<h2>Table of contents</h2>
+<p>
+
+<ul>
+
+<li><a href="#example_config">Example configurations</a>
+
+<li><a href="#sendmail_incompatibility">Sendmail incompatibility</a>
+
+<li><a href="#relaying">Mail relaying</a>
+
+<li><a href="#remote_delivery">Delivery to remote systems</a>
+
+<li><a href="#local_delivery">Delivery to local (non-virtual) addresses</a>
+
+<li><a href="#mailing_lists">Mailing lists</a>
+
+<li><a href="#virtual_domains">Virtual domains</a>
+
+<li><a href="#address_rewriting">Address rewriting</a>
+
+<li><a href="#content_filtering">Content filtering</a>
+
+<li><a href="#other_transports">Other transports: UUCP, FAX, etc.</a>
+
+<li><a href="#compiling_installing">Compiling and installing Postfix</a>
+
+</ul>
+
+<p>
+
+<a name="example_config"><h3>Example configurations</h3>
+
<ul>
+<li><a href="#workstation_server">Workstations and servers</a>
+
+<li><a href="#null_client">Null clients</a>
+
<li><a href="#intranet">Running Postfix inside an intranet</a>
<li><a href="#firewall">Running Postfix on a firewall</a>
<li><a href="#dialup">Running Postfix on a dialup machine</a>
-<p>
+</ul>
+
+<a name="sendmail_incompatibility"><h3>Sendmail incompatibility</h3>
+
+<ul>
+
+<li><a href="#verbose">Postfix breaks "sendmail -v"</a>
+
+<li><a href="#root">Root's mail is delivered to nobody</a>
+
+<li><a href="#duplicate">Postfix sends duplicate mail</a>
+
+<li><a href="#metoo">Postfix sends mail to every member of a
+distribution list</a>
+
+<li><a href="#delivered">Getting rid of the ugly Delivered-To: header</a>
+
+<li><a href="#majordomo-approve">Postfix breaks the majordomo "approve" command</a>
+
+</ul>
+
+<a name="relaying"><h3>Mail relaying</h3>
+
+<ul>
+
+<li><a href="#mobile">Relaying mail for mobile users</a>
+
+<li><a href="#relay_virtual">Postfix refuses to receive mail for some
+virtual domains</a>
+
+<li><a href="#relay_restrict">Restricting what users can send mail to off-site destinations</a>
+
+</ul>
+
+<a name="remote_delivery"><h3>Delivery to remote systems</h3>
+
+<ul>
+
+<li><a href="#timeouts">Mail fails consistently with timeout or lost connection</a>
+
+</ul>
+
+<a name="local_delivery"><h3>Delivery to local (non-virtual) addresses</h3>
+
+<ul>
+
+<li><a href="#root">Root's mail is delivered to nobody</a>
<li><a href="#local">Delivering some users locally while sending mail as user@domain</a>
+<li><a href="#maildir">Support for maildir-style mailboxes</a>
+
+<li><a href="#procmail">Using Procmail for system-wide local delivery</a>
+
+<li><a href="#delivered">Getting rid of the ugly Delivered-To: header</a>
+
+<li><a href="#duplicate">Postfix sends duplicate mail</a>
+
+<li><a href="#metoo">Postfix sends mail to every member of a
+distribution list</a>
+
+</ul>
+
+<a name="mailing_lists"><h3>Mailing lists</h3>
+
+<ul>
+
+<li><a href="#majordomo-approve">Postfix breaks the majordomo "approve" command</a>
+
+<li><a href="#internal-list">Protecting internal email distribution lists</a>
+
+<li><a href="#duplicate">Postfix sends duplicate mail</a>
+
+<li><a href="#metoo">Postfix sends mail to every member of a
+distribution list</a>
+
+</ul>
+
+<a name="virtual_domains"><h3>Virtual domains</h3>
+
+<ul>
+
+<li><a href="#command">Commands don't work in Postfix virtual maps</a>
+
+<li><a href="#unknown_virtual">Mail for unknown virtual users fails
+with a mail loop error</a>
+
+<li><a href="#relay_virtual">Postfix refuses to receive mail for some
+virtual domains</a>
+
+</ul>
+
+<a name="address_rewriting"><h3>Address rewriting</h3>
+
+<ul>
+
<li><a href="#masquerade">Address masquerading with exceptions</a>
-<li><a href="#scanning">Support for virus scanning</a>
+</ul>
-<li><a href="#maildir">Support for maildir-style mailboxes</a>
+<a name="content_filtering"><h3>Content filtering</h3>
-<li><a href="#procmail">Using Procmail for local delivery</a>
+<ul>
-<li><a href="#verbose">Postfix breaks "sendmail -v"</a>
+<li><a href="#scanning">Support for virus scanning</a>
-<li><a href="#delivered">Getting rid of Delivered-To:</a>
+</ul>
-<li><a href="#approve">Postfix breaks the majordomo "approve" command</a>
+<a name="other_transports"><h3>Other transports: UUCP, FAX, etc.</h3>
-<p>
+<ul>
-<li><a href="#uucp">Setting up an Internet to UUCP gateway</a>
+<li><a href="#internet-uucp">Setting up an Internet to UUCP gateway</a>
<li><a href="#uucp-only">Using UUCP as the default transport</a>
<li><a href="#fax">Sending mail to a FAX machine</a>
-<p>
+</ul>
-<li><a href="#timeouts">Mail fails with timeout or lost connection</a>
+<a name="compiling_installing"><h3>Compiling and installing Postfix</h3>
-<p>
+<ul>
<li><a href="#bind">Undefined symbols: ___dn_expand, ___res_init etc.</a>
-<li><a href="#dbm">Undefined symbols: dbm_pagfno, dbm_dirfno etc.</a>
+<li><a href="#dbm_dirfno">Undefined symbols: dbm_pagfno, dbm_dirfno etc.</a>
<li><a href="#db">Using DB libraries on Solaris etc.</a>
<hr>
-<a name="intranet"> <h2>Running Postfix inside an intranet</h2> </a>
+<a name="workstation_server"><h3>Workstations and servers</h3>
-The simplest way to set up Postfix on a host inside a firewalled
-network is to send all your mail to the intranet mail gateway, and
-to let that gateway take care of forwarding.
+This section describes a workstation-sever environment. All systems
+send mail as user@domain. All systems receive mail for user@hostname.
+The server receives mail for user@domain, too.
<p>
-<ul>
-
-<li>Edit the <b>main.cf</b> file and specify:
+Postfix has sane defaults for all parameters, so the text shows
+only the overrides. In particular, Postfix will relay mail only
+for clients in its own domain (and subdomains) and in its class A,
+B or C networks. The master.cf file (somewhat like inetd.conf)
+needs tweaking only if you have a very slow or a very fast net/machine.
<p>
-<dl>
+Workstation:
+<pre>
+ <b>/etc/postfix/main.cf</b>:
+ myorigin = $mydomain
+</pre>
-<dd><b>relayhost = $mydomain</b>
+<p>
-</dl>
+Server:
+<pre>
+ <b>/etc/postfix/main.cf</b>:
+ myorigin = $mydomain
+ mydestination = $myhostname, localhost.$mydomain, $mydomain
+</pre>
<p>
-This assumes that your organization has set up multiple internal
-MX hosts for the local domain.
+In an environment like this. either the mail spool directory is
+shared via NFS, users access their mailboxes via POP, or each user
+receives her mail on her own workstation. In the latter case, each
+user has an alias on the server that forwards mail to the respective
+workstation:
<p>
-If your intranet does not use MX records internally, you have to
-specify the gateway host itself:
+Server:
+<pre>
+ <b>/etc/aliases</b>:
+ joe: joe@joes.workstation
+ jane: jane@janes.workstation
+</pre>
<p>
-<dl>
+On some systems the alias database is not in <b>/etc/aliases</b>.
+To find out the location for your system, execute the command
+<b>postconf alias_maps</b>.
+
+<hr>
-<dd><b>relayhost = </b><i>gateway.my.domain</i>
+<a name="null_client"><h3>Null clients</h3>
-</dl>
+A null client is a machine that can only send mail. It receives no
+mail from the network, and it does not deliver any mail locally. A
+null client typically uses POP or NFS for mailbox access.
<p>
-<li>If you want to deliver internal mail directly without going through
-the intranet mail gateway, there are two possibilities.
+In the following example, mail is sent as user@domain, and all mail
+is forwarded to the mail server that is responsible for the local
+domain.
<p>
-<ol>
-
-<li>Specify the intranet mail gateway as the fall-back relay for
-all mail with an unknown or unreachable destination:
+<pre>
+ <b>/etc/postfix/main.cf</b>:
+ mydestination =
+ myorigin = $mydomain
+ relayhost = $mydomain
+
+ <b>/etc/postfix/master.cf</b>:
+ Comment out the SMTP server entry
+ Comment out the local delivery agent entry
+</pre>
<p>
-<dl>
+The mail server is the primary MX host for null clients (remember,
+null clients do not receive mail, so something needs to be done
+with mail for user@nullclient).
-<dl>
+<p>
-<dt>main.cf:
+<pre>
+ <b>/etc/postfix/main.cf</b>:
+ myorigin = $mydomain
+ mydestination = $myhostname localhost.$mydomain $mydomain /etc/postfix/nullclients
-<dd><b>fallback_relay = $mydomain</b>
+ <b>/etc/postfix/nullclients</b>:
+ hosta.my.domain
+ hostb.my.domain
+</pre>
-</dl>
+<hr>
-<p>
+<a name="intranet"> <h3>Running Postfix inside an intranet</h3> </a>
-This assumes that your organization has set up multiple internal
-MX hosts for the local domain.
+The simplest way to set up Postfix on a host inside a firewalled
+network is to send all your mail to an intranet mail gateway, and
+to let that mail gateway take care of forwarding.
<p>
-If your intranet does not use MX records internally, you have to
-specify the gateway host itself:
-
-<p>
+<ul>
-<dl>
+<li>Forward <i>all</i> mail to an intranet mail gateway, unless
+the mail is to be delivered on the local machine:
-<dt>main.cf:
+<p>
-<dd><b>fallback_relay = </b><i>gateway.my.domain</i>
+<pre>
+ <b>/etc/postfix/main.cf</b>:
+ relayhost = $mydomain
+</pre>
-</dl>
+<p>
-</dl>
+This assumes that your organization has set up internal MX records
+for the local domain.
<p>
-<li>Specify routing information for the local domain in the <a
-href="transport.5.html">transport</a> table, and enable <a
-href="transport.5.html">transport</a> table lookups.
+If your intranet does not use MX records internally, you have to
+specify the intranet mail gateway host itself:
<p>
-<dl>
-
-<dl>
+<pre>
+ <b>/etc/postfix/main.cf</b>:
+ relayhost = host.my.domain
+</pre>
-<dt>main.cf:
+<p>
-<dd><b>transport_maps = hash:/etc/postfix/transport</b>
+If your intranet does not use DNS internally, you have to disable
+DNS lookups as well:
<p>
-<dt>/etc/postfix/transport:
-
-<dd><i>my.domain</i> <b>smtp</b>:
+<pre>
+ <b>/etc/postfix/main.cf</b>:
+ disable_dns_lookups = yes
+</pre>
-<dd><i>.my.domain</i> <b>smtp</b>:
+<p>
-<dd><i>thishost.my.domain</i> <b>local</b>:
+<li>In addition to the above you can configure Postfix to deliver
+intranet mail directly instead of sending it via the intranet
+mail gateway.
-</dl>
+<p>
-</dl>
+Specify routing information for the internal domain in the <a
+href="transport.5.html">transport</a> table, and enable <a
+href="transport.5.html">transport</a> table lookups.
<p>
+<pre>
+ <b>/etc/postfix/transport</b>:
+ my.domain smtp:
+ .my.domain smtp:
+ thishost.my.domain local: <blink>important!</blink>
+ localhost.my.domain local: <blink>important!</blink>
+
+ <b>/etc/postfix/main.cf</b>:
+ transport_maps = hash:/etc/postfix/transport
+</pre>
+
<p>
-Do not omit the entry that routes mail for <i>thishost.my.domain</i>
-to the local delivery agent, or else mail for the local machine will
-go into a loop.
+Important: do not omit the entries that route local mail to the
+local delivery agent, or else mail your mail will go into a loop.
<p>
Specify <b>dbm:/etc/postfix/transport</b> if your system
uses <b>dbm</b> files instead of <b>db</b>.
-</ol>
-
<p>
<li>Execute the command <b>postfix reload</b> to make the
<hr>
-<a name="firewall"><h2>Running Postfix on a firewall</h2> </a>
+<a name="firewall"><h3>Running Postfix on a firewall</h3> </a>
+
+Note: this text applies to Postfix versions dated 19991115
+and later only.
+
+<p>
How to set up Postfix on the firewall machine so that it relays
mail for <i>my.domain</i> to a gateway machine on the inside, and
<p>
-<dl>
-
-<dt>/etc/postfix/main.cf:
-
-<dd><b>mydestination = $myhostname</b>, <i>my.domain</i>,
-<b>localhost</b>.<i>my.domain</i>
-
-<dd><b>relay_domains = </b>
-
-<dd><b>transport_maps = hash:/etc/postfix/transport</b>
-
-<p>
-
-<dt>/etc/postfix/transport:
-
-<dd><i>my.domain</i> <b>smtp:</b><i>inside-gateway.my.domain</i>
-
-<dd><i>.my.domain</i> <b>smtp:</b><i>inside-gateway.my.domain</i>
-
-</dl>
+<pre>
+<b>/etc/postfix/main.cf</b>:
+ mydestination = $myhostname, my.domain, localhost.my.domain
+ relay_domains =
+ transport_maps = hash:/etc/postfix/transport
+
+<b>/etc/postfix/transport</b>:
+ my.domain smtp:inside-gateway.my.domain
+ .my.domain smtp:inside-gateway.my.domain
+</pre>
<p>
Specify <b>dbm:/etc/postfix/transport</b> if your system uses <b>dbm</b>
-files instead of <b>db</b>.
+files instead of <b>db</b>.
<p>
<hr>
-<a name="dialup"><h2>Running Postfix on a dialup machine</h2></a>
+<a name="dialup"><h3>Running Postfix on a dialup machine</h3></a>
<ul>
<p>
-<dl>
-
-<dt><b>/etc/postfix/main.cf:</b>
-
-<dd><b>relayhost = smtprelay.someprovider.com</b>
-
-</dl>
+<pre>
+ <b>/etc/postfix/main.cf:</b>
+ relayhost = smtprelay.someprovider.com
+</pre>
<p>
<li> <a name="spontaneous_smtp">Disable spontaneous SMTP mail
-delivery.</a>
+delivery (on-demand dialup IP only).</a>
<p>
<p>
-<dl>
-
-<dt><b>/etc/postfix/main.cf:</b>
-
-<dd><b>defer_transports = smtp</b> (Only for systems that use
-on-demand dialup IP)
-
-</dl>
+<pre>
+ <b>/etc/postfix/main.cf:</b>
+ defer_transports = smtp (Only for systems that use on-demand dialup IP)
+</pre>
<p>
-<li> Disable SMTP client DNS lookups.
+<li> Disable SMTP client DNS lookups (dialup LAN only).
<p>
<p>
-<dl>
-
-<dt><b>/etc/postfix/main.cf:</b>
-
-<dd><b>disable_dns_lookups = yes</b> (Only for delivery across LANs
-that are disconnected most of the time)
-
-</dl>
+<pre>
+ <b>/etc/postfix/main.cf</b>:
+ disable_dns_lookups = yes (Only for delivery across LANs that are disconnected most of the time)
+</pre>
<p>
<i> When you disable DNS lookups, you must specify the</i>
<b>relayhost</b> <i> as either a numeric IP address, or as a hostname
that resolves to one or more IP addresses (with DNS lookup disabled,
-Postfix does no</i> <b>MX</b> lookup).
+Postfix does no MX lookup</i>).
<p>
<hr>
-<a name="local"><h2>Delivering some users locally while sending mail as user@domain</h2></a>
-
-<ul>
+<a name="verbose"><h3>Postfix breaks "sendmail -v"</h3> </a>
-<li>In order to send mail as <i>user@domain</i>, edit
-<b>/etc/postfix/main.cf</b> and specify what domain
-is to be appended to addresses that do not have a domain:
+Some people will complain that <b>sendmail -v</b> no longer shows
+the actual mail delivery.
<p>
-<dl>
+With a distributed mail system such as Postfix, this is difficult
+to implement. Unlike sendmail, no Postfix mail delivery process
+runs under control by a user. Instead, Postfix delivers mail with
+daemon processes that have no parent-child relationship with user
+processes. This eliminates a large variety of potential security
+exploits with environment variables, signal handlers, and with
+other process attributes that UNIX passes on from parent process
+to child process.
-<dd><b>myorigin = </b><i>domain</i>
+<p>
-</dl>
+Postfix uses multiple processes in order to insulate subsystems
+from each other. Making the delivery agents talk directly to user
+processes would defeat a lot of the effort that went into making
+Postfix more secure than ordinary mailers.
-<p>
+<hr>
-<li>In order to receive some users locally, such as <b>root</b> or
-<b>postmaster</b>,
+<a name="duplicate"><h3>Postfix sends duplicate mail</h3> </a>
+
+Some people will complain that Postfix sends duplicate messages.
+This happens whenever one message is mailed to multiple addresses
+that reach the same user. Examples of such scenarios are:
<p>
<ul>
-<li>edit <b>/etc/postfix/main.cf</b> and specify a virtual lookup table:
+<li>One message is sent to the user, and to an alias that lists
+the user. The user receives one copy of the mail directly, and
+one copy via the alias.
<p>
-<dl>
-
-<dd><b>virtual_maps = hash:/etc/postfix/virtual</b>
+<li>One message is sent to multiple aliases that list the user.
+The user receives one copy of the mail via each alias.
-</dl>
+</ul>
<p>
-<li>edit <b>/etc/postfix/virtual</b> and specify non-default destinations:
+Some people will even argue that this is the "right" behavior. It
+is probably more a matter of expectation and of what one is used to.
<p>
-<dl>
-
-<dd><b>root root@localhost</b>
+This can be "fixed" only by making Postfix slower. Postfix would
+first have to expand all distribution lists before starting any
+delivery. By design, Postfix delivers mail to different destinations
+in parallel, and local delivery is no exception. This is why Postfix
+can be faster than sendmail.
-<dd><b>postmaster postmaster@localhost</b>
+<hr>
-</dl>
+<a name="metoo"><h3>Postfix sends mail to every member of a
+distribution list</h3> </a>
-</ul>
+Some people will complain that Postfix sends mail to every member
+of a distribution list, including the poster. By default, Sendmail
+deletes the poster from the distribution list. Sendmail sends mail
+to the poster only when the "metoo" flag is explicitly turned on.
<p>
-<li>Execute the command <b>postmap /etc/postfix/virtual</b> to
-update the table, and <b>postfix reload</b> to make the changes
-effective.
-
-</ul>
+Wietse believes that Postfix implements the "right" behavior,
+and suspects that Sendmail's default behavior is a remnant from a
+dark past when Sendmail used a really crummy algorithm to avoid
+aliasing loops.
<hr>
-<a name="masquerade"><h2>Address masquerading with exceptions</h2></a>
+<a name="mobile"><h3>Relaying mail for mobile users </h3>
-For people outside your organization it can be desirable to only
-see addresses of the form <i>user@company.com</i> rather than
-addresses with individual internal host names. This can be achieved
-with address masquerading.
+<blockquote>
-<p>
+I have Postfix setup on a machine but I'd like to have a select
+group of Internet users be able to relay mail through it. I'd
+either like to base the relaying on IP address (e.g., a 256-block
+for dynamic IP people) or on hostname (whatever.dialup.isp.com)
-Address masquerading is intended for use only on mail gateways.
+</blockquote>
-<ul>
+<p>
-<li>In order to have all mail through the gateway host appear as
-coming from <i>user@my.domain</i>, edit <b>/etc/postfix/main.cf</b>
-and specify:
+The most preferable way is to have users submit mail via some
+authenticated protocol instead of plain old SMTP.
<p>
-<dl>
+The next best way is to use plain old SMTP and to authenticate the
+user first, for example, with a "please login via POP before using
+SMTP" scheme. In that case, some non-Postfix software such as <a
+href="http://www.mbnet.mb.ca/howto/dynamic.htm">DRAC</a> maintains
+a Postfix-compatible access table with client IP address information:
-<dd><b>masquerade_domains = </b><i>$mydomain</i>
+<p>
-</dl>
+<pre>
+ <b>/etc/postfix/main.cf</b>:
+ smtpd_recipient_restrictions =
+ permit_mynetworks
+ check_client_access hash:/etc/postfix/client_access
+ check_relay_domains
+
+ <b>/etc/postfix/client_access</b>:
+ 4.3.2.1 OK
+ 5.4.3.2 987654321
+</pre>
<p>
-Note that the gateway should have <b>append_dot_domain</b> and
-<b>append_myorigin</b> turned on (which is the default setting) so
-that all addresses are fully qualified before they are subjected
-to address masquerading.
-
-</ul>
+Specify <B>dbm</b> instead of <b>hash</b> if your system uses
+<b>dbm</b> files instead of <b>db</b> files.
<p>
-In some cases, you may wish to have certain users or hosts exempted
-from masquerading.
+A less preferable way is based on client IP address (for example,
+a 256-block) or DNS hostname (for example, whatever.pop.isp.com).
+This scheme does not authenticate the user. If you use IP/DNS-based
+relay access control, pray that no customer with that same ISP
+points their spam software at your machine, or else you may end up
+on internet-wide black lists.
-<ul>
+<p>
-<li>To exempt certain <i>users</i> from masquerading,
-such as <b>root</b>, add:
+The least preferable way is based on the sender address. It is
+trivially easy to spoof by anyone who ever received mail from your
+site. If you use sender address access control, pray that no
+spammer ever finds out the address of your users.
<p>
-<dl>
-
-<dd><b>masquerade_exceptions = </b><i>root</i>
+<pre>
+ <b>/etc/postfix/main.cf</b>:
+ smtpd_recipient_restrictions =
+ permit_mynetworks
+ check_client_access hash:/etc/postfix/client_access
+ check_sender_access hash:/etc/postfix/sender_access
+ check_relay_domains
+
+ <b>/etc/postfix/client_access</b>:
+ 11.22.33 OK
+ dialup.isp.com OK
+
+ <b>/etc/postfix/sender_access</b>:
+ joe@my.domain OK
+ blow@my.domain OK
+</pre>
-</dl>
+<hr>
-<p>
+<a name="relay_restrict"><h3>Restricting what users can send mail to off-site destinations</h3>
-<li>To exempt certain <i>hosts</i> from masquerading, write
-<b>masquerade_domains</b> as:
+<blockquote>
-<p>
+How can I configure Postfix in a way that some users can send mail
+to the internet and other users not. The users with no access should
+receive a generic bounce message. Please don't discuss whether such
+access restrictions are necessary, it was not my decision.
-<dl>
+</blockquote>
-<dd><b>masquerade_domains = </b><i>somehost.my.domain otherhost.my.domain
-$mydomain</i>
+<p>
-</dl>
+Postfix has support for per-user restrictions. The restrictions
+are implemented by the SMTP server. Thus, users that violate the
+policy have their mail rejected by the SMTP server. Like this:
<p>
-Note that the order above is crucial: exemptions such as
-<i>somehost.my.domain</i> must precede <i>$mydomain</i> in the
-statement.
+<blockquote>
+
+<pre>
+550 <user@remote>: Access denied
+</pre>
+
+</blockquote>
<p>
-It should go without saying that if a particular host you wish to
-exempt this way is originating mail as <i>user@my.domain</i> in
-the first place, you can hardly exempt it.
+The implementation uses two lookup tables. One table defines what
+users are restricted in where they can send mail, and the other
+table defines what destinations are local. It is left as an exercise
+for the reader to change this into a scheme where only some users
+have permission to send send mail to off-site destinations, and
+where most users are restricted.
<p>
-</ul>
+The example assumes DB/DBM files, but this could also be done with
+LDAP or SQL.
-As usual, execute the command <b>postfix reload</b> to make the changes
-effective.
+<p>
+
+<pre>
+ <b>/etc/postfix/main.cf</b>:
+ smtpd_recipient_restrictions =
+ hash:/etc/postfix/restricted_senders
+ ...other stuff...
+
+ restriction_classes = local_only
+ local_only = check_recipient_access hash:/etc/postfix/local_domains, reject
+
+ <b>/etc/postfix/restricted_senders</b>:
+ foo@domain local_only
+ bar@domain local_only
+
+ <b>/etc/postfix/local_domains</b>:
+ this.domain OK (matches this.domain and subdomains)
+ that.domain OK (matches that.domain and subdomains)
+</pre>
+
+<p>
+
+Specify <B>dbm</b> instead of <b>hash</b> if your system uses
+<b>dbm</b> files instead of <b>db</b> files.
+
+<p>
+
+The <b>restriction_classes</b> verbiage exists so that Postfix can
+open <b>/etc/postfix/local_domains.db</b> before entering a chroot
+jail, so it is only an artefact of implementation.
+
+<p>
+
+This scheme does not authenticate the user, therefore it can be
+bypassed in several ways:
+
+<p>
+
+<ul>
+
+<li>By sending mail as someone else who does have permission to
+send mail to off-site destinations.
<p>
+<li>By sending mail as yourself via a less restrictive mail relay
+host.
+
+</ul>
+
<hr>
-<a name="scanning"><h2>Support for virus scanning</h2> </a>
+<a name="timeouts"><h3>Mail fails consistently with timeout or lost connection</h3></a>
-Would not it be great if operating systems and applications actually
-worked the way they are supposed to, instead of being as fragile
-as today's products? Well, we can solve only one problem at a time.
+Every now and then, mail fails with "timed out while sending end
+of data -- message may be sent more than once", or with: "lost
+connection after DATA". Network outages happen, systems crash.
+There isn't much you can do about it. Usually the problem goes away
+by itself.
<p>
-Currently, Postfix has no hooks to let other programs inspect every
-message, so the scanning has to be done before mail enters Postfix
-or while mail leaves Postfix, for example at mailbox delivery time.
+However, when you see mail deliveries fail consistently, you may
+have a different problem: broken path MTU discovery.
<p>
-<dl>
+A little background is in order. With the SMTP protocol, the HELO,
+MAIL FROM and RCPT TO commands and responses are relatively short.
+When you're talking to sendmail, every command and every response
+is sent as a separate packet, because sendmail cannot implement
+ESMTP command pipelining.
-<dt>Examples:
+<p>
-<dl>
+The message content, however, is sent as a few datagrams, each
+datagram typically a kbyte large or even bigger, depending on your
+local network MTU.
-<dt><b>mailbox_command = </b><i>/some/program ...</i>
+<p>
-<dd>specifies a command that runs whenever mail is delivered to
-mailbox. See the sample <b>main.cf</b> file for examples. In
-<b>/etc/aliases</i>, you must specify an alias for <b>root</b> that
-directs mail to a real person, otherwise funny things happen with
-mail sent to <b>root</b>.
+When mail fails consistently due to a timeout, I suspect that the
+sending machine runs a modern UNIX which implements path MTU
+discovery. That causes the machine to send packets as large as it
+would send over the LAN, with the IP DON'T FRAGMENT bit set,
+preventing intermediate routers from fragmenting the packets that
+are too big for their networks.
<p>
-<dt><b> mailbox_transport = </b><i>foo</i>
+Depending on what network path a message follows, some router on
+the way responds with an ICMP MUST FRAGMENT message saying the
+packet is too big. Normally, the sending machine will re-send the
+data after chopping it up into smaller pieces.
-<dd>delegates local mailbox delivery to the transport <i>foo</i> as
-configured in <b>/etc/postfix/master.cf</b>. If you follow this
-route you will build something around the pipe mailer. See examples
-in <b>master.cf</b>.
+<p>
-</dl>
+However, things break when some router closer to the sending system
+is dropping such ICMP feedback messages, in a mistaken attempt to
+protect systems against certain attacks. In that case, the ICMP
+feedback message never reaches the sending machine, and the connection
+times out.
-</dl>
+<p>
+
+This is the same configuration problem that causes trouble with
+web servers behind a misconfigured packet filter: small images/files
+are sent intact, large images/files time out because the server
+does not see the MUST FRAGMENT ICMP feedback messages.
+
+<p>
+
+Workaround: disable path MTU discovery at the sending machine. Mail
+will get out, but of course everyone else will still suffer. How
+to disable path MTU discovery? It depends. Solaris has an <b>ndd</b>
+command; other systems use different means such as <b>sysctl</b>
+to control kernel parameters on a running system.
+
+<p>
+
+Fix: find the router that drops the ICMP MUST FRAGMENT messages,
+and convince the person responsible for it to fix the configuration.
<hr>
-<a name="maildir"><h2>Support for maildir-style mailboxes</h2> </a>
+<a name="root"> <h3>Root's mail is delivered to nobody</h3>
-<b>Maildir</b> is a specific one-file-per-message organization that
-was introduced with the <b>qmail</b> system by Daniel Bernstein.
+If you use <a href="#procmail">procmail</a> (or some other command)
+for local mail delivery, Postfix will not deliver mail as root.
+Instead, Postfix runs <b>procmail</b> (or whatever) as <b>nobody</b>.
+Perhaps some day Wietse will trust Postfix enough to run external
+commands as <b>root</b>.
+
+<p>
+
+Solution: just like you're not supposed to log in as <b>root</b>
+(except for unusual conditions), you're not supposed to receive
+mail as <b>root</b>.
+
+<p>
+
+<ul>
+
+<li>Create a mail alias for <b>root</b> that forwards mail to a
+real user.
+
+<p>
+
+<pre>
+<b>/etc/aliases:</b>
+ root: you
+</pre>
<p>
-Postfix supports the <b>maildir</b> mailbox format. Edit <b>main.cf</b>
-and specify a line with: <b>home_mailbox = Maildir/</b> (any relative
-pathname that ends in <b>/</b> will do).
+<li>Execute the command <b>newaliases</b> whenever you change the
+alias database.
+
+</ul>
<p>
-The maildir format is also supported for delivery from aliases or
-<b>.forward</b> files. Specify <i>/file/name/</i> as destination.
-The trailing <b>/</b> turns on <b>maildir</b> delivery.
+On some systems the alias database is not in <b>/etc/aliases</b>.
+To find out the location for your system, execute the command
+<b>postconf alias_maps</b>.
<hr>
-<a name="procmail"><h2>Using Procmail for local delivery</h2> </a>
+<a name="local"><h3>Delivering some users locally while sending mail as user@domain</h3></a>
<ul>
-<li>Edit <b>/etc/postfix/main.cf</b>, and specify <b>procmail</b> as the
-command for mailbox delivery:
+<li>In order to send mail as <i>user@domain.name</i>, specify what
+domain is to be appended to addresses that do not have a domain:
<p>
-<dl>
+<pre>
+<b>/etc/postfix/main.cf</b>:
+ myorigin = domain.name
+</pre>
-<dd><b>mailbox_command = </b><i>/path/to/procmail</i>
+<p>
+
+<li>In order to receive some users locally, such as <b>root</b> or
+<b>postmaster</b>, specify a virtual lookup table with the non-default
+destinations:
<p>
-<dd><b>mailbox_command = </b><i>/path/to/procmail</i><b> -a
- "$EXTENSION"</b>
+<pre>
+<b>/etc/postfix/main.cf</b>:
+ virtual_maps = hash:/etc/postfix/virtual
-</dl>
+<b>/etc/postfix/virtual</b>:
+ root root@localhost
+ postmaster postmaster@localhost
+</pre>
<p>
-If you can, avoid using any shell meta characters or built-ins
-such as <b>$</b> or <b>"</b> or <b>IFS</b> or <b>&&</b>,
-because they force Postfix to run an expensive shell process.
+Specify <B>dbm</b> instead of <b>hash</b> if your system uses
+<b>dbm</b> files instead of <b>db</b> files.
+
+<p>
+
+<li>Execute the command <b>postmap /etc/postfix/virtual</b> whenever
+you edit the the <b>virtual</b> table.
+
+<p>
+
+<li>Execute the command <b>postfix reload</b> to make the changes
+effective.
+
+</ul>
+
+<hr>
+
+<a name="maildir"><h3>Support for maildir-style mailboxes</h3> </a>
+
+<b>Maildir</b> is a specific one-file-per-message organization that
+was introduced with the <b>qmail</b> system by Daniel Bernstein.
+In order to turn on <b>maildir</b>-style delivery, specify,
+for example:
+
+<p>
+
+<pre>
+ <b>/etc/postfix/main.cf</b>:
+ home_mailbox = Maildir/
+</pre>
+
+<p>
+
+Any relative pathname that ends in <b>/</b> turns on <b>maildir</b>
+delivery. The <b>home_mailbox</b> value is appended to the user's
+home directory pathname.
+
+<p>
+
+The <b>maildir</b> format is also supported with delivery via
+aliases or via <b>.forward</b> files. Specify <i>/file/name/</i>
+as destination. The trailing <b>/</b> turns on <b>maildir</b>
+delivery.
+
+<hr>
+
+<a name="procmail"><h3>Using Procmail for system-wide local delivery</h3> </a>
+
+Warning: if you use <b>procmail</b> in this manner, you must set
+up an alias for <b>root</b> that forwards mail for <b>root</b> to
+a real user. See the FAQ entry titled "<a href="#root">Mail for root
+is delivered to nobody</a>".
+
+<ul>
+
+<li>Specify that all mailbox delivery is to be done by <b>procmail</b>.
+For example:
+
+<p>
+
+<pre>
+ <b>/etc/postfix/main.cf</b>:
+ mailbox_command = /path/to/procmail
+
+ <b>/etc/postfix/main.cf</b>:
+ mailbox_command = /path/to/procmail -a $EXTENSION
+</pre>
+
+<p>
+
+If you can, avoid using any shell meta characters or built-ins such
+as <b>$</b> or <b>"</b> or <b>IFS</b> or <b>&&</b>, because
+they force Postfix to run an expensive shell process. However,
+procmail is a pig, and the gain of avoiding a shell can be
+unnoticeable.
<p>
</ul>
Postfix exports information via environment variables. The contents
-are censored. Any characters that may have special meaning to the
-shell are replaced by underscores.
+are censored. Characters that may have special meaning to the shell,
+including whitespace, are replaced by underscores.
<p>
-<dl>
+<blockquote>
<dl>
</dl>
-</dl>
-
-<hr>
-
-<a name="verbose"><h2>Postfix breaks "sendmail -v"</h2> </a>
-
-Some people will complain that <b>sendmail -v</b> no longer shows
-the actual mail delivery.
-
-<p>
-
-With a distributed mail system such as Postfix, this is difficult
-to implement. Postfix does not run any mail delivery process under
-control by a user. Instead, mail delivery is done by daemon processes
-that have no parental relationship with user processes. This
-eliminates a large variety of potential security exploits with
-environment variables, signal handlers, and with other process
-attributes that UNIX passes on from parent to child.
-
-<p>
-
-In addition, Postfix uses multiple processes in order to insulate
-subsystems from each other. Making the delivery agents talk directly
-to user processes would defeat a lot of the effort that went into
-making Postfix more secure than ordinary mailers.
+</blockquote>
<hr>
-<a name="delivered"><h2>Getting rid of Delivered-To:</h2> </a>
+<a name="delivered"><h3>Getting rid of the ugly Delivered-To: header</h3> </a>
Some people will complain about the ugly <b>Delivered-To:</b>
message header that Postfix prepends to their mail. By default,
<li>
Fortunately, many mail user agents have per-user or even system-wide
-configuration files that can be set up to suppress specific message
+configuration files that can be set up to suppress <b>Delivered-To:</b>
headers (for example <b>~/.mailrc</b> and <b>/usr/lib/Mail.rc</b>).
<p>
<dt><b>/etc/postfix/access_regexp:</b>
<dl>
-
-<dt><tt>/^(.*)-outgoing@(.*)/ 554 Use $1@$2 instead</tt>
+
+<dt><tt>/^(.*)-outgoing@(.*)/ 554 Use $1@$2 instead</tt>
</dl>
The <b>prepend_delivered_header</b> configuration parameter controls
when <b>Delivered-To:</b> is prepended. The default setting is
-<b>command, file, forward</b>. <i>Turning off <b>Delivered-To:</b>
-when forwarding mail is not recommended</i>.
+<b>command, file, forward</b> (translation: prepend <b>Delivered-To:</b>
+when delivering to command, when delivering to file, and when
+forwarding mail). <i>Turning off <b>Delivered-To:</b> when forwarding
+mail is not recommended</i>.
</ul>
<p>
See also the FAQ item for problems with the <b>majordomo</b> <a
-href="#approve">approve</a> command.
+href="#majordomo-approve">approve</a> command.
<hr>
-<a name="approve"><h2>Postfix breaks the majordomo "approve"
-command</h2> </a>
+<a name="majordomo-approve"><h3>Postfix breaks the majordomo "approve"
+command</h3> </a>
The Postfix local delivery agent prepends a <b>Delivered-To:</b>
message header to prevent mail forwarding loops. With <b>majordomo</b>
<p>
-Currently, the workaround is to edit the <b>approve</b> script to
-strip any header lines that match:
+Currently, the recommended workaround is to edit the <b>approve</b>
+script to strip any header lines that match:
<p>
Yes, this assumes that the moderator knows what she is doing.
+<p>
+
+A less-preferred workaround is to not insert <b>Delivered-To:</b>
+when delivering to commands such as majordomo. See the FAQ entry
+titled "<a href="#delivered">Getting rid of the ugly Delivered-To:
+header</a>".
+
<hr>
-<a name="uucp"><h2>Setting up an Internet to UUCP gateway</h2> </a>
+<a name="internal-list"><h3>Protecting internal email distribution lists</h3>
+
+<blockquote>
-Here is how to set up a machine that sends <i>some</i> but not all
-mail via UUCP. See the <a href="#uucp-only">UUCP-only</a> FAQ entry
-for setting a UUCP-only host.
+We want to implement an internal email distribution list. Something
+like all@our.domain.com, which aliases to all employees. My first
+thought was to use the aliases map, but that would lead to "all"
+being accessible from the "outside", and this is not desired...
+:-)
+
+</blockquote>
+
+Postfix can implement per-address access controls. What follows
+is based on the SMTP client IP address, and therefore is subject
+to IP spoofing.
<p>
-<ul>
+<pre>
+ <b>/etc/postfix/main.cf</b>:
+ smtpd_recipient_restrictions =
+ hash:/etc/postfix/access
+ ..the usual stuff...
-<li>Make an entry in <b>/etc/postfix/transport</b>:
+ <b>/etc/postfix/access</b>:
+ all permit_mynetworks,reject
+</pre>
<p>
-<dl>
+Specify <B>dbm</b> instead of <b>hash</b> if your system uses
+<b>dbm</b> files instead of <b>db</b> files.
-<dd><i>some.domain</i> <b>uucp:</b><i>uucp-host</i>
+<p>
-</dl>
+Now, that would be sufficient when your machine receives all Internet
+mail directly from the Internet. That's unlikely if your network
+is a bit larger than an office. For example your backup MX hosts
+would "launder" the client IP address of mail from outside so it
+would appear to come from a trusted machine.
<p>
-This causes all mail for the <i>some.domain</i> (and subdomains
-thereof) to be sent via UUCP to the host <i>uucp-host</i>.
+In the general case you need two lookup tables: one table that
+lists destinations that need to be protected, and one table that
+lists domains that are allowed to send to the protected destinations.
<p>
-<li>Execute the command <b>postmap /etc/postfix/transport</b> whenever
-you change the <b>transport</b> file.
+What follows is based on the sender SMTP envelope address, and
+therefore is subject to SMTP sender spoofing.
+
+<p>
+
+<pre>
+ <b>/etc/postfix/main.cf</b>:
+ smtpd_recipient_restrictions =
+ hash:/etc/postfix/protected_destinations
+ ..the usual stuff...
+
+ smtpd_restriction_classes = insiders_only
+ insiders_only = check_sender_access hash:/etc/postfix/insiders, reject
+
+ <b>/etc/postfix/protected_destinations</b>:
+ all@my.domain insiders_only
+ all@my.hostname insiders_only
+
+ <b>/etc/postfix/insiders</b>:
+ my.domain OK
+ another.domain OK
+</pre>
+
+<p>
+
+The smtpd_restriction_classes verbiage is needed so that Postfix
+knows what lookup tables to open before it goes to chroot jail.
+It is only an artefact of the implementation.
+
+<p>
+
+Getting past this scheme is relatively easy, because all one has
+to do is to spoof the SMTP sender address.
+
+<p>
+
+If the internal list is a low-volume one, perhaps it makes more
+sense to make it moderated.
+
+<hr>
+
+<a name="command"><h3>Commands don't work in Postfix virtual maps</h3>
+
+Delivering mail to a command is a security-sensitive operation,
+because the command must be executed with the right privileges.
+Only <b>root</b>-privileged software such as the Postfix delivery
+agent can set the privileges for a command.
<p>
-<li>You need an entry in <b>/etc/postfix/master.cf</b>:
+For security reasons, Postfix tries to avoid using <b>root</b>
+privileges where possible. In particular, Postfix virtual mapping
+is done by an unprivileged daemon, so there is no secure way to
+execute commands found in virtual maps.
+
+<p>
+
+Solution: specify a local alias instead. The Postfix local delivery
+agent has sufficient privilege to execute commands with the right
+privileges.
+
+<p>
+
+<ul>
+
+<li>Set up a local alias that executes the command:
+
+<p>
<pre>
- uucp unix - n n - - pipe
- flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+ <b>/etc/aliases</b>:
+ name-virtual.domain "|/some/where/command..."
</pre>
<p>
-This runs the <b>uux</b> command, and substitutes the next-hop
-hostname (<i>uucp-host</i>) and the recipients before executing
-the command. The <b>uux</b> command is executed without assistance
-from the shell, so there are no problems with shell meta characters.
+<li>Execute the command <b>newaliases</b> whenever you edit the
+alias database.
<p>
-<li>Edit <b>/etc/postfix/main.cf</b> and enable <b>transport</b>
-table lookups:
+<li>Forward mail for the virtual address to the local alias:
<p>
-<dl>
+<pre>
+ <b>/etc/postfix/virtual</b>:
+ virtual.domain whatever
+ name@virtual.domain name-virtual.domain
+</pre>
-<dd><b>transport_maps = hash:/etc/postfix/transport</b>
+<p>
-</dl>
+<li>Execute the command <b>postmap /etc/postfix/virtual</b> whenever
+you edit the virtual database.
+
+</ul>
<p>
-Specify <B>dbm</b> instead of <b>hash</b> if your system has no
-<b>db</b> support.
+
+Note: on some systems the alias database is not in <b>/etc/aliases</b>.
+To find out the location for your system, execute the command
+<b>postconf alias_maps</b>.
+
+<hr>
+
+<a name="unknown_virtual"><h3>Mail for unknown virtual users fails
+with a mail loop error</h3>
+
+Problem: mail for an unknown virtual user results in an ugly "mail
+loops back to myself" error from the Postfix SMTP client. Why
+doesn't Postfix generate a "user unknown" instead?
<p>
-<li>Edit <b>/etc/postfix/main.cf</b> and add <i>some.domain</i> to
-the list of domains that your site is willing to relay mail for.
-See the <a href="uce.html#relay_domains">relay_domains</a>
-configuration parameter.
+Solution: add a magical entry to the Postfix virtual database:
<p>
-<li>Execute the command <b>postfix reload</b> to make the
-changes effective.
+<pre>
+ <b>/etc/postfix/virtual</b>:
+ virtual.domain whatever
+</pre>
+
+<p>
+
+This entry will also fix the problem that the Postfix SMTP server
+refuses to <a href="#relay_virtual">receive</a> mail for the virtual
+domain.
+
+<p>
+
+For more information on how to set up virtual domains, see the <a
+href="virtual.5.html">virtual</a> manual page.
+
+<hr>
+
+<a name="relay_virtual"><h3>Postfix refuses to receive mail for some
+virtual domains </h3>
+
+In order to receive mail for virtual domains, the Postfix SMTP server
+needs to know that the domain is OK.
+
+<p>
+
+<ul>
+
+<li>Create an entry in the virtual map that lists the virtual
+domain name:
+
+<p>
+
+<pre>
+ <b>/etc/postfix/virtual</b>:
+ virtual.domain whatever
+</pre>
+
+<p>
+
+<li>Verify that
+the <a
+href="uce.html#relay_domains">relay_domains</a> parameter contains
+<b>$virtual_maps</b>. This is the default setting.
+
+<p>
+
+<li>Verify that the <a
+href="uce.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>
+parameter contains a restriction that depends on <a
+href="uce.html#relay_domains">relay_domains</a>. This is the default setting.
