Mail System Postfix Installation and Configuration (1)

Http://linuxaid.com.cn Bye2000 This article is copyrighted by LinuxAID and the author

Mail System Postfix Installation and Configuration 1, Postfix Overview Postfix is ​​the MTA (Mail Transport Agent) software developed under the IBM's GPL protocol. The following paragraph takes from the official website of Postfix (http://www.postfix.org): "Postfix is ​​a try to provide alternatives to the most wide Sendmail in the Internet, most emails in the Internet world. They are delivered through sendmail, about 1 million users use Sendmail, deliver hundreds of millions of emails every day. This is a very surprising number. Postfix tries faster, more easily, safer, but also keeps enough with Sendmail Compatibility. "1.1 POSTFIX Features 1. Postfix is ​​free: Postfix wants to work for a wide range of Internet users, trying to affect most Internet email systems, so it is free. 2. Faster: Postfix is ​​approximately three times faster than Sendmail. A desktop PC running Postfix can send up millions of emails every day. 3. Compatibility: PostFix is ​​SENDMAIL compatible, so that Sendmail users can easily migrate to postfix. Postfix Support / Var [/ Spool] / Mail, / etc / aliases, nis, and ~ / .forward files. 4. Amazing: Postfix is ​​designed to work properly under heavy load. When the system runs exceeds the available memory or disk space, Postfix automatically reduces the number of running processes. When the number of messages processed increases, the process of Postfix is ​​not increased. 5. More flexible: Postfix is ​​composed of more than one hit, each program completes a specific function. You can set the running parameters of each program by the configuration file. 6. Security Postfix has a multi-layer defense structure that can effectively resist malicious intruders. If most PostFix programs can run under lower permissions, they cannot access security-related local delivery programs through network access. 1.2 The overall structure of Postfix POSTFIX consists of more than a dozen semi-station processes with different functions, and there is no specific process between the processes in these processes. A particular process can provide specific services for other processes. Most PostFix processes are managed by a process, which is responsible for calling other processes when needed, and this management process is Master process. This process is also a background program. These Postfix processes are configurable, we can configure the number of runs of each process, the number of timesable number, survival time, etc. Through the flexible configuration characteristics, the operating cost of the entire system is greatly reduced. 1.2.1 Postfix's mail queue Postfix has four different mail queues and managed by the queue management process: 1. Maildrop: Local mail is placed in Maildrop and is also copied into incoming. 2. INCOMING: A message that places the arrival or queue management process has not been discovered. 3. Active: Placing the queue management process has already opened and prepared for delivery, which has a length limit. 4. DeferRed: Place an email that cannot be delivered. The queue management process only reserves the Active queue in memory, and limits the length of the queue, the purpose of doing the process of avoiding the process running memory exceeding the system's available memory. 1.2.2 Postfix's handling of mail storm When there is a new message arrive, Postfix is ​​initialized, and postfix will only accept two concurrent connection requests when it is initialized.

When the mail is delivered successfully, the number of concurrent connections that can be accepted at the same time will slowly increase to a value that can be configured. Of course, if the system's consumption of the system has arrived in the system, it will stop growing. There is also a situation, if postfix encounters problems during the handling of the email, the value will begin to decrease. When the number of new messages received exceeds PostFix delivery capabilities, Postfix temporarily stops delivery of messages in the Deferred queue and dealing with newly received messages. This is because the delay of the new message is less than the mail in the Deferred queue. Postfix will process mail in Deferred when idle. 1.2.3 Postfix's handle that cannot be delivered When an email cannot be successfully delivered, PostFix will post a future time stamp. The mail queue administrator ignores mail with future time stamps. When the time stamp expires, Postfix will try again to deliver the message. If this delivery fails again, Postfix gives the message twice the time stamp twice the time stamp, waiting for time stamps. Delivery, according to this class. Of course, after a certain number of attempts, Postfix will give up the delivery of the message and return an error message to the sender of the message. 1.2.4 Postfix's processing of unreachable destination messages Postfix saves a list of currently not reachable addresses with length restrictions in memory. This avoids the delivery of the mail for those destinations for the currently not reachable address. This greatly improves the performance of the system. 1.2.2 The security of Postfix Postfix enables system security through a range of measures, including: 1. Dynamically allocate memory to prevent system buffer overflow; 2. Split the big email into several pieces of processing, reorganize when deliver; 3. The various processes of PostFix are not running under the control of other user processes, but under the control of the resident main process Master, there is no father and child relationship with other user processes, all have good insulation. 4. Postfix's queue file has its special format, only by postfix itself; Second, Postfix is ​​a process of receiving mail on mail 2.1, postfix's processing of receiving mail When postfix receives a new mail, new The mail is preferred at the incoming queue and then processes for different situations: 1. For mail from the local message: Sendmail process is responsible for receiving mail from a local message, then the Pickup process is inteacted in MAILDROP. The permissions of the maildrop directory must be set to a user who cannot delete other users. 2. For messages from the network: The SMTPD process is responsible for receiving messages from the network and performing security detection. The behavior of SMTPD can be controlled by UCE (UNSOLICITED Commercial Email). 3. Mail generated by the Postfix process: This is to return the invisible information to the sender. These messages are generated by the bounce background program. 5. Mail generated by postfix: prompts Postmaster (ie Postfix Administrators) Postfix the problem of running during operation. (Such as SMTP protocol issues, violating records of UCE rules, etc.

About the Cleanup background program: Cleanup is the last process of processing new messages It performs the following processing: add the lost FORM information in the letterhead; rewrite the address into a standard user@fully.qualified. The Domain format is arranged; the recipient's address is taken over the head; put the message into the incoming queue and request the mail queue management process to process the message; request the Trivial-Rewrite process to convert the address into a standard user@fully.qualified.domain format. 2.2 Procedure to deliver a message New Mail Once reached the incoming queue, the next step is to start the delivery message, the process of postfix is ​​shown in Figure 3. The relevant description is as follows: The mail queue management process is the heart of the entire Postfix mail system. It is associated with Local, SMTP, PIPE and other delivery agents, which will contain queue file path information, mail sender address, and delivery requests for mail recipient addresses. The queue management process maintains a deferred queue, and those that cannot be delivered are delivered to the queue. In addition, the queue management process also maintains an Active queue, which is limited to the number of mails in the queue, which is to prevent memory over the load. The mail queue manager is also responsible for returning the recipient address to the sender listed in the Relocated table, which contains an invalid recipient address. If the mail queue management process request, the REWRITE background program parses the recipient address. But by default, REWRITE is only different from the mail recipient or remote. If the message requests your management process request, the Bounce daemon can generate an email unbalanced report. Local delivery agent Local process can understand the Unix style email, Sendmail style system alias database and Sendmail style .forward files. Multiple Local processes can be run at the same time, but the number of concurrent delivery processes of the same user is limited. You can configure local to deliver messages to the user's host directory, or configuring local to send mail to an external command, such as popular local delivery proxy procmail. In popular Linux release, we use Procmail as the ultimate local delivery agent. The remote delivery agent SMTP process queries a list of SMTP server according to the recipient address, and sequentially sorts the table according to performance according to performance. When the system load is too large, there can be several concurrent SMTP processes simultaneously run. PIPE is a delivery agent for the UUCP protocol. Third, the installation process of Postfix 3.1 Installation of the source code package 1. Get the source code package of Postfix from the official site www.postfix.org from the Postfix. Postfix-19991231-PL08.TAR.GZ. Copy it to / TMP2. Separate the source code package will generate the / tmp / postfix-19991231-pl08 directory. TAR XVZF Postfix-19991231-PL08.TAR.GZ 3. Compile source code pack CD / TMP / Postfix-19991231-PL08make 4. To create a new user "postfix", the user must have a unique user ID and group ID number, and should not be able to log in to the system, that is, not specifying the user to specify executable login housing and available user host directories. .

We can add users to add users to edit the / etc / passwd file as follows: postfix: *: 12345: 12345: Postfix: / no: / no / shell5. Determine the / etc / aliases file containing the following entry: postfix: root6. Log in with root user, execute commands in / tmp / postfix-19991231-pl08 directory: ./ install.sh7. Start postfix # postfix start8. About MAildrop directory permissions: Postfix can use a MAildrop directory that all users (i.e., directory permissions 17773) will allow local users to submit mail. This approach avoids using the SET-UID or SET-GID software and the user can still submit mail when the mail system is not available. Other users have no permissions to join the queue files in this directory. POSTFIX does not use the maildrop directory when receiving messages from the network. However, because the permissions of the directory are 733, other users can create a file that is hard to connect to the directory to cause the message to be delivered multiple or unable to delete, that is, this will result in security issues. If you want to use this way to let the user submit the message, you must answer no if you need set-gid when you need set-gid. If your system has multiple users, it is best to cancel the way of using the SET-GID user permission to submit mail. At this time, we first need to establish a group ID unique group "maildrop" and determine that there is no user member in the group. Then ask if you need set-gid when install.sh is required to specify "MAildrop". Tip: Before installing postfix, delete the SENDMAIL already installed. 3.2 Installation of RPM Pack 1. Get the RPM package of Postfix. We can get the Postfix RPM package from http://www.alltrading.es/postfix/rpms/i386/. The current latest version is Postfix-20000531-2.i386.rpm. 2. Back up your / etc / aliases and /etc/aliases.db because postfix wants to use this alias database.

3. Use the following command to view the system installed sendmail: [root @ mail / root] # rpm -qa | grep sendmail sendmail-doc-8.9.3-15 Sendmail-8.9.3-15 Sendmail-CF-8.9.3-154. Use the following command to uninstall sendmail: [root @ mail / root] # rpm -e sendmail sendmail-cf sendmail-doc --nodeps5. Use the following command to kill the Sendmail process in the run: [root @ mail / root] # killall sendmail6. Install Postfix: [Root @ mail / root] # rpm -uvh postfix-20000531-2.i386.rpm postfix ################################################################################################################################################################################################################################################# #######################Pterfix-script: warning: CREATING MISSING Postfix Pid Directory Postfix-Script: Warning: CREATING MISSING Postfix Incoming Directory Postfix-Script: warning: creating missing postfix active directory postfix-script: warning: creating missing postfix bounce directory postfix-script: warning: creating missing postfix defer directory postfix-script: warning: creating missing postfix deferred directory postfix-script: warning: creating missing postfix saved directory postfix-script: warning: creating missing postfix corrupt directory postfix-script: warning: creating missing postfix public directory postfix-script: warning: creating missing postfix private directory [root @ mail / root] # 7. Start the postfix [root @ mail / root] # /etc/rc.d/init.d/postfix start3.3 Configure the system automatically starts postfix1 each time you start. If you installed the POSTFIX source package, you can be available in / etc The following statement is added to the /rc.d/rc.local file to automatically start postfix: if [-f / usr / libexec / progix] at a time startup; then / usr / libexec / postfix startfi2. If you installed Postfix's RPM package can be set to start postfix when the system starts via the setup command.

Fourth, POSTFIX configuration details 4.1 POSTFIX profile structure Postfix's configuration file is under / etc / postfix, after installing postfix, we can view postfix's configuration files through the ls command: [root @mail postfix] # lsinstall.cf main .cf master.cf postfix-script These four files are the most basic profile of Postfix, and their difference is: mail.cf: is the main profile of Postfix. Install.cf: Contains the Postfix initialization setting generated by the installer during the installation process. Master.cf: It is a configuration file for Postfix's master process that is used to configure the component process for configuring postfix. Postfix-Script: Pack some postfix commands so that we will safely execute these postfix commands in the Linux environment. 4.2 Basic configuration of Postfix POSTFIX has about 100 configuration parameters, which can be specified by main.cf. The format of the configuration is such, use the equal sign connection parameter and the value of the parameters. Such as: myhostname = mail.mydomain.com Is the name of the parameter, the right side of the equal sign is the value of the parameter; of course, we can also quote this parameter in front of the parameter, such as: Myorigin = $ myhostname Although postfix has 100 or so, postfix sets a default value for most parameters, so before you let Postfix are working properly, you only need to configure fewer parameters. Let's take a look at these basic postfix parameters. It should be noted that once you change the contents of the main.cf file, you must run the postfix reload command to take effect. 1. The Myoriginmyorigin parameter indicates the domain name where the sender is located. If your user's email address is user@domain.com, then the parameter specifies the domain name behind. By default, Postfix uses the local host name as Myorigin, but it is recommended that you'd better use your domain name because it is more readable. For example: the host installing postfix is ​​mail.domain.com we can specify MYORIGIN: Myorigin = domain.com Of course, we can also reference other parameters such as MYORIGIN = $ mydomain 2. MyDestinationMyDestination parameter specifies that the recipient's domain name when postfix is ​​received, in other words, that is, what kind of mail is your Postfix system to receive. For example: Your user's email address is user@domain.com, that is, your domain is domain.com, you need to receive messages for all recipients for user_name@domain.com. Like Myorigin, default, postfix uses local hostnames as MyDestination. Such as: myDestination = $ mydomain myDestination = domain.com 3. Notify_classes In the Postfix system, you must specify an aliahe of a PostFix system administrator to point to a user. Only in this way, there is an object reported when the user encounters problems, and PostFix can also report the system's problem to the administrator.

The notify_classes parameter is used to specify the level of information when reporting an error to the Postfix administrator. There are several levels: Bounce: The copy of the mail that will not be delivered to the Postfix administrator. For personal privacy, the copy of the message does not contain a letterhead. 2bounce: Send two unbumbled mail copies to the Postfix administrator. DELAY: Sends the delivery delay information of the message to the administrator, only contains the letterhead. Policy: Sends the user requesting the user requests to the Postfix administrator because the UCE rule restrictions are requested to include the contents of the entire SMTP session. Protocol: Send an error message of the protocol or a record of the user attempts to execute the unsupported command to the Postfix administrator. The same contains the entire SMTP session. Resource: Send it to the Postfix administrator due to resource errors and cannot be delivered to the Postfix administrator, such as queue file write error, etc. Software: Sends an unbrouble error message to the Postfix administrator due to software errors. The default is: notify_classes = resource, Software 4. The MyHostNameMyHostName parameter specifies the host name of the host running the Postfix mail system. By default, this value is set to a local machine name. You can also specify this value, you need to pay attention to you want to specify a complete host name. Such as: MyHostName = mail.domain.com 5. The MydomaInMyDomain parameter specifies your domain name, default, postfix will remove the first part of MyHostName as a value of Mydomain. You can also specify this value yourself, such as: mydomain = domain.com6. The MyNetworksMynetWorks parameter specifies the network address of your network, and the Postfix system distinguishes whether the user is remote or local if it is a local network user, allowing it to access. You can use standard A, B, C network addresses, can also be represented by CIDR (uncoated domain routing) address, as: 192.168.1.0/24192.168.1.0/26 7. The inet_interfaces inet_interfaces specifies the network interface listening to the Postfix system. By default, Postfix listens to all network interfaces. If your Postfix is ​​running on a virtual IP address, you must specify the address of its listening. Such as: inet_interface = all inet_interface = 192.168.1.14.3 POSOLICITED Commercial Email Control The so-called UCE control means that the control Postfix receives or forwards what is sent from wherever it comes. By default, Postfix forwards that meet the following conditions: * From the client IP address that meets $ mynetworks. * The client hostname is in line with $ relay_domains and its subdomains. * The destination is a message of $ relay_domains and its subdomains. By default, PostFix accepts messages that meet the following conditions: * Destination is a message for $ inet_interfaces. * Destination for $ myDestination mail. * Destination is a mail for $ virtual_maps. But we can also achieve more powerful control functions through the following rules. 1. The header filter limits the format of the header that receives the mail via the header_checks parameter. If you meet the specified format, the message will be refused to receive the message. You can specify a list of one or more query, if the new message's header is in line with one of the list, rejects the receiving message.

Such as: header_checks = regexp: / etc / postfix / header_checks header_checks = PCRE: / etc / postfix / header_checks default, postfix does not perform header filtering. 2. The client hostname / address restriction allows the host name or IP address of the client to POSTFIX to initiate SMTP. You can specify one or more parameter values, separated by commas in the middle. The restriction rule is performed in the order of the query, and the first eligible rule is executed. The available rules are: reject_unknown_client: If the client's IP address does not have a PTR record in DNS, the client's connection request is refused. You can use the unknown_client_reject_code parameter to specify an error code that is returned to the client (default 450). If you have a user without DNS logging, do not enable this option. Permit_mynetworks: If the client's IP address is in line with the range of $ MyNetworks parameter definition, accept the client's connection request and forwards the message. Check_client_access maptype: MapName: Search the Access database based on the client's hostname, parent domain name, IP address, or a network belonging. If the result of the search is REJECT or "[45] XX text", the client's connection request is rejected; if the search result is OK, the Relay or Number accepts the client's connection request, and forwards the message. . You can use the access_map_reject_code parameter to specify an error code that is returned to the client (default 554). REJECT_MAPS_RBL: If the client's network address is in line with the value of the $ MAPS_RBL_DOMAINS parameter, the client's connection request is rejected. You can use the MAPS_RBL_REJECT_CODE parameter to specify an error code that is returned to the client (default 554). Example: smtpd_client_restrictions = hash: / etc / postfix / access, reject_maps_rbl smtpd_client_restrictions = permit_mynetworks, the default parameter is reject_unknown_client: smtpd_client_restrictions = i.e., the received SMTP connections from any client. 3. Whether the help command can specify whether the client sends a helo command at the beginning of the SMTP session via the smtpd_helo_required parameter. You can specify the value of this parameter is YES or NO. The default is: SMTPD_HELO_REQUIRED = No 4. HELO hostname limit can specify the host name that the client sent to Postfix when performing the Helo command via the smtpd_helo_restrictions parameter. By default, Postfix receives any form of host names sent by the client. You can specify one or more parameter values, separated by commas in the middle. The restriction rule is performed in the order of the query, and the first eligible rule is executed. The available rules are: reject_invalid_hostname: If the hostname parameter belongs in the helo command does not meet the language specification, the client's connection request is rejected. You can use the invalid_hostname_reject_code parameter to specify an error code that is returned to the client (default 501). Permit_naked_ip_address: RFC requires the client's HELO command to contain the IP address in square brackets, you can cancel this limit with the permit_naked_ip_address parameter. Because some MAIL clients do not comply with the RFC regulations.

REJECT_UNKNOWN_HOSTNAME: If the client executes the HELO command, there is no corresponding A or MX record in the DNS, reject the connection request. You can use the invalid_hostname_reject_code parameter to specify an error code that is returned to the client (default 450). REJECT_NON_FQDN_HOSTNAME: If the client name when the client executes the HELO command, the client's connection request is rejected the client's connection request. You can use the invalid_hostname_reject_code parameter to specify an error code that returns to the client (default 504). Check_helo_access maptype: MapName: Search the Access database based on the host name of the client Helo. If the result of the search is REJECT or "[45] xx text", the client's connection request is rejected; if the search result is OK, the relay or number accepts the connection request of the client. You can use the access_map_reject_code parameter to specify an error code that is returned to the client (default 554). Example: SMTPD_HELO_RESTRICTIONS = permit_mynetworks, reject_invalid_hostname5. RFC 821 Letter Limit RFC 821 has made strict regulations on the letter of the message, but it is widely used Sendmail to support this regulation, so we can only say that for this parameter, ie: strict_rfc821_envelopes = NO6. Limit by the sender address can be restricted by the SMTPD_SENDER_RESTRICTIONS parameter to limit the address provided when the mail from command is executed. You can specify one or more parameter values, separated by commas in the middle. The restriction rule is performed in the order of the query, and the first eligible rule is executed. The available rules are: reject_unknown_sender_domain: If the host name provided by the Mail from command does not have the corresponding A or MX record in the DNS, the client's connection request is rejected. You can use the unknown_address_reject_code parameter to specify an error code that returns to the client (default 450). Check_sender_access maptype: mapname: The parent domain search Access database is based on the host name provided by the mail from command. If the result of the search is REJECT or "[45] xx text", the client's connection request is rejected; if the search result is OK, the relay or number accepts the connection request of the client. You can use the access_map_reject_code parameter to specify an error code that is returned to the client (default 554). You can filter messages from some unwelcome senders through this parameter. REJECT_NON_FQDN_SENDER: If the host name provided by the mail from command is not a complete domain name specified by the RFC, reject the client's connection request. You can use the non_fqdn_reject_code parameter to specify an error code that returns to the client (default 504). By default, Postfix accepts messages from any sender. Example: SMTPD_SENDER_RESTRICTIONS = Hash: / etc / postfix / access, reject_unknown_sender_domain7. Filtering via the recipient address You can use the SMTPD_Recipient_RESTRICTIONS parameter to limit the address provided when the RCPT TO command is executed by the sender.

The default is: SMTPD_Recipient_RESTRICTIONS = permit_mynetworks, check_relay_domains can specify one or more parameter values, separated by commas in the middle. The restriction rule is performed in the order of the query, and the first eligible rule is executed. The available rules are: check_relay_domains: If you meet the following conditions, accept the SMTP connection request, otherwise reject the connection, you can specify the error code that returns to the client with the Relay_Domains_reject_code parameter (default 504). * Client hostname meet $ relay_domains and its subdomain * Destination for $ inet_interfaces, $ myDestination or $ virtual_mapspermit_auth_destination: Regardless of the client's host name, as long as the following conditions are met, accept the SMTP connection request: * Resolving the target address $ relay_domains and their subdomains * The resolution of the target address complies with $ inet_interfaces, $ myDestination or $ virtual_mapsreject_unauth_destination: Regardless of the client's host name, as long as the following conditions are met, the client SMTP connection request: * Resolving the target address $ relay_domains and their subdomains * The resolution of the target address complies with $ inet_interfaces, $ myDestination or $ virtual_mapscheck_recipient_access: The parent domain searches the Access database based on the parsed target address. If the result of the search is REJECT or "[45] xx text", the client's connection request is rejected; if the search result is OK, the relay or number accepts the connection request of the client. You can use the access_map_reject_code parameter to specify an error code that is returned to the client (default 554). REJECT_UNKNOWN_RECIENT_DOMAIN: If the recipient's mail address does not have the corresponding A or MX record in DNS, the client's connection request is rejected. You can use the unknown_address_reject_code parameter to specify an error code that returns to the client (default 450). REJECT_NON_FQDN_Recipient: If the sender is provided when the address is executing the RCPT TO command is not a complete domain name, the SMTP connection request is rejected. You can use the the non_fqdn_reject_code parameter to specify an error code that is returned to the client (default 504). 4.4 The performance control of POSFTFIX is controlled to the performance of PostFix. To ensure that postfix can run normally when encountering an email storm. Typically, we can adjust the performance of Postfix by configuring the following postfix parameters, which are configured by mail.cf profile, and do not forget to run the postfix reload command after modification to make the configuration take effect. 1. The number of processes can be controlled by the DEFAULT_PROCESS_LIMIT parameter to control the maximum number of processes that the Postfix system can run. The default is 50. 2. When concurrent connection restrictions on the same target host send a SMTP connection to the same target host, PostFix initializes two SMTP connections. If the delivery is successful, the number of SMTP connections increases, and the number of concurrent connections is reduced. The concurrent connection of the same target host is controlled by the following parameters in Postfix: * INITIAL_DESTINATION_CONCURRENCY: Controls the initialization of the same target host. The default is 2.

* Default_Destination_concurrency_limit: The maximum number of concurrent connections to the same target host after the initialization connection is controlled. The default is 10. * Local_destination_concurrency_limit: Controls the number of emails to the maximum number of emails to the same local recipient. The default is 2, because the delivery work can only be taken when the delivery work is delivered to the local same recipient, so it is not useful. 3. The number of recipients on the same email limits the DEFAULT_DESTINATION_RECIPIENT_LIMIT parameter to control the postfix delivery agent (such as SMTP process) to send the same email to how many recipients. The default is 50. You can also use the parameters of the delivery agent to clearly indicate the default value. If you use SMTPD_Recipient_limit to specify how many recipients sent by the SMTP delivery agent to the same email, the default value of this parameter is 1000. 4. Delayed delivery control passes the DEFER_TRANSPORTS parameter, we can postpone the message specified by the parameter until postfix clearly propose delivery requirements. Let's take an example: There is a small LAN, and the user sends a message to the LAN, the LAN, the low Zhu Ostfix installation and configuration 1. Postfix Overview Postfix is ​​the MTA developed under the IBM's GPL protocol (mail transmission Agent) software. The following paragraph takes from the official website of Postfix (http://www.postfix.org): "Postfix is ​​a try to provide alternatives to the most wide Sendmail in the Internet, most emails in the Internet world. They are delivered through sendmail, about 1 million users use Sendmail, deliver hundreds of millions of emails every day. This is a very surprising number. Postfix tries faster, more easily, safer, but also keeps enough with Sendmail Compatibility. "1.1 POSTFIX Features 1. Postfix is ​​free: Postfix wants to work for a wide range of Internet users, trying to affect most Internet email systems, so it is free. 2. Faster: Postfix is ​​approximately three times faster than Sendmail. A desktop PC running Postfix can send up millions of emails every day. 3. Compatibility: PostFix is ​​SENDMAIL compatible, so that Sendmail users can easily migrate to postfix. Postfix Support / Var [/ Spool] / Mail, / etc / aliases, nis, and ~ / .forward files. 4. Amazing: Postfix is ​​designed to work properly under heavy load. When the system runs exceeds the available memory or disk space, Postfix automatically reduces the number of running processes. When the number of messages processed increases, the process of Postfix is ​​not increased. 5. More flexible: Postfix is ​​composed of more than one hit, each program completes a specific function. You can set the running parameters of each program by the configuration file. 6. Security Postfix has a multi-layer defense structure that can effectively resist malicious intruders. If most PostFix programs can run under lower permissions, they cannot access security-related local delivery programs through network access. 1.2 The overall structure of Postfix POSTFIX consists of more than a dozen semi-station processes with different functions, and there is no specific process between the processes in these processes. A particular process can provide specific services for other processes. Most PostFix processes are managed by a process, which is responsible for calling other processes when needed, and this management process is Master process. This process is also a background program.

These Postfix processes are configurable, we can configure the number of runs of each process, the number of timesable number, survival time, etc. Through the flexible configuration characteristics, the operating cost of the entire system is greatly reduced. 1.2.1 Postfix's mail queue Postfix has four different mail queues and managed by the queue management process: 1. Maildrop: Local mail is placed in Maildrop and is also copied into incoming. 2. INCOMING: A message that places the arrival or queue management process has not been discovered. 3. Active: Placing the queue management process has already opened and prepared for delivery, which has a length limit. 4. DeferRed: Place an email that cannot be delivered. The queue management process only reserves the Active queue in memory, and limits the length of the queue, the purpose of doing the process of avoiding the process running memory exceeding the system's available memory. 1.2.2 Postfix's handling of mail storm When there is a new message arrive, Postfix is ​​initialized, and postfix will only accept two concurrent connection requests when it is initialized. When the mail is delivered successfully, the number of concurrent connections that can be accepted at the same time will slowly increase to a value that can be configured. Of course, if the system's consumption of the system has arrived in the system, it will stop growing. There is also a situation, if postfix encounters problems during the handling of the email, the value will begin to decrease. When the number of new messages received exceeds PostFix delivery capabilities, Postfix temporarily stops delivery of messages in the Deferred queue and dealing with newly received messages. This is because the delay of the new message is less than the mail in the Deferred queue. Postfix will process mail in Deferred when idle. 1.2.3 Postfix's handle that cannot be delivered When an email cannot be successfully delivered, PostFix will post a future time stamp. The mail queue administrator ignores mail with future time stamps. When the time stamp expires, Postfix will try again to deliver the message. If this delivery fails again, Postfix gives the message twice the time stamp twice the time stamp, waiting for time stamps. Delivery, according to this class. Of course, after a certain number of attempts, Postfix will give up the delivery of the message and return an error message to the sender of the message. 1.2.4 Postfix's processing of unreachable destination messages Postfix saves a list of currently not reachable addresses with length restrictions in memory. This avoids the delivery of the mail for those destinations for the currently not reachable address. This greatly improves the performance of the system. 1.2.2 The security of Postfix Postfix enables system security through a range of measures, including: 1. Dynamically allocate memory to prevent system buffer overflow; 2. Split the big email into several pieces of processing, reorganize when deliver; 3. The various processes of PostFix are not running under the control of other user processes, but under the control of the resident main process Master, there is no father and child relationship with other user processes, all have good insulation.

4. Postfix's queue file has its special format, only by postfix itself; Second, Postfix is ​​a process of receiving mail on mail 2.1, postfix's processing of receiving mail When postfix receives a new mail, new The mail is preferred at the incoming queue and then processes for different situations: 1. For mail from the local message: Sendmail process is responsible for receiving mail from a local message, then the Pickup process is inteacted in MAILDROP. The permissions of the maildrop directory must be set to a user who cannot delete other users. 2. For messages from the network: The SMTPD process is responsible for receiving messages from the network and performing security detection. The behavior of SMTPD can be controlled by UCE (UNSOLICITED Commercial Email). 3. Mail generated by the Postfix process: This is to return the invisible information to the sender. These messages are generated by the bounce background program. 5. Mail generated by postfix: prompts Postmaster (ie Postfix Administrators) Postfix the problem of running during operation. (Such as SMTP protocol issues, violation of UCE rules, etc.) About the Cleanup background program: cleanup is the last process of processing new messages It performs the following processing for new messages: add FORM information in the letterhead In order to rewrite the address to the standard user@fully.qualified.domain format; the recipient's address is extracted in the overcome head; put the message into the incoming queue, and request the mail queue management process to handle the message; request Trivial-Rewrite The process converts the address into a standard user@fully.qualified.domain format. 2.2 Procedure to deliver a message New Mail Once reached the incoming queue, the next step is to start the delivery message, the process of postfix is ​​shown in Figure 3. The relevant description is as follows: The mail queue management process is the heart of the entire Postfix mail system. It is associated with Local, SMTP, PIPE and other delivery agents, which will contain queue file path information, mail sender address, and delivery requests for mail recipient addresses. The queue management process maintains a deferred queue, and those that cannot be delivered are delivered to the queue. In addition, the queue management process also maintains an Active queue, which is limited to the number of mails in the queue, which is to prevent memory over the load. The mail queue manager is also responsible for returning the recipient address to the sender listed in the Relocated table, which contains an invalid recipient address. If the mail queue management process request, the REWRITE background program parses the recipient address. But by default, REWRITE is only different from the mail recipient or remote. If the message requests your management process request, the Bounce daemon can generate an email unbalanced report. Local delivery agent Local process can understand the Unix style email, Sendmail style system alias database and Sendmail style .forward files. Multiple Local processes can be run at the same time, but the number of concurrent delivery processes of the same user is limited. You can configure local to deliver messages to the user's host directory, or configuring local to send mail to an external command, such as popular local delivery proxy procmail. In popular Linux release, we use Procmail as the ultimate local delivery agent.

The remote delivery agent SMTP process queries a list of SMTP server according to the recipient address, and sequentially sorts the table according to performance according to performance. When the system load is too large, there can be several concurrent SMTP processes simultaneously run. PIPE is a delivery agent for the UUCP protocol. Third, the installation process of Postfix 3.1 Installation of the source code package 1. Get the source code package of Postfix from the official site www.postfix.org from the Postfix. Postfix-19991231-PL08.TAR.GZ. Copy it to / TMP2. Separate the source code package will generate the / tmp / postfix-19991231-pl08 directory. TAR XVZF Postfix-19991231-PL08.TAR.GZ 3. Compile source code pack CD / TMP / Postfix-19991231-PL08make 4. To create a new user "postfix", the user must have a unique user ID and group ID number, and should not be able to log in to the system, that is, not specifying the user to specify executable login housing and available user host directories. . We can add users to add users to edit the / etc / passwd file as follows: postfix: *: 12345: 12345: Postfix: / no: / no / shell5. Determine the / etc / aliases file containing the following entry: postfix: root6. Log in with root user, execute commands in / tmp / postfix-19991231-pl08 directory: ./ install.sh7. Start postfix # postfix start8. About MAildrop directory permissions: Postfix can use a MAildrop directory that all users (i.e., directory permissions 17773) will allow local users to submit mail. This approach avoids using the SET-UID or SET-GID software and the user can still submit mail when the mail system is not available. Other users have no permissions to join the queue files in this directory. POSTFIX does not use the maildrop directory when receiving messages from the network. However, because the permissions of the directory are 733, other users can create a file that is hard to connect to the directory to cause the message to be delivered multiple or unable to delete, that is, this will result in security issues. If you want to use this way to let the user submit the message, you must answer no if you need set-gid when you need set-gid. If your system has multiple users, it is best to cancel the way of using the SET-GID user permission to submit mail. At this time, we first need to establish a group ID unique group "maildrop" and determine that there is no user member in the group. Then ask if you need set-gid when install.sh is required to specify "MAildrop". Tip: Before installing postfix, delete the SENDMAIL already installed. 3.2 Installation of RPM Pack 1. Get the RPM package of Postfix. We can get the Postfix RPM package from http://www.alltrading.es/postfix/rpms/i386/. The current latest version is Postfix-20000531-2.i386.rpm. 2. Back up your / etc / aliases and /etc/aliases.db because postfix wants to use this alias database.

3. Use the following command to view the system installed sendmail: [root @ mail / root] # rpm -qa | grep sendmail sendmail-doc-8.9.3-15 Sendmail-8.9.3-15 Sendmail-CF-8.9.3-154. Use the following command to uninstall sendmail: [root @ mail / root] # rpm -e sendmail sendmail-cf sendmail-doc --nodeps5. Use the following command to kill the Sendmail process in the run: [root @ mail / root] # killall sendmail6. Install Postfix: [Root @ mail / root] # rpm -uvh postfix-20000531-2.i386.rpm postfix ################################################################################################################################################################################################################################################# #######################Pterfix-script: warning: CREATING MISSING Postfix Pid Directory Postfix-Script: Warning: CREATING MISSING Postfix Incoming Directory Postfix-Script: warning: creating missing postfix active directory postfix-script: warning: creating missing postfix bounce directory postfix-script: warning: creating missing postfix defer directory postfix-script: warning: creating missing postfix deferred directory postfix-script: warning: creating missing postfix saved directory postfix-script: warning: creating missing postfix corrupt directory postfix-script: warning: creating missing postfix public directory postfix-script: warning: creating missing postfix private directory [root @ mail / root] # 7. Start the postfix [root @ mail / root] # /etc/rc.d/init.d/postfix start3.3 Configure the system automatically starts postfix1 each time you start. If you installed the POSTFIX source package, you can be available in / etc The following statement is added to the /rc.d/rc.local file to automatically start postfix: if [-f / usr / libexec / progix] at a time startup; then / usr / libexec / postfix startfi2. If you installed Postfix's RPM package can be set to start postfix when the system starts via the setup command.

Fourth, POSTFIX configuration details 4.1 POSTFIX profile structure Postfix's configuration file is under / etc / postfix, after installing postfix, we can view postfix's configuration files through the ls command: [root @mail postfix] # lsinstall.cf main .cf master.cf postfix-script These four files are the most basic profile of Postfix, and their difference is: mail.cf: is the main profile of Postfix. Install.cf: Contains the Postfix initialization setting generated by the installer during the installation process. Master.cf: It is a configuration file for Postfix's master process that is used to configure the component process for configuring postfix. Postfix-Script: Pack some postfix commands so that we will safely execute these postfix commands in the Linux environment. 4.2 Basic configuration of Postfix POSTFIX has about 100 configuration parameters, which can be specified by main.cf. The format of the configuration is such, use the equal sign connection parameter and the value of the parameters. Such as: myhostname = mail.mydomain.com Is the name of the parameter, the right side of the equal sign is the value of the parameter; of course, we can also quote this parameter in front of the parameter, such as: Myorigin = $ myhostname Although postfix has 100 or so, postfix sets a default value for most parameters, so before you let Postfix are working properly, you only need to configure fewer parameters. Let's take a look at these basic postfix parameters. It should be noted that once you change the contents of the main.cf file, you must run the postfix reload command to take effect. 1. The Myoriginmyorigin parameter indicates the domain name where the sender is located. If your user's email address is user@domain.com, then the parameter specifies the domain name behind. By default, Postfix uses the local host name as Myorigin, but it is recommended that you'd better use your domain name because it is more readable. For example: the host installing postfix is ​​mail.domain.com we can specify MYORIGIN: Myorigin = domain.com Of course, we can also reference other parameters such as MYORIGIN = $ mydomain 2. MyDestinationMyDestination parameter specifies that the recipient's domain name when postfix is ​​received, in other words, that is, what kind of mail is your Postfix system to receive. For example: Your user's email address is user@domain.com, that is, your domain is domain.com, you need to receive messages for all recipients for user_name@domain.com. Like Myorigin, default, postfix uses local hostnames as MyDestination. Such as: myDestination = $ mydomain myDestination = domain.com 3. Notify_classes In the Postfix system, you must specify an aliahe of a PostFix system administrator to point to a user. Only in this way, there is an object reported when the user encounters problems, and PostFix can also report the system's problem to the administrator.

The notify_classes parameter is used to specify the level of information when reporting an error to the Postfix administrator. There are several levels: Bounce: The copy of the mail that will not be delivered to the Postfix administrator. For personal privacy, the copy of the message does not contain a letterhead. 2bounce: Send two unbumbled mail copies to the Postfix administrator. DELAY: Sends the delivery delay information of the message to the administrator, only contains the letterhead. Policy: Sends the user requesting the user requests to the Postfix administrator because the UCE rule restrictions are requested to include the contents of the entire SMTP session. Protocol: Send an error message of the protocol or a record of the user attempts to execute the unsupported command to the Postfix administrator. The same contains the entire SMTP session. Resource: Send it to the Postfix administrator due to resource errors and cannot be delivered to the Postfix administrator, such as queue file write error, etc. Software: Sends an unbrouble error message to the Postfix administrator due to software errors. The default is: notify_classes = resource, Software 4. The MyHostNameMyHostName parameter specifies the host name of the host running the Postfix mail system. By default, this value is set to a local machine name. You can also specify this value, you need to pay attention to you want to specify a complete host name. Such as: MyHostName = mail.domain.com 5. The MydomaInMyDomain parameter specifies your domain name, default, postfix will remove the first part of MyHostName as a value of Mydomain. You can also specify this value yourself, such as: mydomain = domain.com6. The MyNetworksMynetWorks parameter specifies the network address of your network, and the Postfix system distinguishes whether the user is remote or local if it is a local network user, allowing it to access. You can use standard A, B, C network addresses, can also be represented by CIDR (uncoated domain routing) address, as: 192.168.1.0/24192.168.1.0/26 7. The inet_interfaces inet_interfaces specifies the network interface listening to the Postfix system. By default, Postfix listens to all network interfaces. If your Postfix is ​​running on a virtual IP address, you must specify the address of its listening. Such as: inet_interface = all inet_interface = 192.168.1.14.3 POSOLICITED Commercial Email Control The so-called UCE control means that the control Postfix receives or forwards what is sent from wherever it comes. By default, Postfix forwards that meet the following conditions: * From the client IP address that meets $ mynetworks. * The client hostname is in line with $ relay_domains and its subdomains. * The destination is a message of $ relay_domains and its subdomains. By default, PostFix accepts messages that meet the following conditions: * Destination is a message for $ inet_interfaces. * Destination for $ myDestination mail. * Destination is a mail for $ virtual_maps. But we can also achieve more powerful control functions through the following rules. 1. The header filter limits the format of the header that receives the mail via the header_checks parameter. If you meet the specified format, the message will be refused to receive the message. You can specify a list of one or more query, if the new message's header is in line with one of the list, rejects the receiving message.

Such as: header_checks = regexp: / etc / postfix / header_checks header_checks = PCRE: / etc / postfix / header_checks default, postfix does not perform header filtering. 2. The client hostname / address restriction allows the host name or IP address of the client to POSTFIX to initiate SMTP. You can specify one or more parameter values, separated by commas in the middle. The restriction rule is performed in the order of the query, and the first eligible rule is executed. The available rules are: reject_unknown_client: If the client's IP address does not have a PTR record in DNS, the client's connection request is refused. You can use the unknown_client_reject_code parameter to specify an error code that is returned to the client (default 450). If you have a user without DNS logging, do not enable this option. Permit_mynetworks: If the client's IP address is in line with the range of $ MyNetworks parameter definition, accept the client's connection request and forwards the message. Check_client_access maptype: MapName: Search the Access database based on the client's hostname, parent domain name, IP address, or a network belonging. If the result of the search is REJECT or "[45] XX text", the client's connection request is rejected; if the search result is OK, the Relay or Number accepts the client's connection request, and forwards the message. . You can use the access_map_reject_code parameter to specify an error code that is returned to the client (default 554). REJECT_MAPS_RBL: If the client's network address is in line with the value of the $ MAPS_RBL_DOMAINS parameter, the client's connection request is rejected. You can use the MAPS_RBL_REJECT_CODE parameter to specify an error code that is returned to the client (default 554). Example: smtpd_client_restrictions = hash: / etc / postfix / access, reject_maps_rbl smtpd_client_restrictions = permit_mynetworks, the default parameter is reject_unknown_client: smtpd_client_restrictions = i.e., the received SMTP connections from any client. 3. Whether the help command can specify whether the client sends a helo command at the beginning of the SMTP session via the smtpd_helo_required parameter. You can specify the value of this parameter is YES or NO. The default is: SMTPD_HELO_REQUIRED = No 4. HELO hostname limit can specify the host name that the client sent to Postfix when performing the Helo command via the smtpd_helo_restrictions parameter. By default, Postfix receives any form of host names sent by the client. You can specify one or more parameter values, separated by commas in the middle. The restriction rule is performed in the order of the query, and the first eligible rule is executed. The available rules are: reject_invalid_hostname: If the hostname parameter belongs in the helo command does not meet the language specification, the client's connection request is rejected. You can use the invalid_hostname_reject_code parameter to specify an error code that is returned to the client (default 501). Permit_naked_ip_address: RFC requires the client's HELO command to contain the IP address in square brackets, you can cancel this limit with the permit_naked_ip_address parameter. Because some MAIL clients do not comply with the RFC regulations.

