Postfix is by far an MTA favorite amongst anyone who has every been a mail server administrator. It’s ease of use and stability is second to none. You can read more about it by visiting their website at http://www.postfix.org/.
Shut down Sendmail:
# /etc/rc.d/sendmail forcestop
NOTE:
If the above command does not shut down Sendmail, you’ll have to manually kill the PIDs. You can either find the PIDs and kill them (2) individually or you can run the following command:
# sh # for i in `ps auxwww|grep sendmail|awk '{print $2}'`;do kill $i;done && exit
Disable Sendmail and start Postfix at boot:
# cat << EOF >> /etc/rc.conf sendmail_enable="NO" sendmail_submit_enable="NO" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="NO" postfix_enable="YES" EOF
Create and add Postfix stuffs to the /etc/periodic.conf file:
# cat << EOF >> /etc/periodic.conf daily_clean_hoststat_enable="NO" daily_status_mail_rejects_enable="NO" daily_status_include_submit_mailq="NO" daily_submit_queuerun="NO" EOF
Create and secure the SMTP SSL certificate:
# mkdir -p /usr/local/etc/ssl/postfix # cd /usr/local/etc/ssl/postfix # openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650 # chmod 640 /usr/local/etc/ssl/postfix/* # chgrp -R postfix /usr/local/etc/ssl/postfix
Edit /usr/local/etc/postfix/main.cf file:
Find and edit/add the RED TEXT.
... soft_bounce = no # SASL CONFIG broken_sasl_auth_clients = yes smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_unknown_hostname, reject_non_fqdn_hostname, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unlisted_sender, permit smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client rhsbl.sorbs.net, reject_rbl_client db.wpbl.info, reject_rbl_client cbl.abuseat.org, reject_rbl_client proxies.blackholes.wirehub.net, reject_rbl_client query.bondedsender.org permit smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth # TLS CONFIG smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /usr/local/etc/ssl/postfix/smtpd.pem smtpd_tls_cert_file = /usr/local/etc/ssl/postfix/smtpd.pem smtpd_tls_CAfile = /usr/local/etc/ssl/postfix/smtpd.pem smtpd_tls_loglevel = 0 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3 tls_random_source = dev:/dev/urandom #MySQL Configuration virtual_alias_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:125 virtual_mailbox_base = /usr/local/virtual virtual_mailbox_domains = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 51200000 virtual_mailbox_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 125 virtual_transport = dovecot virtual_uid_maps = static:125 # Additional for quota support virtual_mailbox_limit_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps maximal_queue_lifetime = 1d bounce_queue_lifetime = 1d # Adjusted message size limit. message_size_limit = 25600000 ... myhostname = host.domain.tld ... mydomain = domain.tld ... mydestination = localhost.$mydomain, localhost ... relay_domains = proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf ... relay_recipient_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf ... # TRANSPORT MAP # # See the discussion in the ADDRESS_REWRITING_README document. dovecot_destination_recipient_limit = 1 ...
Edit the /usr/local/etc/postfix/master.cf file:
Find and edit/add the RED TEXT.
... submission inet n - n - - smtpd ... -o smtpd_sasl_auth_enable=yes -o smtpd_tls_auth_only=yes ... -o smtpd_sender_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o smtpd_relay_restrictions=permit_sasl_authenticated,reject ... smtps inet n - n - - smtpd ... -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes ... -o smtpd_sender_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o smtpd_relay_restrictions=permit_sasl_authenticated,reject ... (At the end of the file, add) dovecot unix - n n - - pipe flags=DRhu user=vscan:vscan argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${recipient} ...
Create and edit /usr/local/etc/postfix/mysql_virtual_alias_maps.cf file:
user = postfix password = postfix_sql_password hosts = localhost dbname = postfix query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
Create and edit /usr/local/etc/postfix/mysql_virtual_domains_maps.cf file:
user = postfix password = postfix_sql_password hosts = localhost dbname = postfix query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '0' and active = '1'
Create and edit /usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf file:
user = postfix password = postfix_sql_password hosts = localhost dbname = postfix query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
Create and edit /usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf file:
user = postfix password = postfix_sql_password hosts = localhost dbname = postfix query = SELECT quota FROM mailbox WHERE username='%s'
Create and edit /usr/local/etc/postfix/mysql_relay_domains_maps.cf file:
user = postfix password = postfix_sql_password hosts = localhost dbname = postfix query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1'
Secure Postfix’s MySQL files:
# chmod 640 /usr/local/etc/postfix/mysql_* # chgrp postfix /usr/local/etc/postfix/mysql_*
Edit /etc/aliases file:
Uncomment and change “root” to an email address you want system messages to be mailed to:
root: you@your-domain.tld
Create aliases.db file:
# /usr/bin/newaliases