Configure Mail and Web Services

SECTION 6 Configure Mail and Web Services

This section covers two of the more frequently used services.

As Postfix is the default mail server on SLES 10 (RHEL 4 uses

Sendmail as default), Postfix is covered in more detail.

Objectives
1. Postfix
2. Apache Web Server

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

Objective 1 Postfix
Both, RHEL4 and SUSE Linux Enterprise Server 10, allow to
choose between Sendmail and Postfix as mail server. While
Sendmail is the default mail server under Redhat, the default mail
server in SUSE Linux Enterprise Server 10 is Postfix.

Postfix was written by Wietse Venema as an alternative to the

well-known Mail Transfer Agent (MTA) Sendmail with the
following goals:
■ It should be a fast mailer.
■ It should be easy to administer.
■ It should be secure.
■ It should be compatible with Sendmail.

This objective covers the following topics:

■ Understand the Architecture and Components of Postfix
■ Configure Postfix
■ Use Postfix Tools

Understand the Architecture and Components of

Postfix

Wietse Venema met his Postfix design goals using a series of

modular function units.

Unlike Sendmail, Postfix is not a large monolithic program block.

Instead, it consists of a variety of small programs, each of which is
allocated a specific task (for example, accepting an email).

This modularization makes the system more transparent.

The individual components are easier to administer, facilitating

further development of Postfix.

6-2 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

The following figure, taken from the original Postfix

documentation, shows a rough summary of the modularization of
Postfix.

Modules that are not covered at this stage are in

/usr/share/doc/packages/postfix/html/OVERVIEW.html.

Figure 6-1

Individual Postfix processes are represented in the diagram by

ellipses. Dark squares stand for lookup tables and light squares
represent mail queues or mailboxes.

For security reasons, Postfix works with four mail queues. For
every mail queue, there is a directory bearing the same name under
/var/spool/postfix/.

The functions of the queues and the Postfix files are described in
■ Process of Inbound Email
■ Process of Outbound Email
■ Components of the Postfix Program Package

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-3
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

Process of Inbound Email

The following figure shows how an email can reach Postfix and
how it is processed.

Figure 6-2

The following describe these processes:

■ Email Received Locally
■ Email Received over the Network

Email Received Locally

Postfix uses the postdrop command to place an email sent locally

into the maildrop queue before it is picked up by the pickup
daemon.

The pickup daemon checks it for content, size, and other factors
based on rules; then it passes the email to the cleanup daemon.

The cleanup daemon does the following:

■ Inserts missing header lines (Resent:, From:, To:, Message-ID:,
Date:) in the email (if the mail was written with telnet)
■ Deletes double recipient addresses

6-4 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

■ Uses the trivial-rewrite daemon (/usr/lib/postfix/trivial-rewrite)

to convert the email address in the header to the
user@fully-qualified-domain convention
■ Writes data in the header according to the rules in the lookup
tables /etc/postfix/canonical and /etc/postfix/virtual

After this, the email is copied to the incoming queue and the queue
manager /usr/lib/postfix/qmgr is informed of the arrival of this
email.

Email Received over the Network

Email received over the Internet or LAN is accepted by the daemon,

smtpd. smtpd checks the email for content, size, and other factors
before passing it to the cleanup daemon.

The cleanup daemon does the following:

■ Replaces missing header lines (Resent:, From:, To:,
Message-ID:, Date:) in the email
■ Deletes double recipient addresses
■ Uses the trivial-rewrite (/usr/lib/postfix/trivial-rewrite) daemon
to convert the email address in the header to the
user@fully-qualified-domain convention
■ Writes data in the header according to the rules of the lookup
tables /etc/postfix/canonical and /etc/postfix/virtual

Then the email is copied to the incoming queue and the queue
manager /usr/lib/postfix/qmgr is informed of the arrival of this
email.

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-5
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

Process of Outbound Email

The following figure shows how an email is handled by Postfix

before it leaves the system to be delivered do its destination:

Figure 6-3

The following topics describe this process:

■ Deliver Email to Local Users
■ Deliver Email to Users on Remote Systems
■ Process Undeliverable Emails

Deliver Email to Local Users

The queue manager fetches an email from the incoming queue and
copies it to the active queue as soon as the active queue contains no
other emails.

The trivial-rewrite daemon takes over the checking procedure based

on the lookup table /etc/postfix/transport to see whether the
recipient of the email is on the local system or a remote system.

6-6 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

If this daemon decides the email should be delivered locally, the

queue manager orders the local delivery service
(/usr/lib/postfix/local) to deliver the email to the recipient’s
mailbox, taking into account the alias database (/etc/aliases) as well
as any forward files of the user (~/.forward).

The local daemon can also be configured to have mail delivered by

external programs, such as Procmail.

Deliver Email to Users on Remote Systems

The queue manager fetches an email from the incoming queue and
copies it to the active queue, as soon as the active queue is empty.

The trivial-rewrite daemon uses the /etc/postfix/transport lookup

table to see if the recipient of the email is on the local system or on
a remote system.

If the daemon decides the email should be delivered to a remote

system, the queue manager activates the SMTP service to deliver
the email.

The SMTP service tries to find the mail exchanger specified for the
target host; then it delivers the email to the mail exchanger for the
recipient host.

Process Undeliverable Emails

Emails that cannot be delivered are removed from the active queue
by the queue manager and copied to the deferred queue.

The queue manager then copies this email at regular intervals from
the deferred queue back to the active queue and tries again to
deliver the email.

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-7
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

Components of the Postfix Program Package

During the Postfix installation, files are saved to various locations

on a SUSE Linux Enterprise Server 10 system. These locations can
be grouped according to the following criteria:
■ /etc/aliases. This is the only file in /etc/. It has the same format
as the aliases file for the MTA Sendmail and contains local
address aliases.
■ /etc/postfix/. All the configuration files defining Postfix mail
processing are in this directory.
Normally, the Postfix administrator is the only one who can
make changes to these files.
■ /usr/lib/postfix/. This directory contains all the programs
needed directly by Postfix. To be more precise, these are the
Postfix binaries.
These programs are not accessed directly by the system
administrator.
■ /usr/sbin/. This directory contains the administration programs
for maintaining and manually controlling Postfix.
An administrator uses these programs during maintenance
work.
■ /usr/bin/. This directory contains symbolic links with the
names mailq and newaliases.
Both links point to the program /usr/sbin/sendmail that provides
a Sendmail-compatible administration interface for Postfix.
■ /var/spool/postfix/. This directory contains the queue
directories for Postfix and the directories etc/ and lib/ for
Postfix processes that run in a chroot environment.
If the variables POSTFIX_CHROOT and
POSTFIX_UPDATE_CHROOT_JAIL in /etc/sysconfig/postfix
are set to yes, these two directories are set up by
SuSEconfig --module postfix

6-8 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

■ /usr/share/man/man[1|5|8]/. These directories contain the

manual pages for the Postfix binaries, for the configuration
files, and the administration programs.
■ /usr/share/doc/packages/postfix/. This contains
documentation for Postfix.

