Eperm operation does not allow chown example

Tachtler's DokuWiki

Postfix is ​​the most common alternative to the standard email program Sendmail in the Unix / Linux world. Postfix is ​​faster, easy to configure and a more secure MTA (Mail Transfer Agent).

Please note - For the successful operation of your own MailExchangers - You should own an email server fixed IP address be !!!

installation

Every serious Linux distribution should come with a pre-configured Postfix package. That is why an installation under CentOS is a matter of the package manager.

From here, rights are required to execute the following commands. To become please enter the following command:

$ su - Password:

postfix.i386

In order to avoid possible problems, the current MTA - Sendmail should be stopped with the following command:

# service sendmail stop Shutting down sm-client: [OK] Shutting down sendmail: [OK]

To start the still The following command can be used to prevent current MTA Sendmail permanently, even after a system start. Here the MTA - Sendmail is made from the start scripts of the individual Runlevel of the operating system:

# chkconfig sendmail off

An installation should always be carried out using the following command:

# yum postfix install

After the installation, the following command can be used to check what is included in the package:

# rpm -qil postfix | more Name: postfix Relocations: (not relocatable) Version: 2.3.3 Vendor: CentOS Release: 2.1.el5_2 Build Date: Thu 14 Aug 2008 11:06:38 PM CEST Install Date: Mon 24 Nov 2008 12:52:19 PM CET Build Host: builder16.centos.org Group: System Environment / Daemons Source RPM: postfix-2.3.3-2.1.el5_2.src.rpm Size: 8332580 License: IBM Public License Signature: DSA / SHA1, Fri 15 Aug 2008 12 : 59: 49 PM CEST, Key ID a8a447dce8562897 URL: http://www.postfix.org Summary: Postfix Mail Transport Agent Description: Postfix is ​​a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), TLS / etc / pam.d / smtp.postfix / etc / postfix / etc / postfix / LICENSE / etc / postfix / TLS_LICENSE / etc / postfix / access /etc/postfix/bounce.cf.default / etc / postfix / canonical / etc / postfix / generic / etc / postfix / header_checks /etc/postfix/main.cf /etc/postfix/main.cf.default / etc / postfi x / makedefs.out /etc/postfix/master.cf / etc / postfix / post-install / etc / postfix / postfix-files / etc / postfix / postfix-script / etc / postfix / relocated / etc / postfix / transport / etc / postfix / virtual /etc/rc.d/init.d/postfix /usr/bin/mailq.postfix /usr/bin/newaliases.postfix /usr/bin/rmail.postfix / usr / lib / sasl / smtpd. conf /usr/lib/sasl2/smtpd.conf /usr/lib/sendmail.postfix / usr / libexec / postfix / usr / libexec / postfix / anvil / usr / libexec / postfix / bounce / usr / libexec / postfix / cleanup / usr / libexec / postfix / discard / usr / libexec / postfix / error / usr / libexec / postfix / flush / usr / libexec / postfix / lmtp / usr / libexec / postfix / local / usr / libexec / postfix / master / usr / libexec / postfix / nqmgr / usr / libexec / postfix / oqmgr / usr / libexec / postfix / pickup / usr / libexec / postfix / pipe / usr / libexec / postfix / proxymap / usr / libexec / postfix / qmgr / usr / libexec / postfix / qmqpd / usr / libexec / postfix / scache / usr / libexec / postfix / showq / usr / libexec / postfix / smtp / usr / libexec / postfix / smtpd / usr / libexec / postfix / spawn / usr / libexec / postfix / tlsmgr / usr / libexec / po stfix / trivial-rewrite / usr / libexec / postfix / verify / usr / libexec / postfix / virtual / usr / sbin / postalias / usr / sbin / postcat / usr / sbin / postconf / usr / sbin / postdrop / usr / sbin / postfix / usr / sbin / postkick / usr / sbin / postlock / usr / sbin / postlog / usr / sbin / postmap / usr / sbin / postqueue / usr / sbin / postsuper / usr / sbin / qshape / usr / sbin / sendmail. postfix / usr / sbin / smtp-sink / usr / sbin / smtp-source /usr/share/doc/postfix-2.3.3 /usr/share/doc/postfix-2.3.3/README-Postfix-SASL-RedHat. txt /usr/share/doc/postfix-2.3.3/README_FILES /usr/share/doc/postfix-2.3.3/README_FILES/AAAREADME /usr/share/doc/postfix-2.3.3/README_FILES/ADDRESS_CLASS_README / usr / share / doc / postfix-2.3.3 / README_FILES / ADDRESS_REWRITING_README /usr/share/doc/postfix-2.3.3/README_FILES/ADDRESS_VERIFICATION_README /usr/share/doc/postfix-2.3.3/README_FILES / share /CATME / share doc / postfix-2.3.3 / README_FILES / BASIC_CONFIGURATION_README /usr/share/doc/postfix-2.3.3/README_FILES/BUILTIN_FILTER_README /usr/share/doc/postfix-2.3.3/README_FILES/CDB_READ ME /usr/share/doc/postfix-2.3.3/README_FILES/CONNECTION_CACHE_README /usr/share/doc/postfix-2.3.3/README_FILES/CONTENT_INSPECTION_README /usr/share/doc/postfix-2.3.3/README_ABASE / usr / share / doc / postfix-2.3.3 / README_FILES / DB_README /usr/share/doc/postfix-2.3.3/README_FILES/DEBUG_README /usr/share/doc/postfix-2.3.3/README_FILES/DSN_README / usr / share / doc / postfix-2.3.3 / README_FILES / ETRN_README /usr/share/doc/postfix-2.3.3/README_FILES/FILTER_README /usr/share/doc/postfix-2.3.3/README_FILES/INSTALL / usr / share / doc / postfix-2.3.3 / README_FILES / IPV6_README /usr/share/doc/postfix-2.3.3/README_FILES/LDAP_README /usr/share/doc/postfix-2.3.3/README_FILES/LINUX_README / usr / share / doc / postfix-2.3.3 / README_FILES / LMTP_README /usr/share/doc/postfix-2.3.3/README_FILES/LOCAL_RECIPIENT_README /usr/share/doc/postfix-2.3.3/README_FILES/MAILDROP_README / usr / share / doc / postfix- 2.3.3 / README_FILES / MILTER_README /usr/share/doc/postfix-2.3.3/README_FILES/MYSQL_README /usr/share/doc/postfix-2.3.3/READM E_FILES / NFS_README /usr/share/doc/postfix-2.3.3/README_FILES/OVERVIEW /usr/share/doc/postfix-2.3.3/README_FILES/PACKAGE_README /usr/share/doc/postfix-2.3.3/README_FILES/ PCRE_README /usr/share/doc/postfix-2.3.3/README_FILES/PGSQL_README /usr/share/doc/postfix-2.3.3/README_FILES/QMQP_README /usr/share/doc/postfix-2.3.3/README_FILES/QSHAPME / usr / share / doc / postfix-2.3.3 / README_FILES / RELEASE_NOTES /usr/share/doc/postfix-2.3.3/README_FILES/RESTRICTION_CLASS_README /usr/share/doc/postfix-2.3.3/README_FILES/SASL_README / usr / share / doc / postfix-2.3.3 / README_FILES / SCHEDULER_README /usr/share/doc/postfix-2.3.3/README_FILES/SMTPD_ACCESS_README /usr/share/doc/postfix-2.3.3/README_FILES/SMTPD_POLICY_README / share / doc / postfix-2.3.3 / README_FILES / SMTPD_PROXY_README /usr/share/doc/postfix-2.3.3/README_FILES/STANDARD_CONFIGURATION_README /usr/share/doc/postfix-2.3.3/README_FILES / usr / share / usr / tLS_README postfix-2.3.3 / README_FILES / TUNING_README /usr/share/doc/postfix-2.3.3/README_FILES/ULTRIX_REA DME /usr/share/doc/postfix-2.3.3/README_FILES/UUCP_README /usr/share/doc/postfix-2.3.3/README_FILES/VERP_README /usr/share/doc/postfix-2.3.3/README_FILES/VIRTUAL_README / usr / share / doc / postfix-2.3.3 / README_FILES / XCLIENT_README /usr/share/doc/postfix-2.3.3/README_FILES/XFORWARD_README /usr/share/man/man1/mailq.postfix.1.gz / usr / share / man / man1 / newaliases.postfix.1.gz /usr/share/man/man1/postalias.1.gz /usr/share/man/man1/postcat.1.gz / usr / share / man / man1 / postconf.1.gz /usr/share/man/man1/postdrop.1.gz /usr/share/man/man1/postfix.1.gz /usr/share/man/man1/postkick.1.gz / usr / share / man / man1 / postlock.1.gz /usr/share/man/man1/postlog.1.gz /usr/share/man/man1/postmap.1.gz / usr / share / man / man1 / postqueue. 1.gz /usr/share/man/man1/postsuper.1.gz /usr/share/man/man1/qshape.1.gz /usr/share/man/man1/sendmail.postfix.1.gz / usr / share / man / man1 / smtp-sink.1.gz /usr/share/man/man1/smtp-source.1.gz /usr/share/man/man5/access.5.gz / usr / share / man / man5 / aliases.postfix.5.gz /usr/share/man/man5/body_checks.5.gz / usr /share/man/man5/bounce.5.gz /usr/share/man/man5/canonical.5.gz /usr/share/man/man5/cidr_table.5.gz / usr / share / man / man5 / generic .5.gz /usr/share/man/man5/header_checks.5.gz /usr/share/man/man5/ldap_table.5.gz /usr/share/man/man5/master.5.gz / usr / share /man/man5/mysql_table.5.gz /usr/share/man/man5/nisplus_table.5.gz /usr/share/man/man5/pcre_table.5.gz /usr/share/man/man5/pgsql_table.5 .gz /usr/share/man/man5/postconf.5.gz /usr/share/man/man5/regexp_table.5.gz /usr/share/man/man5/relocated.5.gz / usr / share / man /man5/tcp_table.5.gz /usr/share/man/man5/transport.5.gz /usr/share/man/man5/virtual.5.gz /usr/share/man/man8/anvil.8.gz /usr/share/man/man8/bounce.8.gz /usr/share/man/man8/cleanup.8.gz /usr/share/man/man8/defer.8.gz / usr / share / man / man8 /discard.8.gz /usr/share/man/man8/error.8.gz /usr/share/man/man8/flush.8.gz /usr/share/man/man8/lmtp.8.gz / usr /share/man/man8/local.8.gz /usr/share/man/man8/master.8.gz /usr/share/man/man8/oqmgr.8.gz / usr / share / man / man8 / pickup .8.gz / usr / share / man / man8 / pipe .8.gz /usr/share/man/man8/proxymap.8.gz /usr/share/man/man8/qmgr.8.gz /usr/share/man/man8/qmqpd.8.gz / usr / share /man/man8/scache.8.gz /usr/share/man/man8/showq.8.gz /usr/share/man/man8/smtp.8.gz /usr/share/man/man8/smtpd.8 .gz /usr/share/man/man8/spawn.8.gz /usr/share/man/man8/tlsmgr.8.gz /usr/share/man/man8/trace.8.gz / usr / share / man /man8/trivial-rewrite.8.gz /usr/share/man/man8/verify.8.gz /usr/share/man/man8/virtual.8.gz / var / spool / postfix / var / spool / postfix / active / var / spool / postfix / bounce / var / spool / postfix / corrupt / var / spool / postfix / defer / var / spool / postfix / deferred / var / spool / postfix / flush / var / spool / postfix / hold / var / spool / postfix / incoming / var / spool / postfix / maildrop / var / spool / postfix / pid / var / spool / postfix / private / var / spool / postfix / public / var / spool / postfix / saved / var / spool / postfix / trace

The following user has also been created, which can be checked with the following command:

# cat / etc / passwd | grep post postfix: x: 89: 89 :: / var / spool / postfix: / sbin / nologin

The following groups have also been created, which can be checked with the following command:

# cat / etc / group | grep post mail: x: 12: mail, postfix postdrop: x: 90: postfix: x: 89:

To start the new The following command can be used to permanently implement MTA - Postfix even after a system (re) start. Here the MTA - Postfix becomes the start scripts of the individual Runlevel of the operating system added:

# chkconfig postfix on

A check whether only the postfix is ​​left in the individual Runlevel of the operating system is started with a (re) start of the system and the sendmail is no longer, can be queried with the following commands:

# chkconfig --list | grep sendmail sendmail 0: off 1: off 2: off 3: off 4: off 5: off 6: off

and

# chkconfig --list | grep postfix postfix 0: off 1: off 2: on 3: on 4: on 5: on 6: off

system-switch-mail.noarch and system-switch-mail-gnome.noarch

In order to realize a comfortable change between the MTA's - Sendmail and Postfix, the following RPM should be installed under CentOS:

  • - The Mail Transport Agent Switcher.
  • - A GUI interface for Mail Transport Agent Switcher.

