xref: /netbsd-src/external/ibm-public/postfix/dist/proto/INSTALL.html (revision af56d1fe9956bd7c616e18c1b7f025f464618471)
1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
2        "http://www.w3.org/TR/html4/loose.dtd">
3
4<html>
5
6<head>
7
8<title>Postfix Installation From Source Code </title>
9
10<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
11
12</head>
13
14<body>
15
16<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
17Installation From Source Code </h1>
18
19<hr>
20
21<h2> <a name="1">1 - Purpose of this document</a> </h2>
22
23<p> If you are using a pre-compiled version of Postfix, you should
24start with BASIC_CONFIGURATION_README and the general documentation
25referenced by it.  INSTALL is only a bootstrap document to get
26Postfix up and running from scratch with the minimal number of
27steps; it should not be considered part of the general documentation.
28</p>
29
30<p> This document describes how to build, install and configure a
31Postfix system so that it can do one of the following: </p>
32
33<ul>
34
35<li> Send mail only, without changing an existing Sendmail
36installation.
37
38<li> Send and receive mail via a virtual host interface, still
39without any change to an existing Sendmail installation.
40
41<li> Run Postfix instead of Sendmail.
42
43</ul>
44
45<p> Topics covered in this document: </p>
46
47<ol>
48
49<li> <a href="#1">Purpose of this document</a>
50
51<li> <a href="#2">Typographical conventions</a>
52
53<li> <a href="#3">Documentation</a>
54
55<li> <a href="#4">Building on a supported system</a>
56
57<li> <a href="#5">Porting Postfix to an unsupported system</a>
58
59<li> <a href="#install">Installing the software after successful
60compilation </a>
61
62<li> <a href="#send_only">Configuring Postfix to send mail
63only </a>
64
65<li> <a href="#send_receive">Configuring Postfix to send and
66receive mail via virtual interface </a>
67
68<li> <a href="#replace">Running Postfix instead of Sendmail</a>
69
70<li> <a href="#mandatory">Mandatory configuration file edits</a>
71
72<li> <a href="#hamlet">To chroot or not to chroot</a>
73
74<li> <a href="#care">Care and feeding of the Postfix system</a>
75
76</ol>
77
78<h2> <a name="2">2 - Typographical conventions</a> </h2>
79
80<p> In the instructions below, a command written as </p>
81
82<blockquote>
83<pre>
84# command
85</pre>
86</blockquote>
87
88<p> should be executed as the superuser. </p>
89
90<p> A command written as </p>
91
92<blockquote>
93<pre>
94% command
95</pre>
96</blockquote>
97
98<p> should be executed as an unprivileged user.  </p>
99
100<h2> <a name="3">3 - Documentation</a> </h2>
101
102<p> Documentation is available as README files (start with the file
103README_FILES/AAAREADME), as HTML web pages (point your browser to
104"html/index.html") and as UNIX-style manual pages. </p>
105
106<p> You should view the README files with a pager such as more(1)
107or less(1), because the files use backspace characters in order to
108produce <b>bold</b> font. To print a README file without backspace
109characters, use the col(1) command.  For example: </p>
110
111<blockquote>
112<pre>
113% col -bx &lt;file | lpr
114</pre>
115</blockquote>
116
117<p> In order to view the manual pages before installing Postfix,
118point your MANPATH environment variable to the "man" subdirectory;
119be sure to use an absolute path.  </p>
120
121<blockquote>
122<pre>
123% export MANPATH; MANPATH="`pwd`/man:$MANPATH"
124% setenv MANPATH "`pwd`/man:$MANPATH"
125</pre>
126</blockquote>
127
128<p> Of particular interest is the postconf(5) manual page that
129lists all the 500+ configuration parameters. The HTML version of
130this text makes it easy to navigate around.  </p>
131
132<p> All Postfix source files have their own built-in manual page.
133Tools to extract those embedded manual pages are available in the
134mantools directory. </p>
135
136<h2> <a name="4">4 - Building on a supported system</a> </h2>
137
138<p> At some point in time, a version of Postfix was supported on: </p>
139
140<blockquote>
141<p>
142AIX 3.2.5, 4.1.x, 4.2.0, 4.3.x, 5.2 <br>
143BSD/OS 2.x, 3.x, 4.x <br>
144Darwin 1.x <br>
145FreeBSD 2.x, 3.x, 4.x, 5.x <br>
146HP-UX  9.x, 10.x, 11.x <br>
147IRIX 5.x, 6.x <br>
148Linux Debian 1.3.1, 2.x, 3.x <br>
149Linux RedHat 3.x (January 2004) - 9.x <br>
150Linux Slackware 3.x, 4.x, 7.x <br>
151Linux SuSE 5.x, 6.x, 7.x <br>
152Linux Ubuntu 4.10..7.04<br>
153Mac OS X <br>
154NEXTSTEP 3.x <br>
155NetBSD 1.x <br>
156OPENSTEP 4.x <br>
157OSF1.V3 - OSF1.V5 (Digital UNIX) <br>
158Reliant UNIX 5.x <br>
159Rhapsody 5.x <br>
160SunOS 4.1.4 (March 2007) <br>
161SunOS 5.4 - 5.10 (Solaris 2.4..10) <br>
162Ultrix 4.x (well, that was long ago) <br>
163</p>
164</blockquote>
165
166<p> or something closely resemblant. </p>
167
168<h3>4.1 - Getting started</h3>
169
170<p> On Solaris, the "make" command and other utilities for software
171development are in /usr/ccs/bin, so you MUST have /usr/ccs/bin in
172your command search path. If these files do not exist, install the
173development packages first. See the Solaris FAQ item "<a
174href="http://www.science.uva.nl/pub/solaris/solaris2.html#q6.2">Which
175packages do I need to install to support a C compiler?</a>". </p>
176
177<p> If you need to build Postfix for multiple architectures, use the
178"lndir" command to build a shadow tree with symbolic links to the
179source files. "lndir" is part of X11R6. </p>
180
181<p> If at any time in the build process you get messages like: "make:
182don't know how to ..." you should be able to recover by running
183the following command from the Postfix top-level directory: </p>
184
185<blockquote>
186<pre>
187% make -f Makefile.init makefiles
188</pre>
189</blockquote>
190
191<p> If you copied the Postfix source code after building it on another
192machine, it is a good idea to cd into the top-level directory and
193first do this:</p>
194
195<blockquote>
196<pre>
197% make tidy
198</pre>
199</blockquote>
200
201<p> This will get rid of any system dependencies left over from
202compiling the software elsewhere. </p>
203
204<h3>4.2 - What compiler to use</h3>
205
206<p> To build with GCC, or with the native compiler if people told me
207that is better for your system, just cd into the top-level Postfix
208directory of the source tree and type: </p>
209
210<blockquote>
211<pre>
212% make
213</pre>
214</blockquote>
215
216<p> To build with a non-default compiler, you need to specify the name
217of the compiler. Here are a few examples: </p>
218
219<blockquote>
220<pre>
221% make makefiles CC=/opt/SUNWspro/bin/cc        (Solaris)
222% make
223
224% make makefiles CC="/opt/ansic/bin/cc -Ae"     (HP-UX)
225% make
226
227% make makefiles CC="purify cc"
228% make
229</pre>
230</blockquote>
231
232<p> and so on. In some cases, optimization is turned off automatically. </p>
233
234<h3>4.3 - Building with optional extensions</h3>
235
236By default, Postfix builds as a mail system with relatively few
237bells and whistles. Support for third-party databases etc.
238must be configured when Postfix is compiled.  The following documents describe how to build Postfix with support for extensions:
239
240<blockquote>
241<table border="1">
242
243<tr> <th>Postfix extension </th> <th>Document </th> <th>Availability</th>
244</tr>
245
246<tr> <td> Berkeley DB database</td> <td>DB_README</td> <td> Postfix
2471.0 </td> </tr>
248
249<tr> <td> LDAP database</td> <td>LDAP_README</td> <td> Postfix
2501.0 </td> </tr>
251
252<tr> <td> MySQL database</td> <td>MYSQL_README</td> <td> Postfix
2531.0 </td> </tr>
254
255<tr> <td> Perl compatible regular expression</td> <td>PCRE_README</td>
256<td> Postfix 1.0 </td> </tr>
257
258<tr> <td> PostgreSQL database</td> <td>PGSQL_README</td> <td>
259Postfix 2.0 </td> </tr>
260
261<tr> <td> SASL authentication </td> <td>SASL_README</td> <td>
262Postfix 1.0 </td> </tr>
263
264<tr> <td> SQLite database</td> <td>SQLITE_README</td> <td> Postfix
2652.8 </td> </tr>
266
267<tr> <td> STARTTLS session encryption </td> <td>TLS_README</td> <td>
268Postfix 2.2 </td> </tr>
269
270</table>
271
272</blockquote>
273
274<p> Note: IP version 6 support is compiled into Postfix on operating
275systems that have IPv6 support. See the IPV6_README file for details.
276</p>
277
278<h3>4.4 - Overriding built-in parameter default settings</h3>
279
280<p> All Postfix configuration parameters can be changed by editing
281a Postfix configuration file, except for one: the parameter that
282specifies the location of Postfix configuration files. In order to
283build Postfix with a configuration directory other than /etc/postfix,
284use: </p>
285
286<blockquote>
287<pre>
288% make makefiles CCARGS='-DDEF_CONFIG_DIR=\"/some/where\"'
289% make
290</pre>
291</blockquote>
292
293<p> IMPORTANT: Be sure to get the quotes right. These details matter
294a lot. </p>
295
296<p> Parameters whose defaults can be specified in this way are: </p>
297
298<blockquote>
299
300<table border="1">
301
302<tr><th> Macro name </th> <th>default value for</th>  <th>typical
303default</th> </tr>
304
305<tr> <td>DEF_COMMAND_DIR</td> <td>command_directory</td>
306<td>/usr/sbin</td> </tr>
307
308<tr> <td>DEF_CONFIG_DIR</td> <td>config_directory</td>
309<td>/etc/postfix</td> </tr>
310
311<tr> <td>DEF_DAEMON_DIR</td> <td>daemon_directory</td>
312<td>/usr/libexec/postfix</td> </tr>
313
314<tr> <td>DEF_DATA_DIR</td> <td>data_directory</td>
315<td>/var/db/postfix</td> </tr>
316
317<tr> <td>DEF_MAILQ_PATH</td> <td>mailq_path</td> <td>/usr/bin/mailq</td>
318</tr>
319
320<tr> <td>DEF_HTML_DIR</td> <td>html_directory</td>
321<td>no</td> </tr>
322
323<tr> <td>DEF_MANPAGE_DIR</td> <td>manpage_directory</td>
324<td>/usr/local/man</td> </tr>
325
326<tr> <td>DEF_NEWALIAS_PATH</td> <td>newaliases_path</td>
327<td>/usr/bin/newaliases</td> </tr>
328
329<tr> <td>DEF_QUEUE_DIR</td> <td>queue_directory</td>
330<td>/var/spool/postfix</td> </tr>
331
332<tr> <td>DEF_README_DIR</td> <td>readme_directory</td>
333<td>no</td> </tr>
334
335<tr> <td>DEF_SENDMAIL_PATH</td> <td>sendmail_path</td>
336<td>/usr/sbin/sendmail</td> </tr>
337
338</table>
339
340</blockquote>
341
342<p> Note: the data_directory parameter (for caches and pseudo-random
343numbers) was introduced with Postfix version 2.5. </p>
344
345<h3>4.5 - Overriding other compile-time features</h3>
346
347<p> The general method to override Postfix compile-time features
348is as follows: </p>
349
350<blockquote>
351<pre>
352% make makefiles name=value name=value...
353% make
354</pre>
355</blockquote>
356
357<p> The following is an extensive list of names and values. </p>
358
359<table border="1">
360
361<tr> <th colspan="2"> Name/Value </th> <th> Description </th> </tr>
362
363<tr> <td colspan="2"> AUXLIBS="object_library..."</td> <td> Specifies
364one or more non-default object libraries. </td> </tr>
365
366<tr> <td colspan="2"> CC=compiler_command</td> <td> Specifies a
367non-default compiler. On many systems, the default is <tt>gcc</tt>.
368</td> </tr>
369
370<tr> <td colspan="2"> CCARGS="compiler_arguments..."</td> <td>
371Specifies non-default compiler arguments, for example, a non-default
372<tt>include</tt> directory.  The following directives turn
373off Postfix features at compile time:</td> </tr>
374
375<tr> <td> </td> <td> -DNO_DB </td> <td> Do not build with Berkeley
376DB support. By default, Berkeley DB support is compiled in on
377platforms that are known to support this feature.  </td> </tr>
378
379<tr> <td> </td> <td> -DNO_DEVPOLL </td> <td> Do not build with
380Solaris <tt>/dev/poll</tt> support. By default, <tt>/dev/poll</tt>
381support is compiled in on Solaris versions that are known to support
382this feature.  </td> </tr>
383
384<tr> <td> </td> <td> -DNO_EPOLL </td> <td> Do not build with Linux
385EPOLL support.  By default, EPOLL support is compiled in on platforms
386that are known to support this feature. </td> </tr>
387
388<tr> <td> </td> <td> -DNO_IPV6 </td> <td> Do not build with IPv6
389support. By default, IPv6 support is compiled in on platforms that
390are known to have IPv6 support. Note: this directive is for debugging
391and testing only. It is not guaranteed to work on all platforms.
392</td> </tr>
393
394<tr> <td> </td> <td> -DNO_KQUEUE </td> <td> Do not build with FreeBSD
395/ NetBSD / OpenBSD / MacOSX KQUEUE support. By default, KQUEUE
396support is compiled in on platforms that are known to support it.
397</td> </tr>
398
399<tr> <td> </td> <td> -DNO_NIS </td> <td> Do not build with NIS or
400NISPLUS support. NIS is not available on some recent Linux or Solaris
401distributions. </td> </tr>
402
403<tr> <td> </td> <td> -DNO_PCRE </td> <td> Do not build with PCRE
404support. By default, PCRE support is compiled in when the
405<tt>pcre-config</tt> utility is installed. </td> </tr>
406
407<tr> <td> </td> <td> -DNO_POSIX_GETPW_R </td> <td> Disable support
408for POSIX <tt>getpwnam_r/getpwuid_r</tt>. By default Postfix uses
409these where they are known to be available. </td> </tr>
410
411<tr> <td> </td> <td> -DNO_SIGSETJMP </td> <td> Use
412<tt>setjmp()/longjmp()</tt> instead of <tt>sigsetjmp()/siglongjmp()</tt>.
413By default, Postfix uses <tt>sigsetjmp()/siglongjmp()</tt> when
414they are known to be available. </td> </tr>
415
416<tr> <td colspan="2"> DEBUG=debug_level </td> <td> Specifies a
417non-default compiler debugging level. The default is <tt>-g</tt>.
