Postfix

Details of how CompSoc uses Postfix, listed in ascending order of complexity. These are code snippets, not whole config files.

In the following, /etc/postfix/relaydomains is a list of all the domains CompSoc hosts, including uwcs.co.uk and warwickcompsoc.co.uk.

Where square brackets are put around hosts in the config files below, this is to disable MX lookups for that host. The mail will be relayed to that smtp server directly.

Backus

Handles local mail only - all outgoing mail is relayed to pat.

In /etc/postfix/main.cf: 

inet_interfaces = loopback-only
relayhost = [pat.warwickcompsoc.co.uk]:8025

Pat and Jess

Pat is another backup MTA (mail2.warwickcompsoc.co.uk), but also handles all outgoing mail for off-campus. It's therefore quite important. Codd can't access off-campus servers on port 25, so another smtpd is run on 8025.

Note that we use relay_transport here, rather than relayhost. Outgoing mail is delivered directly to the relevant mail server, while relayed mail is sent to Codd port 8025.

Pat uses two smtp policy servers; both whitelisting and greylisting in combination. This requires the two Debian packages: whitelister (available in backports) and postgrey. Whitelister uses the sample configuration from /usr/share/doc/whitelister/examples/.

In /etc/postfix/main.cf: 

smtpd_recipient_restrictions =
        permit_mynetworks
        reject_unauth_destination
        check_policy_service inet:127.0.0.1:10000
        check_policy_service inet:127.0.0.1:60000

relay_domains = /etc/postfix/relaydomains
relay_transport = smtp:[codd.uwcs.co.uk]:8025

# We either need to add various other servers here and relay through pat,
# or add more stuff to mynetworks on Codd and relay through there.
# Better still, use MX lookups and do both. But that might require
# twilight to behave differently, and possibly keep a copy of relaydomains.
mynetworks = 127.0.0.0/8, 137.205.210.240

In /etc/postfix/master.cf: 

smtp      inet  n       -       -       -       -       smtpd
8025      inet  n       -       -       -       -       smtpd

Codd

Codd is both mail.warwickcompsoc.co.uk and mail1.warwickcompsoc.co.uk.

Outgoing mail is relayed to pat port 8025, with the exception of mail for campus, which is sent straight to the campus mail relays. This will require a transport_maps file, /etc/postfix/transport.

There is an smtp server on port 8025, that accepts SASL authentication. The Debian package postfix-tls is required for this.

Codd hosts various virtual domains. This will require a file, /etc/postfix/virtual, that maps between hosted virtual domains and the delivery method.

In /etc/postfix/main.cf: 

mydestination =
        codd.warwickcompsoc.co.uk
        localhost.warwickcompsoc.co.uk
        warwickcompsoc.co.uk
        codd.uwcs.co.uk
        localhost.uwcs.co.uk
        uwcs.co.uk
        codd
        localhost

virtual_alias_maps = hash:/etc/postfix/virtual

smtpd_recipient_restrictions =
        permit_mynetworks
        permit_sasl_authenticated
        reject_unauth_destination

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

transport_maps = /etc/postfix/transport
relayhost = [pat.warwickcompsoc.co.uk]:8025,
            [jess.warwickcompsoc.co.uk]:8025

In /etc/postfix/master.cf: 

smtp      inet  n       -       -       -       -       smtpd
8025      inet  n       -       -       -       -       smtpd

In /etc/postfix/virtual: 

# Run ``postmap /etc/postfix/virtual'' after changing this file.

# These are catch-all addresses, delivered to local accounts. This should cover 99%
# of what we want to do. {uwcs,warwickcompsoc}.co.uk should not be in here.
@retout.co.uk        retout
@retout.com          retout
...

# We can also have exceptions to the above, or deliver to other addresses.
postmaster@retout.co.uk        postmaster@warwickcompsoc.co.uk

# We can also send mail to multiple addresses.
list@example.com               bill@example.com, ben@example.com

In /etc/postfix/transport: 

# Run ``postmap /etc/postfix/transport'' after changing this file.

warwick.ac.uk         smtp:[mail-relay.csv.warwick.ac.uk]
.warwick.ac.uk        smtp:[mail-relay.csv.warwick.ac.uk]

At some point, we will also want to look at running spamassassin on new mail automatically, and possibly at virtual mailboxes (so that people don't need unix accounts to have a mail account).

Techteam Wiki: Software/Postfix (last edited 2009-02-17 15:52:29 by localhost)