The installation can be carried out with the following command:

# yum install system-switch-mail system-switch-mail-gnome

After a successful installation, the graphical user interface of the tool can be called up with the following command:

# system-switch-mail

Here you can then easily Postfix and then click the [OK] button with the left mouse button. The result of this action should then end with the following display:

The tool enables Postfix to be used as if a Sendmail was still installed!

The tool also starts the Postfix immediately!

Configuration: System

Since Postfix is ​​not completely alone in the respective system, it also has dependencies on other components such as

  • - BIND - DNS server

configurations of these components are also required.

DNS server

If a separate DNS server is operated in the network, regardless of whether it is private or public, this must also provide a correct answer to the question about the MailExchanger (email exchanger).

The basics and details of the configuration of a DNS server such as BIND cannot be discussed here for reasons of complexity. But the necessary configurations, which require a basic or somewhat more advanced knowledge of DNS, are briefly presented here.

The correct answer to the question about the MailExchanger, the MX record of the DNS server should look something like this and can be queried with the following command:

# dig tachtler.net MX; << >> DiG 9.3.4-P1 << >> tachtler.net MX ;; global options: printcmd ;; Got answer: ;; - >> HEADER << - opcode: QUERY, status: NOERROR, id: 38333 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; QUESTION SECTION:; tachtler.net. IN MX ;; ANSWER SECTION: tachtler.net. 86400 IN MX 10 mx1.tachtler.net. ;; AUTHORITY SECTION: tachtler.net. 86400 IN NS ns.tachtler.net. ;; ADDITIONAL SECTION: mx1.tachtler.net. 86400 IN A 88.217.171.167 ns.tachtler.net. 86400 IN A 192.168.0.1 ;; Query time: 5 msec ;; SERVER: 192.168.0.1 # 53 (192.168.0.1) ;; WHEN: Tue Nov 25 23:09:25 2008 ;; MSG SIZE rcvd: 99

In the previous example, a local replies to the outside world on the Internet Not Talking DNS server responsible only for the local network.

On the question of the so determined MailExchangers - Here you can also ask directly with the following command:

dig mx1.tachtler.net; << >> DiG 9.3.4-P1 << >> mx1.tachtler.net ;; global options: printcmd ;; Got answer: ;; - >> HEADER << - opcode: QUERY, status: NOERROR, id: 5096 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION:; mx1.tachtler.net. IN A ;; ANSWER SECTION: mx1.tachtler.net. 86400 IN A 88.217.171.167 ;; AUTHORITY SECTION: tachtler.net. 86400 IN NS ns.tachtler.net. ;; ADDITIONAL SECTION: ns.tachtler.net. 86400 IN A 192.168.0.1 ;; Query time: 5 msec ;; SERVER: 192.168.0.1 # 53 (192.168.0.1) ;; WHEN: Tue Nov 25 23:13:52 2008 ;; MSG SIZE rcvd: 83

IMPORTANT - Here it becomes clear that also a local, outwardly into the Internet Not speaking DNS server responsible only for the local network, one fixed IP address when asked about the MailExchanger should give!

As important as that Forward DNS resolution is the Reverse DNS resolution, even for a local, outwardly into the Internet Not speaking DNS server responsible only for the local network.

The answer to one Reverse DNS request about the fixed IP address - it should then read as follows and can be queried with the following command:

# dig -x 88.217.171.167; << >> DiG 9.3.4-P1 << >> -x 88.217.171.167 ;; global options: printcmd ;; Got answer: ;; - >> HEADER << - opcode: QUERY, status: NOERROR, id: 21078 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION:; 167.171.217.88.in-addr.arpa. IN PTR ;; ANSWER SECTION: 167.171.217.88.in-addr.arpa. 86400 IN PTR mx1.tachtler.net. ;; AUTHORITY SECTION: 167.171.217.88.in-addr.arpa. 86400 IN NS ns.tachtler.net. ;; ADDITIONAL SECTION: ns.tachtler.net. 86400 IN A 192.168.0.1 ;; Query time: 5 msec ;; SERVER: 192.168.0.1 # 53 (192.168.0.1) ;; WHEN: Tue Nov 25 23:20:35 2008 ;; MSG SIZE rcvd: 108

Here too, replies the local, outwardly on the Internet Not Talking DNS server responsible only for the local network.

IMPORTANT - What shouldn't happen under any circumstances is the following answer on a Reverse DNS request - here the IP address, which can be carried out again with the following command:

# dig -x 88.217.171.167; << >> DiG 9.3.4-P1 << >> -x 88.217.171.167 ;; global options: printcmd ;; Got answer: ;; - >> HEADER << - opcode: QUERY, status: NOERROR, id: 21078 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION:; 167.171.217.88.in-addr.arpa. IN PTR ;; ANSWER SECTION: 167.171.217.88.in-addr.arpa. 86400 IN PTR host-88-217-171-167.customer.m-online.net. ;; AUTHORITY SECTION: 167.171.217.88.in-addr.arpa. 86400 IN NS ns.tachtler.net. ;; ADDITIONAL SECTION: ns.tachtler.net. 86400 IN A 192.168.0.1 ;; Query time: 5 msec ;; SERVER: 192.168.0.1 # 53 (192.168.0.1) ;; WHEN: Tue Nov 25 23:20:35 2008 ;; MSG SIZE rcvd: 108

IMPORTANT - With an answer to that Reverse DNS request as shown above, different MailExchanger which a so-called Greylisting operate - see here greylisting e-mail traffic with the MailExchanger reject, because on the question of one Reverse DNS request instead of

the answer:

is returned!

