Work the E-mail, Part I

When it comes to e-mail, what do small organizations need? Why? And, how do you make it happen?

Each line starts with the dæmon name (service) and the way it talks with Postfix (Internet/UNIX sockets or FIFOs). The next parameters show whether it's private to the mail system and whether it runs with or without privileges into a chroot (that is, into a restricted filesystem). Wakeup and maxproc define the wake-up interval and the maximum number of processes that may execute this service simultaneously. The line ends with the actual command that invokes the dæmon, with all its options. We'll look in detail at some dæmons in the upcoming articles. For now, it's enough to know that one or more -v switches enable verbose logging and that a - value means use the default value for that field.

Defining Variables:

Postfix has hundreds of configuration variables, but don't worry. To build a working system, you need to set only about 20 of them. To get an idea of Postfix's capabilities and the way it works, see Listing 2. It is an excerpt, by no means complete (or working), of a real file. More specifically, it shows only the main options that must be set to a different value than the default or the ones that are particularly important for spam fighting and not making an open relay. We will build a complete file in upcoming articles in this series.

Section 1 contains the full name of the VPS box. Section 2 defines from where we accept mail and for which destinations. The first law of each SMTP server is never to become a spambot by relaying messages of unknown origin or useless bounce notifications to the Internet. This is what Section 3 is for. As it is, it means that only messages originated on the server will be sent outside. Section 4 says that we accept e-mail for the two and domains, but only for the users in the /etc/postfix/vmailbox map, and that we use procmail to store incoming messages into the /var/mail/mail_storage folder.

When proper SMTP filtering rules are available (as shown in Figure 1), an SMTP server can recognize and refuse a lot of spam as soon as it is contacted, without even downloading the whole message. This is what sections 5 and 6 do. Besides the official documentation, their content is described in full detail in the Postfix anti-UCE cheat sheet (see Resources). Note that the server actually will work only if you set DNS properly, but this, as well as the exact meaning of all those variables, is something I'll discuss in future articles. For now, let's finish by introducing Postfix maps.


Articles about Digital Rights and more at CV, talks and bio at

One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix