Home | History | Annotate | Line # | Download | only in proto
INSTALL.html revision 1.6
      1 <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
      2         "http://www.w3.org/TR/html4/loose.dtd">
      3 
      4 <html>
      5 
      6 <head>
      7 
      8 <title>Postfix Installation From Source Code </title>
      9 
     10 <meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
     11 
     12 </head>
     13 
     14 <body>
     15 
     16 <h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
     17 Installation From Source Code </h1>
     18 
     19 <hr>
     20 
     21 <h2> <a name="1">1 - Purpose of this document</a> </h2>
     22 
     23 <p> If you are using a pre-compiled version of Postfix, you should
     24 start with BASIC_CONFIGURATION_README and the general documentation
     25 referenced by it.  INSTALL is only a bootstrap document to get
     26 Postfix up and running from scratch with the minimal number of
     27 steps; it should not be considered part of the general documentation.
     28 </p>
     29 
     30 <p> This document describes how to build, install and configure a
     31 Postfix system so that it can do one of the following: </p>
     32 
     33 <ul>
     34 
     35 <li> Send mail only, without changing an existing Sendmail
     36 installation.
     37 
     38 <li> Send and receive mail via a virtual host interface, still
     39 without any change to an existing Sendmail installation.
     40 
     41 <li> Run Postfix instead of Sendmail.
     42 
     43 </ul>
     44 
     45 <p> Topics covered in this document: </p>
     46 
     47 <ol>
     48 
     49 <li> <a href="#1">Purpose of this document</a>
     50 
     51 <li> <a href="#2">Typographical conventions</a>
     52 
     53 <li> <a href="#3">Documentation</a>
     54 
     55 <li> <a href="#4">Building on a supported system</a>
     56 
     57 <li> <a href="#5">Porting Postfix to an unsupported system</a>
     58 
     59 <li> <a href="#install">Installing the software after successful
     60 compilation </a>
     61 
     62 <li> <a href="#send_only">Configuring Postfix to send mail
     63 only </a>
     64 
     65 <li> <a href="#send_receive">Configuring Postfix to send and
     66 receive mail via virtual interface </a>
     67 
     68 <li> <a href="#replace">Running Postfix instead of Sendmail</a>
     69 
     70 <li> <a href="#mandatory">Mandatory configuration file edits</a>
     71 
     72 <li> <a href="#hamlet">To chroot or not to chroot</a>
     73 
     74 <li> <a href="#care">Care and feeding of the Postfix system</a>
     75 
     76 </ol>
     77 
     78 <h2> <a name="2">2 - Typographical conventions</a> </h2>
     79 
     80 <p> In the instructions below, a command written as </p>
     81 
     82 <blockquote>
     83 <pre>
     84 # command
     85 </pre>
     86 </blockquote>
     87 
     88 <p> should be executed as the superuser. </p>
     89 
     90 <p> A command written as </p>
     91 
     92 <blockquote>
     93 <pre>
     94 $ command
     95 </pre>
     96 </blockquote>
     97 
     98 <p> should be executed as an unprivileged user.  </p>
     99 
    100 <h2> <a name="3">3 - Documentation</a> </h2>
    101 
    102 <p> Documentation is available as README files (start with the file
    103 README_FILES/AAAREADME), as HTML web pages (point your browser to
    104 "html/index.html") and as UNIX-style manual pages. </p>
    105 
    106 <p> You should view the README files with a pager such as more(1)
    107 or less(1), because the files use backspace characters in order to
    108 produce <b>bold</b> font. To print a README file without backspace
    109 characters, use the col(1) command.  For example: </p>
    110 
    111 <blockquote>
    112 <pre>
    113 $ col -bx &lt;file | lpr
    114 </pre>
    115 </blockquote>
    116 
    117 <p> In order to view the manual pages before installing Postfix,
    118 point your MANPATH environment variable to the "man" subdirectory;
    119 be sure to use an absolute path.  </p>
    120 
    121 <blockquote>
    122 <pre>
    123 $ export MANPATH; MANPATH="`pwd`/man:$MANPATH"
    124 $ setenv MANPATH "`pwd`/man:$MANPATH"
    125 </pre>
    126 </blockquote>
    127 
    128 <p> Of particular interest is the postconf(5) manual page that
    129 lists all the 500+ configuration parameters. The HTML version of
    130 this text makes it easy to navigate around.  </p>
    131 
    132 <p> All Postfix source files have their own built-in manual page.
