Author: Ricky Bryce (Montgomery County, Illinois)

Back to the Main Index

Postfix (Mail Server)

Postfix is a mail server which I far prefer to the default program SendMail because of ease of configuration (and other things). Postfix is responsible for delivering mail when you send a message, and receiving mail from the Internet, and placing that mail into your mailbox.

We are also going to configure Postfix to use the Procmail filter, which will call SpamAssassin to rate messages for Spam.

We also must set up support for SASL authentication. This is so only authenticated users can send mail through the server. We don't want someone using the server to send spam. That would be called an “Open Relay” An ISP does not usually configure SASL authentication because you are on one side of their server (the side they allow mail from), and the Internet is on the other side of the server. In our case, you will be accessing the server from the Internet side just like everyone else, so we have to be careful about who we accept messages from.

When a user connects to the server with a mail client, such as Thunderbird, or Outlook, the Dovecot server will deliver the mail to them.

As you can tell, quite a bit is going on, but it's really pretty easy to configure. Be sure you followed the procedure for configuring your DNS servers, and that you have set up the mx entry under Total DNS Control

With this configuration, any unix user you added using the adduser command will be able to receive mail from the system using their username and password, so if other users want to use your domain as their email address, you simply add them with the adduser username and passwd username commands as we did earlier.

1. If you haven't done so already, log into your server, and become the root user with the su command.

2. We are going to first erase sendmail from your server. Type yum erase sendmail

3. Now, we'll install postfix, spamassassin, and procmail if they are not already on our system. Type yum install postfix spamassassin procmail dovecot

4. Next, we'll configure Postfix. Type cd /etc/postfix (This will change to the postfix configuration directory)

5. Now type vi main.cf (We are using the vi text editor to edit the main postfix configuration file.)

6. Type /#myhostname to search for the first entry we must modify.

7. Tap “i” for insert mode.

8. Change the entry to read myhostname = mail.brycefamily.com (substitute your own domain name) Be sure to remove the # sign at the beginning to make the line active. This is called “uncommenting” the line. Any text after the # sign is ignored by the program, such as comments the author of the file might write to help you understand the purpose of an entry..

9. Now press esc on your keyboard to take the editor into command mode.

10. Type /#inet_interfaces to search for the entry where we configure which interfaces to accept mail from.

11. Tap “i” for insert mode.

12. Uncomment the line “inet_interfaces = all”

13. Place a # sign before the line “inet_interfaces = localhost” (Thus, commenting out the line so it is ignored)

14. Now press esc on your keyboard to take the editor into command mode.

15. Type “/mydestination =” (Without the quotes) to search for the entry where we configure which domains for which this server will accept mail.

16. Tap “i” for insert mode.

17. Comment out the first line (by placing a # before it), and uncomment the second line (by removing the # sign). Notice the second line contains the variable $mydomain which is by default what you used for myhostname, minus the first component. Since I used mail.brycefamily.com as myhostname, mydomain will be considered to be brycefamily.com.

18. Note: If other domains are pointing to your server, and you wish to accept mail to those domains, simply add a comma after $mydomain on the line you commented out, and add those other domains (separated by commas) Postfix will ONLY accept mail for domains specified under mydestination, even of the DNS for other domains are configured to point to your server.

19. Now press esc on your keyboard to take the editor into command mode.

20. Type /procmail to locate the entry where we configure procmail to act as our mail filter. For my purpose, I want to mark mail as spam if it has a spam rating of 5, and drop the mail if it has a spam rating of 10. We'll configure Procmail later, but for now, we are just going to configure Postfix to use Procmail for processing mail.

21. Tap “i” for insert mode.

22. Uncomment the mailbox_command line, and change the path to /usr/bin/procmail as shown.

23. Now press esc on your keyboard to take the editor into command mode.

24. Now hold CTRL + F to go to the end of the file (CTRL and F at the same time)

25. Tap “i” for insert mode.

(Next page)

26. Using your mouse keys, go to the end of the last line, then press enter, to add the following text to the end of the file. The purpose of this entry is to set up SASL authentication, so only valid users can send mail. (You can actually copy this text, and paste it at the bottom of your file if you wish. Be careful to paste it to the very end of the file, and not to corrupt the rest of the mail.cf file. As soon as you right click on the end of the file, the text will automatically be pasted if you copied it from here. Other options are availabe, and you can find them with a search engine.

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain = $myhostname

broken_sasl_auth_clients = yes

smtpd_recipient_restrictions = permit_sasl_authenticated, check_relay_domains

smtpd_error_sleep_time = 60

smtpd_soft_error_limit = 60

smtpd_hard_error_limit = 10

27. Press esc on your keyboard.

28. Now press :wq (colon, then w for write, and q to quit)

29. Note: Now Postfix is configured, but we need to configure the procmail filter. Procmail will call SpamAssassin to mark messages as Spam. This will allow us to easily manage Spam on our email client such as Thunderbird or Outlook by setting spam rules. SpamAssassin itself will not filter out junk mail, but just marks messages as spam which have a rating of 5 or more. Procmail will then be instructed to drop messages with a spam rating of 10 or more, which would almost certainly be junk mail. Keep in mind that no spam filter is 100% accurate, so it's not impossible that you could mark or drop some messages that were not really spam. (take that as a warning!) If you don't want this to happen, simply do not use the last part of the configuration file. I've found, however, that this configuration works out very well for me.

