xref: /netbsd-src/external/ibm-public/postfix/dist/html/STANDARD_CONFIGURATION_README.html (revision b1c86f5f087524e68db12794ee9c3e3da1ab17a0) 
1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
2        "http://www.w3.org/TR/html4/loose.dtd">
3
4<html>
5
6<head>
7
8<title>Postfix Standard Configuration Examples</title>
9
10<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
11
12</head>
13
14<body>
15
16<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Standard Configuration Examples</h1>
17
18<hr>
19
20<h2>Purpose of this document</h2>
21
22<p> This document presents a number of typical Postfix configurations.
23This document should be reviewed after you have followed the basic
24configuration steps as described in the <a href="BASIC_CONFIGURATION_README.html">BASIC_CONFIGURATION_README</a>
25document. In particular, do not proceed here if you don't already
26have Postfix working for local mail submission and for local mail
27delivery. </p>
28
29<p> The first part of this document presents standard configurations
30that each solve one specific problem. </p>
31
32<ul>
33
34<li><a href="#stand_alone">Postfix on a stand-alone Internet host</a>
35
36<li><a href="#null_client">Postfix on a null client</a>
37
38<li><a href="#local_network">Postfix on a local network</a>
39
40<li><a href="#firewall">Postfix email firewall/gateway</a>
41
42</ul>
43
44<p> The second part of this document presents additional configurations
45for hosts in specific environments. </p>
46
47<ul>
48
49<li><a href="#some_local">Delivering some but not all accounts locally</a>
50
51<li><a href="#intranet">Running Postfix behind a firewall</a>
52
53<li><a href="#backup">Configuring Postfix as primary or backup MX host for a remote
54site</a>
55
56<li><a href="#dialup">Postfix on a dialup machine</a>
57
58<li><a href="#fantasy">Postfix on hosts without a real
59Internet hostname</a>
60
61</ul>
62
63<h2><a name="stand_alone">Postfix on a stand-alone Internet host</a></h2>
64
65<p> Postfix should work out of the box without change on a stand-alone
66machine that has direct Internet access.  At least, that is how
67Postfix installs when you download the Postfix source code via
68<a href="http://www.postfix.org/">http://www.postfix.org/</a>. </p>
69
70<p> You can use the command "<b>postconf -n</b>" to find out what
71settings are overruled by your <a href="postconf.5.html">main.cf</a>. Besides a few pathname
72settings, few parameters should be set on a stand-alone box, beyond
73what is covered in the <a href="BASIC_CONFIGURATION_README.html">BASIC_CONFIGURATION_README</a> document: </p>
74
75<blockquote>
76<pre>
77/etc/postfix/<a href="postconf.5.html">main.cf</a>:
78    # Optional: send mail as user@domainname instead of user@hostname.
79    #<a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
80
81    # Optional: specify NAT/proxy external address.
82    #<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> = 1.2.3.4
83
84    # Alternative 1: don't relay mail from other hosts.
85    <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = host
86    <a href="postconf.5.html#relay_domains">relay_domains</a> =
87
88    # Alternative 2: relay mail from local clients only.
89    # <a href="postconf.5.html#mynetworks">mynetworks</a> = 192.168.1.0/28
90    # <a href="postconf.5.html#relay_domains">relay_domains</a> =
91</pre>
92</blockquote>
93
94<p> See also the section "<a href="#fantasy">Postfix on hosts without
95a real Internet hostname</a>" if this is applicable to your configuration.
96</p>
97
98<h2><a name="null_client">Postfix on a null client</a></h2>
99
100<p> A null client is a machine that can only send mail. It receives no
101mail from the network, and it does not deliver any mail locally. A
102null client typically uses POP, IMAP or NFS for mailbox access. </p>
103
104<p> In this example we assume that the Internet domain name is
105"example.com" and that the machine is named "nullclient.example.com".
106As usual, the examples show only parameters that are not left at
107their default settings. </p>
108
109<blockquote>
110<pre>
1111 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
1122     <a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
1133     <a href="postconf.5.html#relayhost">relayhost</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
1144     <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only
1155     <a href="postconf.5.html#local_transport">local_transport</a> = <a href="error.8.html">error</a>:local delivery is disabled
1166
1177 /etc/postfix/<a href="master.5.html">master.cf</a>:
1188     Comment out the local delivery agent entry
119</pre>
120</blockquote>
121
122<p> Translation: </p>
123
124<ul>
125
126<li> <p> Line 2: Send mail as "user@example.com" (instead of
127"user@nullclient.example.com"), so that nothing ever has a reason
128to send mail to "user@nullclient.example.com". </p>
129
130<li> <p> Line 3: Forward all mail to the mail server that is
131responsible for the "example.com" domain. This prevents mail from
132getting stuck on the null client if it is turned off while some
133remote destination is unreachable. </p>
134
135<li> <p> Line 4: Do not accept mail from the network. </p>
136
137<li> <p> Lines 5-8: Disable local mail delivery. All mail goes to
138the mail server as specified in line 3.  </p>
139
140</ul>
141
142<h2><a name="local_network">Postfix on a local network</a></h2>
143
144<p> This section describes a local area network environment of one
145main server and multiple other systems that send and receive email.
146As usual we assume that the Internet domain name is "example.com".
147All systems are configured to send mail as "user@example.com", and
148all systems receive mail for "user@hostname.example.com".  The main
149server also receives mail for "user@example.com". We call this
150machine by the name of mailhost.example.com. </p>
151
152<p> A drawback of sending mail as "user@example.com" is that mail
153for "root" and other system accounts is also sent to the central
154mailhost. See the section "<a href="#some_local">Delivering some
155but not all accounts locally</a>" below for possible solutions.
156</p>
157
158<p> As usual, the examples show only parameters that are not left
159at their default settings. </p>
160
161<p> First we present the non-mailhost configuration, because it is
162the simpler one. This machine sends mail as "user@example.com" and
163is final destination for "user@hostname.example.com". </p>
164
165<blockquote>
166<pre>
1671 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
1682     <a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
1693     <a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 10.0.0.0/24
1704     <a href="postconf.5.html#relay_domains">relay_domains</a> =
1715     # Optional: forward all non-local mail to mailhost
1726     #<a href="postconf.5.html#relayhost">relayhost</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
173</pre>
174</blockquote>
175
176<p> Translation: </p>
177
178<ul>
179
180<li> <p> Line 2: Send mail as "user@example.com". </p>
181
182<li> <p> Line 3: Specify the trusted networks. </p>
183
184<li> <p> Line 4: This host does not relay mail from untrusted networks. </p>
185
186<li> <p> Line 6: This is needed if no direct Internet access is
187available.  See also below, "<a href="#firewall">Postfix behind
188a firewall</a>". </p>
189
190</ul>
191
192<p> Next we present the mailhost configuration.  This machine sends
193mail as "user@example.com" and is final destination for
194"user@hostname.example.com" as well as "user@example.com". </p>
195
196<blockquote>
197<pre>
198 1 DNS:
199 2     example.com    IN    MX  10 mailhost.example.com.
200 3
201 4 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
202 5     <a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
203 6     <a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a> localhost.$<a href="postconf.5.html#mydomain">mydomain</a> localhost $<a href="postconf.5.html#mydomain">mydomain</a>
204 7     <a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 10.0.0.0/24
205 8     <a href="postconf.5.html#relay_domains">relay_domains</a> =
206 9     # Optional: forward all non-local mail to firewall
20710     #<a href="postconf.5.html#relayhost">relayhost</a> = [firewall.example.com]
208</pre>
209</blockquote>
210
211<p> Translation: </p>
212
213<ul>
214
215<li> <p> Line 2: Send mail for the domain "example.com" to the
216machine mailhost.example.com.  Remember to specify the "." at the
217end of the line. </p>
218
219<li> <p> Line 5: Send mail as "user@example.com". </p>
220
221<li> <p> Line 6: This host is the final mail destination for the
222"example.com" domain, in addition to the names of the machine
223itself. </p>
224
225<li> <p> Line 7: Specify the trusted networks. </p>
226
227<li> <p> Line 8: This host does not relay mail from untrusted networks. </p>
228
229<li> <p> Line 10: This is needed only when the mailhost has to
230forward non-local mail via a mail server on a firewall.  The
231<tt>[]</tt> forces Postfix to do no MX record lookups. </p>
232
233</ul>
234
235<p> In an environment like this, users access their mailbox in one
236or more of the following ways:
237
238<ul>
239
240<li> <p> Mailbox access via NFS or equivalent.  </p>
241
242<li> <p> Mailbox access via POP or IMAP. </p>
243
244<li> <p> Mailbox on the user's preferred machine. </p>
245
246</ul>
247
248<p> In the latter case, each user has an alias on the mailhost that
249forwards mail to her preferred machine: </p>
250
251<blockquote>
252<pre>
253/etc/aliases:
254    joe:    joe@joes.preferred.machine
255    jane:   jane@janes.preferred.machine
256</pre>
257</blockquote>
258
259<p> On some systems the alias database is not in /etc/aliases.  To
260find out the location for your system, execute the command "<b>postconf
261<a href="postconf.5.html#alias_maps">alias_maps</a></b>". </p>
262
263<p> Execute the command "<b>newaliases</b>" whenever you change
264the aliases file.  </p>
265
266<h2><a name="firewall">Postfix email firewall/gateway</a></h2>
267
268<p> The idea is to set up a Postfix email firewall/gateway that
269forwards mail for "example.com" to an inside gateway machine but
270rejects mail for "anything.example.com". There is only one problem:
271with "<a href="postconf.5.html#relay_domains">relay_domains</a> = example.com", the firewall normally also
272accepts mail for "anything.example.com".  That would not be right.
273</p>
274
275<p> Note: this example requires Postfix version 2.0 and later. To find
276out what Postfix version you have, execute the command "<b>postconf
277<a href="postconf.5.html#mail_version">mail_version</a></b>". </p>
278
279<p> The solution is presented in multiple parts. This first part
280gets rid of local mail delivery on the firewall, making the firewall
281harder to break. </p>
282
283<blockquote>
284<pre>
2851 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
2862     <a href="postconf.5.html#myorigin">myorigin</a> = example.com
2873     <a href="postconf.5.html#mydestination">mydestination</a> =
2884     <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
2895     <a href="postconf.5.html#local_transport">local_transport</a> = <a href="error.8.html">error</a>:local mail delivery is disabled
2906
2917 /etc/postfix/<a href="master.5.html">master.cf</a>:
2928     Comment out the local delivery agent
293</pre>
294</blockquote>
295
296<p> Translation: </p>
297
298<ul>
299
300<li> <p> Line 2: Send mail from this machine as "user@example.com",
301so that no reason exists to send mail to "user@firewall.example.com".
302</p>
303
304<li> <p> Lines 3-8: Disable local mail delivery on the firewall
305machine. </p>
306
307</ul>
308
309<p> For the sake of technical correctness the firewall must be able
310to receive mail for postmaster@[firewall ip address]. Reportedly,
311some things actually expect this ability to exist. The second part
312of the solution therefore adds support for postmaster@[firewall ip
313address], and as a bonus we do abuse@[firewall ip address] as well.
314All the mail to these two accounts is forwarded to an inside address.
