• BACK

    • POSTFIX Notes

    Chap 1

    Notes on chap 1 

    Internet email goes as far back as the early 1970s.
The Sendmail pkg released in the early 1980s, one of the most widely deployed SMTP servers, 
Plagued with numerous security issues, and difficulty to configure and maintain.

Postfix was designed to replace Sendmail, be more secure, easier to configure and administer.
Postfix supports Sendmail conventions like /etc/aliases and .forward files.

Internet email is built from several standards and protocols, there are many different pieces of software involved.

MUA - Mail User Agent 'email client' (mutt, Thunderbird, pine, outlook)
MTA - Mail Transfer Agent 	(Postfix, Sendmail)
MDA - Message Delivery Agent - (LDA) (Postfix, Dovecot)

When you tell your MUA to send a message, it simply hands off the message to a mail server running a Mail Transfer Agent (MTA).
MTAs determins if it should take the message or not, relay it, deliver it or pass the message off to another MTA.
If the MTA cannot deliver the message or pass it along, it bounces the message back to the original sender.
If the message is destined for a user on the system, the MTA passes it to a message delivery agent (MDA).

-The Postmaster - (An email administrator) postmaster alias at all domains required by RFC 2142
-Message Store "persistent message storage regardless of how or where it is kept."

With open internet email standards, most likely the software that handles SMTP will be a different package than the software that handles
POP/IMAP, and there are many different software choices for each aspect of your complete email system.

SMTP - Simple Mail Transport Protocol - (Internet standard communication protocol for email transmission. Mail servers and other message transfer agents use SMTP to send and receive email messages. MTA to MTA)
POP - Post Office Protocol - (Internet standard protocol used by email clients to retrieve email from a mail server/message store.)
IMAP - Internet Mail Application Protocol - (NEW Internet standard protocol used by email clients to retrieve email messages from a mail server/message store.)

NOTE: The MUA does not necessarily use the same system for POP/IMAP as it does for SMTP,
		which is why email clients have to be configured separately for POP/IMAP and SMTP.
		
SMTP is commonly used for email submission and for transmissions of email messages between MTAs.
When an MUA contacts an MTA to have a message delivered, it uses SMTP.
SMTP is also used when one MTA contacts another MTA to relay or deliver a message.
Originally, SMTP had no means to authenticate users, but extensions to the protocol provide the capability, if required.

POP/IMAP and mailbox access
When users want to retrieve their messages, they use their MUA to connect to a POP
or IMAP server to retrieve them. POP users generally take all their messages from the
server and manage their mail locally. IMAP provides features that make it easier to
manage mail on the server itself. (See Chapter 12 for more information on using
Postfix with POP and IMAP servers.) Many servers now offer both protocols, so I
will refer to them as POP/IMAP servers. POP and IMAP have nothing to do with
sending email. These protocols deal only with how users retrieve previously delivered
and stored messages.

NOTE: Not all users need POP/IMAP access to the message store. Users with shell access on a Unix machine, for example,
	might have their MUA configured to read their emailmessages directly from the mail file that resides on the same machine.

*** The Role of Postfix ***
-Postfix is an MTA and handles the delivery of messages between servers and locally
within a system. It does NOT handle any POP or IMAP communications.
For local delivery, the Postfix local delivery agent (LDA) can deposit messages directly to a message store or
handoff a message to a specialized mail delivery agent.


** Postfix is Modular **
Postfix takes a proactive and multilayered approach to security, any good security strategy includes multiple layers of protection.
The modular architecture of Postfix forms the basis for much of its security.
Postfix operates with the minimum privilege necessary to accomplish a particular task.
Postfix processes that are not needed on a system can be turned off, making it impossible to exploit them.
Postfix processes are insulated from each other and depend very little on any interprocess communication.

________________________________________________________________________________________________________________________________________
CHAPTER 2 - Prerequisites

Pseudo-account - is a normal Unix system account except that it does not permit logins, used for administrative functions or to run programs under specific user privileges.
Reject or Bounce - MTA determines that it will not accept the message, it rejects the message and sends an error report to the original sender.

A common source of confusion for email users is the fact that the To: address in email message headers 
has nothing to do with where a message is actually delivered, The 'envelope address' controls message delivery.

