Postfix configuration

Postfix configuration can be a bit tricky sometimes, and usually involves few files to work properly.

These are the relevant parameters I use.

Main configuration file (main.cf)
SASL passwords map

Main configuration file (main.cf)

Basic options

inet_interfaces = 127.0.0.1 192.168.11.35
inet_protocols = all

mydomain = mydomain.tld
myhostname = volstagg.mydomain.tld
myorigin = $mydomain
mynetworks = 127.0.0.0/8 192.168.11.0/24
mydestination = $myhostname, localhost.mydomain.tld, localhost, mail.mydomain.tld, mydomain.tld

smtpd_banner = $myhostname ESMTP $mail_name (GNU/Linux)
biff = no
append_dot_mydomain = no

compatibility_level = 2

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
sender_canonical_maps = pcre:/etc/postfix/sender_canonical
recipient_delimiter = +
mailbox_size_limit = 0
message_size_limit = 51200000

for a satellite system mydomain can be set to myhostname
compatibility_level turns on backward compatibility warning log messages.
See http://www.postfix.org/COMPATIBILITY_README.html

Relay host

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
relayhost = [smtp.relay.tld]

TLS parameters

smtpd_use_tls=yes
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

SASL authentication

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
smtp_sasl_type = cyrus
smtp_sasl_security_options = noanonymous

SASL passwords map

The passwords map contains the credentials to authenticate to one (or more) smtp relays:

smtp.my.domain.tld    user@my.domain.tld:<password>
smtp.other.domain.tld user@other.domain.tld:<password>

Issue the command:

postmap /etc/postfix/sasl/passwd

to create the corresponding hash map.