211.1. Using e-mail servers

211.1 Using e-mail servers

Weight: 4
Description: Candidates should be able to manage an e-mail server, including the configuration of e-mail aliases, e-mail quotas and virtual e-mail domains. This objective includes configuring internal e-mail relays and monitoring e-mail servers.
Key Knowledge Areas:
    Configuration files for postfix
    Basic TLS configuration for postfix
    Basic knowledge of the SMTP protocol
    Awareness of sendmail and exim
Terms and Utilities:
    Configuration files and commands for postfix
    /etc/postfix/
    /var/spool/postfix/
    sendmail emulation layer commands
    /etc/aliases
    mail-related logs in /var/log/

What is e-mail ?

Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email first entered limited use in the 1960s and by the mid-1970s had taken the form now recognized as email. Email operates across computer networks, which today is primarily the Internet. As its obvious e-mail is pretty old method of communication and some times it is said that the e-mail is as old as the internet itself! But nowadays no successfull bussiness can live with out that.

How e-mail Works?

Email is based around the use of electronic mailboxes. When an email is sent, the message is routed from server to server, all the way to the recipient's email server.
1.First the User open its mail box using using one of many mail client applications (Like Thunderbolt, Evolution, SquirrelMail, ...) (which is Called MUA, Mail user Agent) and send an e-mail.
2.Then Mail Submission Agent(MSA) receives electronic mail messages from a mail user agent (MUA) and cooperates with a mail transfer agent (MTA) for delivery of the mail.
3.The message is sent to the mail server tasked with transporting emails (called the MTA, for Mail Transport Agent) to the recipient's MTA. On the Internet, MTAs communicate with one another using the protocol SMTP, and so are logically called SMTP servers (or sometimes outgoing mail servers).
    SMTP (Simple Mail Transfer Protocol). It is a protocol that really defines how e-mail is transfered and saved and is a part of the TCP/IP application layer as well as settings rules that e-mail applications follow.
4.The recipient's MTA then delivers the email to the incoming mail server (called the MDA, for Mail Delivery Agent), which stores the email as it waits for the user to accept it.(Sometimes MTA can also function as an MDA)But often (procmail for example) , They are independent applications that can also filter mail(like spam).
There are two main protocols used for retrieving email on an MDA:
    POP3 (Post Office Protocol), which is used by MUAs, for retrieving email and, in certain cases, leaving a copy of it on the server.
    IMAP (Internet Message Access Protocol), which is used by MUAs,for coordinating the status of emails (read, deleted, moved) across multiple email clients. With IMAP, a copy of every message is saved on the server, so that this synchronization task can be completed.
    Both of those can be secured with TLS or SSL Certificates, so it is encrypted at some levels between the server and end user client (MUA).

MX Record

MX records are the mail DNS record (we discussed about earlier in DNS Course). These records are used by MTAs to determine the authorative mail server for any particular e-mail message.

MUA

Mail User Agent. This is whatever application we use to create and send e-mail (Like Thunderbolt, Evolution, SquirrelMail, etc).

MSA

Mail Submission Agen. Acts as an intermediary or gateway between the MUA and an MTA to strat the transfer of e-mail.

MTA

Mail Transfer Agent. Accepts e-mail from the MUA and sends it (if needed) to the receiving mail address (could be another MTA if this is not the destination.

Mail Transfer Agents(MTAs) for Linux

Lets look at a round up of the best and most used MTA’s on Linux mail servers:

1.Send Mail

Sendmail now known as proofpoint (after Proofpoint, Inc acquired Sendmail, Inc) is by far the most popular and one of the oldest MTA on the Linux server platform. Sendmail has a lot of limitations though, in comparison to modern MTAs.
Because of its complicated configuration steps and demands, and weak security mechanisms, many new MTAs have come up as alternatives to Sendmail, but importantly, it offers everything to do with mail on a network.

2.Exim

Exim is a free MTA developed for Unix-like operating systems such as Linux, Mac OSX, Solaris and many more. Exim offers a great level of flexibility in routing mail on a network, with outstanding mechanisms and facilities for incoming mail monitoring.
Its notable features include among others:
    No support for POP and IMAP protocols
    Supports protocols such as RFC 2821 SMTP and RFC 2033 LMTP email message transport(LMTP is an alternative to normal SMTP for situations where the receiving side does not have a mail queue )
    Configurations include access control lists, content scanning, encryption, routing controls among others
    Excellent documentation
    It has utilities such as Lemonade which is an assortment of SMTP and IMAP extensions to enable mobile messaging plus many more.

3.Qmail

Qmail is also another free, open-source and modern Linux MTA when compared to the other MTAs we have looked at. More over, it is simple, reliable, efficient and offers extensive security features hence a secure MTA package.
It is relatively small but feature-rich and some of its features include:
    Runs on multiple Unix-like operating systems such as FreeBSD, Solaris, Mac OSX plus many more
    Simple and quick installation
    Automatic per-host configuration
    Clear separation between addresses, files and programs
    Full support for address groups
    Lets each user manage their own mail lists
    Supports an easy way to set up mailing list
    Supports VERPs (variable envelope return path addresses on request) undeliverable mail can reveal the undeliverable recipient address without requiring the list owner to parse bounce messages.
    Supports automatic prevention of mailing list loops
    Supports ezmlm mailing list manager
    No random lists supported and many more

4.Postfix

Postfix is a cross-platform, popular MTA that was designed and developed by Wietse Zweitze Venema for his mail server while working at IBM research department.
It was primarily developed as an alternative to well known and popularSendmail MTA. Postfix runs on Linux, Mac OSX, Solaris and several other Unix-like operating systems.
It borrows a lot of Sendmail properties on the outside, but it has a totally and comprehensively distinct internal operation. Additionally, it bids to be fast in performance with easy configurations and secure operation mechanism and has the following major features:
    Junk mail control
    Supports multiple protocols
    Database support
    Mailbox support
    Address manipulation support and many more
For LPIC2 exam we are just expected to know about Postfix and its configuration files, so just know about other MTAs existance.

Postfix Configuration

Lets Install post fix and mail ustils (We will use CentOS7):
1
[[email protected] ~]# yum install postfix
2
.....
3
...
4
..
5
Package 2:postfix-2.10.1-6.el7.x86_64 already installed and latest version
6
Nothing to do
Copied!
as Postfix in our distrobution is used as local mail delivary service it is already installed.
1
[[email protected] ~]# systemctl status postfix.service
2
● postfix.service - Postfix Mail Transport Agent
3
Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
4
Active: active (running) since Sun 2018-05-20 02:20:59 EDT; 8min ago
5
Process: 1080 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
6
Process: 1071 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
7
Process: 1048 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
8
Main PID: 1324 (master)
9
CGroup: /system.slice/postfix.service
10
├─1324 /usr/libexec/postfix/master -w
11
├─1325 pickup -l -t unix -u
12
└─1326 qmgr -l -t unix -u
13
14
May 20 02:20:58 localhost.localdomain systemd[1]: Starting Postfix Mail Transport A....
15
May 20 02:20:59 localhost.localdomain postfix/master[1324]: daemon started -- versio...
16
May 20 02:20:59 localhost.localdomain systemd[1]: Started Postfix Mail Transport Agent.
17
Hint: Some lines were ellipsized, use -l to show in full.
Copied!

