Using Postfix with Archiveopteryx

Postfix 2.0 and later works well with Archiveopteryx.

The easiest way to integrate the two is to use Postfix as a mail hub. Postfix accepts mail via SMTP, injects local mail into Archiveopteryx via LMTP. Archiveopteryx accepts mail submissions from clients using SMTP submission, performs authentication and other chores, and forwards the mail to Postfix.

Inbound mail

In archiveopteryx.conf, you must make sure SMTP is disabled and LMTP is enabled (this is the default), and select a suitable address and port for LMTP.

lmtp-address = 127.0.0.1 lmtp-port = 2026

In the Postfix file main.cf, you tell Postfix to deliver local mail via LMTP to the same address and port:

mailbox_transport = lmtp:inet:127.0.0.1:2026

Postfix normally delivers only one message at a time to local recipients. LMTP and Archiveopteryx supports delivering to many addresses, and there's quite a performance increase:

local_destination_recipient_limit = $lmtp_destination_recipient_limit

We advise setting local_destination_recipient_limit to be as large as than your largest alias.

If Postfix opens many LMTP connections to Archiveopteryx at the same time, there may be lock contention in the database, perhaps leading to temporary errors and delayed mail. The easiest way to resolve this is to set maxproc for the LMTP transport in master.cf. The ideal setting depends on site-specific timing factors and is usually either 1, 2 or 3. (You may want to run postqueue -f after changing this variable, so Postfix processes its queue at once.)

The many other LMTP-related variables in Postfix can be left untouched.

Outbound mail

If you want to use SMTP submission, Archiveopteryx must be allowed to send mail via postfix. The simplest way is to include Archiveopteryx' IP address into the Postfix mynetworks variable.

The configuration variable smarthost-address must point to Postfix.

Avoiding spam backscatter

Postfix can check whether an address is valid while it is receiving the message via SMTP, and reject mail to invalid addresses at once. This tends to limit backscatter, so it is both polite to poor spam victims and saves bandwidth.

If all valid addresses on your system are either Postfix aliases (e.g. as defined in /etc/aliases) or Archiveopteryx addresses, then this setting will do it:

local_recipient_maps = pgsql:/etc/postfix/aox-addresses $alias_maps

$alias_maps checks whether the address is a system alias, and the file aox-addresses defines the SQL query Postfix uses to check whether an address belongs to Archiveopteryx. It should contain something like:

hosts = sqlserver dbname = archiveopteryx user = postfix password = password query = select address from aliases al join addresses a on (al.address=a.id) where lower(a.localpart)=lower('%u') and lower(a.domain)=lower('%d')

sqlserver points to PostgreSQL server, ie. it the same as db-host. archiveopteryx is the database name, ie. the same as db-name.

postfix and password represent a valid SQL user with the right to to read the aliases and addresses table. You can create such a user using psql:

create user "postfix" with encrypted password "password";
grant select on aliases, addresses to "postfix";

In case you have any questions, please write to info@aox.org.

Relevant links

About this page

Last modified: 2011-05-17
Location: aox.org/postfix