Installing Postfix on Mac OS X Server
Updated 12 September 2002
 |
PostfixWe tested a fresh installation of Postfix 1.1.11 with Mac OS X 10.2 (with the latest Developer Tools and BSD SDK) on 5 September 2002 and found no problems installing or running the software. |
Apple’s Mac OS X Server is a truly unique server operating system. On the one hand, it allows for easy set-up and configuration of some heavy-duty server processes that most any rookie system administrator can get up and running in literally a matter of minutes. On the other hand, it can give even the most die-hard command line junkie a run for his money. It is in the combination of these two features that allow a moderately educated person work wonders. I hope in a couple of articles to show some of the truly amazing things that can be done with this product with a minimum of hassle.
First off is a bit of a brain transplant on the SMTP server that Apple includes. For whatever reason Apple has decided to leave the server as an open relay. Not only can that cause significant headaches for your users when your site gets blacklisted on the spam prevention lists but can open you up to serious bandwidth reduction. While you can play tricks with firewall rules and other hijinks to mitigate this problem, the easiest solution is to replace the included smtp server with something that allows for a greater range of options.
The first package that comes to mind is Sendmail, the traditional Unix SMTP server. However, the configuration of Sendmail can drive grown men to tears very quickly. Instead we will be installing Postfix, a very easy-to-use but very powerful drop-in replacement for both Sendmail and Apple’s smtp server.
Postfix can work with most any POP/IMAP mail server, but to keep things really simple we are going to use it with the POP/IMAP server that Apple provides. This makes user management very easy since all of the users and groups information is stored in the server’s netinfo database.
We are going to be compiling Postfix from the source which means that you will have to have the Developer’s Tools installed on your machine.
The first step is to create a new user and group on your server for postfix to use.
Create a user called postfix that cannot login and set their shell to /dev/null. Then create a group called maildrop that has no users. This allows for Postfix to run in a very secure environment such that if a security flaw with Postfix is ever found crackers can do very little damage to your machine with the exploit.
Then go to www.postfix.org and proceed to the downloads page. Find a mirror site near you and download the latest snapshot. You can get the stable release to work, but it takes a bit of effort. I have been using the snapshots for quite some time with no problems. If you use a web browser to download the files Stuffit Expander should automatically do all of the decompressing for you. Now might be a good time to set up a src directory on your machine to keep source code in. This helps to keep your system tidy and gives you a bit of an idea of what you have already installed on your machine and when. So go into the Finder and create a new folder called “src” and move the postfix snapshot folder into that.
Now come the command line parts.
| cd ~/src/snapshot20020112 |
|
Change this to fit the exact name of the snapshot and where you put your src folder. |
| make |
|
This starts the compilation process, postfix will compile out of the box with no need to change anything. |
| sudo make install |
|
This actually installs the application. You will be asked for your user password and then you will be prompted to answer a number of questions. Unless you have a reason to do something different just use the default answer, by hitting the return key at the prompts, for every question. |
Postfix is now installed, all you need to do is edit the configuration file. There are two ways to do this. One is to edit the file from the command line using vi or emacs. If you know how to do that, go right ahead. However, if you prefer a graphical editor for this kind of work there is an easy way of getting that to work.
Go back to the command line:
| cd /etc/postfix |
|
This moves you to the directory where Postfix keeps its configuration files. |
| open -e main.cf |
|
This will open the main config file in TextEdit. |
Now go change the following lines in this file. On lines 87 and 88 remove the # in front of the line and swap your hostname and domain name for $myhostname and $mydomain, respectively. This tells Postfix what your machine is called. It’s possible to get this information from the system, but it is many times best to explicitly specify this information here.
Starting at line 124 you want to remove the # in front of one of the lines and make sure all of your mail domains are represented in the variables. For single-domain servers, uncommenting line 126 and 127 while making no edits to the variables should do the trick.
You can uncomment line 301, which will allow Postfix to use the NetInfo aliases that you can set up using the NetInfo manager. These can be used to create mailing lists and even trick the Apple Mail Server it being able to serve multiple domains that have the same user names. Look at the aliases that are already in the NetInfo database and you’ll get the hang of it.
Next, get Postfix to send local mail to the Apple Mail Server by uncommenting line 374 and replacing “cyrus” with “smtp:[127.0.0.1]:627” This configures Postfix to relay all local mail by SMTP to port 627 on the local machine (on which the Apple Mail Server will soon be listening after we make another quick change).
You are pretty much down with the configuration file for a basic setup. However, as you can see, there are a lot of other options here that you can play with. The comments in the file are very good and should give you everything you need to know about most of the options. Just remember, as the header on this file says, only change one or two things and test to make sure everything still works.
Now we need to save this file. If you are in TextEdit go to “Save As?” and save this file to the desktop—keeping the name “main.cf".
Now, back to the command line.
you should still be in the /etc/postfix directory; if not get back there by:
cd /etc/postfix
Once you are back:
| sudo mv main.cf main.bak |
|
This changes the name of the stock main.cf file to main.bak just in case you need to go back to it. |
| sudo mv ~/Desktop/main.cf main.cf |
|
This moves your changed version from the desktop to the /etc/postfix folder. |
| sudo chmod 644 main.cf |
|
This sets the permissions of the main.cf to allow only root to write to it but everyone else to be able to read it. |
| sudo chown root:wheel main.cf |
|
This sets the owner and group to root and wheel so no curious users can change it. |
Now we need to set up the Apple Mail Server to listen on a different port than 25 to incoming e-mail. Otherwise, Postfix can’t do its magic. Go into the Server Admin application and log onto your server. Go to the Internet tab. Click on the Mail Service icon and pull down to Configure Mail Service. Then click on the “Protocols” tab of the window that pops up. Click on the top pull-down menu that says “SMTP” and change it to Sendmail. Notice that the port underneath the menu changes to 627. Now the Apple Mail Server is out of the way and we can startup Postfix.
Go back to the command line.
| rehash |
|
This ensures that the shell sees the new postfix commands that we installed. |
| sudo postfix start |
|
This starts up the Postfix smtp process. |
You can quickly check if everything is running well by typing this on the command line.
| telnet 127.0.0.1 25 |
|
This opens up a telnet session to the machine that you are working on. If all goes well you should see an SMTP welcome message with the name of your server. |
Now the only thing left to tidy up is to get Postfix to launch on bootup of your server. Happily for us, a sample startup item has been included with the Postfix distribution. We need to make a few changes, though. First, create a folder in the /Library folder called “StartupItems” Then go into the Finder and navigate your way inside the Postfix source code folder to snapshot.../auxilliary/Mac OSX/Postfix.StartupItem/Postfix. Drag this file onto TextEdit and change the two instances of “MAILSERVER” to “POSTFIX". Rename the Postfix.StartupItem folder to “Postfix” and drag the folder into the /Library/StartupItems folder you just created. Now one last quick trip back to the command line. I’ll walk you through doing this with TextEdit or just use vi or any of the other command line text editors.
| cd /etc |
|
Takes you to the etc directory. |
| open -e hostconfig |
|
This will open the hostconfig file in TextEdit. |
First make sure that MAILSERVER is set to NO. Then add a new line at the bottom: “POSTFIX=-YES-". This ensures that the Postfix startup script is called whenever the machine boots. Now do a Save As… and save this document to the Desktop and go back to the command line.
| cd /etc |
|
If you are not there already |
| sudo mv hostconfig hostconfig.old |
|
This backs up the hostconfig file |
| sudo mv ~/Desktop/hostconfig hostconfig |
|
This moves your changed file back to where it belongs |
| sudo chmod 644 hostconfig |
|
Sets the correct permissions |
| sudo chown root:wheel hostconfig |
|
Sets the correct user and group |
That’s it. Should have taken you an hour or so. You can now only relay through your server from your local network, and you are still able to use your existing POP/IMAP server. Happy e-mailing.