Running Linux, 5th Edition - Matthias Kalle Dalheimer [438]
#!/bin/sh
PATH=""
RETVAL=0
if [ ! -f /usr/sbin/postfix ] ; then
echo "Unable to locate Postfix"
exit 1
fi
if [ ! -f /etc/postfix/main.cf ] ; then
echo "Unable to locate Postfix configuration"
exit 1
fi
case "$1" in
start)
echo -n "Starting Postfix: "
/usr/sbin/postfix start > /dev/null 2>1
RETVAL=$?
echo
;;
stop)
echo -n "Stopping Postfix: "
/usr/sbin/postfix stop > /dev/null 2>1
RETVAL=$?
echo
;;
restart)
echo -n "Restarting Postfix: "
/usr/bin/postfix reload > /dev/null 2>1
RETVAL=$?
echo
;;
*)
echo "Usage: $0 {start|stop|restart}"
RETVAL=1
esac
exit $RETVAL
Place this script in /etc/rc.d/init.d or /etc/init.d, depending on your Linux distribution. Then make the appropriate symbolic links in each of the rcN.d directories for each runlevel in which Postfix should start (see "init, inittab, and rc Files" in Chapter 17). For example, if you want to have Postfix start at runlevels 3 and 5 and stop at runlevels 0 and 6, create symbolic links like those that follow for Red Hat. For Debian, the rcN.d directories are directly below /etc.
# cd /etc/rc.d/rc3.d
# ln -s .../init.d/postfix S97postfix
# cd /etc/rc.d/rc5.d
# ln -s .../init.d/postfix S97postfix
# cd /etc/rc.d/rc0.d
# ln -s .../init.d/postfix K97postfix
# cd /etc/rc.d/rc6.d
#ln -s .../init.d/postfix K97postfix
If you create a Postfix rc script, you should configure your system not to start sendmail at startup.
Postfix Relay Control
The default installation allows any system on the same subnet as yours to relay mail through your mail server. If you want to override the default, you can set the parameter mynetworks to be a list of hosts or networks that you trust to relay mail through your system. You can specify a list of IP addresses or network/netmask patterns, and any connecting SMTP client that matches will be allowed to relay mail. You can list network or IP addresses that reside anywhere. So, for example, if you want to be able to relay mail through your home Postfix system from your work machine, you can specify the IP address of your machine at work in your home Postfix configuration.
Here's an example that allows mail from the local subnet (192.168.75.0/28) and a single host located elsewhere:
mynetworks = 192.168.75.0/28 10.150.134.15
If you want to allow relaying for mobile users who do not have static IP addresses, you have to use some kind of SMTP authentication mechanism. Postfix can work with SASL Authentication (which requires that Postfix be compiled with additional libraries, and that users' client software be specially configured) and pop-before-smtp (which requires a POP server running on the same system to first authenticate users).
It is important not to open relay access to anyone except users you trust. In the early days of the Internet, open relays were commonplace. Unfortunately, the current prevalence of spam has precluded that kind of freedom. If your MTA is not protected, you leave yourself and other Internet systems vulnerable to abuse. Spammers constantly scan for open relays, and if you place one on the network, it is only a matter of time before it will be found. Fortunately, the default Postfix installation behaves correctly. However, if you make lots of changes to your Postfix configuration (especially in setting up antispam controls, ironically), you may inadvertently open yourself up to relay abusers. There are some online antispam initiatives that offer to test if your server is configured to correctly deny relaying; try, for example, http://www.abuse.net/relay.html.
If you want your own Postfix installation to relay mail through another MTA, specify the IP address of