Postfix (software)
Encyclopedia
In computing
, Postfix is a free
and open-source
mail transfer agent
(MTA) that routes and delivers electronic mail
. It is intended as a fast, easier-to-administer, and secure alternative to the widely-used Sendmail
MTA.
It is released under the IBM Public License
1.0 which is a free software licence
.
Originally written in 1997 by Wietse Venema
at the IBM
Thomas J. Watson Research Center
and first released in December 1998, Postfix continues to be actively developed by its creator and other contributors. The software is also known by its former names VMailer and IBM Secure Mailer.
Postfix has a particular resilience against buffer overflow
s and can handle large amounts of e-mail. A Postfix system implements a cooperating network of different daemon
s. Each daemon fulfills a single task using minimum privileges. In this way, if a daemon is compromised, the impact remains limited to that daemon and cannot spread throughout the entire system. Only one process has root privileges (master), and few processes actually write to locations outside the queue directory (local, virtual) or invoke external programs (local, pipe). Most daemons can be easily chroot
ed and communicate through named pipe
s or UNIX-domain sockets.
The Postfix Standard Configuration Examples document discusses configuration settings for a few common environments.
The Postfix Address Rewriting document covers address rewriting and mail routing. The full documentation collection is at Postfix Documentation
More complex Postfix implementations include integration with (for example) SpamAssassin
and support for multiple (virtual) domain names, where data in databases such as MySQL
can drive complex configurations.
Computing
Computing is usually defined as the activity of using and improving computer hardware and software. It is the computer-specific part of information technology...
, Postfix is a free
Free software
Free software, software libre or libre software is software that can be used, studied, and modified without restriction, and which can be copied and redistributed in modified or unmodified form either without restriction, or with restrictions that only ensure that further recipients can also do...
and open-source
Open-source software
Open-source software is computer software that is available in source code form: the source code and certain other rights normally reserved for copyright holders are provided under a software license that permits users to study, change, improve and at times also to distribute the software.Open...
mail transfer agent
Mail transfer agent
Within Internet message handling services , a message transfer agent or mail transfer agent or mail relay is software that transfers electronic mail messages from one computer to another using a client–server application architecture...
(MTA) that routes and delivers electronic mail
E-mail
Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
. It is intended as a fast, easier-to-administer, and secure alternative to the widely-used Sendmail
Sendmail
Sendmail is a general purpose internetwork email routing facility that supports many kinds of mail-transfer and -delivery methods, including the Simple Mail Transfer Protocol used for email transport over the Internet....
MTA.
It is released under the IBM Public License
IBM Public License
The IBM Public License is a free software / open-source software license written and sometimes used by IBM.It is approved by the Open Source Initiative and is described as a "free software license" by the Free Software Foundation ....
1.0 which is a free software licence
Free software licence
A free software licence is a software licence which grants recipients rights to modify and redistribute the software, which would otherwise be prohibited by copyright law. A free software licence grants, to the recipients, freedoms in the form of permissions to modify or distribute copyrighted work...
.
Originally written in 1997 by Wietse Venema
Wietse Venema
Dr. Wietse Zweitze Venema is a Dutch programmer and physicist best known for writing the Postfix email system. He also wrote TCP Wrapper and collaborated with Dan Farmer and Samuel Johnson to produce the computer security tools SATAN and The Coroner's Toolkit.-Biography:He studied physics at the...
at the IBM
IBM
International Business Machines Corporation or IBM is an American multinational technology and consulting corporation headquartered in Armonk, New York, United States. IBM manufactures and sells computer hardware and software, and it offers infrastructure, hosting and consulting services in areas...
Thomas J. Watson Research Center
Thomas J. Watson Research Center
The Thomas J. Watson Research Center is the headquarters for the IBM Research Division.The center is on three sites, with the main laboratory in Yorktown Heights, New York, 38 miles north of New York City, a building in Hawthorne, New York, and offices in Cambridge, Massachusetts.- Overview :The...
and first released in December 1998, Postfix continues to be actively developed by its creator and other contributors. The software is also known by its former names VMailer and IBM Secure Mailer.
