Postfix Small/Home Office Hints and Tips


Overview

This document combines hints and tips for "small office/home office" applications into one document so that they are easier to find. The text describes the mail sending side only. If your machine does not receive mail directly (i.e. it does not have its own Internet domain name and its own fixed IP address), then you will need a solution such as "fetchmail", which is outside the scope of the Postfix documentation.

See the SASL_README and STANDARD_CONFIGURATION_README documents for further information on these topics.

Postfix on a stand-alone Internet host

Postfix should work out of the box without change on a stand-alone machine that has direct Internet access. At least, that is how Postfix installs when you download the Postfix source code via http://www.postfix.org/.

You can use the command "postconf -n" to find out what settings are overruled by your main.cf. Besides a few pathname settings, few parameters should be set on a stand-alone box, beyond what is covered in the BASIC_CONFIGURATION_README document:

/etc/postfix/main.cf:
    # Optional: send mail as user@domainname instead of user@hostname.
    #myorigin = $mydomain
    # Optional: specify NAT/proxy external address.
    #proxy_interfaces = 1.2.3.4
    # Alternative 1: don't relay mail from other hosts.
    mynetworks_style = host
    relay_domains =
    # Alternative 2: relay mail from local clients only.
    # mynetworks = 192.168.1.0/28
    # relay_domains =

See also the section "Postfix on hosts without a real Internet hostname" if this is applicable to your configuration.

Postfix on hosts without a real Internet hostname

This section is for hosts that don't have their own Internet hostname. Typically these are systems that get a dynamic IP address via DHCP or via dialup. Postfix will let you send and receive mail just fine between accounts on a machine with a fantasy name. However, you cannot use a fantasy hostname in your email address when sending mail into the Internet, because no-one would be able to reply to your mail. In fact, more and more sites refuse mail addresses with non-existent domain names.

Note: the following information is Postfix version dependent. To find out what Postfix version you have, execute the command "postconf mail_version".

Solution 1: Postfix version 2.2 and later

Postfix 2.2 uses the generic(5) address mapping to replace local fantasy email addresses by valid Internet addresses. This mapping happens ONLY when mail leaves the machine; not when you send mail between users on the same machine.

The following example presents additional configuration. You need to combine this with basic configuration information as discussed the first half of this document.

1 /etc/postfix/main.cf:
2     smtp_generic_maps = hash:/etc/postfix/generic
3 
4 /etc/postfix/generic:
5     his@localdomain.local             hisaccount@hisisp.example
6     her@localdomain.local             heraccount@herisp.example
7     @localdomain.local                hisaccount+local@hisisp.example

When mail is sent to a remote host via SMTP:

Specify dbm instead of hash if your system uses dbm files instead of db files. To find out what lookup tables Postfix supports, use the command "postconf -m".

Execute the command "postmap /etc/postfix/generic" whenever you change the generic table.

Solution 2: Postfix version 2.1 and earlier

The solution with older Postfix systems is to use valid Internet addresses where possible, and to let Postfix map valid Internet addresses to local fantasy addresses. With this, you can send mail to the Internet and to local fantasy addresses, including mail to local fantasy addresses that don't have a valid Internet address of their own.

The following example presents additional configuration. You need to combine this with basic configuration information as discussed the first half of this document.

 1 /etc/postfix/main.cf:
 2     myhostname = hostname.localdomain
 3     mydomain = localdomain
 4 
 5     canonical_maps = hash:/etc/postfix/canonical
 6 
 7     virtual_alias_maps = hash:/etc/postfix/virtual
 8 
 9 /etc/postfix/canonical:
10     your-login-name    your-account@your-isp.com
11 
12 /etc/postfix/virtual:
13     your-account@your-isp.com       your-login-name

Translation:

Specify dbm instead of hash if your system uses dbm files instead of db files. To find out what lookup tables Postfix supports, use the command "postconf -m".

Execute the command "postmap /etc/postfix/canonical" whenever you change the canonical table.

Execute the command "postmap /etc/postfix/virtual" whenever you change the virtual table.

Enabling SASL authentication in the Postfix SMTP client

Turn on client-side SASL authentication, and specify a table with per-host or per-destination username and password information. The Postfix SMTP client first searches the table for an entry with the remote SMTP server hostname; if no entry is found, then the Postfix SMTP client searches the table for an entry with the next-hop destination. Usually, that is the right-hand part of an email address, but it can also be the information that is specified with the relayhost parameter or with a transport(5) table.

/etc/postfix/main.cf:
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_type = cyrus
    relayhost = [mail.myisp.net]
    # Alternative form:
    # relayhost = [mail.myisp.net]:submission
/etc/postfix/sasl_passwd:
    [mail.myisp.net]            username:password
    [mail.myisp.net]:submission username:password

Notes:

Workarounds:

Supporting multiple ISP accounts in the Postfix SMTP client

Postfix version 2.3 supports multiple ISP accounts. This can be useful when one person uses the same machine for work and for personal use, or when people with different ISP accounts share the same Postfix server. To make this possible, Postfix 2.3 supports per-sender SASL passwords and per-sender relay hosts. In the example below, Postfix will search the SASL password file by sender before it searches that same file by destination. Likewise, Postfix will search the per-sender relayhost file, and use the default relayhost only as a final resort.

/etc/postfix/main.cf:
    smtp_sender_dependent_authentication = yes
    sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    relayhost = [mail.myisp.net]
    # Alternative form:
    # relayhost = [mail.myisp.net]:submission
/etc/postfix/sasl_passwd:
    # Per-sender authentication; see also /etc/postfix/sender_relay.
    user1@example.com           username2:password2
    user2@example.net           username2:password2
    # Login information for the default relayhost.
    [mail.myisp.net]            username:password
    [mail.myisp.net]:submission username:password
/etc/postfix/sender_relay:
    # Per-sender provider; see also /etc/postfix/sasl_passwd.
    user1@example.com           [mail.example.com]:submission
    user2@example.net           [mail.example.net]

Notes: