Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Book of Postfix

Posted by timothy on from the danny-boy dept.

danny writes "Do you run a mail server using Postfix? If so, then you should check out the latest addition to my book reviews, a look at Hildebrandt and Koetter's Book of Postfix." Read on for the review. The Book of Postfix author Ralf Hildebrandt + Patrick Koetter pages 464 publisher No Starch Press rating 9 reviewer Danny Yee ISBN 1593270011 summary understanding and implementing Postfix mail systems

When The Book of Postfix arrived, I jumped straight to the chapter "Understanding SMTP Authentication", since that was something I wanted to get working. This explains the problem -- how to allow travelling users with unknown IP addresses to send mail through a mail server without opening it up to spammers -- and clearly lays out the options: SMTP-after-POP or -IMAP, SMTP authentication, certificate-based relaying using TLS, or some kind of VPN. "If you want something simple, independent, and secure, SMTP AUTH is probably for you."

The remainder of the chapter explains how to set up a backend for SMTP authentication -- a choice between saslauthd and other options -- and the following chapter then explains how to configure Postfix to use it. This approach is typical of The Book of Postfix, which tackles many topics with paired chapters, the first covering background, theory and any ancillary systems and the second covering the actual Postifx configuration. It also emphasises progressive implementation accompanied by testing, which is most reassuring when modifying production servers.

Other chapters in Part III, "Advanced Configurations", cover running Postfix chrooted, using TLS (two chapters), mail gateways and multiple domains. There's also a chapter that works through building a complete mail system for an organisation. Part IV covers tuning and the appendices cover installing Postfix (for Debian or Redhat Linux, or from source) and troubleshooting.

Moving backwards, the hundred and twenty pages in part II cover content controls. Some basic postmaster background is followed by pairs of chapters on each of message transfer restrictions, built-in content filters, and external content filters. I've been working through these, improving my anti-spam controls, and they're proving really helpful; my next step will be implementing amavisd-new.

Part I explains how to set up a host to run Postfix, with ancillary services such as DNS, NTP and syslog, then how to set up a simple single domain configuration, either on a permanently connected machine or on a dialup machine. It then gives a brief description of Postfix's basic anatomy. Part I is concise -- just fifty pages -- but it offers everything most people will need for a basic setup.

There's no cruft in The Book of Postfix: it's a fairly chunky book, but none of it is padding. Excerpts from configuration files include just the right amount of context and the diagrams (and a very few screenshots) are integrated with the text and tightly focused. Given the scope, it's probably overkill for basic Postfix users, though the first fifty pages would make an excellent "getting started" guide for them.

There are some omissions. There's no general explanation of how the master.cf file works, for example, or of rewriting -- neither "masquerading" nor "canonical" appear in the index or glossary. The "Anatomy of Postfix" chapter could definitely have been more comprehensive.

How does The Book of Postfix compare with the O'Reilly book Postfix: the Definitive Guide ? The Book of Postfix is nearly twice the length and provides much more detailed step-by-step explanations and more on ancillary systems -- it explains how to set up backends for SMTP authentication, for example, rather than just telling you that you need one.

I highly recommend The Book of Postfix to anyone using Postfix and wanting to do more than the basics with it.

Danny Yee has written over 800 other book reviews. You can purchase The Book of Postfix from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

21 of 103 comments (clear)

  1. Dumb Question... by __aaclcg7560 · · Score: 4, Interesting

    Why are mail servers so needlessly complicated? Seems like you have to be a PhD Rocket Scientist to change the most simplest thing.

    1. Re:Dumb Question... by bizard · · Score: 5, Insightful

      Because mail servers are more accurately mail _systems_. Complex interactions between local and remote users, spam and virus filters, strict adherence to standards and allowances for broken implementations of same and most importantly (and hardest to deal with) proper dns configuration and lack of same. Nobody wants to lose any mail, so you have to work with 30 year old mail servers just as easily as last months latest rev.

    2. Re:Dumb Question... by toxic666 · · Score: 5, Informative

      Mail servers (I use postfix as a filtering gateway to an Exchange system) are not "needlessly complicated". They are quite easy to set up if all you want are basic, secure mail services.

      However, if you want added functionality, security, filtering, spam / virus control, you need to understand what you are doing if you want to use an open source *nix-compatible mail server.

      If you just want something "easy" (read: click and drool), expose Exchange to the Internet and pay through the nose for security software that is behind the times.

      If you understand how the internals of a richly-functional mail server work, you too may achieve >99.99% spam and virus filtering with 0.0001% false positives. And do it much cheaper.

    3. Re:Dumb Question... by ZosX · · Score: 3, Interesting

      I'll bite.

      Mailservers are complex that is why. Just take a look at Exim to see what happens when a mailserver gets a bit too complex. In Exim you have this whole transport pipeline that the message must pass through before it gets delivered. Along the way you can change headers, filter for spam, virus check and about a million other things including sender id.

      Thankfully (at least in debian) it comes with a script that will do quite a few basic configurations after asking a few questions. Your e-mail needs may not be as complex as others, but when a site needs a an e-mail server to handle 10,000+ e-mails an hour, streamlining and tweaking the process allows things to be much smoother. I admit I am not anywhere near an expert when it comes to SMTP servers, but I can see the value in wanting to make things run smooth and streamlining the process is a part of that.

      Personally, I've found that postfix is pretty easy to set up and maintain compared to other daemons out there. As far as I am concerned, anything has to be better than configuring Sendmail, though I guess it has become a lot more secure over the years.

      I'm sure others will have a lot more to say on this subject.

      --
      zosxavius photography
    4. Re:Dumb Question... by dodobh · · Score: 2, Informative

      Basics
      Standard configs

      You shouldn't need to really configure much more than that.

      --
      I can throw myself at the ground, and miss.
    5. Re:Dumb Question... by Romeozulu · · Score: 2, Interesting

      JFC!!! You're links just proved the parents point.

      Pages and pages of stuff that you already have to understand to understand. I agree, mail servers are needlessly complex. All I want to do is receive mail and send it to 3 users on my machine, and have them be able to send mail via TB to the server without it become a spam relay. Why is this so damn hard.

      Maybe it isn't but they people that document mail servers don't have a clue.

      Why is it so damn hard to have the mail server require a user and password to send mail though it. I don't want to set up a hole SSL TSL BFD system with certificates and crap.

      Why is the that the same program that receives mail from the outside world is the one that accepts connections from clients. This is silly and contributes to the spam problem. Much like POP3 or IMAP is a separate program, so should the one that accepts mail from a client like TB or Outlook. Then we wouldn't have this will spam problem.

      Mail servers are still stuck in the mainframe days. Time for someone to rethink this mess.

    6. Re:Dumb Question... by dodobh · · Score: 3, Informative

      SMTP AUTH

      Mail server documentation is written for IT professionals and system administrators who know what they are doing.

      This is not meant for end users.

      And if you had bothered to read those links, they are newbie friendly and actually explain in depth what the changes you are doing do to the mail system.

      Also, MUAs are supposed to submit mail on 587/tcp via SMTP. I recommend you follow that rule.

      --
      I can throw myself at the ground, and miss.
    7. Re:Dumb Question... by Tassach · · Score: 2, Informative
      All I want to do is receive mail and send it to 3 users on my machine, and have them be able to send mail via TB to the server without it become a spam relay. Why is this so damn hard.
      The default postfix config that comes with Fedora Core is probably all you need. FC installs sendmail by default, so you need to install postfix and switchmail (and probably dovecot, if you want pop3/imap capability:
      yum -y install postfix dovecot system-switch-mail
      /usr/sbin/system-switch-mail
      rpm --erase sendmail
      Assuming you already have your MX record set up and port 25 open to the world, you should then only have to change 3 lines in /etc/postfix/main.cf to be able to send & recieve email from any machine on your LAN to anywhere in the world:
      myhostname = mail.mydomain.tld
      mydomain = mydomain.tld
      mynetworks = 192.168.69.0/24
      The only gotcha is that if you are on a cable modem / dsl, some ISPs (AOL) might not accept your mail based on your IP. In that case you need to make one more change to main.cf:
      relayhost = smtp.myisp.net
      This forces all outbound mail to go through your ISP's official mail server.