</ul>
+<p>
+
+For more details, see the <a href="virtual.5.html">virtual</a>
+manual page.
+
<hr>
-<a name="uucp-only"><h2>Using UUCP as the default transport</h2> </a>
+<a name="masquerade"><h3>Address masquerading with exceptions</h3></a>
-Here is how to relay all your mail over a UUCP link. See the <a
-href="#uucp">Internet to UUCP</a> FAQ entry for setting up a machine
-that gateways between UUCP and SMTP.
+For people outside your organization it can be desirable to only
+see addresses of the form <i>user@company.com</i> rather than
+addresses with individual internal host names. This can be achieved
+with address masquerading.
<p>
+Address masquerading is intended for use only on mail gateways.
+
<ul>
-<li>There is no need for a <b>transport</b> table.
+<li>In order to have all mail through the gateway host appear as
+coming from <i>user@my.domain</i>, specify:
<p>
-<li>In <b>/etc/postfix/main.cf</b>, specify the name of your
-UUCP gateway host, and specify that all mail must be sent
-via the <b>uucp</b> message transport:
+<pre>
+ <b>/etc/postfix/main.cf</b>:
+ masquerade_domains = $mydomain
+</pre>
<p>
-<dl>
+Note that the gateway should have <b><a
+href="rewrite.html#append_dot_mydomain">append_dot_mydomain</a></b>
+and <b><a href="rewrite.html#append_at_myorigin">append_at_myorigin</a></b>
+turned on (which is the default setting) so that all addresses are
+fully qualified before they are subjected to address masquerading.
+
+</ul>
-<dd><b>relayhost = </b><i>uucp-gateway</i>
+<p>
-<dd><b>default_transport = uucp</b>
+In some cases, you may wish to have certain users or hosts exempted
+from masquerading.
-</dl>
+<ul>
+
+<li>To exempt certain <i>users</i> from masquerading,
+such as <b>root</b>, specify:
<p>
-<li>You need an entry in <b>/etc/postfix/master.cf</b>:
+<pre>
+ <b>/etc/postfix/main.cf</b>:
+ masquerade_exceptions = root
+</pre>
+
+<p>
+
+<li>To exempt certain <i>hosts</i> from masquerading, write
+<b>masquerade_domains</b> as:
+
+<p>
<pre>
- uucp unix - n n - - pipe
- flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+ <b>/etc/postfix/main.cf</b>:
+ masquerade_domains = somehost.my.domain otherhost.my.domain $mydomain
</pre>
-This runs the <b>uux</b> command, and substitutes the next-hop
-hostname (<i>uucp-gateway</i>, or whatever you specified) and the
-recipients before executing the command. The <b>uux</b> command
-is executed without assistance from the shell, so there are no
-problems with shell meta characters.
+<p>
+
+Note that the order above is crucial: exemptions such as
+<i>somehost.my.domain</i> must precede <i>$mydomain</i> in the
+statement.
<p>
-<li>Execute the command <b>postfix reload</b> to make the
-changes effective.
+It should go without saying that if a particular host you wish to
+exempt this way is originating mail as <i>user@my.domain</i> in
+the first place, you can hardly exempt it.
+
+<p>
</ul>
+As usual, execute the command <b>postfix reload</b> to make the changes
+effective.
+
+<p>
+
<hr>
-<a name="fax"><h2>Sending mail to a FAX machine</h2></a>
+<a name="scanning"><h3>Support for virus scanning</h3> </a>
-The following information is by Joerg Henne:
+Would not it be great if operating systems and applications actually
+worked the way they are supposed to, instead of being as fragile
+as today's products? Well, we can solve only one problem at a time.
<p>
-Over here we are using the scheme <fax number>@fax.our.domain with Postfix and
-HylaFax. Here's the setup used:
+
+Currently, Postfix has no hooks to let other programs inspect every
+message, so the scanning has to be done before mail enters Postfix
+or while mail leaves Postfix, for example at mailbox delivery time.
<p>
-In master.cf:
+
+Examples:
<p>
<pre>
- fax unix - n n - - pipe
- flags= user=fax argv=/usr/bin/faxmail -d -n ${user}
+ <b>/etc/postfix/main.cf</b>:
+ mailbox_command = /some/program ...
</pre>
<p>
-In the transports map:
+This example specifies a command that delivers all local mail to
+mailbox. See the sample <b>main.cf</b> file for examples. In
+<b>/etc/aliases</i>, you must specify an alias for <b>root</b> that
+directs mail to a real person, otherwise mail sent to <b>root</b>
+will not work as expected.
<p>
<pre>
- fax.your.domain fax:localhost
+ <b>/etc/postfix/main.cf</b>:
+ mailbox_transport = foo
</pre>
<p>
-Note: be sure to not advertise <b>fax.your.domain</b> in the DNS...
+This example delegates local mailbox delivery to the transport
+<i>foo</i> as configured in <b>/etc/postfix/master.cf</b>. If you
+follow this route you will build something around the pipe mailer.
+See examples in <b>master.cf</b>.
<hr>
-<a name="timeouts"><h2>Mail fails with timeout or lost connection</h2></a>
+<a name="internet-uucp"><h3>Setting up an Internet to UUCP gateway</h3> </a>
-Occasionally, mail fails with "timed out while sending end of data
--- message may be sent more than once", or with: "lost connection after DATA".
-Network outages happen, systems crash. There isn't much you can
-do about it.
+Here is how to set up a machine that sits on the Internet and that
+delivers <i>some</i> but not all non-local mail via UUCP. See the
+<a href="#uucp-only">UUCP-only</a> FAQ entry for setting a UUCP-only
+host.
<p>
-However, when you see mail deliveries fail consistently, you may
-have a different problem: broken path MTU discovery.
+<ul>
+
+<li>Specify that mail for, let's say, <i>some.domain</i>, should be
+delivered via UUCP, for example, to a host named <i>uucp-host</i>:
<p>
-A little background is in order. With the SMTP protocol, the HELO,
-MAIL FROM and RCPT TO commands and responses are relatively short.
-When you're talking to sendmail, every command and every response
-is sent as a separate packet, because sendmail cannot implement
-ESMTP command pipelining.
+<pre>
+ <b>/etc/postfix/transport</b>:
+ some.domain uucp:uucp-host
+ .some.domain uucp:uucp-host
+</pre>
<p>
-The message content, however, is sent as a few datagrams, each
-datagram typically a kbyte large or even bigger, depending on your
-local network MTU.
+See the <a href="transport.5.html">transport</a> manual page
+for more details.
<p>
-When mail fails consistently due to a timeout, I suspect that the
-sending machine runs a modern UNIX which implements path MTU
-discovery. That causes the machine to send packets as large as it
-would send over the LAN, with the IP DONT'T FRAGMENT bit set,
-preventing intermediate routers from fragmenting the packets that
-are too big for their networks.
+<li>Execute the command <b>postmap /etc/postfix/transport</b> whenever
+you change the <b>transport</b> file.
<p>
-Depending on what network path a message follows, some router on
-the way responds with an ICMP MUST FRAGMENT message saying the
-packet is too big. Normally, the sending machine will re-send the
-data after chopping it up into smaller pieces.
+<li>Enable <b>transport</b> table lookups:
<p>
-However, things break when some router closer to the sending system
-is dropping such ICMP feedback messages, in a mistaken attempt to
-protect systems against certain attacks. In that case, the ICMP
-feedback message never reaches the sending machine, and the connection
-times out.
