autoupdate

[postfix-master.git] / postfix-master / basic.html

<html>

<head>

<title> Postfix Configuration - Basics </title>

<META NAME="ROBOTS" CONTENT="NOINDEX,NOFOLLOW">
</head>

<body background="obsolete.gif">

<h1><a href="big-picture.html"><img src="small-picture.gif" width="115" height="45"></a> Postfix Configuration - Basics </h1>

<hr>

<p> <strong> Note: this web page is no longer maintained. It exists
only to avoid breaking links in web pages that describe earlier
versions of the Postfix mail system. </strong> </p>

<a href="docs.html">Up one level</a> | Basic Configuration | <a
href="uce.html">UCE Controls</a> | <a href="rate.html"> Rate
Controls</a> | <a href="resource.html"> Resource Controls</a> | <a
href="rewrite.html"> Address Manipulation </a>

<h2> Introduction </h2>

Postfix has several hundred configuration parameters that are controlled
via the <b>main.cf</b> file.  Fortunately, they have sensible
default values.  In most cases, you need to configure only two or
three parameters before you can use the Postfix mail system:

<ul>

<li> <a href="#myorigin"> What domain to use in outbound mail </a>

<p>

<li> <a href="#mydestination"> What domains to receive mail for
</a>
<p>

<li> <a href="#relaying"> What clients to relay mail for </a>

</ul>

The default values for many other configuration parameters are
derived from just these.

<p>

The next parameter of interest controls the amount of mail sent
to the local postmaster:

<ul>

<li> <a href="#notify"> What trouble to report to the postmaster
</a>

</ul>

<p>

Be sure to set the following correctly if you're behind a proxy or
network address translator, and you are running a backup MX host
for some other domain:

<p>

<ul>

<li> <a href="#proxy_interfaces"> Proxy/NAT network addresses </a>

</ul>

By the way, if you change parameters of a running Postfix system,
don't forget to issue a <b>postfix reload</b> command.

<p>

If you run Postfix on a virtual network interface, or if your
machine runs other mailers on virtual interfaces, you'll have to
look at the other parameters listed here as well:

<ul>

<li> <a href="#myhostname"> My own hostname </a>

<p>

<li> <a href="#mydomain"> My own domain name </a>

<p>

<li> <a href="#mynetworks"> My own networks </a>

<p>

<li> <a href="#inet_interfaces"> My own network addresses </a>

</ul>

<a name="myorigin"> <h2> What domain to use in outbound mail </h2> </a>

The <b>myorigin</b> parameter specifies the domain that appears in
mail that is posted on this machine. The default is to use the
local machine name, <b><a href="#myhostname"> $myhostname</a>, </b>
which defaults to the name of the machine. Unless you are running
a really small site, you probably want to change that into <b><a
href="#mydomain"> $mydomain</a>,</b> which defaults to the parent
domain of the machine name.

<p>

For the sake of consistency between sender and recipient addresses,
<b>myorigin</b> also specifies the default domain name that is
appended to an unqualified recipient address.

<p>

<dl>

<dt> Examples:

<p>

<dd> <b>myorigin = $myhostname</b> (default)

<dd> <b>myorigin = $mydomain</b> (probably desirable)

</dl>

<a name="mydestination"> <h2> What domains to receive mail for
</h2> </a>

The <b>mydestination</b> parameter specifies what domains this
machine will deliver locally, instead of forwarding to another
machine. The default is to receive mail for the machine itself.

<p>

You can specify zero or more domain names, <i>/file/name</i> patterns
and/or <i>type:name</i> lookup tables, separated by whitespace
and/or commas.  A <i>/file/name</i> is replaced by its contents;
<i>type:name</i> requests that a table lookup is done.

<p>

If your machine is a mail server for its entire domain, you must
list <b>$mydomain</b> as well.

<p>

<dl> Examples:

<p>

<dl>

<dt> Default setting:

<dd> <b>mydestination = $myhostname localhost.$mydomain</b>

<p>

<dt> Domain-wide mail server:

<dd> <b>mydestination = $myhostname localhost.$mydomain $mydomain
</b>

<p>

<dt> Host with multiple DNS A records:

<dd> <b>mydestination = $myhostname localhost.$mydomain www.$mydomain
ftp.$mydomain</b>

</dl>

<p>

Caution: in order to avoid mail delivery loops, you must list all
hostnames of the machine, including $myhostname, and localhost.$mydomain.

</dl>

<a name="relaying"> <h2> What clients to relay mail for </h2> </a>

By default, Postfix will relay mail for clients in authorized
networks.

<p>

Authorized client networks are defined by the <a
href="#mynetworks">mynetworks</a> parameter. The default is to
authorize all clients in the IP subnetworks that the local machine
is attached to.

<a name="notify"> <h2> What trouble to report to the postmaster
</h2> </a>

You should set up a <b>postmaster</b> <a
href="rewrite.html#aliases">alias</a> that points to a human person.
This alias is required to exist, so that people can report mail
delivery problems.

<p>

The Postfix system itself also reports problems to the postmaster
alias. You may not be interested in all types of trouble reports,
so this reporting mechanism is configurable. The default is to
report only serious problems (resource, software) to postmaster:

<p>

<dl>

<dt> Default:

<dd> <b>notify_classes = resource, software</b>

<p>

<dt>The meaning of the classes is as follows:

<p>

<dl>

<dt> <b>bounce</b> <dd> Send postmaster copies of undeliverable
mail.  If mail is undeliverable, a so-called single bounce message
is sent, with a copy of the message that was not delivered. For
privacy reasons, the postmaster copy of a single bounce message is
truncated after the original message headers.  If a single bounce
message is undeliverable, the postmaster receives a double bounce
message with a copy of the entire single bounce message.  See also
the <a href="rewrite.html#luser_relay"> luser_relay</a> feature.

<p>

<dt> <b>2bounce</b> <dd> Send double bounces to the postmaster.

<p>

<dt> <b>delay</b> <dd> Inform the postmaster of delayed mail.
In this case, the postmaster receives message headers only.

<p>

<dt> <b>policy</b> <dd> Inform the postmaster of client requests
that were rejected because of (UCE) policy restrictions.  The
postmaster receives a transcript of the entire SMTP session.

<p>

<dt> <b>protocol</b> <dd> Inform the postmaster of protocol errors
(client or server side) or attempts by a client to execute
unimplemented commands. The postmaster receives a transcript of
the entire SMTP session.

<p>

<dt> <b>resource</b> <dd> Inform the postmaster of mail not delivered
due to resource problems (for example, queue file write errors).

<p>

<dt> <b>software</b> <dd> Inform the postmaster of mail not delivered
due to software problems.

</dl>

</dl>

<a name="proxy_interfaces"> <h2> Proxy/NAT network addresses </h2> </a>

The <b>proxy_interfaces</b> parameter specifies all network addresses
that the Postfix receives mail on by way of a proxy or network
address translation unit. You may specify symbolic hostnames instead
of network addresses.

<p>

You must specify your proxy/NAT addresses when your system is a
backup MX host for other domains, otherwise mail delivery loops
will happen when the primary MX host is down.

<p>

<dl>

<dt> Examples:

<p>

<dl>

<dt> Default:

<dd> <b>proxy_interfaces = </b>

<p>

<dt> Host running backup MTA:

<dd> <b>proxy_interfaces = 1.2.3.4</b> (the proxy/NAT network address)

</dl>

</dl>

<a name="myhostname"> <h2> My own hostname </h2> </a>

The <b>myhostname</b> parameter describes the fully-qualified domain
name of the machine running the Postfix system.  <b> $myhostname</b>
appears as the default value in many other Postfix configuration
parameters.

<p>

By default, <b>myhostname</b> is set to the local machine name.
If your machine name is not in fully-qualified domain name form,
or if you run Postfix on a virtual interface, you will have to
specify the fully-qualified domain name that the mail system
should use.