418Specify DEBUG= to turn off debugging. </td> </tr>
419
420<tr> <td colspan="2"> OPT=optimization_level </td> <td> Specifies
421a non-default optimization level. The default is -O.  Specify OPT=
422to turn off optimization. </td> </tr>
423
424<tr> <td colspan="2"> WARN="warning_flags..." </td> <td> Specifies
425non-default <tt>gcc</tt> compiler warning options for use when
426"<tt>make</tt>" is invoked in a source subdirectory only. </td>
427</tr>
428
429</table>
430
431<h3>4.6 - Support for thousands of processes</h3>
432
433<p> The number of connections that Postfix can manage simultaneously
434is limited by the number of processes that it can run.  This number
435in turn is limited by the number of files and sockets that a single
436process can open. For example, the Postfix queue manager has a
437separate connection to each delivery process, and the anvil(8)
438server has one connection per smtpd(8) process. </p>
439
440<p> Postfix version 2.4 and later have no built-in limits on the
441number of open files or sockets, when compiled on systems that
442support one of the following: </p>
443
444<ul>
445
446<li> BSD kqueue(2) (FreeBSD 4.1, NetBSD 2.0, OpenBSD 2.9),
447
448<li> Solaris 8 /dev/poll,
449
450<li> Linux 2.6 epoll(4).
451
452</ul>
453
454
455<p> With other Postfix versions or operating systems, the number
456of file descriptors per process is limited by the value of the
457FD_SETSIZE macro. If you expect to run more than 1000 mail delivery
458processes, you may need to override the definition of the FD_SETSIZE
459macro to make select() work correctly: </p>
460
461<blockquote>
462<pre>
463% make makefiles CCARGS=-DFD_SETSIZE=2048
464</pre>
465</blockquote>
466
467<p> Warning: the above has no effect on some Linux versions.
468Apparently, on these systems the FD_SETSIZE value can be changed
469only by using undocumented interfaces. Currently, that means
470including &lt;bits/types.h&gt; directly (which is not allowed) and
471overriding the __FD_SETSIZE macro. Beware, undocumented interfaces
472can change at any time and without warning. </p>
473
474<p> But wait, there is more: none of this will work unless the
475operating system is configured to handle thousands of connections.
476See the TUNING_README guide for examples of how to increase the
477number of open sockets or files. </p>
478
479<h3>4.7 - Compiling Postfix, at last</h3>
480
481<p> If the command </p>
482
483<blockquote>
484<pre>
485% make
486</pre>
487</blockquote>
488
489<p> is successful, then you can proceed to <a href="#install">install</a>
490Postfix (section 6).
491
492<p> If the command produces compiler error messages, it may be time
493to search the web or to ask the postfix-users@postfix.org mailing
494list, but be sure to search the mailing list archives first. Some
495mailing list archives are linked from http://www.postfix.org/. </p>
496
497<h2> <a name="5">5 - Porting Postfix to an unsupported system</a> </h2>
498
499<p> Each system type that Postfix knows is identified by a unique
500name. Examples:  SUNOS5, FREEBSD4, and so on.  When porting Postfix
501to a new system, the first step is to choose a SYSTEMTYPE name for
502the new system. You must use a name that includes at least the
503major version of the operating system (such as SUNOS4 or LINUX2),
504so that different releases of the same system can be supported
505without confusion.  </p>
506
507<p> Add a case statement to the "makedefs" shell script in the
508source code top-level directory that recognizes the new system
509reliably, and that emits the right system-specific information.
510Be sure to make the code robust against user PATH settings; if the
511system offers multiple UNIX flavors (e.g. BSD and SYSV) be sure to
512build for the native flavor, instead of the emulated one. </p>
513
514<p> Add an "#ifdef SYSTEMTYPE" section to the central util/sys_defs.h
515include file.  You may have to invent new feature macro names.
516Please choose sensible feature macro names such as HAS_DBM or
517FIONREAD_IN_SYS_FILIO_H.
518
519<p> I strongly recommend against using "#ifdef SYSTEMTYPE" in
520individual source files.  While this may look like the quickest
521solution, it will create a mess when newer versions of the same
522SYSTEMTYPE need to be supported.  You're likely to end up placing
523"#ifdef" sections all over the source code again.  </p>
524
525<h2><a name="install">6 - Installing the software after successful
526compilation</a></h2>
527
528<p> This text describes how to install Postfix from source code.
529See the PACKAGE_README file if you are building a package for
530distribution to other systems. </p>
531
532<h3>6.1 - Save existing Sendmail binaries</h3>
533
534<p> <a name="save">IMPORTANT</a>: if you are REPLACING an existing
535Sendmail installation with Postfix, you may need to keep the old
536sendmail program running for some time in order to flush the mail
537queue. </p>
538
539<ul>
540
541<li> <p> Some systems implement a mail switch mechanism where
542different MTAs (Postfix, Sendmail, etc.) can be installed at the
543same time, while only one of them is actually being used. Examples
544of such switching mechanisms are the FreeBSD mailwrapper(8) or the
545Linux mail switch.  In this case you should try to "flip" the switch
546to "Postfix" before installing Postfix. </p>
547
548<li> <p> If your system has no mail switch mechanism, execute the
549following commands (your sendmail, newaliases and mailq programs
550may be in a different place): </p>
551
552<pre>
553# mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF
554# mv /usr/bin/newaliases /usr/bin/newaliases.OFF
555# mv /usr/bin/mailq /usr/bin/mailq.OFF
556# chmod 755 /usr/sbin/sendmail.OFF /usr/bin/newaliases.OFF \
557    /usr/bin/mailq.OFF
558</pre>
559
560</ul>
561
562<h3>6.2 - Create account and groups</h3>
563
564<p> Before you install Postfix for the first time you need to
565create an account and a group:</p>
566
567<ul>
568
569<li> <p> Create a user account "postfix" with a user id and group
570id that are not used by any other user account.  Preferably, this
571is an account that no-one can log into.  The account does not need
572an executable login shell, and needs no existing home directory.