30. Type cd /etc

31. Type vi procmailrc (You will actually be creating the configuration file here)

32. Tap “i” on your keyboard for insert mode.

33. Set up your procmailrc file as follows. (You can copy and paste the text below if you wish)

Uncomment the following 3 lines and use tail -f procmail.log to debug

#LOGFILE=$HOME/procmail.log

#VERBOSE=yes

#LOGABSTRACT=all

# Send all mail through SpamAssassin

:0fw: spamassassin.lock

* < 256000

| spamassassin

# Mail that is very likely spam (>15) can be dropped on the floor.

# Move the # up one line to save it on the server instead.

# Note that dropping mail on the floor is a *bad*

# idea unless you really, really believe no false positives will

# have a score greater than 15.

:0

* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*

/dev/null

#almost-certainly-spam

34. Hit esc on your keyboard

35. Type :wq (colon, w to write, and q to quit)

36. Now, you can check the configuration with Webmin. Open your web browser, and type https://brycefamily.com:1000 (substitute your own domain)

37. I'm using firefox, so I'm going to add an exception since I didn't pay for a certificate from a trusted authority. You can download firefox from mozilla.org. Depending on your version of Firefox, the procedure may be a bit different. If you are running Internet Explorer, the procedure will be a bit different from below. If webmin came up automatically, then you can ignore the next few steps where I'm accepting the certificate. (skip down to where we log into webmin.)

38. Now, we click “Add Exception”

39. Then, we'll get the certificate.

40. Now, we'll confirm the security exception.

41. Now let's log into webmin with your root username and password

42. Under “Servers” choose the procmail filter

43. Now, you can see the configuration we just created in the procmailrc file, and you can manage your configuration from webmin.

44. Next, we'll configure the mail aliases. Aliases simply point fake usernames such as sales, info, support, etc to another email address such as ricky@brycefamily.com This means that if someone sends a message to support@brycefamily.com, that message will be redirected to ricky@brycefamily.com To configure the Aliases, click “Postfix Mail Server” under “Servers” in webmin.

45. Now, click on “Mail Aliases”

46. Click the text for “Support” (not the checkbox, but the text)

47. Set the address to forward to, then save your changes. (Note: support can be forwarded to more than one email address)

48. Let's go back to PUTTY, and type reboot at the command prompt.

49. Wait a few minutes, then log back into your server.

50. Type su to become superuser if you logged in as a standard user.

51. Type /etc/init.d/postfix status

52. If postfix is not running, type /etc/init.d/postfix start (We'll configure services to run at startup later on.)

53. Type /etc/init.d/spamassassin status

54. If spamassassin is not running, type /etc/init.d/spamassassin start

55. We'll do the same with dovecot. Type /etc/init.d/dovecot status

56. If dovecot is not running, type /etc/init.d/dovecot start

57. Now, we are going to test the email client. You can use Thunderbird, Outlook, or another client of your choice that supports SASL authentication. For this example, we are going to use Thunderbird, which can be downloaded from http://www.mozilla.com/en-US/thunderbird/

58. Here, I've canceled the account wizard, so I can configure the account manually.

59. Click Tools | Account settings.

60. Then, add an account.

61. This will be an email account. Click Next

62. Populate your name and your email address. Click “Next”.

63. Configure your incoming, and outgoing mail servers. Click “Next”:

64. Set your username. (You will be using the username and password you added in an earlier lesson (adduser and passwd commands) Click “Next”

65. Here, I'm using the default account name. Again, click “Next”.

66. Verify your information, then hit “Finish” Then press “OK”

67. Your email client should be set up. You can now test your email by sending to another email account. You will also want to test your email by having the other account send a message to your username on this server. You will be asked for the password. This will be the Unix system password from when you added the user with the adduser and passwd commands in an earlier lesson.

68. You can also try to send a message to yourself on your own server. If you can send a message to yourself, but other's aren't getting messages you send, be sure the reverse DNS is properly set up. You can google sites that will do a reverse DNS lookup on your IP address. Reverse DNS is necessary so other servers can verify your server is who it says it is. This will minimize the chance of your messages being dropped by the remote server. In the “Configuring DNS” Section, I'm showing you how to generate a reverse DNS request with VPSLink. You can't configure Reverse DNS on your own. You need to contact support, and have them do it for you. If you are using Outlook Express, be sure to check the box that states your mail server requires authentication. No encryption such as SSL is used... Just Authentication. See the image below...

69. Here's the settings screen: