Basics of postfix server configuration
Configuring basic postfix server is very easy, esp. in comparison to sendmail. On most distributions installing and starting postfix using package managers and service scripts should be enough to get a basic postfix server which can send email. However to configure postfix server which can receive email more settings may be needed. Common options that can be specified in /etc/postfix/main.cf file are discussed here. These common options should be enough for simple email system setups for single domains.
This parameter can be used to specify FQDN of current host. This does not affect email system directly. We can later use $myhostname to refer to hostname while configuring other settings. Example value is postfix.example.com.
Similar to myhostname, mydomain can be used to specify current domain name. Typically removing host part from hostname can also help in determining domain name. Again this is not used directly. We can later use $mydomain to refer to this value for other actual configuration parameters.
This is used to specify what domain should mail appear to come from. For example if myhostname is set to postfix.example.com and myorigin is set to $myhostname. Then mail sent by user saurabh from postfix.example.com will appear to come from email@example.com. In most cases one would want the email to be seen as sent from firstname.lastname@example.org. If that is indeed the case then set myorigin to $mydomain. It is not necessary for myorigin to be among $myhostname or $mydomain. Any other value that seems fit for particular setup can be used.
Note that most email systems will try to do MX lookup (or TXT lookup for SPF) for domain name and verify that postfix.example.com is indeed authorized to send emails on behalf of example.com domain. If the verification fails then mail can be rejected or its score can be reduced so that it has higher chances of being qualified as spam.
This is used to specify interfaces on which mail server should listen. Unless this server is being configured only for programs on this machine such as mail, logwatch, etc. you would want other people to be able to send mail to this system. Hence in most cases the sensible value should be all and not localhost which is default.
It is possible that the postfix server does not has direct publicly reachable Internet IP address (non RFC1918 address). In such cases we can have firewall device NAT connections coming to TCP port 25 to postfix server. This would require external MX records to point to firewall device IP and not to postfix server IP. Thus if one does MX record lookup then the result would be firewall IP address. This can cause problems in some cases as postfix server can try to send mails to itself by sending it to firewall causing infinite loop issues. Thus postfix uses proxy_interfaces parameter which can be used to specify other addresses which are NAT to current postfix server, so that postfix server does not tries to send emails to these addresses, realizing that emails would come back to itself.
If the postfix server being setup is directly connected to Internet and its own IP is put in MX records then this parameter should be left unspecified.
This is the list of domain names separated by comma for which the current machine should accept email as if its own. For example if mydestination includes postfix.example.com and the host receives email sent to email@example.com then it would be delivered to local user saurabh on same machine. Similarly if mydestination includes example.com and host receives email sent to firstname.lastname@example.org then it would be delivered to local user saurabh on same machine. It is possible to specify many domains such as postfix.example.com, smtp.example.com, example.com etc. as part of single mydestination line for same postfix server.
Avoid using this. Using mynetworks option specified next is better.
This is used to specify list of clients that can use current postfix server to send emails. Note that anyone can send email to current postfix server for destinations specified in mydestination. Thus we do not have to specify all possible addresses in mynetworks to receive email from anyone for domains specified in mydestination. This parameter helps in specifying which other local machines can use this postfix server to send email to any email server on Internet. Thus various email clients (Thunderbird, evolution, kmail, outlook) etc. can be configured to use this postfix server and outgoing smtp server. The postfix server would accept such emails only when they originate from IPs that are part of mynetworks specification. For campus networks a sensible value would be localhost + all RFC1918 addresses that is, 127.0.0.1/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16.
It is possible that this postfix server is configured as MX value for other domains in external DNS records. Thus every one on Internet will try to deliver email for these other domains, which are not included in mydestination to this postfix server. Now since not all these senders would be part of mynetworks addresses normally the email would be rejected. But using relay_domains one can configure postfix to accept emails for these additional domains from anyone and later forward them to some other host. Some other host to which email should be forwarded can be determined by looking MX records for same domain on internal DNS server. Thus it is possible for a single postfix server to accept emails on behalf of many other servers from Internet and then forward them internally to correct server. This is described using example at Configuring another postfix server for incoming and outgoing emails
This parameter can be used to specify another postfix (or sendmail etc.) server through which outgoing emails must be sent. All emails sent using this postfix server will get fowarded to this relayhost to be sent to actual recipient. Now if relayhost is specified as dovecot.example.com then MX record for same domain is searched first. If no MX record is found then email is delivered to address at A record for same hostname. To turn of MX lookups the name can be enclosed in square-brackets such as [dovecot.example.com] to ensure that direct A lookup is performed. One can even specify IP address if there is no corresponding FQDN for the relayhost through which all outgoing emails must be sent. Note that if both relay_domains and relayhost are specified then all mails for relayed domains would get forwarded to relayhost automatically.
Many things learned from http://www.postfix.org/BASIC_CONFIGURATION_README.html