pavement

Postfix

From FreeBSDwiki
(Difference between revisions)
Jump to: navigation, search
(Support Servers)
 
(18 intermediate revisions by 7 users not shown)
Line 1: Line 1:
Postfix is an MTA (mail transfer agent) that is intended to be a replacement of the default Sendmail MTA used on many Unix and Unix-like platforms, including FreeBSD.  Postfix is considered to be a faster, easier to manage and more secure then Sendmail.  It also has the advantage of using the same configuration file options that Sendmail uses to simplify migration and reduce the need to learn a new system.
+
Postfix is an MTA (mail transfer agent) that is intended to be a replacement for the default Sendmail MTA used on many Unix and Unix-like platforms, including FreeBSD.  Postfix is considered to be a faster, easier to manage and more secure than Sendmail.  It also has the advantage of using the same configuration file options that Sendmail uses to simplify migration and reduce the need to learn a new system.
 +
 
 +
Postfix itself is simply an [[SMTP]] server capable of receiving and delivering email to other SMTP servers.  Client applications such as Mozilla Thunderbird or Microsoft Outlook cannot receive mail directly from Postfix.  To enable mail retrieval the Postfix server is typically run alongside another server capable of handling [[POP3]] and/or [[IMAP4]] requests (see below for support servers).
 +
 
 +
For tips on specific configurations, see [[Postfix, relay MX]], [[Postfix, virtual domain setup]] and [[Postfix, maintaining relay destinations]].
 +
 
 +
 
 +
 
  
Postfix itself is simply an SMTP server capable of receiving and delivering email to other SMTP servers.  Client applications such as Mozilla Thunderbird or Microsoft Outlook cannot receive mail directly from Postfix.  To enable mail retrieval the Postfix server is typically run alongside another server capable of handling POP3 and/or IMAP4 requests (see below for support servers).
 
  
 
== Origins ==
 
== Origins ==
Line 15: Line 21:
 
Received email can be stored in the following file-based mailboxes
 
Received email can be stored in the following file-based mailboxes
  
* [http://en.wikipedia.org/wiki/Mbox mbox] - a single, flat-file containing all emails addressed to a recipient;
+
* [[mbox]] ([http://en.wikipedia.org/wiki/Mbox mbox]) - a single, flat-file containing all emails addressed to a recipient;
* [http://en.wikipedia.org/wiki/Maildir Maildir] - a single directory, usually located under the user's home directory, containing a file per email received;
+
* [[Maildir]] ([http://en.wikipedia.org/wiki/Maildir Maildir]) - a single directory, usually located under the user's home directory, containing a file per email received;
 
* virtual domains;
 
* virtual domains;
  
 
=== Mappings ===
 
=== Mappings ===
  
Mail mapping can be stored in the following database-based formats:
+
Mail mappings can be stored in the following database-based formats:
  
 
* [http://en.wikipedia.org/wiki/Berkeley_DB Berkley DB] - a simple but effective database system but does not network;
 
* [http://en.wikipedia.org/wiki/Berkeley_DB Berkley DB] - a simple but effective database system but does not network;
Line 32: Line 38:
 
=== Addressing ===
 
=== Addressing ===
  
+
ail mappings can be stored in the following database-based formats:
 +
 
 +
* Rewriting - change the email to the fully-qualified domain name, for example name@mail1.domain.com;
 +
* Canonical - change firstname.lastname style addresses to local username;
 +
* Masquerading - allows more then one internal domain name to emerge onto the internet as one final domain name
 +
* Virtual Aliasing - this can redirect email and is useful in conjunction with Relocated Users (below);
 +
* Mail Transport - determines the method of delivery for certain adresses;
 +
* Relocate Users - where to forward email when users or even whole domains are removed;
 +
* Alias Database - the simplest use for aliases is to redirect standard email addresses like postmaster to a real user and more advanced uses include distribution list addresses;
 +
* Non-existent users - if an email address does not exist a bounce message is typically generated but this permits alternative methods to such addresses.
 +
 
 
=== Security ===
 
=== Security ===
  
 
Security has been enhanced with the following features:
 
Security has been enhanced with the following features:
  
* Transport Layer Security (TLS)
+
* Transport Layer Security (TLS);
* delegation of SMTP policies to an external process (this allows Greylisting) and advanced content filtering.
+
* Delegation of SMTP policies to an external process (this allows Greylisting) and advanced content filtering;
* VERP
+
* VERP;
* SMTP-AUTH via SASL
+
* SMTP-AUTH via SASL;
* Others
+
* Others;
* Milter support
+
* Milter support.
  
 
One of the strengths of Postfix is its resilience against buffer overflows. Another one is its handling of large amounts of e-mail. Postfix is built as a cooperating network of different daemons. Each daemon fulfills a single task using minimum privileges. In this way, if a daemon is compromised, the impact remains limited to that daemon and cannot spread throughout the entire system. There is only one process with root privileges (master), and a few (local, virtual, pipe) that actually write to disk or invoke external programs. Most daemons can be easily chrooted.
 
One of the strengths of Postfix is its resilience against buffer overflows. Another one is its handling of large amounts of e-mail. Postfix is built as a cooperating network of different daemons. Each daemon fulfills a single task using minimum privileges. In this way, if a daemon is compromised, the impact remains limited to that daemon and cannot spread throughout the entire system. There is only one process with root privileges (master), and a few (local, virtual, pipe) that actually write to disk or invoke external programs. Most daemons can be easily chrooted.
Line 53: Line 69:
  
 
Postfix is limited to the sending and reception of email using the SMTP protocol.  This does not permit email clients to retrieve email from it in a simple user-friendly manner.  This is where a support server can be run alongside Postfix to provide email clients with a method to retrieve stored email messages.  The common protocols used by email clients are POP3 and IMAP4.  POP3 is typically used by ISPs and internet facing mail services and IMAP4 is typically used on private corporate networks.
 
Postfix is limited to the sending and reception of email using the SMTP protocol.  This does not permit email clients to retrieve email from it in a simple user-friendly manner.  This is where a support server can be run alongside Postfix to provide email clients with a method to retrieve stored email messages.  The common protocols used by email clients are POP3 and IMAP4.  POP3 is typically used by ISPs and internet facing mail services and IMAP4 is typically used on private corporate networks.
 +
 +
In simple terms POP3 is a mail retrieval protocol that allows an email client download any and all emails to the local host.  Usually emails are removed from the server so only the client copy exists.  This differs to IMAP4 where an email client will view the emails available but they will be retained on the server until the client deletes them.
  
 
There are numerous support servers available to handle POP3 and/or IMAP4 both open source and commercial.  The following list contains open source implementations available from the FreeBSD ports system:
 
There are numerous support servers available to handle POP3 and/or IMAP4 both open source and commercial.  The following list contains open source implementations available from the FreeBSD ports system:
Line 63: Line 81:
  
 
[[Category:FreeBSD for Servers]]
 
[[Category:FreeBSD for Servers]]
 +
[[Category:Postfix]]

Latest revision as of 08:09, 21 December 2009

Postfix is an MTA (mail transfer agent) that is intended to be a replacement for the default Sendmail MTA used on many Unix and Unix-like platforms, including FreeBSD. Postfix is considered to be a faster, easier to manage and more secure than Sendmail. It also has the advantage of using the same configuration file options that Sendmail uses to simplify migration and reduce the need to learn a new system.

Postfix itself is simply an SMTP server capable of receiving and delivering email to other SMTP servers. Client applications such as Mozilla Thunderbird or Microsoft Outlook cannot receive mail directly from Postfix. To enable mail retrieval the Postfix server is typically run alongside another server capable of handling POP3 and/or IMAP4 requests (see below for support servers).

For tips on specific configurations, see Postfix, relay MX, Postfix, virtual domain setup and Postfix, maintaining relay destinations.



Contents

[edit] Origins

Postfix began as a program called VMailer and later became IBM Secure Mailer before being released as Postfix in 1999 under the IBM Public License 1.0. This license makes Postfix free software but is not compatible with the GPL. It continues to be actively developed and has its own website.