    133 Tools to extract those embedded manual pages are available in the
    134 mantools directory. </p>
    135 
    136 <h2> <a name="4">4 - Building on a supported system</a> </h2>
    137 
    138 <p> At some point in time, a version of Postfix was supported on: </p>
    139 
    140 <blockquote>
    141 <p>
    142 AIX 3.2.5, 4.1.x, 4.2.0, 4.3.x, 5.2 <br>
    143 BSD/OS 2.x, 3.x, 4.x <br>
    144 FreeBSD 2.x .. 9.x <br>
    145 HP-UX  9.x, 10.x, 11.x <br>
    146 IRIX 5.x, 6.x <br>
    147 Linux Debian 1.3.1 and later <br>
    148 Linux RedHat 3.x (January 2004) and later <br>
    149 Linux Slackware 3.x and later <br>
    150 Linux SuSE 5.x and later <br>
    151 Linux Ubuntu 4.10 and later<br>
    152 Mac OS X <br>
    153 NEXTSTEP 3.x <br>
    154 NetBSD 1.x and later <br>
    155 OPENSTEP 4.x <br>
    156 OSF1.V3 - OSF1.V5 (Digital UNIX) <br>
    157 Reliant UNIX 5.x <br>
    158 SunOS 4.1.4 (March 2007) <br>
    159 SunOS 5.4 - 5.10 (Solaris 2.4..10) <br>
    160 Ultrix 4.x (well, that was long ago) <br>
    161 </p>
    162 </blockquote>
    163 
    164 <p> or something closely resemblant. </p>
    165 
    166 <h3>4.1 - Getting started</h3>
    167 
    168 <p> On Solaris, the "make" command and other utilities for software
    169 development are in /usr/ccs/bin, so you MUST have /usr/ccs/bin in
    170 your command search path. If these files do not exist, install the
    171 development packages first. See the Solaris FAQ item "<a
    172 href="http://www.science.uva.nl/pub/solaris/solaris2.html#q6.2">Which
    173 packages do I need to install to support a C compiler?</a>". </p>
    174 
    175 <p> If you need to build Postfix for multiple architectures, use the
    176 "lndir" command to build a shadow tree with symbolic links to the
    177 source files. "lndir" is part of X11R6. </p>
    178 
    179 <p> If at any time in the build process you get messages like: "make:
    180 don't know how to ..." you should be able to recover by running
    181 the following command from the Postfix top-level directory: </p>
    182 
    183 <blockquote>
    184 <pre>
    185 $ make -f Makefile.init makefiles
    186 </pre>
    187 </blockquote>
    188 
    189 <p> If you copied the Postfix source code after building it on another
    190 machine, it is a good idea to cd into the top-level directory and 
    191 first do this:</p>
    192 
    193 <blockquote>
    194 <pre>
    195 $ make tidy
    196 </pre>
    197 </blockquote>
    198 
    199 <p> This will get rid of any system dependencies left over from
    200 compiling the software elsewhere. </p>
    201 
    202 <h3>4.2 - What compiler to use</h3>
    203 
    204 <p> To build with GCC, or with the native compiler if people told me
    205 that is better for your system, just cd into the top-level Postfix
    206 directory of the source tree and type: </p>
    207 
    208 <blockquote>
    209 <pre>
    210 $ make
    211 </pre>
    212 </blockquote>
    213 
    214 <p> To build with a non-default compiler, you need to specify the name
    215 of the compiler. Here are a few examples: </p>
    216 
    217 <blockquote> 
    218 <pre>
    219 $ make makefiles CC=/opt/SUNWspro/bin/cc        (Solaris)
    220 $ make
    221 
    222 $ make makefiles CC="/opt/ansic/bin/cc -Ae"     (HP-UX)
    223 $ make
    224 
    225 $ make makefiles CC="purify cc"
    226 $ make
    227 </pre>
    228 </blockquote>
    229 
    230 <p> and so on. In some cases, optimization is turned off automatically. </p>
    231 
    232 <h3>4.3 - Building with optional features</h3>
    233 
    234 By default, Postfix builds as a mail system with relatively few
    235 bells and whistles. Support for third-party databases etc.
    236 must be configured when Postfix is compiled.  The following documents
    237 describe how to build Postfix with support for optional features:
    238 
    239 <blockquote>
    240 <table border="1">
    241 
    242 <tr> <th>Optional feature </th> <th>Document </th> <th>Availability</th>
    243 </tr>
    244 
    245 <tr> <td> Berkeley DB database</td> <td>DB_README</td> <td> Postfix
    246 1.0 </td> </tr>
    247 
    248 <tr> <td> LMDB database</td> <td>LMDB_README</td> <td> Postfix
    249 2.11 </td> </tr>
    250 
    251 <tr> <td> LDAP database</td> <td>LDAP_README</td> <td> Postfix
    252 1.0 </td> </tr>
    253 
    254 <tr> <td> MySQL database</td> <td>MYSQL_README</td> <td> Postfix
    255 1.0 </td> </tr>
    256 
    257 <tr> <td> Perl compatible regular expression</td> <td>PCRE_README</td>
    258 <td> Postfix 1.0 </td> </tr>
    259 
    260 <tr> <td> PostgreSQL database</td> <td>PGSQL_README</td> <td>
    261 Postfix 2.0 </td> </tr>
    262 
    263 <tr> <td> SASL authentication </td> <td>SASL_README</td> <td>
    264 Postfix 1.0 </td> </tr>
    265 
    266 <tr> <td> SQLite database</td> <td>SQLITE_README</td> <td> Postfix
    267 2.8 </td> </tr>
    268 
    269 <tr> <td> STARTTLS session encryption </td> <td>TLS_README</td> <td>
    270 Postfix 2.2 </td> </tr>
    271 
    272 </table>
    273 
    274 </blockquote>
    275 
    276 <p> Note: IP version 6 support is compiled into Postfix on operating
    277 systems that have IPv6 support. See the IPV6_README file for details.
    278 </p>
    279 
    280 <h3>4.4 - Overriding built-in parameter default settings</h3>
    281 
    282 <p> All Postfix configuration parameters can be changed by editing
    283 a Postfix configuration file, except for one: the parameter that
    284 specifies the location of Postfix configuration files. In order to
    285 build Postfix with a configuration directory other than /etc/postfix,
    286 use: </p>
    287 
    288 <blockquote>
    289 <pre>
    290 $ make makefiles CCARGS='-DDEF_CONFIG_DIR=\"/some/where\"'
    291 $ make
    292 </pre>
    293 </blockquote>
    294 
    295 <p> IMPORTANT: Be sure to get the quotes right. These details matter
    296 a lot. </p>
    297 
    298 <p> Parameters whose defaults can be specified in this way are: </p>
    299 
    300 <blockquote>
    301 
    302 <table border="1">
    303 
    304 <tr><th> Macro name </th> <th>default value for</th>  <th>typical
    305 default</th> </tr>
    306 
    307 <tr> <td>DEF_COMMAND_DIR</td> <td>command_directory</td>
    308 <td>/usr/sbin</td> </tr>
    309 
    310 <tr> <td>DEF_CONFIG_DIR</td> <td>config_directory</td>
    311 <td>/etc/postfix</td> </tr>
    312 
    313 <tr> <td>DEF_DB_TYPE</td> <td>default_database_type</td>
    314 <td>hash</td> </tr>
    315 
    316 <tr> <td>DEF_DAEMON_DIR</td> <td>daemon_directory</td>
    317 <td>/usr/libexec/postfix</td> </tr>
    318 
    319 <tr> <td>DEF_DATA_DIR</td> <td>data_directory</td>
    320 <td>/var/db/postfix</td> </tr>
    321 
    322 <tr> <td>DEF_MAILQ_PATH</td> <td>mailq_path</td> <td>/usr/bin/mailq</td>
    323 </tr>
    324 
    325 <tr> <td>DEF_HTML_DIR</td> <td>html_directory</td>
    326 <td>no</td> </tr>
    327 
    328 <tr> <td>DEF_MANPAGE_DIR</td> <td>manpage_directory</td>
    329 <td>/usr/local/man</td> </tr>
    330 
    331 <tr> <td>DEF_NEWALIAS_PATH</td> <td>newaliases_path</td>
    332 <td>/usr/bin/newaliases</td> </tr>
    333 
    334 <tr> <td>DEF_QUEUE_DIR</td> <td>queue_directory</td>
    335 <td>/var/spool/postfix</td> </tr>
    336 
    337 <tr> <td>DEF_README_DIR</td> <td>readme_directory</td>
    338 <td>no</td> </tr>
    339 
    340 <tr> <td>DEF_SENDMAIL_PATH</td> <td>sendmail_path</td>
    341 <td>/usr/sbin/sendmail</td> </tr>
    342 
    343 </table>
    344 
    345 </blockquote>
    346 
    347 <p> Note: the data_directory parameter (for caches and pseudo-random
    348 numbers) was introduced with Postfix version 2.5. </p>
    349 
    350 <h3>4.5 - Overriding other compile-time features</h3>
    351 
    352 <p> The general method to override Postfix compile-time features
    353 is as follows: </p>
    354 
    355 <blockquote>
    356 <pre>
    357 $ make makefiles name=value name=value...
    358 $ make
    359 </pre>
    360 </blockquote>
    361 
    362 <p> The following is an extensive list of names and values. </p>
    363 
    364 <table border="1">
    365 
    366 <tr> <th colspan="2"> Name/Value </th> <th> Description </th> </tr>
    367 
    368 <tr> <td colspan="2"> AUXLIBS="object_library..."</td> <td> Specifies
    369 one or more non-default object libraries. </td> </tr>
    370 
    371 <tr> <td colspan="2"> CC=compiler_command</td> <td> Specifies a
    372 non-default compiler. On many systems, the default is <tt>gcc</tt>.
    373 </td> </tr>
    374 
    375 <tr> <td colspan="2"> CCARGS="compiler_arguments..."</td> <td>
    376 Specifies non-default compiler arguments, for example, a non-default
    377 <tt>include</tt> directory.  The following directives turn
    378 off Postfix features at compile time:</td> </tr>
    379 
    380 <tr> <td> </td> <td> -DNO_DB </td> <td> Do not build with Berkeley
    381 DB support. By default, Berkeley DB support is compiled in on
    382 platforms that are known to support this feature. If you override
    383 this, then you probably should also override DEF_DB_TYPE as described
    384 in section 4.4.  </td> </tr>
    385 
    386 <tr> <td> </td> <td> -DNO_DEVPOLL </td> <td> Do not build with
    387 Solaris <tt>/dev/poll</tt> support. By default, <tt>/dev/poll</tt>
    388 support is compiled in on Solaris versions that are known to support
    389 this feature.  </td> </tr>
    390 
    391 <tr> <td> </td> <td> -DNO_EPOLL </td> <td> Do not build with Linux
    392 EPOLL support.  By default, EPOLL support is compiled in on platforms
    393 that are known to support this feature. </td> </tr>
    394 
    395 <tr> <td> </td> <td> -DNO_IPV6 </td> <td> Do not build with IPv6
    396 support. By default, IPv6 support is compiled in on platforms that
    397 are known to have IPv6 support. Note: this directive is for debugging
    398 and testing only. It is not guaranteed to work on all platforms.
    399 </td> </tr>
    400 
    401 <tr> <td> </td> <td> -DNO_KQUEUE </td> <td> Do not build with FreeBSD
    402 / NetBSD / OpenBSD / MacOSX KQUEUE support. By default, KQUEUE
    403 support is compiled in on platforms that are known to support it.
    404 </td> </tr>
    405 
    406 <tr> <td> </td> <td> -DNO_NIS </td> <td> Do not build with NIS or
    407 NISPLUS support. NIS is not available on some recent Linux
    408 distributions. </td> </tr>
    409 
    410 <tr> <td> </td> <td> -DNO_NISPLUS </td> <td> Do not build with
    411 NISPLUS support. NISPLUS is not available on some recent Solaris
    412 distributions. </td> </tr>
    413 
    414 <tr> <td> </td> <td> -DNO_PCRE </td> <td> Do not build with PCRE
    415 support. By default, PCRE support is compiled in when the
    416 <tt>pcre-config</tt> utility is installed. </td> </tr>
    417 
    418 <tr> <td> </td> <td> -DNO_POSIX_GETPW_R </td> <td> Disable support
    419 for POSIX <tt>getpwnam_r/getpwuid_r</tt>. By default Postfix uses
    420 these where they are known to be available. </td> </tr>
    421 
    422 <tr> <td> </td> <td> -DNO_SIGSETJMP </td> <td> Use
    423 <tt>setjmp()/longjmp()</tt> instead of <tt>sigsetjmp()/siglongjmp()</tt>.
    424 By default, Postfix uses <tt>sigsetjmp()/siglongjmp()</tt> when
    425 they are known to be available. </td> </tr>
    426 
    427 <tr> <td colspan="2"> DEBUG=debug_level </td> <td> Specifies a
    428 non-default compiler debugging level. The default is <tt>-g</tt>.
