[CentOS] Postfix setup

Tue Mar 12 04:23:50 UTC 2013
Robert Moskowitz <rgm at htt-consult.com>

On 03/11/2013 10:30 PM, Austin Einter wrote:
> Dear Robert Moskowitz
> The link 
> */http://campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServer/*you 
> suggested is working great for me so far.
>
> At one point it says
>
>
>       Configuring Postfix
>
> Here we go with more config files. You'll have to be sure to change 
> some settings to match your host. The config files will have sections 
> commented out. Don't worry about it. These sections are for 
> spam/virus/sympa configuration. Just copy and past to create the 
> config files. What ever you see here replaces what already exists.
>
> The main postfix config files.
> /etc/postfix/main.cf <http://main.cf>
>

Definately something wrong here.  as root:

grep post install.log

You should see (for Centos 6.3):

Installing postfix-2.6.6-2.2.el6_1.i686

or x86_64 based on architecture.  This creates all the postfix default 
files.  Or install postfix via yum.
>
>
> When I checked, I did not find any folder postfix in my /etc path. 
> Even I searched the whole machine, I did not get main.cf 
> <http://main.cf> anywhere.
> Does it mean that I have done some mistake somewhere in earlier steps.
>
> Even, in main.cf <http://main.cf> file given in above link has an 
> entry as below.
>
> *daemon_directory = /usr/libexec/postfix*
>
> But in my machine I do not see any postfix folder in path 
> /usr/libexec. However I found /var/lib/postfix folder. So should I use
> /var/lib/postfix instead of */usr/libexec/postfix*.

All the postfix directories in that howto work, but I did not go with 
his 'use my main.cf'  I studied it, using postconf and created a script 
containing:


# postfix config file

# uncomment for debugging if needed
#postconf -e 'soft_bounce=yes'

# postfix main
postconf -e 'delay_warning_time = 4'

# network settings
postconf -e 'inet_interfaces = all'
postconf -e 'mydomain = mailserver.domain.com'
postconf -e 'myhostname = mail.mailserver.domain.com'
postconf -e 'mynetworks = $config_directory/mynetworks'
postconf -e 'relay_domains = 
proxy:mysql:/etc/postfix/mysql-relay_domains_maps.cf'

# mail delivery
postconf -e 'recipient_delimiter = +'

# mappings
postconf -e 'alias_maps = hash:/etc/aliases'
postconf -e 'transport_maps = hash:/etc/postfix/transport'

# virtual setup
postconf -e 'virtual_alias_maps = 
proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, 
regexp:/etc/postfix/virtual_regexp'
postconf -e 'virtual_mailbox_base = /home/vmail'
postconf -e 'virtual_mailbox_domains = 
proxy:mysql:/etc/postfix/mysql-virtual_domains_maps.cf'
postconf -e 'virtual_mailbox_maps = 
proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf'
postconf -e 'virtual_mailbox_limit_maps = 
proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf'
postconf -e 'virtual_minimum_uid = 101'
postconf -e 'virtual_uid_maps = static:101'
postconf -e 'virtual_gid_maps = static:12'
postconf -e 'virtual_transport = dovecot'
postconf -e 'dovecot_destination_recipient_limit = 1'

# authentication
postconf -e 'smtpd_sasl_auth_enable = yes'
# postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'smtpd_sasl_local_domain = $myhostname'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_type = dovecot'
postconf -e 'smtpd_sasl_path = private/auth'

# tls config
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtp_tls_session_cache_database = 
btree:$data_directory/smtp_tls_session_cache'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_security_level = may'
postconf -e 'smtpd_tls_session_cache_database = 
btree:/var/lib/postfix/smtpd_scache'
# Change mail.example.com.* to your host name
postconf -e 'smtpd_tls_key_file = 
/etc/pki/tls/private/mailserver.domain.com.key'
postconf -e 'smtpd_tls_cert_file = 
/etc/pki/tls/certs/mailserver.domain.com.crt'

cat <<EOF>>main.cf || exit 1
# rules restrictions
smtpd_recipient_restrictions = permit_sasl_authenticated,
         permit_mynetworks,
         reject_unauth_destination,
     reject_non_fqdn_sender,
         reject_non_fqdn_recipient,
         reject_unknown_recipient_domain
# uncomment for realtime black list checks
#    ,reject_rbl_client zen.spamhaus.org
#    ,reject_rbl_client bl.spamcop.net
#    ,reject_rbl_client dnsbl.sorbs.net
EOF

postconf -e 'smtpd_helo_required = yes'
postconf -e 'disable_vrfy_command = yes'
postconf -e 'smtpd_data_restrictions = reject_unauth_pipelining'

============================================

that append above addresses that postconf cannot handle continues. You 
can replace it with a single line command; I like the multiline formatting.

If you want more help, let's take it off list.  I am at IETF in Orlando 
right now, and IEEE 802 next week, then Passover after that, so my 
posting speeds will vary.