99. allow_percent_hack
  100. alternate_config_directories
  101. append_at_myorigin
  102. authorized_verp_clients
  103. berkeley_db_read_buffer_size
  104. biff
  105. body_checks_size_limit
  106. bounce_service_name
  107. canonical_maps
  108. command_directory
  109. command_time_limit
  110. content_filter
  111. daemon_timeout
  112. debug_peer_list
  113. default_destination_concurrency_limit
  114. default_extra_recipient_limit
  115. default_process_limit
  116. default_recipient_limit
  117. default_verp_delimiters
  118. defer_service_name
  119. delay_notice_recipient
  120. deliver_lock_attempts
  121. disable_dns_lookups
  122. disable_mime_output_conversion
  123. disable_vrfy_command
  124. double_bounce_sender
  125. empty_address_recipient
  126. error_service_name
  127. export_environment
  128. fallback_relay
  129. fast_flush_domains
  130. fast_flush_refresh_time
  131. fork_attempts
  132. forward_expansion_filter
  133. hash_queue_depth
  134. header_address_token_limit
  135. header_size_limit
  136. home_mailbox
  137. ignore_mx_lookup_error
  138. in_flow_delay
  139. initial_destination_concurrency
  140. ipc_idle
  141. line_length_limit
  142. lmtp_connect_timeout
  143. lmtp_data_init_timeout
  144. lmtp_lhlo_timeout
  145. lmtp_quit_timeout
  146. lmtp_rset_timeout
  147. lmtp_tcp_port
  148. local_destination_concurrency_limit
  149. local_recipient_maps
  150. luser_relay
  151. mail_owner
  152. mail_spool_directory
  153. mailbox_command
  154. mailbox_delivery_lock
  155. mailbox_transport
  156. manpage_directory
  157. masquerade_domains
  158. max_idle
  159. maximal_backoff_time
  160. message_size_limit
  161. mime_header_checks
  162. minimal_backoff_time
  163. mydomain
  164. mynetworks
  165. myorigin
  166. newaliases_path
  167. notify_classes
  168. parent_domain_matches_subdomains
  169. pickup_service_name
  170. process_id_directory
  171. proxy_interfaces
  172. qmgr_clog_warn_time
  173. qmgr_message_active_limit
  174. qmgr_message_recipient_minimum
  175. qmqpd_error_delay
  176. queue_directory
  177. queue_run_delay
  178. rbl_reply_maps
  179. recipient_canonical_maps
  180. reject_code
  181. relay_domains_reject_code
  182. relay_transport
  183. relocated_maps
  184. resolve_dequoted_address
  185. sample_directory
  186. sendmail_path
  187. setgid_group
  188. showq_service_name
  189. smtp_bind_address
  190. smtp_data_done_timeout
  191. smtp_data_xfer_timeout
  192. smtp_destination_recipient_limit
  193. smtp_helo_timeout
  194. smtp_mail_timeout
  195. smtp_pix_workaround_delay_time
  196. smtp_quit_timeout
  197. smtp_rcpt_timeout
  198. smtp_skip_5xx_greeting
  199. smtpd_banner
  200. smtpd_data_restrictions
  201. smtpd_error_sleep_time
  202. smtpd_expansion_filter
  203. smtpd_helo_required
  204. smtpd_history_flush_threshold
  205. smtpd_noop_commands
  206. smtpd_recipient_limit
  207. smtpd_restriction_classes
  208. smtpd_soft_error_limit
  209. soft_bounce
  210. strict_7bit_headers
  211. strict_8bitmime_body
  212. strict_rfc821_envelopes
  213. swap_bangpath
  214. syslog_name
  215. transport_retry_time
  216. undisclosed_recipients_header
  217. unknown_client_reject_code
  218. unknown_local_recipient_reject_code
  219. unknown_virtual_alias_reject_code
  220. verp_delimiter_filter
  221. virtual_alias_maps
  222. virtual_mailbox_base
  223. virtual_mailbox_limit
  224. virtual_mailbox_maps
  225. virtual_transport
  226. B. Postfix Commands
  227. C. Compiling and Installing Postfix
  228. C.1. Obtaining Postfix
  229. C.2. Postfix Compiling Primer
  230. C.3. Building Postfix
  231. C.4. Installation
  232. C.5. Compiling Add-on Packages
  233. C.6. Common Problems
  234. C.7. Wrapping Things Up
  235. D. Frequently Asked Questions
  236. Index
  237. About the Author
  238. Colophon
  239. Copyright

Email Topics

Internet email is a complex subject with many aspects. There are important principles that apply when administering an email system regardless of the MTA you are working with. This section presents a few concepts that will help in understanding later explanations in the book, but you are urged to learn as much about Internet email as possible from the many resources available in books and online.

RFCs

RFCs, or Request for Comments documents, define the standards for the Internet. There are several RFCs relating to Internet email, all of which are relevant to you if you are administering an email system on the Internet. The two most commonly referenced RFCs for email are RFC 821 and RFC 822, which deal with how email messages are transferred between systems, and how email messages should appear. These documents were put into effect more than 20 years ago. They were updated in April 2001 with the proposed standards RFC 2821 and RFC 2822, although you will still see many references to the original documents. RFC documents are maintained by the Internet Engineering Task Force, whose site is available at http://www.ietf.org/.

