RHCE--postfix--main.cf

Back up this file and open it in a text editor. There are several things that you should configure in this file to get it working. Properly configured, the changes should limit access to the local system and network. This section also describes the function of other active directives, based on the default version of the file. First, Postfix queues, which include e-mail that has yet to be sent, or e-mail that has been received, can be found in the queue_directory:

queue_directory = /var/spool/postfix

The following directory is a standard. It describes the location of most Postfix commands.

command_directory = /usr/sbin

Postfix includes a substantial number of executable files, for configuration in the master.cf file. The daemon_directory directive specifies their location:

daemon_directory = /usr/libexec/postfix

Postfix includes writable data files in the following directory; it normally includes a master.lock file with the PID of the Postfix daemon:

data_directory = /var/lib/postfix

As defined in the comments of the main.cf file, some files and directories should be owned by the root administrative user; others should be owned by the specified mail_owner. In the /etc/groups file, you can confirm that there’s a dedicated group named postfix, which is also part of the group named mail.

mail_owner = postfix

While Postfix works for the local system “out of the box,” more has to be done to get it working for a network. To that end, you’ll need to activate and modify the following myhostname directive to point to the name of the local system. For example, you might change the entry

#myhostname = host.domain.tld

to an alternative like

myhostname = server1.example.com

While an SMTP server is located on a specific system, normally such SMTP servers are configured for an entire network. That’s configured with the mydomain directive. To that end, you should change the following comment:

#mydomain = domain.tld

to reflect the domain name or IP network address of the local network:

mydomain = example.com

Normally, you’d just uncomment the following myorigin directive, to label e-mail addresses coming from this Postfix server with an origination domain. In this case, the origination domain is example.com:

myorigin = $mydomain

By default, the following active directive limits the scope of the Postfix service to the local system.

#inet_interfaces = all
inet_interfaces = localhost

In most cases, you’d change the active directive so that Postfix listens on all active network cards:

inet_interfaces = all
#inet_interfaces = localhost

Normally, Postfix listens on both IPv4 and IPv6 networks, based on the following inet_protocols directive:

inet_protocols = all

The mydestination directive specifies the systems served by this Postfix server. Based on the previous settings, the following default directive means that accepted mail may be sent to the local system’s FQDN (server1.example.com), the localhost address on the example.com network, and the localhost system:

mydestination = $myhostname, localhost.$mydomain, localhost

For a Postfix server configured for the local network, you should add the name of the local domain, already assigned to the mydomain directive:

mydestination = $mydomain, $myhostname, localhost.$mydomain, localhost

In addition, you’ll want to set up the mynetworks directive to point to the IP network address to be covered by this Postfix server. The default commented directive does not point to the example.com network defined for this book:

#mynetworks = 168.100.189.0/28, 127.0.0.0/8

So for systems like server1.example.com, this directive should be changed to

mynetworks = 192.168.122.0/24, 127.0.0.0/8

Once changes are made to the main.cf file (and any other files in the /etc/postfix directory) are complete and saved, you may want to review current Postfix parameters. To do so, run the following command:

# postconf

Of course, most of these parameters are defaults. To review the parameters changed by the main.cf file, run the following command:

# postconf -n

-n     Show only configuration parameters that have explicit name=value
              settings in main.cf.  Specify -nf to fold long lines  for  human
              readability (Postfix 2.9 and later).

The output is shown in Figure 13-3.

One setting from the postconf -n output is important to authentication. Specifically, when the following directive is added to the main.cf file, Postfix will require authorized usernames and passwords for access:

smtpd_sender_restrictions = permit_sasl_authenticated, reject

In addition, Postfix includes a syntax checker in the basic daemon. Run the following command to see if there are any fatal errors in the main.cf file:

# postfix check