Installing Postfix on a Red Hat 7.3 Laptop

I run postfix on my laptop. I have the following needs to be satisfied:
  1. masquerade as my company's domain when adding the sender's domain
  2. HELO as my company's domain when talking to boxes outside the corporate domain, as outside mail servers may be running smtpd_helo_restrictions or their equivalent, and our internal DNS names are not available outside the corporate LAN
  3. HELO as my FQDN when talking to boxes inside the corporate domain, as many of them are poorly configured sendmail's which give the familiar "mail loop back on itself" error if I HELO as my corporate domain
  4. cannot use a smarthost or a fixed relay as my laptop works at home and on the road and my corporate mail server will not relay to outside hosts
  5. use procmail to deliver mail
  6. limit the people who receive mail on my machine to be me even though other folks have accounts on the machine. Their mail must go to the corporate server. Root mail on the box must come to me.
  7. spool mail locally so I can reply to messages while on the train and have them sent whenever and wherever I hook back up to the net
Some notes about my corporate LAN setup:
  1. the company's external domain is somanetworks.com
  2. internally, the company is divided into per-office subdomains. Mine is yyz.somanetworks.com.
  3. all mail sent to anyone's general mail account (user@somanetworks.com) goes through the mail server which is mail.somanetworks.com
  4. there are a few other machines inside the corporate network on which we manage internal mailing lists
  5. everyone who sends me mail, sends it to me at my corporate address and I use fetchmail to POP it from the corporate mail server
Here's how you set Postfix up to satisfy my requirements.
  1. Install the postmail RPM, and then uninstall the sendmail RPM
  2. To masquerade as my company's domain, I add the following to my main.cf 
    # LOCAL PATHNAME INFORMATION
#
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix

# QUEUE AND PROCESS OWNERSHIP
#
mail_owner = postfix

# INTERNET HOST AND DOMAIN NAMES
# 
myhostname = frogger.yyz.somanetworks.com
mydomain = somanetworks.com

# SENDING MAIL
# 
myorigin = $mydomain

# RECEIVING MAIL
#
inet_interfaces = all
mydestination = frogger.yyz.somanetworks.com localhost localhost.$mydomain
        localhost.yyz.somanetworks.com localhost.localdomain

# REJECTING UNKNOWN LOCAL USERS
#
local_recipient_maps = $alias_maps unix:passwd.byname

# ADDRESS REWRITING
#
allow_percent_hack = yes
append_at_myorigin = yes
append_dot_mydomain = yes
empty_address_recipient = MAILER-DAEMON
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains = $myorigin
masquerade_exceptions = root

# ALIAS DATABASE
#
alias_maps = hash:/etc/postfix/aliases

# DELIVERY TO MAILBOX
#
mailbox_command = /usr/bin/procmail
luser_relay = $user@mail.somanetworks.com
    Everything else, was out of the RPM. (Some of the above might be out of the RPM to, I can't recall.) Note that I didn't use $myhostname anywhere else in main.cf as we will be overriding it on the smtp command line below. The setting for mydestination is probably also overkill, but it works.
  3. In /etc/postfix/aliases I set 
    root:           mjfrazer
    and left everything else to the default. Remember to run newaliases after editing the file. Your /usr/bin/newaliases should be a symlink to /etc/alternatives/mta-newaliases after postfix is installed.
  4. Now, since postfix runs chroot'd under the Red Hat configuration, you have to copy the appropriate entries into /var/spool/postfix/etc/passwd. If you don't you'll get an error like this: 
            $ telnet localhost 25
        Trying 127.0.0.1...
        Connected to localhost.localdomain (127.0.0.1).
        Escape character is '^]'.
        220 frogger.yyz.somanetworks.com ESMTP Postfix
        MAIL FROM:<>
        250 Ok
        RCPT TO:
        550 : User unknown
        QUIT
        221 Bye
        Connection closed by foreign host.
    You can either hand copy the entries you want, or use something like this: 
    awk -F : '{ if ( 100 < $3 && $3 < 65000 ) print ; }' /etc/passwd \
        >/var/spool/postfix/etc/passwd
    to pull all non-privileged accounts into postfix's visiblity. I hand copied stuff as I only wanted my single entry, mjfrazer, to be received locally. Mail to anyone else goes to $luser_relay.
  5. The Red Hat Procmail doesn't get along with Postfix very well. It can't create files in /var/spool/mail because it runs as the recipient. So, you have to chmod 1777 /var/spool/mail in order for procmail to work. If you don't you'll get error messages like this in your mail log: 
    Jul  5 15:27:13 frogger postfix/smtpd[2451]: 4EE99237A7: client=frogger.yyz.somanetworks.com[10.11.10.14]
Jul  5 15:27:56 frogger postfix/cleanup[2452]: 4EE99237A7: message-id=<20020705192713.4EE99237A7@frogger.yyz.somanetworks.com>
Jul  5 15:27:56 frogger postfix/nqmgr[1859]: 4EE99237A7: from=<>, size=408, nrcpt=1 (queue active)
Jul  5 15:27:56 frogger postfix/local[2458]: 4EE99237A7: to=, relay=local, delay=43, status=bounced (can't create user output file. Command output: procmail: Couldn't create "/var/spool/mail/mailtest" )
Jul  5 15:28:03 frogger postfix/smtpd[2451]: disconnect from frogger.yyz.somanetworks.com[10.11.10.14]
My box stayed configured as above for a few weeks until I sent mail to someone running smtpd_helo_restrictions which rejected my helo of frogger.yyz.somanetworks.com because it's not available outside the corporate LAN. I thought I would need to patch Postfix to fix this, but I didn't because Postfix rocks.

To fix up the HELO problem, we have to do the following:

  1. In main.cf add, 
    # TRANSPORT MAP
#
# Insert text from sample-transport.cf if you need explicit routing.
transport_maps = hash:/etc/postfix/transport
  2. In the transport map /etc/postfix/transport, I added: 
    frogger.yyz.somanetworks.com    local:
localhost.yyz.somanetworks.com  local:
localhost.somanetworks.com      local:
localhost.localdomain           local:
localhost                       local:
yyz.somanetworks.com            smtp-local:
.yyz.somanetworks.com           smtp-local:
somanetworks.com                smtp-local:
.somanetworks.com               smtp-local:
    Don't forget to postmap /etc/postfix/transport to make the .db hash.
  3. In master.cf, add a parameter to the default smtp service entries so that they look like this: 
    smtp    inet    n       -       y       -       -       smtpd
                                -o myhostname=somanetworks.com
    and 
    smtp    unix    -       -       y       -       -       smtp
                                -o myhostname=somanetworks.com
    Now, add the following entry: 
    smtp-local
        unix    -       -       y       -       -       smtp
                                -o myhostname=frogger.yyz.somanetworks.com
    Postfix smtp HELO's with the $myhostname, so we set it as we like. Note that you can't make an smtp-local entry of type inet, as it's not in /etc/services. If you try to add it to /etc/services and use port 25 things will get confused. It's not needed anyways.

    Note that Postfix has a configuration variable named smtp_helo_name as of snapshot 1.1.11-20020613. The Red Hat 7.3 RPM is postfix-1.1.7-2, so that feature is not available yet. Hopefully, this will come with Red Hat 7.4.

That wraps up my Postfix configuration.

Many thanks go to Ralf Hildebrand for answering my questions and helping me discover that Postfix is chroot'd on Red Hat and of course to Wietse Venema for writing Postfix and helping with the Postfix lack of privilege and the HELO problems.

Document: postfix-rh73-laptop.html
Last Update: Monday, 08-Jul-2002 08:30:41 EDT
Served From: mjfrazer.org to 38.103.63.17 on Friday, 16-May-2008 22:54:20 EDT
Off-site Backlinks: 6820 (as of Sun Dec 12 00:27:11 2004)
frickin' computers Mark Frazer -- mark@mjfrazer.org frickin' computers