I recently, perhaps foolishly, changed over a remote server from sendmail/procmail to postfix/amavis/spamassassin/clamd , and I'm finding it difficult to configure this setup.
The CentOS document http://wiki.centos.org/HowTos/postfix explicitly says that its instructions may not work in CentOS-6. Does anyone know of reasonably simple postfix documentation for CentOS-6?
I've been amazed how bad the postfix documentation is. It actually seems to be worse that sendmail documentation, which I thought established a record for this sort of thing. The official documentation at http://www.postfix.org/documentation.html is ludicrously wordy, with every conceivable option listed in random order.
On 12/09/13 11:03, Timothy Murphy wrote:
The above probably should work, just that it wasn't written specifically for 6 and hasn't been tested on 6, but the changes in Postfix between 5 and 6 shouldn't prevent it from working given it describes the bare minimum required to get Postfix up on your system. The warning was added as a matter of course, as users started reporting inconsistencies between guides written for CentOS 5 when CentOS 6 was released. For example, I would expect more issues with dovecot configs between 5 and 6 than I would with Postfix.
Anyway, for Postfix it really doesn't get any simpler than the above. If you find inconsistencies please feel free to feed back changes to the centos-docs list and the page can be updated for CentOS 6.
Thanks.
Ned Slider wrote:
Ok, thanks for the response. I'll try following the instructions in that document, as I have had no luck with the documents on www.postfix.org .
The changeover from sendmail to postfix in CentOS-6 was probably a mistake, in my view, unless required to follow RedHat. At the very least proper documentation should be a pre-requisite for a change like this.
Timothy Murphy wrote:
I'll try following the instructions in that document, as I have had no luck with the documents on www.postfix.org .
I have switched over from sendmail to postfix, and the most difficult part was learning how simple it is to configure postfix. Once you get that, a quick web search will let you know the postfix equivalent of a sendmail setting, such as smarthost.
I'd be surprised if anything in that document is not right. If you find anything or you need assistance, the list is here.
Use postconf with -d or -n to see default and non- default configurations. "man -a postconf" and is your friend. Also, check /var/log/maillog for errors after making any configuration changes. Some errors may not appear for a day or two until a matching message is received, for example with size restrictions.
My two cents. There's a good reason postfix has been chosen to replace sendmail as the default MTA. As with anything new, it takes time to feel comfortable with it.
c
Carl T. Miller wrote:
Why should it be difficult to learn that, unless the documentation is misleading? (It is.)
I didn't find anything wrong in the document in question (http://wiki.centos.org/HowTos/postfix), except that a couple of packages mentioned (ystem-change-mail*) don't seem to exist in CentOS-6.
However, if my experience is anything to go by, it missed out two essential points.
Firstly, after following the instructions meticulously, I found that I could not send out mail because (according to /var/log/maillog) the From address was tim@localhost.localdomain , and this was rejected by the recipient host or rather his ISP. ------------------------------- tim@localhost.localdomain MAIL FROM domain does not exist (in reply to MAIL FROM command) ------------------------------- I cured this by adding tim tim@gayleard.eu to /etc/hosts . I don't know if this is the best way to go about it?
After correcting this, I found my email was still rejected, with the message "Blacklisted by Spamhaus"! I read in http://www.spamhaus.org/pbl/query/PBL814205 that 'the reason is simply that you need to turn on "SMTP Authentication"'
Googling for "centos postfix authentication" took me on a long and not very interesting journey. I was amazed how many apparently widely differing solutions were suggested. In the end I found the simplest solution in http://www.cyberciti.biz/faq/postfix-smtp-authentication-for-mail-servers/ which describes the postfix equivalent of sendmail's SMART_HOST. (A lot more complicated than the one line in sendmail.mc .)
On 12/09/13 23:04, Timothy Murphy wrote:
That was for switching the default MTA in EL5. As Postfix is already the default in EL6 it is simply not needed.
This is typically caused by having your hostname set to localhost (or loaclhost.localdomain). Your hostname should reflect your fqdn.
The bit at the top of the Spamhaus link says it all really - as a matter of *policy*, Spamhaus and/or your ISP has decided that you shouldn't be sending email direct from that IP address as it's residential / dynamic / whatever. Either way, as a result 90% of the internet is going to reject your mail. You will need to relay all outbound email through your ISPs smarthost to achieve any sort of deliverability.
Ned Slider wrote:
That's not the case. If you upgrade from CentOS-5 to CentOS-6, which I imagine the vast majority of people did, then sendmail remains the current MTA. However, this is only a tiny point, since the document mentions "yum remove sendmail" as an alternative.
If you mean $myhostname in /etc/postfix/main.cf then that is not the cause; it was set to my fqdn. Also it is set in /etc/sysconfig/network. And it is the name given by "uname -a". I'm not sure where else it can be given?
Exactly. So perhaps this should be mentioned in the CentOS document http://wiki.centos.org/HowTos/postfix?
On 09/13/2013 12:56 PM, Timothy Murphy wrote:
In my experience, in an enterprise environment, servers do not get upgraded (note up*g*raded, not updated). Instead new servers are installed with EL6 and the old ones with EL5 are phased out. This makes sense not only because you do not want to impact operations with a potentially hazardous upgrade but also because it is an opportunity to deploy the latest version of any apps that will be running on top of the shiny new EL6 instance (think Oracle, SAP, etc.).
If I understand your situation correctly than maybe it it's easier to install EL6 on a spare box or as a VM, get postfix going, document it, and then do the move from sendmail to postfix.
Regards, Patrick
On 09/13/2013 12:56 PM, Timothy Murphy wrote:
that's a lot to assume. Most people I know professionally do not upgrade their rhel/centos servers. The debian crowd does, but they do have much shorter release cycles :-)
That is a very odd hosts file entry :-). From man 5 hosts, section EXAMPLES:
127.0.0.1 localhost 192.168.1.10 foo.mydomain.org foo 192.168.1.13 bar.mydomain.org bar
unless your fqdn is in DNS or in your hosts file, postfix does not know about that:
http://www.postfix.org/postconf.5.html#myhostname
So in order to find out what postfix thinks $myhostname is in its default settings, try this:
# postconf -d | grep myhostname
If you set a fqdn in myhostname, then you will not have that problem.
that is nothing postfix/centos specific, IMO. Trying to run an MTA on a dial-up host is an exercise in futility. You may agree of disagree whether this is fair, but it is a fact. So if someone adds a warning in the wiki about that, fine, but it has nothing to do with centos or postfix.
If you want to have a test postfix server with an acceptable IP address, get yourself a vm on any cloud provider. Then you will not be blocked unless you start spamming :-) . Those vm's are very affordable (from 5$/month on).
natxo asenjo wrote:
Sorry, that was a curious typo from my notes. It should have read:
the From address was tim@localhost.localdomain , and this was rejected by the recipient host or rather his ISP. ------------------------------- tim@localhost.localdomain MAIL FROM domain does not exist (in reply to MAIL FROM command) -------------------------------
I'm afraid I can't at the moment, as I have lost connection to the remote server (in Italy), probably due to a power outage, fairly common there at this time of year.
But I was asked in /etc/postfix/main.cf for $myhostname, and set it to my fqdn. What is the point of asking for this if it is not used?
I'm sure it is also set in /etc/hosts , but as I said I can't check that at the moment.
If you set a fqdn in myhostname, then you will not have that problem.
If you mean myhostname in /etc/postfix/main.cf then as I just said it is set to the fqdn. Also I should point out that sendmail has been working perfectly there, without any such messages in /var/log/maillog .
It may be a fact, but it is a totally irrelevant one in this context, since I am not "running an MTA on a dial-up host". I have a perfectly standard broadband connection (admittedly a little flaky in Italy).