/etc/postfix

Lets see configurations to find out how its configured.
1
[[email protected] ~]# cd /etc/postfix/
2
[[email protected] postfix]# ls -la
3
total 160
4
drwxr-xr-x. 2 root root 154 Oct 28 2017 .
5
drwxr-xr-x. 138 root root 8192 May 20 02:23 ..
6
-rw-r--r--. 1 root root 20876 Jun 9 2014 access
7
-rw-r--r--. 1 root root 11681 Jun 9 2014 canonical
8
-rw-r--r--. 1 root root 9904 Jun 9 2014 generic
9
-rw-r--r--. 1 root root 21545 Jun 9 2014 header_checks
10
-rw-r--r--. 1 root root 27176 Jun 9 2014 main.cf
11
-rw-r--r--. 1 root root 6105 Jun 9 2014 master.cf
12
-rw-r--r--. 1 root root 6816 Jun 9 2014 relocated
13
-rw-r--r--. 1 root root 12549 Jun 9 2014 transport
14
-rw-r--r--. 1 root root 12494 Jun 9 2014 virtual
Copied!

main.cf

The Postfix main configuration file is main.cf (please note that there is a master.cf also). The main.cf file has tones of Documentations and settiing are in key value pairs (Something = Value). try cat main.cf to see.
1
[[email protected] postfix]# cat main.cf
2
# Global Postfix configuration file. This file lists only a subset
3
# of all parameters. For the syntax, and for a complete parameter
4
# list, see the postconf(5) manual page (command: "man 5 postconf").
5
#
6
# For common configuration examples, see BASIC_CONFIGURATION_README
7
# and STANDARD_CONFIGURATION_README. To find these documents, use
8
# the command "postconf html_directory readme_directory", or go to
9
# http://www.postfix.org/.
10
#
11
# For best results, change no more than 2-3 parameters at a time,
12
# and test if Postfix still works after every change.
13
14
# SOFT BOUNCE
15
#
16
# The soft_bounce parameter provides a limited safety net for
17
# testing. When soft_bounce is enabled, mail will remain queued that
18
# would otherwise bounce. This parameter disables locally-generated
19
# bounces, and prevents the SMTP server from rejecting mail permanently
20
# (by changing 5xx replies into 4xx replies). However, soft_bounce
21
# is no cure for address rewriting mistakes or mail routing mistakes.
22
#
23
#soft_bounce = no
24
25
# LOCAL PATHNAME INFORMATION
26
#
27
# The queue_directory specifies the location of the Postfix queue.
28
# This is also the root directory of Postfix daemons that run chrooted.
29
# See the files in examples/chroot-setup for setting up Postfix chroot
30
# environments on different UNIX systems.
31
#
32
queue_directory = /var/spool/postfix
33
34
# The command_directory parameter specifies the location of all
35
# postXXX commands.
36
#
37
command_directory = /usr/sbin
38
39
# The daemon_directory parameter specifies the location of all Postfix
40
# daemon programs (i.e. programs listed in the master.cf file). This
41
# directory must be owned by root.
42
#
43
daemon_directory = /usr/libexec/postfix
44
45
# The data_directory parameter specifies the location of Postfix-writable
46
# data files (caches, random numbers). This directory must be owned
47
# by the mail_owner account (see below).
48
#
49
data_directory = /var/lib/postfix
50
51
# QUEUE AND PROCESS OWNERSHIP
52
#
53
# The mail_owner parameter specifies the owner of the Postfix queue
54
# and of most Postfix daemon processes. Specify the name of a user
55
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
56
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
57
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
58
# USER.
59
#
60
mail_owner = postfix
61
62
# The default_privs parameter specifies the default rights used by
63
# the local delivery agent for delivery to external file or command.
64
# These rights are used in the absence of a recipient user context.
65
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
66
#
67
#default_privs = nobody
68
69
# INTERNET HOST AND DOMAIN NAMES
70
#
71
# The myhostname parameter specifies the internet hostname of this
72
# mail system. The default is to use the fully-qualified domain name
73
# from gethostname(). $myhostname is used as a default value for many
74
# other configuration parameters.
75
#
76
#myhostname = host.domain.tld
77
#myhostname = virtual.domain.tld
78
79
# The mydomain parameter specifies the local internet domain name.
80
# The default is to use $myhostname minus the first component.
81
# $mydomain is used as a default value for many other configuration
82
# parameters.
83
#
84
#mydomain = domain.tld
85
86
# SENDING MAIL
87
#
88
# The myorigin parameter specifies the domain that locally-posted
89
# mail appears to come from. The default is to append $myhostname,
90
# which is fine for small sites. If you run a domain with multiple
91
# machines, you should (1) change this to $mydomain and (2) set up
92
# a domain-wide alias database that aliases each user to
94
#
95
# For the sake of consistency between sender and recipient addresses,
96
# myorigin also specifies the default domain name that is appended
97
# to recipient addresses that have no @domain part.
98
#
99
#myorigin = $myhostname
100
#myorigin = $mydomain
101
102
# RECEIVING MAIL
103
104
# The inet_interfaces parameter specifies the network interface
105
# addresses that this mail system receives mail on. By default,
106
# the software claims all active interfaces on the machine. The
107
# parameter also controls delivery of mail to [email protected][ip.address].
108
#
109
# See also the proxy_interfaces parameter, for network addresses that
110
# are forwarded to us via a proxy or network address translator.
111
#
112
# Note: you need to stop/start Postfix when this parameter changes.
113
#
114
#inet_interfaces = all
115
#inet_interfaces = $myhostname
116
#inet_interfaces = $myhostname, localhost
117
inet_interfaces = localhost
118
119
# Enable IPv4, and IPv6 if supported
120
inet_protocols = all
121
122
# The proxy_interfaces parameter specifies the network interface
123
# addresses that this mail system receives mail on by way of a
124
# proxy or network address translation unit. This setting extends
125
# the address list specified with the inet_interfaces parameter.
126
#
127
# You must specify your proxy/NAT addresses when your system is a
128
# backup MX host for other domains, otherwise mail delivery loops
129
# will happen when the primary MX host is down.
130
#
131
#proxy_interfaces =
132
#proxy_interfaces = 1.2.3.4
133
134
# The mydestination parameter specifies the list of domains that this
135
# machine considers itself the final destination for.
136
#
137
# These domains are routed to the delivery agent specified with the
138
# local_transport parameter setting. By default, that is the UNIX
139
# compatible delivery agent that lookups all recipients in /etc/passwd
140
# and /etc/aliases or their equivalent.
141
#
142
# The default is $myhostname + localhost.$mydomain. On a mail domain
143
# gateway, you should also include $mydomain.
144
#
145
# Do not specify the names of virtual domains - those domains are
146
# specified elsewhere (see VIRTUAL_README).
147
#
148
# Do not specify the names of domains that this machine is backup MX
149
# host for. Specify those names via the relay_domains settings for
150
# the SMTP server, or use permit_mx_backup if you are lazy (see
151
# STANDARD_CONFIGURATION_README).
152
#
153
# The local machine is always the final destination for mail addressed
154
# to [email protected][the.net.work.address] of an interface that the mail system
155
# receives mail on (see the inet_interfaces parameter).
156
#
157
# Specify a list of host or domain names, /file/name or type:table
158
# patterns, separated by commas and/or whitespace. A /file/name
159
# pattern is replaced by its contents; a type:table is matched when
160
# a name matches a lookup key (the right-hand side is ignored).
161
# Continue long lines by starting the next line with whitespace.
162
#
163
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
164
#
165
mydestination = $myhostname, localhost.$mydomain, localhost
166
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
167
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
168
# mail.$mydomain, www.$mydomain, ftp.$mydomain
169
170
# REJECTING MAIL FOR UNKNOWN LOCAL USERS
171
#
172
# The local_recipient_maps parameter specifies optional lookup tables
173
# with all names or addresses of users that are local with respect
174
# to $mydestination, $inet_interfaces or $proxy_interfaces.
175
#
176
# If this parameter is defined, then the SMTP server will reject
177
# mail for unknown local users. This parameter is defined by default.
178
#
179
# To turn off local recipient checking in the SMTP server, specify
180
# local_recipient_maps = (i.e. empty).
181
#
182
# The default setting assumes that you use the default Postfix local
183
# delivery agent for local delivery. You need to update the
184
# local_recipient_maps setting if:
185
#
186
# - You define $mydestination domain recipients in files other than
187
# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
188
# For example, you define $mydestination domain recipients in
189
# the $virtual_mailbox_maps files.
190
#
191
# - You redefine the local delivery agent in master.cf.
192
#
193
# - You redefine the "local_transport" setting in main.cf.
194
#
195
# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
196
# feature of the Postfix local delivery agent (see local(8)).
197
#
198
# Details are described in the LOCAL_RECIPIENT_README file.
199
#
200
# Beware: if the Postfix SMTP server runs chrooted, you probably have
201
# to access the passwd file via the proxymap service, in order to
202
# overcome chroot restrictions. The alternative, having a copy of
203
# the system passwd file in the chroot jail is just not practical.
204
#
205
# The right-hand side of the lookup tables is conveniently ignored.
206
# In the left-hand side, specify a bare username, an @domain.tld
207
# wild-card, or specify a [email protected] address.
208
#
209
#local_recipient_maps = unix:passwd.byname $alias_maps
210
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
211
#local_recipient_maps =
212
213
# The unknown_local_recipient_reject_code specifies the SMTP server
214
# response code when a recipient domain matches $mydestination or
215
# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
216
# and the recipient address or address local-part is not found.
217
#
218
# The default setting is 550 (reject mail) but it is safer to start
219
# with 450 (try again later) until you are certain that your
220
# local_recipient_maps settings are OK.
221
#
222
unknown_local_recipient_reject_code = 550
223
224
# TRUST AND RELAY CONTROL
225
226
# The mynetworks parameter specifies the list of "trusted" SMTP
227
# clients that have more privileges than "strangers".
228
#
229
# In particular, "trusted" SMTP clients are allowed to relay mail
230
# through Postfix. See the smtpd_recipient_restrictions parameter
231
# in postconf(5).
232
#
233
# You can specify the list of "trusted" network addresses by hand
234
# or you can let Postfix do it for you (which is the default).
235
#
236
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
237
# clients in the same IP subnetworks as the local machine.
238
# On Linux, this does works correctly only with interfaces specified
239
# with the "ifconfig" command.
240
#
241
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
242
# clients in the same IP class A/B/C networks as the local machine.
243
# Don't do this with a dialup site - it would cause Postfix to "trust"
244
# your entire provider's network. Instead, specify an explicit
245
# mynetworks list by hand, as described below.
246
#
247
# Specify "mynetworks_style = host" when Postfix should "trust"
248
# only the local machine.
249
#
250
#mynetworks_style = class
251
#mynetworks_style = subnet
252
#mynetworks_style = host
253
254
# Alternatively, you can specify the mynetworks list by hand, in
255
# which case Postfix ignores the mynetworks_style setting.
256
#
257
# Specify an explicit list of network/netmask patterns, where the
258
# mask specifies the number of bits in the network part of a host
259
# address.
260
#
261
# You can also specify the absolute pathname of a pattern file instead
262
# of listing the patterns here. Specify type:table for table-based lookups
263
# (the value on the table right-hand side is not used).
264
#
265
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
266
#mynetworks = $config_directory/mynetworks
267
#mynetworks = hash:/etc/postfix/network_table
268
269
# The relay_domains parameter restricts what destinations this system will
270
# relay mail to. See the smtpd_recipient_restrictions description in
271
# postconf(5) for detailed information.
272
#
273
# By default, Postfix relays mail
274
# - from "trusted" clients (IP address matches $mynetworks) to any destination,
275
# - from "untrusted" clients to destinations that match $relay_domains or
276
# subdomains thereof, except addresses with sender-specified routing.
277
# The default relay_domains value is $mydestination.
278
#
279
# In addition to the above, the Postfix SMTP server by default accepts mail
280
# that Postfix is final destination for:
281
# - destinations that match $inet_interfaces or $proxy_interfaces,
282
# - destinations that match $mydestination
283
# - destinations that match $virtual_alias_domains,
284
# - destinations that match $virtual_mailbox_domains.
285
# These destinations do not need to be listed in $relay_domains.
286
#
287
# Specify a list of hosts or domains, /file/name patterns or type:name
288
# lookup tables, separated by commas and/or whitespace. Continue
289
# long lines by starting the next line with whitespace. A file name
290
# is replaced by its contents; a type:name table is matched when a
291
# (parent) domain appears as lookup key.
292
#
293
# NOTE: Postfix will not automatically forward mail for domains that
294
# list this system as their primary or backup MX host. See the
295
# permit_mx_backup restriction description in postconf(5).
296
#
297
#relay_domains = $mydestination
298
299
# INTERNET OR INTRANET
300
301
# The relayhost parameter specifies the default host to send mail to
302
# when no entry is matched in the optional transport(5) table. When
303
# no relayhost is given, mail is routed directly to the destination.
304
#
305
# On an intranet, specify the organizational domain name. If your
306
# internal DNS uses no MX records, specify the name of the intranet
307
# gateway host instead.
308
#
309
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
310
# [address] or [address]:port; the form [host] turns off MX lookups.
311
#
312
# If you're connected via UUCP, see also the default_transport parameter.
313
#
314
#relayhost = $mydomain
315
#relayhost = [gateway.my.domain]
316
#relayhost = [mailserver.isp.tld]
317
#relayhost = uucphost
318
#relayhost = [an.ip.add.ress]
319
320
# REJECTING UNKNOWN RELAY USERS
321
#
322
# The relay_recipient_maps parameter specifies optional lookup tables
323
# with all addresses in the domains that match $relay_domains.
324
#
325
# If this parameter is defined, then the SMTP server will reject
326
# mail for unknown relay users. This feature is off by default.
327
#
328
# The right-hand side of the lookup tables is conveniently ignored.
329
# In the left-hand side, specify an @domain.tld wild-card, or specify
330
# a [email protected] address.
331
#
332
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
333
334
# INPUT RATE CONTROL
335
#
336
# The in_flow_delay configuration parameter implements mail input
337
# flow control. This feature is turned on by default, although it
338
# still needs further development (it's disabled on SCO UNIX due
339
# to an SCO bug).
340
#
341
# A Postfix process will pause for $in_flow_delay seconds before
342
# accepting a new message, when the message arrival rate exceeds the
343
# message delivery rate. With the default 100 SMTP server process
344
# limit, this limits the mail inflow to 100 messages a second more
345
# than the number of messages delivered per second.
346
#
347
# Specify 0 to disable the feature. Valid delays are 0..10.
348
#
349
#in_flow_delay = 1s
350
351
# ADDRESS REWRITING
352
#
353
# The ADDRESS_REWRITING_README document gives information about
354
# address masquerading or other forms of address rewriting including
355
# username->Firstname.Lastname mapping.
356
357
# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
358
#
359
# The VIRTUAL_README document gives information about the many forms
360
# of domain hosting that Postfix supports.
361
362
# "USER HAS MOVED" BOUNCE MESSAGES
363
#
364
# See the discussion in the ADDRESS_REWRITING_README document.
365
366
# TRANSPORT MAP
367
#
368
# See the discussion in the ADDRESS_REWRITING_README document.
369
370
# ALIAS DATABASE
371
#
372
# The alias_maps parameter specifies the list of alias databases used
373
# by the local delivery agent. The default list is system dependent.
374
#
375
# On systems with NIS, the default is to search the local alias
376
# database, then the NIS alias database. See aliases(5) for syntax
377
# details.
378
#
379
# If you change the alias database, run "postalias /etc/aliases" (or
380
# wherever your system stores the mail alias file), or simply run
381
# "newaliases" to build the necessary DBM or DB file.
382
#
383
# It will take a minute or so before changes become visible. Use
384
# "postfix reload" to eliminate the delay.
385
#
386
#alias_maps = dbm:/etc/aliases
387
alias_maps = hash:/etc/aliases
388
#alias_maps = hash:/etc/aliases, nis:mail.aliases
389
#alias_maps = netinfo:/aliases
390
391
# The alias_database parameter specifies the alias database(s) that
392
# are built with "newaliases" or "sendmail -bi". This is a separate
393
# configuration parameter, because alias_maps (see above) may specify
394
# tables that are not necessarily all under control by Postfix.
395
#
396
#alias_database = dbm:/etc/aliases
397
#alias_database = dbm:/etc/mail/aliases
398
alias_database = hash:/etc/aliases
399
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
400
401
# ADDRESS EXTENSIONS (e.g., user+foo)
402
#
403
# The recipient_delimiter parameter specifies the separator between
404
# user names and address extensions (user+foo). See canonical(5),
405
# local(8), relocated(5) and virtual(5) for the effects this has on
406
# aliases, canonical, virtual, relocated and .forward file lookups.
407
# Basically, the software tries user+foo and .forward+foo before
408
# trying user and .forward.
409
#
410
#recipient_delimiter = +
411
412
# DELIVERY TO MAILBOX
413
#
414
# The home_mailbox parameter specifies the optional pathname of a
415
# mailbox file relative to a user's home directory. The default
416
# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
417
# "Maildir/" for qmail-style delivery (the / is required).
418
#
419
#home_mailbox = Mailbox
420
#home_mailbox = Maildir/
421
422
# The mail_spool_directory parameter specifies the directory where
423
# UNIX-style mailboxes are kept. The default setting depends on the
424
# system type.
425
#
426
#mail_spool_directory = /var/mail
427
#mail_spool_directory = /var/spool/mail
428
429
# The mailbox_command parameter specifies the optional external
430
# command to use instead of mailbox delivery. The command is run as
431
# the recipient with proper HOME, SHELL and LOGNAME environment settings.
432
# Exception: delivery for root is done as $default_user.
433
#
434
# Other environment variables of interest: USER (recipient username),
435
# EXTENSION (address extension), DOMAIN (domain part of address),
436
# and LOCAL (the address localpart).
437
#
438
# Unlike other Postfix configuration parameters, the mailbox_command
439
# parameter is not subjected to $parameter substitutions. This is to
440
# make it easier to specify shell syntax (see example below).
441
#
442
# Avoid shell meta characters because they will force Postfix to run
443
# an expensive shell process. Procmail alone is expensive enough.
444
#
445
# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
446
# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
447
#
448
#mailbox_command = /some/where/procmail
449
#mailbox_command = /some/where/procmail -a "$EXTENSION"
450
451
# The mailbox_transport specifies the optional transport in master.cf
452
# to use after processing aliases and .forward files. This parameter
453
# has precedence over the mailbox_command, fallback_transport and
454
# luser_relay parameters.
455
#
456
# Specify a string of the form transport:nexthop, where transport is
457
# the name of a mail delivery transport defined in master.cf. The
458
# :nexthop part is optional. For more details see the sample transport
459
# configuration file.
460
#
461
# NOTE: if you use this feature for accounts not in the UNIX password
462
# file, then you must update the "local_recipient_maps" setting in
463
# the main.cf file, otherwise the SMTP server will reject mail for
464
# non-UNIX accounts with "User unknown in local recipient table".
465
#
466
# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd"
467
# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
468
#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
469
470
# If using the cyrus-imapd IMAP server deliver local mail to the IMAP
471
# server using LMTP (Local Mail Transport Protocol), this is prefered
472
# over the older cyrus deliver program by setting the
473
# mailbox_transport as below:
474
#
475
# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
476
#
477
# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via
478
# these settings.
479
#
480
# local_destination_recipient_limit = 300
481
# local_destination_concurrency_limit = 5
482
#
483
# Of course you should adjust these settings as appropriate for the
484
# capacity of the hardware you are using. The recipient limit setting
485
# can be used to take advantage of the single instance message store
486
# capability of Cyrus. The concurrency limit can be used to control
487
# how many simultaneous LMTP sessions will be permitted to the Cyrus
488
# message store.
489
