postfix logo Postfix-jp
- Q and A
Modified: 4 Sep., 2004 [Japanese Page]


Home > Q and A


This Q & A provides information which is not given in Original Postfix FAQ included in Postfix 2.0 or earlier version. If you have any other information, please mail to ike@kobitosan.net .

Some of these Q & As are brought from Nakamitsu-san's Postfix FAQ (Japanese page). He kindly offered his great document for me.


Index


1. About Postfix

Q 1.1. What is Postfix?

A. Postfix is an alternative to the widely-used Sendmaill program, which is developed by Wietse Venema with support from IBM. It attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible.

Q 1.2. Are Japanese mails supported on Postfix?

A. I had no trouble related to Japanese mail bodies or headers with Postfix in my environments, and I've not heard such problems. If someone had in trouble, it must be raised to the surface.

Q 1.3. Is it support IPv6?

A. Postfix doesn't support IPv6 officially. As for *BSD, KAME Project distributes patches for snapshot version, and Takayama-san revised them to be applicable for release (1.1.x) version. With FreeBSD ports, you can select IPv6 option via a menu.
As for Linux, PLD (Polish(ed) Linux Distribution) distributes IPv6 patch.
If you have any information of other plathomes, please let me know.

Configurations are not changed so much, but when you specify IP address in main.cf, for example, v6 address should be in [ ] like this:

    mynetworks = 127.0.0.0/8, 12.34.56.0/24,
                 [::1]/128, [IPv6 NLA2 block::]/48
Q 1.4. How do I pronounce the author's name?

A. Wietse's own voice is available on his web site.

TOP

2. General troubles

Q 2.1. I installed Postfix, but I can't send any mails.

A. More information is required to solve the problem. At first, take a look at Postfix log. On many systems, information is logged to /var/log or /var/adm/syslog (which is defined in /etc/syslog.conf).

Q 2.2. I forgot what parameter I changed.

A. postconf -n command gives a list of non-default parameters. It is useful for question on related mailing-lists.

Q 2.3. I can't send any mails and the mail log says fatal: unknown service: smtp/tcp.

A. You might run chrooted postfix. To check this, see if some lines of chroot column is y in the master.cf. In that case, you will need to copy some files like /etc/services into the chrooted environment ($queue_directory/etc). For details, see the file corresponding to your system in examples/chroot-setup directory of the distributed package. You may be able to solve the problem by setting n to all of the chroot column in the master.cf file.

Q 2.4. I can't compile Postfix on RedHat 7.

A. On RedHat 7, some header files are installed into different directories as before. In make time, add following line:

  -DPATH_DB_H='<db3/db_185.h>'
Q 2.5. I got more than 2 same mails.

A. As described in the FAQ, Postfix may duplicate mails by aliases or something. If you use procmail, you can receive only one message with same Message-ID.

To call procmail from your ~/.forward, specify this:

    "|exec /usr/local/bin/procmail"

And specify this in your ~/.procmailrc:

    :0 Wh: msgid.lock
    | formail -D 8192 msgid.cache

To call procmail for system wide, specify:

    mailbox_command = /usr/local/bin/procmail -t

in your postfix main.cf, and specify:

    PATH=/bin:/usr/bin
    LOGFILE=$HOME/procmaillog
     
    :0 Wh: $HOME/msgid.lock
    | /usr/bin/formail -D 8192 $HOME/msgid.cache 

in /etc/procmailrc. For details, see procmailex(5) man page.

Related: See also I got duplicated mails when the delivery for an alias address with local users fails.

Q 2.6. "\" is added to From: and/or To: mail headers.

This is a bug in Postfix version 20010228. Fixed in version 20010228 Patchlevel 01.

Q 2.7. I can't use SMTP-AUTH on Linux glibc 2.1/2.2 environment.

A. Different versions of BerkeleyDB may be used by Cyrus-sasl and Postfix. You should configure them to use DB3.

Q 2.8. Postfix can't send mails via Flet's ISDN/ADSL/B (ISDN/ADSL/FTTH network services in Japan).

A. A. It may be Path MTU discovery problem which is the same issue as discribed in Postfix FAQ.

Q 2.9. I can't use SMTP-AUTH with MS Outlook Express.

A. MS Outlook Express can only use LOGIN authentication method. When you build Cyrus SASL library, you need to add --enable-login=yes option to configure command.

On Postfix side, smtpd_sasl_security_options parameter with `noplaintext' prohibits PLAIN and LOGIN authentications, then you need to remove `noplaintext' for admitting LOGIN authentication. Moreover, you may need to set:

broken_sasl_auth_clients = yes
See SASL_README file for details.
Q 2.10. My aliases setting was vanished on Solaris.

A. On a Solaris server which a Sendmail package was installed in, your aliases file may be overwritten because Sendmail packages are updated when you install the "Recommended Patch" of Solaris.

When you install Postfix on Solaris machine, you should remove Sendmail packages:

# pkgrm SUNWsndmu
# pkgrm SUNWsndmr
Q 2.11. The timestamps of my logfile get a wrong time zone.

A. If your postfix is running under chroot environment, the time zone written in log files are depends on /var/spool/postfix/etc/localtime or /var/spool/postfix/usr/share/lib/zoneinfo.

You need to copy zoneinfo files like:

For Linux:
  # cp /usr/share/zoneinfo/Japan /var/spool/postfix/etc/localtime

For Solaris:
  # cp /usr/share/lib/zoneinfo /var/spool/postfix/usr/share/lib/zoneinfo
Q 2.12. I modified /etc/resolv.conf, but it doesn't become effective on Postfix.

A. As per time zone problem, chroot environment may cause the problem. Check /var/spool/postfix/etc/resolv.conf and modify it.

Q 2.13. My main.cf is correct, but outgoing mails sometimes fail.

A. Remote mail server may reject mails from hosts whose IP addresses don't have PTR record of DNS. Check your DNS configuration.

Q 2.14. Can't send mail with postfix command!

A. Unlike sendmail command from Sendmail package, Postfix postfix command is not for sending mails. postfix command is used to control (start, stop etc.) mail server system. Use sendmail command to send mails even in Postfix environment. Note: Postfix sendmail command is not ful compatible with Sendmail's one.

Q 2.15. Can't make regular-expression maps with postmap command.

A. Unlike to DBM or DB files, regexp and pcre maps require no processing with postmap command. Postfix reads regular expression text maps directory, instead of reading /etc/postfix/regexp-file.db of a regexp:/etc/postfix/regexp-file map.

Q 2.16. I can't send mails to a user whose name contains uppercase letters.

A. Postfix local daemon replaces uppercase letters of recipients with lowercase one, that is, mails for User, UsEr, USER are treated as for user. When you send a mail to a local user User, Postfix looks for not User but user and User can't receive the mail.

Translation into lowercases also happens when reading passwd file in local_recipient_maps and building aliases databases with newaliases, postalias commands.

If you want to have postfix receive mails for users whose name contain uppercases, you may need to configure as follows:

  1. add a map with the users to local_recipient_maps (you need an additional map because entries in passwd file are translated as lowercase).
  2. add a master.cf entry that calls case-sensitive MDA with pipe, and set the transport to $local_transport parameter. Don't use the u flag in pipe.
Q 2.17. I got duplicated mails when the delivery for an alias with local users fails.

A. If you have an alias with local users, Postfix attempts to resend mails to all members when a delivery for one of local users in the alias entry fails.

For example, you have:

    group1: foo bar baz

in aliases and foo, bar, baz are local users. If the delivery for foo fails because of lock failure, Postfix attempts to deliver the mail not only for foo but for entire group1. Finally, bar and baz will receive duplicated mails more than once.

To solve the problem,

  1. make an owner-aliasname entry in aliases (new mail queues will be created for each users. Postfix attempts to resend the failed mail only for the failed user).
  2. instead of aliases, use virtual(5) lookup table.
Q 2.18. Mailbox delivery sometimes causes an error and is deffered because of lock failure.

A. Mailbox access may conflict with POP3 server. Use Maildir-style mailbox which does not require a lock, or increase deliver_lock_delay parameter from default value of 1s.

TOP

3. Mailing-list server problems.

Q 3.1. A mailin list I've run on sendmail can't run on Postfix. When I send mail to the server, it returns error message like this:
<ml@host.domain>: mail to command is restricted

A. If your /etc/aliases file or :include: call some script, you need to add following line to main.cf file:

allow_mail_to_commands = alias,forward,include

By default, you can't use scripts called by :include: in /etc/aliases or .forward file.

MLs running under root privilege on Sendmail system, would be under nobody privilege on Postfix. You should configure the ML to run under a user (not postfix) privilege. Users can have their own MLs with the address extension.

Q 3.2. Mails can't be delivered on a mailing list with many recipients.

A. The number of recipients surpasses the value of smtpd_recipient_limit. When you send a mail to more than 1000 recipients which is the default, you need to increse the value of the parameter.

TOP

4. Postfix Configuration Problems

Q 4.1. I set $myorigin to firewall name to make From: address the hostname of firewall, but sometimes mail delivery fails.

