Postfix

Andy Murren contributed this review of Richard Blum's Postfix. Powering mail delivery may not be as sexy as programming in exotic new languages, but it sure is important -- Andy gives you the scoop here on how well Postfix (and Postfix) do at the task.

Postfix author Richard Blun pages 542 publisher Sams rating 8 reviewer Andy Murren ISBN 0-672-32114-9 summary Guide to setting up and running Postfix as your MTA.

Postfix is a complete Mail Transfer Agent (MTA) that is meant to be a replacement for Sendmail. Wietse Venema, who works at the IBM Watson Research Center, wrote the program and released it under the IBM Public License. Richard Blum has targeted this book at Intermediate to Advanced users, but he has enough basic information so that even an MS Exchange administrator with no Unix background can get Postfix running quickly.

The book is broken into three sections:

1. Introduction to E-Mail Services and Postfix
2. Installing and Configuring Postfix
3. Advanced Postfix Server Topics

Part I is a nice overview of email, how to use Postfix, how Postfix works and a comparison of Postfix and Sendmail. In chapter 3 'Server Requirements for Postfix' an overview of Unix and Unix commands are covered along with an introduction to bash, gcc and make to bring the non-Unix user up to speed with the tools that they will need.

The chapter on DNS starts by covering the origins of DNS and the basics of how it works. Blum then gives us an explanation of DNS records and how to set them up, including the all-important MX (Mail Exchanger) record. He then gives a brief discussion on how to set up the resolv.conf, hosts and hosts.conf files. The chapter concludes with a quick look at the host, nslookup and dig programs. This chapter serves as a quick reference on getting DNS up and running on a Unix box.

Part II is a detailed section that is the heart of the book. How to set up Postfix is laid out in detail from how to install (both from an RPM file and from source), to configuring it, to logging and blocking UCE/UBE.

One of the sections of the book I was drawn to was on how to set up Postfix as an internal and external mail server for the Small Office environment. This could be for branch offices of a large company (such as insurance offices) or for a Small Office / Home Office (SOHO) that does not have a full time Internet connection. Blum explains how to set up the server for dial-up to send and retrieve mail, and how to run the mail server on the same box as your firewall.

The chapter 'Migrating from Sendmail to Postfix' is a short step-by-step on how and what to convert from Sendmail to Postfix. Since Postfix was designed to do this easily the chapter is shorter than might be expected (only 20 pages).

Rounding out Part II is a chapter on the Maildir mailbox format and a chapter on using an external MDA. The chapter on using an external MDA is a good example of why I like this book. Here is the full Table of Contents for the chapter:

1. Using MDA Programs with Postfix

1. What is a Mail Delivery Agent

1. Automatic Mail Filtering

1. Automatic Mail Replying

1. Automatic Program Initialization by Mail

1. Using an External MDA Program with Postfix

1. Configuring the main.cf file

1. Watching MDA Programs in the Postfix Log

1. The procmail MDA Program

1. Installing procmail

1. The procmail Command Line

1. User-Defined procmail Actions

1. Summary

In this chapter Blum gives a nice quick How-To on procmail. While it is not a full treatment of procmail it has enough information to download, compile, install, configure and run procmail. Coupled with the brief lessons on Unix, gcc, make and bash in the first section, an MS Exchange administrator on their first attempt in the Unix world is provided enough information to get procmail working as the MDA for their new Postfix MTA.

Section III covers advanced server topics including using MySQL, OpenLDAP and Majordomo with Postfix. Like the section on procmail, Blum covers installing and configuring each of these applications and how to make Postfix work with them. Chapter 20 covers POP3 and IMAP, which then leads nicely into the next chapter on SqWebMail. The final chapters are on performance tuning and troubleshooting.

Overall I have found this to be a well-written book that addressed several questions that I had about configuring and using Postfix (such as the SOHO section). It is clear, direct and covers each topic to a level that I found comfortable. For some people this book will be too advanced but that should not be anyone who has a working knowledge of mail servers or of Unix. I would recommend this book for someone who has started to use or wants to migrate to using Postfix.

My major complaint about this book is the price, $49.99. As much as I liked this book, 'Practical UNIX and Internet Security' was more densely packed with information and only cost $39.95.

Table of Contents

1. Introduction

Introduction to E-Mail Services and Postfix

1. E-Mail Services
2. Postfix Services
3. Server Requirements for Postfix
4. DNS and Postfix
5. SMTP and Postfix

Installing and Configuring Postfix

1. Installing Postfix
2. The master.cf Configuration File
3. The main.cf Configuration File
4. Postfix Lookup Tables
5. Using Postfix
6. Using Postfix as an ISP Mail Server
7. Using Postfix as an Office Mail Server
8. Postfix Server Administration
9. Migrating from Sendmail to Postfix
10. Using the Maildir Mailbox Format
11. Using MDA Programs with Postfix

Advanced Postfix Server Topics

1. Using MySQL with Postfix
2. Using OpenLDAP with Postfix
3. Using Majordomo with Postfix
4. Using POP3 and IMAP with Postfix
5. Using SqWebMail with Postfix
6. Performance Tuning Postfix
7. Common Postfix Problems

You can purchase this book at Fatbrain.

Speed, Maybehaps?

[Christopher+B.+Brown]

If you're running a personal server, it's not vitally important, but if the mail server is processing thousands of messages a day, it can be significant.

I personally like Postfix because:

• It's pretty easy to configure.

  If your needs are simple, and you need only set up a DMsomehost.to.forward.to entry for Sendmail, Sendmail's easy to configure, but things instantly get a whole lot hairier.

  And I've never had good success with EXIM, and every time I've configured qmail it has been a hassle.

• Like qmail, it supports Maildir, which is presently handy since mail is, at the moment, being delivered to an NFS-mounted directory. Sendmail wouldn't be happy, but Postfix is.
• Postfix should be more resistant to hackers than Sendmail or Exim.

  It seems dangerous to compare Postfix to qmail; spectacular flame wars have broken out between the respective authors...

Re:Where's the SPAM?

[willfe]

Um:

Part II is a detailed section that is the heart of the book. How to set up Postfix is laid out in detail from how to install (both from an RPM file and from source), to configuring it, to logging and blocking UCE/UBE.

Devoting an entire chapter of a book to blocking spam sounds like a nice idea, but one of the many things postfix gets right is its ability to effectively and easily block spam for you. With only a few configuration directives in /etc/postfix/main.cf, you can make postfix:

• Reject inbound mail if it's coming from a known spammer, known relay, or known dialup IP addy (the blackhole, relays, and dialups lists at the RBL)
• Reject inbound mail from any system that presents an invalid (i.e. not strictly DNS-compliant) hostname
• Reject inbound mail from any system whose IP address cannot be resolved to a name
• Reject "inbound" mail whose real destination is any domain that the postfix installation doesn't directly service (by delivering the mail itself or by relaying to a defined external system); this is a default feature, incidentally
• Limit the number of recipients a single message can have
• Limit the number of messages a single system can send to the server over a specific duration
• Limit (or completely inhibit) clients' ability to use the VRFY command to harvest addresses

I bet there's more that I've forgotten about (or not discovered yet). Every single item in this list can be implemented with one directive in /etc/postfix/main.cf; postfix is very easy in this regard.

I would think, given postfix's very easy means of setting all this stuff up (and the in-depth documentation that it ships with), that it would be a waste to devote more than a few pages to spam blocking when discussing this mail system. It won't relay by default (so there goes the most commonly used gaping hole for spammers right there), and by turning on features that limit DoS-type attacks and spamming runs, you catch all the clueless spammers. By including the RBL, you catch the more sophisticated ones. Sure, spam's gonna get through no matter what you do, but it won't be postfix's fault.

This book looks to be a clear, concise discussion of postfix's other, more interesting features. I'm glad to see a whole section devoted to getting postfix working with OpenLDAP, for example. Honestly, I think that sort of thing is more important than spam catching in the first place; sure, a user might have to delete a few spams if you haven't spent all the time you should on spam catching, but you might well have more free time if you manage to integrate all your authentication and account management into an LDAP directory that postfix can directly use for its users and configuration.

Just some random thoughts from a humble system administrator :)

Some errors in the book

[dodobh]

There have been a few reviews on the Postfix mailing list of the book. The overall recommendation is: The book is not as good as the mailing list, but better than the docs. It doesn't maintain consistency throughout, and has a few typos.
Search the mailing list archives for details.
(Yes, I know I should be posting links, but I have now decided to get people to RTFM and learn to search. I am tired of spoon feeding lusers, and need a break).

Quoting Ralf Hildebrandt:
Today "The" book arrived. I flew over the first 11 chapters and found
the following errors/omissions:

b) p 48: What is the "spawn" program?

c) p 32, table 2.2: mail is NOT a queue. It's the mailspool, or a mbox
file, but not a queue.

d) p 31, listing 2.3: column chroot() shows "never" instead of the
default "yes" that I know.

Quoting Jeffrey Taylor:
It is more tutorial than reference. However, it repeats running
postmap everytime a new map is introduced and telnet sessions for most
forms of sender/relay/spam restrictions. THis makes in a reference
where you may not have read the previous examples. It gets tedious in
a tutorial that is read cover to cover.

IMHO: It is worthwhile, I'm not unhappy I bought the book. It feels
padded (see above). It is beginner thru intermediate, not much
advanced or tricky. I found it more useful than the docs and less
useful (and less over my head) than this e-mail list. I have a small
system, 200-300 messages per day and the chapters on MySQL and LDAP
only served to convince me I don't need them.

e) p 29, figure 2.2 is wrong: Lookup tables interact with the "utility
programs" (e.g. postmap, postalias!)

f) p 97 lists non-RFC conformal command syntax ("RCPT TO:haley"
instead of the correct "RCPT TO: ")

g) p 97ff list lots of bizarre SMTP commands, but the text never
actually tells the read if Postfix implements those. Lots of
bla-bla.

h) p 108 says for "The AUTH command": "The administrator must maintain a
separate username and password database that allows authentication of
remote SMTP clients."
This is not true, it can use any PAM authentication method!

i) p 171 The text for relay_host fails to mention that [] prevents a
MX Lookup of the address/hostname in the brackets!

j) p 174, table 8.1: append_at_myorigin appends (obviously) $myorigin,
not $mydomain

k) p 204, table 9.6 fails to list an all numeric LHS being equivalent
to "OK"

l) p 214 table 9.8 "virtual domain record types" fails to list the
form "@domain @otherdomain"

Postfix's own documentation is fine

[null-und-eins]

I am running Postfix on my machines for two years now and never wanted to use any other MTA. Its documentation is very complete so chances are good that you don't need this book. The FAQ covers most aspects and the rest can be deduced from the manual pages. If you are running sendmail do yourself a favour and take a look at Postfix.