It is therefore also necessary to have the Reverse DNS resolution so to change, or at Host master Modify that here is the expected answer

is also given!

Here is an example of that Reverse DNS request at an ISP, which can be carried out with the following command. (The knowledge of an IP of a DNS server of the ISP is required here !!!):

# dig @ 212.18.0.5 -x 88.217.171.167; << >> DiG 9.3.4-P1 << >> @ 212.18.0.5 -x 88.217.171.167; (1 server found) ;; global options: printcmd ;; Got answer: ;; - >> HEADER << - opcode: QUERY, status: NOERROR, id: 33348 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5 ;; QUESTION SECTION:; 167.171.217.88.in-addr.arpa. IN PTR ;; ANSWER SECTION: 167.171.217.88.in-addr.arpa. 2015 IN PTR mx1.tachtler.net. ;; AUTHORITY SECTION: 171.217.88.in-addr.arpa. 54721 IN NS ns1.m-online.net. 171.217.88.in-addr.arpa. 54721 IN NS ns3.m-online.net. 171.217.88.in-addr.arpa. 54721 IN NS ns4.m-online.net. 171.217.88.in-addr.arpa. 54721 IN NS ns2.m-online.net. ;; ADDITIONAL SECTION: ns4.m-online.net. 82683 IN A 212.114.171.64 ns2.m-online.net. 73879 IN A 212.18.3.8 ns1.m-online.net. 73775 IN A 212.18.0.8 ns1.m-online.net. 73334 IN AAAA 2001: a60: 0: 11 :: 53 ns3.m-online.net. 79062 IN A 217.160.128.148 ;; Query time: 29 msec ;; SERVER: 212.18.0.5 # 53 (212.18.0.5) ;; WHEN: Tue Nov 25 23:37:43 2008 ;; MSG SIZE rcvd: 264

Forward DNS resolution

Now back to the question of how a local has to go out into the Internet Not Speaking DNS server that is only responsible for the local network can be configured so that it is directed to the Forward DNS request gives the correct answer.

In the Zones- File for the - here domain, the entry must look like this (relevant excerpt from the zone file):

$ TTL 86400 @ IN SOA ns.tachtler.net. root.nss.tachtler.net. (2008112501; serial 3H; refresh 15M; retry 1W; expiry 1D); minimum IN NS ns.tachtler.net. IN MX 10 mx1.tachtler.net. mx1.tachtler.net. IN A 88.217.171.167 ...

Reverse DNS resolution

The question of how must a local, outwardly into the Internet Not Speaking DNS server that is only responsible for the local network can be configured so that it is directed to the Reverse DNS request gives the correct answer can be answered as follows.

It will be a Zones-File is required, which is only available on its own fixed IP address is matched the filename got to can be chosen as follows:

The content of this Zones- The file should then look like this (complete zone file):

$ TTL 86400 @ IN SOA ns.tachtler.net. root.nss.tachtler.net. (2008112501; serial 3H; refresh 15M; retry 1W; expiry 1D); minimum IN NS ns.tachtler.net. IN PTR mx1.tachtler.net.

Since here is an additional ZonesFile for the Reverse DNS resolution has been created, this must also be entered in the. An entry got to then look like this (relevant excerpt from the zone file):

... zone "tachtler.net" IN {type master; file "tachtler.net"; }; zone "0.168.192.in-addr.arpa" IN {type master; file "0.168.192.in-addr.arpa"; }; zone "167.171.217.88.in-addr.arpa" IN {type master; file "167.171.217.88.in-addr.arpa"; }; ...

IMPORTANT - This also applies if with Views is being worked!

What about creating nine Zones- Files tend to be overlooked, especially when an existing zone file is copied, this is the correct setting File rights. This can be done with the following commands:

# chown root.named 167.171.217.88.in-addr.arpa

and

# chmod 640 167.171.217.88.in-addr.arpa

and should then deliver the following result if the following command is entered:

# ll / var / named / total 12 -rw-r ----- 1 root named 615 Nov 25 22:44 0.168.192.in-addr.arpa -rw-r ----- 1 root named 237 Nov 25 22:44 167.171.217.88.in-addr.arpa -rw-r ----- 1 root named 679 Nov 25 22:44 tachtler.net

Finally there is one more restart - It is necessary to restart the DNS server with the following command, which should generate the following output in the log file:

# service named restart

Output in the log file:

Nov 25 22:45:05 nss named [3044]: shutting down: flushing changes Nov 25 22:45:05 nss named [3044]: stopping command channel on 127.0.0.1 # 953 Nov 25 22:45:05 nss named [ 3044]: no longer listening on 127.0.0.1 # 53 Nov 25 22:45:05 nss named [3044]: no longer listening on 192.168.0.1 # 53 Nov 25 22:45:05 nss named [3044]: exiting Nov 25 22:45:07 nss named [1205]: starting BIND 9.3.4-P1 -u named -4 -t / var / named / chroot Nov 25 22:45:07 nss named [1205]: found 1 CPU, using 1 worker thread Nov 25 22:45:07 nss named [1205]: loading configuration from '/etc/named.conf' Nov 25 22:45:07 nss named [1205]: no IPv6 interfaces found Nov 25 22:45:07 nss named [1205]: listening on IPv4 interface lo, 127.0.0.1 # 53 Nov 25 22:45:07 nss named [1205]: listening on IPv4 interface eth1, 192.168.0.1 # 53 Nov 25 22:45:07 nss named [1205]: command channel listening on 127.0.0.1 # 953 Nov 25 22:45:07 nss named [1205]: zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42 Nov 25 22:45:07 nss named [1205]: zone 0.0.127.in-addr.arp a / IN / localhost_resolver: loaded serial 1997022700 Nov 25 22:45:07 nss named [1205]: zone 0.168.192.in-addr.arpa/IN/localhost_resolver: loaded serial 2008112501 Nov 25 22:45:07 nss named [ 1205]: zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42 Nov 25 22:45:07 nss named [1205]: zone 167.171.217.88.in-addr.arpa/IN/localhost_resolver: loaded serial 2008112501 Nov 25 22:45:07 nss named [1205]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/ IN / localhost_resolver: loaded serial 1997022700 Nov 25 22:45:07 nss named [1205]: zone localdomain / IN / localhost_resolver: loaded serial 42 Nov 25 22:45:07 nss named [1205]: zone localhost / IN / localhost_resolver: loaded serial 42 Nov 25 22:45:07 nss named [1205]: zone tachtler.net/IN/localhost_resolver: loaded serial 2008112501 Nov 25 22:45:07 nss named [1205]: zone 0.168.192.in-addr. arpa / IN / tachtler.net: loaded serial 2008112501 Nov 25 22:45:07 nss named [1205]: zone 167.171.217.88.in-addr.arpa/IN/tachtler.net: loaded seria l 2008112501 Nov 25 22:45:07 nss named [1205]: zone tachtler.net/IN/tachtler.net: loaded serial 2008112501 Nov 25 22:45:07 nss named [1205]: running

This should complete the configuration of the DNS server.

