Postfix on Linux

What is Postfix?

• E-mail is easily the most popular and important Internet service today, which has made it a popular target of cybercriminals and spam-happy miscreants. • It facilitates us to communicate easily and effectively.

Introduction (cont.)
• Internet e-mail is built from several standards and protocols that define how messages are composed and transferred from a sender to a recipient. There are many different pieces of software involved, each one handling a different step in message delivery. Postfix handles only a portion of the whole process. Most e-mail users are only familiar with the software they use for reading composing messages, known as a Mail User Agent (MUA). Examples of some common MUAs include Pine, Netscape Communicator and Outlook Express. MUAs are good for reading and composing e-mail messages, but they don't do much for mail delivery. That's what Postfix fits in.

What is a Mail Transfer Agent -MTA? • MTAs move e-mail from one host or network to another.) that move mail between post offices. from an MTA to a local user's mailbox. which move mail within a system (i. trains. or from a mailbox to a file or directory).. Mail Delivery Agents are like the letter-carriers who distribute the mail to their destination mail boxes. . In other words.e. etc. MTAs are like the mail trucks (and airplanes. These are in contrast to Mail Delivery Agents.

including POP. (There is no reallife simile for these. and IMAP clients for retrieving e-mail from remote systems. unless your mail is handed to you each day by a minion whose sole duty is to check your mail box now and then!) But we're not concerned with these or with MDAs.) • In addition to MTAs and MDAs. POP3. except to mention how they relate to MTAs. there are also various kinds of e-mail readers.What is a Mail Transfer Agent (cont. . or MUAs. These are also known as Mail User Agents.

provides an alternative to send mail that is simpler in design. • This mail transfer agent postfix. Equally important. • Postfix is the default MTA for a number of Unix(like) operating systems such as Ubuntu Linux. it's been designed with scalability.What is Postfix? • Postfix is a free open source mail transfer agent (MTA). more modular. . easier to configure and less work to administer. reliability and sound security as fundamental requirements. a computer program for the routing and delivery of email.

) • Postfix is a Mail Transfer Agent and it is the default Mail Transfer Agent (MTA) for Ubuntu. It was released by the end of 1998 as the IBM Secure Mailer. while at the same time being send mail compatible enough to not upset existing users. which means that it receives security updates. This is supporting LDAP. but the inside is completely different. SMTP AUTH (SASL). Thus. SMTP AUTH (trough cyrus-sasl) and TLS. From then on it has lived on as Postfix.What is Postfix? (cont. rebuild the srpm --with mysql. It is in Ubuntu's main repository. Postfix attempts to be fast. Postfix is Wietse Venema's mailer that started life as an alternative to the widely-used Send mail program. the outside has a sendmail-ish flavor. easy to administer. and secure. This software was formerly known as VMailer. If you need MySQL too. . This rpm supports LDAP. and TLS and running in a chroot environment.

Watson Research Center.Founder of Postfix • POSTFIX was originally written by Wietse Venema during a stay at the IBM Thomas J. and TCP Wrapper. • Dr. . such as SATAN and The Coroner's Toolkit. Wietse Zweitze Venema (born 1951) is a Dutch programmer and physicist best known for writing the Postfix mail system. Postfix was first released in mid-1999. He has also written numerous other security related tools. both in co-operation with Dan Farmer.

Wietse Zweitze Venema .Dr.

and spent part of this time ` writing tools for Electronic Data Interchange. .S. graduating with a PhD. Since emigrating to the U. in 1996 he has been working for the IBM Thomas J.• He studied physics at the University of Groningen. He spent 12 years at Eindhoven University as a systems architect in the Mathematics and Computer Science department. Watson Research Center in New York.

• Security Summit Hall of Fame Award (July 1998) • SAGE Outstanding Achievement Award (November 1999) • NLUUG Award (November 2000) • Sendmail Milter Innovation Award (November 2006) .He was awarded in many awards such as.

2008 Cross-platform Mail transfer agent IBM Public License .postfix.3 / July 29.5.Developed by Wietse Venema and many others Latest release 2.6-20080726 / July 26. 2008 Preview release OS Type License Website 2.

Structure •How Postfix receives mail •How Postfix delivers mail From Postfix page .

Receives Delivers .

How Postfix receives mail trivialrewrite(8) Network -> smtpd(8) \ Network -> qmqpd(8) -> / pickup(8) <maildrop ^ | ^ | | v cleanup(8) -> incoming Local -> sendmail(1) -> postdrop(1) From Postfix page .

From Postfix page .How Postfix receives mail Network -> Network -> smtpd(8) \ cleanup(8) qmqpd(8) -> smtpd(8) or qmqpd(8) servers :• • • • • enter Network mail to postfix. recipients and message content to the cleanup(8) server. give the sender. remove the SMTP or QMQP protocol encapsulation. block unwanted mail. enforce some sanity checks to protect Postfix.

From Postfix page .How Postfix receives mail cleanup(8) / pickup(8) <maildrop ^ | Local -> sendmail(1) -> postdrop(1) sendmail(1) compatibility command :• receive Local submissions.

pickup(8) server :• picks up local submissions. • enforces some sanity checks to protect Postfix.maildrop queue :• queued Local submissions by the privileged postdrop(1) command. recipients and message content to the cleanup(8) server. From Postfix page . • gives the sender.

From Postfix page . qmqpd(8) and pickup(8).domain" form.trivialrewrite(8) ^ | | v cleanup(8) -> incoming cleanup(8) server :• Accept mails from smtpd(8). trivial-rewrite(8) server :• rewrites addresses to the standard "user@fully. • implements the final processing stage before mail is queued. • Accept Mail from internal sources.qualified.

command -> Network -> Network From Postfix page .virtual(8) \ pipe(8) -> Command -> File smtp(8) / .local(8) -> File.lmtp(8) / .How Postfix delivers mail trivialrewrite(8) ^ | | v incoming -> active ^ | | v deferred -> qmgr(8) \ .

active queue :• maintains by the queue manager with the messages that it has opened for delivery. virtual(8). lmtp(8). • sends a delivery request for one or more recipient addresses. • prevents the queue manager from running out of memory under heavy load.qmgr(8) (queue manager ) :• This is the heart of Postfix mail delivery. . local(8). discard(8) and error(8) delivery agents :• discard or bounce all mail. • It contacts the smtp(8). discard(8) or error(8) delivery agents. • acts as a limited window on potentially large incoming or deferred queues. pipe(8).

deferred queue :• maintains by queue manager for mail that cannot be delivered. mail for such recipients is returned to the sender with an explanation. trivial-rewrite(8) server :• resolves each recipient address according to its local or remote address class. . • recipients whose address has changed.

As before. . names followed by a number are Postfix commands or server programs. while unnumbered names inside shaded areas represent Postfix queues.Behind the scene These server processes rely on other server processes that do things behind the scenes.

– The bounce. – The scache server maintains the connection cache for the Postfix smtp cleint.– The resident master server is the supervisor that keeps an eye on the well-being of the Postfix mail system. defer and trace services each maintain their own queue directory trees with permessage log files. . – The proxy map servers provide read-only and read-write table lookup service to Postfix processes.

connection caching can help to skip over a nonresponding server.When delivering mail to a destination with multiple mail servers. and thus dramatically speed up delivery. .

» » » » Mail drop queue.Postfix Queue • A key contributor to the stability and the speed of postfix is the intelligent way in which it queues mail. Active queue. Incoming queue. 27 . Deferred queue. • Postfix uses four different queues.

the mail is checked for proper formatting and fixed if necessary. • Then it is handed to the Incoming queue. Mail Drop queue Incoming queue Mail 28 . • In this queue.Mail drop queue • Mail that is delivered locally on the system is accepted in the Mail drop queue.

29 .Incoming queue •The Incoming queue receives mail from other hosts. clients or the Mail drop queue. • As long as e-mail is still arriving and as long as postfix hasn't really handled the e-mail. this queue is the place where the e-mails are kept.

•This queue has a limited size. •That means e-mail in the Incoming and deferred queues have to wait until the Active queue can accept them. 30 . and messages will be accepted only if there is space for them.Active queue •The Active queue is the queue that is used to actually deliver messages and therefore has the greatest potential risk of something going wrong.

•This also enhances stability of the mail.Deferred queue •E-mail that cannot be delivered is placed in the deferred queue. 31 . •This prevents the system from continuously trying to deliver e-mail and keeps the Active queue as short as possible in order to give newer messages priority.

•Retry is scheduled with an increasing waiting time. •The system keeps track of retry history. all the e-mail for that domain is placed in the deferred queue. the e-mail is again placed in the Active queue for delivery.Deferred queue continued… •If the MTA cannot reach a domain. so that those messages will not needlessly monopolize system resources. When the waiting time expires. 32 .

Mail drop queue Incoming queue Active queue Mail Deferred queue 33 .

•Postfix Reload. •Postfix Stop. 34 . postfix stop and postfix reload.This command will start the postfix. If you already not installed postfix.This command will stop postfix through the action. terminal will display an error.Postfix Commands •The most common invocations of the postfix command are postfix start.This will reload its configuration files without stopping and restarting. •Postfix Start.

• subhash@subhash-laptop:/root$ postfix start subhash@subhashThe program 'postfix' is currently not installed • You can install it by typing: – sudo apt-get install postfix apt- 35 .

•Postlock.Maintains Postfix alias databases.Displays the contents of Postfix queue files. •Postcat.Postfix Commands continued… •There are also some other commands. 36 .Makes some internal communication channels available for use in.This will immediately attempt to send all queued messages. •Postkick. •Postfix flush.Provides Postfix-compatible mailbox locking for use in. •Postalias.

Features of Postfix Security Simplicity Compatability Robustness Stability .

Before queue. built-in. heavy-weight 3. Before queue. light-weight 2. external. After queue. external.Postfix Content Inspection Postfix supports three content inspection methods 1. mediumweight .

Certain Limitations Content Inspection Software must finish in a limited amount of time Content Inspection Software must run in a limited amount of memory Befor queue inspection limits the sophistication of the content filter that you can use .

LDAP No No Yes Yes Yes ? .Comparison of mail servers SMTP POP APO File P syst em Yes No MS Yes ? Ex: Serv Net Yes Mail Post Yes fix Yes Yes Yes Data LDA Oth bas P er e No Yes Active Directo ry Yes Yes eDirect ory.

CRAMMD5. SASL LOGIN .Surg e Mail Win Gate Yes ? ? Yes Yes Yes ? Yes Yes Yes Yes Yes No NT Domain . SASL PLAIN. Active Director y.

Feature comparison Lin ux Wi nd ow s Yes M SM PO IM SM P o NN SSL W ac TP P3 AP : TP eb : OS TLS TLS m X ail No Yes Yes Yes Yes Yes Yes Yes Yes MS Ex: Ser No Pro prie tary Net Mail Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes Pro prie tary Op en sour ce Yes Postfix No Yes Yes No No Yes No No Yes No .

g m ail Se nd m ail Sp ar k En gi ne Yes No Yes Yes Yes No No No ? No No Publi c dom ain Yes No Yes Yes No No Yes No No No No Ope n sour ce/IB M Publi c Lice nse Yes Yes Yes Yes No No Yes No No Yes No Propr ietar y .

Conclusion • is a Mail Transfer Agent • use to route email • simple to configure • Highly respect by expert for its secure design & facts • Use to troubleshooting .

Thank you .