Features
- Transport Layer SecurityTransport Layer SecurityTransport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
- delegation of SMTPSimple Mail Transfer ProtocolSimple Mail Transfer Protocol is an Internet standard for electronic mail transmission across Internet Protocol networks. SMTP was first defined by RFC 821 , and last updated by RFC 5321 which includes the extended SMTP additions, and is the protocol in widespread use today...
policies to an external process (this allows greylistingGreylistingGreylisting is a method of defending e-mail users against spam. A mail transfer agent using greylisting will "temporarily reject" any email from a sender it does not recognize. If the mail is legitimate the originating server will, after a delay, try again and, if sufficient time has elapsed, the...
) and advanced filtering (e.g. using policyd-weightPolicyd-weightpolicyd-weight is a mail filter for the Postfix mail transfer agent written in Perl, by Robert Felber. It allows postfix to evaluate mail envelope information and to score mail against several DNS-based Blackhole Lists before the mail is queued...
, Postfix can check the E-mail meta-information (sender, recipient, client, helo) against various DNSBLDNSBLA DNSBL is a list of IP addresses published through the Internet Domain Name Service either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time...
s and for RFCRequest for CommentsIn computer network engineering, a Request for Comments is a memorandum published by the Internet Engineering Task Force describing methods, behaviors, research, or innovations applicable to the working of the Internet and Internet-connected systems.Through the Internet Society, engineers and...
compliance, and reject near-certain spam ahead of receiving the body of the messages, lessening server load) - delegation of the delivery to an external process (this allows inspection of the header and body of an email)
- different databaseDatabaseA database is an organized collection of data for one or more purposes, usually in digital form. The data are typically organized to model relevant aspects of reality , in a way that supports processes requiring this information...
s for maps: Berkeley DBBerkeley DBBerkeley DB is a computer software library that provides a high-performance embedded database for key/value data. Berkeley DB is a programmatic software library written in C with API bindings for C++, PHP, Java, Perl, Python, Ruby, Tcl, Smalltalk, and most other programming languages...
, CDB, DBM, LDAPLightweight Directory Access ProtocolThe Lightweight Directory Access Protocol is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network...
, MySQLMySQLMySQL officially, but also commonly "My Sequel") is a relational database management system that runs as a server providing multi-user access to a number of databases. It is named after developer Michael Widenius' daughter, My...
, SQLiteSQLiteSQLite is an ACID-compliant embedded relational database management system contained in a relatively small C programming library. The source code for SQLite is in the public domain and implements most of the SQL standard...
and PostgreSQLPostgreSQLPostgreSQL, often simply Postgres, is an object-relational database management system available for many platforms including Linux, FreeBSD, Solaris, MS Windows and Mac OS X. It is released under the PostgreSQL License, which is an MIT-style license, and is thus free and open source software... - MboxMboxmbox is a generic term for a family of related file formats used for holding collections of electronic mail messages. All messages in an mbox mailbox are concatenated and stored as plain text in a single file...
-style mailboxes, MaildirMaildirThe Maildir e-mail format is a common way of storing e-mail messages, where each message is kept in a separate file with a unique name, and each folder is a directory...
-style mailboxes, and virtual domains - Address rewriting (envelope and headerHeader (information technology)In information technology, header refers to supplemental data placed at the beginning of a block of data being stored or transmitted. In data transmission, the data following the header are sometimes called the payload or body....
), VERPVariable envelope return pathVariable envelope return path is a technique used by some electronic mailing list software to enable automatic detection and removal of undeliverable e-mail addresses...
, SMTP-AUTH via SASLSimple Authentication and Security LayerSimple Authentication and Security Layer is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols, in theory allowing any authentication mechanism supported by SASL to be used in any application protocol that uses... - milterMilterMilter is an extension to the widely used open source mail transfer agents Sendmail and Postfix. It allows administrators to add mail filters for filtering spam or viruses very efficiently in the mail-processing chain...
support compatible with SendmailSendmailSendmail is a general purpose internetwork email routing facility that supports many kinds of mail-transfer and -delivery methods, including the Simple Mail Transfer Protocol used for email transport over the Internet....
milters
- compilable on AIXAIX operating systemAIX AIX AIX (Advanced Interactive eXecutive, pronounced "a i ex" is a series of proprietary Unix operating systems developed and sold by IBM for several of its computer platforms...