#
490
# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
491
# subsequent line in master.cf.
492
#mailbox_transport = cyrus
493
494
# The fallback_transport specifies the optional transport in master.cf
495
# to use for recipients that are not found in the UNIX passwd database.
496
# This parameter has precedence over the luser_relay parameter.
497
#
498
# Specify a string of the form transport:nexthop, where transport is
499
# the name of a mail delivery transport defined in master.cf. The
500
# :nexthop part is optional. For more details see the sample transport
501
# configuration file.
502
#
503
# NOTE: if you use this feature for accounts not in the UNIX password
504
# file, then you must update the "local_recipient_maps" setting in
505
# the main.cf file, otherwise the SMTP server will reject mail for
506
# non-UNIX accounts with "User unknown in local recipient table".
507
#
508
#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
509
#fallback_transport =
510
511
# The luser_relay parameter specifies an optional destination address
512
# for unknown recipients. By default, mail for [email protected]$mydestination,
513
# [email protected][$inet_interfaces] or [email protected][$proxy_interfaces] is returned
514
# as undeliverable.
515
#
516
# The following expansions are done on luser_relay: $user (recipient
517
# username), $shell (recipient shell), $home (recipient home directory),
518
# $recipient (full recipient address), $extension (recipient address
519
# extension), $domain (recipient domain), $local (entire recipient
520
# localpart), $recipient_delimiter. Specify ${name?value} or
521
# ${name:value} to expand value only when $name does (does not) exist.
522
#
523
# luser_relay works only for the default Postfix local delivery agent.
524
#
525
# NOTE: if you use this feature for accounts not in the UNIX password
526
# file, then you must specify "local_recipient_maps =" (i.e. empty) in
527
# the main.cf file, otherwise the SMTP server will reject mail for
528
# non-UNIX accounts with "User unknown in local recipient table".
529
#
530
#luser_relay = [email protected]
531
#luser_relay = [email protected]
532
#luser_relay = admin+$local
533
534
# JUNK MAIL CONTROLS
535
#
536
# The controls listed here are only a very small subset. The file
537
# SMTPD_ACCESS_README provides an overview.
538
539
# The header_checks parameter specifies an optional table with patterns
540
# that each logical message header is matched against, including
541
# headers that span multiple physical lines.
542
#
543
# By default, these patterns also apply to MIME headers and to the
544
# headers of attached messages. With older Postfix versions, MIME and
545
# attached message headers were treated as body text.
546
#
547
# For details, see "man header_checks".
548
#
549
#header_checks = regexp:/etc/postfix/header_checks
550
551
# FAST ETRN SERVICE
552
#
553
# Postfix maintains per-destination logfiles with information about
554
# deferred mail, so that mail can be flushed quickly with the SMTP
555
# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
556
# See the ETRN_README document for a detailed description.
557
#
558
# The fast_flush_domains parameter controls what destinations are
559
# eligible for this service. By default, they are all domains that
560
# this server is willing to relay mail to.
561
#
562
#fast_flush_domains = $relay_domains
563
564
# SHOW SOFTWARE VERSION OR NOT
565
#
566
# The smtpd_banner parameter specifies the text that follows the 220
567
# code in the SMTP server's greeting banner. Some people like to see
568
# the mail version advertised. By default, Postfix shows no version.
569
#
570
# You MUST specify $myhostname at the start of the text. That is an
571
# RFC requirement. Postfix itself does not care.
572
#
573
#smtpd_banner = $myhostname ESMTP $mail_name
574
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
575
576
# PARALLEL DELIVERY TO THE SAME DESTINATION
577
#
578
# How many parallel deliveries to the same user or domain? With local
579
# delivery, it does not make sense to do massively parallel delivery
580
# to the same user, because mailbox updates must happen sequentially,
581
# and expensive pipelines in .forward files can cause disasters when
582
# too many are run at the same time. With SMTP deliveries, 10
583
# simultaneous connections to the same domain could be sufficient to
584
# raise eyebrows.
585
#
586
# Each message delivery transport has its XXX_destination_concurrency_limit
587
# parameter. The default is $default_destination_concurrency_limit for
588
# most delivery transports. For the local delivery agent the default is 2.
589
590
#local_destination_concurrency_limit = 2
591
#default_destination_concurrency_limit = 20
592
593
# DEBUGGING CONTROL
594
#
595
# The debug_peer_level parameter specifies the increment in verbose
596
# logging level when an SMTP client or server host name or address
597
# matches a pattern in the debug_peer_list parameter.
598
#
599
debug_peer_level = 2
600
601
# The debug_peer_list parameter specifies an optional list of domain
602
# or network patterns, /file/name patterns or type:name tables. When
603
# an SMTP client or server host name or address matches a pattern,
604
# increase the verbose logging level by the amount specified in the
605
# debug_peer_level parameter.
606
#
607
#debug_peer_list = 127.0.0.1
608
#debug_peer_list = some.domain
609
610
# The debugger_command specifies the external command that is executed
611
# when a Postfix daemon program is run with the -D option.
612
#
613
# Use "command .. & sleep 5" so that the debugger can attach before
614
# the process marches on. If you use an X-based debugger, be sure to
615
# set up your XAUTHORITY environment variable before starting Postfix.
616
#
617
debugger_command =
618
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
619
ddd $daemon_directory/$process_name $process_id & sleep 5
620
621
# If you can't use X, use this to capture the call stack when a
622
# daemon crashes. The result is in a file in the configuration
623
# directory, and is named after the process name and the process ID.
624
#
625
# debugger_command =
626
# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
627
# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
628
# >$config_directory/$process_name.$process_id.log & sleep 5
629
#
630
# Another possibility is to run gdb under a detached screen session.
631
# To attach to the screen sesssion, su root and run "screen -r
632
# <id_string>" where <id_string> uniquely matches one of the detached
633
# sessions (from "screen -list").
634
#
635
# debugger_command =
636
# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
637
# -dmS $process_name gdb $daemon_directory/$process_name
638
# $process_id & sleep 1
639
640
# INSTALL-TIME CONFIGURATION INFORMATION
641
#
642
# The following parameters are used when installing a new Postfix version.
643
#
644
# sendmail_path: The full pathname of the Postfix sendmail command.
645
# This is the Sendmail-compatible mail posting interface.
646
#
647
sendmail_path = /usr/sbin/sendmail.postfix
648
649
# newaliases_path: The full pathname of the Postfix newaliases command.
650
# This is the Sendmail-compatible command to build alias databases.
651
#
652
newaliases_path = /usr/bin/newaliases.postfix
