From Indie IT Wiki
Jump to: navigation, search

Postfix is a free and open-source mail transfer agent (MTA) that routes and delivers electronic mail. It is intended as a fast, easier-to-administer, and secure alternative to the widely-used Sendmail MTA.


Fix Error: NIS domain name not set


warning: dict_nis_init: NIS domain name not set - NIS lookups disabled


sudo postconf -e "alias_maps = hash:/etc/aliases"
sudo postfix stop
sudo postfix start

Thanks -

Web Administration


There are two different parameters we can set in postfix, which act differently.

  1. check_client_access - Blocks by client IP, Client IP Range or Hostname.
  2. check_sender_access - Block by sender e-mail address (In the FROM field).

This is how it would look in the file...

smtpd_recipient_restrictions =
  check_client_access hash:/etc/postfix/client_access,
  check_sender_access hash:/etc/postfix/sender_access,
  (add your reject lines now)

Then, add your email addresses, domains or IP addresses to the text whitelist files...

123.456.789.0 OK OK OK
/etc/postfix/sender_access OK OK

Create the database file and reload postfix...

postmap /etc/postfix/client_access
postmap /etc/postfix/sender_access
postfix reload

Amazon Web Services SES (Simple Email Service)

[]:587 AKyouraccesskeyinhere:youraccesskeypasswordinhere
relayhost = []:587
smtp_generic_maps = hash:/etc/postfix/generic
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_password
smtp_use_tls = yes 
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

Add Custom Header

nano /etc/postfix/

header_checks = regexp:/etc/postfix/header_checks
nano /etc/postfix/header_checks

/^Content-Type:/i PREPEND X-Received-By:

You can then add a custom Thunderbird Message Filter to Add a Tag based on Header Content :-)

Thanks -

Backup MX

nano /etc/postfix/

inet_protocols = ipv4
inet_interfaces = all
myhostname =
mynetworks =
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
relayhost = []:25
relay_domains =
nano /etc/aliases

postmaster: root

Order Of Postfix Checking

The order of evaluation is...

  1. smtpd_client_restrictions
  2. smtpd_helo_restrictions
  3. smtpd_sender_restrictions
  4. smtpd_recipient_restrictions
  5. smtpd_data_restrictions

Rejecting Unknown Clients

If you see the following lines in your logs...

postfix/smtpd[28842]: 3B0CD41C98: client=unknown[]

Then you can add the following anti-spam measure to stop them.

smtpd_client_restrictions = reject_unknown_client_hostname


## 0. CLIENT
smtpd_client_restrictions =
## 1. HELO

Inspecting Handling Postfix Mail Queue

sudo -i
cat domain_co_uk.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > postfix_domain_co_uk.crt
cat domain_co_uk.key > postfix_domain_co_uk.key
cp -av postfix_domain_co_uk.crt /etc/ssl/certs/
cp -av postfix_domain_co_uk.key /etc/ssl/private/
postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/postfix_domain_co_uk.crt'
postconf -e 'smtpd_tls_key_file = /etc/ssl/private/postfix_domain_co_uk.key'
service postfix restart

Create Self-Signed SSL Certificate For Postfix In Ubuntu Linux

sudo -i
mkdir -p /etc/ssl/postfix/
cd /etc/ssl/postfix/
/usr/lib/ssl/misc/ -newca
/usr/lib/ssl/misc/ -newreq-nodes
/usr/lib/ssl/misc/ -sign
cp -av demoCA/cacert.pem /etc/ssl/certs/
postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt'
postconf -e 'smtpd_tls_cert_file = /etc/ssl/postfix/newcert.pem'
postconf -e 'smtpd_tls_key_file = /etc/ssl/postfix/newkey.pem'
postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
service postfix restart

Forward Postfix Email To Another Account

Interesting Scripts

Test Config Parameter

postconf soft_bounce

Performance Tuning

Set 20MB Mailbox Size Limit

sudo postconf -e message_size_limit=20480000
sudo service postfix reload

Postfix Virtual Mailbox ClamAV

Add ClamAV AntiVirus

sudo aptitude install -y -v clamav clamav-freshclam clamsmtp
sudo nano /etc/clamsmtpd.conf
OutAddress: 10026
User: clamav
sudo nano /etc/postfix/
content_filter = scan:
receive_override_options = no_address_mappings
sudo nano /etc/postfix/
# ClamAV    (the extra 2 spaces before each -o are needed!)
# AV scan filter (used by content_filter)
scan unix - - n - 16 smtp
  -o smtp_send_xforward_command=yes
  -o smtp_tls_security_level=none
# For injecting mail back into postfix from the filter inet n - n - 16 smtpd
  -o content_filter=
  -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
  -o smtpd_helo_restrictions=
  -o smtpd_client_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks_style=host
  -o smtpd_authorized_xforward_hosts=
  -o smtp_tls_security_level=none
chown -R clamav:clamav /var/run/clamsmtp/
chown -R clamav:clamav /var/spool/clamsmtp/
service clamav-freshclam restart
service clamav-daemon restart
service clamsmtp restart
service postfix restart

Each email message that is scanned will have the extra header...

X-Virus-Scanned: ClamAV using ClamSMTP

That's it! Enjoy your new safer email server :-)

Thanks -

Thanks -

Testing With EICAR

echo "Test virus body" | mutt -a -s "This is virus" --

You should see these lines in your mail log...

Oct  8 17:04:51 ip-172-31-21-171 postfix/smtp[8167]: 616E444220: to=<>, relay=[]:10025, delay=0.06, delays=0.01/0/0.05/0, dsn=2.0.0, status=sent (250 Virus Detected; Discarded Email)
Oct  8 17:04:51 ip-172-31-21-171 postfix/qmgr[7693]: 616E444220: removed
Oct  8 17:04:51 ip-172-31-21-171 clamsmtpd: 100009:,, status=VIRUS:Eicar-Test-Signature
Oct  8 17:04:51 ip-172-31-21-171 postfix/smtpd[8169]: disconnect from localhost[]

Thanks -

Anti Spam



Spam Reports

Download the script...

mkdir /root/bin
cd /root/bin
ln -s spamrep_today spamrep_yesterday

Edit as required...

Add to root's crontab...

@daily /root/bin/spamrep_yesterday |mutt -s "Spam Report" root@localhost

Secure Postfix


swaks --server localhost --to --from

Thanks -

Generate SMTP AUTH Username Password

perl -MMIME::Base64 -e 'print encode_base64("username\0username\0mypassword");'

HOWTO: Virtual Domains Address Redirecting Users Aliases

    virtual_alias_domains =
    virtual_alias_maps = hash:/etc/postfix/virtual

/etc/postfix/virtual: postmaster       joe         jane        jeff
    # Uncomment entry below to implement a catch-all address
    #         jim
postmap /etc/postfix/virtual
postfix reload

Thanks -

HOWTO: Log Information (Subject)

Install the package postfix-pcre.

Create a file with the regular expression to match, e.g. /etc/postfix/header_checks:

/^Subject:/ INFO

In your /etc/postfix/ add this to your configuration with a line like this:

header_checks = pcre:/etc/postfix/header_checks

Reload the configuration:

sudo service postfix reload

Thanks -


Per User Relay Transport Mapping

sudo postconf -e "transport_maps = hash:/etc/postfix/transport"

/etc/postfix/transport             local:             local:             local:

Please note that transport_maps override relayhost parameter. However, you can have a * line in your transport file as shown above.

sudo postmap /etc/postfix/transport
sudo postfix reload

Thanks -

Per Domain Transport Mapping

      In  order  to  deliver internal mail directly, while using a mail relay
      for all other mail, specify a null entry for internal destinations  (do
      not change the delivery transport or the nexthop information) and spec-
      ify a wildcard for all other destinations.

           my.domain    :
           .my.domain   :


mynetworks =
smtpd_recipient_restrictions =
  check_sender_access hash:/etc/postfix/sender_access
transport_maps = hash:/etc/postfix/transport

/etc/postfix/sender_access OK
localhost OK
localhost.localdomain OK


localhost :
localhost.localdomain : : smtp:[]   <-- this is where the magic happens :)
* smtp:[]:587

Thanks -

Thanks -

Old -

Multiple ISP Client SMTP Authentication

SMTP AUTHentication In Ubuntu Linux

It would be nice to be able to send email messages from your Ubuntu Linux computer, but most ISPs will not accept them, because of authentication restrictions. These instructions give them what they want...

