postfix interview questions

Top postfix frequently asked interview questions

Understanding a Postfix log file entry

We have a Postfix hub and I'm trying to better understand the information in the mail.log file. I use tools like qshape, pflogsumm.pl and amavis-logwatch to summarize the log files, but I have still have questions about some of the elements of the raw log file.

My first question is in regard to the delay entry that appears from Postfix when an email is finally delivered. I am guessing that these values are in seconds, but what does this information exactly mean.

delay=2.4, delays=0.18/0.01/1.4/0.81

Did the email take a total of 2.4 seconds to process?

What is the breakdown of timings in the delays section?

Source: (StackOverflow)

postfix - how do you redirect all emails to one user, eg *@example.com → user@example.com

I'm using postfix for my email. I know I can use /etc/aliases and newaliases command to redirect certain email, eg I can redirect root@example.com to user@example.com by putting root: user in my /etc/aliases and then running newaliases. However I'd like to do the equivilant of *: user, so that all email to example.com will get sent to user@example.com.

How do I do this?

Source: (StackOverflow)

Is it good practice or too draconian to reject mails from mailservers with no RDNS

I've recently dropped SpamAssassin and am now basing spam rejection on DNSRBL's, grey-listing and other basic tests and I'm wondering whether I should also block hosts that don't have a valid RDNS matching the EHLO?

If I do this, am I going to make trouble for much legitimate mail and upset my customers? I've heard people griping that AOL do this, which makes me think it's perhaps too uncommon for me to do.

I'm also wondering if I can compromise by checking that RDNS is at least set to something, but not try to match it to the EHLO. Is this possible with Postfix (and is it useful)?

Source: (StackOverflow)

Is Postfix the same thing as Sendmail?

I have postfix setup on my server so that I can send outgoing mail using the command-line:

mail -s "Subject" address@example.com

Is this using sendmail or postfix? Is "sendmail" just a software category or a distinct program? If something is "sendmail-ready" does that mean it will work with postfix?

Everything I've read online seems to use these two terms interchangeably.

Source: (StackOverflow)

Maildir vs Mbox - What are the practical differences

Although I understand the basics of the two storage formats (1 file per email under Maildir vs. 1 single file per mailbox under mbox), I am wondering what the practical implications are here -

  • Is one storage format more scalable than the other?
  • Are there data integrity concerns / differences?
  • Are there clearly defined situations where you should use one format over the other?

Source: (StackOverflow)

How can I see the contents of the mail whose ID I get from mailq command?

I used mailq command and I got a line like for example:

A705238B4C   603953 Wed May 23 11:09:58  apache@myserver.com

So, now I'm wondering is there a way where I can "read" an actual content of the mail by its id A705238B4C

Source: (StackOverflow)

Postfix - how to retry delivery of mail in queue?

I have a backup mail server in case of a failure on the main one. In that case of failure, mails come on the backup server and stay there until the main one is back.

If I wait some times, the delivery will be done automatically as soon as the main server is back but it can be long. So how to force a send retry of all the mails?

For exemple : postqueue -p : give me a list of mails

I then tried postqueue -f (from man page : Flush the queue: attempt to deliver all queued mail.). It surely flushed the queue but mails were not been delivered...

Source: (StackOverflow)

How to redirect all postfix emails to one external email address?

To create a test email server, I have a similar requirement as:


But I need to send all the emails to an external account, not a local one.

I would like to do something like:

  • xyz:email@gmail.com

but xyz is not local nor smtp.

Source: (StackOverflow)

Do you use postfix or qmail and why [closed]

I am setting up a server and I have the choice of installing qmail or postfix. Can someone help me make the right choice.

Thing I like to see covered are:
- Performance
- Ease of setup
- security

Source: (StackOverflow)

Is there any way to see if the mail sent by my server was received by the recipient server?

I've sent an important email that the recipient claims it wasn't received by them.

They say that they asked their IT team to see if the email was received in their server. According to them the email never reached their server. Also they don't accept the chance that the email was received and marked as SPAM.

Shouldn't I receive an error message in the case the email wasn't delivered?

Is their any way for me to check if they are telling the truth (it sounds very fishy to me).

Thank you.

Source: (StackOverflow)

How do I check the postfix queue size?

What's the postfix equivalent to sendmail -bp?

Source: (StackOverflow)

How to correct Postfix' 'Relay Access Denied'?

This morning, in order to correct a problem with a name mismatch in the security certificate, I followed the recommended steps from How to fix mail server SSL?, but now, when attempting to send an email from a client (in this case the client is Windows Mail), I receive the following error.

The rejected e-mail address was 'email@gmail.com'. Subject 'This is a test. ', Account: 'mail.domain.com', Server: 'mail.domain.com', Protocol: SMTP, Server Response: '554 5.7.1 : Relay access denied', Port: 25, Secure(SSL): No, Server Error: 554, Error Number: 0x800CCC79

Edit: I can still retrieve emails from this account, and I send emails to other accounts at the same domain. I just can't send emails to recipients outside of our domain.

I tried disabling TLS altogether but no dice, I still get the same error.

When I check file mail.log, I see the following.

Jul 18 08:24:41 company imapd: LOGIN, user=user_name@domain.com, ip=[::ffff:], protocol=IMAP
Jul 18 08:24:42 company imapd: DISCONNECTED, user=user_name@domain.com, ip=[::ffff:], headers=0, body=0, rcvd=83, sent=409, time=1
Jul 18 08:25:19 company postfix/smtpd[29282]: connect from company.university.edu[]
Jul 18 08:25:19 company postfix/smtpd[29282]: NOQUEUE: reject: RCPT from company.university.edu[]: 554 5.7.1 <email@gmail.com>: Relay access denied; from=<user_name@domain.com> to=<email@gmail.com> proto=ESMTP helo=<UserPC>
Jul 18 08:25:19 company postfix/smtpd[29282]: disconnect from company.university.edu[]
Jul 18 08:25:22 company imapd: DISCONNECTED, user=user_name@domain.com, ip=[::ffff:], headers=13, body=142579, rcvd=3289, sent=215892, time=79

File main.cf looks like this:

# Postfix MTA Manager Main Configuration File;
# Please do NOT edit this file manually;

# Postfix directory settings; These are critical for normal Postfix MTA functionallity;

command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix

# Some common configuration parameters;

inet_interfaces = all
mynetworks =
mynetworks_style = host

myhostname = mail.domain.com
mydomain = domain.com
myorigin = $mydomain

smtpd_banner = $myhostname ESMTP (Debian/GNU)
setgid_group = postdrop

# Receiving messages parameters;

mydestination = localhost, company 
append_dot_mydomain = no
append_at_myorigin = yes
transport_maps = mysql:/etc/postfix/transport.cf

# Delivering local messages parameters;

mail_spool_directory = /var/spool/mail
mailbox_size_limit = 0
mailbox_command = procmail -a "$EXTENSION"

biff = no

alias_database = hash:/etc/aliases

local_recipient_maps =

# Delivering virtual messages parameters;

# SASL paramters;
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s

smtp_tls_CAfile = /etc/postfix/ssl/smptd.pem
smtp_tls_cert_file = /etc/postfix/ssl/smptd.crt
smtp_tls_key_file = /etc/postfix/ssl/smptd.key

smtpd_tls_CAfile = /etc/postfix/ssl/smptd.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smptd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smptd.key

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain =

broken_sasl_auth_clients = yes

smtpd_sender_restrictions =

smtpd_recipient_restrictions =
        check_recipient_access hash:/etc/postfix/filtered_domains

As a side note, my employer wants to be able to send emails from clients (Thunderbird and Outlook) both from within our local network and outside it.

Source: (StackOverflow)

What ports to open for mail server?

I have just finished setting up a Postfix mail server on a linux (ubuntu) platform. I have it sending and receiving email and it is not an open relay. It also supports secure smtp and imap.

Now this is a pretty beginner question but should I be leaving port 25 open? (since secure smtp is preferred). if so then why?

Also what about port 587?

Also should I require any authentication on either of these ports?

Please excuse my ignorance in this area :P

Source: (StackOverflow)

Automate the installation of postfix on Ubuntu

My system configuration script does an "apt-get install -y postfix". Unfortunately the script is halted when the postfix installer displays a configuration screen. Is there a method to force postfix to use the defaults during installation so that an automated script can continue to the end?

Does the postfix installer maybe check for existing configuration in /etc/postfix, and if it exists, not bother the user with the configuration screen?

Source: (StackOverflow)

DKIM sign outgoing mail from any domain (with Postfix and Ubuntu)

I got DKIM setup on my mail server (postfix and ubuntu) so it signs outgoing emails. I used these instructions: https://help.ubuntu.com/community/Postfix/DKIM

However, I need it to sign emails from any domain (in the From address) and not just my own. I'm building an email newsletter service and clients will be sending their own email through the server.

First I set "Domain *" in /etc/dkim-filter.conf. This got it to include the DKIM headers in all outgoing emails, no matter what the domain.

However, the verification check fails on gmail because it is checking the domain in the from address, and not my domain (and dns record). Does anyone know how to do this?

Source: (StackOverflow)