Installing the PostFix software

Installing the package

Before we install any packages we should ensure that the correct use-flags will be used so that all required functionality is made available and unnecessary functionality is not included. The postfix package and its dependencies provide a variety of use-flags only some of which will be discussed further here. As usual feel free to add and remove use-flags at will although the minimum set which are required for using this guide in its entirety are shown below.

lisa ~ # emerge -pv postfix

These are the packages that would be merged, in order:

Calculating dependencies... done!

[ebuild   N    ] net-mail/mailbase-1 USE="pam"
[ebuild   N    ] dev-libs/libgamin-0.1.10-r2 USE="python -debug"
[ebuild   N    ] app-admin/eselect-postgresql-0.3
[ebuild   N    ] net-libs/courier-authlib-0.62.4 USE="crypt gdbm pam postgres -berkdb -debug -ldap -mysql -vpopmail"
[ebuild   N    ] dev-db/postgresql-base-8.4.2-r1 USE="nls pam readline ssl zlib -doc -kerberos -ldap -pg_legacytimestamp -threads"
[ebuild   N    ] virtual/postgresql-base-8.4
[ebuild   N    ] app-admin/gamin-0.1.10 USE="-debug"
[ebuild   N    ] net-mail/courier-imap-4.5.0 USE="fam gdbm gnutls nls -berkdb -debug -ipv6"
[ebuild   N    ] dev-libs/glib-2.22.4 USE="fam -debug -doc -hardened -xattr"
[ebuild   N    ] app-admin/gam-server-0.1.10 USE="-debug"
[ebuild   N    ] dev-libs/cyrus-sasl-2.1.23-r1 USE="authdaemond crypt gdbm pam postgres ssl -berkdb -java -kerberos -ldap -mysql -ntlm_unsupported_patch -sample -sqlite -srp -urandom"
[ebuild   N    ] mail-mta/postfix-2.6.5 USE="pam postgres sasl ssl vda -cdb -dovecot-sasl -hardened -ipv6 -ldap -mbox -mysql -nis"

The authdaemond use flag will cause the net-libs/courier-authlib and net-mail/courier-imap to be pulled in to the merge as dependencies. If this use-flag is not set then these packages will have to be installed manually. Authentication without using the authdaemond option is not discussed in this guide.

Once you are confident that the correct use-flags are set for the postfix package, and any dependencies it may require, you can proceed with the installation by issuing the emerge command shown below.

lisa ~ # emerge postfix

With the required packages installed all which remains is to add the postfix user to the mail group so that the required access to the authdaemond UNIX socket is permitted to allow correct integration of the postfix daemon and the authdaemond authentication daemon provided by the net-libs/courier-authlib package. This can be accomplished with the following simple command.

lisa ~ # gpasswd -a postfix mail

Adding user postfix to group mail

Adding the postfix user to the mail group is essential for the correct functioning of user authentication using the authdaemond daemon. If this is not desirable in your installation the permissions for the authdaemond UNIX socket will need to be modified accordingly to allow the postfix user the required access.

Installing additional tools

Although the Postfix package provides everything needed to run an SMTP server in a wide variety of configurations it provides nothing at all in the way of diagnostic tools. Thankfully, as all the protocols we will be using are based on the standard telnet protocol, we can use the telnet application, which is available in the net-misc/netkit-telnetd package, for performing our diagnostic tests. We can install this package using the command below.

lisa ~ # emerge netkit-telnetd

Basic configuration

During installation of the Postfix package an example configuration file was created in place of a usable configuration file. As we shall be creating our configuration from scratch the first task is to rename the existing file, so that we can keep the example should we wish to refer to it at a later date, and create a new file in its place which we can begin editing.

lisa ~ # mv /etc/postfix/main.cf /etc/postfix/main.cf.example
lisa ~ # nano -w /etc/postfix/main.cf

Now that we have an empty configuration file to work with we can begin by adding a list of the paths which the Postfix daemon will require during operation. As you can see from the example below the configuration file syntax is extremely simple consisting of a variable name followed by an expression indicating the value to be assigned to the variable in question. Assuming that you are using the default paths for the Postfix package then the configuration segment below will suffice.

/etc/postfix/main.cf

command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
queue_directory = /var/spool/postfix

With the paths added to the configuration file we can begin to configure the Postfix daemon more fully by adding the list of network interfaces to listen on, or all as in the example to indicate that all available interfaces should be used, as well as any addresses which we will appear to be on as a result of proxy servers or NAT redirection. We also set the host name to use in the greeting to avoid confusion on multi-homed hosts.

/etc/postfix/main.cf

inet_interfaces = all
proxy_interfaces = mail-fallback.hacking.co.uk
myhostname = mail.hacking.co.uk

It is extremely important that all network interfaces on which this service will be reachable, whether local to the machine the server process is running on or remotely mapped using proxy servers or NAT, are listed in one of the above two variables otherwise "message loops" may result when this server is acting as a backup MX server and the primary MX server is unreachable.

As this guide is not concerned with UNIX mail delivery the next section instructs the Postfix daemon not to listen for local recipients on any destinations and to therefore use an empty table to map local recipients. It also instructs the daemon to issue the permanent error code of 550 to anyone attempting to send to unknown local recipients.

/etc/postfix/main.cf

mydestination = 
local_recipient_maps = 
unknown_local_recipient_reject_code = 550

The final setting which we shall include in our most basic of configurations will ensure that this host cannot be used to relay mail to the Internet from anywhere other than the host itself without performing some form of authentication. In a later section we will close even this small loophole but for now it is easiest if we can send mail unauthenticated from the local host address.

/etc/postfix/main.cf

mynetworks_style = host

Testing our basic configuration

Whilst our configuration so far may be rather minimalist to say the least it is sufficient to enable us to run the most basic tests of the Postfix daemon. Before we can conduct these tests of course we need to ensure that the daemon at least appears to start correctly and, if it does, add it to the default run level as shown below.

lisa ~ # /etc/init.d/postfix start
lisa ~ # rc-update add postfix default

Assuming that everything went well so far we can run a very simple test using the telnet application we installed earlier. The text which should be entered by the user in the example below appears in white while all text sent by the Postfix daemon appears in gray. Obviously you should change the email address to somewhere you will actually receive the mail.

lisa ~ # telnet localhost 25

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

220 mail.hacking.co.uk ESMTP Postfix

MAIL FROM: someone@example.com

250 2.1.0 OK

RCPT TO: spamcatcher@hacking.co.uk

250 2.1.5 OK

DATA

354 End data with <CR><LF>.<CR><LF>

To: spamcatcher@hacking.co.uk

Subject: Test Message

This is a test piece of mail.

250 2.0.0 OK: queued as 7E28DAC72

QUIT

221 2.0.0 Bye

Connection closed by foreign host.

Hopefully you will see output similar to the above. If you do not succeed in this simple test then the rest of this guide will certainly fail. Please take the time to ensure that this most basic configuration is working before proceeding.