    429 Specify DEBUG= to turn off debugging. </td> </tr>
    430 
    431 <tr> <td colspan="2"> OPT=optimization_level </td> <td> Specifies
    432 a non-default optimization level. The default is -O.  Specify OPT=
    433 to turn off optimization. </td> </tr>
    434 
    435 <tr> <td colspan="2"> WARN="warning_flags..." </td> <td> Specifies
    436 non-default <tt>gcc</tt> compiler warning options for use when
    437 "<tt>make</tt>" is invoked in a source subdirectory only. </td>
    438 </tr>
    439 
    440 </table>
    441 
    442 <h3>4.6 - Support for thousands of processes</h3>
    443 
    444 <p> The number of connections that Postfix can manage simultaneously
    445 is limited by the number of processes that it can run.  This number
    446 in turn is limited by the number of files and sockets that a single
    447 process can open. For example, the Postfix queue manager has a
    448 separate connection to each delivery process, and the anvil(8)
    449 server has one connection per smtpd(8) process. </p>
    450 
    451 <p> Postfix version 2.4 and later have no built-in limits on the
    452 number of open files or sockets, when compiled on systems that
    453 support one of the following: </p>
    454 
    455 <ul>
    456 
    457 <li> BSD kqueue(2) (FreeBSD 4.1, NetBSD 2.0, OpenBSD 2.9),
    458 
    459 <li> Solaris 8 /dev/poll,
    460 
    461 <li> Linux 2.6 epoll(4).
    462 
    463 </ul>
    464 
    465 
    466 <p> With other Postfix versions or operating systems, the number
    467 of file descriptors per process is limited by the value of the
    468 FD_SETSIZE macro. If you expect to run more than 1000 mail delivery
    469 processes, you may need to override the definition of the FD_SETSIZE
    470 macro to make select() work correctly: </p>
    471 
    472 <blockquote>
    473 <pre>
    474 $ make makefiles CCARGS=-DFD_SETSIZE=2048
    475 </pre>
    476 </blockquote>
    477 
    478 <p> Warning: the above has no effect on some Linux versions.
    479 Apparently, on these systems the FD_SETSIZE value can be changed
    480 only by using undocumented interfaces. Currently, that means
    481 including &lt;bits/types.h&gt; directly (which is not allowed) and
    482 overriding the __FD_SETSIZE macro. Beware, undocumented interfaces
    483 can change at any time and without warning. </p>
    484 
    485 <p> But wait, there is more: none of this will work unless the
    486 operating system is configured to handle thousands of connections.
    487 See the TUNING_README guide for examples of how to increase the
    488 number of open sockets or files. </p>
    489 
    490 <h3>4.7 - Compiling Postfix, at last</h3>
    491 
    492 <p> If the command </p>
    493 
    494 <blockquote>
    495 <pre>
    496 $ make
    497 </pre>
    498 </blockquote>
    499 
    500 <p> is successful, then you can proceed to <a href="#install">install</a>
    501 Postfix (section 6).
    502 
    503 <p> If the command produces compiler error messages, it may be time
    504 to search the web or to ask the postfix-users (a] postfix.org mailing
    505 list, but be sure to search the mailing list archives first. Some
    506 mailing list archives are linked from http://www.postfix.org/. </p>
    507 
    508 <h2> <a name="5">5 - Porting Postfix to an unsupported system</a> </h2>
    509 
    510 <p> Each system type that Postfix knows is identified by a unique
    511 name. Examples:  SUNOS5, FREEBSD4, and so on.  When porting Postfix
    512 to a new system, the first step is to choose a SYSTEMTYPE name for
    513 the new system. You must use a name that includes at least the
    514 major version of the operating system (such as SUNOS4 or LINUX2),
    515 so that different releases of the same system can be supported
    516 without confusion.  </p>
    517 
    518 <p> Add a case statement to the "makedefs" shell script in the
    519 source code top-level directory that recognizes the new system
    520 reliably, and that emits the right system-specific information.
    521 Be sure to make the code robust against user PATH settings; if the
    522 system offers multiple UNIX flavors (e.g. BSD and SYSV) be sure to
    523 build for the native flavor, instead of the emulated one. </p>
    524 
    525 <p> Add an "#ifdef SYSTEMTYPE" section to the central util/sys_defs.h
    526 include file.  You may have to invent new feature macro names.
    527 Please choose sensible feature macro names such as HAS_DBM or
    528 FIONREAD_IN_SYS_FILIO_H.  
    529 
    530 <p> I strongly recommend against using "#ifdef SYSTEMTYPE" in
    531 individual source files.  While this may look like the quickest
    532 solution, it will create a mess when newer versions of the same
    533 SYSTEMTYPE need to be supported.  You're likely to end up placing
    534 "#ifdef" sections all over the source code again.  </p>
    535 
    536 <h2><a name="install">6 - Installing the software after successful
    537 compilation</a></h2>
    538 
    539 <p> This text describes how to install Postfix from source code.
    540 See the PACKAGE_README file if you are building a package for
    541 distribution to other systems. </p>
    542 
    543 <h3>6.1 - Save existing Sendmail binaries</h3>
    544 
    545 <p> <a name="save">IMPORTANT</a>: if you are REPLACING an existing
    546 Sendmail installation with Postfix, you may need to keep the old
    547 sendmail program running for some time in order to flush the mail
    548 queue. </p>
    549 
    550 <ul>
    551 
    552 <li> <p> Some systems implement a mail switch mechanism where
    553 different MTAs (Postfix, Sendmail, etc.) can be installed at the
    554 same time, while only one of them is actually being used. Examples
    555 of such switching mechanisms are the FreeBSD mailwrapper(8) or the
    556 Linux mail switch.  In this case you should try to "flip" the switch
    557 to "Postfix" before installing Postfix. </p>
    558 
    559 <li> <p> If your system has no mail switch mechanism, execute the
    560 following commands (your sendmail, newaliases and mailq programs
    561 may be in a different place): </p>
    562 
    563 <pre>
    564 # mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF
    565 # mv /usr/bin/newaliases /usr/bin/newaliases.OFF
    566 # mv /usr/bin/mailq /usr/bin/mailq.OFF
    567 # chmod 755 /usr/sbin/sendmail.OFF /usr/bin/newaliases.OFF \
    568     /usr/bin/mailq.OFF
    569 </pre>
    570 
    571 </ul>
    572 
    573 <h3>6.2 - Create account and groups</h3>
    574 
    575 <p> Before you install Postfix for the first time you need to
    576 create an account and a group:</p>
    577 
    578 <ul>
    579 
    580 <li> <p> Create a user account "postfix" with a user id and group
    581 id that are not used by any other user account.  Preferably, this
    582 is an account that no-one can log into.  The account does not need
    583 an executable login shell, and needs no existing home directory.
