<html> <head> <title> Postfix Configuration - Basics </title> </head> <body> <h1><a href="big-picture.html"><img src="small-picture.gif" width="115" height="45"></a> Postfix Configuration - Basics </h1> <hr> <a href="index.html">Up one level</a> | Basic Configuration | <a href="uce.html">UCE Controls</a> | <a href="rate.html"> Rate Controls</a> | <a href="resource.html"> Resource Controls</a> | <a href="rewrite.html"> Address Manipulation </a> <h2> Introduction </h2> Postfix has several hundred configuration parameters that are controlled via the <b>main.cf</b> file. Fortunately, they have sensible default values. In most cases, you need to configure only two or three parameters before you can use the Postfix mail system: <ul> <li> <a href="#myorigin"> What domain to use in outbound mail </a> <p> <li> <a href="#mydestination"> What domains to receive mail for </a> <p> <li> <a href="#relaying"> What clients to relay mail for </a> </ul> The default values for many other configuration parameters are derived from just these. <p> The next parameter of interest controls the amount of mail sent to the local postmaster: <ul> <li> <a href="#notify"> What trouble to report to the postmaster </a> </ul> <p> Be sure to set the following correctly if you're behind a proxy or network address translator, and you are running a backup MX host for some other domain: <p> <ul> <li> <a href="#proxy_interfaces"> Proxy/NAT network addresses </a> </ul> By the way, if you change parameters of a running Postfix system, don't forget to issue a <b>postfix reload</b> command. <p> If you run Postfix on a virtual network interface, or if your machine runs other mailers on virtual interfaces, you'll have to look at the other parameters listed here as well: <ul> <li> <a href="#myhostname"> My own hostname </a> <p> <li> <a href="#mydomain"> My own domain name </a> <p> <li> <a href="#mynetworks"> My own networks </a> <p> <li> <a href="#inet_interfaces"> My own network addresses </a> </ul> <a name="myorigin"> <h2> What domain to use in outbound mail </h2> </a> The <b>myorigin</b> parameter specifies the domain that appears in mail that is posted on this machine. The default is to use the local machine name, <b><a href="#myhostname"> $myhostname</a>, </b> which defaults to the name of the machine. Unless you are running a really small site, you probably want to change that into <b><a href="#mydomain"> $mydomain</a>,</b> which defaults to the parent domain of the machine name. <p> For the sake of consistency between sender and recipient addresses, <b>myorigin</b> also specifies the default domain name that is appended to an unqualified recipient address. <p> <dl> <dt> Examples: <p> <dd> <b>myorigin = $myhostname</b> (default) <dd> <b>myorigin = $mydomain</b> (probably desirable) </dl> <a name="mydestination"> <h2> What domains to receive mail for </h2> </a> The <b>mydestination</b> parameter specifies what domains this machine will deliver locally, instead of forwarding to another machine. The default is to receive mail for the machine itself. <p> You can specify zero or more domain names, <i>/file/name</i> patterns and/or <i>type:name</i> lookup tables, separated by whitespace and/or commas. A <i>/file/name</i> is replaced by its contents; <i>type:name</i> requests that a table lookup is done. <p> If your machine is a mail server for its entire domain, you must list <b>$mydomain</b> as well. <p> <dl> Examples: <p> <dl> <dt> Default setting: <dd> <b>mydestination = $myhostname localhost.$mydomain</b> <p> <dt> Domain-wide mail server: <dd> <b>mydestination = $myhostname localhost.$mydomain $mydomain </b> <p> <dt> Host with multiple DNS A records: <dd> <b>mydestination = $myhostname localhost.$mydomain www.$mydomain ftp.$mydomain</b> </dl> <p> Caution: in order to avoid mail delivery loops, you must list all hostnames of the machine, including $myhostname, and localhost.$mydomain. </dl> <a name="relaying"> <h2> What clients to relay mail for </h2> </a> By default, Postfix will relay mail for clients in authorized networks. <p> Authorized client networks are defined by the <a href="#mynetworks">mynetworks</a> parameter. The default is to authorize all clients in the IP subnetworks that the local machine is attached to. <a name="notify"> <h2> What trouble to report to the postmaster </h2> </a> You should set up a <b>postmaster</b> <a href="rewrite.html#aliases">alias</a> that points to a human person. This alias is required to exist, so that people can report mail delivery problems. <p> The Postfix system itself also reports problems to the postmaster alias. You may not be interested in all types of trouble reports, so this reporting mechanism is configurable. The default is to report only serious problems (resource, software) to postmaster: <p> <dl> <dt> Default: <dd> <b>notify_classes = resource, software</b> <p> <dt>The meaning of the classes is as follows: <p> <dl> <dt> <b>bounce</b> <dd> Send postmaster copies of undeliverable mail. If mail is undeliverable, a so-called single bounce message is sent, with a copy of the message that was not delivered. For privacy reasons, the postmaster copy of a single bounce message is truncated after the original message headers. If a single bounce message is undeliverable, the postmaster receives a double bounce message with a copy of the entire single bounce message. See also the <a href="rewrite.html#luser_relay"> luser_relay</a> feature. <p> <dt> <b>2bounce</b> <dd> Send double bounces to