Postfix Notes
Queue Management
# List the mail queue
postqueue -p
mailq
# Flush the queue (attempt to deliver all queued mail)
postqueue -f
postfix flush
# Delete all queued mail
postsuper -d ALL
# Delete a specific message
postsuper -d <message_id>
# View message content
postcat -q <message_id>
# Hold all mail
postsuper -h ALL
# Release held mail
postsuper -H ALL
SASL Authentication
Install cyrus-sasl:
apt install libsasl2-2 libsasl2-modules sasl2-bin
/etc/postfix/main.cf:
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
/etc/sasl2/smtpd.conf:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
systemctl enable saslauthd
systemctl start saslauthd
SSL/TLS Certificates
# /etc/postfix/main.cf — TLS settings
smtpd_tls_cert_file = /etc/ssl/certs/mail.crt
smtpd_tls_key_file = /etc/ssl/private/mail.key
smtpd_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_loglevel = 1
smtp_tls_cert_file = /etc/ssl/certs/mail.crt
smtp_tls_key_file = /etc/ssl/private/mail.key
smtp_use_tls = yes
Sophos Anti-Virus Integration
# /etc/postfix/master.cf
smtp inet n - - - - smtpd
-o content_filter=sophos-filter:dummy
sophos-filter unix - n n - 10 pipe
flags=Rq user=sophos argv=/opt/sophos/bin/savmail
127.0.0.1:10026 inet n - n - - smtpd
-o content_filter=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8