Packet filter

In order to be able to receive and send e-mails from outside and outside, corresponding activation in the package filter is necessary here. Incoming e-mails and outgoing e-mails must be able to be received and delivered in the usual way. The following configurations are minimal, necessary for the server on which Postfix is ​​running (iptables version 1.3.5):

For incoming email

iptables -A INPUT -i eth0 -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT

For outgoing email

iptables -A OUTPUT -o eth0 -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT

Configuration: Postfix

The actual configuration of Postfix takes place in different files. The following files are affected in this exemplary Postfix configuration and are either changed or newly created:

/etc/postfix/main.cf

The main Postfix configuration file.

These are the parameters that have already been changed by the Linux distribution CentOS, which can be listed with the following command:

# postconf -n alias_database = hash: / etc / aliases alias_maps = hash: / etc / aliases command_directory = / usr / sbin config_directory = / etc / postfix daemon_directory = / usr / libexec / postfix debug_peer_level = 2 html_peer_interfaces = no all_directory = = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = / usr / share / man newaliases_path = /usr/bin/newaliases.postfix queue_directory = / var / spool / postfix readme_directory = /usr/share/doc/postfix-2.3 .3 / README_FILES sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop unknown_local_recipient_reject_code = 550

* lists the settings in the which do not correspond to the standard.

These are the parameters that should be changed in addition to the parameters that have already been changed by the Linux distribution CentOS in order to operate a postfix that corresponds to your own wishes, in this case mine:

parameter value Explanation
myhostname mx1.tachtler.net external host name of the e-mail server
myorigin nss.tachtler.net internal host name of the e-mail server
inet_interfaces Alles Interfaces that are used for e-mail traffic
mydestination $ myhostname, localhost. $ mydomain, localhost, $ mydomain, $ myorigin List of domains approved for e-mail acceptance
mynetworks 127.0.0.1/8, 192.168.0.0/24 Trusted networks (with special rights)
relay_domains <leer> Backward compatibility, error
masquerade_domains tachtler.net Domain, rewrite of outgoing emails
disable_vrfy_command yes Prohibit SMTP VRFY command
virtual_alias_domains btree: / etc / postfix / virtual_alias_domains Virtual Domain Definitions - Redirects
virtual_alias_maps btree: / etc / postfix / virtual_alias_maps Virtual email addresses - redirects
sender_canonical_maps btree: / etc / postfix / sender_canonical_maps Description (SMTP envelope, header) sender
recipient_canonical_maps btree: / etc / postfix / recipient_canonical_maps Description (SMTP envelope, header) recipient
smtp_generic_maps btree: / etc / postfix / smtp_generic_maps Description (SMTP-Envelop. Header) excl. smtp
lmtp_generic_maps btree: / etc / postfix / lmtp_generic_maps Description (SMTP-Envelop. Header) excl. lmtp
header_checks pcre: / etc / postfix / header_checks Checks email headers (header information)
body_checks pcre: / etc / postfix / body_checks Email body reviews (content information)
bounce_template_file /etc/postfix/bounce.de-DE.cf Template Bounce-Messages in German / English
smtpd_helo_required yes The Clientgot to send a
* smtpd_discard_ehlo_keywords pipelining Not offered functions
smtpd_discard_ehlo_keyword_address_maps cidr: / etc / postfix / esmtp_access Not offered functions (map)
smtpd_client_connection_count_limit 10 Number of connections per Client - limit
smtpd_client_recipient_rate_limit 10 Number of recipients per Client - limit
maximal_queue_lifetime 1d Waiting time period of attempted delivery of an e-mail
bounce_queue_lifetime 1d Waiting time Undeliverable message to sender
unknown_address_reject_code 550 Reject code unknown email address
unknown_client_reject_code 550 Reject code for client in an access table
unknown_hostname_reject_code 550 Reject code unknown / unresolvable host names
unknown_local_recipient_reject_code 550 Reject code unexis. Recommended mydestination
unknown_relay_recipient_reject_code 550 Reject code unexis. Receive relay_domains
unknown_virtual_alias_reject_code 550 Reject code unexis. Rec. Virtual_alias_domains
unknown_virtual_mailbox_reject_code 550 Reject code unexis. Receive virtual_mailbox domains
unverified_recipient_reject_code 577 Reject code not yet verified recipients
unverified_sender_reject_code 577 Reject code not yet verified senders
parent_domain_matches_subdomains debug_peer_list, fast_flush_domains, mynetworks ... SubDomain restrictions
smtpd_recipient_restrictions check_recipient_access = btree: / etc / postfix / check_recipient_access ... Recipient restrictions

* Not in use when deployed!