[edit] Features

Postfix has the following features (references taken from the Wikipedia entry for Postfix).

[edit] Storage

Received email can be stored in the following file-based mailboxes

  • mbox (mbox) - a single, flat-file containing all emails addressed to a recipient;
  • Maildir (Maildir) - a single directory, usually located under the user's home directory, containing a file per email received;
  • virtual domains;

[edit] Mappings

Mail mappings can be stored in the following database-based formats:

  • Berkley DB - a simple but effective database system but does not network;
  • CDB - a quick and effective database designed around the file system;
  • DBM;
  • LDAP - a hierarchical system often used for authentication (Microsoft adapted LDAP to create their Active Directory system);
  • MySQL - a real SQL database system similar to Microsoft and Oracle SQL servers;
  • PostgreSQL - a real SQL database system similar to Microsoft and Oracle SQL servers.

[edit] Addressing

ail mappings can be stored in the following database-based formats:

  • Rewriting - change the email to the fully-qualified domain name, for example name@mail1.domain.com;
  • Canonical - change firstname.lastname style addresses to local username;
  • Masquerading - allows more then one internal domain name to emerge onto the internet as one final domain name
  • Virtual Aliasing - this can redirect email and is useful in conjunction with Relocated Users (below);
  • Mail Transport - determines the method of delivery for certain adresses;
  • Relocate Users - where to forward email when users or even whole domains are removed;
  • Alias Database - the simplest use for aliases is to redirect standard email addresses like postmaster to a real user and more advanced uses include distribution list addresses;
  • Non-existent users - if an email address does not exist a bounce message is typically generated but this permits alternative methods to such addresses.

[edit] Security

Security has been enhanced with the following features:

  • Transport Layer Security (TLS);
  • Delegation of SMTP policies to an external process (this allows Greylisting) and advanced content filtering;
  • VERP;
  • SMTP-AUTH via SASL;
  • Others;
  • Milter support.

One of the strengths of Postfix is its resilience against buffer overflows. Another one is its handling of large amounts of e-mail. Postfix is built as a cooperating network of different daemons. Each daemon fulfills a single task using minimum privileges. In this way, if a daemon is compromised, the impact remains limited to that daemon and cannot spread throughout the entire system. There is only one process with root privileges (master), and a few (local, virtual, pipe) that actually write to disk or invoke external programs. Most daemons can be easily chrooted.

[edit] Portability

Postfix can also be compiled on AIX, BSD, HP-UX, IRIX, Linux, Mac OS X, Solaris, Tru64 UNIX and, generally speaking, on every Unix-like OS that ships with a C compiler, standard POSIX development libraries and all the libraries required for handling BSD sockets.

[edit] Support Servers

Postfix is limited to the sending and reception of email using the SMTP protocol. This does not permit email clients to retrieve email from it in a simple user-friendly manner. This is where a support server can be run alongside Postfix to provide email clients with a method to retrieve stored email messages. The common protocols used by email clients are POP3 and IMAP4. POP3 is typically used by ISPs and internet facing mail services and IMAP4 is typically used on private corporate networks.

In simple terms POP3 is a mail retrieval protocol that allows an email client download any and all emails to the local host. Usually emails are removed from the server so only the client copy exists. This differs to IMAP4 where an email client will view the emails available but they will be retained on the server until the client deletes them.

There are numerous support servers available to handle POP3 and/or IMAP4 both open source and commercial. The following list contains open source implementations available from the FreeBSD ports system:

  • BINC IMAP - this aims to be stable, fast, flexible, and RFC compliant, available under the GPL;
  • Courier MTA - Courier is a modular multiprotocol mail server that's designed to strike a balance between reasonable performance, flexibility and multiple features;
  • Cyrus IMAP - The Cyrus IMAP server is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based technologies;
  • Dovecot - relatively new but maturing, fast and secure implementation of the POP3 and IMAP4 protocols;
  • UW IMAP - This is the IMAP4rev1 server from the University of Washington. Included are (almost) backwards-compatible POP2 and POP3 servers.
Personal tools