Beruflich Dokumente
Kultur Dokumente
Before you begin configuring Postfix, it would be worth and well to take a look at its man
pages here, putting special emphasis on the section titled “Information for new Postfix users“. If
you do, you will find it easier to follow along with this tutorial.
In few words, you should know that there are two configuration files for Postfix:
/etc/postfix/main.cf (Postfix configuration parameters, refer to man 5 postconf for more details).
/etc/postfix/master.cf (Postfix master daemon configuraton, see man 5 master for further details).
In /etc/postfix/main.cf , locate (or add, if necessary) the following lines and make sure they
match the values indicated below:
main.cf
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
dovecot_destination_recipient_limit = 1
message_size_limit = 4194304
readme_directory = no
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (CentOS)
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_transport = dovecot
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
The next three settings are of special importance. In the files indicated in yellow we will configure
Postfix’s access to the Domains_tbl, Users_tbl, and Alias_tbl tables:
virtual_mailbox_domains = mysql: /etc/postfix/mariadb-vdomains.cf
virtual_mailbox_maps = mysql: /etc/postfix/mariadb-vusers.cf
virtual_alias_maps = mysql: /etc/postfix/mariadb-valias.cf
Note that you can choose different file names above, as long as you make sure to create them and
insert the following contents in them. In each case, replace YourPassword with the password you
chose for the dba user in Part 1, or you can also use the MariaDB root credentials for user and
password below.
Also, make sure you use the exact same names of the email server database and tables created
in Part 1.
In /etc/postfix/mariadb-vdomains.cf :
mariadb-vdomains.cf
user = dba
password = YourPassword
hosts = 127.0.0.1
dbname = EmailServer_db
query = SELECT 1 FROM Domains_tbl WHERE DomainName='%s'
In /etc/postfix/mariadb-vusers.cf :
mariadb-vusers.cf
user = dba
password = YourPassword
hosts = 127.0.0.1
dbname = EmailServer_db
query = SELECT 1 FROM Users_tbl WHERE Email='%s'
In /etc/postfix/mariadb-valias.cf :
mariadb-valias.cf
user = dba
password = YourPassword
hosts = 127.0.0.1
dbname = EmailServer_db
query = SELECT Destination FROM Alias_tbl WHERE Source='%s'
Finally, don’t forget to change the permissions to these files to 640:
# chmod 640 /etc/postfix/mariadb-vdomains.cf
# chmod 640 /etc/postfix/mariadb-vusers.cf
# chmod 640 /etc/postfix/mariadb-valias.cf
And the ownership to user root and group postfix:
# chown root:postfix /etc/postfix/mariadb-vdomains.cf
# chown root:postfix /etc/postfix/mariadb-vusers.cf
# chown root:postfix /etc/postfix/mariadb-valias.cf
Next, to enable secure connections we need to make sure the following settings are
uncommented (or added, if necessary) in /etc/postfix/master.cf :
master.cf
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
#virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
Note: The indentation in the lines beginning with the -o option is critical; otherwise postfix check
will return an error:
Check Postfix Configuration
Before you save changes, add the following lines at the bottom of the file:
master.cf
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}
At this point it is essential to check whether Postfix has access to the database tables and the
domains, accounts, and alias that we created in Part 1.
To do so, we will use the postmap command, an utility to test communication with the tables
Postfix will look up during operation, but first and foremost we’ll need to restart postfix:
# systemctl postfix restart
# postmap -q linuxnewz.com mysql:/etc/postfix/mariadb-vdomains.cf
# postmap -q someotherdomain.com mysql:/etc/postfix/mariadb-vdomains.cf
# postmap -q tecmint@linuxnewz.com mysql:/etc/postfix/mariadb-vusers.cf
# postmap -q linuxsay@linuxnewz.com mysql:/etc/postfix/mariadb-vusers.cf
# postmap -q gacanepa@linuxnewz.com mysql:/etc/postfix/mariadb-vusers.cf
# postmap -q info@linuxnewz.com mysql:/etc/postfix/mariadb-valias.cf
In the image below we can see that for existing records in the database, a 1 is returned.
Otherwise, nothing is displayed back to the screen. In the case of the alias check, note that the
actual email account the alias is mapped to is returned: