Mail server admins may often have to deal with different types of requirements based on service policies or customer-specific requests. This tutorial will cover common cases of mail server administration. More specifically, it will show how different mail server requirements can be met by tuning parameters of Postfix and Dovecot.
Useful Postfix Commands
Before we start, let us look at some commands related to Postfix.
1. postfix reload vs. service postfix restart
To reload Postfix with any updated configuration files, two commands can be used.
- postfix reload: This command will check configuration files, and will update Postfix accordingly. As this command does not cause Postfix to shut down, it is highly recommended in production environments.
- service postfix restart: This command will first shut down Postfix, and then start it again. This command will start a fresh instance of Postfix.
Depending on requirements or convenience, we can choose either option to reload Postfix.
postconf is a very useful Postfix command. The following are some example usages of postconf.
To show the values of all Postfix parameters:
To see the value of a specific Postfix parameter, grep can be used to filter the output:
append_at_myorigin = yes myorigin = example.tst
postconf can also be used to set the value of a particular Postfix parameter at run time.
Note that any Postfix parameter changed by postconf command persists across reboots. The same thing can be achieved by modifying the configuration file at /etc/postfix/main.cf.
"Always BCC" Policy
I have seen some companies that have "always BCC" policy which mandates that a copy of every outgoing email be sent to a specific mail account automatically.
In Postfix, this can be achieved by modifying one line in the configuration file.
## assuming that the account is email@example.com ## always_bcc = allmail
Bypassing DNS Lookup
Postfix can be configured in such a way that DNS lookup for a specific domain always resolves to a predetermined IP address. This is very useful in test environments as well as in domains that use multiple mail servers for different purposes.
For example, if we want Postfix to send all emails with a destination domain abcd.com to a mail server with IP address 220.127.116.11, we can do it by modifying Postfix configuration as follows.
# service postfix restart
NOTE: make sure that the variable transport_maps is properly set in /etc/postfix/main.cf as follows.
transport_maps = hash:/etc/postfix/transport
A relayhost aka smarthost is an ISP's mail server that accepts all outbound mails originating from its customer's mail servers. The customer can choose to hand over all outgoing mails to the relayhost instead of directly sending it over to the Internet. A relayhost can also be configured to accept incoming emails on behalf of a customer's mail server by tweaking MX records. The configuration of a relayhost is done as follows.
main.cf is modified to specify relayhost:
relayhost = mail.providermx.com ## in case of IP address ## ## [ ] disables DNS lookups ## relayhost = [18.104.22.168]
Sender Email Account Verification
To protect against spamming, it is sometimes useful to verify the validity of the sender's email account on local domain.
The following method can be used to double-check whether the local sender's address of an outgoing mail is valid.
First, we add all the valid accounts.
firstname.lastname@example.org OK email@example.com OK firstname.lastname@example.org OK email@example.com OK ## emails sent from user5 will be rejected ## firstname.lastname@example.org REJECT
Next, sender restrictions are implemented as follows.
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access, reject_unauth_destination, reject_unknown_sender_domain
At this point, the only valid senders would be user1, user2, user3, and user4. user5 and any other sender address will be blocked.
Blocking Specific Addresses or Domains
Postfix can be configured to block incoming and outgoing mails from specific sender addresses or specific domains. The following configuration can do the trick.
email@example.com 550 address blocked wxyz.com 550 domain blocked
smtpd_recipient_restrictions = hash:/etc/postfix/access, permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination
Note: it is possible to use one file to block both sender and recipient, instead of using separate files sender_access (described earlier) and access. Personally, I prefer keeping them separate for ease of troubleshooting.
Set Maximum Email Size and Mailbox Quota
The following parameters can be tuned to specify the size of an email message and also the size of a user mailbox.
## maximum email size in bytes, including header information ## message_size_limit = 10240000 ## maximum mailbox size in bytes. 0 denotes no quota ## mailbox_size_limit = 0
Enable Plaintext Authentication in Dovecot
For security reasons, the Dovecot IMAP/POP server by default does not allow plaintext authentication (i.e., use an unencrypted password). For some reason, if someone needs to enable plaintext authentication in Dovecot, the following tuning is necessary.
disable_plaintext_auth = no
These are some of the tunings that mail server admins often do. Postfix and Dovecot can be tuned even further to match the needs of a stakeholder.
Hope this helps.
Subscribe to Xmodulo
Do you want to receive Linux FAQs, detailed tutorials and tips published at Xmodulo? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.