315</p>
316
317<blockquote>
318<pre>
3191 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
3202     <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = hash:/etc/postfix/virtual
3213
3224 /etc/postfix/virtual:
3235     postmaster      postmaster@example.com
3246     abuse           abuse@example.com
325</pre>
326</blockquote>
327
328<p> Translation: </p>
329
330<ul>
331
332<li> <p> Because <a href="postconf.5.html#mydestination">mydestination</a> is empty (see the previous example),
333only address literals matching $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>
334are deemed local.  So "localpart@[a.d.d.r]" can be matched as simply
335"localpart" in <a href="canonical.5.html">canonical(5)</a> and <a href="virtual.5.html">virtual(5)</a>. This avoids the need to
336specify firewall IP addresses into Postfix configuration files. </p>
337
338</ul>
339
340<p> The last part of the solution does the email forwarding, which
341is the real purpose of the firewall email function. </p>
342
343<blockquote>
344<pre>
345 1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
346 2     <a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 12.34.56.0/24
347 3     <a href="postconf.5.html#relay_domains">relay_domains</a> = example.com
348 4     <a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> =
349 5         <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> smtpd_access_maps
350 6     <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
351 7         <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
352 8
353 9     <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> = hash:/etc/postfix/relay_recipients
35410     <a href="postconf.5.html#transport_maps">transport_maps</a> = hash:/etc/postfix/transport
35511
35612 /etc/postfix/relay_recipients:
35713     user1@example.com   x
35814     user2@example.com   x
35915      . . .
36016
36117 /etc/postfix/transport:
36218     example.com   <a href="smtp.8.html">smtp</a>:[inside-gateway.example.com]
363</pre>
364</blockquote>
365
366<p> Translation: </p>
367
368<ul>
369
370<li><p> Lines 1-7: Accept mail from local systems in $<a href="postconf.5.html#mynetworks">mynetworks</a>,
371and accept mail from outside for "user@example.com" but not for
372"user@anything.example.com". The magic is in lines 4-5. </p>
373
374<li> <p> Lines 9, 12-14: Define the list of valid addresses in the
375"example.com" domain that can receive mail from the Internet. This
376prevents the mail queue from filling up with undeliverable
377MAILER-DAEMON messages. If you can't maintain a list of valid
378recipients then you must specify "<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> =" (that
379is, an empty value), or you must specify an "@example.com  x"
380wild-card in the relay_recipients table. </p>
381
382<li> <p> Lines 10, 17-18: Route mail for "example.com" to the inside
383gateway machine. The <tt>[]</tt> forces Postfix to do no MX lookup.
384</p>
385
386</ul>
387
388<p>Specify <b>dbm</b> instead of <b>hash</b> if your system uses
389<b>dbm</b> files instead of <b>db</b> files. To find out what lookup
390tables Postfix supports, use the command "<b>postconf -m</b>".  </p>
391
392<p> Execute the command "<b>postmap /etc/postfix/relay_recipients</b>"
393whenever you change the relay_recipients table. </p>
394
395<p> Execute the command "<b>postmap /etc/postfix/transport</b>"
396whenever you change the transport table. </p>
397
398<p> In some installations, there may be separate instances of Postfix
399processing inbound and outbound mail on a multi-homed firewall. The
400inbound Postfix instance has an SMTP server listening on the external
401firewall interface, and the outbound Postfix instance has an SMTP server
402listening on the internal interface. In such a configuration is it is
403tempting to configure $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> in each instance with just the
404corresponding interface address. </p>
405
406<p> In most cases, using <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> in this way will not work,
407because as documented in the $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> reference manual, the
408<a href="smtp.8.html">smtp(8)</a> delivery agent will also use the specified interface address
409as the source address for outbound connections and will be unable to
410reach hosts on "the other side" of the firewall. The symptoms are that
411the firewall is unable to connect to hosts that are in fact up. See the
412<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> parameter documentation for suggested work-arounds.</p>
413
414<h2><a name="some_local">Delivering some but not all accounts
415locally</a></h2>
416
417<p> A drawback of sending mail as "user@example.com" (instead of
418"user@hostname.example.com") is that mail for "root" and other
419system accounts is also sent to the central mailhost.  In order to
420deliver such accounts locally, you can set up virtual aliases as
421follows:  </p>
422
423<blockquote>
424<pre>
4251 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
4262     <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = hash:/etc/postfix/virtual
4273
4284 /etc/postfix/virtual:
4295     root     root@localhost
4306     . . .