Email Agents

Chapter 1 introduced several of the email agents involved in message composition to final delivery. For convenience, Table 2-1 contains a summary of these agents.

Table 2-1. Email agents

Agent

Name

Purpose

MUA

Mail User Agent

Email client software used to compose, send, and retrieve email messages. Sends messages through an MTA. Retrieves messages from a mail store either directly or through a POP/IMAP server.

MTA

Mail Transfer Agent

Server that receives and delivers email. Determines message routing and possible address rewriting. Locally delivered messages are handed off to an MDA for final delivery.

MDA

Mail Delivery Agent

Program that handles final delivery of messages for a system’s local recipients. MDAs can often filter or categorize messages upon delivery. An MDA might also determine that a message must be forwarded to another email address.

The Postmaster

An email administrator is commonly referred to as a postmaster . An individual with postmaster responsibilities makes sure that the mail system is working correctly, makes configuration changes, and adds/removes email accounts, among other things. You must have a postmaster alias at all domains for which you handle email that directs messages to the correct person or persons. RFC 2142 specifies that a postmaster address is required.

Reject or Bounce

If a receiving MTA determines during the SMTP conversation (see Section 2.2.8 later in the chapter) that it will not accept the message, it rejects the message. At that point the sending system should generate an error report to deliver to the original sender. Sometimes the MTA accepts a message and later discovers that it cannot be delivered—perhaps the intended recipient doesn’t exist or there is a problem in the final delivery. In this case, the MTA that has accepted the message bounces it back to the original sender by sending an error report, usually including the reason the original message could not be delivered.

The MTA that accepts a message takes responsibility for the message until it is delivered or handed off to another MTA. When a system is responsible for a message and cannot deliver or relay it, the responsible system informs the sender that the mail is undeliverable.

Envelope Addresses and Message Headers

A common source of confusion for email users is the fact that the To: address in email message headers has nothing to do with where a message is actually delivered. The envelope address controls message delivery. In practice, when you compose a message and provide your MUA with a To: address, your MUA uses that same address as the envelope destination address, but this is not required nor is it always the case. From the MTA’s point of view, message headers are part of the content of an email message. The delivery of a message is determined by the addresses specified during the SMTP conversation. These addresses are the envelope addresses , and they are the only thing that determine where messages go. See Section 2.2.8 later in the chapter for an explanation of the SMTP protocol.

Mailing lists and spam are common examples of when the envelope destination address differs from the To: address of the message headers. For more information, see RFC 2821 and RFC 2822. Also see Section 2.2.7 later in the chapter for more information about the format of email messages. If you follow the SMTP session in Example 2-2, try substituting any address you want in the To: field of the message contents to see that it has no effect on where the message is delivered.

Local Parts of Email Addresses

RFC 2822 describes the format of email addresses in great detail. It specifies how things such as quoting and comments should work in email addresses. If we ignore the more obscure details, a simple email address is generally composed of three parts: the local part (which is usually a username), the @ separator, and the domain name . The local part might also be an alias to another address or to a mailing list. The local part is sometimes referred to as the lefthand side (LHS), and the domain is sometimes called the righthand side (RHS). For more information, see RFC 2822.

Email Message Format

Since RFC 822 was the document that originally described how Internet email messages should be formatted, messages are commonly referred to as “in the RFC 822 format” or as an “RFC 822 message.” You should understand the basics of the format since it is referred to in this book and you will likely see it elsewhere. I’ll use the newer proposed standard and refer to “RFC 2822 messages.”

RFC 2822 messages

RFC 2822 specifies the format of both email messages and email addresses as they appear in message headers (but not envelope addresses). The specification describes the format for transmission, but many implementations use the same or a similar format to store messages. A message is comprised of two parts: the header and the body. The header contains specific fields with names such as To, From, or Subject followed by a colon (:). After the colon comes the contents of the field. One message header field can span multiple lines. Lines that continue a field start with whitespace characters (space or tab characters) to show that they are continuations of the previous line.

The standard document provides a lot of detail about the header fields and what they should be used for. There are rules about how fields relate to each other and when one or another must be used, but in the simplest case, the only required fields are the Date: and the From: fields. The standard also provides for customized fields that a particular email implementation might want to create for its own use.

The header fields are separated from the message body by an empty line. The body of a message contains the contents of the message itself. The body is purposely free-form, but should contain only ASCII characters. Some defined headers have a prescribed structure that is more restricted than the body. Binary files, such as images or executables, must be converted in some way to ASCII characters, so they can be sent in compliance with the standard. Other standards such as MIME encoding or traditional uuencoding deal with converting such files for mailing. Example 2-1 shows a typical message with headers and body.