    584 My password and group file entries look like this: </p>
    585 
    586 <blockquote>
    587 <pre>
    588 /etc/passwd:
    589     postfix:*:12345:12345:postfix:/no/where:/no/shell
    590 
    591 /etc/group:
    592     postfix:*:12345:
    593 </pre>
    594 </blockquote>
    595 
    596 <p> Note: there should be no whitespace before "postfix:". </p>
    597 
    598 <li> <p> Create a group "postdrop" with a group id that is not used
    599 by any other user account. Not even by the postfix user account.
    600 My group file entry looks like:
    601 
    602 <blockquote>
    603 <pre>
    604 /etc/group:
    605     postdrop:*:54321:
    606 </pre>
    607 </blockquote>
    608 
    609 <p> Note: there should be no whitespace before "postdrop:". </p>
    610 
    611 </ul>
    612 
    613 <h3>6.3 - Install Postfix</h3>
    614 
    615 <p> To install or upgrade Postfix from compiled source code, run
    616 one of the following commands as the super-user:</p>
    617 
    618 <blockquote>
    619 <pre>
    620 # make install       (interactive version, first time install)
    621 
    622 # make upgrade       (non-interactive version, for upgrades)
    623 </pre>
    624 </blockquote>
    625 
    626 <ul>
    627 
    628 <li> <p> The interactive version ("make install") asks for pathnames
    629 for Postfix data and program files, and stores your preferences in
    630 the main.cf file. <b> If you don't want Postfix to overwrite
    631 non-Postfix "sendmail", "mailq" and "newaliases" files, specify
    632 pathnames that end in ".postfix"</b>. </p>
    633 
    634 <li> <p> The non-interactive version ("make upgrade") needs the
    635 /etc/postfix/main.cf file from a previous installation. If the file
    636 does not exist, use interactive installation ("make install")
    637 instead. </p>
    638 
    639 </ul>
    640 
    641 <h3>6.4 - Configure Postfix</h3>
    642 
    643 <p> Proceed to the section on how you wish to run Postfix on
    644 your particular machine: </p>
    645 
    646 <ul>
    647 
    648 <li> <p> <a href="#send_only">Send</a> mail only, without changing
    649 an existing Sendmail installation (section 7). </p>
    650 
    651 <li> <p> <a href="#send_receive">Send and receive</a> mail via a
    652 virtual host interface, still without any change to an existing
    653 Sendmail installation (section 8). </p>
    654 
    655 <li> <p> Run Postfix <a href="#replace">instead of</a> Sendmail
    656 (section 9). </p>
    657 
    658 </ul>
    659 
    660 <h2><a name="send_only">7 - Configuring Postfix to send mail
    661 only</a></h2>
    662 
    663 <p> If you are going to use Postfix to send mail only, there is no
    664 need to change your existing sendmail setup. Instead, set up your
    665 mail user agent so that it calls the Postfix sendmail program
    666 directly. </p>
    667 
    668 <p> Follow the instructions in the "<a href="#mandatory">Mandatory
    669 configuration file edits</a>" in section 10, and review the "<a
    670 href="#hamlet">To chroot or not to chroot</a>" text in section
    671 11. </p>
    672 
    673 <p> You MUST comment out the "smtp inet" entry in /etc/postfix/master.cf,
    674 in order to avoid conflicts with the real sendmail. Put a "#"
    675 character in front of the line that defines the smtpd service: </p>
    676 
    677 <blockquote>
    678 <pre>
    679 /etc/postfix/master.cf:
    680     #smtp      inet  n       -       n       -       -       smtpd
    681 </pre>
    682 </blockquote>
    683 
    684 <p> Start the Postfix system: </p>
    685 
    686 <blockquote>
    687 <pre>
    688 # postfix start
    689 </pre>
    690 </blockquote>
    691 
    692 <p> or, if you feel nostalgic, use the Postfix sendmail command: </p>
    693 
    694 <blockquote>
    695 <pre>
    696 # sendmail -bd -qwhatever
    697 </pre>
    698 </blockquote>
    699 
    700 <p> and watch your maillog file for any error messages. The pathname
    701 is /var/log/maillog, /var/log/mail, /var/log/syslog, or something
    702 else. Typically, the pathname is defined in the /etc/syslog.conf
    703 file. </p>
    704 
    705 <blockquote>
    706 <pre>
    707 $ egrep '(reject|warning|error|fatal|panic):' /some/log/file
    708 </pre>
    709 </blockquote>
    710 
    711 <p> Note: the most important error message is logged first. Later
    712 messages are not as useful. </p>
    713 
    714 <p> In order to inspect the mail queue, use one of the following
    715 commands: </p>
    716 
    717 <blockquote>
    718 <pre>
    719 $ mailq
    720 
    721 $ sendmail -bp
    722 
    723 $ postqueue -p
    724 </pre>
    725 </blockquote>
    726 
    727 <p> See also the "<a href="#care">Care and feeding</a>" section 12
    728 below.  </p>
    729 
    730 <h2><a name="send_receive">8 - Configuring Postfix to send and
    731 receive mail via virtual interface</a></h2>
    732 
    733 <p> Alternatively, you can use the Postfix system to send AND
    734 receive mail while leaving your Sendmail setup intact, by running
    735 Postfix on a virtual interface address.  Simply configure your mail
    736 user agent to directly invoke the Postfix sendmail program.  </p>
    737 
    738 <p> To create a virtual network interface address, study your
    739 system ifconfig manual page. The command syntax could be any
    740 of: </p>
    741 
    742 <blockquote>
    743 <pre>
    744 # <b>ifconfig le0:1 &lt;address&gt; netmask &lt;mask&gt; up</b>
    745 # <b>ifconfig en0 alias &lt;address&gt; netmask 255.255.255.255</b>
    746 </pre>
    747 </blockquote>
    748 
    749 <p> In the /etc/postfix/main.cf file, I would specify </p>
    750 
    751 <blockquote>
    752 <pre>
    753 /etc/postfix/main.cf:
    754     myhostname = virtual.host.tld
    755     inet_interfaces = $myhostname
    756     mydestination = $myhostname
    757 </pre>
    758 </blockquote>
    759 
    760 <p> Follow the instructions in the "<a href="#mandatory">Mandatory
    761 configuration file edits</a>" in section 10, and review the "<a
    762 name="#hamlet">To chroot or not to chroot</a>" text in section
    763 11. </p>
    764 
    765 <p> Start the Postfix system: </p>
    766 
    767 <blockquote>
    768 <pre>
    769 # postfix start
    770 </pre>
    771 </blockquote>
    772 
    773 <p> or, if you feel nostalgic, use the Postfix sendmail command: </p>
    774 
    775 <blockquote>
    776 <pre>
    777 # sendmail -bd -qwhatever
    778 </pre>
    779 </blockquote>
    780 
    781 <p> and watch your maillog file for any error messages. The pathname
    782 is /var/log/maillog, /var/log/mail, /var/log/syslog, or something
    783 else. Typically, the pathname is defined in the /etc/syslog.conf
    784 file. </p>
    785 
    786 <blockquote>
    787 <pre>
    788 $ egrep '(reject|warning|error|fatal|panic):' /some/log/file
    789 </pre>
    790 </blockquote>
    791 
    792 <p> Note: the most important error message is logged first. Later
    793 messages are not as useful. </p>
    794 
    795 <p> In order to inspect the mail queue, use one of the following
    796 commands: </p>
    797 
    798 <blockquote>
    799 <pre>
    800 $ mailq
    801 
    802 $ sendmail -bp
    803 
    804 $ postqueue -p
    805 </pre>
    806 </blockquote>
    807 
    808 <p> See also the "<a href="#care">Care and feeding</a>" section 12
    809 below.  </p>
    810 
    811 <h2><a name="replace">9 - Running Postfix instead of Sendmail</a></h2>
    812 
    813 <p> Prior to installing Postfix you should <a href="#save">save</a>
    814 any existing sendmail program files as described in section 6.  Be
    815 sure to keep the old sendmail running for at least a couple days
    816 to flush any unsent mail. To do so, stop the sendmail daemon and
    817 restart it as: </p>
    818 
    819 <blockquote>
    820 <pre>
    821 # /usr/sbin/sendmail.OFF -q
    822 </pre>
    823 </blockquote>
    824 
    825 <p> Note: this is old sendmail syntax. Newer versions use separate
    826 processes for mail submission and for running the queue. </p>
    827 
    828 <p> After you have visited the "<a href="#mandatory">Mandatory
    829 configuration file edits</a>" section below, you can start the
    830 Postfix system with: </p>
    831 
    832 <blockquote>
    833 <pre>
    834 # postfix start
    835 </pre>
    836 </blockquote>
    837 
    838 <p> or, if you feel nostalgic, use the Postfix sendmail command: </p>
    839 
    840 <blockquote>
    841 <pre>
    842 # sendmail -bd -qwhatever
    843 </pre>
    844 </blockquote>
    845 
    846 <p> and watch your maillog file for any error messages. The pathname
    847 is /var/log/maillog, /var/log/mail, /var/log/syslog, or something
    848 else. Typically, the pathname is defined in the /etc/syslog.conf
    849 file. </p>
    850 
    851 <blockquote>
    852 <pre>
    853 $ egrep '(reject|warning|error|fatal|panic):' /some/log/file
    854 </pre>
    855 </blockquote>
    856 
    857 <p> Note: the most important error message is logged first. Later
    858 messages are not as useful. </p>
    859 
    860 <p> In order to inspect the mail queue, use one of the following
    861 commands: </p>
    862 
    863 <blockquote>
    864 <pre>
    865 $ mailq
    866 
    867 $ sendmail -bp
    868 
    869 $ postqueue -p
    870 </pre>
    871 </blockquote>
    872 
    873 <p> See also the "<a href="#care">Care and feeding</a>" section 12
    874 below.  </p>
    875 
    876 <h2><a name="mandatory">10 - Mandatory configuration file edits</a></h2>
    877 
    878 <p> Note: the material covered in this section is covered in more
    879 detail in the BASIC_CONFIGURATION_README document. The information
    880 presented below is targeted at experienced system administrators.
    881 </p>
    882 
    883 <h3>10.1 - Postfix configuration files</h3>
    884 
    885 <p> By default, Postfix configuration files are in /etc/postfix.