the postmaster. <p> <dt> <b>delay</b> <dd> Inform the postmaster of delayed mail. In this case, the postmaster receives message headers only. <p> <dt> <b>policy</b> <dd> Inform the postmaster of client requests that were rejected because of (UCE) policy restrictions. The postmaster receives a transcript of the entire SMTP session. <p> <dt> <b>protocol</b> <dd> Inform the postmaster of protocol errors (client or server side) or attempts by a client to execute unimplemented commands. The postmaster receives a transcript of the entire SMTP session. <p> <dt> <b>resource</b> <dd> Inform the postmaster of mail not delivered due to resource problems (for example, queue file write errors). <p> <dt> <b>software</b> <dd> Inform the postmaster of mail not delivered due to software problems. </dl> </dl> <a name="proxy_interfaces"> <h2> Proxy/NAT network addresses </h2> </a> The <b>proxy_interfaces</b> parameter specifies all network addresses that the Postfix receives mail on by way of a proxy or network address translation unit. You may specify symbolic hostnames instead of network addresses. <p> You must specify your proxy/NAT addresses when your system is a backup MX host for other domains, otherwise mail delivery loops will happen when the primary MX host is down. <p> <dl> <dt> Examples: <p> <dl> <dt> Default: <dd> <b>proxy_interfaces = </b> <p> <dt> Host running backup MTA: <dd> <b>proxy_interfaces = 1.2.3.4</b> (the proxy/NAT network address) </dl> </dl> <a name="myhostname"> <h2> My own hostname </h2> </a> The <b>myhostname</b> parameter describes the fully-qualified domain name of the machine running the Postfix system. <b> $myhostname</b> appears as the default value in many other Postfix configuration parameters. <p> By default, <b>myhostname</b> is set to the local machine name. If your machine name is not in fully-qualified domain name form, or if you run Postfix on a virtual interface, you will have to specify the fully-qualified domain name that the mail system should use. <dl> <dt> Examples: <p> <dd> <b>myhostname = host.local.domain</b> (local hostname is not FQDN) <dd> <b>myhostname = host.virtual.domain</b> (virtual interface) <dd> <b>myhostname = virtual.domain</b> (virtual interface) </dl> <a name="mydomain"> <h2> My own domain name </h2> </a> The <b>mydomain</b> parameter specifies the parent domain of <b>$myhostname.</b> By default it is derived from <b> $myhostname</b> by stripping off the first part (unless the result would be a top-level domain). <dl> <dt> Examples: <p> <dd> <b>mydomain = local.domain</b> <dd> <b>mydomain = virtual.domain</b> (virtual interface) </dl> <a name="mynetworks"> <h2> My own networks </h2> </a> The <b>mynetworks</b> parameter lists all networks that this machine somehow trusts. This information can be used by the <a href="uce.html#smtpd_recipient_restrictions"> anti-UCE</a> features to recognize trusted SMTP clients that are allowed to relay mail through Postfix. <p> You can specify the list of trusted networks in the <b>main.cf</b> file, or you can let Postfix deduce the list for you. The default is to let Postfix do the work for you. <p> <dl> <dt> Default: <dd> <b>mynetworks_style = subnet</b> <p> <dt>The meaning of the styles is as follows: <p> <dl> <dt> <b>class</b> <dd> Trust SMTP clients in the class A/B/C networks that Postfix is connected to. <b>Don't do this with a dialup site - it would cause Postfix to "trust" your entire provider's network. Instead, specify an explicit mynetworks list by hand, as described below</b>. <p> <dt> <b>subnet</b> (default) <dd> Trust SMTP clients in the IP subnetworks that Postfix is connected to. <p> <dt> <b>host</b> <dd> Trust only the local machine. </dl> </dl> <p> Alternatively, you can specify the <b>mynetworks</b> list by hand, in which case Postfix ignores the <b>mynetworks_style</b> setting. To specify the list of trusted networks by hand, specify network blocks in CIDR (network/mask) notation, for example: <p> <dl> <dd> <b>mynetworks = 168.100.189.0/28, 127.0.0.0/8</b> </dl> <p> You can also specify the absolute pathname of a pattern file instead of listing the patterns in the <b>main.cf</b> file. <a name="inet_interfaces"> <h2> My own network addresses </h2> </a> The <b>inet_interfaces</b> parameter specifies all network interface addresses that the Postfix system should listen on; mail addressed to <i>user</i>@[<i>network address</i>] will be delivered locally, as if it is addressed to a domain listed in <b> $mydestination. </b> <p> The default is to listen on all active interfaces. If you run mailers on virtual interfaces, you will have to specify what interfaces to listen on. <p> You even have to specify explicit machine interfaces for the non-virtual mailer that receives mail for the machine itself: the non-virtual mailer should never listen on the virtual interfaces or you would have a mailer loop. <dl> <dt> Examples: <p> <dl> <dt> Default: <dd> <b>inet_interfaces = all</b> <p> <dt> Host running virtual mailers: <dd> <b>inet_interfaces = virtual.host.tld</b> (virtual domain) <dd> <b>inet_interfaces = $myhostname localhost.$mydomain</b> (non-virtual mailer) </dl> </dl> <p> <b>Note: you need to stop and start Postfix when this parameter changes.</b> <hr> <a href="index.html">Up one level</a> | Basic Configuration | <a href="uce.html">UCE Controls</a> | <a href="rate.html"> Rate Controls</a> | <a href="resource.html"> Resource Controls</a> | <a href="rewrite.html"> Address Manipulation </a> </body> </html>