+<pre>
+ <b>/etc/postfix/main.cf</b>:
+ transport_maps = hash:/etc/postfix/transport
+</pre>
<p>
-This is the same configuration problem that causes trouble with
-web servers behind a misconfigured packet filter: small images/files
-are sent intact, large images/files time out because the server
-does not see the MUST FRAGMENT ICMP feedback messages.
+Specify <B>dbm</b> instead of <b>hash</b> if your system uses
+<b>dbm</b> files instead of <b>db</b> files.
<p>
-Workaround: disable path MTU discovery at the sending machine. Mail
-will get out, but of course everyone else will still suffer. How
-to disable path MTU discovery? It depends. Solaris has an <b>ndd</b>
-command; other systems use different means such as <b>sysctl</b>
-to control kernel parameters on a running system.
+<li>Define a mail transport for delivery via UUCP:
+
+<pre>
+ <b>/etc/postfix/master.cf</b>:
+ uucp unix - n n - - pipe
+ flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+</pre>
<p>
-Fix: find the router that drops the ICMP MUST FRAGMENT messages,
-and convince the person responsible for it to fix the configuration.
+This runs the <b>uux</b> command, and substitutes the next-hop
+hostname (<i>uucp-host</i>) and the recipients before executing
+the command. The <b>uux</b> command is executed without assistance
+from the shell, so there are no problems with shell meta characters.
+
+<p>
+
+<li>Add <i>some.domain</i> to the list of domains that your site
+is willing to relay mail for.
+
+<p>
+
+<pre>
+ <b>/etc/postfix/main.cf</b>:
+ relay_domains = some.domain $mydestination $virtual_maps ...
+</pre>
+
+<p>
+
+See the <a href="uce.html#relay_domains">relay_domains</a>
+configuration parameter description for details.
+
+<p>
+
+<li>Execute the command <b>postfix reload</b> to make the
+changes effective.
+
+</ul>
+
+<hr>
+
+<a name="uucp-only"><h3>Using UUCP as the default transport</h3> </a>
+
+Here is how to relay all your mail over a UUCP link. See the <a
+href="#uucp">Internet to UUCP</a> FAQ entry for setting up a machine
+that gateways between UUCP and SMTP.
+
+<p>
+
+<ul>
+
+<li>There is no need for a <b>transport</b> table.
+
+<p>
+
+<li> Specify that all remote mail must be sent via the <b>uucp</b>
+mail transport to your UUCP gateway host, say, <i>uucp-gateway</i>:
+
+<p>
+
+<pre>
+ <b>/etc/postfix/main.cf</b>:
+ relayhost = uucp-gateway
+ default_transport = uucp
+</pre>
+
+<p>
+
+<li>Define a message transport for mail delivery via UUCP:
+
+<p>
+
+<pre>
+ <b>/etc/postfix/master.cf</b>:
+ uucp unix - n n - - pipe
+ flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+</pre>
+
+<p>
+
+This runs the <b>uux</b> command, and substitutes the next-hop
+hostname (<i>uucp-gateway</i>, or whatever you specified) and the
+recipients before executing the command. The <b>uux</b> command
+is executed without assistance from the shell, so there are no
+problems with shell meta characters.
+
+<p>
+
+<li>Execute the command <b>postfix reload</b> to make the
+changes effective.
+
+</ul>
<hr>
-<a name="bind"><h2>Undefined symbols: ___dn_expand, ___res_init etc.</h2></a>
+<a name="fax"><h3>Sending mail to a FAX machine</h3></a>
+
+The following information is by Joerg Henne:
+
+<p>
+Over here we are using the scheme <fax number>@fax.our.domain with Postfix and
+HylaFax. Here's the setup used:
+
+<p>
+
+<pre>
+ <b>/etc/postfix/master.cf</b>:
+ fax unix - n n - - pipe
+ flags= user=fax argv=/usr/bin/faxmail -d -n ${user}
+
+ <b>/etc/postfix/transport</b>:
+ fax.your.domain fax:localhost
+
+ <b>/etc/postfix/main.cf</b>:
+ transport_maps = hash:/etc/postfix/transport
+</pre>
+
+<p>
+
+Specify <B>dbm</b> instead of <b>hash</b> if your system uses
+<b>dbm</b> files instead of <b>db</b> files.
+
+<p>
+
+Note: be sure to not advertise <b>fax.your.domain</b> in the DNS...
+
+<hr>
+
+<a name="bind"><h3>Undefined symbols: ___dn_expand, ___res_init etc.</h3></a>
Question: When I build Postfix I get the following errors:
<p>
Answer: you're mixing BIND version 8 include files with a
-different version of the resolver library.
+different version of the resolver library.
<p>
-Fix: use the right include files. For example:
+Fix: use the right include files. For example:
<p>
<hr>
-<a name="dbm"><h2>Undefined symbols: dbm_pagfno, dbm_dirfno etc.</h2></a>
+<a name="dbm_dirfno"><h3>Undefined symbols: dbm_pagfno, dbm_dirfno etc.</h3></a>
Question: When I build Postfix I get the following errors:
<p>
-Answer: instead of using /usr/include/ndbm.h, you're building
-Postfix with some incompatible third-party ndbm.h include file,
-typically something in /usr/local/include.
+Answer: instead of using <b>/usr/include/ndbm.h</b>, you're building
+Postfix with some incompatible third-party file, typically
+<b>/usr/local/include/ndbm.h</b>.
<p>
<hr>
-<a name="db"><h2>Using DB libraries on Solaris etc.</h2> </a>
+<a name="db"><h3>Using DB libraries on Solaris etc.</h3> </a>
The old <b>dbm</b> UNIX database has severe limitations when you
try to store lots of information. It breaks when the number of hash
In order to build Postfix with <b>db</b> support on UNIX systems
that do not have <b>db</b> support out of the box, you need the
-db-1.85 release, or <a href="http://www.sleepycat.com">the current
+db-1.85 release, or <a href="http://www.sleepycat.com">the current
version</a> which has a db-1.85 compatible interface.
<p>
The LD_LIBRARY_PATH unset commands may be required to avoid linking
in the wrong libraries.
-<dl>
-
-<dd>% <tt>LD_LIBRARY_PATH= </tt>   <i>(Bourne-shell syntax)</i>
-
-<dd>% <tt>unsetenv LD_LIBRARY_PATH </tt>   <i>(C-shell syntax)</i>
-
-<dd>% <tt>make tidy</tt>
-
-<dd>% <tt>make makefiles CCARGS="-DHAS_DB -DPATH_DB_H='<db_185.h>'
--I</tt><i>/some/where/include</i><tt>"
-AUXLIBS=</tt><i>/some/where/libdb.a</i>
-
-<dd>% <tt>make</tt>
+<p>
-</dl>
+<pre>
+ % LD_LIBRARY_PATH= (Bourne-shell syntax)
+ % unsetenv LD_LIBRARY_PATH (C-shell syntax)
+ % make tidy
+ % make makefiles CCARGS="-DHAS_DB -DPATH_DB_H='<db_185.h>' -I/some/where/include" AUXLIBS=/some/where/libdb.a
+ % make
+</pre>
<p>
<p>
-One problem: older DB versions install a file <b>/usr/local/include/ndbm.h</b>
-that is incompatible with <b>/usr/include/ndbm.h</b>. Be sure
-to get rid of the bogus file, or the linker will fail to find
-<b>dbm_dirfno</b>.
+One problem: older DB versions install a file
+<b>/usr/local/include/ndbm.h</b> that is incompatible with
+<b>/usr/include/ndbm.h</b>. Be sure to get rid of the bogus file.
+See the FAQ entry titled "<a href="#dbm_dirfno">Undefined symbols:
+dbm_pagfno, dbm_dirfno etc".
<hr>
projects / thirdparty / postfix.git / commitdiff
