Turkey (Türkçe)
Germany (German)
Worldwide (English)
Introduction
The two most important elements for a mail server to function properly are: a correctly configured main.cf file and regular monitoring of logs. Postfix is one of the most preferred open-source SMTP servers with its secure and flexible structure.
In this article, we will explain from A to Z both how the content of /etc/postfix/main.cf, which is the basic configuration file of Postfix, should be and how to use the tail -f /var/log/maillog command, which you can use to track logs.
What is Postfix main.cf File?
main.cf is the main configuration file of Postfix. This file contains many basic configurations such as SMTP connection settings, TLS/SSL usage, relay settings, hostname, domain settings, and security policies.
Example /etc/postfix/main.cf File
myhostname = mail.yourdomain.com
myorigin = /etc/mailname
mydestination = $myhostname, localhost.$mydomain, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
home_mailbox = Maildir/
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes
Note: Certificate paths should be changed according to your own SSL certificate.
Things to Consider in main.cf Configuration
-
myhostname: Should be the fully qualified domain name of the server. It should be compatible with the Reverse DNS (PTR) record. -
mynetworks: The IP range that the server will grant SMTP relay permission to. Generally, it should not go beyond127.0.0.0/8. -
smtpd_use_tls: Sender and receiver security should be ensured by making TLS mandatory. -
smtpd_sasl_auth_enable: The SMTP Authentication feature must be active.
What is tail -f /var/log/maillog and How to Use It?
The maillog file is the most important resource for tracking Postfix's runtime events.
tail -f /var/log/maillog
This command allows you to instantly track the lines added to the end of the log file.
Example Log Line:
May 13 13:45:01 mail postfix/smtpd[1878]: connect from unknown[192.168.1.100]
May 13 13:45:03 mail postfix/smtpd[1878]: 8GH2D2322F: client=unknown[192.168.1.100], sasl_method=PLAIN, [email protected]
In these lines, details such as connection information, IP address, authentication type, and username are observed.
Searching in the maillog File
The grep command can be used to filter some critical events:
-
To find errors:
grep error /var/log/maillog
-
To track a specific email address:
grep '[email protected]' /var/log/maillog
-
To search for TLS errors:
grep tls /var/log/maillog
Conclusion
Postfix is a very powerful MTA for system administrators, and when configured correctly, a high-performance, secure mail server is obtained. Correct configuration of the main.cf file is critical for the stability of the mail server. At the same time, monitoring system behaviors instantly with /var/log/maillog provides great convenience in troubleshooting.