Fine-tuning a Postfix Configuration

Activating the Built-in Tiger Postfix Mail Server

Many Unix and Unix-like distributions ship with sendmail as the primary message transfer agent (MTA). Apple has instead chosen to shift Mac OS X to the Postfix server, often considered to be superior to the sendmail monstrosity. To quote the author of Postfix:

Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmailish flavor, but the inside is completely different.

Many people are hesitant to move away from mainstream software such as sendmail, but Postfix has gained a following as one of the easiest and most stable Unix SMTP servers available. Better yet, it installs as a drop-in sendmail replacement, meaning that any other software or scripts that rely on sendmail (such as CGI scripts) can use it to function without additional modifications. Postfix supports Mac OS X, integrates with NetInfo, and is much easier to configure than sendmail.

Assuming that you've decided to create a mail server, the first step is to turn on the server application itself. Tiger includes the Postfix software, but it is not activated when the system first boots.

To configure Postfix startup, you'll need to add a new StartupItem to the system. First open the file /etc/hostconfig in your favorite text editor. Add a line that reads MAILSERVER=-YES-:

 AFPSERVER=-NO- MAILSERVER=-YES- AUTHSERVER=-NO- AUTOMOUNT=-YES- CUPS=-AUTOMATIC- ... 

Next, you'll need to restore the Postfix StartupItem files removed from Tiger. Create a new directory, /System/Library/StartupItems/Postfix. Add two files to this directory. The first, Postfix, should hold these contents:

 #!/bin/sh . /etc/rc.common StartService () {     if [ "${MAILSERVER:=-NO-}" = "-YES-" ]; then             ConsoleMessage "Starting mail services"             /usr/sbin/postfix start     fi } StopService () {         ConsoleMessage "Stopping Postfix mail services"         /usr/sbin/postfix stop } RunService "$1" 

The second file, StartupParameters.plist, should be edited to contain:

 {   Description   = "Postfix mail server";   Provides      = ("SMTP");   Requires      = ("Resolver");   Uses          = ("Network Time", "NFS");   Preference    = "None";   Messages =   {     start = "Starting Postfix";     stop  = "Stopping Postfix";    }; } 

Finally, in order for Tiger to recognize the StartupItem, you'll need to set the owner and group of the files to root and wheel, respectively with an absolute mode of 755:

 brezup:jray jray $ sudo chown -R root:wheel /System/Library/StartupItems/Postfix brezup:jray jray $ sudo chmod -R 755 /System/Library/StartupItems/Postfix  

Configuring Basic Host Settings

When you reboot your Tiger computer, Postfix starts and runs under the user ID postfix. (You can also start it at any time by typing sudo /usr/sbin/postfix start.) Before you do, however, you still need to make a few more changes before the software will run correctly.

Edit the /etc/postfix/main.cf file now. To get up and running quickly, you need to tell Postfix what your server's hostname and domain are by using the mydomain and myhostname directives.

Look for the myhostname and mydomain lines, both of which are initially commented out with the # character. Uncomment both of the lines and change them to accurately reflect the state of your server and network. For example, my server is mail.poisontooth.com on the domain poisontooth.com. Thus, my mail.cf file contains the following (noncontiguous) lines:

 myhostname = mail.poisontooth.com mydomain = poisontooth.com 

Removing Apple's Limitations

Apple has intentionally included several lines at the end of the main.cf file that limit the capabilities of the Postfix server if it is activated. This is out of concern for security, but given that you've chosen to run a mail server, you should be willing to accept the obvious risks.

To remove the blocks, scroll to the end of the main.cf file and look for the lines which look similar to this:

 # THE FOLLOWING DEFAULTS ARE SET BY APPLE # # bind to localhost only # #inet_interfaces = localhost # turn off relaying for local subnet # #mynetworks_style = host # mydomain_fallback: optional domain to use if mydomain is not set and # myhostname is not fully qualified.  It is ignored if neither are true. # mydomain_fallback = localhost # The mailbox_size_limit parameter controls the maximal size of a # mailbox or maildir file (in fact, it limits the size of any file # that is written to upon local delivery) The default is 50 MBytes. # This limit must not be set smaller than the message size limit. # #mailbox_size_limit = 0 

Comment out all the directives except for mydomain_fallback = localhost as shown in this example. If these lines are not commented out, Postfix will only run on the localhost interface, accept email only from itself, and have a mailbox size of zero not a very effective server. Save main.cf after you've made your changes.

Verifying the Postfix Setup

Your Postfix servershould now be ready to run. To verify the configuration, run sudo /usr/sbin/postfix check to test for errors in your setup. Start the server itself by rebooting or typing sudo /usr/sbin/postfix start.

 brezup:jray jray $ sudo /usr/sbin/postfix start postfix/postfix-script: starting the Postfix mail system 

Verify that Postfix is running by telneting to port 25 on your server computer. Use the QUIT SMTP command to exit:

 brezup:jray jray $ telnet localhost 25 Trying 127.0.0.1... Connected to localhost.poisontooth.com. Escape character is '^]'. 220 client1.poisontooth.com ESMTP Postfix QUIT 

Assuming that your system responds similarly, everything has gone according to plan, and you're ready to fine-tune the Postfix system. For simple setups, this might be as far as you need to go. Postfix automatically configures itself to relay for only those machines on the same class subnet to which you're connected. All others are denied.

Congratulations. Your computer is now running an enterprise-class SMTP server.