## Postfix (formerly VMailer): Another SMTP Alternative ## Mike Hoskins What is Postfix? Postfix represents an attempt to provide a secure, robust SMTP alternative to the popular Sendmail. Other Sendmail alternatives do exist (such as qmail), but Postfix represents a fresh start and originated from the highly-respected Wietse Venema. It, more than Sendmail, represents (IMO) the ideology behind UNIX - small programs with clear tasks working together to accomplish a goal. This 'separation of duties' methodology allows absolute minimum privilege to be maintained for each utility, thereby increasing system trust. A Word of Warning However sound the ideas and developmental merit behind Postfix, it is still 'Beta' software. I am currently running Sendmail on my production servers, and will continue to do so until Postfix moves out of its 'Beta' stages. My initial testing has earned Postfix very high regards on my part, but I still must remind any individuals wishing to give Postfix a try that 'Beta' software in production environments often leads to headaches. My testing and this article relate to the Jan 1 Beta, patch level 1. Getting Postfix Although a port is certainly underway, Postfix is primarily available as source code. You can get a list of ftp sites where it's available from http://www.porcupine.org/ftp-sites.html. Installation, A-Z I'm happy to report that installation went very well for me under FreeBSD 3.0-RELEASE. After downloading the tarball from my closest FTP mirror, I started things off by unpacking the source distribution: $ ls postfix-beta-19990122-pl01.tar.gz $ gunzip -cd p* | tar xf - $ ls postfix-beta-19990122-pl01 postfix-beta-19990122-pl01.tar.gz After moving into the newly created distribution directory, '0README' gave a brief overview of the Postfix project, and 'INSTALL' gave verbose install instructions. There are two main decisions to be made when installing Postfix. First, you must decide the extent of installation. Postfix can be configured to do any one of the following: Send mail only (no change to existing Sendmail installation). Send and receive mail via virtual host interface (no change to existing Sendmail installation). Replace Sendmail altogether. This article will detail my findings when attempting to Replace Sendmail altogether. All three options are detailed in the 'INSTALL' document, and I would suggest browsing through it to get an overview of the installation process. Secondly, you must decide the best configuration for Postfix' submission mechanism. Postfix uses a 'maildrop directory' where local users exchange messages. Postfix can be configured to use a world writable (sticky bit) maildrop directory or a SGID 'postdrop' script. Both options are detailed in the 'INSTALL' document, so I will not discuss them in detail here. It is enough to know that in this article, I will choose the SGID approach. FreeBSD is a natively supported architecture. From the distribution directory simply type 'make' and wait... $ make [compile-time output omitted] If you receive compiler error messages, you should consult the 'INSTALL' document and the Postfix FAQ. If all goes well, you should be returned to your command prompt after a few seconds. Postfix does not include any sort of automated install script. Due to the wide range of supported systems and relative complexity of the Postfix program, the developers choose to maintain a manual install procedure. In all of the following examples, I am going to be using default directory names. Most of these are configurable via environment variables, see 'INSTALL' for more information. Become the super-user, and execute the following commands from within the distribution directory: # mkdir /etc/postfix # chmod 755 /etc/postfix # cp ./conf/* /etc/postfix # chmod 644 /etc/postfix/* # chmod 755 /etc/postfix/postfix-script* This sets up the configuration directory (/etc/postfix) and copies all of the default configuration files from the distribution directory. Next, setup the spool directory: # mkdir /var/spool/postfix # chmod 755 /var/spool/postfix Next, we must create a place for the actual Postfix programs. 'INSTALL' recommends placing the programs in a separate directory, I chose /usr/bin/postfix/bin (you can choose any directory - so long as main.cf knows about it - as we'll see later). # mkdir /usr/bin/postfix/bin # cp ./bin/* /usr/bin/postfix/bin As with most new software, manual pages can often be a lifesaver. I placed the man pages into by /usr/bin/postfix hierarchy as follows: # mkdir /usr/bin/postfix/man # (cd man; tar cf - .) | (cd /usr/bin/postfix/man; tar xvf -) As with all examples, these should be executed from within the distribution directory. You may want to update your MANPATH so you can easily view the Postfix manual pages. To REPLACE Sendmail by Postfix, execute the following commands: # mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF # mv /usr/bin/mailq /usr/bin/mailq.OFF # mv /usr/bin/newaliases /usr/bin/newaliases.OFF # chmod 555 /usr/sbin/sendmail.OFF /usr/bin/mailq.OFF /usr/bin/newaliases.OFF Now that the old programs are moved out of the way, put the new ones in place as follows: # ln -s /usr/bin/postfix/bin/sendmail /usr/bin/postfix/bin/post* /usr/sbin # chmod 755 /usr/sbin/sendmail /usr/sbin/post* # ln -s /usr/sbin/sendmail /usr/bin/mailq # ln -s /usr/sbin/sendmail /usr/bin/newaliases 'INSTALL' suggests leaving the old Sendmail running for a couple days to ensure any unsent mail is graciously flushed. Before Postfix can be started, a few changes must be made to the main configuration file (/etc/postfix/main.cf). By default, all Postfix configuration files are in /etc/postfix and must be owned by root. The changes that must be made are simplistic and few... Also, all configuration parameters are verbosely commented in main.cf. First, you must specify the userid that owns Postfix. The default setting is 'postfix' ('mail_owner = postfix' around line 43 of main.cf). 'INSTALL' and the .cf file itself both point to the same piece of advice, "I would recommend that you create a dedicated user account 'postfix', that is not in the same group as other accounts. Make sure it is a locked account that no-one can log into. It does not need an executable login shell, nor does it need an existing home directory." This is paramount to Postfix' ability to add trust to a system. Since it places responsibility on the 'postfix' userid rather than the root account, system risk is significantly reduced. I added a 'postfix' user and group to my system as shown below: # grep postfix /etc/passwd postfix:*:65499:65499:Postfix user:/nonexistent:/sbin/nologin # grep postfix /etc/group postfix:*:65499:postfix Next, the 'myorigin' variable (around line 78) must be set. Using 'myorigin = $mydomain' works well for me (you may also set 'myorigin' to '$myhostname' - see main.cf for details). This simply says that mail originating on my system will be seen as 'user@mydomain'. Around lines 111-113, the 'mydestination' variable must be set. I chose the third, default option, 'mydestination = $myhostname, localhost.$mydomain, $mydomain, mail.$mydomain, www.$mydomain, ftp.$mydomain'. This tells Postfix what hostnames it is the final destination for. Two final options to tweak... 'program_directory' and 'queue_directory' must be set. For me, I set 'program_directory = /usr/bin/postfix/bin' and 'queue_directory = /var/spool/postfix' (if you chose to place your bin or queue directories elsewhere during the installation, you should edit these appropriately). Further configuration options are detailed on the Postfix web site, as well as in the 'html' directory under the main distribution directory, but are not necessary to start Postfix. Finally, before starting Postfix we must decide upon a delivery mechanism. As I said, I chose the non-sticky, SGID approach. To accomplish this, create a unique 'maildrop' group (definitely NOT a shared GID with the Postfix account!). I have the following: # grep maildrop /etc/group maildrop:*:65498: Once you've created the group, execute the following: # mkdir /var/spool/postfix/maildrop # chown postfix /var/spool/postfix/maildrop # chgrp maildrop /var/spool/postfix/maildrop /usr/bin/postfix/bin/postdrop # chmod 1730 /var/spool/postfix/maildrop # chmod 2755 /usr/bin/postfix/bin/postdrop # cd /etc/postfix # cp postfix-script-SGID postfix-script Once everything's setup and you're ready to stop the old SMTP process (Postfix will need to bind to port 25), execute Postfix with the 'start' argument: # /usr/bin/postfix/bin/postfix start The typical 'sendmail -bd -qXXm' format will work as well. Be sure to watch the syslog file for any complaints. When run for the first time, Postfix will create quite a few subdirectories below the Postfix spool directory. When you make modifications to any Postfix configuration file, issue the following: # /usr/bin/postfix/bin/postfix reload Summary Postfix has been running for a couple weeks now without any signs of problems. I'm currently testing it on a low-load, non-production site (www.antisocial.net). I do plan to migrate it to more production boxes soon, and would appreciate any comments from individuals in the FreeBSD community relating to such an endeavor. Newcomers to the Postfix project should take some time and peruse the www.postfix.org web site. There are numerous configuration options, including security and anti-UCE tweaks, discussed in detail on the Postfix Configuration pages. The FAQ, Overview and Anatomy pages are also quite informative. I firmly believe that those who take the time to master Postfix will be rewarded by a system or systems with significantly higher trust... Mike Hoskins