This suggestion, like others along the same lines, seems more or less crazy to me. Why on earth should I want to get a VM on a cloud provider? I have perfectly good internal and external IP addresses (the latter thanks to dyndns).
As I have said, I have postfix/amavis working perfectly now. But it was much more time-consuming than it should have been, due in my opinion to very bad documentation, or possibly lack of documentation for someone setting up a home network.
On 09/13/2013 03:59 PM, Timothy Murphy wrote:
natxo asenjo wrote:
obviosly sendmail is not postfix, is it? Or does sendmail have a config on /etc/postfix/main.cf?
Broadband consumer connections are 'dial-up'.
That is why it was it blocked by spamhaus policy.
obviously not to send email directly which is what you were trying to do. When having such an ip no mx server will accept messages from you directly. That is why you need to relay to your e-mail provider.
The fact that you state you use dyndns proves do not understand how smtp servers work. No mx server will talk to your dyndns mta directly *except* your isp's mta.
or lack of knowledgde on your part on how smtp servers work. Everything is possible.
On Thu, Sep 12, 2013 at 7:17 AM, Timothy Murphy gayleard@eircom.net wrote:
An important document is the architectural overview ( http://www.postfix.org/OVERVIEW.html) which is somewhat unceremoniously indexed under "Other Topics" on the documentation page. That really helps tie a lot of things together.
❧ Brian Mathis
On 09/12/2013 12:03 PM, Timothy Murphy wrote:
Read "Postfix: The Definitive Guide" or "The Book of Postfix". Years ago I read the first and used it to setup multiple domains with virtual accounts. Works perfectly to this day. Also heard good things about the 2nd book. Both should give you ample knowledge how to setup Postfix.
Imho the Postfix documentation is excellent. Admittedly it does not do any handholding but once you are familiar with it, it's very helpful to have such an elaborate overview of all possible options.
I would suggest to start with a basic Postfix setup without all the bells and whistles, get that going and then slowly add things like anti-spam rules, amavis etc. Using git for your configs helps reverting if something blows up.
Regards, Patrick
On 12/09/13 12:35, Patrick Lists wrote:
I agree wholeheartedly.
Postfix is obviously going to be a little different for those transitioning from Sendmail, but I firmly believe it's much less complicated to learn and deploy for those first starting out on the road to deploying a mail server. I believe the widespread recognition of this fact is one of the main reasons behind Postfix being the default MTA in RHEL6.
Excellent advice IMHO, and exactly the way the CentOS Wiki documentation was written, albeit for CentOS 5. Start with the basic Postfix guide, then bolt on some basic spam filtering, postgrey, SASL, amavisd/ClamAV as required.
You can see the full list of guides here:
http://wiki.centos.org/HowTos#head-0facb50d5796bee0bd394636c32ffa9a997a6ab5
Patrick Lists wrote:
I'm sure you are right. But I don't really want to _learn_ about postfix, I just want to use it.
=> Imho the Postfix documentation is excellent. Admittedly it does not do
any handholding but once you are familiar with it, it's very helpful to have such an elaborate overview of all possible options.
Too much information is just as bad, if not worse, than too little. It does not help to list all possible options if there are hundreds of them, since one has to start by working out which can possibly be relevant. There is a big difference between a user manual and a reference manual.
How about trying this out -> http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mys...
-- View this message in context: http://centos.1050465.n5.nabble.com/CentOS-Setting-up-postfix-under-CentOS-6... Sent from the CentOS mailing list archive at Nabble.com.
On 09/12/2013 12:03 PM, Timothy Murphy wrote:
migrating is always a pain.
no. Maybe you can write one after you figure it out :-)
let me disagree with you.
Postfix's target audience is not the average joe user but e-mail administrators. It is assumed you know some stuff about how smtp e-mail works.
With that in mind, its documentation is simple, to the point and accurate.