<dl>

<dt> Examples:

<p>

<dd> <b>myhostname = host.local.domain</b> (local hostname is not
FQDN)

<dd> <b>myhostname = host.virtual.domain</b> (virtual interface)

<dd> <b>myhostname = virtual.domain</b> (virtual interface)

</dl>

<a name="mydomain"> <h2> My own domain name </h2> </a>

The <b>mydomain</b> parameter specifies the parent domain of
<b>$myhostname.</b>  By default it is derived from <b> $myhostname</b>
by stripping off the first part (unless the result would be a
top-level domain).

<dl>

<dt> Examples:

<p>

<dd> <b>mydomain = local.domain</b>

<dd> <b>mydomain = virtual.domain</b> (virtual interface)

</dl>

<a name="mynetworks"> <h2> My own networks </h2> </a>

The <b>mynetworks</b> parameter lists all networks that this machine
somehow trusts. This information can be used by the <a
href="uce.html#smtpd_recipient_restrictions"> anti-UCE</a> features
to recognize trusted SMTP clients that are allowed to relay mail
through Postfix.

<p>

You can specify the list of trusted networks in the <b>main.cf</b>
file, or you can let Postfix deduce the list for you. The default
is to let Postfix do the work for you.

<p>

<dl>

<dt> Default:

<dd> <b>mynetworks_style = subnet</b>

<p>

<dt>The meaning of the styles is as follows:

<p>

<dl>

<dt> <b>class</b> <dd> Trust SMTP clients in the class A/B/C networks
that Postfix is connected to. <b>Don't do this with a dialup site
- it would cause Postfix to "trust" your entire provider's network.
Instead, specify an explicit mynetworks list by hand, as described
below</b>.

<p>

<dt> <b>subnet</b> (default) <dd> Trust SMTP clients in the IP
subnetworks that Postfix is connected to.

<p>

<dt> <b>host</b> <dd> Trust only the local machine.

</dl>

</dl>

<p>

Alternatively, you can specify the <b>mynetworks</b> list by hand,
in which case Postfix ignores the <b>mynetworks_style</b> setting.
To specify the list of trusted networks by hand, specify network
blocks in CIDR (network/mask) notation, for example:

<p>

<dl>

<dd> <b>mynetworks = 168.100.189.0/28, 127.0.0.0/8</b>

</dl>

<p>

You can also specify the absolute pathname of a pattern file instead
of listing the patterns in the <b>main.cf</b> file.

<a name="inet_interfaces"> <h2> My own network addresses </h2> </a>

The <b>inet_interfaces</b> parameter specifies all network interface
addresses that the Postfix system should listen on; mail addressed
to <i>user</i>@[<i>network address</i>] will be delivered locally,
as if it is addressed to a domain listed in <b> $mydestination.
</b>

<p>

The default is to listen on all active interfaces.  If you run
mailers on virtual interfaces, you will have to specify what
interfaces to listen on. 

<p>

You even have to specify explicit machine interfaces for the
non-virtual mailer that receives mail for the machine itself: the
non-virtual mailer should never listen on the virtual interfaces
or you would have a mailer loop.

<dl>

<dt> Examples:

<p>

<dl>

<dt> Default:

<dd> <b>inet_interfaces = all</b>

<p>

<dt> Host running virtual mailers:

<dd> <b>inet_interfaces = virtual.host.tld</b> (virtual domain)

<dd> <b>inet_interfaces = $myhostname localhost.$mydomain</b>
(non-virtual mailer)

</dl>

</dl>

<p>

<b>Note: you need to stop and start Postfix when this parameter changes.</b>

<hr>

<a href="docs.html">Up one level</a> | Basic Configuration | <a
href="uce.html">UCE Controls</a> | <a href="rate.html"> Rate
Controls</a> | <a href="resource.html"> Resource Controls</a> | <a
href="rewrite.html"> Address Manipulation </a>

</body>

</html>