[PLUG] postfix tips ?

Rich Shepard rshepard at appl-ecosys.com
Wed May 29 23:26:03 UTC 2002 

On Wed, 29 May 2002 gilmanhunt at attbi.com wrote:

> Well, it looks like I'm about to embark on installation of a mail server
> here at my new job. Currently, the mail gets put in a mailbox at our ISP
> (all addresses sent to one address via a line in a virtusers file) and
> then the IT guys fire up a Mac (MailAdmin) package that downloads and
> disburses the email.  I'll be setting up a email server here that'll
> handle the stuff in a more modern fashion.

  Beware the effects of culture shock on the current IT guys.
 
> I configured my box to use it in about an hour or so. Is there anything
> not-obvious I"m going to be needing for the setup?  I want to set up
> spam-assassin as well as amavis, both of those seem to have instructions
> and the like.
 
  A few thoughts.

  The Postfix book is a useful reference. I found it both helpful and
informative -- once past the first chapter on "What is electronic mail?".

  Did you get caught by postfix wanting a fully-qualified host name to
install, but other tools wanting only the hostname? Before installing
postfix run 'hostname <fq.h.n>', then install. After postfix is up and
running, run 'hostname <host>' and put it back to normal.

  If you're running on a Red Hat or similar system, Simon Mudd's rpms are
the way to go. Not only does it make installation easy, but it puts all the
init files where they need to be.

  The main.cf contains a place holder for 'smtpd_sender_restrictions='.
Replace that with 'smtpd_recipient_restrictions='; Ed told me it's the
preferred way to go. Also, be aware of the order of filters there. Here's
mine:

smtpd_recipient_restrictions =
        permit_mynetworks,
        check_client_access hash:/etc/postfix/badip,
        check_client_access hash:/etc/postfix/badaddr,
        check_relay_domains
header_checks = regexp:/etc/postfix/header_checks
body_checks = regexp:/etc/postfix/body_checks

  The key points are: 'permit_mynetworks' must come first and
'check_relay_domains' must come last. As you can see, I apportion spam
checking across four files here (plus the access.db):

	badip 		All the IP addresses I want rejected.
	badaddr		All the domain names I want rejected.
	header_checks	Key words and phrases found in spam headers.
	body_checks	Key words and phrases found in spam message bodies.
The access file is a huge regex list (~2M) of spoofed addresses and other
known spam indicators as collected in real time by a site in The
Netherlands. I download a new one every few weeks and hash it into
access.db.

  Every time you make a change to the mail filters or config files, remember
to run '/usr/sbin/postfix reload'.

  Some place I saw that someone had put together instructions for attaching
spamassassin under postfix, so it's out there to be found again. :-)

HTH,

Rich

More information about the PLUG mailing list