Опубликован: 06.08.2012 | Доступ: свободный | Студентов: 1331 / 47 | Оценка: 5.00 / 5.00 | Длительность: 53:41:00
Лекция 27:

Electronic mail: servers

< Лекция 26 || Лекция 27: 12345 || Лекция 28 >

Configuring Postfix

Postfix requires only one configuration file, /usr/local/etc/postfix/main.cf. This file contains a large number of comments: with a little experience you can configure it without any outside help. In this section, we'll look at some of the entries of interest.

#The mail_owner parameter specifies the owner of the Postfix queue
#and of most Postfix daemon processes. Specify the name of a user
#particular, don't specify nobody or daemon. PLEASE USE A DEDICATED USER.
mail_owner = postfix

Older MTAs used to run as root, which made it easier to write exploits transmitted by mail. Modern MTAs use a dedicated user ID. As we saw above, the postfix user gets added to your password files when you install it. sendmail uses another user ID, smmsp. Don't change this entry.

Host and domain names

A signifycant portion of the configuration file defines host names. By default, the variable myhostname is the fully qualified host name of the system, for example freebie.example.org. You should normally leave it like that; it's not identical to the name that will appear on outgoing mail.

The next variable is mydomain, which defaults to the domain name of the system. Again, you won't normally want to change it.

Then comes the variable myorigin, which is the name that appears on outgoing mail. It defaults to myhostname, which is probably not a good choice. As suggested above, a better name would be the domain name mydomain. Make the following changes to main.cf:

#The myorigin parameter specifies the domain that locally-posted
#mail appears to come from. The default is to append $myhostname,
#which is fine for small sites. If you run a domain with multiple
#machines, you should (1) change this to $mydomain and (2) set up
#adomain-wide alias database that aliases each user to
#myorigin = $myhostname
myorigin = $mydomain

In the original configuration file, the last line is present, but it is "commented out": it starts with the # character. Just remove this character.

The next variable of interest is mydestination. This is a list of host and domain names for which the MTA considers itself the final destination (in other words, it accepts mail for final delivery). By default, it accepts mail addressed to the name of the machine ($myhostname in postfix parlance) and also localhost.$mydomain, the local host name for this domain. In particular, it does not accept mail addressed to the domain, so if you sendmail as fred@example.org, any reply will bounce. To fix this, add $mydomain to the list.

You might also want to accept mail for other domains. For example, if you also wanted to accept mail for beispiel.org, you would add that name here as well. The result might look like this:

#mydestination = $myhostname, localhost.$mydomain
#mydestination = $myhostname, localhost.$mydomain $mydomain
mydestination = $myhostname, localhost.$mydomain, $mydomain,

For the mail for beispiel.org to actually be delivered to this machine, the lowest priority MX record for beispiel.org must point to this host.

Further down, we'll see a feature called virtual hosting. This is a way to allocate email addresses to people without a UNIX account on this machine. It works at the user level, not the domain name level.

Relaying mail

One of the favourite tricks of spammers is to send their mail via another system to give it the aura of respectability. This is doubly annoying for the "other" system: first, it gives it the reputation of being a spammer, and secondly it often incurs expense, either for data charges or simply from congestion. Postfix has a number of tricks to help. The first specifies which networks to trust: Postfix will relay mail coming from these networks. You could consider this to be "outgoing" mail, though the methods Postfix uses don't make this assumption. By default, postfix trusts your network and the localhost network, in other words with a net mask But how does it know the net mask for your network? There are two possibilities: you tell it, or it guesses.

Postfix is pretty simplistic when it comes to guessing. It takes the default net mask for the address class, so if your IP address is, say, (a "class A" network), it will accept mail from any network whose first octet is 61. I know of at least 20 sources of spam in that range. In almost every case, you should specify the network and mask explicitly:

mynetworks =,

This is a good choice where you know the name of the originating networks, for example systems that expect you to handle the mail connection to the outside world. But what if you want to accept mail from anywhere addressed to specific domains? Consider this "incoming" mail, though again that's not the way Postfix looks at it. For example, maybe you're a backup MX for beispiel.de, so you want to accept any mail sent to that domain. In that case, you want to relay mail to this domain no matter where it comes from. For this case, use the relay_domains variable, a list of domain names for which Postfix will always relay. You might put this in your main.cf:

relay_domains = $mydestination, $mydomain, beispiel.de

You can also use the permit_mx_backup variable to accept mail for any domain that lists you as a secondary MX. This is very dangerous: you don't have any control over who lists you as a secondary MX, so any spammer could take advantage of this setting and use you for a relay.

< Лекция 26 || Лекция 27: 12345 || Лекция 28 >