, BSD, HP-UXHP-UXHP-UX is Hewlett-Packard's proprietary implementation of the Unix operating system, based on UNIX System V and first released in 1984...
, IRIXIRIXIRIX is a computer operating system developed by Silicon Graphics, Inc. to run natively on their 32- and 64-bit MIPS architecture workstations and servers. It was based on UNIX System V with BSD extensions. IRIX was the first operating system to include the XFS file system.The last major version...
, GNU/Linux, Mac OS XMac OS XMac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...
, Solaris, Tru64 UNIXTru64 UNIXTru64 UNIX is a 64-bit UNIX operating system for the Alpha instruction set architecture , currently owned by Hewlett-Packard . Previously, Tru64 UNIX was a product of Compaq, and before that, Digital Equipment Corporation , where it was known as Digital UNIX .As its original name suggests, Tru64...
and, generally speaking, on every Unix-likeUnix-likeA Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
operating system that ships with a CC (programming language)C is a general-purpose computer programming language developed between 1969 and 1973 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system....
compilerCompilerA compiler is a computer program that transforms source code written in a programming language into another computer language...
and which delivers a standard POSIXPOSIXPOSIX , an acronym for "Portable Operating System Interface", is a family of standards specified by the IEEE for maintaining compatibility between operating systems...
development environment. It is the default MTA on NetBSDNetBSDNetBSD is a freely available open source version of the Berkeley Software Distribution Unix operating system. It was the second open source BSD descendant to be formally released, after 386BSD, and continues to be actively developed. The NetBSD project is primarily focused on high quality design,...
.
Postfix has a particular resilience against buffer overflow
Buffer overflow
In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case of violation of memory safety....
s and can handle large amounts of e-mail. A Postfix system implements a cooperating network of different daemon
Daemon (computer software)
In Unix and other multitasking computer operating systems, a daemon is a computer program that runs as a background process, rather than being under the direct control of an interactive user...
s. Each daemon fulfills a single task using minimum privileges. In this way, if a daemon is compromised, the impact remains limited to that daemon and cannot spread throughout the entire system. Only one process has root privileges (master), and few processes actually write to locations outside the queue directory (local, virtual) or invoke external programs (local, pipe). Most daemons can be easily chroot
Chroot
A chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name files outside the designated directory tree. The term "chroot" may refer to the chroot...
ed and communicate through named pipe
Named pipe
In computing, a named pipe is an extension to the traditional pipe concept on Unix and Unix-like systems, and is one of the methods of inter-process communication. The concept is also found in Microsoft Windows, although the semantics differ substantially...
s or UNIX-domain sockets.
Base configuration
The main.cf file stores site specific Postfix configuration parameters while master.cf defines daemon processes. The Postfix Basic Configuration tutorial covers the core settings that each site needs to consider.The Postfix Standard Configuration Examples document discusses configuration settings for a few common environments.
The Postfix Address Rewriting document covers address rewriting and mail routing. The full documentation collection is at Postfix Documentation
More complex Postfix implementations include integration with (for example) SpamAssassin
SpamAssassin
SpamAssassin is a computer program released under the Apache License 2.0 used for e-mail spam filtering based on content-matching rules. It is now part of the Apache Foundation....
and support for multiple (virtual) domain names, where data in databases such as MySQL
MySQL
MySQL officially, but also commonly "My Sequel") is a relational database management system that runs as a server providing multi-user access to a number of databases. It is named after developer Michael Widenius' daughter, My...
can drive complex configurations.
External links
- Official website
- http://www.postfixwiki.org/
- Postfix "how to" with configuration examples and explanation
- http://serverkit.org/modules/postfix-policy A high performance Postfix policy delegation server
- http://www.360is.com/06-postfix.htm Postfix introduction and analysis for secure environments
- [irc://irc.freenode.net/postfix #postfix] on freenode