431</pre>
432</blockquote>
433
434<p> Translation: </p>
435
436<ul>
437
438<li> <p> Line 5: As described in the <a href="virtual.5.html">virtual(5)</a> manual page, the
439bare name "root" matches "root@site" when "site" is equal to
440$<a href="postconf.5.html#myorigin">myorigin</a>, when "site" is listed in $<a href="postconf.5.html#mydestination">mydestination</a>, or when it
441matches $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. </p>
442
443</ul>
444
445<p> Execute the command "<b>postmap /etc/postfix/virtual</b>" after
446editing the file. </p>.
447
448<h2><a name="intranet">Running Postfix behind a firewall</a></h2>
449
450<p> The simplest way to set up Postfix on a host behind a firewalled
451network is to send all mail to a gateway host, and to let that mail
452host take care of internal and external forwarding. Examples of that
453are shown in the <a href="#local_network">local area network</a>
454section above. A more sophisticated approach is to send only external
455mail to the gateway host, and to send intranet mail directly.
456That's what Wietse does at work.  </p>
457
458<p> Note: this example requires Postfix version 2.0 and later. To find
459out what Postfix version you have, execute the command "<b>postconf
460<a href="postconf.5.html#mail_version">mail_version</a></b>". </p>
461
462<p> The following example presents additional configuration. You
463need to combine this with basic configuration information as
464discussed the first half of this document. </p>
465
466<blockquote>
467<pre>
468 1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
469 2     <a href="postconf.5.html#transport_maps">transport_maps</a> = hash:/etc/postfix/transport
470 3     <a href="postconf.5.html#relayhost">relayhost</a> =
471 4     # Optional for a machine that isn't "always on"
472 5     #<a href="postconf.5.html#fallback_relay">fallback_relay</a> = [gateway.example.com]
473 6
474 7 /etc/postfix/transport:
475 8     # Internal delivery.
476 9     example.com      :
47710     .example.com     :
47811     # External delivery.
47912     *                <a href="smtp.8.html">smtp</a>:[gateway.example.com]
480</pre>
481</blockquote>
482
483<p> Translation: </p>
484
485<ul>
486
487<li> <p> Lines 2, 7-12: Request that intranet mail is delivered
488directly, and that external mail is given to a gateway. Obviously,
489this example assumes that the organization uses DNS MX records
490internally.  The <tt>[]</tt> forces Postfix to do no MX lookup.
491</p>
492
493<li> <p> Line 3: IMPORTANT: do not specify a <a href="postconf.5.html#relayhost">relayhost</a> in <a href="postconf.5.html">main.cf</a>.
494</p>
495
496<li> <p> Line 5: This prevents mail from being stuck in the queue
497when the machine is turned off.  Postfix tries to deliver mail
498directly, and gives undeliverable mail to a gateway.  </p>
499
500</ul>
501
502<p> Specify <b>dbm</b> instead of <b>hash</b> if your system uses
503<b>dbm</b> files instead of <b>db</b> files. To find out what lookup
504tables Postfix supports, use the command "<b>postconf -m</b>". </p>
505
506<p> Execute the command "<b>postmap /etc/postfix/transport</b>" whenever
507you edit the transport table. </p>
508
509<h2><a name="backup">Configuring Postfix as primary or backup MX host for a remote site</a></h2>
510
511<p> This section presents additional configuration. You need to
512combine this with basic configuration information as discussed the
513first half of this document. </p>
514
515<p> When your system is SECONDARY MX host for a remote site this
516is all you need: </p>
517
518<blockquote>
519<pre>
520 1 DNS:
521 2     the.backed-up.domain.tld        IN      MX 100 your.machine.tld.
522 3
523 4 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
524 5     <a href="postconf.5.html#relay_domains">relay_domains</a> = . . . the.backed-up.domain.tld
525 6     <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
526 7         <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
527 8
528 9     # You must specify your NAT/proxy external address.
