How to install Postfix
Postfix is an MTA (Mail Transfer Agent) for sending and receiving emails. It was developed due to the short coming found in Sendmail. The difference between the Postfix and Sendmail is that Postfix is very easy to install and configure, while sendmail on the other hand is a bit hard to work with and difficult to troubleshoot. The reason behind this is that sendmail is a single process or single binary which combines all its functions and modules built in it, so this single daemon should always be running. Postfix comes with different independent modules, responsible for delivery routing messaging and filtering etc. these modules are separate entity independent of postfix such as SMTP client, SMTP Daemon, and applications like cleanup, trivial re-write, queue manager (qmgr), pipe, local, pickup and maildrop, all interacting with each other to make a fully fledged email server.
Post has support for Regular expression such as Perl regular expression which we’ll talk about it later in this article.
Postfix Block Diagram
The image below show the email delivery process both local and remote messages.
Master Daemon & Master Configuration file
The most important file of postfix is the master daemon; it is the kernel of the postfix, which is control by master.cf file. The daemon file runs in the
background all the time when you invoke postfix and is responsible to spawn other binaries on demand like mail queues, bounce, errors, cleanup and smtp etc
e.g. when master starts it may initially spawn smtpd to bind port 25.
You can check the master file when it is running in the background using the command:
[root@local~]#ps ax | grep master
3217 ? Ss 0:00 /usr/libexec/postfix/master
The output of this command shows the master file running in daemon directory which is in our case /usr/libexec/postfix/ which resides all the other daemons
like smtpd etc. the 3217 is the process ID you can use process ID to close any running process using kill command.
[root@local~]#kill -9 3217
this will close down the master daemon.
The master configuration file or master.cf file control the operation of master daemon. The master.cf configuration file defines how a client program
connects to a service, and what daemon program runs when a service is requested. You can check the content of the master.cf by using vi editor
[root@local~]#vi /etc/postfix/master.cf # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (50) # ========================================================================== smtp inet n - n - - smtpd #smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes #submission inet n - n - - smtpd # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes #628 inet n - n - - qmqpd pickup fifo n - y 60 1 pickup cleanup unix n - y - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - y 300 1 nqmgr #tlsmgr fifo - - n 300 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce flush unix n - y 1000? 0 flush smtp unix - - y - - smtp showq unix n - y - - showq
You can see in this configuration file lists all other daemons like smtpd, rewrite, flush, etc that invokes when master process starts. These are invoked
when they needed. The master configuration file also tells you whether a process is running as chrooted or not. You can control the master daemon using
master.cf file.
A brief explanation of core processes.
smtpd: this is a smtp server. It binds on smtp port 25 and is responsible to receive messages from internet and place in the incoming queue
passing through cleanup process.
cleanup: process incoming messages headers and place messages in incoming queue.
pickup: Postfix local mail pickup – pick mails from maildrop directory and forward it to cleanup process.
local: this program is responsible to send messages destined for local users, but before send it to local mailbox, the local program first check
the aliases table and also check if there is any .forward file in his home directory
error: it is responsible to processes message delivery requests from qmgr, and force the message to bounce. Every request contains queue file, sender
address, the reason for non-delivery, and recipient information.
bounce: this process send the original message back sender when the message is not deliverable and place a log in bounce message queue.
pipe: this program forward messages to other local mail systems in local server.
postdrop: to avoid security risk maildrop queue is only writable to postdrop and not writable by sendmail or any other normal users, so the sendmail
then must pass the messages to postdrop first and then postdrop will move the message to maildrop queue.
showq: Reports postfix mail queue status
smtp: smtp client uses smtp protocol to send messages to outside mail servers.
trivial-rewrite: this receives messages from cleanup and check if the headers are in right format for qmgr binary.
qmgr: process messages in the incoming queue and decide how to deliver, each message is received from incoming queue and placed in the active message
queue fro further processing.
Downloading, compiling and installing postfix
There are several ways to install postfix
• You can install postfix by downloading the source file which is normally in tar.gz format, you need to compile and then install (make, make install) it.
• You can also install the postfix using yum utility. The yum utility will download the binary from the postfix website, and will install it on your
machine; you’ll need to connect your Linux box to the internet. So all you need is to run the command: yum –y install postfix. You don’t need to compile it
in this way.
• You can also check the postfix to install while installing Linux from CD or DVD or from Local Drive.
Let’s download the postfix source file and then compile & install it. Go to the postfix download website http://www.postfix.org/download.html and choose
your closest mirror site.
The format of the file would be like postfix.a.b.c (postfix-2.5.1.tar.gz), major followed by minor followed by patch release. In this case (2.5.1) the major
is release version 2, the minor release is 5 and the patch level is 1
You should also download the PGP signature which is in our case is postfix-2.5.1.tar.gz.sig, same name as postfix source file but .sig at the end. Also
download the author or signer key which is wietse.pgp. All these files will be on the same site where you are downloading postfix source file.
So download these files:
• postfix-2.5.1.tar.gz
• postfix-2.5.1.tar.gz.sig
• wietse.pgp
Make a directory ‘postfix’ in your home folder and download the above files
[root@host /]# mkdir /usr/local/src/postfix [root@host /]# cd /usr/local/src/postfix/
Now download postfix source file using wget which will download the file and will save it in current directory
[root@host postfix]#wget http://postfix.it-austria.net/releases/official/postfix-2.5.1.tar.gz –18:39:05– http://postfix.it-austria.net/releases/official/postfix-2.5.1.tar. gz Resolving postfix.it-austria.net… 213.150.9.191 Connecting to postfix.it-austria.net|213.150.9.191|:80… connected. HTTP request sent, awaiting response… 200 OK Length: 3153629 (3.0M) [application/x-gzip] Saving to: `postfix-2.5.1.tar.gz’ 100%[=======================================>] 3,153,629 238K/s in 13s 18:39:18 (236 KB/s) - `postfix-2.5.1.tar.gz’ saved [3153629/3153629] [root@host postfix]#
Now download the signature file
[root@host postfix]# wget http://postfix.it-austria.net/releases/official/postfi x-2.5.1.tar.gz.sig
And also download the wietse.pgp key
wget http://postfix.it-austria.net/releases/wietse.pgp
I’m using putty software to login to linux server remotely because the machine is in remote place.
GNU Privacy guard – GPG is compatible with PGP (Pretty Good Privacy)
To check gpg key install on your machine, type the following command
#gpg --list-keys [root@host postfix]# echo $? 0 [root@host postfix]#
In our case we don’t have any key installed as its fresh installation.
[root@host postfix]#gpg –import wietse.pgp
This will import the wietse pgp key and will output
[root@host postfix]# gpg –import wietse.pgp gpg: keyring `/root/.gnupg/secring.gpg’ created gpg: key C12BCD99: public key “Wietse Venema <wietse@porcupine.org>” imported gpg: key D5327CB9: public key “wietse venema <wietse@porcupine.org>” imported gpg: Total number processed: 2 gpg: imported: 2 (RSA: 2) gpg: no ultimately trusted keys found
now check the imported gpg key using the command
[root@host postfix]#gpg –list-keys #echo $?
It will show you the imported key
[root@host postfix]# gpg –list-keys /root/.gnupg/pubring.gpg ———————— pub 2048R/C12BCD99 2005-02-28 uid Wietse Venema <wietse@porcupine.org> pub 1022R/D5327CB9 1992-09-25 uid wietse venema <wietse@porcupine.org> uid wietse venema <wietse@wzv.win.tue.nl> [root@host postfix]#
Now verify the signature
[root@host postfix]# gpg –verify postfix-2.5.1.tar.gz.sig postfix-2.5.1.tar.gz gpg: Signature made Sun 17 Feb 2008 01:45:26 AM GMT using RSA key ID C12BCD99 gpg: Good signature from “Wietse Venema <wietse@porcupine.org>” gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: FF 96 4A 8C 96 88 7C 6E A4 EF AD BF 48 34 E1 BB
If you see Good signature that means everything is fine so far. Let move on to next process of extracting and compiling postfix.
Extracting Postfix
[root@host postfix]# tar -xvzf postfix-2.5.1.tar.gz
This will extract all the postfix files into a newly created folder named postfix-2.5.1
Check if any other mail program is using installed or using port 25
[root@host postfix]# netstat -ntlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 1945/hpiod tcp 0 0 127.0.0.1:34827 0.0.0.0:* LISTEN 1950/python tcp 0 0 0.0.0.0:684 0.0.0.0:* LISTEN 74/rpc.statd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1754/portmap tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1960/cupsd tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 232/sendmail tcp 0 0 :::22 :::* LISTEN 1969/sshd tcp 0 0 ::1:631 :::* LISTEN 1960/cupsd
in our case sendmail is running on port 25, so stop sendmail using the command
[root@host postfix]# /etc/init.d/sendmail stop
Now disable sendmail from being started at boot
[root@host postfix]# chkconfig –levels 235 sendmail off
Check if sendmail rpm is installed
[root@host postfix]# rpm –qa | grep sendmail
If you find sendmail install on your machine its good to uninstall it by using the –e option with rpm command
[root@host postfix]# rpm –e sendmail
Now move on to postfix installation folder
[root@host postfix]# cd postfix-2.5.1
It’s a good idea to run postfix not as root, infact we’l make a user by the name of postfix, so postfix will use the user postfix to run, so lets add a group
first
[root@host postfix]#groupadd postfix
You may get a message groupadd: group postfix exists, its ok because some linux distribution already come with postfix user and group, you can check it in
/etc/groups.
[root@host ~]# cat /etc/group | grep postfix postfix:x:89:
so the group exists now add postfix user
[root@host ~]# useradd -g postfix -s /sbin/nologin postfix useradd: user postfix exists [root@host ~]#
In our case the user already exist, let me explain the above command, which I made it colored for explanation. useradd is linux command to add user, -g will
force the user to add in a postfix group, -s indicate the shell, if we don’t mention it, by default it will give the user the default shell, e.g. bash or
whatever is your default shell, in our case the user postfix shell is /sbin/nologin mean this shell doesn’t exists so the user postfix can’t login to shell,
we don’t want to give extra permissions, the fewer permissions the better. And at the end of the command is postfix which is the user.
Compile postfix by issuing make command
[root@host postfix]# make
We really don’t need to compile it, we just run make file which will convert the C files into binaries
Note: if you are prompted with error like
Noinclude file found. Install the appropriate db*-devel package first. See the RELEASE_NOTES file for more information. make: *** [Makefiles] Error 1 make: *** [Makefiles] Error 2
it means you don’t have Berkley database installed on your computer, so install it using the following command.
[root@host postfix]#yum install db4*
And try again, if again you are prompted with error like
makedefs: line 309: gcc: command not found make: *** [Makefiles] Error 1 make: *** [Makefiles] Error 2
this means you don’t have c or c++ compiler installed, so install it using the following command
[root@host postfix-2.5.1]#yum install gcc gcc-c++
And then try it will work
Now we need to run ‘make install’ which will place postfix to its specific locations, means this will install postfix
[root@host postfix]# make install
It will prompt us for a few questions; just press enter to accept the default locations
Install_root: [/] (just press enter to accept the default root location)
Select the default option for all the prompted options and that’s it postfix is installed now.
Now start postfix
[root@host postfix-2.5.1]# /etc/init.d/postfix start Starting postfix: [ OK ] [root@host postfix-2.5.1]#
You can also start postfix by using the following command
[root@host postfix-2.5.1]#postfix start
Check the ports, You should see the master file running on port 25
[root@host postfix-2.5.1]# netstat -ntpl
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 18775/master
0.0.0.0 means postfix is listening on all the interfaces of your machine on port 25. 18775 is the PID (process ID)
Now try to send a test email
root@host postfix-2.5.1]# sendmail -v emailaddress@gmail.com subject: testing email This is test message body . emailaddress@gmail.com... Connecting to [127.0.0.1] via relay… 220 host.domain.tld ESMTP Postfix >>> EHLO host.domain.tld 250-host.domain.tld 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN >>> MAIL From:<root@host.domain.tld> SIZE=50 250 2.1.0 Ok >>> RCPT To:<emailaddress@gmail.com> >>> DATA 250 2.1.5 Ok 354 End data with <CR><LF>.<CR><LF> >>> . 250 2.0.0 Ok: queued as CC9FFBF4A0 emailaddress@gmail.com… Sent (Ok: queued as CC9FFBF4A0) Closing connection to [127.0.0.1] >>> QUIT 221 2.0.0 Bye [root@host postfix-2.5.1]#
Check the status of the email in log file
[root@host postfix-2.5.1]#tail /var/log/maillog
and if you see status=sent this means the email has been sent successfully.
So far so good the email has been sent to external email but you will not get any incoming emails yet because we still has to do lot. If you receive that
email on external account and check the headers it will show you the sender is root@localhost.localdomain or in our case root@host.domain.tld host.domain.tld
is our localhostname of our machine. But we will change the hostname and other domain settings in main.cf file
so you have installed and test your postfix MTA, but now you need to configure postfix for external emails and setting postfix smtp authentication using SASL and spam filtering using spamassasin. For doing all these soon i will publish another article here. Please let us know about any problem you face during installing postfix, i will try to reply as soon as posible. Hope this helps you, Please write comments/Critics/suggestions and correct me if I’m wrong. Thanks for visiting