The subdirectory html/ contains a detailed HTML description of

Postfix and a very useful FAQ.

Configure Postfix

This objective covers the following topics:

■ Configure the Postfix Master Daemon
■ Configure Global Settings
■ Configure General Scenarios
■ Configure the Lookup Tables

Configure the Postfix Master Daemon

The Postfix master daemon /usr/lib/postfix/master is started directly

by Postfix when the system is booted and is terminated only when
the system goes down or if Postfix ends.

The Postfix master daemon is normally configured once only when

as the email system is set up, and is usually never changed.

The master daemon, which monitors the entire mail system,

■ Controls and monitors individual Postfix processes.
■ Adheres to configured resource limits, which were defined in
the file master.cf.
■ Restarts killed Postfix processes.

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-9
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

The Postfix master daemon is configured in the file

/etc/postfix/master.cf. Each line in the file contains an entry for one
Postfix process.

6-10 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

The behavior of each process is defined by the configuration in the

respective line:

#
=========================================================================
=
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
#
=========================================================================
=
smtp inet n - n - - smtpd
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o
smtpd_etrn_restrict
ions=reject
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
#tlsmgr fifo - - n 300 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
#localhost:10025 inet n - n - - smtpd -o
content
_filter=
...

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-11
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

...
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m
${extension} ${u
ser}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
vscan unix - n n - 10 pipe
user=vscan argv=/usr/sbin/amavis ${sender} ${recipient}
procmail unix - n n - - pipe
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc
${sender} ${r
ecipient}

If an entry in the file is too long for a specific service, this entry can
be continued in the following lines by adding an empty space at the
beginning of the following line; for example:

procmail unix - n n - - pipe

flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc
${sender} ${recipient}

6-12 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

The meaning of individual fields in a configuration line and their

possible values are listed below.

Default values, if any, are listed in the description. If an entry is set

to “–”, the default value is used.
■ service. The name of the Postfix process.
An entry for a service that is controlled by the inet daemon can
be specified in the form host:port.
inet is the service that controls who can connect to your
computer and which services they can use.
An entry for the SMTP service could be
localhost:smtp
This entry would start the Postfix process /usr/lib/postfix/smtpd
in such a way that it only receives email messages on port 25 of
the loopback interface (if this port is entered correctly in the file
/etc/services).
The host prefix and the following colon are optional.
■ type. Allows you to specify a connection type.
Possible entries are
❑ inet for Internet sockets (TCP/UDP)
❑ unix for UNIX domain sockets (only for local
communication)
❑ fifo (first in, first out) for named pipes
■ private. Configures access to the service.
The value y (yes) only defines access to this service from the
mail system.
The entry n (no) also allows access to this service for
components outside the mail system. For services of the type
inet, the value n must always be set.
The default value is y.

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-13
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

■ unpriv. Configures the UID under which this service is

running.
With the value y (yes), the configured service runs under the
unprivileged user configured in the file /etc/postfix/main.cf with
the variable mail_owner (as a rule, the user postfix).
If this value is set to n (no), the service runs with root privileges
- with the UID 0.
The default value is y.
■ chroot. Specifies the chroot behavior of the service.
The value y (yes) causes the service to be started in a chroot
environment.
The root path of this environment is defined in the variable
queue_directory in the file /etc/postfix/main.cf (this is normally
the directory /var/spool/postfix/).
The default value is y.
■ wakeup. Runs the service again after the given number of
seconds have expired.
The default value of 0 deactivates this function for the service.
Currently only the pickup daemon and the queue manager use
this function.
The default value is 0 (never).
■ maxproc. Defines the maximum number of processes that can
be run simultaneously.
The default value is defined in the variable
default_process_limit in the file /etc/postfix/main.cf.
The default value is 100.
■ command + args. Configures the command to run, including
the required arguments.

6-14 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

The path name of the command to run is relative to the

directory defined in the file /etc/postfix/main.cf via the variable
daemon_directory (this is normally the directory
/usr/lib/postfix/).
If one or more -v arguments are given, the debugging level is
increased for the given command.
Specifying the -D argument allows debugging by using the
debugging command, specified in the file /etc/postfix/main.cf
by the variable debugger_command.

Configure Global Settings

All other configuration definitions (apart from the configuration of

processing rules in lookup tables) are set in the following file:

/etc/postfix/main.cf

On SUSE Linux Enterprise Server 10, the most common parameters

of this file can be modified using variables in the files
■ /etc/sysconfig/mail
and
■ /etc/sysconfig/postfix

Postfix is one of the last services that needs SuSEconfig to run for
generation of the actual configuration files from files located in
/etc/sysconfig/.

The file /etc/sysconfig/mail is used for general configurations that

are not specific for Postfix and also used for Sendmail: For the
MTA to operate correctly, you have to do the following in the file
/etc/sysconfig/mail:
1. The fully qualified domain name (FQDN) must be entered in the
variable FROM_HEADER.
If this variable is not set, the host name (FQDN) will be used.

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-15
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

2. The variable SMTPD_LISTEN_REMOTE should be set to yes

and Postfix will listen on port 25 for arriving mails.
Otherwise, only email from the local host will be accepted.

By means of the /sbin/SuSEconfig script, both settings and the

entries in the file /etc/sysconfig/postfix are translated into suitable
parameters in the file /etc/postfix/main.cf.

If you do not want SuSEconfig to generate this configuration file,

set the variable MAIL_CREATE_CONFIG in the file
/etc/sysconfig/mail to no.

To configure Postfix, you need to know how to do the following:

■ Configure Postfix with /etc/sysconfig/postfix
■ Configure Postfix with /etc/postfix/main.cf

Configure Postfix with /etc/sysconfig/postfix

Modifications in the file /etc/sysconfig/postfix are only adopted in

the file /etc/postfix/main.cf and, in some cases, in the file
/etc/postfix/master.cf after the execution of /sbin/SuSEconfig or the
SuSEconfig module for Postfix:
■ /sbin/conf.d/SuSEconfig.postfix
or
■ /sbin/SuSEconfig --module postfix

The meanings of the variables are briefly commented on the

configuration file /etc/sysconfig/postfix.

The following provides a more detailed description.

■ POSTFIX_RELAYHOST. If the local email server should use
a relay host to deliver emails that cannot be locally delivered,
the relay host itself or the domain of the relay host must be
given here.