    886 The two most important files are main.cf and master.cf; these files
    887 must be owned by root.  Giving someone else write permission to
    888 main.cf or master.cf (or to their parent directories) means giving
    889 root privileges to that person. </p>
    890 
    891 <p> In /etc/postfix/main.cf, you will have to set up a minimal number
    892 of configuration parameters.  Postfix configuration parameters  
    893 resemble shell variables, with two important differences: the first  
    894 one is that Postfix does not know about quotes like the UNIX shell
    895 does.</p>
    896 
    897 <p> You specify a configuration parameter as: </p>
    898 
    899 <blockquote>
    900 <pre>
    901 /etc/postfix/main.cf:
    902     parameter = value
    903 </pre>
    904 </blockquote>
    905 
    906 <p> and you use it by putting a "$" character in front of its name: </p>
    907 
    908 <blockquote>
    909 <pre>
    910 /etc/postfix/main.cf:
    911     other_parameter = $parameter
    912 </pre>
    913 </blockquote>
    914 
    915 <p> You can use $parameter before it is given a value (that is the
    916 second main difference with UNIX shell variables). The Postfix
    917 configuration language uses lazy evaluation, and does not look at
    918 a parameter value until it is needed at runtime.  </p>
    919 
    920 <p> Whenever you make a change to the main.cf or master.cf file,
    921 execute the following command in order to refresh a running mail
    922 system: </p>
    923 
    924 <blockquote>
    925 <pre>
    926 # postfix reload
    927 </pre>
    928 </blockquote>
    929 
    930 <h3>10.2 - Default domain for unqualified addresses</h3>
    931 
    932 <p> First of all, you must specify what domain will be appended to an
    933 unqualified address (i.e. an address without @domain.tld). The
    934 "myorigin" parameter defaults to the local hostname, but that is
    935 probably OK only for very small sites.  </p>
    936 
    937 <p> Some examples (use only one): </p>
    938 
    939 <blockquote>
    940 <pre>
    941 /etc/postfix/main.cf:
    942     myorigin = $myhostname    (send mail as "user@$myhostname")
    943     myorigin = $mydomain      (send mail as "user@$mydomain")
    944 </pre>
    945 </blockquote>
    946 
    947 <h3>10.3 - What domains to receive locally</h3>
    948 
    949 <p> Next you need to specify what mail addresses Postfix should deliver
    950 locally. </p>
    951 
    952 <p> Some examples (use only one): </p>
    953 
    954 <blockquote>
    955 <pre>
    956 /etc/postfix/main.cf:
    957     mydestination = $myhostname, localhost.$mydomain, localhost
    958     mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
    959     mydestination = $myhostname
    960 </pre>
    961 </blockquote>
    962 
    963 <p>The first example is appropriate for a workstation, the second
    964 is appropriate for the mailserver for an entire domain. The third
    965 example should be used when running on a virtual host interface.</p>
    966 
    967 <h3>10.4 - Proxy/NAT interface addresses </h3>
    968 
    969 <p> The proxy_interfaces parameter specifies all network addresses
    970 that Postfix receives mail on by way of a proxy or network address
    971 translation unit. You may specify symbolic hostnames instead of
    972 network addresses. </p>
    973 
    974 <p> IMPORTANT: You must specify your proxy/NAT external addresses
    975 when your system is a backup MX host for other domains, otherwise
    976 mail delivery loops will happen when the primary MX host is down.
    977 </p>
    978 
    979 <p> Example: host behind NAT box running a backup MX host. </p>
    980 
    981 <blockquote>
    982 <pre>
    983 /etc/postfix/main.cf:
    984     proxy_interfaces = 1.2.3.4 (the proxy/NAT external network address)
    985 </pre>
    986 </blockquote>
    987 
    988 <h3>10.5 - What local clients to relay mail from </h3>
    989 
    990 <p> If your machine is on an open network then you must specify
    991 what client IP addresses are authorized to relay their mail through
    992 your machine into the Internet.  The default setting includes all
    993 subnetworks that the machine is attached to. This may give relay
    994 permission to too many clients.  My own settings are: </p>
    995 
    996 <blockquote>
    997 <pre>
    998 /etc/postfix/main.cf:
    999     mynetworks = 168.100.189.0/28, 127.0.0.0/8
   1000 </pre>
   1001 </blockquote>
   1002 
   1003 <h3>10.6 - What relay destinations to accept from strangers </h3>
   1004 
   1005 <p> If your machine is on an open network then you must also specify
   1006 whether Postfix will forward mail from strangers.  The default
   1007 setting will forward mail to all domains (and subdomains of) what
   1008 is listed in $mydestination.  This may give relay permission for
   1009 too many destinations.  Recommended settings (use only one): </p>
   1010 
   1011 <blockquote>
   1012 <pre>
   1013 /etc/postfix/main.cf:
   1014     relay_domains =            (do not forward mail from strangers)
   1015     relay_domains = $mydomain  (my domain and subdomains)
   1016     relay_domains = $mydomain, other.domain.tld, ...
