## Postfix (formerly VMailer): Another SMTP Alternative
## Mike Hoskins <>
What is Postfix?
Postfix represents an attempt to provide a secure, robust SMTP alternative
to the popular Sendmail. Other Sendmail alternatives do exist (such as
qmail), but Postfix represents a fresh start and originated from the
highly-respected Wietse Venema. It, more than Sendmail, represents (IMO)
the ideology behind UNIX - small programs with clear tasks working together
to accomplish a goal. This 'separation of duties' methodology allows
absolute minimum privilege to be maintained for each utility, thereby
increasing system trust.
A Word of Warning
However sound the ideas and developmental merit behind Postfix, it is still
'Beta' software. I am currently running Sendmail on my production servers,
and will continue to do so until Postfix moves out of its 'Beta' stages.
My initial testing has earned Postfix very high regards on my part, but I
still must remind any individuals wishing to give Postfix a try that 'Beta'
software in production environments often leads to headaches. My testing
and this article relate to the Jan 1 Beta, patch level 1.
Getting Postfix
Although a port is certainly underway, Postfix is primarily available as
source code. You can get a list of ftp sites where it's available
.
Installation, A-Z
I'm happy to report that installation went very well for me under FreeBSD
3.0-RELEASE. After downloading the tarball from my closest FTP mirror,
I started things off by unpacking the source distribution:
$ ls
postfix-beta-19990122-pl01.tar.gz
$ gunzip -cd p* | tar xf -
$ ls
postfix-beta-19990122-pl01 postfix-beta-19990122-pl01.tar.gz
After moving into the newly created distribution directory, '0README' gave
a brief overview of the Postfix project, and 'INSTALL' gave verbose install
instructions.
There are two main decisions to be made when installing Postfix. First,
you must decide the extent of installation. Postfix can be configured to
do any one of the following:
- Send mail only (no change to existing Sendmail installation).
- Send and receive mail via virtual host interface (no change
to existing Sendmail installation).
- Replace Sendmail altogether.
This article will detail my findings when attempting to Replace Sendmail
altogether. All three options are detailed in the 'INSTALL' document, and
I would suggest browsing through it to get an overview of the installation
process.
Secondly, you must decide the best configuration for Postfix' submission
mechanism. Postfix uses a 'maildrop directory' where local users exchange
messages. Postfix can be configured to use a world writable (sticky bit)
maildrop directory or a SGID 'postdrop' script. Both options are detailed
in the 'INSTALL' document, so I will not discuss them in detail here. It
is enough to know that in this article, I will choose the SGID approach.
FreeBSD is a natively supported architecture. From the distribution
directory simply type 'make' and wait...
$ make
[compile-time output omitted]
If you receive compiler error messages, you should consult the 'INSTALL'
document and the Postfix FAQ. If all goes well, you should be returned
to your command prompt after a few seconds.
Postfix does not include any sort of automated install script. Due to
the wide range of supported systems and relative complexity of the Postfix
program, the developers choose to maintain a manual install procedure.
In all of the following examples, I am going to be using default directory
names. Most of these are configurable via environment variables, see
'INSTALL' for more information.
Become the super-user, and execute the following commands from within the
distribution directory:
# mkdir /etc/postfix
# chmod 755 /etc/postfix
# cp ./conf/* /etc/postfix
# chmod 644 /etc/postfix/*
# chmod 755 /etc/postfix/postfix-script*
This sets up the configuration directory (/etc/postfix) and copies all of
the default configuration files from the distribution directory. Next,
setup the spool directory:
# mkdir /var/spool/postfix
# chmod 755 /var/spool/postfix
Next, we must create a place for the actual Postfix programs. 'INSTALL'
recommends placing the programs in a separate directory, I chose
/usr/bin/postfix/bin (you can choose any directory - so long as main.cf
knows about it - as we'll see later).
# mkdir /usr/bin/postfix/bin
# cp ./bin/* /usr/bin/postfix/bin
As with most new software, manual pages can often be a lifesaver. I
placed the man pages into by /usr/bin/postfix hierarchy as follows:
# mkdir /usr/bin/postfix/man
# (cd man; tar cf - .) | (cd /usr/bin/postfix/man; tar xvf -)
As with all examples, these should be executed from within the distribution
directory. You may want to update your MANPATH so you can easily view the
Postfix manual pages.