653
654
# mailq_path: The full pathname of the Postfix mailq command. This
655
# is the Sendmail-compatible mail queue listing command.
656
#
657
mailq_path = /usr/bin/mailq.postfix
658
659
# setgid_group: The group for mail submission and queue management
660
# commands. This must be a group name with a numerical group ID that
661
# is not shared with other accounts, not even with the Postfix account.
662
#
663
setgid_group = postdrop
664
665
# html_directory: The location of the Postfix HTML documentation.
666
#
667
html_directory = no
668
669
# manpage_directory: The location of the Postfix on-line manual pages.
670
#
671
manpage_directory = /usr/share/man
672
673
# sample_directory: The location of the Postfix sample configuration files.
674
# This parameter is obsolete as of Postfix 2.1.
675
#
676
sample_directory = /usr/share/doc/postfix-2.10.1/samples
677
678
# readme_directory: The location of the Postfix README files.
679
#
680
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
Copied!
To see just customized settings in post fix configuration we use postconf -n command:
1
[[email protected] postfix]# postconf -n
2
alias_database = hash:/etc/aliases
3
alias_maps = hash:/etc/aliases
4
command_directory = /usr/sbin
5
config_directory = /etc/postfix
6
daemon_directory = /usr/libexec/postfix
7
data_directory = /var/lib/postfix
8
debug_peer_level = 2
9
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
10
html_directory = no
11
inet_interfaces = localhost
12
inet_protocols = all
13
mail_owner = postfix
14
mailq_path = /usr/bin/mailq.postfix
15
manpage_directory = /usr/share/man
16
mydestination = $myhostname, localhost.$mydomain, localhost
17
newaliases_path = /usr/bin/newaliases.postfix
18
queue_directory = /var/spool/postfix
19
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
20
sample_directory = /usr/share/doc/postfix-2.10.1/samples
21
sendmail_path = /usr/sbin/sendmail.postfix
22
setgid_group = postdrop
23
unknown_local_recipient_reject_code = 550
Copied!
And if we use postconf without -n then it shows all settings ,even defaults. So if we have made some changes we would use "-n" switches to do more investigation on that.
Lets take a look at most impotant setting of postfix in main.cf file:
myhostname : By default specifies the internet name host name of this mail system, For none public Postfix mail servers(Like what we have here ) by defualt it usesget hostname if it is not set! How ever if we are going to have a publicly available email server or even internally , as long as we have a DNS entry for our Server, we should certainly set what our hostname is with Full Domain:
1
#myhostname = host.domain.tld
2
#myhostname = virtual.domain.tld
3
myhostname = centos7.example.com
Copied!
One of the benefits of setting myhostname and mydomain is that from now on we can easily reffer to it using $myhostname during configuratoin.
mydomain : Set domain name for our email server, The default is to use $myhostname minus the first component:
1
#mydomain = domain.tld
2
mydomain = example.com
Copied!
disable-vrfy-command (might not exist in configurations) It avoid e-mail address mining by doing some things behinde the scenes, that make scanning for e-mail addresses more deficault for thoese systems which are designed to do exactly that. if we are going to configure a publicly available mail server then we should set it to "yes". The default value, even if dose not exist, is "no",( no matter where we put that in configuration file):
1
disable_vrfy_command = no
2
# The default value is "no", no changes was necessary
Copied!
inet_interfaces it determines what interfaces on our server that the postfix process will listen for connections on. by default it is set for "only local host"
But for configuring an internl mail server which provides connectivity for other clients, or if we are going to offer connectivity for internal and external clients, we should set it to "all":
1
# Note: you need to stop/start Postfix when this parameter changes.
2
#
3
#inet_interfaces = all
4
#inet_interfaces = $myhostname
5
#inet_interfaces = $myhostname, localhost
6
inet_interfaces = localhost
7
#no changes has beed made
Copied!
mydestination it is set to "myhostname" by default, and it is a list of all the domain or the systems and host that the postfix accept e-mail for. If we had a plan for accepting e-mails from other domains, or aggregate multiple domains then would list the appropriate host and domains here "," delimited and postfix would accpet mail from each of those domains.
We should also make sure that if we are accepting mail from domains outside of localhost, then we should have mx records for our mail server in our DNS, because many mail servers won't deliver e-mail to the host which dosen't have appropriate mx record for the host that is the authorative responsibilty for a paricular doman.
1
mydestination = $myhostname, localhost.$mydomain, localhost
2
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
3
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
4
# mail.$mydomain, www.$mydomain, ftp.$mydomain
5
#no changes has beed made
Copied!
relay-domains : it canhave multiple values that depends on what we are going to allow ourself to e-mail relay for, we can use $mydestination which previously defined or we ca use full host and domain name that we are going to accept e-mail and then relay e-mail to another domain:
1
#relay_domains = $mydestination
2
#no changes is made
Copied!
relayhost : defines the next connection that we have for SMTP:
1
#relayhost = $mydomain
2
#relayhost = [gateway.my.domain]
3
#relayhost = [mailserver.isp.tld]
4
#relayhost = uucphost
5
#relayhost = [an.ip.add.ress]
6
#no changes has beed made
Copied!
These were settings that we need to know at minimum to setup our postfix configuration for a local host based distribution system for SMTP email.Lets go a head. Unfortunately there isn't any tools for configuration test so we use ordinary things:
1
[[email protected] postfix]# systemctl restart postfix
2
[[email protected] postfix]# systemctl status postfix
3
● postfix.service - Postfix Mail Transport Agent
4
Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
5
Active: active (running) since Mon 2018-05-21 02:04:46 EDT; 15s ago
6
Process: 12585 ExecStop=/usr/sbin/postfix stop (code=exited, status=0/SUCCESS)
7
Process: 12682 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
8
Process: 12678 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
9
Process: 12671 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
10
Main PID: 12763 (master)
11
CGroup: /system.slice/postfix.service
12
├─12763 /usr/libexec/postfix/master -w
13
├─12765 pickup -l -t unix -u
14
└─12766 qmgr -l -t unix -u
15
16
May 21 02:04:45 localhost.localdomain systemd[1]: Starting Postfix Mail Transport A....
17
May 21 02:04:46 localhost.localdomain postfix/master[12763]: daemon started -- versi...
18
May 21 02:04:46 localhost.localdomain systemd[1]: Started Postfix Mail Transport Agent.
19
Hint: Some lines were ellipsized, use -l to show in full.
20
21
[[email protected] postfix]# telnet localhost 25
22
Trying ::1...
23
Connected to localhost.
24
Escape character is '^]'.
25
220 centos7.example.com ESMTP Postfix
26
helo
27
501 Syntax: HELO hostname
28
quit
29
221 2.0.0 Bye
30
Connection closed by foreign host.
Copied!