52910     #<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> = 1.2.3.4
53011
53112     <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> = hash:/etc/postfix/relay_recipients
53213
53314 /etc/postfix/relay_recipients:
53415     user1@the.backed-up.domain.tld   x
53516     user2@the.backed-up.domain.tld   x
53617      . . .
537</pre>
538</blockquote>
539
540<p> When your system is PRIMARY MX host for a remote site you
541need the above, plus: </p>
542
543<blockquote>
544<pre>
54518 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
54619     <a href="postconf.5.html#transport_maps">transport_maps</a> = hash:/etc/postfix/transport
54720
54821 /etc/postfix/transport:
54922     the.backed-up.domain.tld       relay:[their.mail.host.tld]
550</pre>
551</blockquote>
552
553<p> Important notes:
554
555<ul>
556
557<li><p>Do not list the.backed-up.domain.tld in <a href="postconf.5.html#mydestination">mydestination</a>.</p>
558
559<li><p>Do not list the.backed-up.domain.tld in <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>.</p>
560
561<li><p>Do not list the.backed-up.domain.tld in <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.</p>
562
563<li> <p> Lines 1-7: Forward mail from the Internet for
564"the.backed-up.domain.tld" to the primary MX host for that domain.
565</p>
566
567<li> <p> Line 10: This is a must if Postfix receives mail via a
568NAT relay or proxy that presents a different IP address to the
569world than the local machine. </p>
570
571<li> <p> Lines 12-16: Define the list of valid addresses in the
572"the.backed-up.domain.tld" domain.  This prevents your mail queue
573from filling up with undeliverable MAILER-DAEMON messages. If you
574can't maintain a list of valid recipients then you must specify
575"<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> =" (that is, an empty value), or you must
576specify an "@the.backed-up.domain.tld  x" wild-card in the
577relay_recipients table. </p>
578
579<li> <p> Line 22: The <tt>[]</tt> forces Postfix to do no MX lookup. </p>
580
581</ul>
582
583<p> Specify <b>dbm</b> instead of <b>hash</b> if your system uses
584<b>dbm</b> files instead of <b>db</b> files. To find out what lookup
585tables Postfix supports, use the command "<b>postconf -m</b>". </p>
586
587<p> Execute the command "<b>postmap /etc/postfix/transport</b>"
588whenever you change the transport table. </p>
589
590<p> NOTE for Postfix &lt; 2.2: Do not use the <a href="postconf.5.html#fallback_relay">fallback_relay</a> feature
591when relaying mail
592for a backup or primary MX domain. Mail would loop between the
593Postfix MX host and the <a href="postconf.5.html#fallback_relay">fallback_relay</a> host when the final destination
594is unavailable. </p>
595
596<ul>
597
598<li> In <a href="postconf.5.html">main.cf</a> specify "<tt><a href="postconf.5.html#relay_transport">relay_transport</a> = relay</tt>",
599
600<li> In <a href="master.5.html">master.cf</a> specify "<tt>-o <a href="postconf.5.html#fallback_relay">fallback_relay</a> =</tt>" at the
601end of the <tt>relay</tt> entry.
602
603<li> In transport maps, specify "<tt>relay:<i>nexthop...</i></tt>"
604as the right-hand side for backup or primary MX domain entries.
605
606</ul>
607
608<p> These are default settings in Postfix version 2.2 and later.
609</p>
610
611<h2><a name="dialup">Postfix on a dialup machine</a></h2>
612
613<p> This section applies to dialup connections that are down most
614of the time. For dialup connections that are up 24x7, see the <a
615href="#local_network">local area network</a> section above.  </p>
616
617<p> This section presents additional configuration. You need to
618combine this with basic configuration information as discussed the
619first half of this document. </p>
620
621<p> If you do not have your own hostname and IP address (usually
622with dialup, cable TV or DSL connections) then you should also
623study the section on "<a href="#fantasy">Postfix on hosts without
624a real Internet hostname</a>".  </p>
625
626<ul>
627
628<li> Route all outgoing mail to your network provider.
