Postfix
From DreamHost
Contents |
Introduction
Postfix is a Mail transfer agent (MTA) like Exim or Sendmail which is the default on Ubuntu and Darwin (Mac) installations.
Below are tips on how to configure postfix to relay your messages to DreamHost.
Refer to this general guide to configure a Email relay if you get stuck.
Why do this? So you can perform simple and useful UNIXy commands from your terminal like:
cat log | mail -s "check this out" colleague@example.com
Postfix configuration
Relay to Dreamhost
For main configuration:
/etc/postfix/main.cf
relayhost = [mail.yourdomain.com]:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/smtp_pass smtp_sasl_security_options =
You may prefer to instead use the name of the underlying DreamHost server, to prevent Certificate Domain Mismatch Errors when using TLS, as described below. To determine your server name, see the “domain mismatch” page:
relayhost = [someservername.mail.dreamhost.com]:587
This:
- uses the A record, not the MX record, for IP lookup (that’s what the brackets [] around the domain name are for) – this agrees with (many?) Windows clients’ incorrect usage.
- uses Port 587, which is the default for mail submission, as some ISPs block port 25.
- enables Simple Authentication and Security Layer for logging in.
- the blank smtp_sasl_security_options = overrides the default noplaintext value, allowing plaintext authentication, notably PLAIN and LOGIN which DreamHost uses as of 2009 ((many?) Windows clients only use LOGIN).
You probably also want to ensure you have good values for:
myhostname = yourdomain.com mydomain = yourdomain.com
For a personal server, you likely want to receive all error notification (postfix defaults to only reporting serious errors, leaving the rest for logs), which you can turn via:
# Warn on everything notify_classes = bounce, delay, policy, protocol, resource, software
Authentication
For authentication, put the login information in:
/etc/postfix/smtp_pass
[mail.yourdomain.com]:587 username:password
Note that the key value must exactly match the relayhost – including brackets and port number, if present, otherwise no login information will be sent and you’ll likely receive refused mail with SMTP 554 errors.
Note that username must be of the form user@domain
Next do the following:
$ sudo postmap /etc/postfix/smtp_pass
This creates a /etc/postfix/smtp_pass.db for the hash
Finally, restart postfix so it reads in the new configuration.
sudo postfix restart
or
sudo /etc/init.d/postfix restart
And monitor to your logs (or notify messages in inbox) to debug, whilst firing off:
echo test | mail someone@gmail.com
TLS
To enable TLS, use the following in main.cf:
smtp_tls_security_level = secure smtp_tls_CAfile = /etc/postfix/ndn.ca.crt
…and download the NDN Certificate from:
and place it at /etc/postfix/ndn.ca.crt
The requires that there are no Certificate Domain Mismatch Error, i.e., that the relayhost is of the form *.mail.dreamhost.com, (like spacey.mail.dreamhost.com) not mail.yourserver.com. If you cannot or do not wish to resolve these errors (you prefer to use your server’s DNS name), use instead:
smtp_tls_security_level = encrypt
…which still uses encryption, but turns off certificate checking.
See postconf(5): smtp_tls_security level for further details.
SPF
So that SPF works without your having to set up separate SPF records for your host (not just your domain), you may wish to use:
myorigin = yourdomain.com
This way the envelope sender (the MAIL RCPT value in SMTP) will be set to user@yourdomain.com, rather than user@host.yourdomain.com (it will omit the host).
This is useful if you can’t or don’t want to set up an SPF record for your host, for example if it’s a redirect (CNAME) to a dynamic DNS address, in which case you’d need to set up your SPF address with the dynamic DNS registrar, not DreamHost – and they may not provide this.
If you make this change, be sure to test (and check logs)!
Use
Finding which version of Postfix you are running
$ postconf -d | grep mail_version mail_version = 2.1.5
Monitor your logs
You can follow the log via:
tail -f /var/log/mail.log
or, better (because you can page back):
less +F /var/log/mail.log
Reference
$ man 5 postconf # postconf(5) manual
on the web at:
