2.3 Postfix Configuration

Postfix is generally set to its default configuration. The exceptions are:

  • Host/network data is changed to match the local site.

  • Virtual mailbox deliveries for the public domain are routed to Cyrus IMAP through a unix socket.

  • Local mailbox deliveries are routed to Cyrus IMAP through a unix socket.

  • TLS support is enabled. The certificates are issued by a private certificate authority (us).

Customizations to the base configuration file (main.cf) follow.

# Define the Local network configuration.
myhostname = mail.internal.lan
mynetworks = 192.168.1.0/24, 127.0.0.0/8

# Define the public domain name.
virtual_mailbox_domains = vismor.com

# Define the list of virtual mail box addresses.
virtual_mailbox_maps = hash:/etc/postfix/vmailbox

# Use Cyrus Imap as the local delivery agent.
virtual_transport = lmtp:unix:/var/lib/imap/socket/lmtp
mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp

# Enable the use of TLS.
smtpd_use_tls = yes

# Location of the server certificates.
smtpd_tls_cert_file = /etc/pki/tls/certs/smtp.crt
smtpd_tls_key_file = /etc/pki/tls/private/smtp.key

# Tighten rejection criteria slightly.
disable_vrfy_command = yes
smtpd_helo_required = yes
smtpd_data_restrictions =
    reject_unauth_pipelining,
    permit

The default Postfix server configuration file (/etc/postfix/master.cf) is modified to establish amavisd-new as a “before queue” content filter. Modifications to the default configuration follow.

# ====================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ====================================================================
#
# Before-filter SMTP server. Receive mail from the network and
# passes it on to the content filter (amavisd) on localhost port 10024.
#
smtp      inet  n       -       n       -       -       smtpd
  -o smtpd_proxy_filter=127.0.0.1:10024
  -o smtpd_client_connection_count_limit=4
#
# After-filter SMTP server. Receive mail from the content filter
# (amavisd) on localhost port 10026.
#
127.0.0.1:10025    inet  n       -       n       -       -       smtpd
  -o smtpd_authorized_xforward_hosts=127.0.0.0/8
  -o smtpd_client_restrictions=
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o smtpd_data_restrictions=
  -o receive_override_options=no_unknown_recipient_checks<

Valid virtual mailbox accounts are listed in the text file etc/postfix/vmailbox. Its contents are converted to a hash after each modification using the following command.

postmap /etc/postfix/vmailbox