To REPLACE Sendmail by Postfix, execute the following commands:
# mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF
# mv /usr/bin/mailq /usr/bin/mailq.OFF
# mv /usr/bin/newaliases /usr/bin/newaliases.OFF
# chmod 555 /usr/sbin/sendmail.OFF /usr/bin/mailq.OFF /usr/bin/newaliases.OFF
Now that the old programs are moved out of the way, put the new ones in
place as follows:
# ln -s /usr/bin/postfix/bin/sendmail /usr/bin/postfix/bin/post* /usr/sbin
# chmod 755 /usr/sbin/sendmail /usr/sbin/post*
# ln -s /usr/sbin/sendmail /usr/bin/mailq
# ln -s /usr/sbin/sendmail /usr/bin/newaliases
'INSTALL' suggests leaving the old Sendmail running for a couple days to
ensure any unsent mail is graciously flushed.
Before Postfix can be started, a few changes must be made to the main
configuration file (/etc/postfix/main.cf). By default, all Postfix
configuration files are in /etc/postfix and must be owned by root.
The changes that must be made are simplistic and few... Also, all
configuration parameters are verbosely commented in main.cf.
First, you must specify the userid that owns Postfix. The default
setting is 'postfix' ('mail_owner = postfix' around line 43 of
main.cf). 'INSTALL' and the .cf file itself both point to the same
piece of advice, "I would recommend that you create a dedicated user
account 'postfix', that is not in the same group as other accounts.
Make sure it is a locked account that no-one can log into. It does
not need an executable login shell, nor does it need an existing home
directory."
This is paramount to Postfix' ability to add trust to a system. Since
it places responsibility on the 'postfix' userid rather than the root
account, system risk is significantly reduced. I added a 'postfix' user
and group to my system as shown below:
# grep postfix /etc/passwd
postfix:*:65499:65499:Postfix user:/nonexistent:/sbin/nologin
# grep postfix /etc/group
postfix:*:65499:postfix
Next, the 'myorigin' variable (around line 78) must be set. Using
'myorigin = $mydomain' works well for me (you may also set 'myorigin'
to '$myhostname' - see main.cf for details). This simply says that
mail originating on my system will be seen as 'user@mydomain'.
Around lines 111-113, the 'mydestination' variable must be set. I
chose the third, default option, 'mydestination = $myhostname,
localhost.$mydomain, $mydomain, mail.$mydomain, www.$mydomain,
ftp.$mydomain'. This tells Postfix what hostnames it is the
final destination for.
Two final options to tweak... 'program_directory' and
'queue_directory' must be set. For me, I set
'program_directory = /usr/bin/postfix/bin' and
'queue_directory = /var/spool/postfix' (if you chose to place
your bin or queue directories elsewhere during the installation,
you should edit these appropriately).
Further configuration options are detailed on the Postfix web site,
as well as in the 'html' directory under the main distribution
directory, but are not necessary to start Postfix.
Finally, before starting Postfix we must decide upon a delivery
mechanism. As I said, I chose the non-sticky, SGID approach. To
accomplish this, create a unique 'maildrop' group (definitely
NOT a shared GID with the Postfix account!). I have the following:
# grep maildrop /etc/group
maildrop:*:65498:
Once you've created the group, execute the following:
# mkdir /var/spool/postfix/maildrop
# chown postfix /var/spool/postfix/maildrop
# chgrp maildrop /var/spool/postfix/maildrop /usr/bin/postfix/bin/postdrop
# chmod 1730 /var/spool/postfix/maildrop
# chmod 2755 /usr/bin/postfix/bin/postdrop
# cd /etc/postfix
# cp postfix-script-SGID postfix-script
Once everything's setup and you're ready to stop the old SMTP process
(Postfix will need to bind to port 25), execute Postfix with the
'start' argument:
# /usr/bin/postfix/bin/postfix start
The typical 'sendmail -bd -qXXm' format will work as well. Be
sure to watch the syslog file for any complaints. When run for the
first time, Postfix will create quite a few subdirectories below the
Postfix spool directory.
When you make modifications to any Postfix configuration file,
issue the following:
# /usr/bin/postfix/bin/postfix reload
Summary
Postfix has been running for a couple weeks now without any signs of
problems. I'm currently testing it on a low-load, non-production
site (www.antisocial.net). I do plan to migrate it to more production
boxes soon, and would appreciate any comments from individuals in
the FreeBSD community relating to such an endeavor.
Newcomers to the Postfix project should take some time and peruse the
web site. There are
numerous configuration options, including security and anti-UCE tweaks,
discussed in detail on the Postfix Configuration pages. The FAQ, Overview
and Anatomy pages are also quite informative.
I firmly believe that those who take the time to master Postfix will
be rewarded by a system or systems with significantly higher trust...
- Mike
Return to Issue #3
|
