Bookmark and Share

Configuring Postfix + Spamasassin + Amavis as front-end Mail Transport Agent (MTA) to MS Exchange 2010

Posted: Monday, April 15th, 2013 at 12:15 amUpdated: Monday, April 15th, 2013 at 12:27 am

Installing and configuring Postfix

So the first thing that needs to be done is to have a Linux box that’s ready to accept incoming mail and run diagnostic on it. I’ll be using my favorite distribution, Ubuntu. I’ll assume that you have one already installed.

First, let’s intall Postfix by running the command below. Since we’ll be using it only to forward emails to Exchange, it doesn’t really matter what configuration to pick. Simply accept the defaults.

user@mydomain:~$ sudo apt-get install postfix

Once everything is installed, edit /etc/postfix/main.cf and add/adjust the values to your specific configuration. Here’s the relevant config from main.cf file that I have.

user@mydomain:~$ cat /etc/postfix/main.cf
mydomain = mydomain.com
myhostname = postfix.mydomain.com
mydestination = mydomain.com, myotherdomain.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
relay_domains = $mydestination
smtpd_recipient_restrictions = permit_mynetworks,\
	reject_unauth_destination,reject_invalid_hostname,\
	reject_unauth_pipelining,reject_non_fqdn_sender, \
	reject_unknown_recipient_domain,reject_unknown_sender_domain
transport_maps = hash:/etc/postfix/transport
local_recipient_maps =

The last line is to force Postfix to not lookup local recipient. This way, Postfix will accept all mails address to the destination domain(s). The alternative is to either export Exchange mailbox every time there are changes there, or to configure Postfix to query Active Directory. I don’t like querying Active Directory as it’s another overhead and if the server is attacked for whatever reasons, there could be a lot of queries going to Exchange. Importing users every time there are changes on Exchange would be the next improvement. I’ll leave it to you, the reader, as an excercise.

The next thing to do is to configure the transport DB. Edit /etc/postfix/transport and add each domain that you want to forward. Here’s a sample how the file look like.

user@mydomain:~$ cat /etc/postfix/transport
mydomain.com      smtp:[10.10.10.50]
myotherdomain.com     smtp:[10.10.10.50]

What it does is, it tells Postfix to forward mails on the 2 above domains through SMTP to an email host at IP 10.10.10.50. In this case, that IP address happens to be an Exchange 2010 server. Don’t forget to build database so that Postfix can start using it. You need to do that for pretty much every file that’s marked as hash: in main.cf Postfix configuration. Also refresh Postfix so that it’ll take the new configuration.

user@mydomain:~$ sudo postmap /etc/postfix/transport
user@mydomain:~$ sudo postfix reload

Now it’s a good time to test your Postfix configuration, making sure it’s forwarding email to Exchange. You can test sending email manually using telnet.

Pages: 1 2 3 4 5 6 7

6 Responses to “Configuring Postfix + Spamasassin + Amavis as front-end Mail Transport Agent (MTA) to MS Exchange 2010”

  1. Alex Says:

    Hi!
    Thank you for you configuration!
    I am trying to set up postfix and testing SMTP with the telnet.
    From mydomain to my domain I can send letters (postfix forwards them to exchange)
    And from mydomain to non-mydomain (gmail.com) I can\’t send – I receive \"relay access denied\" in postfix logs.
    What do I do wrong?

  2. Maresa Says:

    @Alex: You’ll need to configure Postfix to open relay access. My recommendation is not open it globally. Open it only for authenticated users or from the IP address of your network. I don’t have article on how to do it yet. You can Google in the meanwhile.

    As for my setup, the outgoing mail is actually being sent directly from Exchange server. Hence, Postfix is not involved in sending email. Its sole purpose, in my setup, is to receive email, run antivirus / antispam on it, mark emails for spam as necessary, then forward email to Exchange.

  3. Michael Says:

    Hi,
    Thanks for your configuration!
    I try this and it works good with telnet (local on the Linux-Server).
    But if i send an email extern like (Yahoo) to my domain to relay it to exchange, i get an Relay Access Denied Error. On my Yahoo-Client

    What is wrong?

  4. eltes Says:

    @Michael: You need to add your domain to your postfix-configuration.

    Add this to your main.cf:

    virtual_mailbox_domains = /etc/postfix/virtual_domains

    then create

    /etc/postfix/virtual_domains and add your domain(s):

    domain1.de
    domain2.de

    After this reload/restart postfix.

  5. Martial Says:

    Hello,

    On debian jessie, I have to edit /etc/clamav/clamd.conf
    and change
    AllowSupplementaryGroups false
    By
    AllowSupplementaryGroups true

    bye.

  6. Max Says:

    Hi,

    i’m trying to get everything to work but if i do “tail /var/log/mail.err” i get such an error “postfix/smtpd[4529] : fatal: open dictionary: expecting “type:name” form instead of “content_filter”

    The number is counting up. Any ideas ?

Leave a Reply

Time limit is exhausted. Please reload the CAPTCHA.