For simple scenarios, you go to the 'General configuration' bullet points. In there you even have standard configuration examples:
http://www.postfix.org/STANDARD_CONFIGURATION_README.html
Once you have that figured out, then you can go on to other configs, like the content inspection, integration with other data sources, performance problems, etc. It does make sense once you approach it with an e-mail admin hat on.
If what you want is an appliance that handles this stuff but hides it all under the hood from you, maybe you should be looking at commercial offerings like barracuda. It is nothing to be ashamed of to buy stuff that works and has support when something goes wrong. Handling e-mail for a company without understanding how it works internally can be stressing.
Also, the postfix mailing list is the best place to ask postfix questions
natxo asenjo wrote:
I'll be happy to suggest a modest addition to http://wiki.centos.org/HowTos/postfix when I have found why my from address was set to ------------------------------- tim@localhost.localdomain MAIL FROM domain does not exist (in reply to MAIL FROM command) ------------------------------- As I have said, I gave my fqdn in every place I can think of.
I wonder if that is, or should be, any longer the case? I would have guessed that many, perhaps the majority, of CentOS users are now running home networks rather than commercial sites. I realise that RedHat may not be particularly interested in these people, but I would have thought CentOS should be.
I'm not an "email admin" except by necessity. If in fact it takes say two days of reading to setup postfix then I would revert to sendmail, which has been working perfectly for me for years. (Incidentally, having now setup postfix/amavis/clamd/spamassassin it does not seem to me to have any advantages - at least in my case - over sendmail/procmail/spamassassin . I've been told it is much better, but nobody has told me why.)
But as it happens, two short documents, http://wiki.centos.org/HowTos/postfix and http://www.cyberciti.biz/faq/postfix-smtp-authentication-for-mail-servers/, told me everything I needed to set up postfix on a home network. If I had homed in earlier on these two documents it would have taken me 20 minutes or less to set it up.
If what you want is an appliance that handles this stuff but hides it all under the hood from you,
I don't; I just want to be able to continue to send and receive email as I have been able to for years.
As I have said, I am not a company. I think I run a fairly typical home network, a setup that I would guess is going to become steadily more popular as the number of devices on a local network in the average household grows: laptops, TVs, smart phones, printers, etc.
Also, the postfix mailing list is the best place to ask postfix questions
I did ask the same two questions on that newsgroup/mailing-list and got no response. As you say, it seems to be the haunt of commercial or company email admins.
On 09/13/2013 01:37 PM, Timothy Murphy wrote:
this is certainly not my case. I do run centos (even in my laptop) but my main use is professional. And frankly, I do not know anyone in my personal environment with a linux computer (tablets/phones don't count).
maybe you should not have switched then. The main advantage of postfix above sendmail is that it is now more common. Sendmail has this reputation of being hard, so no one wants to start using it now. The pool of sendmail admins is dwindling fast.
somehow I doubt that most families will start installing a centos server to handle their e-mail. Everybody is happy to hand it off to gmail nowadays, so they just configure that. As to the other devices, they just need network connectivity, and the access points take care of that.
Most people I know are happy to get a NAS device to keep their stuff centrally and for downloading stuff from newsgroups/bittorrent. They are not in the least interested in a mail server. But maybe the people you know are :-)
well, yes, those are the people using postfix after all :-)
I went to check what you posted there, and I can see the problem with myhostname:
myhostname = alfred.gayleard.eu
but that host does not exist:
$ host alfred.gayleard.eu Host alfred.gayleard.eu not found: 3(NXDOMAIN)
This means it does not exist in dns. My guess is it does not exist in your hosts file either.
natxo asenjo wrote:
I can't parse this. You are saying you are running centos on a laptop, but don't know anyone running a "linux" computer.
Do you mean that all the people you know are running Windows or MacOS? Or do you mean you don't know anyone with a laptop?
Incidentally, I'm not running CentOS on a laptop, if that was your implication. I run Fedora (and Windows) on all the laptops I own.
