Postfix-3.9.0

Introduction to Postfix

The Postfix package contains a Mail Transport Agent (MTA). This is useful for sending email to other users of your host machine. It can also be configured to be a central mail server for your domain, a mail relay agent or simply a mail delivery agent to your local Internet Service Provider.

This package is known to build and work properly using an LFS 12.2 platform.

Package Information

Postfix Dependencies

Recommended

Optional

ICU-75.1 for Email Address Internationalization (SMTPUTF8) support, MariaDB-10.11.8 or MySQL, OpenLDAP-2.6.8, pcre2-10.44, PostgreSQL-16.4, SQLite-3.46.1, Berkeley DB (deprecated), and CDB or TinyCDB

Note that SQLite, MySQL, PostgreSQL and CDB are only useful if there is a known need for them.

Editor Notes: https://wiki.linuxfromscratch.org/blfs/wiki/postfix

Installation of Postfix

Adding Users and Groups

Before you compile the program, you need to create users and groups that will be expected to be in place during the installation. Add the users and groups with the following commands issued by the root user:

groupadd -g 32 postfix &&
groupadd -g 33 postdrop &&
useradd -c "Postfix Daemon User" -d /var/spool/postfix -g postfix \
        -s /bin/false -u 32 postfix &&
chown -v postfix:postfix /var/mail

Configuring the Build

The README files are formatted to be read with a pager like less or more. If you want to use a text editor, make them legible with the following sed:

sed -i 's/.\x08//g' README_FILES/*

The Postfix source tree does not contain a configure script, rather the makefile in the top-level directory contains a makefiles target that regenerates all the other makefiles in the build tree. If you wish to use additional software such as a database back-end for virtual users, or TLS/SSL authentication, you will need to regenerate the makefiles using one or more of the appropriate CCARGS and AUXLIBS settings listed below.

[Note]

Note

For all variants of the CCARGS you should ensure that '-DNO_NIS' is specified so that the build does not attempt to access an rpcsvc header which do not exist in BLFS. If Berkeley DB (deprecated) is not installed, '-DNO_DB' needs to be specified as well.

For more details read the readme files.

Initialize the CCARGS and AUXLIBS according to the note above:

CCARGS="-DNO_NIS -DNO_DB"
AUXLIBS=""

Next, the CCARGS and the AUXLIBS variables are filled with settings depending on the actual system configuration. If an optional package is installed but should not be included in the Postfix build, simply skip the corresponding if [ ... ]; then scriptlets.

Cyrus-SASL

To use Cyrus-SASL with Postfix, use the following arguments:

if [ -r /usr/lib/libsasl2.so ]; then
  CCARGS="$CCARGS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl"
  AUXLIBS="$AUXLIBS -lsasl2"
fi
LMDB

To use LMDB with Postfix, use the following arguments:

if [ -r /usr/lib/liblmdb.so ]; then
  CCARGS="$CCARGS -DHAS_LMDB"
  AUXLIBS="$AUXLIBS -llmdb"
fi
OpenLDAP

To use OpenLDAP with Postfix, use the following arguments:

if [ -r /usr/lib/libldap.so -a -r /usr/lib/liblber.so ]; then
  CCARGS="$CCARGS -DHAS_LDAP"
  AUXLIBS="$AUXLIBS -lldap -llber"
fi
Sqlite

To use Sqlite with Postfix, use the following arguments:

if [ -r /usr/lib/libsqlite3.so ]; then
  CCARGS="$CCARGS -DHAS_SQLITE"
  AUXLIBS="$AUXLIBS -lsqlite3 -lpthread"
fi
MySQL

To use MySQL with Postfix, use the following arguments:

if [ -r /usr/lib/libmysqlclient.so ]; then
  CCARGS="$CCARGS -DHAS_MYSQL -I/usr/include/mysql"
  AUXLIBS="$AUXLIBS -lmysqlclient -lz -lm"
fi
PostgreSQL

To use PostgreSQL with Postfix, use the following arguments:

if [ -r /usr/lib/libpq.so ]; then
  CCARGS="$CCARGS -DHAS_PGSQL -I/usr/include/postgresql"
  AUXLIBS="$AUXLIBS -lpq -lz -lm"
fi
CDB/TinyCDB

To use CDB or TinyCDB with Postfix, use the following arguments:

if [ -r </path/to/CDB>/libcdb.a ]; then
  CCARGS="$CCARGS -DHAS_CDB"
  AUXLIBS="$AUXLIBS </path/to/CDB>/libcdb.a"
fi
StartTLS Authentication

To use OpenSSL with Postfix, use the following arguments:

if [ -r /usr/lib/libssl.so -a -r /usr/lib/libcrypto.so ]; then
  CCARGS="$CCARGS -DUSE_TLS -I/usr/include/openssl/"
  AUXLIBS="$AUXLIBS -lssl -lcrypto"
fi

OpenSSL is installed by LFS so it should be always there. The if ... then is here just for consistency.

Installing Postfix

There might be duplicate settings in AUXLIBS like -lm when both, MariaDB and PostgreSQL are used. They do not harm. Install Postfix by running the following commands:

make CCARGS="$CCARGS" AUXLIBS="$AUXLIBS" makefiles &&
make

This package does not come with a useful test suite.

