Setting up Postfix on Ubuntu

Posted under » PHP » Ubuntu » Linux on 1 September 2014

About Postfix is an alternative to the widely used Sendmail mail transfer agent or MTA.

This is my setup on Ubuntu 14.04.

First thing first. Use dig to ensure your mail is being directed to your server by the DNS.

dig mx

update and then install postfix

apt-get install postfix

Configure it. This is mine and located at /etc/postfix/

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

readme_directory = no

# TLS parameters
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# alias_maps = hash:/etc/aliases
# alias_database = hash:/etc/aliases

myhostname =
mydomain =
mydestination =, TRAVELMATE, localhost.localdomain, localhost
virtual_alias_domains =
virtual_alias_maps = hash:/etc/postfix/virtual

relayhost = 
mynetworks = [::ffff:]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

#smtpd_helo_restrictions = reject_unknown_helo_hostname
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client, reject_rhsbl_reverse_client, reject_rhsbl_helo, reject_rhsbl_sender

Additional layer of protection

# smtpd_client_restrictions = permit_mynetworks, reject
# non recommended as this will reject all clients from outside
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, permit
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions = check_policy_service unix:private/policy
smtp_sasl_auth_enable = no
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, hash:/etc/postfix/sender_access, permit
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/sender_access, reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_restrictions = reject_unauth_pipelining, reject_unauth_destination, reject_non_fqdn_recipient, permit_mynetworks, permit_sasl_authenticated, check_sender_access hash:/etc/postfix/sender_access, reject_rbl_client, reject_rbl_client, reject_rbl_client, check_policy_service unix:private/spfpolicy, check_policy_service inet:, permit
transport_maps = hash:/etc/postfix/transport

Now configure the mail mappings at /etc/postfix/virtual  DOMAIN
#  DOMAIN  admin
#  DOMAIN  pinky

You may have noticed that some are forwarded to emails on the cloud while some are forwarded to a user email account on the server itself. There are catch all emails as well. We can also set up certain addresses like to forward to multiple accounts by using a comma-separated list but a space-separated list works great as well.

To ensure the changes are picked up by postfix

postmap /etc/postfix/virtual

To activate the configuration changes in

postfix reload

If you encounter problems, please look at the logs located at "/var/log/mail.log"

See also Making PHP mail() work with Sendmail/Postfix and How to delete Postfix Queue.

web security linux ubuntu GIT svn Raspberry apache mysql php drupal cake symfony javascript Ajax css