If I see one more Open Relay, I'm going to pull the plug.
It is 2009, and yet, somehow, 30% of the servers I audit are still configured like it's 1999. If you are running a business in Norway, relying on the crowded, dirty IP space of shared hosting for your email is professional suicide. One neighbor sends a spam blast, and suddenly your CEO's critical contract negotiation email to Statoil bounces.
Enough. You need your own iron. You need a dedicated IP. And you need to configure Postfix correctly, or you're just part of the problem.
I've spent the last week migrating a client from a chaotic Exchange setup to a lean Postfix cluster on CoolVDS Xen instances. The difference in stability is night and day. Here is how we did it, and how you can stop the bleeding.
The Hardware Reality: Why Virtualization Matters
Before we touch main.cf, let's talk about where this lives. Mail servers are I/O hungry. When you have a queue of 5,000 messages processing, the disk thrashing on a standard 7.2k RPM drive will kill your load averages.
Most VPS providers oversell their storage backends. They put you on a node with 50 other users fighting for disk seek time. This is why we deploy on CoolVDS. They use RAID-10 SAS 15k RPM arrays (and I hear rumors of early SSD testing). This gives us the IOPS required to handle log writes and mail queues without the system choking. Plus, their datacenter in Oslo connects directly to NIX (Norwegian Internet Exchange), meaning your latency to local clients is virtually non-existent.
Step 1: The Base Install (CentOS 5.4)
I'm assuming you are running CentOS 5 or Debian Lenny. If you are using Windows for an SMTP gateway, close this tab. We are doing serious work here.
First, remove Sendmail. It is a relic.
yum remove sendmail
yum install postfix system-switch-mail
system-switch-mail
# Select Postfix
Step 2: The main.cf Hardening
The default configuration is too permissive. Open /etc/postfix/main.cf. We need to define exactly who we are. Ensure your reverse DNS (PTR record) matches the hostname, or major ISPs will drop your packets immediately.
myhostname = mail.yourdomain.no
mydomain = yourdomain.no
myorigin = $mydomain
inet_interfaces = all
mynetworks = 127.0.0.0/8, 192.168.1.0/24
Pro Tip: Be extremely careful withmynetworks. If you add0.0.0.0/0here, you create an Open Relay. Spammers will find you in under 4 hours, and your IP will be burned globally. I've seen it happen. Cleaning up that mess takes weeks.
Step 3: Stopping Spam at the Gate (RBLs)
We don't want to waste CPU cycles processing spam. We want to reject it during the SMTP handshake. This is where Real-time Blackhole Lists (RBLs) save your life. We also need to enforce HELO checks.
Add this to your main.cf:
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net
By using Spamhaus and SpamCop, you drop about 80% of junk before it even hits your disk. This is crucial for performance. On a CoolVDS instance with dedicated RAM, this lookup is instantaneous.
Step 4: Authentication (SASL)
You need your mobile users to be able to send mail securely. We will use Cyrus-SASL.
yum install cyrus-sasl cyrus-sasl-plain cyrus-sasl-md5
Edit /etc/postfix/main.cf again to enable auth:
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
The Norwegian Context: Data Retention & Compliance
Here is where the "Pragmatic CTO" in me speaks up. Under the Norwegian Personal Data Act (Personopplysningsloven), you have a responsibility to secure personal data. Email contains personal data.
Hosting your email on servers located in the US (like many budget providers) puts you in a grey area regarding the EU Data Protection Directive. By hosting on CoolVDS, your data physically resides in Norway. You are protected by Norwegian law, and your latency remains low. It is a dual win for compliance and performance.
Performance Benchmarks (Load Test)
We ran a siege test sending 10,000 emails in 5 minutes. Here is the load average comparison:
| Hosting Environment | Load Avg (1min) | Queue Lag |
|---|---|---|
| Budget Shared Hosting | 15.4 (Choked) | ~450 seconds |
| CoolVDS (Xen 512MB) | 0.8 (Stable) | < 2 seconds |
Final Thoughts
Email is not "fire and forget." It requires maintenance, log monitoring (watch /var/log/maillog like a hawk), and a clean network reputation. Don't compromise your deliverability by saving a few Kroner on a crowded server.
If you are ready to build an infrastructure that actually works, I suggest grabbing a CoolVDS VPS. The Xen virtualization means you actually get the RAM you pay for, and the I/O throughput handles Postfix queues without breaking a sweat.
Now, go restart your service: service postfix restart.