629
630<p> If your machine is disconnected most of the time, there isn't
631a lot of opportunity for Postfix to deliver mail to hard-to-reach
632corners of the Internet. It's better to give the mail to a machine
633that is connected all the time. In the example below, the <tt>[]</tt>
634prevents Postfix from trying to look up DNS MX records.  </p>
635
636<pre>
637/etc/postfix/<a href="postconf.5.html">main.cf</a>:
638    <a href="postconf.5.html#relayhost">relayhost</a> = [smtprelay.someprovider.com]
639</pre>
640
641<li> <p><a name="spontaneous_smtp">Disable spontaneous SMTP mail
642delivery (if using on-demand dialup IP only).</a> </p>
643
644<p> Normally, Postfix attempts to deliver outbound mail at its convenience.
645If your machine uses on-demand dialup IP, this causes your system
646to place a telephone call whenever you submit new mail, and whenever
647Postfix retries to deliver delayed mail. To prevent such telephone
648calls from being placed, disable spontaneous SMTP mail deliveries. </p>
649
650<pre>
651/etc/postfix/<a href="postconf.5.html">main.cf</a>:
652    <a href="postconf.5.html#defer_transports">defer_transports</a> = smtp (Only for on-demand dialup IP hosts)
653</pre>
654
655<li> <p>Disable SMTP client DNS lookups (dialup LAN only).</p>
656
657<pre>
658/etc/postfix/<a href="postconf.5.html">main.cf</a>:
659    <a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> = yes (Only for on-demand dialup IP hosts)
660</pre>
661
662<li> Flush the mail queue whenever the Internet link is established.
663
664<p> Put the following command into your PPP or SLIP dialup scripts: </p>
665
666<pre>
667/usr/sbin/sendmail -q (whenever the Internet link is up)
668</pre>
669
670<p> The exact location of the Postfix sendmail command is system-specific.
671Use the command "<b>postconf <a href="postconf.5.html#sendmail_path">sendmail_path</a></b>" to find out where the
672Postfix sendmail command is located on your machine. </p>
673
674<p> In order to find out if the mail queue is flushed, use something
675like: </p>
676
677<pre>
678#!/bin/sh
679
680# Start mail deliveries.
681/usr/sbin/sendmail -q
682
683# Allow deliveries to start.
684sleep 10
685
686# Loop until all messages have been tried at least once.
687while mailq | grep '^[^ ]*\*' &gt;/dev/null
688do
689    sleep 10
690done
691</pre>
692
693<p> If you have disabled <a href="#spontaneous_smtp">spontaneous
694SMTP mail delivery</a>, you also need to run the "<b>sendmail -q</b>"
695command every now and then while the dialup link is up, so that
696newly-posted mail is flushed from the queue. </p>
697
698</ul>
699
700<h2><a name="fantasy">Postfix on hosts without a real Internet
701hostname</a></h2>
702
703<p> This section is for hosts that don't have their own Internet
704hostname.  Typically these are systems that get a dynamic IP address
705via DHCP or via dialup. Postfix will let you send and receive mail
706just fine between accounts on a machine with a fantasy name. However,
707you cannot use a fantasy hostname in your email address when sending
708mail into the Internet, because no-one would be able to reply to
709your mail. In fact, more and more sites refuse mail addresses with
710non-existent domain names. </p>
711
712<p> Note: the following information is Postfix version dependent.
