Principles and configurations of the Postfix Mail Service System

Working Principle and related concepts of POSTFIX

Postfix internal email receiving and sending Flowchart

The entire process is divided into three stages: receiving emails, queuing emails, and delivering emails. A group of independent Postfix components is responsible for each stage. After an email is received and entered into the Queue, the Queue Manager starts the appropriate MDA to send the email to the end.

How to enter the Postfix System

There are four channels for mail to enter the Postfix system:

1. Postfix can accept mails from the local system (mails submitted by local users or autonomous processes ).

2. Postfix can accept emails sent from the Network (from MUA or other MTA ).

3. emails that have been accepted by the Postfix and sent to the MDA are sent back to the Postfix by the MDA (usually to resend to another address ).

4. When the Postfix cannot send the email to the destination, you will receive a Bounce Message.

Emails may be rejected before entering the Postfix, or due to temporary faults (Network disconnection, Remote Server Response temporary errors, etc ), the same email may repeat into the Postfix system once and re-deliver it.

1) emails from the server

The cooperation between various Postfix components relies entirely on the Queue to exchange mails, And the Postfix system has multiple queues. All these queues are managed by the Queue Manager. The Postfix component can deliver the email to the Queue Manager and place it in the appropriate Queue. When a specific task needs to be processed, the Queue Manager delivers the emails in the Queue to the correct component.

On Unix systems, when a user wants to send an email (no matter where the email is sent), the sendmail command in the sendmail package is usually used. Postfix provides a tool of the same name compatible with this command, also known as sendmail. After you send an email using the Postfix sendmail, the sendmail (postfix version) will use the postdrop program to save the email to the maildrop/subdirectory In the Postfix queue directory. Pickup Daemon is used to check whether the maildrop sub-directory has changed. When a new email enters maildrop, Pickup Daemon will read a new email and hand it over to cleanup daemon to clean up the program ".

When an email enters Postfix, it does not necessarily contain all the necessary fields that make up a valid email, and the address in the header may need to be rewritten to a standard format (user@domain.tld ), change the original address to another address based on the standard or virtual query table (if any. Cleanup daemon is responsible for filling out the missing header fields. Trivial-Rewrite Daemon is responsible for processing the addresses.

Emails processed by Cleanup Daemon will be passed into the receiving Queue (Incoming Queue ). The Queue Manager constantly pays attention to the changes in the receiving Queue. Whenever a new mail enters the receiving Queue, it uses the appropriate MDA to send the mail to the next stop or directly to the final destination.

2) emails from the Internet

Emails from the network are received by the Postfix Smtpd Daemon, then sent to Cleanup Daemon to run the Cleanup program, and then to the receiving Queue. The Queue Manager selects the appropriate MDA to send the emails to the next stop or final destination. Smtpd may receive two types of emails. The first is emails sent from the outside to the domain controlled by Postfix (the Postfix system itself is the terminal or gateway of the email ), another is to send emails to other domains.

Smtpd will certainly accept the first mail (if the recipient exists). As for the second mail (the destination is in another domain), it depends on whether the client sent the mail is eligible. The act of receiving emails sent to other domains and sending them to the destination is called relay ). In either case, Postfix is willing to provide the forwarding service: one is that the client meets the configuration file qualification, and the other is that the receiving domain is one of the domains listed by the relay_domain parameter.

3) Notification Letter

When a user's email is delayed or cannot be delivered to the destination, the Postfix uses Defer or Bounce Daemon to generate a new notification. This notification will be handed over to Cleanup Daemon, which will be routinely cleaned and then discharged into the receiving Queue, which will be handled by the Queue Manager.

4) Forward mail

Sometimes, after the email is delegated to the MDA, the MDA will find that the email should actually be sent to another account in another system. For example, when the MDA finds another address in the user's individual forward file, it will find this situation. As a matter of fact, MDA can directly send emails using Smtp Client (that is, Smtp Daemon. However, since the same letter may have multiple recipients, to take care of each recipient and to keep a complete record on the mail log, the MDA should follow the new mail submission method, send the email back to the Postfix system. The Postfix processes the email in accordance with the program "from the local email.

Postfix Queue Manager

The Queue Manager is responsible for the processing of emails. Each Postfix component that can receive emails has a common destination-Queue Manager. Before a mail enters the queue, the level is Cleanup Daemon, because only cleaned mails are eligible to enter the queue. After Cleanup queues emails, the Queue Manager is notified to handle new emails. Whenever the Queue Manager detects that a new message arrives in the receiving Queue, it uses Trivial-Rewrite to determine the mail routing information, including the transmission method, next stop, and recipient address.

The Queue Manager maintains four types of Queues: Incoming, Active, Deferred, and fail ). The first stop after a new mail passes Cleanup is the "receiving queue ". Assume that the system resources are idle. The Queue Manager will move the email to the "Active Queue" and then call the appropriate MDA to deliver the email, while the failed email will be moved to the "delayed Queue ".

If the email is delayed for too long or determined to be unable to be delivered, the Queue Manager is also responsible for coordinating Bounce and Defer Daemons to generate a delivery status report, and send it back to the system administrator or courier (or both ). In the Postfix queue directory (the default location is/var/spool/postfix/), in addition to the preceding four mail queue directories, there are also the bounce/and defer/directories. These directories contain status information to explain why a specific email is delayed or cannot be delivered. Bounce and Defer Daemon use the status information in these directories to generate notifications.

Shipping Operation

Postfix determines whether to accept the mail and how to deliver the mail based on the type of the recipient address. The main address types include Local, Virtual Alias, Virtual Mailbox, and Relay ). If the recipient address is not among the four main types, the mail will be sent to the Smtp Client and sent over the network (assuming that the original mail is from a Client eligible to use the forwarding service); otherwise, the Queue Manager selects the appropriate MDA to deliver the mail based on the address type.

Local email

If the recipient is a user of the Postfix Local system (a user with a Shell account on the server running Postfix), their emails will be handed over to the Local MDA for processing, if the Domain Name of the recipient address matches any domain name listed in the mydestination parameter, this type of email is a local email. For emails sent to any valid account of the mydestination domain, local MDA checks whether the recipient has an individual. forward file. If not, the email will be saved to the user's personal mailbox. Otherwise, the mail will be based on. forward file content for shipping (or resend to another place, or to external programs for processing ).

Emails that need to be forwarded to another address will be resubmitted and Postfix will be sent to the new address. If a temporary problem occurs during the transfer process, the MDA will notify the Queue Manager, and the mail will be saved in the delayed Queue waiting for the next delivery opportunity; if a permanent problem occurs, the Queue Manager is required to return the information to the sender.

Virtual alias email

All emails sent to the virtual alias address must be forwarded to the real address. The domain name of the virtual alias is listed in the virtual_alias_domains parameter, each virtual network domain can have its own set of users. Different virtual domains can have users of the same name. The ing between users and their real addresses is listed in the query table specified by the virtual_alias_maps parameter. When the Queue Manager finds one of the domains listed by virtual_alias_domains in the domain of the email Receiving address, it submits the email again to pass it to the real address.

Virtual email

The domain name of the virtual mailbox is listed in the virtual_mailbox_domains parameter. Each domain can have its own user group and has its own namespace. In other words, different virtual mailbox domains can have users with the same name. The correspondence between the user and the mailbox is defined in the query table specified by the virtual_mailbox_maps parameter. There is no correlation between the virtual mailbox and the Shell account on the system, virtual MDA is responsible for the delivery of Virtual mailbox mail.

Forward email

The actual mailbox is located in another domain controlled by the MTA, but the Postfix is willing to receive and resend the mail, which is called forward mail. The names of these domains are listed in the relay_domains parameter, and their emails are sent by smtp MDA to the MTA of the target domain over the network. If you assume the email gateway system, you can use the forwarding function to receive emails sent from the Internet to an internal domain and forward them to an internal network email system.

Other emails

If the email Receiving address does not belong to the preceding four types, it will be handed over to Smtp for delivery to the correct location, because such emails must be sent to other domains outside the system itself. As mentioned previously in "emails from the Internet", not all clients are eligible to use the forwarding service. In general, we will open the forwarding service to other hosts with the Postfix Server located in the same LAN so that these hosts can send messages to external domains on the Internet through the Postfix Server.

When Smtp MDA receives a foreign mail, it determines the host (or host) to which the mail should be sent based on the receiving address, and connects to these hosts in sequence until a host is willing to accept the mail. If a temporary problem occurs during the delivery process, Smtp will notify the Queue Manager to put the mail in the delayed Queue and wait for the next transmission opportunity. If a permanent error occurs, the Queue Manager is required to return the mail to the sender.

When the remote host cannot be connected due to a temporary failure to restore the connection, the Postfix will first take a tentative action to prevent the recipient from being paralyzed by too many delayed emails. At the beginning, Smtp only sets up a limited number of connection channels (the quantity can be adjusted through the configuration file) to the recipient. after finding that the recipient can successfully receive the email, it will gradually increase the number of connection channels (to a configurable upper limit); on the contrary, if Smtp finds any trouble for the shuttle, it will immediately cancel the connection.

Other Transfer Agents

Postfix also provides other MDA for processing special addresses or destinations. These MDA functions must be properly configured in the master. cf configuration file. In addition, you must set how to start a table in the transport table specified by class_transport or transport_maps. The two most commonly used special MDA types are LMTP and PIPE.

LMTP delivery

LMTP is a protocol similar to SMTP, but it can only be used between mail systems on the same network or between different mail programs on the same host. For example, if you want to send an email to a different software package-the software may be on the same machine as the Postfix or on another host on the local network, then, the Queue Manager can call lmtp mda to send the mail to the package.

In fact, LMTP is most often used to send emails to a special POP/IMAP Server to store emails in a special mailbox format. In this case, as long as the POP/imap server knows the special mail format, the standard LMTP is used to deliver the mail. If any problem occurs during LMTP delivery, lmtp mda notifies Queue Manager to put the email in the delayed Queue and wait for the next transfer.

PIPE delivery

Postfix provides Pipe Daemon to send emails to external programs. In fact, Pipe is often used to send emails to external content filtering programs (such as virus scanning systems, spam analysis programs) or other communication media (such as fax machines ). Similarly, if Pipe cannot send emails smoothly, it notifies Queue Manager to put the emails in the delayed Queue and wait for the next transfer.

The actual mail handling process for tracking POSTFIX

Let's track how a typical email uses the POSTFIX system. The process is to send an email from the sender to the destination (the MTA indicated by the envelope address) and then forward it to the final MTA (the recipient actually obtains the email ).

For example, HELENE's account is located on a server running POSTFIX. She uses MUA, which she is used to, to write emails and then calls the sendmail command of POSTFIX to send emails. The sendmail program of POSTFIX removes the mail from the mua software of HELENE and stores it in the MAILDROP/subdirectory of the queue. Then, Pickup Daemon extracts the email from this directory and sends it to cleanup daemon to run the necessary CLEANUP program. If the MUA software of HELENE does not provide the address from:, or the address does not use the complete host name, cleanup automatically fills in insufficient information to ensure that the mail format complies with the standard. After the Cleanup program is completed, Cleanup saves the mail to the receiving Queue and notifies the Queue Manager that a new mail is waiting for delivery.

If the Queue Manager is ready to process new emails, it will move the emails to the active Queue. Because HELENE mail is sent to users in other domain systems, Queue Manager uses smtp mda to deliver the mail. SMTP uses DNS to find out which mail servers are willing to accept emails from the destination domain, then pick out the highest priority mail exchange HOST (mx host) and contact the HOST, send a HELENE-written email using SMTP protocol.

When mta smtpd on the server of the target domain receives the mail sent by smtp mda of HELENE. After smtpd confirms that it should accept the mail, it will send the mail to Cleanup Daemon for inspection and then store it in the receiving queue.

The Queue Manager moves the email to the active Queue, checks the recipient address, and uses local mda for delivery. Then, LOCAL finds that the receiving address is actually an alias, and its real address is located in another domain, so the mail and new address information is sent to cleanup daemon and returned to the POSTFIX queue system.

When CLEANUP and Queue Manager Process emails, TRIVIAL-REWRITE is used to convert the address to a standard format, and determine the transmission mode and delivery process to the next stop.

When the Queue Manager finds that a new mail should be sent to another network, it will call SMTP for delivery, and SMTP will first identify to the DNS which mail servers may receive emails from this domain. After receiving the email, the domain's MTA will finally send the email to the local mda, which saves the email to the mailbox of the system.

At this time, the Postfix completes its work. At this time, the recipient can now use his MUA to read the mail. As for whether the MUA directly obtains the mail from the mailbox or uses protocols such as POP or IMAP to download the mail over the Internet, they are no longer controlled by Postfix.

Our example only assumes the most ideal simple state. The actual transmitter may encounter some unexpected situations, such as temporary network disconnection, remote host crashes, and insufficient mailbox space. In the event of an accident, the MDA must notify the Queue Manager to temporarily put the email back into the delay Queue and wait for a while before re-delivery.

In addition to temporary unexpected return, there are also some situations that may affect the delivery process. For example, the recipient is not an actual system account, but an account of the IMAP mail system. In this case, queue Mananger may deliver the mail through lmtp mda, or send the mail to a predetermined external program through pipe mda.

Postfix also needs to face all kinds of changes and potential complexity. Fortunately, its own structure design is stable enough to handle almost all imaginable situations, there is also enough plasticity to adapt to future changes.

Queue type
Receive: Incoming activity: Active delay: Deferred fault: upt retained: Hold

Component Structure
Master component: the main manager of the mail processing process and other components. Configuration File: main. cf and master. cf.
Qmgr component: queue manager. The cooperation between postfix components relies on the exchange of messages in queues.
Sendmail component: the server sends an email.
Postdrop component: stores emails in the maildrop/subdirectory under the postfix queue directory.
Pickup component: monitors maildrop/sub-directories, reads new emails, and delivers them to the cleanup component.
Cleanup component: fill in the missing header fields.
Trivial-Rewrite component: address processing, changed to standard format. Determines the route information, including the transmission method, next stop, and recipient address.
Smtpd component: receives emails from the network and sends them to the cleanup component for processing.
Defer component: a notification is generated when the email is delayed.
Bounce component: a notification is generated when the email cannot be delivered to the destination.
Dns component: find matching email servers.

Postfix command line tool
Postalias: Creates or queries an alias database.
Postcat: displays the content of the queue file, allowing the Administrator to observe the content of the emails stranded in the queue.
Postconf: display or change the postfix parameter. One parameter or all parameters can be displayed at a time.
Postdrop: Put the email back to the maildrop directory, and the postfix will re-deliver the email.
Postfix: start or stop the postfix system, or re-read the configuration file. It can also be used for other maintenance tasks, including checking system configurations and clearing queues.
Postkick: sends a request to a specific postfix service. The role of this tool is to provide shell scripts with a channel that can communicate with postfix.
Postlock: Lock a specific file to ensure exclusive access. The role of this tool is to allow shell scripts to use a locking method compatible with postfix.
Postlog: records specific information to the system log file. This tool supports shell scripts to record information to log files in a style similar to postfix.
Postmap: Create a DB database for the query table or query the content of the query table. Many configuration information of postfix is recorded in the query table database created by postmap.
Postqueue: Allows general users to access the postfix queue to a limited extent. The access mode of the queue may be changed only when the administrator privilege is available, and the access capability is provided by the postsuper command.
Postsuper: allows administrators to access the postfix queue. The administrator can delete, hold, and retrieve emails (move emails to the hold Queue). If necessary, the administrator can also repair the queue directory structure.

Postfix details: click here
Postfix: click here

Install and configure the Postfix email service in CentOS 6.4

Install the mail server Postfix in CentOS 5.5

Build a Postfix email server for Red Hat Enterprise Linux 5.4

Postfix (authentication) for secure email servers in Linux)

1 2 3 4 Next Page