Gentoo Wiki


Complete Virtual Mail Server

Getting Started

Basic Mail Setup

Enhanced Mail Services

Anti-Spam Configuration

Anti-Virus Configuration

Log Analyzer

Wrapping it Up



Depending on your USE flag settings and what else is installed in your system you may find another MTA has already been installed (e.g. ssmtp, exim, qmail, sendmail, etc.). If one is already installed, this will block the installation of postfix when you try to emerge it. To check this, run emerge -p postfix and see if any package is identified as blocking.

Shell: Blocked Install
# emerge -p postfix

These are the packages that I would merge, in order:

Calculating dependencies ...done!
[blocks B     ] mail-mta/ssmtp (is blocking mail-mta/postfix-2.1.5-r2)
[ebuild  N    ] dev-libs/cyrus-sasl-2.1.20
[ebuild  N    ] dev-libs/libpcre-5.0
[ebuild  N    ] mail-mta/postfix-2.1.5-r2

In the above example, we can see that ssmtp is installed and is blocking the installation of postfix. Before we start this process, we need to uninstall ssmtp.

Shell: Removing ssmtp
# emerge --unmerge ssmtp

With that complete, we can now install postfix. For the quotas to work, the “vda” USE flag must be set in your /etc/make.conf file. Be sure it is or quotas will not work.

Note: Since we have set the postgres USE flag in make.conf, this emerge will also build the postgres database. Might as well let it go at this point, so when you kick this one off, be prepared for it to take some time.

Shell: emerging postfix
# emerge postfix

After postfix is installed, it's time to configure it. Below I have listed the usual suspects for configuring postfix. It is important that you read the description for each parameter so that one, you understand what it is for and two, you know if you really need to set it or not. For example, if you installed your operating system properly, you can omit setting myhostname and postfix will use gethostname() to set it. This ensures that postfix is using the FQDN defined for the box and not something I left in a config file and forgot to change.

For each parameter below, I have put representative examples of settings, and have identified those (which is most of them) that I have accepted that default settings of postfix.

Fully Qualified Domain Name (FQDN)

When I installed my operating system (Gentoo Linux) I specified my domain ( and hostname (mail), so postfix will automatically default to the right settings by using gethostname(). If you are not sure if you set these or not, you can check using hostname and dnsdomainname. If either one of these returns (none) then you did not set it up and must either do so, or specify in the postfix configuration file.

File: /etc/postfix/
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
myhostname =

# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
mydomain =

Receiving Mail

Since this is a basic installation, we are not going to do anything fancy here. We will let inet_interfaces default to receiving mail on all network interfaces and mydestination will not include any settings required for using postfix as a mail gateway or backup mail server.

Although it is included below, it is really important that you pay attention to the note that says you do not list any virtual domains at this point. The only domain we are setting up right now is the very real, very physical domain that you own and have configured above ( We will be taking care of all the virtual stuff later.

File: /etc/postfix/

# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on.  By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
# Note: you need to stop/start Postfix when this parameter changes.
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost

# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for.
# These domains are routed to the delivery agent specified with the
# local_transport parameter setting. By default, that is the UNIX
# compatible delivery agent that lookups all recipients in /etc/passwd
# and /etc/aliases or their equivalent.
# The default is $myhostname + localhost.$mydomain.  On a mail domain
# gateway, you should also include $mydomain.
# Do not specify the names of virtual domains - those domains are
# specified elsewhere (see VIRTUAL_README).
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# The local machine is always the final destination for mail addressed
# to user@[] of an interface that the mail system
# receives mail on (see the inet_interfaces parameter).
# Specify a list of host or domain names, /file/name or type:table
# patterns, separated by commas and/or whitespace. A /file/name
# pattern is replaced by its contents; a type:table is matched when
# a name matches a lookup key (the right-hand side is ignored).
# Continue long lines by starting the next line with whitespace.
mydestination = $myhostname, localhost.$mydomain, localhost

-- 02:03, 4 November 2006 (UTC) Note: Until I commented out mydestination, I kept getting the following SMTP problem: if I sent a mail to myself@mydomain, where myself is also (coincidentally) a local unix account, and mydomain is the primary DNS domain in my network, delivery of the mail would short-circuit to myself's local maildir (`/.maildir/), not the desired virtual maildir (/home/vmail/mydomain/myself/.maildir/). This must be because my username and host matches the filter in mydestination, therefore the pgsql tables are not consulted. They do get queried a little, but not all the way.

However, courier does read the proper directory, since it is getting its info from the pgsql tables, not short-circuiting to values in So mail would get delivered to the wrong place, but the reader process is reading from the right place. If you have this problem, comment out mydestination.

Here's a proper delivery line from syslog: to=<myself@mydomain>, relay=virtual, delay=0, status=sent (delivered to maildir)

Here's a bad one, getting delivered to your home directory instead of the vmail directory: to=<myself@mydomain>, relay=local, delay=0, status=sent (delivered to maildir)

22:52, 17 November 2006 (UTC) Note:

Are you sure you removed "mydomain" from mydestination? By default you'd have

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

In that case you specified it as local, even though it's virtual, and you'd have to simply remove "$mydomain" from the end of mydestination.

Note: the example mydestination didn't work for me until I added $mydomain. (I was sending emails to user@domain, rather than user@host.domain, since my host is listed as the MX record for my domain).

should i use the following when i prefer vhost over local system account?

mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost

i may figure it out but i'm on my way for the first time installtion

Trust and Relay Control

This one is really important to get right. By default, postfix install is pretty tight, only allowing users on the same subnet as your mail server to relay through postfix. If you mess around with this and open the door to all users you are just begging for abuse by spam merchants. Your server will be used to relay spam by the metric tonne and your domain will very quickly be black listed. Kind of defeats the purpose of setting up your own mail server if nobody will talk/listen to it.

I decided to go a little tighter than postfix’s default setup for a couple of reason. First of all, when we setup relay control through SMTP Authorization later, it is much easier to test if my other internal systems are not trusted and are therefore not allowed to relay by default. The second reason is somebody does manage to skulk onto one of my other machines, they cannot use it as a launch pad to gain open relay access to my mail server. Long and short of it is that only the mail server itself is considered a trusted system, all other must login.

File: /etc/postfix/

# The mynetworks parameter specifies the list of "trusted" SMTP
# clients that have more privileges than "strangers".
# In particular, "trusted" SMTP clients are allowed to relay mail
# through Postfix.  See the smtpd_recipient_restrictions parameter
# in postconf(5).
# You can specify the list of "trusted" network addresses by hand
# or you can let Postfix do it for you (which is the default).
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
# clients in the same IP subnetworks as the local machine.
# On Linux, this does works correctly only with interfaces specified
# with the "ifconfig" command.
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
# clients in the same IP class A/B/C networks as the local machine.
# Don't do this with a dialup site - it would cause Postfix to "trust"
# your entire provider's network.  Instead, specify an explicit
# mynetworks list by hand, as described below.
# Specify "mynetworks_style = host" when Postfix should "trust"
# only the local machine.
mynetworks_style = host

The End Mess

When I emerged postfix, a mess of parameters were dumped in and set at the end of the file. With the exception of the readme_directory, all of these already exist in so these are duplicate entries and in some cases, parameters we are not ready to set yet. I deleted all of these with the exception of the readme_directory (which is the only non-duplicate in the list).

File: /etc/postfix/
# readme_directory: The location of the Postfix README files.
readme_directory = /usr/share/doc/postfix-2.1.5-r2/readme
default_destination_concurrency_limit = 2
alias_database = hash:/etc/mail/aliases
local_destination_concurrency_limit = 2
alias_maps = hash:/etc/mail/aliases
home_mailbox = .maildir/

That’s all we are going to configure for now. I know there are other parameters to set and other HOWTO’s will have you set them at this point, but they are not needed yet. We will be setting them later when we are setting up virtual users, the connection to the database and so on.

Next change the following in /etc/postfix/ This will turn on verbose output to assist in debugging any problems. We will set it back once we have finished the setup and have completed testing.

File: /etc/postfix/
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (50)
smtp      inet  n       -       n       -       -       smtpd -v

// Just add the "-v" after the smtpd in the above line

Compile the aliases database

Shell: Compile Alias Database
# cd /etc/mail
# newaliases

And start Postfix:

Shell: Starting Postfix
# /etc/init.d/postfix start

For the purpose of this example, I will assume that you have an existing email setup as

Shell: Testing Postfix
# telnet 25
220 ESMTP Postfix
mail from:<>
250 Ok
rcpt to:<>
250 Ok
354 End data with <CR><LF>.<CR><LF>
Testmail to ensure Postfix is working.
250 Ok: queued as 84BA64078A
221 Bye

If you get something similar to the above, then everything is looking good and it is time to move to the next step.

Retrieved from ""

Last modified: Wed, 24 Sep 2008 07:45:00 +0000 Hits: 39,097