9.4 The Service Provider

This environment is at once the most complex and also the most rewarding use of Postfix. It is here that Postfix really starts to shine when compared to MTAs which weren't written with speed and resource preservation in mind. In short, if you're an ISP or a Web Presence Provider (WPP) with lots of e-mail clients, mailing lists and domains to serve mail for you will really reap the benefits of switching to Postfix from sendmail.

A couple of caveats here; a real disk sub-system is called for in this environment (this may be read as UW-SCSI and hardware RAID), a machine with some power would also be a good idea (SMP PIII with a pile of RAM comes to mind). Now if your budget doesn't have the ability to carry this freight you're in luck because you can do the same things with less... a lot less in fact.

Here is a sample configuration for a service provider:

   # main.cf
   # last modified: 11 November 1999
   # the setup file for postfix...
   # this one is custom built for Company Samples, Inc.
   #
   # setup all the standard paths
   #
   queue_directory = /var/spool/postfix
   program_directory = /usr/libexec/postfix
   command_directory = /usr/sbin
   daemon_directory = /usr/libexec/postfix
   mail_spool_directory = /var/spool/mail
   mailbox_command = /usr/bin/procmail
   
   # who we run as
   #
   mail_owner = postfix 
   
   # privileges have to be set
   #
   default_privs = nobody
   
   # who are we?
   #
   myhostname = server.company.com
   mydomain = company.com
   myorigin = $mydomain
    
   # what should the postmaster be warned about?
   #
   notify_classes = resource, software, policy, protocol 
    
   # what domains will we accept mail for?
   # the localdomains file is not mapped or hashed. It uses plain text. 
   # One listing per line. It's equivalent to class w with sendmail.
   mydestination = $myhostname, localhost.$mydomain, $mydomain, /etc/postfix/localdomains
    
   # who is allowed to send mail through us?
   # make sure that all your pop networks get listed here or you'll have trouble
   mynetworks = 10.0.0.0/24, 200.200.198.0/24, 200.200.197.0/24, 127.0.0.0/8 
    
   # which interfaces can we use?
   #
   inet_interfaces = all 
    
   # we don't do uucp here
   #
   default_transport = smtp
    
   # let's set up our map files
   #
   virtual_maps = hash:/etc/postfix/virtusertable
   alias_maps = hash:/etc/postfix/aliases, hash:/etc/postfix/majordomo
   alias_database = hash:/etc/postfix/aliases, hash:/etc/postfix/majordomo
    
   # anti-UCE stuff
   #
   maps_rbl_domains = rbl.maps.vix.com, dul.maps.vix.com
   #these two can be a bit too restrictive -----> relays.mail-abuse.org, relays.orbs.org
   
   smtpd_client_restrictions = 
   					permit_mynetworks, 
					check_client_access hash:/etc/postfix/access, 
					reject_maps_rbl, 
					reject_unauth_pipelining
    
   smtpd_sender_restrictions = 
   					permit_mynetworks, 
					check_sender_access hash:/etc/postfix/access, 
					reject_unknown_sender_domain, 
					reject_maps_rbl
    
   smtpd_recipient_restrictions = 
   					   permit_mynetworks, 
					   permit_mx_backup, 
					   reject_unauth_destination, 
					   check_relay_domains
    
   smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
    
   # who we will relay for
   # the relay-domains file is a plain text file. It is not mapped or hashed. Domains are listed one per line
   
   relay_domains = $mydestination, /etc/postfix/relay-domains
    
   # mandatory setup for debugging
   #
   local_destination_concurrency_limit = 2
   default_destination_concurrency_limit = 10
   debug_peer_level = 2
    
   #debugger_command = /usr/bin/strace -p $process_id -o /tmp/smtpd.$process_id & sleep 5 
    
   # end of config
   

Procedurally that's about all there is to it. Once this config is in place you should be ready to roll as long as all of your maps and support files are completed as well. One thing we skipped over earlier, we'll cover here -- the purpose, use, and an example for the virtusertable. In point of fact if you just switched from sendmail to Postfix your existing virtusertable will work just fine as the syntax is exactly the same. Its purpose is really quite simple. What it does is it allows you to have multiple e-mail addresses of the same name (but different domains) or to map a local users address to something completely different. Check the example below and you'll see some common issues solved that should make it clear:

   # virtusertable for company.com
   #
   webmaster@company.com     bob
   webmaster@otherdomain.com     ralph
   webmaster@uguessedit.com     chuck
   webmaster@salesdomain.net     tim@somewhere-else.net
   webmaster@turkeytrot.dom     sally
   webmaster@linuxhelp.net     guru
   redhat@virtdom.net     techman
   redhat@otherdomain.com     clothespony
   redhat@thehouseofcards.dom     aceofspades
   redhat@linuxhelp.net     guru
   mta.geek@uguessedit.com     chuck
   bob.smith@company.com     bob
   bob.smith@turkeytrot.dom     bobby
   bob.smith@linuxhelp.net     robert
   ralph.smith@company.com     ralph
   sally.smith@company.com     sally
   #done
   

So after this file is created all you have to do is map it like this: postmap virtusertable.