Example 2-1. Email message format
Return-Path: <info@oreilly.com>
Delivered-To: kdent@mail.example.com
Received: from mail.oreilly.com (mail.oreilly.com [192.168.145.34])
        by mail.example.com (Postfix) with SMTP id 5FA26B3DFE
        for <kdent@example.com>; 
        Mon, 8 Apr 2003 16:40:29 -0400 (EDT)
Date: Mon, 8 Apr 2003 15:38:21 -0500
From: Customer Service <info@oreilly.com>
To: <kdent@example.com>
Reply-To: <info@oreilly.com>
Message-ID: <01a4e2238200842@mail.oreilly.com>
Subject: Have you read RFC 2822?

This is the start of the body of the message. It could continue
for many lines, but it doesn't.

The fields in the example are mostly self-explanatory. The Received: header is not required by RFC 2822, but every MTA that handles a message normally prepends a Received: header to the message, as discussed in RFC 2821, which is described in the following section.

The SMTP Protocol

The SMTP protocol is defined in RFC 2821. The protocol is actually quite simple to follow, and was designed to be easily comprehensible both to humans and computers. A client connects to an SMTP server, whereupon the server begins the SMTP conversation, which consists of a series of simple commands and replies, including the transmission of the email message. The best way to understand the protocol is to see it in action. You can easily try it yourself once you have your mail server set up. Using a Telnet client, you can pose as a delivering MTA. Example 2-2 shows the steps and the basic commands to deliver a message.

Example 2-2. Email message delivery
$ telnet mail.example.com 25
Trying 10.232.45.151
Connected to mail.example.com.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix
HELO mail.oreilly.com
250 mail.oreilly.com
MAIL FROM:<info@oreilly.com>
250 Ok
RCPT TO:<kdent@example.com>
250 Ok
DATA
354 End data with <CR><LF>.<CR><LF>

Date: Mon, 8 Apr 2003 15:38:21 -0500
                  From: Customer Service <info@oreilly.com>
                  To: <kdent@example.com>
                  Reply-To: <service@oreilly.com>
                  Message-ID: <01a4e2238200842@mail.oreilly.com>
                  Subject: Have you read RFC 2822?

                  This is the start of the body of the message. It could continue
                  for many lines, but it doesn't.
                  .

250 Ok: queued as 5FA26B3DFE
quit
221 Bye
Connection closed by foreign host.
$

The SMTP session depicted in Example 2-2 is actually the delivery that produced the sample message in Example 2-1. To follow the example yourself, start by using a Telnet client to connect to the mail server on port 25 at mail.example.com. You should connect to your own Postfix server and type in your own email addresses for the envelope addresses. Port 25 is the well-known port for SMTP servers. After the Telnet messages:

Trying 10.232.45.151
Connected to localhost.
Escape character is '^]'.

the server greets you with its banner:

220 mail.example.com ESMTP Postfix

SMTP server replies, such as the greeting message, always start with a three-digit response code, usually followed by a short message for human consumption. Table 2-2 provides the reply code levels and their meanings. The first digit of the response code is enough to know the status of the requested command. In documentation the response codes are often written as 2xx to indicate a level 200 reply.

Table 2-2. SMTP response codes

Code level

Status

2xx

The requested action was successful. The client may continue to the next step.

3xx

Command was accepted, but the server expects additional information. The client should send another command with the additional information.

4xx

The command was not successful, but the problem is temporary. The client should retry the action at a later time.

5xx

The command was not successful, and the problem is considered permanent. The client should not retry the action.

After receiving the welcome banner, introduce yourself with the HELO command. The hostname after the HELO command should be the name of the system you’re connecting from:

HELO mail.oreilly.com

The server replies with a success. So you may continue:

250 mail.oreilly.com

Indicate who the message is from with the MAIL FROM command:

MAIL FROM:<info@oreilly.com>

The server accepts the sending address:

250 Ok

Indicate who the message is to with the RCPT TO command:

RCPT TO:<kdent@example.com>

The server accepts the recipient address:

250 Ok

Now you are ready to send the content of the message. The DATA command tells the server that you have an RFC 2822 message ready to transfer:

DATA

The server replies that it accepts the command and is expecting you to begin sending data:

354 End data with <CR><LF>.<CR><LF>

At this point, you can transfer the entire contents of your message. The contents of messages start with the message headers. When the message itself is finished, indicate the end by sending a single period on a line by itself.

The server acknowledges the end of your message and replies that the transfer was successfully completed:

250 Ok: queued as 5FA26B3DFE

At this point the server has taken responsibility for the message. If you wanted to continue with more commands, you could do so now. Since you have no other messages to deliver to this server, you can start to disconnect with the quit command:

quit

The server replies with a success and disconnects:

221 Bye

Finally, the Telnet client tells you that the connection has ended returns to the command prompt:

Connection closed by foreign host.
$

This was, of course, the simplest example of an SMTP transaction. The basic protocol provides additional commands and has been extended to allow for many enhancements. RFC 1869 provides a framework for adding additional features to the basic SMTP protocol. The enhanced protocol is referred to as ESMTP. A client indicates its willingness to use the enhanced protocol by beginning with the EHLO command instead of HELO. If the server also supports enhancements, it replies with a list of the features it provides.

Many enhancements have been specified in various RFCs. You can learn about them by searching for SMTP information on the IETF web site (http://www.ietf.org/). There are many other resources available on the Web regarding the SMTP and ESMTP protocols .