Linux Troubleshooting Bible [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

Linux Troubleshooting Bible [Electronic resources] - نسخه متنی

Christopher Negusand, Thomas Weeks

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید







PostFix Overview

For some administrators, PostFix is an excellent alternative to Sendmail. PostFix is installed by default on Fedora Core and Red Hat Linux systems, but not enabled by the alternatives system. It was developed as a more secure and modern alternative to Sendmail, and though it is compatible to Sendmail in almost areas, note that PostFix emulation of Sendmail command-line syntax is not 100% accurate. PostFix features include



Multiple functional daemons that operate independently and without root level permission, enhancing MTA security



Use of

/etc/aliases as well as procmail-style

~/.forward files



Ability to deliver mail to mbox-style mailboxes in

/var/spool/mail/




Though Sendmail is older and-in many cases-crankier than PostFix, it is still the default alternatives-enabled MTA on Red Hat Linux and Fedora Core based systems. Those who want to use PostFix must deliberately enable it. This section offers some basic configuration and feature information; for more detailed assistance, check the resources at the end of the chapter or visit www.postfix.o

rg .


PostFix versus Sendmail


If you're new to PostFix but experienced with Sendmail, you probably want to know what's different between the two MTAs. One of the major differences is how each is configured straight out of the box on a stock system. If you telnet into SMTP on each MTA, you'll see this for Sendmail 8.12.10:


# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
Escape character is '^]'.
220 es.playground.crudnet.org ESMTP Sendmail
8.12.10/8.12.10; Thu, 30
Oct 2003 22:42:38 -0500
ehlo t.net
250-playground.mydomain.com Hello localhost [127.0.0.1],
pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPEI INING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-DELIVERBY
250 HELP

The output for PostFix 2.0.11 is a bit different.


# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
Escape character is '^]'.
220 es.playground.crudnet.org ESMTP Postfix
ehlo t.net
250-es.playground.crudnet.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-XVERP
250 8BITMIME

As you can see, SMTP-Auth is not configured by default under PostFix. It can be turned on easily in the

/etc/postfix/master.cf file, however. Neither Sendmail nor PostFix binds to anything other than localhost, by default, for incoming SMTP.






Tip

For more information on SMTP-Auth, see the local sample file

/usr/share/doc/ postfix-2.0.11/samples/sample-auth.cf , or just see the line that contains the option

smtpd_sasl_auth_enable=yes in your

/etc/postfix/master.cf file.



Configuring PostFix


The true differences between PostFix and Sendmail begin to appear in configuration. While PostFix is "Sendmail-compatible," its design is quite unlike Sendmail's. PostFix splits up the various MTA functions and assigns each to a different program. These programs are configured and run as related, but are independent of each other. This is a more secure design than the large single-program Sendmail method.

Because each function is a separate program, you must configure each independently. This is more work at the start of a PostFix installation, but allows you a greater level of microconfiguration for your particular needs. PostFix configuration files are stored in

/etc/postfix , and include:



access



aliases



aliases.db



canonica



main.cf



main.cf.default



master.cf



pcre_table



postfix-files



postfix-script



post-install



regexp_table



relocated



transport



virtual



Most of these files are relatively self-explanatory. Brief descriptions of the most important PostFix configuration files follow.


/etc/postfix/main.cf


The

/etc/postfix/main.cf file is PostFix's primary configuration file. It is equivalent to

/etc/sendmail.cf , but is editable like

/etc/sendmail.mc . A sample

main.cf file might look like this:


#soft_bounce = no
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
#default_privs = nobody
#myhostname = host.domain.tld
[...]
inet_interfaces = localhost
#inet_interfaces = all
[...]
mydestination = $myhostname, localhost.$mydomain
[...]
#local_recipient_maps = unix:passwd.byname $alias_maps
[...]
unknown_local_recipient_reject_code = 450
[...]
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
[...]
#relay_domains = $mydestination
#relayhost = $mydomain
[...]
#relay_recipient_maps =hash:/etc/postfix/relay_recipients
#in_flow_delay = ls
alias_maps = hash:/etc/postfix/aliases
[...]
#alias_database = dbm:/etc/aliases
[...]
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id
& sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.0.11/samples
readme_directory = /usr/share/doc/postfix-2.0.11/README_files
alias_database = hash:/etc/postfix/aliases

When you first configure PostFix, you will need to change the

inet_interfaces setting to

pri , sec IP , or

all for an Internet mail server. The default

localhost setting will not allow PostFix to listen for incoming mail.

Many administrators will also want to add a setting for the "virtual maps" directive, the PostFix equivalent of the

virtusertable file in Sendmail configuration. To do so, add this line:


virtual_maps = hash:/etc/postfix/virtual

After any configuration file change you should either reload or restart PostFix with the command


# /etc/init.d/postfix start
Starting postfix: [ OK ]






Tip

To learn more about the

/etc/postfix/main.cf file, see www.redhat.com/support/resources/howto/RH-postfi

x-HOWTO/x118l .



/etc/postfix/master.cf


PostFix's master process configuration file is located at

/etc/postfix/master.cf . The master PostFix daemon is a supervisory application, run under root, which manages and monitors all other PostFix processes. The

master.cf file contains various settings that affect all PostFix processes, such as message throttling, feature settings, and subdaemon configurations.

Each line in the

master.cf file describes how a particular component or subdaemon is to run. Where the

main.cf file controls MTA configurations for paths, aliases, options, and hostname or domain settings, master.cf manages the individual programs run by the master binary. These individual programs generally manage alternative services, such as SMTP, bounce management, mail queues, alternate mail engines, protocols, spam and virus filters, and so on.

The

stock /etc/postfix/master.cf file looks much like this:


==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ========================================================================
smtp inet n - n - - smtpd
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
#qmgr fifo n - n 300 1 qmgr
qmgr fifo n - n 300 1 nqmgr
#tlsmgr fifo - - n 300 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
cyrus unix - n n - - pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension}
${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

You will probably want to turn on SMTP-Auth rather than use the stock SMTP setting. To do so, comment out the

smtp line in

master.cf and replace it with this line:


smtp inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes

The

master.cf file is extremely flexible, and offers a great deal of power in configuring a responsive and secure MTA. For example, here's a real-world

master.cf modification written by Kevin Taylor, a Linux Sys-Admin and RHCE at Rackspace Managed Hosting. Kevin wanted to set up a

procmail antivirus quarantine system, which used

master.cf . The system needed to deliver incoming mail into

procmail from the SMTP subdaemon, with a max thread count of 5. This is how he did it:


smtp inet n - y - - smtpd -o content_filter=filter:
filter unix - n n - 5 pipe user=filter
argv=/usr/bin/procmail -m /etc/procmailrc ${sender) ${recipient}

This set up a filter entry in his

master.cf file that formed a special user filter through which Kevin piped all incoming e-mail, using a

procmail antivirus recipe. You'll find other

procmail antivirus recipes at http://agriroot.aua.gr/~nikant/nkvir/ .


/etc/postfix/virtual


The

/etc/postfix/virtual file is the PostFix equivalent of Sendmail's

virtusertable file.





Note

If you want to enable this feature, it must be added and turned on in the

main.cf file before you begin to use it.


The main difference between the PostFix

virtual file and Sendmail's

virtusertable file is that

virtual must have its virtual domains declared in the file before they can be used by the MTA. Entries in a PostFix

virtual file might look like this:


mydomain.com Bob's virtual domain
bob@mydomain.com bob
bob-home@mydomain.com bsmith@yahoo.com
@mydomain.com bob

On the first line of the virtual file, the text after the virtual domain's domain name declaration is ignored by PostFix. Most administrators simply insert the word

VIRTUAL for the sake of clarity.

One advantage that PostFix holds over Sendmail is that you no longer need to maintain a separate local-domains file to hold all of your local domain names, since you declare all virtual domains in

/etc/postfix/virtual . In addition, you no longer need to add wildcard or catch-all accounts at the bottom of your virtual mapping file. For sysadmins who like to automate as many processes as possible, this is great because you can simply write a script that uses

cat to append new users to the end of the virtual file without worrying about their location within the file.





Note

Every time you modify

/etc/postfix/virtual , whether it is for adding a new domain or a new address, you must rebuild the

virtual.db hash file. Do so with the

postmap command, as in


# postmap hash:/etc/postfix/virtual

Changes will be applied instantly, so you don't have to restart or reload the main PostFix daemon.



/etc/postfix/aliases


The

/etc/postfix/aliases file is equivalent to Sendmail's

/etc/aliases file. In fact, you should be able to use your

/etc/aliases file as a direct replacement. However, because of the file's location under Sendmail, and because PostFix checks this file for system aliases, you will need to rebuild its hash file each time you add a new alias.

In PostFix, you rebuild the hash file from the command line with the postalias command, as in


# postalias hash:/etc/postfix/aliases

The hash file is also rebuilt automatically whenever the PostFix daemon is restarted, just as in Sendmail.

/ 213