Postfix Relay Configuration Options

Naturally, you can configure Postfix to relay mail in various ways or to send mail through an outgoing relay. Postfix's default relay configuration is more open than that of sendmail, but it's closed enough to not be a big risk, at least for a typical office computer.

Configuring Postfix to Relay Mail

Several options influence how Postfix treats an attempt to relay mail. Table 25.2 summarizes these options. Postfix's relay configuration is built on the concept oUrust; the server relays mail for machines that it trusts. Defining relay authorization, therefore, becomes a matter of defining what systems to trust.

Table 25.2: Common Postfix Relay Options

Option

Default Value

Meaning

mynetworks_style

subnet

Type of networks Postfix trusts, subnet means the same IP address subnet as the server, class means the same IP address class as the server, and host means to trust only the server computer itself.

mynetworks

Network list as specified by $mynetworks_style

List of networks to be trusted. Networks may be specified as IP address/netmask pairs, or you may provide a filename for a file in which the information is stored.

relay_domains

$mydestination

Machines and domains listed explicitly by name.

When run from Linux, the default mynetworks_style setting means that Postfix will relay mail from any computer with an IP address in the same subnet as the server itself. For instance, if the mail server computer has an IP address of 172.25.98.7 with a netmask of 255.255.255.0, the server will relay mail from any computer on the 172.25.98.0/24 network. In addition, the relay_domains default means that the server will relay mail from any computer specified in the mydestination option or in computers within the specified domain. For instance, if you have a mydestination specification that includes pangaea.edu, Postfix will relay from any computer in the pangaea.edu domain.

Warning If you're running Postfix on a computer that uses a dial-up Internet connection, its default configuration enables it to relay for all users of the ISP's subnet. This configuration is a spam risk, so you may want to tighten your Postfix settings.

As an antispam measure, you might want to limit Postfix's relaying capabilities. This might be particularly important if you've set mydestination to include a domain for which the server shouldn't serve as a relay, or if that domain's systems are already covered by IP address in the mynetworks or mynetworks_style options. To do so, you might provide a restrictive relay_domains configuration, such as:

relay_domains = $myhostname, localhost, localhost.localdomain

If you're running Postfix on a workstation, you might want to prevent the server from relaying mail for anything but the workstation computer itself. (This configuration accepts mail both from the local computer to anywhere and from anywhere to the local computer.) For this configuration, you must combine the tight relay_domains limit with a tight mynetworks_style definition:

mynetworks_style = host

If Postfix is running on a larger mail server and you want to expand the computers for which it will relay, the simplest way is usually to create an expanded relay_domains definition. For instance, to relay mail for the default systems plus threeroomco.corn's systems, you might use the following line:

relay_domains = $mydestination, threeroomco.com Configuring Postfix to Use a Relay

If you're configuring Postfix on a workstation or other system that should relay mail through another mail server, the configuration is fairly straightforward. Typically, you need to set the relayhost option to the name of the mail server you should use. For instance, to set your system to use mail.example.com as the mail relay, you would use the following line:

relayhost = mail.example.com

Alternatively, if you want to use the computer to which a domain's MX record points, you can provide the domain name rather than the hostname. Postfix then does an MX record lookup and sends mail to the domain's mail server. This configuration may be preferable if the name of the outgoing mail server is likely to change; you needn't adjust your Postfix configuration when this happens.

Team LIB

Team LIB

^ previous

0 0

Post a comment