573My password and group file entries look like this: </p>
574
575<blockquote>
576<pre>
577/etc/passwd:
578    postfix:*:12345:12345:postfix:/no/where:/no/shell
579
580/etc/group:
581    postfix:*:12345:
582</pre>
583</blockquote>
584
585<p> Note: there should be no whitespace before "postfix:". </p>
586
587<li> <p> Create a group "postdrop" with a group id that is not used
588by any other user account. Not even by the postfix user account.
589My group file entry looks like:
590
591<blockquote>
592<pre>
593/etc/group:
594    postdrop:*:54321:
595</pre>
596</blockquote>
597
598<p> Note: there should be no whitespace before "postdrop:". </p>
599
600</ul>
601
602<h3>6.3 - Install Postfix</h3>
603
604<p> To install or upgrade Postfix from compiled source code, run
605one of the following commands as the super-user:</p>
606
607<blockquote>
608<pre>
609# make install       (interactive version, first time install)
610
611# make upgrade       (non-interactive version, for upgrades)
612</pre>
613</blockquote>
614
615<ul>
616
617<li> <p> The interactive version ("make install") asks for pathnames
618for Postfix data and program files, and stores your preferences in
619the main.cf file. <b> If you don't want Postfix to overwrite
620non-Postfix "sendmail", "mailq" and "newaliases" files, specify
621pathnames that end in ".postfix"</b>. </p>
622
623<li> <p> The non-interactive version ("make upgrade") needs the
624/etc/postfix/main.cf file from a previous installation. If the file
625does not exist, use interactive installation ("make install")
626instead. </p>
627
628</ul>
629
630<h3>6.4 - Configure Postfix</h3>
631
632<p> Proceed to the section on how you wish to run Postfix on
633your particular machine: </p>
634
635<ul>
636
637<li> <p> <a href="#send_only">Send</a> mail only, without changing
638an existing Sendmail installation (section 7). </p>
639
640<li> <p> <a href="#send_receive">Send and receive</a> mail via a
641virtual host interface, still without any change to an existing
642Sendmail installation (section 8). </p>
643
644<li> <p> Run Postfix <a href="#replace">instead of</a> Sendmail
645(section 9). </p>
646
647</ul>
648
649<h2><a name="send_only">7 - Configuring Postfix to send mail
650only</a></h2>
651
652<p> If you are going to use Postfix to send mail only, there is no
653need to change your existing sendmail setup. Instead, set up your
654mail user agent so that it calls the Postfix sendmail program
655directly. </p>
656
657<p> Follow the instructions in the "<a href="#mandatory">Mandatory
658configuration file edits</a>" in section 10, and review the "<a
659href="#hamlet">To chroot or not to chroot</a>" text in section
66011. </p>
661
662<p> You MUST comment out the "smtp inet" entry in /etc/postfix/master.cf,
663in order to avoid conflicts with the real sendmail. Put a "#"
664character in front of the line that defines the smtpd service: </p>
665
666<blockquote>
667<pre>
668/etc/postfix/master.cf:
669    #smtp      inet  n       -       n       -       -       smtpd
670</pre>
671</blockquote>
672
673<p> Start the Postfix system: </p>
674
675<blockquote>
676<pre>
677# postfix start
678</pre>
679</blockquote>
680
681<p> or, if you feel nostalgic, use the Postfix sendmail command: </p>
682
683<blockquote>
684<pre>
685# sendmail -bd -qwhatever
686</pre>
687</blockquote>
688
689<p> and watch your maillog file for any error messages. The pathname
690is /var/log/maillog, /var/log/mail, /var/log/syslog, or something
691else. Typically, the pathname is defined in the /etc/syslog.conf
692file. </p>
693
694<blockquote>
695<pre>
696% egrep '(reject|warning|error|fatal|panic):' /some/log/file
697</pre>
698</blockquote>
699
700<p> Note: the most important error message is logged first. Later
701messages are not as useful. </p>
702
703<p> In order to inspect the mail queue, use one of the following
704commands: </p>
705
706<blockquote>
707<pre>
708% mailq
709
710% sendmail -bp
711
712% postqueue -p
713</pre>
714</blockquote>
715
716<p> See also the "<a href="#care">Care and feeding</a>" section 12
717below.  </p>
718
719<h2><a name="send_receive">8 - Configuring Postfix to send and
720receive mail via virtual interface</a></h2>
721
722<p> Alternatively, you can use the Postfix system to send AND