6-16 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

If the name of a domain is provided, Postfix determines the

relay host for the domain by an MX lookup.
If Postfix should forward all emails that cannot be locally
delivered to a relay host without carrying out an MX lookup,
the host name of the relay must be given in square brackets (for
example, [mailrelay.digitalairlines.com]).
It is also possible to give an IP address in this form.
Optionally, the domain or host can be extended with a port
number (for example, digitalairlines.com:1025).
If you leave this entry empty, Postfix delivers all mails that
cannot be delivered locally to the mail exchanger.
Any entries in the file /etc/postfix/transport have precedence
over the relay host.
If this variable is assigned a value, the variable relayhost in the
file /etc/postfix/main.cf will be modified by running
SuSEconfig.
■ POSTFIX_MASQUERADE_DOMAIN. If your own DNS
domain is configured with this variable (for example,
digitalairlines.com), all addresses in emails that contain a host
prefix are shortened by this host prefix.
For example, geeko@da2.digitalairlines.com becomes
geeko@digitalairlines.com.
If this variable is assigned a value, the variable
masquerade_domains in the file /etc/postfix/main.cf is modified
by running SuSEconfig.
Additionally, the variable masquerade_exceptions = root will
be set.
■ POSTFIX_LOCALDOMAINS. Contains a comma-separated
list of the domains for which Postfix should accept emails.
These values are written to the variable mydestination in the file
/etc/postfix/main.cf by running SuSEconfig.

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-17
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

If POSTFIX_LOCALDOMAINS is empty, the variable is set to

$myhostname, localhost.$mydomain by SUSEconfig.
■ POSTFIX_NULLCLIENT. A nullclient is a host that can only
send mail over the network, does not receive mail over the
network, and does not deliver any mail locally.
If you enter yes, the variable mydestination in the file
/etc/postfix/main.cf will remain empty after running
SuSEconfig.
The default entry is no.
■ POSTFIX_DIALUP. If this value is set to yes, emails that
cannot be delivered locally are not sent to their destination until
the command sendmail -q is run.
The setting is useful for dial-up systems; otherwise, error
messages would appear when sending emails if the system is
not online, or a connection would be established for every email
message if dial-on-demand is used.
The value no leads to an immediate attempt to deliver any
emails waiting for delivery.
If this variable is assigned the value yes, the line
defer_transports = smtp will be added to the file
/etc/postfix/main.cf by running SuSEconfig.
■ POSTFIX_NODNS: If this variable is set to yes, Postfix will
not carry out any DNS lookups for the sender and recipient
domains when processing emails.
If this variable is assigned the value yes, the variable
disable_dns_lookups = yes in the file /etc/postfix/main.cf will
be activated by running SuSEconfig.
■ POSTFIX_CHROOT. If this variable is set to yes, the services
will be run in a chroot environment, if possible. You can find
the chroot environment in /var/spool/postfix.
If the variable is set to no (default), all Postfix processes will
run in the normal environment.

6-18 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

■ POSTFIX_UPDATE_CHROOT_JAIL. If SuSEconfig is to
set up the chroot environment, this value should be set to yes.
By default, the variable is set to no.
■ POSTFIX_LAPTOP. Some Postfix services access FIFOs
frequently, thus preventing the hard disk from spinning down.
However, if this is desired on notebooks for power-saving
purposes, the variable can be set to yes.
■ POSTFIX_UPDATE_MAPS. If SuSEconfig is to create the
database files from the corresponding lookup tables, this
variable should be set to yes (default).
■ POSTFIX_MAP_LIST. If POSTFIX_UPDATE_MAPS is set
to yes, you can select the lists Postfix should support here.
■ POSTFIX_RBL_HOSTS. Here you can specify a
comma-separated list of host names from which RBLs
(Realtime Blackhole List) can be obtained.
No mail is accepted from clients that are these lists.
This entry makes sense only if
POSTFIX_BASIC_SPAM_PREVENTION is not set to off.
■ POSTFIX_BASIC_SPAM_PREVENTION. Here, specify
how strict filter rules for UCE (unsolicited commercial email)
should be configured.
Possible levels are off, medium, and hard.
More details you can find at http://www.postfix.org/uce.html.
■ POSTFIX_MDA. Here, specify an MDA with which Postfix
should cooperate.
The entries are
❑ procmail. Use Procmail to deliver mail locally.
❑ cyrus. Use lmtp to deliver to cyrus-imapd.
❑ local. Use Postfix local MDA.

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-19
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

■ POSTFIX_SMTP_AUTH_*. These variables control the

behavior of Postfix with respect to the authentication: if Postfix
accepts mail and if Postfix delivers mail to other mail servers.
■ POSTFIX_SMTP_TLS_SERVER,
POSTFIX_SMTP_TLS_CLIENT. If these variables are set to
yes, Postfix can encrypt the communication with the other side
when sending and receiving mail, provided the following
variables are configured.
■ POSTFIX_SSL_*, POSTFIX_TLS_*. These variables control
various aspects of the certificate and key management needed
for the encryption.
Encrypted connections are not covered in this course; this
manual does not provide any details about the individual
variables.
■ POSTFIX_ADD_*: These variables can be used to set the
Postfix variables.
The variable must be converted to uppercase letters and
appended to POSTFIX_ADD_.
For example, to set the Postfix variable message_size_limit to
100000, enter
POSTFIX_ADD_MESSAGE_SIZE_LIMIT=100000
in /etc/sysconfig/postfix.
Subsequently, SuSEconfig will generate the respective entry
message_size_limit=100000 in /etc/postfix/main.cf.
All available Postfix variables can be listed by using postconf.
■ POSTFIX_REGISTER_SLP. If this is set to yes, Postfix
registers automatically to SLP.

Apart from this method, further settings can be made directly in the
file /etc/postfix/main.cf, which has very detailed comments.
Following a manual modification of the file /etc/postfix/main.cf,
modifying /etc/sysconfig/postfix and subsequently running of
/sbin/SuSEconfig will not affect the file /etc/postfix/main.cf.

6-20 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

Instead, the file /etc/postfix/main.cf.SuSEconfig will be created,

which can be renamed to /etc/postfix/main.cf if necessary.

Configure Postfix with /etc/postfix/main.cf

The main configuration file for Postfix is

/etc/postfix/main.cf

This file is well documented, including detailed comments.

If you decide to configure Postfix directly by editing the

configuration file /etc/postfix/main.cf, set the variable
MAIL_CREATE_CONFIG in /etc/postfix/mail to no.

This will prevent SuSEconfig from overwriting the configuration

file.

x In case there are multiple lines containing settings for variables, the settings
of the last definition will be used. This allows putting all your configuration
lines at the end of the configuration file.

Some important variables are the following:

■ queue_directory. The directory in which the mail queue is
located. The default entry for this is /var/spool/postfix.
■ command_directory. The directory in which the Postfix
administration tools are located.
The default entry is /usr/sbin.
■ daemon_directory. The directory in which the Postfix daemon
is located.
The default entry is /usr/lib/postfix.
■ mail_owner. Describes the owner of the mail queue.
By default, this is set to postfix.