Most people I know have laptops and smart phones; only the youngest use their smart phones for email.
Possibly. I changed because CentOS-6 changed to postfix as default, and I would generally follow the default on any system I was using. That does not alter the fact that the changeover was more difficult or at least more time-consuming than it should have been, due in my opinion to bad documentation.
I don't agree with everything in http://stevelosh.com/blog/2013/09/teach-dont-tell/ but I certainly think he is on the right side of the fence.
Are they? I would say that most people I know have misgivings about gmail.
Yes, we obviously live in different universes. I don't know anyone who downloads newsgroups to a NAS device.
--------------------------- [tim@rose ~]$ dig gayleard.eu
;; ANSWER SECTION: gayleard.eu. 3600 IN A 79.51.59.112 --------------------------- [tim@alfred postfix]$ diff main.cf main.cf.orig 77d76 < myhostname = alfred.gayleard.eu 85d83 < mydomain = gayleard.eu 102d99 < myorigin = $mydomain ---------------------------
On 09/13/2013 04:34 PM, Timothy Murphy wrote:
on my personal environment, no. On my professional life, all the time.
Do you mean that all the people you know are running Windows or MacOS? Or do you mean you don't know anyone with a laptop?
o god.
The fact you do not understand the documentation does not mean it is bad. The default postfix in centos does basically nothing. Because there is no standard setting for postfix (it is too versatile), e-mail administrators are expected to know what they are doing. If you do not want to spend the time learning that, just use your isp e-mail or one of the free and numerous cloud e-mail providers.
you obviosly have never heard of nzb. Never mind.
that is the host *gayleard.eu*, not *alfread.gayleard.eu* which incidentally was your myhostname declaration.
Do you see the difference? Your host alfred.gayleard.eu does NOT exist. And your mx record is mail.gayleard.eu, why don't you use that in your myhostname declaration?
On Fri, Sep 13, 2013 at 10:18 AM, natxo asenjo natxo.asenjo@gmail.com wrote:
The fact you do not understand the documentation does not mean it is bad.
It is pretty good evidence that swapping it as the default because 'sendmail is hard' was misguided, though. Sendmail works and isn't particularly hard if you stick to the sendmail.mc settings and milters.
Everyone needs to send mail. Lots of unix/linux programs are configured to hand off to sendmail whether you do it personally or not. Postfix comes with enough sendmail emulation to accept that mail, but then what?
Exactly. But where is the concise how-to to make that work?
Misgivings? I have misgivings about anything sent over the internet but nothing specific against gmail. I wouldn't try to plot a violent revolution there, but that's not a big concern for me and they've been more reliable than anything I could throw together at home.
This point isn't specific to postfix - it is just the current state of affairs that most places arbitrarily reject email if the From: address doesn't resolve in DNS - and for a large assortment of other arbitrary reasons.
On Sep 13, 2013 7:02 PM, "Les Mikesell" lesmikesell@gmail.com wrote:
On Fri, Sep 13, 2013 at 10:18 AM, natxo asenjo natxo.asenjo@gmail.com
wrote:
Hardly.
Postfix works and isn't particularly hard if you take the time to read and understand the docs.
The point is, an mta is something you need to set up. Be it sendmail, exim, postfix or exchange.
then you set it up. Nothing shocking here. This is a normal step in provisioning a host. It's like not specifying an alias for the local root account to send system messages somewhere else where they get read. and the local root account accumulates messages nobody reads. Then you login to run some maintenance and the first thing you see is 20000 unread messages.
RTFM :-)
It is not that hard: http://www.postfix.org/BASIC_CONFIGURATION_README.html%27What delivery method: direct or indirect'.
Or http://lmgtfy.com/?q=postfix+how+to+send+mail+through+isp if you think the docs are hard to find, then you get a link to the postfix.org site http://www.postfix.org/SOHO_README.html where you can read 'Enabling SASL authentication in the Postfix SMTP/LMTP client' to relay e-mail to another server with authentication enabled. Very easily explained.
Of course you can always find an obscure howto somewhere on the net and then complain that it does not work. I prefer to stick with the official docs.
Running an internet facing stmp server is another matter. But running postfix with a smarthost is a piece of cake.
Natxo Asenjo wrote
1. If you are referring to me, I have explained several times that I was following the CentOS document http://wiki.centos.org/HowTos/postfix which as far as I can see is the main CentOS document on this subject. Have you overlooked the fact that you are posting to a centos newsgroup?
2. I did not say that "it does not work". In fact I explicitly said that everything in it worked, except a reference to 2 obsolete RPMs.
I did suggest that it should contain a reference to what you call "postfix smarthost".
3. You seem to specialize in deliberately misreading what people say. I suggest that you try instead to answer queries instead of asserting that the people who ask them must be stupid. Nothing you have said has been the slightest help to me, whereas almost everyone else has said something of interest.
On Fri, Sep 13, 2013 at 1:19 PM, Natxo Asenjo natxo.asenjo@gmail.com wrote:
Neither was sendmail.
No, but it won't work with gmail... I don't think it would even work with Comcast any more.
On 09/13/2013 11:52 PM, Les Mikesell wrote:
and where is in the centos wiki or in the redhat documentation or in the sendmail documentation the info to accomplish that? Do you care to give me a url to those (un)official sources? In the sendmail doc I can find how to use tls and certificates, but so can I in the postfix docs. There is no copy paste settings for gmail to accept my email.
I don't think it would even work with Comcast any more.
I do not use comcast but the above method works perfectly on my broadband cable connection in The Netherlands (UPC). In fact, I do not even have to authenticate because I am allowed to simply relay from my home ip.
natxo asenjo wrote:
alfred.gayleard.eu does exist. It is the name of my server. /etc/postfix/main.cf asks you for your host name and your domain name. It does not ask you for your mx record. If as you imply it actually wants my mx record, would it not be simpler to ask for that?
Incidentally, that was not the cause of the problem, as I tried with several entries to myhostname, including gayleard.eu, and the From address was set to localhost.localdomain in all cases.
On Thu, Sep 12, 2013 at 3:33 PM, Timothy Murphy gayleard@eircom.net wrote:
It would have been helpful, if you had described briefly what was your sendmail setup e.g. relaying mail through smart host, authenticating local users before allowing relay etc.
What is the harm in trying out and finding for yourself? Postfix's main.cfhas all the conceivable configuration that most sites would deploy.
+1 to everyone's responses.
I would suggest read the overview doc to see how the various modules work together http://www.postfix.org/OVERVIEW.html
I abandoned sendmail and switched to postfix a long time ago and was glad that RHEL6/CentOS6 has switched to it as the default MTA. I found postfix documentation easier to follow. As with any software package, I budgeted time for a little trial and error got it working for my requirements.
Alternately, you can try iRedMail. It is a collection of scripts that checks and installs all the requisite packages for an email server with pop3+imap support + RoundCube web mail; it supports CentOS6.
Try it if you don't want to muck around hand editing conf files. iRedMail details http://www.iredmail.org/
HTH,
Arun Khan wrote:
As I recall - I set up sendmail on my 2 servers many years ago - I did nothing beyond changing the SMART_HOST setting in sendmail.mc.
Actually, I now have postfix/amavis/clamd/spamassassin working fine. But the setup was several orders of magnitude more complicated than setting up sendmail/procmail/spamassassin .
This is confirmed in my mind by the suggestions I received - someone specified 2 books on Postfix I should read, someone else advised me to pay someone to set it up.
Obviously the postfix.org documentation is not directed at those - like me - trying to set up a simple home-network.
-
Arun Khan -
Brian Mathis -
Carl T. Miller -
george -
John R Pierce -
Les Mikesell -
natxo asenjo -
Ned Slider -
Patrick Lists -
Timothy Murphy