Email Message Format - 'RFC 822' 'RFC 2822'

EXAMPLE Email message delivery

$ telnet mail.example.com 25
Trying 10.232.45.151
Connected to mail.example.com.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix
HELO mail.oreilly.com
250 mail.oreilly.com
MAIL FROM:
250 Ok
RCPT TO:
250 Ok
DATA
354 End data with .
Date: Mon, 8 Apr 2003 15:38:21 -0500
From: Customer Service 
To: 
Reply-To: 
Message-ID: <01a4e2238200842@mail.oreilly.com>
Subject: Have you read RFC 2822?
This is the start of the body of the message. It could continue
for many lines, but it doesn't.
.
250 Ok: queued as 5FA26B3DFE
quit
221 Bye
Connection closed by foreign host.
________________________________________________________________________________________________________________________________________
CHAPTER 3: Postfix Architecture

** Postfix Components **
Postfix breaks down tasks into separate functions using individual daemons (programs) that each perform one specific task.
The master daemon is started first, and it invokes most other processes, as needed. (terminate ofter request or time period)

"main.cf" and "master.cf" (Postfix configuration files)

Postfix receives messages, queues them, and finally delivers them.

** Mail Delivery - Local Delivery **
Postfix uses 'address classes' when determining which destinations to accept for delivery and how the delivery takes place.
Main address classes
	-local
	-virtual alias
	-virtual mailbox
	-relay

Destination addresses that do not fall into one of these classes are delivered over the network by the SMTP client

-Local Delivery
	'mydestination' parameter = Domain names for local delivery
	The local delivery agent(MDA) handles mail for users with a shell account
	Messages sent to a user at any of the "mydestination" domains, the local delivery agent deposits the email message into the local message store.
	
-Virtual Alias Messages
	'virtual_alias_domains' parameter = Domain names for virtual aliasing
	Virtual alias addresses are all forwarded to other addresses.
	Every domain has its own set of users that don't have to be unique across domains.
	Users and their real addresses are listed in lookup tables specified in the 'virtual_alias_maps' parameter.
	Messages received for virtual alias addresses are resubmitted for delivery to the real address.
	
-Virtual Mailbox Messages
	'virtual_mailbox_domains' parameter = Domain names for virtual mailboxes
	The virtual delivery agent handles mail for virtual mailbox addresses.
	These mailboxes are not associated with particular shell accounts on the system.
	Every domain has its own set of users that don't have to be unique across domains.
	Users and their mailbox files are listed in lookup tables specified in the 'virtual_mailbox_maps' parameter.
	
-Relay Messages
	'relay_domains parameter' = Domain names for relay domains
	The smtp delivery agent handles mail for relay domains.
	Email addresses in relay domains are hosted on other systems, but Postfix accepts messages for the domains and relays them to the correct system.
	common when Postfix accepts mail over the Internet and passes it to systems on an internal network.

LMTP - Local Mail Transfer Protocol - protocol similar to SMTP, used for deliveries between mail systems on the same LAN
	For example, if a message has to be delivered to a different software package

-Pipe delivery
	The pipe daemon delivers messages to external commands.
	common use for the pipe daemon is to have email delivered to an external content filter or another communications medium

________________________________________________________________________________________________________________________________________
Chap 4 - General Configuration and Administration

By default, Postfix is configured as a traditional Unix mail server!! (all system accounts)

In most environments, Postfix works in conjunction with a variety of other software systems.
You should build each piece of your email system and test each one as a separate module before trying to integrate them all together.
As you add each module, test the system before moving on to the next piece.

/etc/postfix - Configuration files and lookup tables
/var/spool/postfix - Queue files
/usr/sbin - Postfix commands

installer created a 'postfix' user and 'postdrop' group.

'myhostname' REQUIRED to explicitly set the fully qualified hostname (INCLUDES hostname and the domain in which it resides)

"postconf" - command is a Postfix utility that provides an easy way to get a variety of information about your Postfix system.
EXAMPLE
	# postconf -e myhostname=mail.example.com
	
"newaliases" - command to rebuild the aliases file (a text file that must be mapped into an indexed, binary format.)

NOTE: Whenever you start or reload Postfix, CHECK YOUR LOGS to make sure that there are no reported errors.

** Configuration Files **
/etc/postfix
	-main.cf
	-master.cf
	
You MUST reload postfix after making changes to config files
	# postfix reload

master daemon - controls all other Postfix daemons, uses 'master.cf' file for its configuration, Each line has columns that specify how each program should run.

main.cf is the core of your Postfix configuration. Nearly all configuration changes occur in this file. (nearly 300 Postfix parameters.)
You CANNOT have a comment on the same line as a parameter. Comments start with the # character.
Multiple values - Many parameters can have more than one value. Multiple values can be separated by commas, spaces, tabs, or new lines.
Line continuation - A line that starts with whitespace is considered a continuation of the previous line.
EXAMPLE
mydestination = example.com
  oreilly.com
  ora.com
  postfix.org

Configuration variables - You can refer to the value of a defined parameter by putting a $ in front of the parameter name
EXAMPLE
mydomain = example.com
myorigin = $mydomain