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-21
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

■ myhostname. Defines the host name of the computer. This

value serves later as the default value for other parameters.
By default, the FQDN is given here.
■ mydomain. The domain name of the computer.
This value serves later as the default value for other parameters.
■ myorigin. The domain that appears as the sender for emails
sent locally.
The default value is the FQDN.
■ mydestination. Describes a list of domains for which the
computer should accept emails.
■ masquerade_domains. For sender addresses of the specified
domain(s), the host part is removed.
For example, geeko@da2.digitalairlines.com becomes
geeko@digitalairlines.com.
■ masquerade_exeptions. Specifies the users that should not be
masqueraded. By default root is entered here.
■ relayhost. All emails that cannot be processed locally are sent
to the computer specified here.
■ inet_interfaces. Specifies the network addresses on which
Postfix waits for incoming mail.
The default value is 127.0.0.1.
To enable Postfix to receive mail from other hosts, enter the IP
numbers of the network cards or all.
■ mynetworks. Lists IP ranges belonging to your network.
Postfix can be configured to forward mail from hosts in these
networks.

6-22 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

If you don’t want to specify the IP ranges of your network by

hand, you can use the option mynetworks_style which allows
three values:
❑ class. Postfix trusts all SMTP clients in the same IP class
(A/B/C).
❑ subnet. Postfix trusts all SMTP clients in the same IP
subnet.
❑ host. Postfix trusts only the local host.
■ smtpd_recipient_restrictions, smtpd_helo_restrictions,
smtpd_client_restrictions, smtpd_sender_restrictions.
Control who is allowed to forward email over the mail server.

The variables that are relevant for most deployment scenarios are in
the file

/etc/postfix/main.cf

Variables that are not defined here are assigned default values or
remain empty.

To list all variables used by Postfix and their respective values,

enter

postconf

Configure General Scenarios

The following scenarios presume that the variable

MAIL_CREATE_CONFIG in the file /etc/sysconfig/mail is set to
no.

If it is, the file /etc/postfix/main.cf will not be changed by executing

SuSEconfig, and the file /etc/postfix/main.cf.SuSEconfig will not
be generated.

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-23
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

Because these files usually contain useful settings, only few

modifications are necessary for some deployment scenarios.

However, remember that the last entry of a variable in the file

/etc/postfix/main.cf is valid.

If an entry is changed, the change does not take effect if a different

value is assigned later in the file.

The following topics are described:

■ Forward Mail to the Provider’s Mail Server
■ Receive Mail over the Internet

Forward Mail to the Provider’s Mail Server

If all mail traffic is running from a mail server at the ISP, a small
network merely needs a mail server that accepts the mail from the
clients and passes it to the ISP’s mail server.

Because the local mail server does not serve as the mail server for
the company domain from the Internet, the configuration is rather
simple.

Such a mail server has to

■ Accept mail from the intranet clients.
■ Reject mail delivered by other clients.
■ Possibly rewrite sender addresses.
■ Submit all mail to the provider’s mail server.

Only few changes are needed in the file /etc/postfix/main.cf.

6-24 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

The following entries merely ensure that Postfix only accepts mail
from the clients in the local network:

# 10.0.0.51 is the IP in the LAN

inet_interfaces = 10.0.0.51, 127.0.0.1
mynetworks = 10.0.0.0/24, 127.0.0.0/8
smtpd_recipient_restrictions = permit_mynetworks, reject

It is necessary to rewrite addresses to make sure that the sender does

not appear in the form

geeko@da51.digitalairlines.com

but in the common form

geeko@digitalairlines.com

On the other hand, the host is important for messages sent to root.

Therefore, mail addressed to root should not be rewritten.

Two entries in the file /etc/postfix/main.cf are sufficient for this

simple scenario:

masquerade_exceptions = root
masquerade_domains = digitalairlines.com

Moreover, Postfix must be informed of the mail server to which it is

supposed to deliver the mail.

The relayhost entry also ensures that Postfix does not attempt to
establish a direct contact to respective mail servers of the recipients.

relayhost = da1.digitailairlines.com

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-25
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

Exercise 6-1 Send Mail in the Local Network

In this exercise, you send mail in the local network. You configure
Postfix and test your configuration.

You will find this exercise in the workbook.

(End of Exercise)

6-26 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

Receive Mail over the Internet

If the mail server is set up not only for sending email messages of
the users in the local network but also for receiving mail from the
Internet addressed to the domain, configuring it is a bit more
difficult.

It is important to prevent the mail server from being misused as an

open relay by spammers.

Regardless of the individual configuration of Postfix, the server

must be introduced to the DNS as the responsible mail server by
means of an MX record.

In addition to the requirements in the last section, the mail server

has to
■ Accept mail that comes from the Internet and is addressed to
your domain
■ Reject mail that comes from the Internet and is not addressed to
your domain
■ Reject mail from known spam sources

Accordingly, a number of additional entries are needed.

As mail can theoretically be received at all interfaces, a different

value is necessary for inet_interfaces. mynetworks_style can remain
unchanged:

inet_interfaces = all
mynetworks_style = subnet

Postfix has to know for which domains it is can accept mail:

myhostname = da51.digitalairlines.com
mydomain = digitalairlines.com
mydestination = $myhostname, localhost.$mydomain,
$mydomain

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-27
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

If Postfix is not only responsible for the mail of your domain but
also for the mail of other domains (as is normally the case with web
hosters), the domains are not entered under mydestination but in the
lookup table virtual, which is covered in following section.

The decision to accept or not accept mail is controlled by the

following variables, which contain various criteria.
■ smtpd_helo_restrictions
■ smtpd_sender_restrictions
■ smtpd_recipient_restrictions
■ smtpd_client_restrictions

A message is only delivered if it passes all the criteria without being

rejected.

For example, smtpd_sender_restrictions can be used to prevent

known spammers from delivering mail.

If the sender is listed in an RBL, the message can be rejected before

the system checks whether it is addressed to a local user:

maps_rbl_domains = rbl-domains.digitalairlines.com
smtpd_sender_restrictions = reject_maps_rbl

The following entry ensures that email from the range specified in
$mynetworks as well as email for which Postfix is responsible due
to the specifications in $mydomain is accepted—all other mail is
rejected due to reject_unauth_destination:

smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination

x An explanation of all possibilities of the restrictions variables would exceed

the scope of this course.

6-28 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

Exercise 6-2 Use Postfix on the Internet

In this exercise, you configure Postfix to send email to the Internet.

You will find this exercise in the workbook.

(End of Exercise)

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-29
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

Configure the Lookup Tables

Lookup tables contain rules for processing email within the overall
Postfix system.

These tables are activated by variables in the file

/etc/postfix/main.cf

The tables are then defined as

/etc/postfix/lookup-table

After a lookup table has been defined, it needs to be converted to

the required format (usually in the form of a hash table) using the
command postmap.

This is done by entering:

postmap hash:/etc/postfix/lookup-table

The structure of lookup tables is subject to the following general

rules:
■ Blank lines or lines that begin with a # are not interpreted as
command lines.
■ Lines that begin with a space are regarded as a continuation of
the previous line.

It is also possible to use regular expressions.

Instead of domain names, you also can use IP addresses.

b A man page exists for every lookup table: man 5 lookup-table.

6-30 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

The following lookup tables are described:

■ The access Lookup Table
■ The canonical Lookup Table
■ The recipient_canonical Lookup Table
■ The sender_canonical Lookup Table
■ The relocated Lookup Table
■ The transport Lookup Table
■ The virtual Lookup Table
■ The aliases Lookup Table

The access Lookup Table

You can use the /etc/postfix/access lookup table to reject or allow

email from defined senders.

The smtpd daemon evaluates this table when email arrives.

The following topics are described:

■ Activate the Lookup Table
■ The access Lookup Table Format

Activate the Lookup Table

This function is activated in the file /etc/postfix/main.cf:

smtpd_sender_restrictions = hash:/etc/postfix/access

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-31
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

The access Lookup Table Format

Each line defines a rule that is evaluated by smtpd when an email

arrives.

The rules are processed from top to bottom and the matching of
rules ends when the first match occurs.

Each line consists of the definition of an email address in the first

column and a defined action in the second column.

Possible values for email address patterns are

■ user@domain. Defines a filter for the specified email address.
■ domain.name. Defines a filter for all email addresses of the
specified DNS domain.
■ user@. Defines a filter for all email addresses with the same
user part.

Possible values for actions are

■ 4xx Text, 5xx Text. Rejects email with the specified numerical
code (see RFC821) and the defined text message.
■ REJECT. Rejects the email with a generic error message.
■ OK. Accepts the email.
■ DISCARD optional text. Makes sure that the email is
discarded without an error message to the sender.
The optional text appears in the log file. If no text is specified,
a generic message appears in the log.

Examples:

postmaster@digitalairlines.com OK
spam@hahaha.net 550 We're fighting against spam!
194.95.93.10 REJECT

6-32 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

b See the man pages (man 5 access) for other possible actions.

The canonical Lookup Table

You can use the /etc/postfix/canonical lookup table to rewrite

sender and recipient addresses of incoming and outgoing emails.

Both the header and the envelope are rewritten.

The cleanup daemon reads this table when an email arrives.

The following is described:

■ Activate the Lookup Table
■ The canonical Lookup Table Format

Activate the Lookup Table

This function is activated in the file /etc/postfix/main.cf:

canonical_maps = hash:/etc/postfix/canonical

The canonical Lookup Table Format

Each line defines a rule that is evaluated by smtpd when an email

arrives.

The rules are processed from top to bottom and the matching of
rules ends when the first match occurs.

Each line consists of the definition of an email address in the first

column and a defined action in the second column.

Possible values for email address patterns are

■ user@domain. Defines a filter for the specified email address.

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-33
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

■ user. Defines a filter for all email addresses with the same user
part, provided the domain part of the email is listed in one of
the variables $myorigin, $mydestination, $inet_interfaces, or
$proxy_interfaces in the /etc/postfix/main.cf file.
■ @domain. Defines a filter for all email addresses of the
specified domain.

Possible values for action are

■ user@domain. Rewrites the email address to the value defined
here.

Examples:

training@digitalairlines.com geeko@digitalairlines.com
@slc.digitalairlines.com slc@digitalairlines.com

If you want to convert sender addresses and recipient addresses in a

different way, use
■ recipient_canonical to convert the recipient addresses
■ sender_canonical to convert the sender addresses

The recipient_canonical Lookup Table

You can use the /etc/postfix/recipient_canonical lookup table to

convert recipient addresses of incoming and outgoing emails.

The cleanup daemon evaluates this table when an email arrives

before the generic lookup table /etc/postfix/canonical is evaluated.

The following topics are described:

■ Activate the Lookup Table
■ The recipient_canonical Lookup Table Format

6-34 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

Activate the Lookup Table

This function is activated in the file /etc/postfix/main.cf by the entry

recipient_canonical_maps = hash:/etc/postfix/recipient_canonical

The recipient_canonical Lookup Table Format

Each line defines a rule that is evaluated by smtpd when an email

arrives.

The rules are processed from top to bottom and the matching of
rules ends when the first match occurs.

Each line consists of the definition of an email address in the first

column and a defined action in the second column.

Possible values for email address patterns are

■ user@domain. Defines a filter for the specified email address.
■ user. Defines a filter for all email addresses with the same user
part, provided the domain part of the email is listed in one of
the variables $myorigin, $mydestination, $inet_interfaces, or
$proxy_interfaces} of the file /etc/postfix/main.cf.
■ @domain. Defines a filter for all email addresses of the
specified domain.

Possible values for actions are

■ user@domain. Rewrites the email addresses to the value
defined here.

Examples:

geeko@digitalairlines.com training@digitalairlines.com
@slc.digitalairlines.com slc@digitalairlines.com

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-35
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

The sender_canonical Lookup Table

You can use the /etc/postfix/sender_canonical lookup table to

rewrite sender addresses of incoming and outgoing emails (for
outgoing email: login@host.internal.com to
firstname.surname@mycompany.com).

The cleanup daemon reads this table when an email arrives before
the generic lookup table /etc/postfix/canonical is read.

The following topics are described:

■ Activate the Lookup Table
■ The sender_canonical Lookup Table Format

Activate the Lookup Table

This function is activated in the file /etc/postfix/main.cf by the entry

sender_canonical_maps = hash:/etc/postfix/sender_canonical

The sender_canonical Lookup Table Format

Each line defines a rule that is evaluated by smtpd when an email

arrives.

The rules are processed from top to bottom and the matching of
rules ends when the first match occurs.

Each line consists of the definition of an email address in the first

column and a defined action in the second column.

Possible values for email address patterns are

■ user@domain. Defines a filter for the specified email address.

6-36 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

■ user. Defines a filter for all email addresses with the same user
part, provided the domain part of the email is listed in one of
the variables $myorigin, $mydestination, $inet_interfaces, or
$proxy_interfaces of the file /etc/postfix/main.cf.
■ @domain. Defines a filter for all email addresses of the
specified domain.

Possible values for actions are

■ user@domain. Rewrites the email address to the value defined
here.

Examples:

training@digitalairlines.com geeko@digitalairlines.com
@slc.digitalairlines.com slc@digitalairlines.com

The relocated Lookup Table

You can use the /etc/postfix/relocated lookup table to return the

corresponding bounced email, with a note of the new address of the
desired addressee, to senders of emails to users that no longer exist
on this system.