723receive mail while leaving your Sendmail setup intact, by running
724Postfix on a virtual interface address.  Simply configure your mail
725user agent to directly invoke the Postfix sendmail program.  </p>
726
727<p> To create a virtual network interface address, study your
728system ifconfig manual page. The command syntax could be any
729of: </p>
730
731<blockquote>
732<pre>
733# <b>ifconfig le0:1 &lt;address&gt; netmask &lt;mask&gt; up</b>
734# <b>ifconfig en0 alias &lt;address&gt; netmask 255.255.255.255</b>
735</pre>
736</blockquote>
737
738<p> In the /etc/postfix/main.cf file, I would specify </p>
739
740<blockquote>
741<pre>
742/etc/postfix/main.cf:
743    myhostname = virtual.host.tld
744    inet_interfaces = $myhostname
745    mydestination = $myhostname
746</pre>
747</blockquote>
748
749<p> Follow the instructions in the "<a href="#mandatory">Mandatory
750configuration file edits</a>" in section 10, and review the "<a
751name="#hamlet">To chroot or not to chroot</a>" text in section
75211. </p>
753
754<p> Start the Postfix system: </p>
755
756<blockquote>
757<pre>
758# postfix start
759</pre>
760</blockquote>
761
762<p> or, if you feel nostalgic, use the Postfix sendmail command: </p>
763
764<blockquote>
765<pre>
766# sendmail -bd -qwhatever
767</pre>
768</blockquote>
769
770<p> and watch your maillog file for any error messages. The pathname
771is /var/log/maillog, /var/log/mail, /var/log/syslog, or something
772else. Typically, the pathname is defined in the /etc/syslog.conf
773file. </p>
774
775<blockquote>
776<pre>
777% egrep '(reject|warning|error|fatal|panic):' /some/log/file
778</pre>
779</blockquote>
780
781<p> Note: the most important error message is logged first. Later
782messages are not as useful. </p>
783
784<p> In order to inspect the mail queue, use one of the following
785commands: </p>
786
787<blockquote>
788<pre>
789% mailq
790
791% sendmail -bp
792
793% postqueue -p
794</pre>
795</blockquote>
796
797<p> See also the "<a href="#care">Care and feeding</a>" section 12
798below.  </p>
799
800<h2><a name="replace">9 - Running Postfix instead of Sendmail</a></h2>
801
802<p> Prior to installing Postfix you should <a href="#save">save</a>
803any existing sendmail program files as described in section 6.  Be
804sure to keep the old sendmail running for at least a couple days
805to flush any unsent mail. To do so, stop the sendmail daemon and
806restart it as: </p>
807
808<blockquote>
809<pre>
810# /usr/sbin/sendmail.OFF -q
811</pre>
812</blockquote>
813
814<p> Note: this is old sendmail syntax. Newer versions use separate
815processes for mail submission and for running the queue. </p>
816
817<p> After you have visited the "<a href="#mandatory">Mandatory
818configuration file edits</a>" section below, you can start the
819Postfix system with: </p>
820
821<blockquote>
822<pre>
823# postfix start
824</pre>
825</blockquote>
826
827<p> or, if you feel nostalgic, use the Postfix sendmail command: </p>
828
829<blockquote>
830<pre>
831# sendmail -bd -qwhatever
832</pre>
833</blockquote>
834
835<p> and watch your maillog file for any error messages. The pathname
836is /var/log/maillog, /var/log/mail, /var/log/syslog, or something
837else. Typically, the pathname is defined in the /etc/syslog.conf
838file. </p>
839
840<blockquote>
841<pre>
842% egrep '(reject|warning|error|fatal|panic):' /some/log/file
843</pre>
844</blockquote>
845
846<p> Note: the most important error message is logged first. Later
847messages are not as useful. </p>
848
849<p> In order to inspect the mail queue, use one of the following
850commands: </p>
851
852<blockquote>
853<pre>
854% mailq
855
856% sendmail -bp
857
858% postqueue -p
859</pre>
860</blockquote>
861
862<p> See also the "<a href="#care">Care and feeding</a>" section 12
863below.  </p>
864
865<h2><a name="mandatory">10 - Mandatory configuration file edits</a></h2>
866
867<p> Note: the material covered in this section is covered in more
868detail in the BASIC_CONFIGURATION_README document. The information
869presented below is targeted at experienced system administrators.
870</p>
871
872<h3>10.1 - Postfix configuration files</h3>
873
874<p> By default, Postfix configuration files are in /etc/postfix.
