Mail setup tutorial - Postfix

1. Preparations
2. Courier IMAP
3. Cyrus SASL2
4. Postfix
5. Testing and startup
6. Setting up TLS
7. Squirrelmail
8. Spamassassin

This article assumes that you've followed the steps in the previous articles of this tutorial

Follow these instructions to install Postfix: (bold text is provided by you)

 cd /usr/ports/mail/postfix
 make WITH_MYSQL_VER=50 install clean distclean

........................ Postfix configuration options ........................
.                                                                             .
. Please select desired options:                                              .
. ........................................................................... .
. . [ ] NOPCRE    DISABLE Perl Compatible Regular Expressions               . .
. . [ ] SASL      Cyrus SASLv1 (Simple Authentication and Security Layer)   . .
. . [X] SASL2     Cyrus SASLv2 (Simple Authentication and Security Layer)   . .
. . [ ] SASLKRB   If your SASL requires Kerberos select this option         . .
. . [ ] SASLKRB5  If your SASL requires Kerberos5 select this option        . .
. . [ ] SPF       SPF support                                               . .
. . [X] TLS       SSL and TLS                                               . .
. . [ ] DB3       Berkeley DB3 (required if SASL also built with DB3)       . .
. . [ ] DB40      Berkeley DB4.0 (required if SASL also built with DB4.0)   . .
. . [ ] DB41      Berkeley DB4.1 (required if SASL also built with DB4.1)   . .
. . [ ] DB42      Berkeley DB4.2 (required if SASL also built with DB4.2)   . .
. . [ ] DB43      Berkeley DB4.3 (required if SASL also built with DB4.3)   . .
. . [X] MySQL     MySQL map lookups (choose version with WITH_MYSQL_VER)    . .
. . [ ] PgSQL     PostgreSQL map lookups (choose with DEFAULT_PGSQL_VER)    . .
. . [ ] OpenLDAP  OpenLDAP map lookups (choose ver. with WITH_OPENLDAP_VER) . .
. . [ ] NIS       NIS map lookups                                           . .
. ......v(+)................................................................. .
...............................................................................
.                           [  OK  ]       Cancel                             .
...............................................................................

 You need user "postfix" added to group "mail".
 Would you like me to add it [y]? y
 Would you like to activate Postfix in /etc/mail/mailer.conf [n]? y

Sendmail is the standard MTA of various UNIX platforms. Since I have chosen to use Postfix instead, I am disabling it:

Open  /etc/rc.conf  and add:

sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

Also disable some Sendmail-specific daily maintenance routines in your  /etc/periodic.conf   file (If you don't have a periodic.conf file in /etc, you should copy it from /etc/default/periodic.conf):

daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"

Find any running sendmail processes an kill them. Here's an example:

ps -ax | grep sendmail
440 ?? Ss 0:56.33 sendmail: accepting connections (sendmail)
444 ?? Is 0:00.81 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail)
kill -9 440
kill -9 444

Make a soft link in the rc.d/ directory (This might not be necessary in newer postfix versions. First check that there is not already a postfix file in the directory):

cd /usr/local/etc/rc.d
ln -s /usr/local/sbin/postfix postfix.sh

All mail will be stored in /usr/local/virtual. But this folder isn't automatically created, so let's do that:

cd /usr/local/
mkdir virtual
chown -R postfix:postfix virtual
chmod -R 751 virtual

FreeBSD generates daily mails with system information to the root user. You must redirect these mails to an actual mail account:

cd /etc/mail/
vim aliases

Find  root: me@my.domain  and correct the address to reflect one of the email accounts you've just createed in the mailbox table

Then you must run the newaliases command and make a soft link to aliases.db:

newaliases
ln -s /etc/mail/aliases.db /etc/aliases.db

If you have aliases.db in both /etc and /etc/mail you can just delete the one in /etc an then make the link.

main.cf

Now we move on to the postfix configuration file: main.cf

cd /usr/local/etc/postfix
vim main.cf

Change myhostname and mydomain, and uncomment the rest of the lines show here:

myhostname = example.domain.tld
mydomain = domain.tld
myorigin = $mydomain

mydestination = $myhostname, localhost.$mydomain, localhost
local_recipient_maps = unix:passwd.byname $alias_maps

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

home_mailbox = Maildir/

Insert this at the end of main.cf

# relay
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_non_fqdn_hostname,
  reject_non_fqdn_sender,
  reject_non_fqdn_recipient,
  reject_unauth_destination,
  reject_unauth_pipelining,
  reject_invalid_hostname,
  reject_rhsbl_client blackhole.securitysage.com,
  reject_rhsbl_sender blackhole.securitysage.com,
  reject_rbl_client relays.ordb.org,
  reject_rbl_client blackholes.easynet.nl,
  reject_rbl_client cbl.abuseat.org,
  reject_rbl_client bl.spamcop.net,
  reject_rbl_client sbl-xbl.spamhaus.org,
  reject_rbl_client opm.blitzed.org,
  reject_rbl_client dnsbl.njabl.org,
  reject_rbl_client list.dsbl.org,
  reject_rbl_client multihop.dsbl.org
	
# sasl authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous

# configuration related to MySQL.
virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:125
virtual_mailbox_base = /usr/local/virtual
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_limit = 51200000
virtual_minimum_uid = 125
virtual_transport = virtual
virtual_uid_maps = static:125

virtual_gid_maps, virtual_uid_maps and virtual_minimum_uid must reflect the values of user ID and group ID of the postfix user:

To make sure that you have the correct unix user- and group IDs for postfix, you can run  vipw  which will open the password file:

postfix:*:125:125::0:0:Postfix Mail System:/var/spool/postfix:/sbin/nologin

The third and fourth values of the above example is the user ID and group ID

Virtual maps

virtual_alias_maps, virtual_mailbox_domains and virtual_mailbox_maps each refers to a file. Create these files in  /usr/local/etc/postfix/  with the following content:

Remember to replace password width the password for the 'postfix' database user.

mysql_virtual_alias_maps.cf

user = postfix
password = password
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s'

mysql_virtual_domains_maps.cf:

user = postfix
password = password
hosts = localhost
dbname = postfix
query = SELECT description FROM domain WHERE domain='%s'

mysql_virtual_mailbox_maps.cf

user = postfix
password = password
hosts = localhost
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s'

Mailboxes