Home > Articles > Security > Network Security

  • Print
  • + Share This

Trying Postfix On for Size

If you are not comfortable with compiling programs from source, there are many options available to you to still evaluate using Postfix. You can install a UNIX or Linux distribution that has binaries already compiled. Some common distributions are described below.

Debian GNU/Linux

Debian GNU/Linux (http://www.debian.org/) is a non-commercial, community-based Linux distribution. It is unique in the fact that the Debian community is entirely made up of volunteers who contribute to the project. The distribution differentiates itself from others in that it is extremely polished and stable; and has strict policies governing the packaging system so that you have a configured, functioning system rather than just installed software that you must still learn to configure. Debian's dselect and apt-get utilities, which manage their .deb package format, handle all the necessary software dependencies, and are unrivaled compared to any other UNIX/Linux offering—including commercial Unices.

Postfix is available to be installed either during installation, or afterwards using the dselect or apt-get package management utilities. In the more recent Woody (currently in testing) and Sid (unstable) releases, there are multiple flavors of Postfix, including preconfigured LDAP and MySQL varieties, as well as the TLS/SSL-enhanced version of Postfix. This is quite convenient because the TLS/SSL patch is not part of the main Postfix code base. The Debian package maintainer has spent the time and effort to retrieve the source, the TLS/SSL patch, and integrated and tested the package as a whole before making it available for use.

One caveat to keep in mind is that due to the way that Postfix is designed, it does a lot of synchronous directory operations when delivering email. This does not seem to be an issue with the default Linux file system ext2 or its close journaling relative ext3. The large number of synchronous directory operations seems to cause problems with some of the other newer journaled file systems, notably reiserfs, in both the Linux 2.2 and 2.4 series kernels. Until the newer Linux journaling file systems have stabilized (not currently verified in the Linux 2.4.16 kernel), your best bet is to continue to use either ext2 or ext3. If you wish to use reiserfs, XFS, or JFS, you should first verify proper operation by visiting the Postfix mailing list archives.

OpenBSD, FreeBSD, and NetBSD

The ports collection that provides additional software for the various BSD flavors is quite easy to use. Although the BSD ports collection usually requires you to compile and install from source, the process is highly automated and will resolve any missing software dependencies for you. Normally all that is required is a "make install" in the appropriate ports directory. Please check with your Makefile options because there may be multiple flavors available, such as stable or snapshot. Additionally, stable and snapshot may have flavors such as Perl Compatible Regular Expressions (PCRE), Simple Authentication and Security Layer (SASL), and LDAP map support.

Recent BSD system releases include a "postfix-enable" script that allows the system administrator to easily toggle your system back and forth between using Postfix and Sendmail as the system MTA. This script modifies the /etc/mailer.conf file that is used by the mailwrapper utility. The mailwrapper script is normally symbolically linked as /usr/sbin/sendmail, which most local MUAs would invoke manually. The mailwrapper script provides command-line mapping between standard Sendmail commands and those required by an alternative MTA. The mailwrapper script allows the BSD systems to essentially just plug in a replacement MTA with the appropriate links and command-line invocations. This makes testing Postfix or other alternative MTAs on the BSD platforms painless.

Additionally, the file system caveat for Linux does not apply to the BSD's default UFS file system. The modern BSD UFS file system is really the UNIX File System and Fast File System. Most modern BSD releases also have an alternative to the popular journaling file systems on Linux—Softupdates. The BSD UFS+Softupdates is performance-matched to modern MTAs such as Postfix that use a high number of synchronous directory operations to obtain robust, high-capacity mail delivery.

From Source

The source for Postfix can be retrieved from any of the mirrors listed on the Postfix Web site http://www.postfix.org/ftp-sites.html. There are two releases normally available: the official release series, and the experimental release series. The difference is that the experimental release has new features that have been added, but not yet tested enough to the satisfaction of the development team to be deemed production-ready. This does not mean that the experimental releases are necessarily unstable or broken; they just have not been as rigorously tested as the features in the official releases.

Although the compilation process and resolving software dependencies is beyond the scope of this article, I can point out some of the more mainstream features you may want to enable:

  • SASL, Simple Authentication and Security Layer, is used by Postfix to provide SMTP Authentication. Information can be found in the SASL_README file in the source archive.

  • Content Filtering can be used to run all email through email antivirus-scanning programs, or simpler scripts to prevent your mail server to be a source or recipient of email-born worms and viruses. Information can be found in the FILTER_README file in the source archive.

  • VERP, Variable Envelope Return Path, is mainly used by list managers to process bounced messages without having to read through the bounce message body. Information can be found in the VERP_README file in the source archive.

  • ETRN, defined in RFC-1985 (http://www.rfc-editor.org/rfc/rfc1985.txt), provides a mechanism for delivering email to sites that are not permanently connected to the Internet. Information can be found in the ETRN_README file in the source archive.

  • Virtual Delivery Agent is designed for ISPs who host email accounts but have no real local users. This delivery agent disables much of the Sendmail compatibility, such as .forward and aliases, but may be of interest to those sites that do not require that type of functionality. Information can be found in the VIRTUAL_README file in the source archive.

  • LDAP and MySQL table-lookup back-ends. If you wish to use corporate LDAP or MySQL repositories to hold your Postfix lookup information rather than local databases, you can configure Postfix to retrieve table lookups from those sources. This is useful if you have multiple SMTP servers that all need consistent tables. Information can be found in the LDAP_README and MYSQL_README files in the source archive.

Writing documentation is never a glamorous task to do, but well-written documentation is always appreciated by those eager to evaluate a new program. Postfix has good documentation, and is not bereft of features. Be sure to read through the documentation to discover those features Postfix makes available to ease your mail administration.

  • + Share This
  • 🔖 Save To Your Account

Related Resources

There are currently no related titles. Please check back later.