. 1 Postfix configuration file structure
The Postfix configuration file is located in/etc/Postfix. After the Postfix is installed, you can run the LS command to view the Postfix configuration file:
[Root @ mail Postfix] # ls
Install. Cf main. Cf master. Cf postfix-script
These four files are the most basic configuration files for Postfix. Their differences are as follows:
Mail. Cf: The main configuration file of Postfix.
Install. Cf: contains the Postfix initialization settings generated by the installer during installation.
Master. Cf: the configuration file of the Postfix master process. Each row in this file is used to configure the running mode of the Postfix component process.
Postfix-Script: Some Postfix commands are encapsulated so that we can safely execute these Postfix commands in Linux.
4.2 basic Postfix Configuration
The Postfix contains about 100 configuration parameters, which can be specified by main. Cf. The configuration format is as follows: connect parameters and parameter values with equal signs. For example:
Myhostname = mail.mydomain.com
On the left of the equal sign is the parameter name, and on the right of the equal sign is the parameter value. Of course, you can add $ before the parameter to reference this parameter, for example:
Myorigin = $ myhostname
Although Postfix has about 100 parameters, Postfix sets the default value for most parameters. Therefore, you only need to configure a few parameters before making Postfix work for you. Let's take a look at these basic Postfix parameters. Note that once you change the content of the Main. cf file, you must run the Postfix reload command to make it take effect.
1. myorigin
The myorigin parameter specifies the domain name of the sender. If your user's email address is user@domain.com, this parameter specifies the domain name after. By default, Postfix uses the local host name as myorigin, but it is recommended that you use your domain name because it is more readable. For example, if the host where Postfix is installed is mail.domain.com, you can specify myorigin as follows:
Myorigin = domain.com
Of course, we can also reference other parameters, such:
Myorigin = $ mydomain
2. mydestination
The mydestination parameter specifies the Domain Name of the recipient when the Postfix receives the mail. In other words, it is the mail to be received by your Postfix system. For example, if your user's email address is user@domain.com, that is, your domain is domain.com, then you need to receive all emails whose recipients are user_name@domain.com. Like myorigin, Postfix uses the local host name as mydestination by default. For example:
Mydestination = $ mydomain
Mydestination = domain.com
3. policy_classes
In the Postfix system, you must specify a postfix System Administrator's alias to point to a user,
Only in this way can users report objects when they encounter problems, and postfix can report system problems to administrators. The policy_classes parameter is used to specify the information level when an error is reported to the Postfix administrator. There are several levels:
Bounce: Send a copy of an undeliverable email to the Postfix administrator. For the sake of personal privacy, the copy of this email does not contain a letter header.
2 bounce: Copy two undeliverable emails and send them to the Postfix administrator.
Delay: Send the delayed delivery information of the email to the Postmaster, which only contains the header.
Policy: Send user requests rejected due to UCE rules to the Postfix administrator, including the content of the entire SMTP session.
Protocol: Send protocol error messages or records of commands that are not supported by the user attempt to be executed to the Postfix administrator. It also contains the content of the entire SMTP session.
Resource: sends the error messages that cannot be delivered due to resource errors to the Postfix administrator, for example, queue file write errors.
Software: sends undeliverable error messages due to software errors to the Postfix administrator.
The default value is:
Policy_classes = resource, software
4. myhostname
The myhostname parameter specifies the Host Name of the host running the Postfix mail system. By default, this value is set to the local machine name. You can also specify this value. Note that you must specify the complete host name. For example:
Myhostname = mail.domain.com
5. mydomain
The mydomain parameter specifies your domain name. By default, Postfix deletes the first part of myhostname as the value of mydomain. You can also specify this value by yourself, for example:
Mydomain = domain.com
6. mynetworks
The mynetworks parameter specifies the network address of your network. The Postfix system determines whether the user is remote or local based on the value. If the user is a local network, the user is allowed to access the network. You can use standard A, B, and C network addresses, or CIDR (classless Inter-Domain Routing) addresses, for example:
192.168.1.0/24
192.168.1.0/26
7. inet_interfaces
The inet_interfaces parameter specifies the network interface that the Postfix system listens. By default, Postfix listens to all network interfaces. If your Postfix runs on a virtual IP address, you must specify the address it listens. For example:
Inet_interfaces = all
Inet_interface = 192.168.1.1
4.3 Postfix UCE (unsolicited commercial email) Control
The so-called UCE control is to control the position where the Postfix receives or forwards emails.
By default, Postfix forwards emails that meet the following conditions:
* Emails from clients whose IP addresses comply with $ mynetworks.
* Emails from clients whose host names match $ relay_domains and their subdomains.
* Email with the destination of $ relay_domains and its subdomains.
By default, Postfix accepts emails that meet the following conditions:
* Email with the destination of $ inet_interfaces.
* Email with the destination of $ mydestination.
* Email with the destination of $ virtual_maps.
However, we can also use the following rules to implement more powerful control functions.
1. mail header Filtering
You can use the header_checks parameter to restrict the format of the header for receiving an email. If the format meets the specified format, you are not allowed to receive the email. You can specify one or more query lists. If the new mail header matches one of the list, the recipient is rejected. For example:
Header_checks = Regexp:/etc/Postfix/header_checks
Header_checks = PCRE:/etc/Postfix/header_checks
By default, Postfix does not filter the header.
2. Client host name/address Restriction
You can use the smtpd_client_restrictions parameter to restrict the host name or IP address of the client that initiates an SMTP connection to the Postfix. One or more parameter values can be specified, separated by commas. The restriction rules are executed in the query order, and the first rule that meets the conditions is executed. Available rules include:
Reject_unknown_client: if the client's IP address does not have PTR records in the DNS, the client's connection request is rejected. You can use the unknown_client_reject_code parameter to specify the error code returned to the client (450 by default ). Do not enable this option if a user does not make DNS records.
Permit_mynetworks: if the client's IP address meets the range defined by the $ mynetworks parameter, it accepts the client's connection request and forwards the email.
Check_client_access maptype: mapname: searches for access databases based on the client's host name, parent domain name, IP address, or network. If the search result is reject or '[45] XX text', the client's connection request is rejected. If the search result is OK, relay, or number, the client's connection request is accepted, and forward the email .. You can use the access_map_reject_code parameter to specify the error code returned to the client (554 by default ).
Reject_maps_rbl: if the client's network address meets the value of $ maps_rbl_domains, the client's connection request is rejected. You can use the maps_rbl_reject_code parameter to specify the error code returned to the client (554 by default ).
Example:
Smtpd_client_restrictions = hash:/etc/Postfix/access, reject_maps_rbl
Smtpd_client_restrictions = permit_mynetworks, reject_unknown_client
The default value of this parameter is:
Smtpd_client_restrictions =
That is, receiving SMTP connections from any client.
3. Whether to request the HELO command
You can use the smtpd_helo_required parameter to specify whether the client sends a HELO command at the beginning of the SMTP session. You can specify the value of this parameter as yes or no. The default value is:
Smtpd_helo_required = No
4. Helo host name restrictions
You can use the smtpd_helo_restrictions parameter to specify the host name that the client sends to postfix when executing the HELO command. By default, Postfix receives any form of host name sent by the client. One or more parameter values can be specified, separated by commas. The restriction rules are executed in the query order, and the first rule that meets the conditions is executed. Available rules include:
Reject_invalid_hostname: if the host name parameter in the HELO command does not comply with the syntax, the client connection request is rejected. You can use the invalid_hostname_reject_code parameter to specify the error code returned to the client (501 by default ).
Permit_naked_ip_address: RFC requires that the IP address contained in the client's HELO command be placed in square brackets. You can use the permit_naked_ip_address parameter to cancel this restriction. Some mail clients do not comply with the RFC rules.
Reject_unknown_hostname: if the host name when the client executes the HELO command does not have a or MX record in the DNS, the connection request of the client is rejected. You can use the invalid_hostname_reject_code parameter to specify the error code returned to the client (450 by default ).
Reject_non_fqdn_hostname: if the host name of the client when the HELO command is executed is not the complete Domain Name Defined in RFC, the client connection request is rejected. You can use the invalid_hostname_reject_code parameter to specify the error code returned to the client (504 by default ).
Check_helo_access maptype: mapname: Search for the ACCESS database based on the client's helo host name and parent domain name. If the search result is reject or '[45] XX text', the client's connection request is rejected. If the search result is OK, relay, or number, the client's connection request is accepted. You can use the access_map_reject_code parameter to specify the error code returned to the client (554 by default ).
Example:
Smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname
5. RFC 821 header restrictions
RFC 821 strictly specifies the mail header, but Sendmail is not widely used.
With this rule, we can only say no to this parameter, that is:
Strict_rfc821_envelopes = No
6. Use the sender address to restrict
You can use the smtpd_sender_restrictions parameter to restrict the address provided by the sender when executing the mail from command. One or more parameter values can be specified, separated by commas. The restriction rules are executed in the query order, and the first rule that meets the conditions is executed. Available rules include:
Reject_unknown_sender_domain: if the host name provided by the mail from command does not have a or MX record in the DNS, the client's connection request is rejected. You can use the unknown_address_reject_code parameter to specify the error code returned to the client (450 by default ).
Check_sender_access maptype: mapname: Search for the ACCESS database based on the host name and parent domain provided by the mail from command. If the search result is reject or '[45] XX text', the client's connection request is rejected. If the search result is OK, relay, or number, the client's connection request is accepted. You can use the access_map_reject_code parameter to specify the error code returned to the client (554 by default ). You can use this parameter to filter messages from some undesirable senders.
Reject_non_fqdn_sender: if the host name provided by the mail from command is not the complete Domain Name Defined in RFC, the client connection request is rejected. You can use the non_fqdn_reject_code parameter to specify the error code returned to the client (504 by default ).
By default, Postfix accepts emails from any sender.
Example:
Smtpd_sender_restrictions = hash:/etc/Postfix/access, reject_unknown_sender_domain
7. Filter by recipient address
You can use the smtpd_recipient_restrictions parameter to restrict the address provided by the sender when executing the rcpt to command. The default value is:
Smtpd_recipient_restrictions = permit_mynetworks, check_relay_domains
One or more parameter values can be specified, separated by commas. The restriction rules are executed in the query order, and the first rule that meets the conditions is executed. Available rules include:
Check_relay_domains: if the following conditions are met, the SMTP connection request is accepted. Otherwise, the connection is rejected. You can use the relay_domains_reject_code parameter to specify the error code returned to the client (default: 504 ).
* The client host name conforms to $ relay_domains and its subdomains.
* The destination is $ inet_interfaces, $ mydestination, or $ virtual_maps.
Permit_auth_destination: regardless of the client host name, as long as the following conditions are met
Accept SMTP connection requests:
* The resolved Destination Address conforms to $ relay_domains and its subdomains.
* The resolved Destination Address conforms to $ inet_interfaces, $ mydestination, or $ virtual_maps.
Reject_unauth_destination: regardless of the client's host name, the client's SMTP connection request is rejected as long as the following conditions are met:
* The resolved Destination Address conforms to $ relay_domains and its subdomains.
* The resolved Destination Address conforms to $ inet_interfaces, $ mydestination, or $ virtual_maps.
Check_recipient_access: searches for access databases based on the resolved Destination Address and parent domain. If the search result is reject or '[45] XX text', the client's connection request is rejected. If the search result is OK, relay, or number, the client's connection request is accepted. You can use the access_map_reject_code parameter to specify the error code returned to the client (554 by default ).
Reject_unknown_recipient_domain: if the recipient's email address does not have a or MX record in the DNS, the client's connection request is rejected. You can use the unknown_address_reject_code parameter to specify the error code returned to the client (450 by default ).
Reject_non_fqdn_recipient: If the address provided by the sender when executing the rcpt to Command
If the domain name is not complete, the SMTP connection request is rejected. You can use the non_fqdn_reject_code parameter to specify the error code returned to the client (504 by default ).
4.4 performance control of posftfix
The performance of Postfix is controlled to ensure that postfix can run normally in case of Mail storm. Generally, we can adjust the performance of Postfix by configuring the following Postfix parameters. after modifying the configuration file in the cf configuration file, do not forget to run the Postfix reload command to make the configuration take effect.
1. Process count limit
You can use the default_process_limit parameter to control the maximum number of processes that the Postfix system can run simultaneously. The default value is 50.
2. Restrictions on concurrent connections to the same target host
When an SMTP connection is sent to the same target host, the Postfix initializes two SMTP connections. If delivery is successful, the number of concurrent SMTP connections is increased, and the number of concurrent connections is reduced in case of congestion. The Postfix uses the following parameters to control concurrent connections to the same target host:
* Initial_destination_concurrency: controls the number of initiated concurrent connections to the same target host. The default value is 2.
* Default_destination_concurrency_limit: controls the maximum number of concurrent connections to the same target host after the connection is initialized. The default value is 10.
* Local_destination_concurrency_limit: controls the maximum number of mails simultaneously delivered to the same local recipient. The default value is 2. Because the shipping operation can only be performed one by one when the same local recipient delivers the mail, it is useless to set it to a large one.
3. Limit the number of recipients of the same Email
Use the default_destination_recipient_limit parameter to control the Postfix shipping proxy (such
SMTP process) the number of recipients that can send the same email. The default value is 50. You can also specify the parameters of the shipping agent to overwrite the default value. For example, smtpd_recipient_limit is used to specify the number of recipients that the SMTP shipping agent can send the same email to. The default value of this parameter is 1000.
4. Delayed Delivery Control
Through the defer_transports parameter, we can delay the delivery of the email specified by this parameter until the Postfix explicitly puts forward the Delivery request. Here is an example:
There is a small LAN where users send emails to a postfix email server inside the LAN, and then send the emails by dialing on the server. In this case, we can specify the value of this parameter as follows:
Defer_transports = SMTP
This statement indicates that Postfix delays delivery of all emails until the sendmail-Q command is executed, so that we can add sendmail-Q in the PPP script, in this way, after successful dialing, the Postfix starts to deliver the mail.