875The two most important files are main.cf and master.cf; these files
876must be owned by root.  Giving someone else write permission to
877main.cf or master.cf (or to their parent directories) means giving
878root privileges to that person. </p>
879
880<p> In /etc/postfix/main.cf, you will have to set up a minimal number
881of configuration parameters.  Postfix configuration parameters
882resemble shell variables, with two important differences: the first
883one is that Postfix does not know about quotes like the UNIX shell
884does.</p>
885
886<p> You specify a configuration parameter as: </p>
887
888<blockquote>
889<pre>
890/etc/postfix/main.cf:
891    parameter = value
892</pre>
893</blockquote>
894
895<p> and you use it by putting a "$" character in front of its name: </p>
896
897<blockquote>
898<pre>
899/etc/postfix/main.cf:
900    other_parameter = $parameter
901</pre>
902</blockquote>
903
904<p> You can use $parameter before it is given a value (that is the
905second main difference with UNIX shell variables). The Postfix
906configuration language uses lazy evaluation, and does not look at
907a parameter value until it is needed at runtime.  </p>
908
909<p> Whenever you make a change to the main.cf or master.cf file,
910execute the following command in order to refresh a running mail
911system: </p>
912
913<blockquote>
914<pre>
915# postfix reload
916</pre>
917</blockquote>
918
919<h3>10.2 - Default domain for unqualified addresses</h3>
920
921<p> First of all, you must specify what domain will be appended to an
922unqualified address (i.e. an address without @domain.tld). The
923"myorigin" parameter defaults to the local hostname, but that is
924probably OK only for very small sites.  </p>
925
926<p> Some examples (use only one): </p>
927
928<blockquote>
929<pre>
930/etc/postfix/main.cf:
931    myorigin = $myhostname    (send mail as "user@$myhostname")
932    myorigin = $mydomain      (send mail as "user@$mydomain")
933</pre>
934</blockquote>
935
936<h3>10.3 - What domains to receive locally</h3>
937
938<p> Next you need to specify what mail addresses Postfix should deliver
939locally. </p>
940
941<p> Some examples (use only one): </p>
942
943<blockquote>
944<pre>
945/etc/postfix/main.cf:
946    mydestination = $myhostname, localhost.$mydomain, localhost
947    mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
948    mydestination = $myhostname
949</pre>
950</blockquote>
951
952<p>The first example is appropriate for a workstation, the second
953is appropriate for the mailserver for an entire domain. The third
954example should be used when running on a virtual host interface.</p>
955
956<h3>10.4 - Proxy/NAT interface addresses </h3>
957
958<p> The proxy_interfaces parameter specifies all network addresses
959that Postfix receives mail on by way of a proxy or network address
960translation unit. You may specify symbolic hostnames instead of
961network addresses. </p>
962
963<p> IMPORTANT: You must specify your proxy/NAT external addresses
964when your system is a backup MX host for other domains, otherwise
965mail delivery loops will happen when the primary MX host is down.
966</p>
967
968<p> Example: host behind NAT box running a backup MX host. </p>
969
970<blockquote>
971<pre>
972/etc/postfix/main.cf:
973    proxy_interfaces = 1.2.3.4 (the proxy/NAT external network address)
974</pre>
975</blockquote>
976
977<h3>10.5 - What local clients to relay mail from </h3>
978
979<p> If your machine is on an open network then you must specify
980what client IP addresses are authorized to relay their mail through
981your machine into the Internet.  The default setting includes all
982subnetworks that the machine is attached to. This may give relay
983permission to too many clients.  My own settings are: </p>
984
985<blockquote>
986<pre>
987/etc/postfix/main.cf:
988    mynetworks = 168.100.189.0/28, 127.0.0.0/8
989</pre>
990</blockquote>
991
992<h3>10.6 - What relay destinations to accept from strangers </h3>
993
994<p> If your machine is on an open network then you must also specify
995whether Postfix will forward mail from strangers.  The default
996setting will forward mail to all domains (and subdomains of) what
997is listed in $mydestination.  This may give relay permission for
998too many destinations.  Recommended settings (use only one): </p>
999
1000<blockquote>
1001<pre>
1002/etc/postfix/main.cf:
1003    relay_domains =            (do not forward mail from strangers)
1004    relay_domains = $mydomain  (my domain and subdomains)
1005    relay_domains = $mydomain, other.domain.tld, ...