      Then all you have to do is (re)start postfix:

      service postfix restart
      It's that easy.

      You can do more tweaking to improve security and set up spam & virus filtering, but those are complicated topics and are therefore complicated to configure. Switching to use maildir delivery (vs the default mbox format) is trivial to do, and is left as an exersize for the reader.

      --
      Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
    8. Re:Dumb Question... by Nailer · · Score: 3, Insightful

      You need to justify those statements: why does security and ease of use have to be mutually exclusive?

      People assume these things, and I don't think it's warranted. I think the UI for the security is probably just badly designed. Many people would say Windows sets users up as admins because that's easy, and doing things securely would be hard. But is 'type your admin password to continue' like Fedora or OS X uses really that hard?

  2. Great timing by stevey · · Score: 3, Informative

    I also reviewed The Book Of Postfix this week.

    I also enjoyed it, and recommended it.

    1. Re:Great timing by drauh · · Score: 2, Funny
      I also enjoyed it...

      How to tell when it's time for you to read some alt.sysadmin.recovery.

      --
      This is a tautology.
  3. Just picked this book up a month ago by DarkFencer · · Score: 5, Informative

    We had been running sendmail as the MTA for our mail gateway (for a medium size university). I had been getting fed-up with sendmail, and have had a collegue raving about postfix for a long time.

    Long story short: This book has let me (in less then a month) not only switch our mail servers over to postfix, but let me do things more efficiently (in terms of stopping spam at the SMTP receive stage) and many other things better then I had with sendmail before.

    I'm not going to make this a sendmail vs. postfix thread, but if you're going to use postfix, this book is a great resource!

    1. Re:Just picked this book up a month ago by fjf33 · · Score: 2, Insightful

      I tried to setup sendmail a while back and quit in disgust. Postfix on the other hand is straight forward to the point that you can setup all the configuration files without having to copy some strange files that do some magic and actually understand what's going on. Well mostly understand what's going on. :)

  4. Grey listing.. by login: · · Score: 4, Informative

    For anyone using Postfix, I would highly recommend setting it up to work with Postgrey http://isg.ee.ethz.ch/tools/postgrey/.

    This reduced the spam at our installation by over 80% overnight, and has so far had no complaints of false positive.

    For a detailed explanation of how this works, see here..http://projects.puremagic.com/greylisting/

  5. Shouldn't that be... by currivan · · Score: 3, Funny

    "You a mail server run Postfix using do?"

  6. From the description by scrow · · Score: 2, Funny

    ..I had hoped that it would be a Hildebrant illustrated guide to Postfix.

    --
    I just type my sig in the reply form...
  7. Dissapointed by CableModemSniper · · Score: 3, Funny

    I am dissapointed. I clicked on this link expecting it to be about Forth or PostScript or HP. Boy was I sadly mistaken.

    --
    Why not fork?
  8. PostFix crosslisted in hardware? by Viltvodlian+Deoderan · · Score: 2, Insightful
    Maybe I am just being picky, but it seems a little strange to crosslist a book on mail server/system/whatever software in the hardware section.

    Let's review:
    hardware = something you can kick when it breaks, or, kick to break it
    software = the little 0's and 1's that live in hardware.

  9. Re:Missing: advantages of postfix by Armadni+General · · Score: 2, Insightful

    I think by the time most people decide they want to go with Postfix, hence a purchase of this book, they're already pretty knowledgeable with the advantages and disadvantages. Most of the network admins I speak to do all their pre-selection research from more open sources, such as (who'd-a thunk it!) the Internet.

    I can't speak for anyone else, but I usually just skip right past advantages and disadvantages in these such books.

  10. Another source of postfix information :) by lordsilence · · Score: 3, Informative

    irc.freenode.org #postfix

    Say hello to us in irc.
    We're always happy to help.

  11. Re:Mutt by value_added · · Score: 2, Informative
    You do know mutt has a mailing list?

    Try ssmtp. I use it when running mutt on Win32 under Cygwin.

    # .muttrc
    set sendmail="/usr/sbin/ssmtp -audUserName@domain -apSecretPassword"