Chap4: General Configuration and Administration

Question 1

What are the 2 important conf parameters to set before starting postfix ?

Answer 1

myhostname

and

aliases

Question 2

What is the aim of the parameter myhostname ?

Answer 2

This is the parameter used by postfix to know the fully qualified domain name of the computer it is running on.

Question 3

What is the command to rebuild the indexed aliases file ?

Answer 3

newaliases

Question 4

What is the command to start postfix ?

Answer 4

postfix start

Question 5

Which configuration file is the core of postfix configuration

Answer 5

main.cf

Question 6

How to separate multiple values in of a configuration parameter ?

Answer 6

spaces, commas, tabs, or newlines.

Question 7

Which commands needs to be run whenever change made into main.cf have to be considered ?

Answer 7

postfix reload

Question 8

What is the canonical table format ?

Answer 8

The canonical table pecifies an address mapping for local and non-local addresses. The mapping is used by the cleanup(8) daemon, before mail is stored into the queue. The address mapping is recursive.

This mapping therefore happens during the submissions stage of the mail processing.

Question 9

What does LHS means ?

Answer 9

LeftHand Side of an entry of a lookup table

Question 10

What does RHS means ?

Answer 10

RightHand Side of an entry of a lookup table

Question 11

Which command should be called to create the indexed file of a lookup table

Answer 11

postmap /path/to/lookuptabletxt

Question 12

What is the goal of the parameter default_database_type

Answer 12

This parameter tells you which database type Postfix uses by default.

If you don’t specify a database type with postmap, it automatically uses your default type. In
general, you can just use the default type configured on your system, but you must know what
it is when assigning lookup tables to mapping parameters.

Question 13

What is the format of a lookup maps parameter ?

Answer 13

parameter = type:name

canonical_maps = hash:/etc/postfix/canonical

Question 14

What are the different database formats available in postfix ?

Answer 14

The usual ones are: hash, dbm, btree, unix

the command postconf -m allows to see the list of available format in a particular system:

static
pcre
nis
regexp
environ
proxy
btree
unix
hash

Question 15

What is the relocated table ?

Answer 15

The optional relocated(5) table provides the information that is used in “user has moved to new_location” bounce messages.

Question 16

What is the aliases table ?

Answer 16

The aliases(5) table provides a system-wide mechanism to redirect mail for local recipients. The redirections are processed by the Postfix local(8) delivery agent.

Question 17

What is the difference between virtual_alias_maps and virtual_domain_maps

Answer 17

The optional virtual alias table rewrites recipient addresses for all local, all virtual, and all remote mail destinations.

Virtual aliasing is recursive, and is implemented by the Postfix cleanup daemon before mail is queued.

The virtual delivery agent is designed for virtual mail hosting services. Originally based on the Postfix local delivery agent, this agent looks up recipients with map lookups of their full recipient address, instead of using hard-coded unix password file lookups of the address local part only. This delivery agent only delivers mail. Other features such as mail forwarding, out-of-office notifications, etc., must be configured via virtual_alias maps or via similar lookup mechanisms.

Question 18

What is the difference between alias files and lookup tables ?

Answer 18

The main difference is the format of the text files. Alias files use a Sendmail-compatible format. Therefore the postmap command cannot be used for alias files. Rather use postalias or newaliases.

• An alias definition has the form

               name: value1, value2, ...

• Empty lines and whitespace-only lines are ignored, as are lines whose first non-whitespace character is a `#’.
• A logical line starts with non-whitespace text. A line that starts with whitespace continues a logical line

Question 19

Which alias files are indexed when calling the command newaliases ?

Answer 19

By default, the alias files listed in the parameter : alias_database

Question 20

What are the possible target of an alias file ?

Answer 20

• Email addresses:
  Any RFC 2822 address is allowed, meaning target addresses can be local or forwarded
  to another site for delivery. For example:

kyle.dent: kdent, kdent@oreilly.com

• Filename:
  Specify the full path to a file. New messages are appended to the file specified. Delivery
  occurs to the file as it would to any local mailbox. See Chapter 7 for information on local
  delivery to mailboxes and on specifying different mailbox formats. For example:

info: /usr/local/mail/info_box

• Command
  Specify a pipe character and a command. See Chapter 14 for more information on
  delivery to commands. For example:

info: “|/usr/local/bin/autoreply”

• :include:
  An included file contains a list of additional alias targets. The targets in the file can be
  any valid target type as described here, but by default filenames and commands are not
  allowed. The next section discusses configuration parameters to override these default
  restrictions. For example:

info: :include:/usr/local/mail/info_list

Question 21

Which parameters allow to control which kinds of targets are allowed in your alias files ?

Answer 21

allow_mail_to_commands and allow_mail_to_files.

Each of these parameters takes a list of
the aliasing mechanism that permits its action. Aliasing mechanisms are “alias,” the alias file we’ve been discussing; “include,” the include target, and “forward,” which is the .forward file

commands:
allow_mail_to_commands = alias, forward, include
allow_mail_to_files = alias, forward, include

Question 22

What are the 4 parameters postfix uses to identify itself ?

Answer 22

myhostname, mydomain, myorigin, and

mydestination.

Question 23

What is the goal of the myhostname parameter ?

Answer 23

It is the hostname that the postfix MTA consider as it own one. By default, it is set to the fully qualified domain name of the host running postfix. Unless the function “gethostname” does not return the fully qualified domain name, in which case it will be a concatenation of the localname and the “mydomain” parameter value.

Question 24

What is the goal of the mydomain parameter ?

Answer 24

It is the domain that the postfix MTA consider as its own one. By default, if myhostname is set, it defaults to the domain part of myhostname. Otherwise it has to be explicitly set.

Question 25

What is the goal of the myorigin parameter ?

Answer 25

When your users send or receive mail through the Postfix system with no domain name
specified in the envelope or header addresses, the parameter myorigin determines what
domain name should be appended.

The default is to use the value of myhostname.

Question 26

What is the goal of the mydestination parameter ?

Answer 26

The mydestination parameter lists all the domains your Postfix system should accept mail for
and deliver to local users. By default Postfix accepts mail destined for $myhostname and
localhost.$mydomain.

Question 27

What does UBE means ?

Answer 27

Unsollicited Bulk Emails

Question 28

What are the parameters used to restrict clients submitting messages to relay based on their IP addresses ?

Answer 28

mynetworks_style and mynetworks

You can limit or broaden the range of addresses that should be allowed to relay by setting the parameter mynetworks_style. If you prefer to limit relaying to the local machine only, set mynetworks_style to “host”. You can also set mynetworks_style to “class” to allow relaying by any host within the same class A, B, or C network as your server. For many networks a class setting opens relaying to too many systems. If you aren’t familiar with IP address classes, stick to the default “subnet” or more restrictive “host” settings.

Alternatively, you can explicitly indicate the hosts that should be allowed to relay mail by setting mynetworks. If you set mynetworks, the mynetworks_style parameter is ignored. You can list individual IP addresses or specify subnets using the network/netmask notation—for example, 192.168.100.0/28.

Question 29

What is pop-before-smtp ?

Answer 29

It is an SMTP Client authentication mechanism that works with Postfix by dynamically updating a Postfix lookup table, adding new IP addresses as users authenticate, and deleting others when the time period
expires. It require that a user first log in to a POP/IMAP server, thereby supplying the
client’s currently assigned IP address to your system or network.

Question 30

What is DRAC ? (Dynamic Relay Authorization Control)

Answer 30

It is an SMTP Client authentication mechanism that works with Postfix by dynamically updating a Postfix lookup table, adding new IP addresses as users authenticate, and deleting others when the time period
expires. It require that a user first log in to a POP/IMAP server, thereby supplying the
client’s currently assigned IP address to your system or network.

DRAC differs
from pop-before-smtp in that it can work over a network, while pop-before-smtp requires that
the POP/IMAP server be installed on the same system as the SMTP server.

Question 31

What is WHOSON ?

Answer 31

It is an SMTP Client authentication mechanism that provides an interface to both the POP/IMAP and SMTP
servers. You have to run a WHOSON server on your network, and you must obtain a patch that
adds a new lookup type to Postfix. After building Postfix with the patch, it can communicate
with the WHOSON server to determine if a particular client IP address should be allowed to
relay mail.

Question 32

What is SASL ?

Answer 32

SASL is a general protocol that
defines how a server and client can exchange authentication credentials. It can be used by postfix as an authentication mechanism

Question 33

Which daemon launches all the other postfix daemons/services

Answer 33

the master daemon.

Question 34

Which file contains the the various services to launch and their configuration ?

Answer 34

master.cf

Question 35

What are the different parameters to set when configuring a service in master.cf

Answer 35

Service Name,
Transport Name,
Private,
Unprivileged,
Chroot,
Wakeup time,
Process limit,
Command Name + Arguments

Question 36

Which parameter allows to configure the maximum number of recipients of a message ?

Answer 36

smtpd_recipient_limit

the default value is 1000

Question 37

Which parameter limits the size of any message your system will accept ?

Answer 37

message_size_limit

the default value is 10MB

Question 38

Which parameter specify the sleep delay after each error ?

Answer 38

smtpd_error_sleep_time

Question 39

Which parameter specify the number of errors after which the sleep delay should be increased by 1 ?

Answer 39

smtpd_soft_error_limit

Question 40

Which parameters specify the number of errors after which postfix should disconnect from the client ?

Answer 40

smtpd_hard_error_limit

Question 41

Which parameters prevent Postfix from appending the domain in myorigin or mydomain ?

Answer 41

append_at_myorigin = no
append_dot_mydomain = no

Question 42

Which parameter do you need to configure if you want your to rewrite only sender or recipient addresses (canonical) ?

Answer 42

sender_canonical_maps and recipient_canonical_maps

Question 43

What is masquerading ?

Answer 43

Address masquerading refers to the idea that you can hide the names of internal hosts, and make all addresses appear as if they originated from the gateway system itself. You may have internal systems that use your Postfix server as a gateway. When mail is sent from these systems and the sender addresses include the fully qualified hostname, you may want
addresses to appear with the domain name only.

Question 44

Which parameters strips hostnames down to their simpler domain names (technique known as masquerading) ?

Answer 44

masquerade_domains

Example:
masquerade_domains = acct.example.com hr.example.com example.com

With this setting, the address heloise@sys3.acct.example.com matches acct.example.com, so that it becomes heloise@acct.example.com. The address frank@db.hr.example.com matches hr.example.com, and becomes frank@hr.example.com. Finally, helene@server1.example.com matches the last value, example.com, to become helene@example.com.

masquerade_domains = !it.example.com, example.com
In this case, the domain it.example.com will not be rewritten, so the address kdent@it.example.
com stays as it is.

Question 45

How to exclude specific account names from masquerading ?

Answer 45

masquerade_exceptions = admin, root

Question 46

Which parameter allows to determine which addresses are to be masqueraded (envelope, header, sender, recipient) ?

Answer 46

masquerade_classes

masquerade_classes = envelope_recipient, envelope_sender, header_sender, header_recipient

Question 47

Which address allows to manage relocated users ?

Answer 47

relocated_maps = hash:/etc/postfix/relocated

Question 48

What happens when a message is sent to a relocated address ?

Answer 48

When a message is delivered to a relocated address, Postfix rejects the delivery attempt with a message that includes the user’s new address as specified in the lookup table.