sendmail emulation layer commands

As we said Sendmail is the oldest MTA, thus any other MTA which has come after SendMail, has tried to keep itself backward compatible with sendmail by providing a sendmail emulation layer. So we can use sendmail commands on the command line regardless of what MTA has been installed in our distrobiution. Two examples of that are mailqand sendmail. mailq is available on most systems to check the mail queue. It is equivalent to sendmail -bp, which works with Postfix too.
1
[[email protected] ~]# sendmail -bp
2
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
3
5A0F861A6DDD 524 Mon May 21 03:45:15 [email protected]
4
(connect to localhost.com[74.125.224.72]:25: Connection refused)
6
7
8C43F61A6DC9 447 Mon May 21 03:46:04 [email protected]
8
(connect to localhost.com[74.125.224.72]:25: Connection refused)
10
11
-- 1 Kbytes in 2 Requests.
Copied!

mail command

Lets send a local e-mail from one user to another:
2
No mail for root
Copied!
1
[[email protected] ~]$ mail -s "hello root!" [email protected]
2
Hi there! I am user1
3
EOT
Copied!
2
Heirloom Mail version 12.5 7/5/10. Type ? for help.
3
"/var/spool/mail/root": 1 message 1 new
4
>N 1 [email protected] Mon May 21 03:57 18/640 "hello root!"
5
& n
6
Message 1:
7
From [email protected] Mon May 21 03:57:19 2018
8
Return-Path: <[email protected]>
9
X-Original-To: [email protected]
10
Delivered-To: [email protected]
11
Date: Mon, 21 May 2018 03:57:19 -0400
12
To: [email protected], ""@root.example.com
13
Subject: hello
14
User-Agent: Heirloom mailx 12.5 7/5/10
15
Content-Type: text/plain; charset=us-ascii
17
Status: R
18
19
Hi there! I am user1
20
21
& r
22
To: ""@root.example.com [email protected]
24
Subject: Re: hello root!
25
27
28
> Hi there! I am user1
29
Hi user! I am root. Thank you :-)
30
EOT
31
& q
32
New mail has arrived.
33
Held 1 message in /var/spool/mail/root
34
You have mail in /var/spool/mail/root
Copied!
some of mail command hot keys are:
1
Mail Command Description
2
------------------------- --------------------------------------------
3
t [message list] type message(s).
4
n goto and type next message.
5
e [message list] edit message(s).
6
f [message list] give head lines of messages.
7
d [message list] delete message(s).
8
s [message list] <file> append message(s) to file.
9
u [message list] undelete message(s).
10
R [message list] reply to message sender(s).
11
r [message list] reply to message sender(s) and all recipients.
12
p [message list] print message list.
13
pre [message list] make messages go back to /var/mail.
14
m <recipient list> mail to specific recipient(s).
15
q quit, saving unresolved messages in mbox.
16
x quit, do not remove system mailbox.
17
h print out active message headers.
18
! shell escape.
19
| [msglist] command pipe message(s) to shell command.
20
pi [msglist] command pipe message(s) to shell command.
21
cd [directory] chdir to directory or home if none given
22
fi <file> switch to file (%=system inbox, %user=user's
23
system inbox). + searches in your folder
24
directory for the file.
25
set variable[=value] set Mail variable.
Copied!

/var/spool/postfix

In this directory postfix does its stuf. Any queued messagesare stored here:
1
[[email protected] ~]# cd /var/spool/postfix/
2
You have new mail in /var/spool/mail/root
3
[[email protected] postfix]# ls -l
4
total 0
5
drwx------. 2 postfix root 6 May 21 04:38 active
6
drwx------. 2 postfix root 6 May 21 04:38 bounce
7
drwx------. 2 postfix root 6 Jun 9 2014 corrupt
8
drwx------. 4 postfix root 24 May 21 03:46 defer
9
drwx------. 4 postfix root 24 May 21 03:46 deferred
10
drwx------. 2 postfix root 6 Jun 9 2014 flush
11
drwx------. 2 postfix root 6 Jun 9 2014 hold
12
drwx------. 2 postfix root 6 May 21 04:38 incoming
13
drwx-wx---. 2 postfix postdrop 6 May 21 04:38 maildrop
14
drwxr-xr-x. 2 root root 133 May 21 03:55 pid
15
drwx------. 2 postfix root 256 May 21 02:04 private
16
drwx--x---. 2 postfix postdrop 73 May 21 02:04 public
17
drwx------. 2 postfix root 6 Jun 9 2014 saved
18
drwx------. 2 postfix root 6 Jun 9 2014 trace
Copied!
You can see large number of directories here. Most of these directories will only have information if postfix configuration is holding e-mail for some reason or if it is waiting to deliver it, otherwise most of these directories(except pid or corrupt) should always remain empty.

/var/spool/mail

Specifies the default mail drop directory. By default all mail is delivered to the /var/spool/mail/<username> file.
1
[[email protected] postfix]# cd ..
2
[[email protected] spool]# cd mail/
3
[[email protected] mail]# pwd
4
/var/spool/mail
5
[[email protected] mail]# ls -l
6
total 20
7
-rw-rw----. 1 pabros mail 0 Oct 28 2017 payam
8
-rw-------. 1 root mail 1268 May 21 04:38 root
9
-rw-rw----. 1 rpc mail 0 Oct 28 2017 rpc
10
-rw-rw----. 1 user1 mail 8564 May 21 04:35 user1
11
-rw-rw----. 1 user2 mail 2563 May 21 04:38 user2
Copied!
when postfix recieve a message, if its going localy then it goes to /var/spool/mail directory on the local system, if it is going to be send it some where else , ( it will exist in /var/spool/postfix directory long enough to send the e-mail out and then it wiil flush and clear the directory once it has been successfully sent.

Logging

Postfix uses the syslog daemon for its logging. When/etc/syslog.confis configured.Lets take a closer look at look at postfix activities :
1
[[email protected] mail]# cd /var/log
3
anaconda firewalld pluto tallylog
4
audit gdm ppp tuned
5
boot.log glusterfs qemu-ga vmware-vgauthsvc.log.0
6
boot.log-20180520 grubby_prune_debug rhsm vmware-vmsvc.log
7
boot.log-20180521 httpd sa wpa_supplicant.log
8
btmp lastlog samba wtmp
9
chrony libvirt secure Xorg.0.log
10
cron maillog secure-20180520 Xorg.0.log.old
11
cron-20180520 maillog-20180520 speech-dispatcher Xorg.9.log
12
cups messages spooler yum.log
13
dmesg messages-20180520 spooler-20180520
14
dmesg.old ntpstats sssd
15
[[email protected] log]# tail maillog
16
May 21 04:38:08 localhost postfix/qmgr[12766]: 9ACDC61278A9: removed
17
May 21 04:39:47 localhost postfix/qmgr[12766]: 5A0F861A6DDD: from=<[email protected]>, size=524, nrcpt=1 (queue active)
18
May 21 04:40:11 localhost postfix/smtp[20507]: connect to localhost.com[74.125.224.72]:25: Connection refused
19
May 21 04:40:11 localhost postfix/smtp[20507]: 5A0F861A6DDD: to=<[email protected]>, relay=none, delay=3296, delays=3272/0/24/0, dsn=4.4.1, status=deferred (connect to localhost.com[74.125.224.72]:25: Connection refused)
20
May 21 21:34:09 localhost postfix/qmgr[12766]: 5A0F861A6DDD: from=<[email protected]>, size=524, nrcpt=1 (queue active)
21
May 21 21:34:09 localhost postfix/qmgr[12766]: 8C43F61A6DC9: from=<[email protected]>, size=447, nrcpt=1 (queue active)
22
May 21 21:34:31 localhost postfix/smtp[21023]: connect to localhost.com[74.125.224.72]:25: Connection refused
23
May 21 21:34:31 localhost postfix/smtp[21023]: 5A0F861A6DDD: to=<[email protected]>, relay=none, delay=64156, delays=64134/0.05/22/0, dsn=4.4.1, status=deferred (connect to localhost.com[74.125.224.72]:25: Connection refused)
24
May 21 21:34:31 localhost postfix/smtp[21024]: connect to localhost.com[74.125.224.72]:25: Connection refused
25
May 21 21:34:31 localhost postfix/smtp[21024]: 8C43F61A6DC9: to=<[email protected]>, relay=none, delay=64107, delays=64085/0.04/22/0, dsn=4.4.1, status=deferred (connect to localhost.com[74.125.224.72]:25: Connection refused)
Copied!

email aliases

email aliases are desgined for e-mail system to take an e-mail that is for one destination address, and then send it to a different one. Literally an alias for different name.

/etc/aliases

Used to redirect mail for local recepients.
1
[[email protected] log]# cat /etc/aliases
2
#
3
# Aliases in this file will NOT be expanded in the header from
4
# Mail, but WILL be visible over networks or from /bin/mail.
5
#
6
# >>>>>>>>>> The program "newaliases" must be run after
7
# >> NOTE >> this file is updated for any changes to
8
# >>>>>>>>>> show through to sendmail.
9
#
10
11
# Basic system aliases -- these MUST be present.
12
mailer-daemon: postmaster
13
postmaster: root
14
15
# General redirections for pseudo accounts.
16
bin: root
17
daemon: root
18
adm: root
19
lp: root
20
sync: root
21
shutdown: root
22
halt: root
23
mail: root
24
news: root
25
uucp: root
26
operator: root
27
games: root
28
gopher: root
29
ftp: root
30
nobody: root
31
radiusd: root
32
nut: root
33
dbus: root
34
vcsa: root
35
canna: root
36
wnn: root
37
rpm: root
38
nscd: root
39
pcap: root
40
apache: root
41
webalizer: root
42
dovecot: root
43
fax: root
44
quagga: root
45
radvd: root
46
pvm: root
47
amandabackup: root
48
privoxy: root
49
ident: root
50
named: root
51
xfs: root
52
gdm: root
53
mailnull: root
54
postgres: root
55
sshd: root
56
smmsp: root
57
postfix: root
58
netdump: root
59
ldap: root
60
squid: root
61
ntp: root
62
mysql: root
63
desktop: root
64
rpcuser: root
65
rpc: root
66
nfsnobody: root
67
68
ingres: root
69
system: root
70
toor: root
71
manager: root
72
dumper: root
73
abuse: root
74
75
newsadm: news
76
newsadmin: news
77
usenet: news
78
ftpadm: ftp
79
ftpadmin: ftp
80
ftp-adm: ftp
81
ftp-admin: ftp
82
www: webmaster
83
webmaster: root
84
noc: root
85
security: root
86
hostmaster: root
87
info: postmaster
88
marketing: postmaster
89
sales: postmaster
90
support: postmaster
91
92
93
# trap decode to catch security attacks
94
decode: root
95
96
# Person who should get root's mail
97
#root: marc
98
99
###Add a user alias for our system
100
user3: root
Copied!
Each line of /etc/aliases has the format of alias: user. Two system aliases must always be present: mailer_daemon: postmaster and postmaster: root. We can use aliases for all kind of daemons, for example use ntp: root. Now we can add a line to redirect all mail to root to a specific user or group of administrators, for example user3: root. So although we dont have any "user3" in our system, but if an e-mail is sent to user3 it would not be rejected.

newaliases

After any changes in /etc/aliases we need to re-create binary file aliases.db . For that we stop postfix service, use newaliases command to re-create aliases.db and then start the postfix service again:
1
[[email protected] ~]# cat /etc/passwd | grep user3
2
[[email protected] ~]# systemctl stop postfix.service
3
[[email protected] ~]# ls -la /etc/aliases.db
4
-rw-r--r--. 1 root root 12288 Oct 28 2017 /etc/aliases.db
5
[[email protected] ~]# newaliases
6
[[email protected] ~]# ls -la /etc/aliases.db
7
-rw-r--r--. 1 root root 12288 May 21 23:13 /etc/aliases.db
8
[[email protected] ~]# systemctl start postfix
Copied!
Now lets send an e-mail to user3:
1
[[email protected] ~]$ mail -s "From user1 to user3" [email protected]
2
Hi my dear friend are you there?
3
.
4
EOT
Copied!
1
[[email protected] ~]# whoami
2
root
3
You have mail in /var/spool/mail/root
5
Heirloom Mail version 12.5 7/5/10. Type ? for help.
6
"/var/spool/mail/root": 1 message 1 new
7
>N 1 [email protected] Mon May 21 23:27 18/648 "From user1 to user3"
8
& r
10
Subject: Re: From user1 to user3
11
13
14
> Hi my dear friend are you there?
Copied!
2
Heirloom Mail version 12.5 7/5/10. Type ? for help.
3
"/var/spool/mail/user1": 11 messages 11 new
4
>N 1 root Mon May 21 23:31 24/871 "Re: From user1 to user3"
5
& 1
6
Message 1:
7
From [email protected] Mon May 21 23:31:19 2018
8
Return-Path: <[email protected]>
9
X-Original-To: [email protected]
10
Delivered-To: [email protected]
11
Date: Mon, 21 May 2018 23:31:19 -0400
13
Subject: Re: From user1 to user3
14
User-Agent: Heirloom mailx 12.5 7/5/10
15
Content-Type: text/plain; charset=us-ascii
16
From: [email protected] (root)
17
Status: R
18
20
21
> Hi my dera friend are you there?
22
r
23
HA HA HA i am root!
Copied!

virtual

virtual is similar to aliases but it is used to redirect e-mail to the virtual destinations. It is common in multiple domain e-mail implementations. Like aliases we provied a list of an e-mail address that goes to something else.
In our case as we are not doing any relays, we are not configuring for any domains, there is nothing for us to really test here, other than being aware of this particular setting allow us to control e-mail for other domains especially in a multi domain systems or seperate servers.
For demonstration we just show how it would be:
Try cat /etc/postfix/virtual . It has all kinds of rules that we can apply .
For example we can add these two items at the bottom of /etc/postfix/virtual file(stop postfix service before that):
Like aliases we would need to convert it to binary files using postmap command:
1
[[email protected] ~]# postmap /etc/postfix/virtual
Copied!
Next we need to set aliasvirtualmaps in main.cf configuration file:
1
### if have plan to use virtual feature add:
2
#virtual_alias_map = unix:hash:/etc/postfix/virtual
Copied!
and do not forget to start postfix service . try tail /var/log/maillog to find out what is going on after setting up virtuals.
That was some of most important postfix files and configurations!
Last modified 2yr ago