How to configure a mail server with Postfix and Dovecot for different requirements

Mail server admins may often have to deal with different types of requirements based on service policies or customer-specific requests. This tutorial will cover common cases of mail server administration. More specifically, it will show how different mail server requirements can be met by tuning parameters of Postfix and Dovecot.

Useful Postfix Commands

Before we start, let us look at some commands related to Postfix.

1. postfix reload vs. service postfix restart

To reload Postfix with any updated configuration files, two commands can be used.

  • postfix reload: This command will check configuration files, and will update Postfix accordingly. As this command does not cause Postfix to shut down, it is highly recommended in production environments.
  • service postfix restart: This command will first shut down Postfix, and then start it again. This command will start a fresh instance of Postfix.

Depending on requirements or convenience, we can choose either option to reload Postfix.

2. postconf

postconf is a very useful Postfix command. The following are some example usages of postconf.

To show the values of all Postfix parameters:

# postconf

To see the value of a specific Postfix parameter, grep can be used to filter the output:

# postconf | grep myorigin
append_at_myorigin = yes
myorigin = example.tst

postconf can also be used to set the value of a particular Postfix parameter at run time.

# postconf -e 'myorigin = example.tst'

Note that any Postfix parameter changed by postconf command persists across reboots. The same thing can be achieved by modifying the configuration file at /etc/postfix/main.cf.

"Always BCC" Policy

I have seen some companies that have "always BCC" policy which mandates that a copy of every outgoing email be sent to a specific mail account automatically.

In Postfix, this can be achieved by modifying one line in the configuration file.

# vim /etc/postfix/main.cf
## assuming that the account is allmail@example.tst ##
always_bcc = allmail
# service postfix restart

Bypassing DNS Lookup

Postfix can be configured in such a way that DNS lookup for a specific domain always resolves to a predetermined IP address. This is very useful in test environments as well as in domains that use multiple mail servers for different purposes.

For example, if we want Postfix to send all emails with a destination domain abcd.com to a mail server with IP address 1.2.3.4, we can do it by modifying Postfix configuration as follows.

# vim /etc/postfix/transport
abcd.com smtp:[1.2.3.4]
# postmap /etc/postfix/transport
# service postfix restart

NOTE: make sure that the variable transport_maps is properly set in /etc/postfix/main.cf as follows.

transport_maps = hash:/etc/postfix/transport

Using Relayhost

A relayhost aka smarthost is an ISP's mail server that accepts all outbound mails originating from its customer's mail servers. The customer can choose to hand over all outgoing mails to the relayhost instead of directly sending it over to the Internet. A relayhost can also be configured to accept incoming emails on behalf of a customer's mail server by tweaking MX records. The configuration of a relayhost is done as follows.

main.cf is modified to specify relayhost:

# vim /etc/postfix/main.cf
relayhost = mail.providermx.com

## in case of IP address ##
## [ ] disables DNS lookups ##
relayhost = [100.200.100.200]
# service postfix restart

Sender Email Account Verification

To protect against spamming, it is sometimes useful to verify the validity of the sender's email account on local domain.

The following method can be used to double-check whether the local sender's address of an outgoing mail is valid.

First, we add all the valid accounts.

# vim /etc/postfix/sender_access
user1@example.tst		OK
user2@examle.tst		OK
user3@example.tst		OK
user4@example.tst		OK
## emails sent from user5 will be rejected ##
user5@example.tst		REJECT
# postmap /etc/postfix/sender_access

Next, sender restrictions are implemented as follows.

# vim /etc/postfix/main.cf
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access, reject_unauth_destination, reject_unknown_sender_domain 
# service postfix restart

At this point, the only valid senders would be user1, user2, user3, and user4. user5 and any other sender address will be blocked.

Blocking Specific Addresses or Domains

Postfix can be configured to block incoming and outgoing mails from specific sender addresses or specific domains. The following configuration can do the trick.

# vim /etc/postfix/access
user@qwer.com	550		address blocked
wxyz.com	550		domain blocked
# postmap access

# vim /etc/postfix/main.cf
smtpd_recipient_restrictions = hash:/etc/postfix/access, permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination
# service postfix restart

Note: it is possible to use one file to block both sender and recipient, instead of using separate files sender_access (described earlier) and access. Personally, I prefer keeping them separate for ease of troubleshooting.

Set Maximum Email Size and Mailbox Quota

The following parameters can be tuned to specify the size of an email message and also the size of a user mailbox.

# vim /etc/postfix/main.cf
## maximum email size in bytes, including header information ##
message_size_limit = 10240000

## maximum mailbox size in bytes. 0 denotes no quota ##
mailbox_size_limit = 0
# service postfix restart

Enable Plaintext Authentication in Dovecot

For security reasons, the Dovecot IMAP/POP server by default does not allow plaintext authentication (i.e., use an unencrypted password). For some reason, if someone needs to enable plaintext authentication in Dovecot, the following tuning is necessary.

# vim /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no
# service dovecot restart

These are some of the tunings that mail server admins often do. Postfix and Dovecot can be tuned even further to match the needs of a stakeholder.

Hope this helps.

Subscribe to Xmodulo

Do you want to receive Linux FAQs, detailed tutorials and tips published at Xmodulo? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.

The following two tabs change content below.
Sarmed Rahman is an IT professional in the Internet Industry in Bangladesh. He writes tutorial articles on technology every now and then from a belief that knowledge grows through sharing. During his free time, he loves gaming and spending time with his friends.

5 thoughts on “How to configure a mail server with Postfix and Dovecot for different requirements

  1. I liked your article, it spelled out some nice commands and was written in a good fashion, it was clear and made me understand somethings I didn't already know. For example, I didnt know that postconf doesn't persist, I thought it was rewriting the file, I never bothered to check it, but I never used postconf much in the first place, so I never had a problem if I had used it and rebooted in the future without realising.

    Thanks

    • Great to hear that you like the article. :) However, there is a mistake in the postconf part. postconf is actually persistent and will remain unchanged across reboots. You were right in thinking that postconf actually modifies the config file main.cf.

      Already asked the moderators to take care of it. Apologies for any inconvenience it may have caused.

      Thanks.

  2. Nice article.

    I always had trouble figuring out stuff from man 5 postconf. This article has some parts that I already knew and some parts are new to me.

    Thank you.

    Oh by the way our company creates a free Postfix based mail server called MailPigeon.

Leave a comment

Your email address will not be published. Required fields are marked *

Current ye@r *