This environment is at once the most complex and also the most rewarding use of Postfix. It is here that Postfix really starts to shine when compared to MTAs which weren't written with speed and resource preservation in mind. In short, if you're an ISP or a Web Presence Provider (WPP) with lots of e-mail clients, mailing lists and domains to serve mail for you will really reap the benefits of switching to Postfix from sendmail.
A couple of caveats here; a real disk sub-system is called for in this environment (this may be read as UW-SCSI and hardware RAID), a machine with some power would also be a good idea (SMP PIII with a pile of RAM comes to mind). Now if your budget doesn't have the ability to carry this freight you're in luck because you can do the same things with less... a lot less in fact.
Here is a sample configuration for a service provider:
# main.cf # last modified: 11 November 1999 # the setup file for postfix... # this one is custom built for Company Samples, Inc. # # setup all the standard paths # queue_directory = /var/spool/postfix program_directory = /usr/libexec/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_spool_directory = /var/spool/mail mailbox_command = /usr/bin/procmail # who we run as # mail_owner = postfix # privileges have to be set # default_privs = nobody # who are we? # myhostname = server.company.com mydomain = company.com myorigin = $mydomain # what should the postmaster be warned about? # notify_classes = resource, software, policy, protocol # what domains will we accept mail for? # the localdomains file is not mapped or hashed. It uses plain text. # One listing per line. It's equivalent to class w with sendmail. mydestination = $myhostname, localhost.$mydomain, $mydomain, /etc/postfix/localdomains # who is allowed to send mail through us? # make sure that all your pop networks get listed here or you'll have trouble mynetworks = 10.0.0.0/24, 126.96.36.199/24, 188.8.131.52/24, 127.0.0.0/8 # which interfaces can we use? # inet_interfaces = all # we don't do uucp here # default_transport = smtp # let's set up our map files # virtual_maps = hash:/etc/postfix/virtusertable alias_maps = hash:/etc/postfix/aliases, hash:/etc/postfix/majordomo alias_database = hash:/etc/postfix/aliases, hash:/etc/postfix/majordomo # anti-UCE stuff # maps_rbl_domains = rbl.maps.vix.com, dul.maps.vix.com #these two can be a bit too restrictive -----> relays.mail-abuse.org, relays.orbs.org smtpd_client_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/access, reject_maps_rbl, reject_unauth_pipelining smtpd_sender_restrictions = permit_mynetworks, check_sender_access hash:/etc/postfix/access, reject_unknown_sender_domain, reject_maps_rbl smtpd_recipient_restrictions = permit_mynetworks, permit_mx_backup, reject_unauth_destination, check_relay_domains smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) # who we will relay for # the relay-domains file is a plain text file. It is not mapped or hashed. Domains are listed one per line relay_domains = $mydestination, /etc/postfix/relay-domains # mandatory setup for debugging # local_destination_concurrency_limit = 2 default_destination_concurrency_limit = 10 debug_peer_level = 2 #debugger_command = /usr/bin/strace -p $process_id -o /tmp/smtpd.$process_id & sleep 5 # end of config
Procedurally that's about all there is to it. Once this config is in place you should be ready to roll as long as all of your maps and support files are completed as well. One thing we skipped over earlier, we'll cover here -- the purpose, use, and an example for the virtusertable. In point of fact if you just switched from sendmail to Postfix your existing virtusertable will work just fine as the syntax is exactly the same. Its purpose is really quite simple. What it does is it allows you to have multiple e-mail addresses of the same name (but different domains) or to map a local users address to something completely different. Check the example below and you'll see some common issues solved that should make it clear:
# virtusertable for company.com # firstname.lastname@example.org bob email@example.com ralph firstname.lastname@example.org chuck email@example.com firstname.lastname@example.org email@example.com sally firstname.lastname@example.org guru email@example.com techman firstname.lastname@example.org clothespony email@example.com aceofspades firstname.lastname@example.org guru email@example.com chuck firstname.lastname@example.org bob email@example.com bobby firstname.lastname@example.org robert email@example.com ralph firstname.lastname@example.org sally #done
So after this file is created all you have to do is map it like this: postmap virtusertable.