Configure main configuration file...

sudo nano /etc/postfix/

Either add or edit the following with your required settings...

smtp_generic_maps = hash:/etc/postfix/generic
smtp_sasl_auth_enable = yes
relayhost = []
smtp_sasl_password_maps = hash:/etc/postfix/sasl/password
smtp_sasl_security_options = noanonymous

Create the SASL password file...

sudo nano /etc/postfix/sasl/password


Lock down permissions...

sudo chmod 0600 /etc/postfix/sasl/password

Hash the file...

sudo postmap hash:/etc/postfix/sasl/password

Create the Postfix generic maps file...

sudo nano /etc/postfix/generic


Hash the file...

sudo postmap hash:/etc/postfix/generic

Copy the supporting files to the Postfix working directory...

sudo cp -av /etc/hosts /var/spool/postfix/etc/
sudo cp -av /etc/services /var/spool/postfix/etc/
sudo cp -av /etc/localtime /var/spool/postfix/etc/
sudo cp -av /etc/resolv.conf /var/spool/postfix/etc/

Create the header checks file for later (with MailScanner)...

sudo touch /etc/postfix/header_checks

Start Postfix...

sudo postfix start

Install mailutils and mutt...

sudo aptitude install -y mailutils mutt

Send test email message...

     Subject: test

SMTP AUTHentication With STARTTLS Security Non Standard Port In Ubuntu Linux

sudo nano /etc/postfix/
          relayhost = []:587
          smtp_tls_security_level = may
sudo nano /etc/postfix/sasl_password
sudo postmap hash:/etc/postfix/sasl_password
sudo service postfix restart

If you receive the following error...

postfix/smtp: warning: SASL authentication failure: No worthy mechs found
postfix/smtp: status=deferred (SASL authentication failed; cannot authenticate to server: no mechanism available)

Then fix it with this...

sudo aptitude install libsasl2-modules
sudo service postfix restart

SMTP AUTHentication SERVER For Remote Clients


mydomain =
myhostname =
mynetworks =
alias_maps = hash:/etc/aliases
smtp_generic_maps = hash:/etc/postfix/generic
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
smtp_sasl_security_options = noanonymous
smtp_sasl_type = cyrus
smtp_tls_security_level = may
relayhost = []:587
inet_protocols = ipv4
header_checks = pcre:/etc/postfix/header_checks
smtpd_recipient_restrictions =
   check_sender_access hash:/etc/postfix/sender_access
transport_maps = hash:/etc/postfix/transport
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes


service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
    group = postfix        
auth_mechanisms = plain login

Restart the software...

sudo service dovecot restart
sudo service postfix restart

Thanks -

Thanks -

Thanks -

HOWTO: Add Various Options To The Config File


sudo -i
postconf -e "myorigin ="
postconf -e ""
postconf -e "relay_domains =,,"

Thanks -

HOWTO: Completely Remove Postfix From Debian Or Ubuntu

sudo aptitude remove postfix* --purge


HOWTO: Use Dovecot LDA

nano /etc/postfix/
mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"

Main Email Hostname

nano /etc/mailname



sudo nano /etc/postfix/

inet_protocols = ipv4 # Add this line to the file

Bind Postfix Mail Server To Localhost or Specific IP Address Only

Edit /etc/postfix/ and put the following...

inet_interfaces =





sudo postfix flush

Delete A Single Message In The Mail Queue

mailq (to get ID of message)
sudo postsuper -d GH123459706X

Delete All Messages In The Mail Queue

sudo postsuper -d ALL

Reload Postfix Configuration

sudo postfix reload

Restart Postfix

sudo service postfix restart


warning: dict_nis_init: NIS domain name not set - NIS lookups disabled

Add the following line to /etc/postfix/

alias_maps = hash:/etc/aliases

Run the alias mapping tool...

sudo newaliases

Restart Postfix...

sudo service postfix restart

ERROR: Name service error for Host not found, try again

If you get this error in /var/log/mail/info it might be because your /var/spool/postfix/etc/resolv.conf is wrong. If you look in /var/log/mail/warnings and sees

warning: /var/spool/postfix/etc/resolv.conf and /etc/resolv.conf differ you should copy /etc/resolv.conf to /var/spool/postfix/etc/ .

The error comes because you run postfix as chroot and postfix can then only see files in /var/spool/postfix/ . During install postfix takes a copy of /etc/resolv.conf and place it in its own directory.

There could be more errors than that. Check /var/log/mail/warnings and /var/log/mail/errors and make sure you have verified all files. In case of more trouble run the command postfix check.

You could also get error messages like:

postfix/postfix-script: warning: /var/spool/postfix/etc/localtime and /etc/localtime differ postfix/postfix-script: warning: /var/spool/postfix/etc/services and /etc/services differ Which implies that /etc/localtime and /etc/services should be copied. Before doing anything check what the difference of the files is.

postdrop: warning: unable to look up public/pickup: No such file or directory

/etc/init.d/sendmail stop
update-rc.d -f sendmail remove
update-rc.d postfix defaults
/etc/init.d/postfix start