Setting up Postfix on Ubuntu

Posted under » PHP » Ubuntu » Linux on 1 September 2014

About Postfix is an alternative to the widely used Sendmail mail transfer agent or MTA.

This is my setup on Ubuntu 14.04.

First thing first. Use dig to ensure your mail is being directed to your server by the DNS.

dig yourdomain.com mx

update and then install postfix

apt-get install postfix

Configure it. This is mine and located at /etc/postfix/main.cf.

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# alias_maps = hash:/etc/aliases
# alias_database = hash:/etc/aliases

myhostname = lkybast.com
mydomain = lkybast.com
mydestination = lkybast.com, TRAVELMATE, localhost.localdomain, localhost
virtual_alias_domains = lkybast.net lkybast.org
virtual_alias_maps = hash:/etc/postfix/virtual

relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

#smtpd_helo_restrictions = reject_unknown_helo_hostname
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org

Additional layer of protection

# smtpd_client_restrictions = permit_mynetworks, reject
# non recommended as this will reject all clients from outside
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, permit
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions = check_policy_service unix:private/policy
smtp_sasl_auth_enable = no
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, hash:/etc/postfix/sender_access, permit
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/sender_access, reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_restrictions = reject_unauth_pipelining, reject_unauth_destination, reject_non_fqdn_recipient, permit_mynetworks, permit_sasl_authenticated, check_sender_access hash:/etc/postfix/sender_access, reject_rbl_client relays.ordb.org, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, check_policy_service unix:private/spfpolicy, check_policy_service inet:127.0.0.1:10023, permit
transport_maps = hash:/etc/postfix/transport

Now configure the mail mappings at /etc/postfix/virtual

lkybast.com  DOMAIN
@lkybast.com  leeky@yahoo.com
#
lkybast.net  DOMAIN
gct@lkybast.net  gct@yahoo.com
suckers@lkybast.net  gct@yahoo.com tonytan@yahoo.com
thepm@lkybast.net  admin
#
lkybast.org  DOMAIN
thepm@lkybast.org  pinky

You may have noticed that some are forwarded to emails on the cloud while some are forwarded to a user email account on the server itself. There are catch all emails as well. We can also set up certain addresses like suckers@lkybast.net to forward to multiple accounts by using a comma-separated list but a space-separated list works great as well.

To ensure the changes are picked up by postfix

postmap /etc/postfix/virtual

If you don't do this you will get the 'warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual' error.

To activate the configuration changes in main.cf

postfix reload

If you encounter problems, please look at the logs located at "/var/log/mail.log"