1006</pre>
1007</blockquote>
1008
1009<h3>10.7 - Optional: configure a smart host for remote delivery</h3>
1010
1011<p> If you're behind a firewall, you should set up a relayhost.  If
1012you can, specify the organizational domain name so that Postfix
1013can use DNS lookups, and so that it can fall back to a secondary
1014MX host when the primary MX host is down. Otherwise just specify
1015a hard-coded hostname.  </p>
1016
1017<p> Some examples (use only one): </p>
1018
1019<blockquote>
1020<pre>
1021/etc/postfix/main.cf:
1022    relayhost = $mydomain
1023    relayhost = [mail.$mydomain]
1024</pre>
1025</blockquote>
1026
1027<p> The form enclosed with <tt>[]</tt> eliminates DNS MX lookups. </p>
1028
1029<p> By default, the SMTP client will do DNS lookups even when you
1030specify a relay host. If your machine has no access to a DNS server,
1031turn off SMTP client DNS lookups like this: </p>
1032
1033<blockquote>
1034<pre>
1035/etc/postfix/main.cf:
1036    disable_dns_lookups = yes
1037</pre>
1038</blockquote>
1039
1040<p> The STANDARD_CONFIGURATION_README file has more hints and tips for
1041firewalled and/or dial-up networks. </p>
1042
1043<h3>10.8 - Create the aliases database</h3>
1044
1045<p> Postfix uses a Sendmail-compatible aliases(5) table to redirect
1046mail for local(8) recipients.  Typically, this information is kept
1047in two files: in a text file /etc/aliases and in an indexed file
1048/etc/aliases.db.  The command "postconf alias_maps" will tell you
1049the exact location of the text file.  </p>
1050
1051<p> First, be sure to update the text file with aliases for root,
1052postmaster and "postfix" that forward mail to a real person.  Postfix
1053has a sample aliases file /etc/postfix/aliases that you can adapt
1054to local conditions.  </p>
1055
1056<blockquote>
1057<pre>
1058/etc/aliases:
1059    root: you
1060    postmaster: root
1061    postfix: root
1062    bin: root
1063    <i>etcetera...</i>
1064</pre>
1065</blockquote>
1066
1067<p> Note: there should be no whitespace before the ":". </p>
1068
1069<p> Finally, build the indexed aliases file with one of the
1070following commands: </p>
1071
1072<blockquote>
1073<pre>
1074# newaliases
1075# sendmail -bi
1076</pre>
1077</blockquote>
1078
1079<h2><a name="hamlet">11 - To chroot or not to chroot</a></h2>
1080
1081<p> Postfix daemon processes can be configured (via master.cf) to
1082run in a chroot jail.  The processes run at a fixed low privilege
1083and with access only to the Postfix queue directories (/var/spool/postfix).
1084This provides a significant barrier against intrusion. The barrier
1085is not impenetrable, but every little bit helps. </p>
1086
1087<p> With the exception of Postfix daemons that deliver mail locally
1088and/or that execute non-Postfix commands, every Postfix daemon can
1089run chrooted. </p>
1090
1091<p> Sites with high security requirements should consider to chroot
1092all daemons that talk to the network:  the smtp(8) and smtpd(8)
1093processes, and perhaps also the lmtp(8) client. The author's own
1094porcupine.org mail server runs all daemons chrooted that can be
1095chrooted. </p>
1096
1097<p> The default /etc/postfix/master.cf file specifies that no
1098Postfix daemon runs chrooted.  In order to enable chroot operation,
1099edit the file /etc/postfix/master.cf. Instructions are in the file.
1100</p>
1101
1102<p> Note that a chrooted daemon resolves all filenames relative to
1103the Postfix queue directory (/var/spool/postfix). For successful
1104use of a chroot jail,  most UNIX systems require you to bring in
1105some files or device nodes.  The examples/chroot-setup directory
1106in the source code distribution has a collection of scripts that
1107help you set up Postfix chroot environments on different operating
1108systems. </p>
1109
1110<p> Additionally, you almost certainly need to configure syslogd
1111so that it listens on a socket inside the Postfix queue directory.
1112Examples for specific systems: </p>
1113
1114<dl>
1115
1116<dt> FreeBSD: </dt>
1117
1118<dd> <pre>
1119# mkdir -p /var/spool/postfix/var/run
1120# syslogd -l /var/spool/postfix/var/run/log
1121</pre> </dd>
1122
1123<dt> Linux, OpenBSD: </dt>
1124
1125<dd> <pre>
1126# mkdir -p /var/spool/postfix/dev
1127# syslogd -a /var/spool/postfix/dev/log
1128</pre> </dd>
1129
1130</dl>
1131
1132<h2><a name="care">12 - Care and feeding of the Postfix system</a></h2>
1133
1134<p> Postfix daemon processes run in the background, and log problems
1135and normal activity to the syslog daemon. The names of logfiles
1136are specified in /etc/syslog.conf. At the very least you need
1137something like:  </p>
1138
1139<blockquote>
1140<pre>
1141/etc/syslog.conf:
1142    mail.err                                    /dev/console
1143    mail.debug                                  /var/log/maillog
1144</pre>
1145</blockquote>
1146
1147<p> IMPORTANT: the syslogd will not create files. You must create
1148them before (re)starting syslogd. </p>
1149
1150<p> IMPORTANT: on Linux you need to put a "-" character before
1151the pathname, e.g., -/var/log/maillog, otherwise the syslogd
1152will use more system resources than Postfix does. </p>
1153
1154<p> Hopefully, the number of problems will be small, but it is a good
1155idea to run every night before the syslog files are rotated: </p>
1156
1157<blockquote>
1158<pre>
1159# postfix check
1160# egrep '(reject|warning|error|fatal|panic):' /some/log/file
1161</pre>
1162</blockquote>
1163
1164<ul>
1165
1166<li> <p> The first line (postfix check) causes Postfix to report
1167file permission/ownership discrepancies. </p>
1168
1169<li> <p> The second line looks for problem reports from the mail
1170software, and reports how effective the relay and junk mail access
1171blocks are.  This may produce a lot of output.  You will want to
1172apply some postprocessing to eliminate uninteresting information.
1173</p>
1174
1175</ul>
1176
1177<p>  The <a href="DEBUG_README.html#logging"> DEBUG_README </a>
1178document describes the meaning of the "warning" etc. labels in
1179Postfix logging. </p>
1180
1181</body>
1182
1183</html>
1184