The following topics are described:

■ Activate the Lookup Table
■ The relocated Lookup Table Format

Activate the Lookup Table

This function is activated in the file /etc/postfix/main.cf by the entry

relocated_maps = hash:/etc/postfix/relocated

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-37
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

The relocated Lookup Table Format

Each line defines a rule that is evaluated by smtpd when an email

arrives.

The rules are processed from top to bottom and the matching of
rules ends when the first match occurs.

Each line consists of a key field in the first column, which refers to
the email address of the former recipient or defines this by means of
a regular expression and contact information in the second column,
which may contain a new email address of the recipient or other
contact information.

Possible values for the key field are

■ user@domain. Defines a filter for the specified email address.
■ user. Defines a filter for all email addresses with the same user
part, provided the domain part of the email is listed in one of
the variables $myorigin, $mydestination, $inet_interfaces, or
$proxy_interfaces of the file /etc/postfix/main.cf.
■ @domain. Defines a filter for all email addresses of the
specified domain.

Possible values for contact information include any information

(such as email address or telephone number) that will help someone
reach the email addressee. The information is used in "user has
moved to new_location" bounce messages.

Examples:

geeko@digitalairlines.com geeko@novell.com
tux@digitalairlines.com Please call 1-800-PIRATES

6-38 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

The notifications of the mail server are sent by email to the sender:

<geeko@digitalairlines.com>: host da51.digitalairlines.com[10.0.0.51]

said: 550
<geeko@digitalairlines.com>: Recipient address rejected: User has
moved to
geeko@novell.com (in reply to RCPT TO command)

<tux@digitalairlines.com>: host da51.digitalairlines.com[10.0.0.51] said:

550
<tux@digitalairlines.com>: Recipient address rejected: User has moved
to
Please call 1-800-PIRATES (in reply to RCPT TO command)

The transport Lookup Table

You can use the /etc/postfix/transport lookup table to define email

routing for special email address ranges.

The following is described:

■ Activate the Lookup Table
■ The transport Lookup Table Format

Activate the Lookup Table

This function is activated in the file /etc/postfix/main.cf by the entry

transport_maps = hash:/etc/postfix/transport

The transport Lookup Table Format

Each line defines a rule that is evaluated via the qmgr or the
trivial-rewrite daemon before an email is sent.

The rules are processed from top to bottom and the matching of
rules ends when the first match occurs.

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-39
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

Each line consists of the definition of a domain pattern in the first

column and a defined transport path in the second column.

Possible values for the domain pattern are

■ user@domain. Email to the specified user is forwarded over
the defined transport route.
■ domain. All email to the specified domains are forwarded via
the defined transport path.
■ .domain. All email with subdomains under the specified
domain are forwarded via the defined transport path. This is
only important if transport_maps is not listed in the variable
parent_domain_matches_subdomain; otherwise, domain also
includes .domain.

Possible values for the transport path are

■ transport:nexthop. Different values can be assigned to
transport, such as local, smtp, or uucp. Also, any transport
path can be assigned to transport, including self-defined paths
(such as Cyrus and Procmail).
❑ local. Defines the delivery of email via the Postfix process
local that delivers the email in the local system.
For this specification, the value for :nexthop remains
blank.
❑ smtp. Defines the delivery of email via the Postfix process
smtp, which delivers the email to a remote mail exchanger
via the SMTP protocol.
host or host:port can be configured as nexthop for an email
exchanger on a remote host in case it does not accept email
on port 25/TCP.
To prevent DNS lookups on the MX entry, the form [host]
or [host]:port should be used for the nexthop entry.

6-40 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

❑ uucp. Defines the delivery of email via the Postfix process

pipe, which is configured by means of the file
/etc/postfix/master.cf for the delivery of email via UUCP.
The recipient host is specified as nexthop.

Examples:

digitalairlines.com smtp:da51.digitalairlines.com:10025
suse.com uucp:da150

The virtual Lookup Table

You can use the /etc/postfix/virtual lookup table to set up email for
a number of domains with separate user names.

The following topics are described:

■ Activate the Lookup Table
■ The virtual Lookup Table Format

Activate the Lookup Table

This function is activated in the file /etc/postfix/main.cf by the entry

virtual_maps = hash:/etc/postfix/virtual

The virtual Lookup Table Format

Each line defines a rule that is evaluated via smtpd when an email
arrives.

The rules are processed from top to bottom and the matching of
rules ends when the first match occurs.

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-41
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

Using virtual domains requires the definition of the virtual domain

first. This is done by placing the virtual domain name in the first
column and arbitrary text in the second column. This text is only
used to keep the structure of the file and has no meaning.

Every other line describing a recipient address of this domain

contains
■ First column: The recipient address.
■ Second column:
❑ The user name of the local email user to whom the
incoming email should be delivered.
or
❑ A comma-separated list of all local email users to whom
incoming emails should be delivered.

When you specify a virtual domain, only email addresses containing

this virtual domain are modified. Address with a subdomain or host
name are not modified. You need to specify them as virtual domains
first.

Example:

virtual.domain geeko, tux

postmaster@virtual.domain postmaster
user1@virtual.domain geeko
user2@virtual.domain tux

The aliases Lookup Table

The /etc/aliases lookup table is used to define aliases. You cannot

redirect emails to mailboxes on other hosts or domains.

The following topics are described:

■ Activate the Lookup Table
■ The aliases Lookup Table Format

6-42 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

Activate the Lookup Table

This function is activated in the file /etc/postfix/main.cf by the entry

alias_maps = hash:/etc/aliases

The aliases Lookup Table Format

Each line defines a rule that is evaluated by smtpd when an email

arrives.

The rules are processed from top to bottom and the matching of
rules ends when the first match occurs.

Each line contains

■ First column: A local recipient address followed by a colon.
■ Second column: Filtered email is then redirected to another
email user or to another email alias.
Details of the target recipient in the second column can also be
extended to include multiple recipients using a
comma-separated list.
An email is delivered explicitly to a local user if the recipient
address in the second column begins with a “\”.
The following is an example:.

root: \root, geeko

mailer-daemon: root
postmaster: mailer-daemon
daemon: root
webmaster: tux@digitalairlines.com
wwwrun: webmaster

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-43
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

If the file /etc/aliases has been modified, it must be converted into

the hash table /etc/aliases.db by entering

da51:~ # postalias /etc/aliases

or

da51:~ # newaliases

6-44 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

Exercise 6-3 Use Lookup Tables

In this exercise, you use the Postfix lookup tables.

You will find this exercise in the workbook.

(End of Exercise)

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-45
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

Use Postfix Tools

Apart from the previously mentioned tools, Postfix also has a whole
range of other useful administration tools that can make life
considerably easier for a postmaster.

