Postfix

Introduction
Postfix is a Mail transfer agent (MTA) like Exim or Sendmail which is the default on Ubuntu and Darwin (Mac) installations.

Below are tips on how to configure postfix to relay your messages to DreamHost.

Refer to this general guide to configure a Email relay if you get stuck.

Why do this? So you can perform simple and useful UNIXy commands from your terminal like:

cat log | mail -s "check this out" colleague@example.com

Relay to Dreamhost
For main configuration:

/etc/postfix/main.cf

relayhost = [mail.yourdomain.com]:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/smtp_pass smtp_sasl_security_options =

You may prefer to instead use the name of the underlying DreamHost server, to prevent Certificate Domain Mismatch Errors when using TLS, as described below. To determine your server name, see the “domain mismatch” page: relayhost = [someservername.mail.dreamhost.com]:587

This:
 * uses the A record, not the MX record, for IP lookup (that’s what the brackets [] around the domain name are for) – this agrees with (many?) Windows clients’ incorrect usage.
 * uses Port 587, which is the default for mail submission, as some ISPs block port 25.
 * enables for logging in.
 * the blank smtp_sasl_security_options = overrides the default noplaintext value, allowing plaintext authentication, notably PLAIN and LOGIN which DreamHost uses as of 2009 ((many?) Windows clients only use LOGIN).

You probably also want to ensure you have good values for:

myhostname = yourdomain.com mydomain = yourdomain.com

For a personal server, you likely want to receive all error notification (postfix defaults to only reporting serious errors, leaving the rest for logs), which you can turn via: notify_classes = bounce, delay, policy, protocol, resource, software
 * 1) Warn on everything

Authentication
Create a dreamhost mail account to be used for relays. (relay@yourdomain.com) https://panel.dreamhost.com/index.cgi?tree=mail.addresses&

For authentication, put the login information in:

/etc/postfix/smtp_pass

[mail.yourdomain.com]:587 relay@yourdomain.com:password

Note that the key value ( [mail.yourdomain.com]:587 ) must exactly match the relayhost in main.cf – including brackets and port number, if present, otherwise no login information will be sent and you’ll likely receive refused mail with SMTP 554 errors. Also note that the brackets surrounding [mail.yourname.com] are important! They ensure that the hostname doesn't get converted to a different address after IP lookup.

Note that username must be of the form user@domain

Next do the following: $ sudo postmap /etc/postfix/smtp_pass This creates a /etc/postfix/smtp_pass.db for the hash

Finally, restart postfix so it reads in the new configuration. sudo postfix restart or sudo /etc/init.d/postfix restart

And monitor your logs (or notify messages in inbox) to debug, sudo tail -f /var/log/mail.info

whilst firing off:

echo test | mail someone@gmail.com

If this works, remove /etc/postfix/smtp_pass</tt> since the password is in clear text. sudo rm /etc/postfix/smtp_pass

TLS
To enable TLS, use the following in main.cf: smtp_tls_security_level = secure smtp_tls_CAfile = /etc/postfix/ndn.ca.crt …and download the NDN Certificate from: and place it at /etc/postfix/ndn.ca.crt</tt>
 * https://dreamhost.com/ca/ndn.ca.crt

The requires that there are no Certificate Domain Mismatch Error, i.e., that the relayhost is of the form *.mail.dreamhost.com,</tt> (like spacey.mail.dreamhost.com</tt>) not mail.yourserver.com.</tt> If you cannot or do not wish to resolve these errors (you prefer to use your server’s DNS name), use instead: smtp_tls_security_level = encrypt …which still uses encryption, but turns off certificate checking.

See postconf(5): smtp_tls_security level</tt> for further details.

SPF
So that SPF works without your having to set up separate SPF records for your host (not just your domain), you may wish to use: myorigin = yourdomain.com This way the (the MAIL RCPT value in SMTP) will be set to user@yourdomain.com,</tt> rather than user@host.yourdomain.com</tt> (it will omit the host</tt>).

This is useful if you can’t or don’t want to set up an SPF record for your host, for example if it’s a redirect (CNAME) to a address, in which case you’d need to set up your SPF address with the dynamic DNS registrar, not DreamHost – and they may not provide this.

If you make this change, be sure to test (and check logs)!

Finding which version of Postfix you are running
$ postconf mail_version mail_version = 2.1.5

Monitor your logs
You can follow the log via: tail -f /var/log/mail.log or, better (because you can page back): less +F /var/log/mail.log

Reference
$ man 5 postconf # postconf(5) manual on the web at:
 * http://www.postfix.org/postconf.5.html