These are the parameters that are saved as EXAMPLE can serve and can be listed with the following command:

# postconf -n address_verify_map = btree: / var / spool / postfix / data / verify alias_database = hash: / etc / aliases alias_maps = hash: / etc / aliases body_checks = pcre: / etc / postfix / body_checks bounce_queue_lifetime = 1d bounce_file_template = / etc / postfix / bounce.de-DE.cf command_directory = / usr / sbin config_directory = / etc / postfix daemon_directory = / usr / libexec / postfix debug_peer_level = 2 header_checks = pcre: / etc / postfix / header_checks home_mailbox = Maildirory / html_directory = no inet_interfaces = all lmtp_generic_maps = btree: / etc / postfix / lmtp_generic_maps mail_owner = postfix mailbox_transport = cyrus mailq_path = /usr/bin/mailq.postfix manpage_directory = / usr / share / manque_querade_domains = 00ditydestination = 1 / share / manque_querade_domains = tachtler.net max = $ myhostname, localhost. $ mydomain, localhost, $ mydomain, $ myorigin myhostname = mx1.tachtler.net mynetworks = 127.0.0.0/8, 192.168.0.0/28, 88.217.171.167/32 myorigin = nss.tachtler.net newaliases_path = / usr / bin / newalias es.postfix parent_domain_matches_subdomains = debug_peer_list, fast_flush_domains, mynetworks, permit_mx_backup_networks, qmqpd_authorized_clients, relay_domains permit_mx_backup_networks = 88.217.187.21/32 queue_directical_directory = 88.217.187.21/32 queue_directical = / recipient_directical = = 88.217.187.21 / postfix / recipient_directory = = / recipient_directical = / postfix / 3 postfix / postfix / postfix_directory = = 88.217.187.21/32 queue_directical = / postfix / postfix / postfix / postfix = / postfix / postfix / postfix / postfix / postfix = / : / etc / postfix / recipient_canonical_maps relay_domains = sample_directory = /usr/share/doc/postfix-2.3.3/samples sender_canonical_maps = btree: / etc / postfix / sender_canonical_maps sendmail_path = /usr/sbin/sendmail.xspamhaus.org, reject_r .dnsbl.manitu.net, reject_rbl_client bl.spamcop.net, reject_rhsbl_client multi.uribl.com, check_client_access btree: / etc / postfix / check_client_access_policyd_weight, check_policy_service inet: 127.0.0.1: 12525, check_policy_service unix: postgrey / socket, reject_unverified_recipient, permit_mx_backup, reject_unauth_destination = reject_certpc_ls / smt_destination = / permitetcert-fix / smtfix / smt-fix = / smtcert-fix / smtfix / smtfix / smt-fix / smt-fix / smt-fix / smt-fix = / etc / pki / postfix / certs / cert.pem smtpd_tls_key_file = /etc/pki/postfix/private/key.pem smtpd_tls_received_header = yes smtpd_use_tls = yes transport_maps = btree: / etc / postfix = unknown_code: / etc / postfix = 550_maps_ientcodereject = 550_ unknown_code: / etc / postfix unknown_local_recipient_reject_code = 550 unknown_relay_recipient_reject_code = 550 unknown_virtual_alias_reject_code = 550 unknown_virtual_mailbox_r eject_code = 550 unverified_recipient_reject_code = 577 unverified_sender_reject_code = 577 virtual_alias_domains = btree: / etc / postfix / virtual_alias_domains virtual_alias_maps = btree: / etc / postfix / virtual_alias_maps

/etc/postfix/master.cf

The following changes compared to the standard configuration file have been made:

  • # Tachtler # AMaViS - Incoming and forward to AMaViS listen on Port 10024 smtp inet n - n - - smtpd -o smtpd_proxy_filter = 127.0.0.1: 10024 -o content_filter =

This change causes Postfix all incoming emails to AMaViS for further information exam, still within the SMTP envelope-Dialog passes.

Please note that AMaViS is listening on, port!

  • # Tachtler # AMaViS - Outgoing from AMaViS, BACK to Postfix 127.0.0.1:10025 inet n - n - - smtpd -o content_filter = -o smtpd_proxy_filter = -o smtpd_authorized_xforward_hosts = 127.0.0.0 / 8 -o smtpd_d_client_restrictions = = 127.0.0.0 / 8 -o smtpd_client_restrictionsd_client_restrictions o smtpd_sender_restrictions = -o smtpd_recipient_restrictions = permit_mynetworks, reject -o smtpd_data_restrictions = -o mynetworks = 0.0.0.0 / 32,127.0.0.0 / 8,192.168.0.0 / 24 -o recesive_override_options = no_unknown_

This change causes everyone checked emails from AMaViS to Delivery / rejection to Postfixreturned become.

It should be noted that around a loop to prevent here on a different port than the standard e-mail port from Postfix - namely port - but on port the checked emails back to Postfixreturned become. This also happens all over

  • # Tachtler # AMaViS - Incoming and forward to AMaViS listen on port 10024 pickup fifo n - n 60 1 pickup -o content_filter = smtp: [127.0.0.1]: 10024

This change causes Postfix all incoming emails to AMaViS for further information exam, still within the SMTP envelope- Passes on dialogs - even if these are delivered locally via!

The relevant changes compared to the standard configuration are indicated with the following comment

# Tachtler

Mistake.

Here is the complete configuration file, which can be found under and has the name:

# # Postfix master process configuration file. For details on the format # of the file, see the master (5) manual page (command: "man 5 master"). # # ========================================================================== ========================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ======================================================================== ============================ # Tachtler # AMaViS - Incoming and forward to AMaViS listen on Port 10024 smtp inet n - n - - smtpd -o smtpd_proxy_filter = 127.0.0.1: 10024 -o content_filter = # Tachtler # AMaViS - Outgoing from AMaViS, BACK to Postfix 127.0.0.1:10025 inet n - n - - smtpd -o content_filter = -o smtpd_proxy_filter = -o smtpd_for_authorized_xward.0 .0.0 / 8 -o smtpd_client_restrictions = -o smtpd_helo_restrictions = -o smtpd_sender_restrictions = -o smtpd_recipient_restrictions = permit_mynetworks, reject -o smtpd_data_restrictions = -o mynetworks = 0.0.192.0.0 / 32.127.0.0 / 32. 0/24 -o recesive_override_options = no_unknown_recipient_checks #submission inet n - n - - smtpd # -o smtpd_enforce_tls = yes # -o smtpd_sasl_auth_enable = yes # -o smtpd_recipient_checks #submission inet n - n - - smtpd # -o smtpd_enforce_tls = yes # -o smtpd_sasl_auth_enable = yes # -o smtpd_recipient_checks #submission inet n #dicated_restrictions = permit_pset_sasl - = yes # -o smtpd_sasl_auth_enable = yes # -o smtpd_client_restrictions = permit_sasl_authenticated, reject # 628 inet n - n - - qmqpd # Tachtler # AMaViS - Incoming and forward to AMaViS listen on port 10024 pickup fifo n -n 60 1 = smtp: [127.0.0.1]: 10024 cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000 ? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - n - - smtp -o fallback_relay = # -o smtp_helo_timeout = 5 -o smtp_connect_timeout = 5 showq unix n - n - - showq error unix - - n - - error discard unix - - n - - discard local unix - nn - - local virtual unix - nn - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache # # ================================ ====================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe (8) delivery # agent. See the pipe (8) man page for information about $ {recipient} # and other message envelope options. # ============================================================================ ==================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit = 1 # maildrop unix - nn - - pipe flags = DRhu user = vmail argv = / usr / local / bin / maildrop -d $ {recipient} # # The Cyrus deliver program has changed incompatibly , multiple times. # old-cyrus unix - nn - - pipe flags = R user = cyrus argv = / usr / lib / cyrus-imapd / deliver -e -m $ {extension} $ {user} # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit = 1 cyrus unix - nn - - pipe user = cyrus argv = / usr / lib / cyrus-imapd / deliver -e -r $ {sender} -m $ {extension} $ {user} # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags = Fqhu user = uucp argv = uux -r -n -z -a $ sender - $ nexthop! rmail ($ recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags = F user = ftn argv = / usr / lib / ifmail / ifmail -r $ nexthop ($ recipient) bsmtp unix - n n - - pipe flags = Fq. user = foo argv = / usr / local / sbin / bsmtp -f $ sender $ nexthop $ recipient

/ etc / aliases

The aliases file is valid for many MTAs, not just for Postfix. For historical reasons this configuration file can not be found under but under.

Here, as an example, a user who does not even exist in the system as the "correct" user is added to the configuration file with the name in addition to the predefined "aliases". All emails sent to this user e.g. local should be sent to the user's mailbox.

The relevant changes compared to the standard configuration are indicated with the following comment

# Tachtler

Mistake.

# # Aliases in this file will NOT be expanded in the header from # Mail, but WILL be visible over networks or from / bin / mail. # # >>>>>>>>>> The program "newaliases" must be run after # >> NOTE >> this file is updated for any changes to # >>>>>>>>>>> show through to sendmail . # # Basic system aliases - these MUST be present. mailer-daemon: postmaster postmaster: root # General redirections for pseudo accounts.

As can already be read in the configuration file,

# >>>>>>>>>>> The program "newaliases" must be run after # >> NOTE >> this file is updated for any changes to # >>>>>>>>>>> show through to sendmail.

Changes to this file must first be converted into a format using the program!

This applies not only, as can be read, to the MTA Sendmail, but also for the MTA Postfix!

However, there are two possibilities for Postfix to convert the aliases file into a format.

The first option is to continue command

  • (known to Sendmail converters)

to use, or the second option

to use!

A call to convert the configuration file to format could look like this:

# postalias / etc / aliases

A check of whether the command was successful can be traced back to the date of the file with the following command (In this example, the conversion was December 2nd):

# ll / etc / aliases * -rw-r - r-- 1 root root 1568 Dec 2 16:22 / etc / aliases -rw-r ----- 1 root smmsp 12288 Dec 2 16:24 / etc / aliases.db

It's a good idea to have email redirects in for technical users to use!

/ etc / postfix / virtual_alias_domains

The configuration file is managed Domain definitions which stand as an alias for accepting e-mail for certain domains.

Here is an example of accepting email for a Subdomain, described here.

To do this, the configuration file must be recreated with the following command:

# touch / etc / postfix / virtual_alias_domains

After that, the content should look like this:

dokuwiki.tachtler.net anything

It is best to use the [TAB] key as a separator between the two entries, but separation with [spaces] is also possible!

Finally, this must be the case here as well Text file can be converted into a format, or better still into the format, using Postfix's own command.

The call for the conversion into the e.g. format is as follows:

# postmap btree: / etc / postfix / virtual_alias_domains

Then a new file with the name should have been created.

This can be checked with the following command:

# ll / etc / postfix / virtual_alias_domains * -rw-r - r-- 1 root root 531 Dec 3 09:11 / etc / postfix / virtual_alias_domains -rw-r - r-- 1 root root 8192 Dec 3 09: 14 /etc/postfix/virtual_alias_domains.db

This completes the conversion to the format.

/ etc / postfix / virtual_alias_maps

The configuration file is managed Alias ​​Definitions, similar to the configuration file. Here, too, e-mail is accepted for certain recipients.

IMPORTANT - However should be here just Domains are or are given aliases, which NOT used in $ mydomain, $ myorigin, $ myhostname, localhost. $ mydomain, localhost!

Here is an example of accepting email for a e-mail address, described here. It doesn't matter which recipient in front the "@" sign is, this will be adopted. E.g. is off.

To do this, the configuration file must be recreated with the following command:

# touch / etc / postfix / virtual_alias_maps

After that, the content should look like this:

@ dokuwiki.tachtler.net @ tachtler.net

It is best to use the [TAB] key as a separator between the two entries, but separation with [spaces] is also possible!

Finally, this must be the case here as well Text file can be converted into a format, or better still into the format, using Postfix's own command.

The call for the conversion into the e.g. format is as follows:

# postmap btree: / etc / postfix / virtual_alias_maps

Then a new file with the name should have been created.

This can be checked with the following command:

# ll / etc / postfix / virtual_alias_maps * -rw-r - r-- 1 root root 40 Dec 3 09:12 / etc / postfix / virtual_alias_maps -rw-r - r-- 1 root root 8192 Dec 3 09: 14 /etc/postfix/virtual_alias_maps.db

This completes the conversion to the format.

It makes sense to use e-mail forwarding in / etc / postfix / virtual_alias_maps for virtual users or general addresses!

/ etc / postfix / sender_canonical_maps

DANGER - From Postfix version 2.2 is used as standard JUST For locally generated emails used !!!
* A new parameter must be adapted accordingly for extended use!

The configuration file is also able to replace e-mail addresses with other ones. But not only that, go on and write Sender addresses not only in SMTP envelope, but also in email headers around.

This is one of the few exceptions where the MTA Postfix changes the email header!

Sending e-mails with a e-mail address, described here. It doesn't matter which recipient in front the "@" sign is, this will be adopted. E.g. is off.