This section briefly introduces the administration tools for Postfix:

■ newaliases. Converts the ASCII file /etc/aliases to the hash
table /etc/aliases.db.
■ mailq. Lists all emails in the mail queues that have not yet been
sent.
■ postalias. Converts the ASCII file /etc/aliases to the hash table
/etc/aliases.db. Same as newaliases.
■ postcat. Displays the contents of a file from the queue
directories in a readable form.
■ postconf. Without any parameters, this tool displays the values
of all variables defined in the file /etc/postfix/main.cf as well as
the values used by the standard variables. To modify variables
directly, enter
postconf -e key=value
These changes are automatically integrated in the file main.cf.
■ postdrop. This is run automatically by using the sendmail
command, if sendmail cannot write any files to the maildrop
directory because of missing world-writable permissions. It
saves the forwarded email as sgid maildrop.
■ postfix. Enables configuration errors to be found (postfix
check), forces email from the deferred queue to be delivered
immediately (postfix flush), or rereads the Postfix
configuration files (postfix reload).
■ postmap. Generates the hash tables for the lookup tables in the
directory /etc/postfix/.

6-46 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

■ postsuper. Checks the file structure in the queue directories and

removes unneeded files and directories (postsuper -s) or
deletes files and directories that have been left after a system
crash and are useless (postsuper -p).
Individual email messages can be removed from the mail
queues with postsuper -d ID.
In general, postsuper removes all files that are not normal files
or directories (such as symbolic links).

x Run the command postsuper -s immediately before starting the Postfix

system.

b For more information about these tools, see the man page man 1
Postfix-Tool.

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-47
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

Objective 2 Apache Web Server

To set up a Apache web server on SUSE Linux Enterprise Server,
you need to know the following:
■ Setup a Basic Web Server
■ Configure Virtual Hosts

Other configuration tasks, like limiting access to the web server

with .htaccess files, PHP, etc., are specific to Apache and do not
differ substantially between RHEL 4 and SLES 10.

Setup a Basic Web Server

■ The Basic Functionality of a Web Server

■ Install a Basic Apache Web Server
■ Understand the Structure and the Basic Elements of the Apache
Configuration Files
■ Understand the Default Apache Configuration

The Basic Functionality of a Web Server

A web server delivers data that is requested by a web browser. The

data can have differnt formats such as HTML files, image files,
Flash animations, or sound files.

Web browsers and web servers communicate using HTTP (Hyper

Text Transfer Protocol).

In addition to delivering data to the web browser, a web server can

perform tasks such as limiting access to specific web pages, logging
access to a file, and encrypting the connection between a server and
browser.

6-48 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

Install a Basic Apache Web Server

To set up a basic Apache web server, you need to do the following:

■ Install the Required Software Packages
■ Start and Test the Web Server
■ Locate the DocumentRoot of the Web Server

Install the Required Software Packages

To run a basic Apache web server, you need to install the following
packages with YaST:
■ apache2. The basic web server software.
■ apache2-prefork. An additional Apache package that
influences the multiprocessing behavior of the web server.
■ apache2-example-pages. Sample HTML pages.

When you install the packages listed above, YaST prompts you to
also install one or more additional packages required by Apache.
Confirm the additional package installation by selecting OK to
resolve all dependencies of the Apache packages.

Start and Test the Web Server

After installing the required software, you need to start the web
server. Do this as the root user by entering the following:

rcapache2 start

As with all services, enter the following to stop the web server:

rcapache2 stop

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-49
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

If you want the web server to start up at boot time, you need to enter
the following:

insserv apache2

To test whether the web server is properly installed, open a web

browser and enter the following address:

http://localhost/

The browser displays the following page:

Figure 6-4

If your SUSE Linux Enterprise Server 10 is connected to a network,

you (and other hosts on the network) can remotely access the web
server by entering the following:

http://your_system_IP_address/

If your network provides a DNS server, you can use the hostname
instead of the IP address.

6-50 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

Locate the DocumentRoot of the Web Server

The default directory of the data provided by Apache is

/srv/www/htdocs/.

This directory is also called the DocumentRoot of the web server.

After the installation, it contains the Apache example pages, which
are displayed above.

You can replace the data in the DocumentRoot directory to display

your own web server content. Because the web server runs with the
user id wwwrun, you have to make sure that this user has read
access to files in the DocumentRoot directory.

If you create subdirectories in DocumentRoot, you can access those

subdirectories with the following web address scheme:

http://your_server/name_of_subdirectory

If no specific file is requested in the address, Apache looks for a file

with the name index.html. You can change the name of this default
file in the Apache configuration files.

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-51
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

Exercise 6-4 Install Apache

In this exercise, you install the apache components on your system

You can find the exercise in the workbook.

(End of Exercise)

Exercise 6-5 Test the Apache Installation

In this exercise, you check if the installation of apache was

successful.

You can find the exercise, in the workbook.

(End of Exercise)

6-52 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

Understand the Structure and the Basic Elements of the

Apache Configuration Files

To configure the Apache web server, you need to do the following:

■ Locate the Apache Configuration Files
■ Understand the Basic Rules of the Configuration Files

Locate the Apache Configuration Files

The configuration of the Apache web server is spread over several

configuration files located in the directory /etc/apache2/.

The following is a list of the most important Apache configuration

files:
■ httpd.conf. This is the main Apache configuration file.
■ default-server.conf. This file contains the basic web server
setup. However, all options set in this file can be overwritten by
other configuration files.
■ vhost.d/. This is a directory containing configuration files for
virtual host setups. You will learn more about virtual hosts later
in this section.
■ uid.conf. This configuration file sets the user and group id for
Apache. By default, Apache uses the user id wwwrun and the
group id www.
■ listen.conf. In this configuration file, you can specify the IP
addresses and TCP/IP ports Apache is listening to. By default,
Apache listens to all assigned interfaces on port 80.
■ server-tuning.conf. You can use this configuration file to fine
tune the performance of Apache. The default values should be
fine unless you are going to run a web server that has to handle
a lot of requests at the same time.
■ error.conf. In this file you configure the behavior of Apache
when a request cannot be performed correctly.

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-53
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

■ ssl-global.conf. Configure the connection encryption with SSL

in this configuration file.

Understand the Basic Rules of the Configuration Files

The options of the Apache configuration files are called directives.

Directives are case sensitive, which means that a word such as
“include” is not the same as “Include.”

Directives can be grouped so that they do not apply to the global

server configuration. In the following, the directives only apply to
the directory /srv/www/htdocs:

<Directory "/srv/www/htdocs">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>

The directives are grouped by <Directory “/srv/www/htdocs”> and

</Directory> which limits their validity to the directory
/srv/www/htdocs only.

You can use the # character to indicate comments in the

configuration file. All lines starting with a # are ignored by the
Apache server.

Whenever you edit the Apache configuration files, you need to

reload the web server by entering the following:

rcapache2 reload

In some cases it is not enough to reload Apache. You need to stop

and restart the web server by entering the following:

rcapache2 restart

6-54 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

If you are not sure that your changes use the correct syntax, you can
verify the syntax of the configuration files by entering the
following:

apache2ctl configtest

If the syntax is correct, the command displays the following

message:

Syntax OK

Understand the Default Apache Configuration

The main Apache web server configuration is defined in the file

/etc/apache2/default-server.conf. The following is an overview of
the most important directives used in that file:

Table 6-1 Directive Description

DocumentRoot Specifies the DocumentRoot of

the web server.

<Directory “dir_name”> All directives used within this

block apply only to the specified
</Directory> directory.

Options With this directive additional

options can be applied to logical
blocks like directories.

AllowOverride Determines whether directives are

allowed to be overwritten by a
configuration found in a .htaccess
file in a directory.

Alias “fakename” “realname” Allows you to create an alias to a

directory.

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-55
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

(continued) Table 6-1 Directive Description

ScriptAlias Allows you to create an alias to a

directory containing scripts for
dynamic content generation.

In most cases the default settings are suitable and don't need to be
changed.

b An overview of all Apache directives can be found at

http://httpd.apache.org/docs-2.0/mod/directives.html.

Configure Virtual Hosts

To use the virtual host feature of Apache, you need to know the
following:
■ The Concept of Virtual Hosts
■ Configure a Virtual Host

The Concept of Virtual Hosts

With the default setup, the Apache server can be reached with a
browser using the following web addresses (URLs):
■ http://localhost (from the computer where the web server is
running)
■ http://web_server_IP_address
■ http://web_server_hostname

For all of these addresses, Apache serves the same files located in
the DocumentRoot directory.

6-56 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

Using this setup, you would need a dedicated computer for every
domain of the Internet. To avoid this, Apache can be configured to
host multiple virtual web servers on one physical system. These
virtual web servers are called virtual hosts.

To access virtual hosts, a DNS entry is needed for every virtual host
of the Apache web server.

The following outlines the steps of sending a request to the virtual

host www.example.com:
1. The web browser requests the IP address of the host
www.example.com.
2. The browser uses the IP address to request a file from the Apache
web server listening on the IP address of www.example.com.
3. In the HTTP request, the browser includes the hostname of the
server it wants to reach.
4. Apache uses the hostname to determine the corresponding virtual
host and delivers the requested data from that host.

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-57
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

The following illustrates this process:

Figure 6-5
DNS Server
Requests IP address for
The same IP address for:
www.example.com
www.example.com
www2.example.com
www3.example.com
www4.example.com

Uses the IP addresses to request Web Server

data from the Virtual Host
Virtual Hosts for:
www.example.com
Web Browser www.example.com
www2.example.com
www3.example.com
www4.example.com

Configure a Virtual Host

For every virtual host you need to create a configuration file in the
directory /etc/apache2/vhosts.d/. The name of the configuration file
has to end with .conf.

You can find a template file vhost.template in the directory

/etc/apache2/vhosts.d/ to use as a base for your configuration file.

You need to edit the following directives in the template:

Table 6-2 Directive Description

ServerAdmin Enter the email address of the

Virtual Host administrator here.

6-58 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

(continued) Table 6-2 Directive Description

ServerName Enter the hostname of the virtual

host as it is configured in the
DNS.
DocumentRoot Set the DocumentRoot of the
virtual host. The directory and the
files in the directory must be
readable by the user wwwrun.
ErrorLog Enter a filename for the error log.
The file must be writable for the
user wwwrun.
CustomLog Enter a filename for the general
log file. The file must be writable
for the user wwwrun.
ScriptAlias Set the ScriptAlias to a directory
of your choice. The directory must
not be under the DocumentRoot
of the virtual host. If you don’t
need scripts for dynamic content
creation, delete this directive.
<Directory “script_dir”> If you’ve set a ScriptAlias before,
you have to configure a directory
which contains the script files. If
you are not using a ScriptAlias,
delete this directory block.
<Directory “document_root”> You need to adjust the path name
of this directory directive to the
path of your DocumentRoot.

After customizing the template file, you need to reload the Apache
web server. You also need to make sure that the settings in DNS are
updated so that the hostname of your virtual host is resolved
correctly.

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-59
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

Exercise 6-6 Configure a Virtual Host

In this exercise, you configure a virtual host for the accounting

department.

You can find this exercise, in the workbook.

(End of Exercise)

6-60 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

Summary

Objective Summary

1. Postfix The Postfix Mail Delivery Agent

consists of several modules that
process different queues
designed to receive and send
mail.
The Postfix master daemon is
configured via the file
/etc/postfix/master.cf
All other configuration
parameters, with the exception of
the lookup tables, are contained in
/etc/postfix/main.cf.
On SUSE Linux Enterprise Server
10, the most common parameters
of this file can be modified using
variables in the files
/etc/sysconfig/mail
and
/etc/sysconfig/postfix
Modifications in the file
/etc/sysconfig/postfix are only
adopted in the file
/etc/postfix/main.cf and, in some
cases, in the file
/etc/postfix/master.cf after
executing /sbin/SuSEconfig.
Lookup tables contain rules for
processing email within the overall
Postfix system.

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-61
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

Objective Summary

1. Postfix (contd.) The following are Postfix tools:

■ newaliases. Converts the ASCII
file /etc/aliases to the hash table
/etc/aliases.db.
■ mailq. Lists all email in the mail
queues that have not yet been
sent.
■ postalias. Converts the ASCII
file /etc/aliases to the hash table
/etc/aliases.db. Same as
newaliases.
■ postcat. Displays the contents
of a file from the queue
directories in a readable form.
■ postconf. Displays the values
of all variables.
Enter postconf -e key=value to
modify variables directly.
These changes are
automatically integrated in the
file main.cf.
■ postdrop. This is run
automatically by the command
sendmail.
■ postfix. Enables configuration
errors to be found, forces email
from the deferred queue to be
delivered immediately, or
rereads the Postfix configuration
files.
■ postmap. Generates the hash
tables for the lookup tables in
the directory /etc/postfix/.
■ postsuper. Removes all files
that are not normal files or
directories.

6-62 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
 Configure Mail and Web Services

Objective Summary

2. Apache Web Server Apache is the leading web server

software.
For a basic web server, you need
to install the following packages:
■ apache2
■ apache2-prefork
■ apache2-example-pages
The locally running web server
can be accessed using the
address http://localhost/.
The default document root of the
web server is /etc/www/htdocs.
The Apache configuration files are
located in the directory
/etc/apache2.
The options of the Apache
configuration files are called
directives.
You can check the syntax of the
configuration file with the
command
apache2ctl configtest.
By configuring virtual hosts you
can host multiple domains on one
physical machine.
You need to create a configuration
file in the directory
/etc/apache2/vhosts.d/ for every
virtual host.

Version 1 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 6-63
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Migrating from RedHat to SUSE Linux Enterprise Server 10

6-64 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.