This files documents Mandriva Linux specific customizations for the Postfix package, read this file in addition to the fine documentation present in the /usr/share/doc/postfix-2.1.*/README_FILES subdirectory. Running a mail server --------------------- By default Postfix will not accept mail from the network, this is done so on a default install you will not risk on being a prey to spammers. If you want to run a mailserver change the Postfix inet_interfaces parameter, run: postconf -e 'inet_interfaces=your.ip.add.ress' or the simplier postconf -e 'inet_interfaces=all' then restart postfix For the same reasons Postfix will not relay mail by default (it will not receive mail from an host and forward it to a different host). Dynamic Maps ------------ Postfix supports many map formats, but not all of them are installed by default support for PCRE, LDAP, Postgres SQL, MySQL and possibly others is available by installing the related postfix-xxx package (i.e. postfix-ldap for ldap support). To see what map formats are available and install them use either rpmdrake or urpmi. Chroot ------ For security reasons, Postfix runs chroot'ed by default. That means that the mail server is running in "/var/spool/postfix", not in the usual root filesystem, "/". The mail server has no access to files outside this location. Therefore, copies of some of your configuration files are put in the chroot. Some of them may change over the time, if you modify them, or for other reasons. The system will try to adjust for the most common changes to /etc/resolv.conf, i.e. if you own a laptop and you use dhcp to configure your network interface, or if you are a dialup user using ppp to connect to the Internet. If you want to modify this behaviour look at the scripts: /etc/ppp/ip-up.d/postfix /etc/ppp/ip-down.d/postfix /etc/sysconfig/network-scripts/ifup.d/postfix You can run "postfix check" to get usual warnings about changes between the file in the chroot and your system files. If you really feel unconfortable having postfix chrooted you can change this setting. To remove the chroot run: /usr/sbin/postfix-chroot.sh disable To set the chroot up again run: /usr/sbin/postfix-chroot.sh enable The chroot script is controlled by settings found in /etc/sysconfig/postfix CYRUS IMAPD ----------- Unfortunately postfix is still missing an uptodate CYRUS_README document. For the time being, the simplier way of sending mail to a cyrus server running on the same machine is: postconf -e "mailbox_transport = cyrus:unix:/var/lib/imap/socket/lmtp" The cyrus transports have been modified from the default postfix distribution, so the "cyrus" transport has become a variant of the lmtp transport, which does not get chrooted, the old "cyrus" transport, which used to pipe mail trough the "deliver" program has been renamed to cyrus-deliver. There is also a "cyrus-chroot" transport, which could be used if we prefer to run the lmtp transport chrooted. To do this create the directory "/var/spool/postfix/extern/cyrus" owned by cyrus:postfix and mode 750 and modify /etc/cyrus.conf changing the line lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1 to lmtpunix cmd="lmtpd" listen="/var/spool/postfix/extern/cyrus/lmtp" prefork=1 The cyrus-inet transport can be used if the cyrus server is on a different host than postfix. Refer to cyrus documentation on how to set it up on the cyrus side. To use it create the file /etc/postfix/cyrus_lmtp_sasl_pass containing a line like: hostname_or_ip_address user:password run postmap /etc/postfix/cyrus_lmtp_sasl_pass then run postconf -e "mailbox_transport = cyrus-inet:host:port SMTP Authentication (SASL) -------------------------- There are some important issues you will have to note is if you want to use SMTP AUTH via SASL. To use SASL you will certainly require a sasl plugin installed. The plugin packages are called libsasl2-plug-XXX, (i.e libsasl2-plug-plain for SASL PLAIN support). To see what plugins are available and install them use either rpmdrake or urpmi. The parameter "XXXX_sasl_path" in main.cf (where XXXX is smtpd, smtp or lmtp) server two purpose, it gives the search path for sasl plugins, also the location of the smtpd sasl configuration file is given by first directory in "smtpd_sasl_path". If the parameter is not configured the default is "/usr/lib/sasl2" or /usr/lib64/sasl2" for 64-bit systems. If you modify this parameter, do not forget to include the default path or sasl will not work. SASL database relies on file /var/lib/sasl2/sasl.db being accessible by Postfix. This means both it being visible by a chrooted postfix and it being readable by the postfix user. Saslauthd requires its socket (by default /var/lib/sasl2/mux) to be accessible by Postfix as well. When running under chroot, two solutions are available: 1a) Sasldb users: copy sasldb file under /var/spool/postfix/var/lib/sasl2 and keep it in sync. Remember to verify that user postfix is able to read the sasl database. 1b) Saslauthd users: by default the saslauthd service tries to hardlink the default socket "/var/lib/sasl2/mux" to "/var/spool/postfix/var/lib/sasl2/mux", which usually works, unless you configured the postfix spool on a different filesystem. In this case you can change the saslauthd default socket (add "-m /var/spool/postfix/var/lib/sasl2" to the SASLAUTHD_OPTS= line in /etc/sysconfig/saslauthd and restart the saslauthd service) 2) mount /var/lib/sasl2 directory under chroot with -bind option, add the following line to /etc/fstab: /var/lib/sasl2 /var/spool/postfix/var/lib/sasl2 none rw,bind 0 0 If you are using sasldb you will still have to check that the sasl database is readable by user postfix. Content filters --------------- Some provisioning for content filter setup is already in /etc/postfix/master.cf, check comments in that file as well as FILTER_README. Amavisd-new and spampd rpms already add themselves to postfix configuration when installed. Remember to tune the lmtp-filter_destination_concurrency_limit (or smtp-filter_destination_concurrency_limit) parameter to the number of instances of amavisd-new (or spampd) you have configured. Reporting Problems ------------------ Before reporting any problem with this package please check if your question is not already answered in the awesome postfix documentation or in the postfix-users-faq.html document. When asking for help always include the output of the "postfinger" command and any relevant information from the /var/log/mail/warnings and /var/log/mail/errors files.