To do this, the configuration file must be recreated with the following command:

# touch / etc / postfix / sender_canonical_maps

After that, the content should look like this:

@ dokuwiki.tachtler.net @ tachtler.net

It is best to use the [TAB] key as a separator between the two entries, but separation with [spaces] is also possible!

Finally, this must be the case here as well Text file can be converted into a format, or better still into the format, using Postfix's own command.

The call for the conversion into the e.g. format is as follows:

# postmap btree: / etc / postfix / sender_canonical_maps

Then a new file with the name should have been created.

This can be checked with the following command:

# ll / etc / postfix / sender_canonical_maps * -rw-r - r-- 1 root root 644 Dec 4 13:12 / etc / postfix / sender_canonical_maps -rw-r - r-- 1 root root 8192 Dec 4 13: 28 /etc/postfix/sender_canonical_maps.db

This completes the conversion to the format.

/ etc / postfix / recipient_canonical_maps

DANGER - From Postfix version 2.2 is used as standard JUST For locally generated emails used !!!
* A new parameter must be adapted accordingly for extended use!

The configuration file is also able to replace e-mail addresses with other ones. But not only that, go on and write Recipient addresses not only in SMTP envelope, but also in email headers around.

IMPORTANT is that the recipient's e-mail address is not only entered in, but also in, otherwise the acceptance for e.g. [email protected] would be refused!

This is one of the few exceptions where the MTA Postfix changes the email header!

Here is an example of receiving e-mails with a e-mail address, described here. This is where the email address becomes.

To do this, the configuration file must be recreated with the following command:

# touch / etc / postfix / recipient_canonical_maps

After that, the content should look like this:

[email protected] [email protected]

It is best to use the [TAB] key as a separator between the two entries, but separation with [spaces] is also possible!

Finally, this must be the case here as well Text file can be converted into a format, or better still into the format, using Postfix's own command.

The call for the conversion into the e.g. format is as follows:

# postmap btree: / etc / postfix / recipient_canonical_maps

Then a new file with the name should have been created.

This can be checked with the following command:

# ll / etc / postfix / recipient_canonical_maps * -rw-r - r-- 1 root root 701 Dec 5 11:51 / etc / postfix / recipient_canonical_maps -rw-r - r-- 1 root root 8192 Dec 5 12: 03 /etc/postfix/recipient_canonical_maps.db

This completes the conversion to the format.

/ etc / postfix / smtp_generic_maps

The configuration file is also able to replace e-mail addresses with other ones. But not only that, go on and write Sender addresses not only in SMTP envelope, but also in email headers um, like the "big brother", but only when they leave the system via SMTP!

This is also one of the few exceptions in which the MTA Postfix changes the email header!

Sending e-mails with a e-mail address, described here. This is where the email address becomes.

To do this, the configuration file must be recreated with the following command:

# touch / etc / postfix / smtp_generic_maps

After that, the content should look like this:

[email protected] [email protected]

It is best to use the [TAB] key as a separator between the two entries, but separation with [spaces] is also possible!

Finally, this must be the case here as well Text file can be converted into a format, or better still into the format, using Postfix's own command.

The call for the conversion into the e.g. format is as follows:

# postmap btree: / etc / postfix / smtp_generic_maps

Then a new file with the name should have been created.

This can be checked with the following command:

# ll / etc / postfix / smtp_generic_maps * -rw-r - r-- 1 root root 47 Dec 5 13:03 / etc / postfix / smtp_generic_maps -rw-r - r-- 1 root root 8192 Dec 5 13: 38 /etc/postfix/smtp_generic_maps.db

This completes the conversion to the format.

/ etc / postfix / lmtp_generic_maps

The configuration file is also able to replace e-mail addresses with other ones. But not only that, go on and write Sender addresses not only in SMTP envelope, but also in email headers um, like the "big brother", but only when they leave the system via LMTP!

This is also one of the few exceptions in which the MTA Postfix changes the email header!

Sending e-mails with a e-mail address, described here. This is where the email address becomes.

To do this, the configuration file must be recreated with the following command:

# touch / etc / postfix / lmtp_generic_maps

After that, the content should look like this:

[email protected] [email protected]

It is best to use the [TAB] key as a separator between the two entries, but separation with [spaces] is also possible!

Finally, this must be the case here as well Text file can be converted into a format, or better still into the format, using Postfix's own command.

The call for the conversion into the e.g. format is as follows:

# postmap btree: / etc / postfix / lmtp_generic_maps

Then a new file with the name should have been created.

This can be checked with the following command:

# ll / etc / postfix / lmtp_generic_maps * -rw-r - r-- 1 root root 47 Dec 5 13:36 / etc / postfix / lmtp_generic_maps -rw-r - r-- 1 root root 8192 Dec 5 13: 38 /etc/postfix/lmtp_generic_maps.db

This completes the conversion to the format.

/ etc / postfix / transport_maps

IMPORTANT - The configuration file is here JUST represented theoretically!

The configuration file is used to create a non-standard Mail routing to realize. This is relevant, for example, when Postfix is ​​saved as a Relay host, before another e-mail server is used and a special one for that Routing is required.

The creation and conversion of a Text file into the format or even the format is identical to all other configuration files that are converted with Postfix's own program!

/ etc / postfix / relocated_maps

IMPORTANT - The configuration file is here JUST represented theoretically!

The configuration file is used if an e-mail is delivered with a recipient not known to the own Postfix, e.g. NOT as it would be customary in this case, an email with the error message or a Bounce- to acknowledge a mail,

... : unknown user: "warped"

but if the e-mail address has only changed, the sender the notify us of the new e-mail address!

... : user has moved to [email protected]

Nowadays the configuration file is almost meaningless because

  1. the fewest users the Bounce- Understand or even read the answer
  2. since it is easy for most administrators to simply forward the e-mails via an entry in the configuration file!

The use can be dispensed with!

/ etc / postfix / header_checks

The filtering carried out here in this configuration file relates to the information in the e-mail header, such as "From", "Subject" etc.

An example of such a configuration file could look like this. Everything is here first Not filtered what comes from, but everything that comes from is filtered. In addition, each field of the e-mail header can be filtered.