A. When you send a mail from a host behind the firewall, you may want to hide the host name of "From:" header that you send a mail from. In most case, to set your example.com to $myorigin parameter is enough for the purpose, but $myorigin is used not only for this purpose. If $myorigin is not included in $mydestination and if user (not user@domain) entry exists in .forward or aliases files, the recipient address would be expanded as user@$myorigin and delivered to there, not local.

In that case, there are two solutions. One is to set not user but user@localhost. Another is to set the hostname/domainname to $myorigin, and rewrite the hostname with $sender_canonical_maps. In concrete, make a file named /etc/postfix/sender_canonical as follows:

@host.example.com @mail.example.com

Then exec postmap /etc/postfix/sender_canonical to make a hash table, and specify as follows in main.cf:

sender_canonical_maps = hash:/etc/postfix/sender_canonical

This makes a sender address user@host.example.com rewrited as user@mail.example.com when sending mails.

This is valid for the case that an OS built-in mail command automatically adds From: header.

Q 4.2. I'd like to set up a backup server of a relay host.

A. The best idea is to specify multiple MX records in DNS server. When a higher-priority server is down, back-up server will be used.

IN MX 10 mail1.hogehoge.com.
IN MX 20 mail2.hogehoge.com.

In case you can't change MX records of DNS server, specify destination hostname or IP address in $fallback_relay parameter. When relay host can't be used, mails will be sent to the backup server.

Q 4.3. I want to keep Received: headers secret, not to expose machine's names or IP addresses in our LAN.

A. At the present time (Oct 31, 2002), changing Received: header format is not supported (this is included in TODO). You need to modify the source code of postfix. In the version of snapshot-2000921 or later, you can specify IGNORE in header_checks or body_checks parameter to remove unwanted header lines.

Q 4.4. I'd like to send original mails to relocated addresss, when returning 'User has moved' message to the sender. relocated doesn't send any mails to the relocated address.

A. To send a mail to the new address as well as the sender, use virtual map with relocated map. To send a mail for user1 to user2@new.domain and to announce a new address to the sender, specify as follows:

[main.cf]
relocated_maps = hash:/etc/postfix/relocated
virtual_maps = hash:/etc/postfix/virtual

[/etc/postfix/virtual]
user1 user2@new.domain, user1

[/etc/postfix/relocated]
user1 user2@new.domain

You should execute postmap command to make map files of relocated file and virtual file.

Q 4.5. How to configure when I use wild-card MX record.

To accept all mails for any subdomains of a domain, add .example.com to $mydestination parameter (example.com would also be required).

In virtual and/or canonical tables, you may want to specify like @.example.com address.

Q 4.6. I'd like to change a mail receiving port from 25 to another.

A. Change the smtp port 25 in /etc/services to another, or modify smtpd line of master.cf as follows:

smtp      inet  n       -       n       -       -       smtpd

#smtp      inet  n       -       n       -       -       smtpd
2525      inet  n       -       n       -       -       smtpd

and execute postfix reload.

Q 4.7. The test on relay-test.mail-abuse.org said that our host had problems.

A. At first, check $mynetworks and $relay_domains parameters don't have undesirable values.

In case there is no problem and relay-test.mail-abuse.org said "your host relays a mail for user%domain1@domain2 or domain1!user@domain2, if the following parameters are defined as:

allow_percent_hack = no
swap_bangpath = no

postfix once receives mails, and bounce as error. Then the mail seems to be relayed. In such case, specify:

allow_percent_hack = yes
swap_bangpath = yes

in main.cf, or specify:

smtpd_recipient_restrictions = regexp:/etc/postfix/recipient_checks.reg,
    permit_mynetworks, check_relay_domains

and create recipient_checks.reg file as follows (if the postfix suppoorts regexp. You can use pcre in stead of regexp):

/[@!%].*[@!%]/           550 Please use user@domain address forms only.

This rejects all source-routing addresses.

Q 4.8. I configured POP before SMTP system with DRAC, but rpc.dracd fails in Signal 11.

A. DRAC may crashed if you compile DRAC with -DREQ_HASH option and treat hash-type database. Remove the option in compilation, and use btree format which is the default of DRAC.

Q 4.9. When relaying a mail to a MTA running on the same host, it says 'mail for localhost:xxx loops back to myself' and the mail can't be sent.

A. Postfix smtp client assume thet it connects to myself if a SMTP server response includes $myhostname, and make an error as mail-loop. It can be avoidable by setting another name in $myhostname. The parameter is used as default value of other parameters, so you should set it carefully.

Q 4.10. How to refer /etc/hosts file in sending mails?

A. Postfix is designed for DNS environment. By default, Postfix makes queries an MX record for the DNS server, and don't send mails if the record is not found. To search A record when the MX record is not found, specify:

ignore_mx_lookup_error = yes
but /etc/hosts file won't be used. If you disable MX search like [example.com], /etc/hosts won't be used.

To force postfix to read /etc/hosts file, specify

disable_dns_lookups = yes
in main.cf file. In that case, you can't use MX record and you may want to specify relayhost to send outgoing mails.

Note: disable_dns_lookups option just disables Postfix DNS client and makes Postfix use libc resolver, does not disable any DNS lookups of both Postfix and operating system.

Q 4.11. I'd like to specify multiple addresses in a record of a transport table or relayhost parameter on Postfix 2.0.x.

A. You could specify like:

example.co.jp  smtp:[mailserver-1] [mailserver-2]
on transport maps on Postfix 1.x, but this is not intended. On Postfix 2.0 or later, it behaves as documented, i.e. multiple destinations are not allowed.

You may need to configure multiple MX records of your DNS, or you can use SMTP Connect Patch (the page is written in Japanese) provided by Tomita-san.

Q 4.12. I'd like to send mails for virtual_mailbox_domains addresses to some command via pipe.

A. virtual daemon can't send mails to command because of security reason. To send mails for an address virtual@example.com whoese domain is listed in virtual_mailbox_domains, specify in main.cf:

virtual_alias_maps = hash:/etc/postfix/virtual
(For Postfix 1.1.x,
virtual_maps = hash:/etc/postfix/virtual )

Edit /etc/postfix/virtual to create virtual user like:

virtual@example.com virtual+example.com

and make an entry in /etc/aliases as follows:

virtual+example.com "|/usr/local/bin/pipeprog"

Then the mails for virtual@example.com will be piped to /usr/local/bin/pipeprog command.

Q 4.13. How can I use virtual domains without Unix accounts?

A. Use virtual_mailbox_maps to minimize required Unix accounts. See VIRTUAL_README or the following example:

[main.cf]
virtual_transport = virtual
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_mailbox_domains = hash:/etc/postfix/vmaildomains
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
local_transport = local
mydestination = $myhostname $localhost.$mydomain
local_recipient_maps = unix:passwd.byname $alias_maps

[/etc/postfix/vmailbox]
virtual@example.com example.com/virtual
virtual@example.jp example.jp/virtual/Maildir/

[/etc/postfix/vmaildomains]
virtual1.domain required to prevent relay access denied errors
virtual2.domain required to prevent relay access denied errors
Q 4.14. I'd like to build Postfix only for sending mails.

A. If you use mail-form CGI which uses sendmail command on your web server and you have another official mail server, your Postfix on web server doesn't need to listen 25/tcp.

To make Postfix not to listen 25/tcp, comment out smtpd line in master.cf like this:

#smtp  inet  n  -  n  -  -  smtpd
Q 4.15. How can I forward mails to my local mailbox?

A. For Postfix system unlike Sendmail,

\user

description in .forward file doesn't inhibit expansion of addresses. \ is simply ignored, and the recipient address is rewritten to the same address as the destination which a mail to user is sent to on the system with the .forward file.

For example, you specify user in user's .forward file. By default,

append_myorigin = yes
myorigin = $myhostname
mydestination = $myhostname, ...

make user expanded to user@$myhostname. Because the rewritten address is user again, Postfix doesn't read .forward file not to make a loop and stores the mail to user's mailbox.

You can specify a path of mailbox in .forward file explicitly. For mbox delivery, specify

/var/mail/user

in .forward file and mails will be stored in /var/mail/user in mbox style. For maildir delivery, specify

~/Maildir/

and mails will be send to Maildir under your home directory (the last slash means maildir delivery). Not like qmail, the current directory in .forward file like:

./Maildir/

will NOT be accepted in Postfix.

TOP

5. Maildir problems

Q 5.1. How can I transform mbox-style mails to Maildir format?

A. You can transform mbox mails into Maildir format with a perl script like mbox2maildir (by RussellNelson) or mbox2maildir (by Bruce Guenter).

Q 5.2. Mail delivery fails when I specified ./Maildir/ in ~/.forward file.

A. You can't specify ./Maildir/ in ~/.forward file because the Postfix local daemon can't change current directory by design, and privilleged process shouldn't chdir to user's directory. You should specify /home/user/Maildir/ or ~/Maildir/ in stead of ./Maildir/.

TOP


ike@kobitosan.net