REJECT_UNKNOWN_HOSTNAME: If the client executes the HELO command, there is no corresponding A or MX record in the DNS, reject the connection request. You can use the invalid_hostname_reject_code parameter to specify an error code that is returned to the client (default 450). REJECT_NON_FQDN_HOSTNAME: If the client name when the client executes the HELO command, the client's connection request is rejected the client's connection request. You can use the invalid_hostname_reject_code parameter to specify an error code that returns to the client (default 504). Check_helo_access maptype: MapName: Search the Access database based on the host name of the client Helo. If the result of the search is REJECT or "[45] xx text", the client's connection request is rejected; if the search result is OK, the relay or number accepts the connection request of the client. You can use the access_map_reject_code parameter to specify an error code that is returned to the client (default 554). Example: SMTPD_HELO_RESTRICTIONS = permit_mynetworks, reject_invalid_hostname5. RFC 821 Letter Limit RFC 821 has made strict regulations on the letter of the message, but it is widely used Sendmail to support this regulation, so we can only say that for this parameter, ie: strict_rfc821_envelopes = NO6. Limit by the sender address can be restricted by the SMTPD_SENDER_RESTRICTIONS parameter to limit the address provided when the mail from command is executed. You can specify one or more parameter values, separated by commas in the middle. The restriction rule is performed in the order of the query, and the first eligible rule is executed. The available rules are: reject_unknown_sender_domain: If the host name provided by the Mail from command does not have the corresponding A or MX record in the DNS, the client's connection request is rejected. You can use the unknown_address_reject_code parameter to specify an error code that returns to the client (default 450). Check_sender_access maptype: mapname: The parent domain search Access database is based on the host name provided by the mail from command. If the result of the search is REJECT or "[45] xx text", the client's connection request is rejected; if the search result is OK, the relay or number accepts the connection request of the client. You can use the access_map_reject_code parameter to specify an error code that is returned to the client (default 554). You can filter messages from some unwelcome senders through this parameter. REJECT_NON_FQDN_SENDER: If the host name provided by the mail from command is not a complete domain name specified by the RFC, reject the client's connection request. You can use the non_fqdn_reject_code parameter to specify an error code that returns to the client (default 504). By default, Postfix accepts messages from any sender. Example: SMTPD_SENDER_RESTRICTIONS = Hash: / etc / postfix / access, reject_unknown_sender_domain7. Filtering via the recipient address You can use the SMTPD_Recipient_RESTRICTIONS parameter to limit the address provided when the RCPT TO command is executed by the sender.

The default is: SMTPD_Recipient_RESTRICTIONS = permit_mynetworks, check_relay_domains can specify one or more parameter values, separated by commas in the middle. The restriction rule is performed in the order of the query, and the first eligible rule is executed. The available rules are: check_relay_domains: If you meet the following conditions, accept the SMTP connection request, otherwise reject the connection, you can specify the error code that returns to the client with the Relay_Domains_reject_code parameter (default 504). * Client hostname meet $ relay_domains and its subdomain * Destination for $ inet_interfaces, $ myDestination or $ virtual_mapspermit_auth_destination: Regardless of the client's host name, as long as the following conditions are met, accept the SMTP connection request: * Resolving the target address $ relay_domains and their subdomains * The resolution of the target address complies with $ inet_interfaces, $ myDestination or $ virtual_mapsreject_unauth_destination: Regardless of the client's host name, as long as the following conditions are met, the client SMTP connection request: * Resolving the target address $ relay_domains and their subdomains * The resolution of the target address complies with $ inet_interfaces, $ myDestination or $ virtual_mapscheck_recipient_access: The parent domain searches the Access database based on the parsed target address. If the result of the search is REJECT or "[45] xx text", the client's connection request is rejected; if the search result is OK, the relay or number accepts the connection request of the client. You can use the access_map_reject_code parameter to specify an error code that is returned to the client (default 554). REJECT_UNKNOWN_RECIENT_DOMAIN: If the recipient's mail address does not have the corresponding A or MX record in DNS, the client's connection request is rejected. You can use the unknown_address_reject_code parameter to specify an error code that returns to the client (default 450). REJECT_NON_FQDN_Recipient: If the sender is provided when the address is executing the RCPT TO command is not a complete domain name, the SMTP connection request is rejected. You can use the the non_fqdn_reject_code parameter to specify an error code that is returned to the client (default 504). 4.4 The performance control of POSFTFIX is controlled to the performance of PostFix. To ensure that postfix can run normally when encountering an email storm. Typically, we can adjust the performance of Postfix by configuring the following postfix parameters, which are configured by mail.cf profile, and do not forget to run the postfix reload command after modification to make the configuration take effect. 1. The number of processes can be controlled by the DEFAULT_PROCESS_LIMIT parameter to control the maximum number of processes that the Postfix system can run. The default is 50. 2. When concurrent connection restrictions on the same target host send a SMTP connection to the same target host, PostFix initializes two SMTP connections. If the delivery is successful, the number of SMTP connections increases, and the number of concurrent connections is reduced. The concurrent connection of the same target host is controlled by the following parameters in Postfix: * INITIAL_DESTINATION_CONCURRENCY: Controls the initialization of the same target host. The default is 2.