713To find out what Postfix version you have, execute the command
714"<b>postconf <a href="postconf.5.html#mail_version">mail_version</a></b>". </p>
715
716<h3>Solution 1: Postfix version 2.2 and later </h3>
717
718<p> Postfix 2.2 uses the <a href="generic.5.html">generic(5)</a> address mapping to replace
719local fantasy email addresses by valid Internet addresses.  This
720mapping happens ONLY when mail leaves the machine; not when you
721send mail between users on the same machine. </p>
722
723<p> The following example presents additional configuration. You
724need to combine this with basic configuration information as
725discussed the first half of this document. </p>
726
727<blockquote>
728<pre>
7291 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
7302     <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> = hash:/etc/postfix/generic
7313
7324 /etc/postfix/generic:
7335     his@localdomain.local             hisaccount@hisisp.example
7346     her@localdomain.local             heraccount@herisp.example
7357     @localdomain.local                hisaccount+local@hisisp.example
736</pre>
737</blockquote>
738
739<p> When mail is sent to a remote host via SMTP: </p>
740
741<ul>
742
743<li> <p> Line 5 replaces <i>his@localdomain.local</i> by his ISP
744mail address, </p>
745
746<li> <p> Line 6 replaces <i>her@localdomain.local</i> by her ISP
747mail address, and </p>
748
749<li> <p> Line 7 replaces other local addresses by his ISP account,
750with an address extension of +<i>local</i> (this example assumes
751that the ISP supports "+" style address extensions). </p>
752
753</ul>
754
755<p>Specify <b>dbm</b> instead of <b>hash</b> if your system uses
756<b>dbm</b> files instead of <b>db</b> files. To find out what lookup
757tables Postfix supports, use the command "<b>postconf -m</b>".  </p>
758
759<p> Execute the command "<b>postmap /etc/postfix/generic</b>"
760whenever you change the generic table. </p>
761
762<h3>Solution 2: Postfix version 2.1 and earlier </h3>
763
764<p> The solution with older Postfix systems is to use valid
765Internet addresses where possible, and to let Postfix map valid
766Internet addresses to local fantasy addresses. With this, you can
767send mail to the Internet and to local fantasy addresses, including
768mail to local fantasy addresses that don't have a valid Internet
769address of their own.</p>
770
771<p> The following example presents additional configuration. You
772need to combine this with basic configuration information as
773discussed the first half of this document. </p>
774
775<blockquote>
776<pre>
777 1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
778 2     <a href="postconf.5.html#myhostname">myhostname</a> = hostname.localdomain
779 3     <a href="postconf.5.html#mydomain">mydomain</a> = localdomain
780 4
781 5     <a href="postconf.5.html#canonical_maps">canonical_maps</a> = hash:/etc/postfix/canonical
782 6
783 7     <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = hash:/etc/postfix/virtual
784 8
785 9 /etc/postfix/canonical:
78610     your-login-name    your-account@your-isp.com
78711
78812 /etc/postfix/virtual:
78913     your-account@your-isp.com       your-login-name
790</pre>
791</blockquote>
792
793<p> Translation: </p>
794
795<ul>
796
797<li> <p> Lines 2-3: Substitute your fantasy hostname here. Do not
798use a domain name that is already in use by real organizations
799on the Internet. See <a href="http://tools.ietf.org/html/rfc2606">RFC 2606</a> for examples of domain
800names that are guaranteed not to be owned by anyone. </p>
801
802<li> <p> Lines 5, 9, 10: This provides the mapping from
803"your-login-name@hostname.localdomain" to "your-account@your-isp.com".
804This part is required. </p>
805
806<li> <p> Lines 7, 12, 13: Deliver mail for "your-account@your-isp.com"
807locally, instead of sending it to the ISP. This part is not required
808but is convenient.
809
810</ul>
811
812<p>Specify <b>dbm</b> instead of <b>hash</b> if your system uses
813<b>dbm</b> files instead of <b>db</b> files. To find out what lookup
814tables Postfix supports, use the command "<b>postconf -m</b>".  </p>
815
816<p> Execute the command "<b>postmap /etc/postfix/canonical</b>"
817whenever you change the canonical table. </p>
818
819<p> Execute the command "<b>postmap /etc/postfix/virtual</b>"
820whenever you change the virtual table. </p>
821
822</body>
823
824</html>
825