   1017 </pre>
   1018 </blockquote>
   1019 
   1020 <h3>10.7 - Optional: configure a smart host for remote delivery</h3>
   1021 
   1022 <p> If you're behind a firewall, you should set up a relayhost.  If
   1023 you can, specify the organizational domain name so that Postfix
   1024 can use DNS lookups, and so that it can fall back to a secondary
   1025 MX host when the primary MX host is down. Otherwise just specify
   1026 a hard-coded hostname.  </p>
   1027 
   1028 <p> Some examples (use only one): </p>
   1029 
   1030 <blockquote>
   1031 <pre>
   1032 /etc/postfix/main.cf:
   1033     relayhost = $mydomain
   1034     relayhost = [mail.$mydomain]
   1035 </pre>
   1036 </blockquote>
   1037 
   1038 <p> The form enclosed with <tt>[]</tt> eliminates DNS MX lookups. </p>
   1039 
   1040 <p> By default, the SMTP client will do DNS lookups even when you
   1041 specify a relay host. If your machine has no access to a DNS server,
   1042 turn off SMTP client DNS lookups like this: </p>
   1043 
   1044 <blockquote>
   1045 <pre>
   1046 /etc/postfix/main.cf:
   1047     disable_dns_lookups = yes
   1048 </pre>
   1049 </blockquote>
   1050 
   1051 <p> The STANDARD_CONFIGURATION_README file has more hints and tips for
   1052 firewalled and/or dial-up networks. </p>
   1053 
   1054 <h3>10.8 - Create the aliases database</h3>
   1055 
   1056 <p> Postfix uses a Sendmail-compatible aliases(5) table to redirect
   1057 mail for local(8) recipients.  Typically, this information is kept
   1058 in two files: in a text file /etc/aliases and in an indexed file
   1059 /etc/aliases.db.  The command "postconf alias_maps" will tell you
   1060 the exact location of the text file.  </p>
   1061 
   1062 <p> First, be sure to update the text file with aliases for root,
   1063 postmaster and "postfix" that forward mail to a real person.  Postfix
   1064 has a sample aliases file /etc/postfix/aliases that you can adapt
   1065 to local conditions.  </p>
   1066 
   1067 <blockquote>
   1068 <pre>
   1069 /etc/aliases:
   1070     root: you
   1071     postmaster: root
   1072     postfix: root
   1073     bin: root
   1074     <i>etcetera...</i>
   1075 </pre>
   1076 </blockquote>
   1077 
   1078 <p> Note: there should be no whitespace before the ":". </p>
   1079 
   1080 <p> Finally, build the indexed aliases file with one of the
   1081 following commands: </p>
   1082 
   1083 <blockquote>
   1084 <pre>
   1085 # newaliases
   1086 # sendmail -bi
   1087 </pre>
   1088 </blockquote>
   1089 
   1090 <h2><a name="hamlet">11 - To chroot or not to chroot</a></h2>
   1091 
   1092 <p> Postfix daemon processes can be configured (via master.cf) to
   1093 run in a chroot jail.  The processes run at a fixed low privilege
   1094 and with access only to the Postfix queue directories (/var/spool/postfix).
   1095 This provides a significant barrier against intrusion. The barrier
   1096 is not impenetrable, but every little bit helps. </p>
   1097 
   1098 <p> With the exception of Postfix daemons that deliver mail locally
   1099 and/or that execute non-Postfix commands, every Postfix daemon can
   1100 run chrooted. </p>
   1101 
   1102 <p> Sites with high security requirements should consider to chroot
   1103 all daemons that talk to the network:  the smtp(8) and smtpd(8)
   1104 processes, and perhaps also the lmtp(8) client. The author's own
   1105 porcupine.org mail server runs all daemons chrooted that can be
   1106 chrooted. </p>
   1107 
   1108 <p> The default /etc/postfix/master.cf file specifies that no
   1109 Postfix daemon runs chrooted.  In order to enable chroot operation,
   1110 edit the file /etc/postfix/master.cf. Instructions are in the file.
   1111 </p>
   1112 
   1113 <p> Note that a chrooted daemon resolves all filenames relative to
   1114 the Postfix queue directory (/var/spool/postfix). For successful
   1115 use of a chroot jail,  most UNIX systems require you to bring in
   1116 some files or device nodes.  The examples/chroot-setup directory
   1117 in the source code distribution has a collection of scripts that
   1118 help you set up Postfix chroot environments on different operating
   1119 systems. </p>
   1120 
   1121 <p> Additionally, you almost certainly need to configure syslogd
   1122 so that it listens on a socket inside the Postfix queue directory.
   1123 Examples for specific systems: </p>
   1124 
   1125 <dl>
   1126 
   1127 <dt> FreeBSD: </dt>
   1128 
   1129 <dd> <pre>
   1130 # mkdir -p /var/spool/postfix/var/run
   1131 # syslogd -l /var/spool/postfix/var/run/log
   1132 </pre> </dd>
   1133 
   1134 <dt> Linux, OpenBSD: </dt>
   1135 
   1136 <dd> <pre>
   1137 # mkdir -p /var/spool/postfix/dev
   1138 # syslogd -a /var/spool/postfix/dev/log
   1139 </pre> </dd>
   1140 
   1141 </dl>
   1142 
   1143 <h2><a name="care">12 - Care and feeding of the Postfix system</a></h2>
   1144 
   1145 <p> Postfix daemon processes run in the background, and log problems
   1146 and normal activity to the syslog daemon. The names of logfiles
   1147 are specified in /etc/syslog.conf. At the very least you need
   1148 something like:  </p>
   1149 
   1150 <blockquote>
   1151 <pre>
   1152 /etc/syslog.conf:
   1153     mail.err                                    /dev/console
   1154     mail.debug                                  /var/log/maillog
   1155 </pre>
   1156 </blockquote>
   1157 
   1158 <p> IMPORTANT: the syslogd will not create files. You must create
   1159 them before (re)starting syslogd. </p>
   1160 
   1161 <p> IMPORTANT: on Linux you need to put a "-" character before
   1162 the pathname, e.g., -/var/log/maillog, otherwise the syslogd
   1163 will use more system resources than Postfix does. </p>
   1164 
   1165 <p> Hopefully, the number of problems will be small, but it is a good
   1166 idea to run every night before the syslog files are rotated: </p>
   1167 
   1168 <blockquote>
   1169 <pre>
   1170 # postfix check
   1171 # egrep '(reject|warning|error|fatal|panic):' /some/log/file
   1172 </pre>
   1173 </blockquote>
   1174 
   1175 <ul>
   1176 
   1177 <li> <p> The first line (postfix check) causes Postfix to report
   1178 file permission/ownership discrepancies. </p>
   1179 
   1180 <li> <p> The second line looks for problem reports from the mail
   1181 software, and reports how effective the relay and junk mail access
   1182 blocks are.  This may produce a lot of output.  You will want to
   1183 apply some postprocessing to eliminate uninteresting information.
   1184 </p>
   1185 
   1186 </ul>
   1187 
   1188 <p>  The <a href="DEBUG_README.html#logging"> DEBUG_README </a>
   1189 document describes the meaning of the "warning" etc. labels in
   1190 Postfix logging. </p>
   1191 
   1192 </body>
   1193 
   1194 </html>
   1195