It’s been a while but the Postfix stable release 2.7.0 is available. For the past releases, the focus has moved towards improving the code and documentation, and updating the system for changing environments. You can read the release notes but the biggest changes are:

• Improved before-queue content filter performance. With
  “smtpd_proxy_options = speed_adjust”, the Postfix SMTP server
  receives the entire message before it connects to a before-queue
  content filter. Typically, this allows Postfix to handle the same
  mail load with fewer content filter processes.
• Improved address verification performance. The verify database
  is now persistent by default, and it is automatically cleaned
  periodically, Under overload conditions, the Postfix SMTP server
  no longer waits up to 6 seconds for an address probe to complete.
• Support for reputation management based on the local SMTP client
  IP address. This is typically implemented with “FILTER transportname:”
  actions in access maps or header/body checks, and mail delivery
  transports in master.cf with unique smtp_bind_address values.
• The postscreen daemon (a zombie-blocker in front of Postfix) is
  still too rough for a stable release, and will be made “mature”
  in the Postfix 2.8 development cycle (however you can use Postfix
  2.7 with the Postfix 2.8 postscreen and dnsblog executables and
  master.cf configuration; this code has already proven itself).

No functionality has been removed, but it is a good idea to review
the RELEASE_NOTES file for the usual minor incompatibilities or
limitations.

By the way you still need to edit the ‘src/util/sys_defs.h‘ file.

For instructions on how to upgrade Postfix please read Upgrading Postfix.

Sorry that I’m later than I’m supposed to be with this blogpost, but my new day job needs all the attention at the moment. The good news is there are not much problems when you update your Mac with the latest security update. Read more about it in Apple’s Knowledge base article.

On Leopard there is a small known issue with postfix. To correct it comment out or delete the following line from ‘/etc/postfix/main.cf‘:

inet_interfaces = localhost

Restart postfix (reloading config does not work) with:

sudo postfix stop
sudo postfix start

And all should be fine. If you find another issue please use the comments.

Allright, a bit later than I had anticipated and planned. But that’s what you get if Apple starts releasing stuff earlier then expected. It screws with your planning. But the instructions for installing the basic mailserver in 64 bits are finished and tested on my MacBook Pro. This new machine is a god send and worth every penny up to now.

Please note that these are my initial instructions using an upgraded machine. Next up I need to test the instructions on a clean install of Snow Leopard. When that’s done I will upgrade my Core Duo mini to Snow Leopard and see how the 32 bits version will work out.

Happy reading: The mailserver on Snow Leopard

Good luck and can you please let me know if it worked for you?

Postfix 2.6.5 has been released a few days ago during my holiday and I jut finished installing and testing it on my test server and it all works as one should expect. There are no major changes in this release just some bugfixes which had not affected my systems.

The official release note for 2.6.5.

The stable release Postfix 2.6.5 addresses the defects described below (some already addressed with the not-announced Postfix 2.6.3 release). These defects are also addressed in the legacy releases that are still maintained: Postfix 2.5.9, 2.4.13 and 2.3.19.

Do not use Postfix 2.6.4, 2.5.8, 2.4.12, 2.3.18, 2.7-20090807, and 2.7-20090807-nonprod. These contain a DNS workaround that causes more trouble than it prevents. It is removed until further notice.

Defects fixed with Postfix 2.6.3, 2.5.9, 2.4.13 and 2.3.19:

• The Postfix Milter client got out of step with a Milter application after the application sent a “quarantine” request at end-of-message time. The Milter application would still be in the end-of-message state, while Postfix would already be working on the next SMTP event, typically, QUIT or MAIL FROM. In the latter case, Milter responses for the previously-received email message would be applied towards the next MAIL FROM transaction. This problem was diagnosed with help from Alban Deniz.

Defects fixed with Postfix 2.6.5, 2.5.9, 2.4.13 and 2.3.19:

• The Postfix SMTP server would abort with an “unexpected lookup table” error when an SMTPD policy server was mis-configured in a particular way.

For instructions on how to upgrade Postfix please read Upgrading Postfix.

Sometimes it’s difficult to send email as some providers block port 25. They will force you to use their mailserver for outgoing mail. I recently encountered this phenomenon when I spend some time in a hotel for work. Their setup blocked port 25 and there was no way around it sending email directly. I was forced to use my webmail solution (Roundcube) for sending mail. Which is a bit awkward as I was able to read and receive mail using Mail.app.

I started digging around for a solution that might work and I found the most simple and elegant solution that was already available in Postfix. It was called submission (port 587) which only allowes access by authenticated users.

To enable this ready made configuration in Postfix you will need to edit the ‘master.cf‘ file in ‘/etc/postfix/‘. You need to uncomment the following lines and save the changes.

submission inet n – n – – smtpd
  -o smtpd_enforce_tls=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

Then reload the changed configuration files into postfix with the command:

sudo postfix reload

Most mail clients like Mail.app and Thunderbird are able to use this port without any extra configuration. The only thing you will notice that you are able to send email which would otherwise be blocked.

Hope this will work as well for you as it did for me. I’ve also updated the regular documentation set to include this setting. Also don’t forget to open up this port in your firewall/router configuration.

While installing my G4 mini with the new mailserver setup I found some minor mistakes in the documentation. Some of the settings where changed on the test server to get it working and they didn’t make it into my notes. That is corrected now.

Also I’ve incorporated the SSL and TLS settings into the default setup instead of making them a separate set of instructions. I think you should not have a mailserver without it.

As a last addition before I start documenting the setup on Tiger I’ve included a page with instructions on how to be able to test your setup. I hope you find them usefull.

As promised earlier, now Dovecot 1.2.0 is released, I’m officialy launching the new mailserver setup with Postfix and Dovecot (Currently Leopard only).

This means no more Courier based products like the authentication, IMAP, POP3 and maildrop apps. Dovecto can do all that with a single installation. I’ve found out that the setup is a lot simpler with a lot fewer procedures and configuration files to maintain.

An last but not in the least, it looks like Dovecot is proving to be an even better IMAP server than Courier was. As I told you in the earlier post it’s a lot faster. While testing it myself I often saw new email appear in Mail or Thunderbird immidiate after thy were received by Dovecot.

Currently the setup only describes the basic setup of a server, I still need to add the DSpam spam-filter in the setup and integrate server based filtering of incoming emails (where we used to use maildrop for). It is all possible but I still need to find out how and document it for you. When that is done I will write the neccesary migration documents how existing users can migrate safely from Courier to Dovecot.

I will keep supporting the Courier product stack for at least a year after I finished documenting the migration instructions. So don’t worry if you don’t switch immediatly. My production servers still run Courier, I only use Dovecot on my test servers. Although there is one user who has already switched to Dovecot (We helped each other in getting this done) because of the performance problems he experienced with Courier IMAP. These problems are now gone and this is one of the reasons I want to move to Dovecot a.s.a.p.

The advise currently is if you want to setup a new server: Use the Dovecot based setup. If you already use Courier please wait untill the migration instructions are finished. If you can’t wait I will try to assist you via email as much as I can but you will be mostly on your own. It’s not that difficult but ou need to know what you are doing.

I hope you like the switch and will be happy with the improved setup. You can read all about it at the new mailserver instruction pages

Postfix 2.6.2 has been released a few days ago and I installed and tested it on my test and production server and it all works as one should expect. There are no major changes in this release just some bugfixes which had not affected my systems.

The official release note for 2.6.2 is:

Postfix stable release 2.6.2 fixes one defect in SASL support. This does not affect Postfix versions 2.5 and earlier.

• With plaintext SMTP sessions AND smtpd_tls_auth_only=yes AND smtp_sasl_auth_enable=yes, the SMTP server logged warnings for reject_sender_login_mismatch, reject_authenticated_sender_login_mismatch, and reject_unauthenticated_sender_login_mismatch, instead of enforcing those restrictions.

For instructions on how to upgrade Postfix please read Upgrading Postfix.

This week was a mighty busy week for me as many programs got updates and I was still testing MySQL and the upgrade scenarios that are needed for current users. On top of that Apple came with the OS X 10.5.7 upgrade.

I’ve finished testing Postfix 2.6.0 and Courier auth 62.2 and Courier Imap 4.5.0 and I can tell you that you can upgrade safely to the newer version when you want to. I even upgraded my production server in the meantime.

The details on the Postfix upgrade:

• Multi-instance support introduces a new postmulti(1) command to
  create/add/remove/etc. additional Postfix instances. The familiar
  “postfix start” etc. commands now automatically start multiple
  Postfix instances. The good news: nothing changes when you use
  only one Postfix instance. See MULTI_INSTANCE_README for details.
• Multi-instance support required that some files be moved from
  the non-shared $config_directory to the shared $daemon_directory.
  The affected files are postfix-script, postfix-files and post-install.
• TLS (SSL) support was updated for elliptic curve encryption. This
  requires OpenSSL version 0.9.9 or later. The SMTP client no longer
  uses the SSLv2 protocol by default. See TLS_README for details.
• The Milter client now supports all Sendmail 8.14 Milter requests,
  including requests for rejected recipient addresses, and requests
  to replace the envelope sender address. See MILTER_README for
  details.
• Postfix no longer adds (Resent-) From:, Date:, Message-ID: or To:
  headers to email messages with “remote” origins (these are origins
  that don’t match $local_header_rewrite_clients). Adding such
  headers breaks DKIM signatures that explicitly cover non-present
  headers. For compatibility with existing logfile processing
  software, Postfix will log “message-id=<>” for email messages
  that have no Message-Id header.
• Stress-adaptive behavior is now enabled by default. This allows
  the Postfix SMTP server to temporarily reduce time limits and
  error-count limits under conditions of overload, such as a malware
  attack or backscatter flood.

The details on the Courier-Auth upgrade:

• Makefile.am: Compatibility fix for bash 4

The details on the Courier-IMAP upgrade:

• Log more fatal errors on stderr
• GnuTLS: add support for chained certs
• Completely empty MIME entities incorrectly match any SEARCH request.
• Some performance optimizations in header parsing
• Incorrect reference to POP3_STLS in po3pdserver.c – should be POP3_TLS.

I’ve still have some issues in compiling the newly released Maildrop 2.1.0 but I’ll post a new blogpost as soon as that issue gets resolved.

For instructions on how to upgrade Postfix please read Upgrading Postfix.
To upgrade your courier-auth installation read Upgrading Courier-Auth
For instructions on how to upgrade Courier IMAP please read Upgrading Courier IMAP.

Finally, I’ve set myself to it after avery busy week at work. I’ve created a new set of pages to instruct you how to compile Postfix, Courier-Auth and Courier IMAP/POP3 in 64 bits mode. It’s basically setting some extra compiler flags but it takes some trial and error to find out which are the correct ones. Don’t forget you need a 64 bits MySQL installation to get this working otherwise you will get compiler errors.

• Building the Postfix mailserver in 64 bits on Leopard
• Building the Courier Auth library in 64 bits on Leopard
• Building the Courier IMAP/POP3 server in 64 bits on Leopard

The configuration of all the components is not affected by this new compilation method so they stay the same. Next up: DSPAM and Maildrop.