Now, as the root user:

sh postfix-install -non-interactive \
   daemon_directory=/usr/lib/postfix \
   manpage_directory=/usr/share/man \
   html_directory=/usr/share/doc/postfix-3.9.0/html \
   readme_directory=/usr/share/doc/postfix-3.9.0/readme

Command Explanations

make makefiles: This command rebuilds the makefiles throughout the source tree to use the options contained in the CCARGS and AUXLIBS variables.

sh postfix-install -non-interactive: This keeps the install script from asking any questions, thereby accepting default destination directories in all but the few cases. If the html_directory and readme_directory options are not set then the documentation will not be installed.

CCARGS="-DNO_EAI ...": this will turn off SMTPUTF8 support, for example if the rest of your email address infrastructure cannot handle UTF-8 email addresses and message header values.

Configuring Postfix

Config Files

/etc/aliases, /etc/postfix/main.cf, and /etc/postfix/master.cf

Configuration Information

Create (or append to an existing) /etc/aliases with the following command. Change <LOGIN> to your non-root login identity so mail addressed to root can be forwarded to you. As the root user:

cat >> /etc/aliases << "EOF"
# Begin /etc/aliases

MAILER-DAEMON:    postmaster
postmaster:       root

root:             <LOGIN>
# End /etc/aliases
EOF

To protect an existing /etc/aliases file, the above command appends these aliases to it if it exists. This file should be checked and duplicate aliases removed, if present.

The BLFS editors recommend to use LMDB instead of Berkeley DB for Postfix tables. Add three lines into /etc/postfix/main.cf to make postmap encode the lookup tables in the LMDB format by default and to change the default hash setting of the alias tables:

echo 'default_database_type = lmdb'       >> /etc/postfix/main.cf &&
echo 'alias_database = lmdb:/etc/aliases' >> /etc/postfix/main.cf &&
echo 'alias_maps = lmdb:/etc/aliases'     >> /etc/postfix/main.cf

To protect your server against the recent SMTP smuggling attacks, additional steps are required. Add two lines into /etc/postfix/main.cf to disconnect remote SMTP clients that send bare newlines in the DATA section, while also allowing clients on your network with non-standard SMTP implementations to still send mail:

echo 'smtpd_forbid_bare_newline = normalize' >> /etc/postfix/main.cf &&
echo 'smtpd_forbid_bare_newline_exclusions = $mynetworks' >> /etc/postfix/main.cf

Note that if you are following an online tutorial to configure Postfix, the tutorial may refer to a lookup table with hash:/path/to/lookup_table. You should replace hash with lmdb in order to use a lookup table encoded in the LMDB format.

[Note]

Note

The /etc/postfix/main.cf and /etc/postfix/master.cf files must be personalized for your system. The main.cf file needs your fully qualified hostname. You will find that main.cf is self documenting, so load it into your editor to make the changes you need for your situation.

[Note]

Note

Postfix can also be set up to run in a chroot jail. See the file in the source examples/chroot-setup/LINUX2 for details.

To ensure that all permissions are set properly, postfix provides a tool which is to be run as the root user:

/usr/sbin/postfix -c /etc/postfix set-permissions

If you have an existing configuration, you can run the postfix utility to add any necessary definitions to your existing files. As the root user:

/usr/sbin/postfix upgrade-configuration

Before starting Postfix, you should check that your configuration and file permissions will work properly. Run the following commands as the root user to check and start your Postfix server:

/usr/sbin/postfix check &&
/usr/sbin/postfix start

Boot Script

To automate the running of Postfix at startup, install the /etc/rc.d/init.d/postfix init script included in the blfs-bootscripts-20240416 package:

make install-postfix

Contents

Installed Programs: mailq (symlink), newaliases (symlink), postalias, postcat, postconf, postdrop, postfix, postkick, postlock, postlog, postmap, postmulti, postqueue, postsuper, and sendmail
Installed Libraries: None
Installed Directories: /{etc,usr/lib}/postfix, /usr/share/doc/postfix-3.9.0 and /var/{lib,spool}/postfix

Short Descriptions

mailq

A symlink to sendmail

newaliases

A symlink to sendmail

postalias

is a utility for Postfix alias database maintenance

postcat

Prints the contents of files from the Postfix queue in human readable format

postconf

Displays or changes the value of Postfix configuration parameters

postdrop

Creates a file in the maildrop directory and copies its standard input to the file

postfix

is the Postfix control program

postkick

Sends requests to the specified service over a local transport channel

postlock

Locks a mail folder for exclusive use, and executes commands passed to it

postlog

A Postfix-compatible logging interface for use in, for example, shell scripts

postmap

Creates or queries one or more Postfix lookup tables, or updates an existing one

postmulti

is the Postfix multi-instance manager. It allows a system administrator to manage multiple Postfix instances on a single host

postqueue

The Postfix user interface for queue management

postsuper

The Postfix user interface for superuser queue management

sendmail

is the Postfix to Sendmail compatibility interface