Stop Trusting Default Configs: The definitive Postfix Guide
Let’s be honest. Setting up a mail server is usually where systems administrators go to die. One misplaced bracket in your configuration, one open relay, and your IP is on three blacklists before you’ve even finished your coffee. I’ve seen production servers grind to a halt because a default mbox file corrupted under load, and I’ve seen legitimate business emails vanish into the void of Hotmail's junk folder because of a missing PTR record.
But if you are serious about privacy—especially here in Norway where the Personopplysningsloven (Personal Data Act) demands we treat data with respect—you can’t rely on free US-based mail services forever. You need your own iron. You need total control.
This guide assumes you are running a clean install of CentOS 5.5 or 5.6 (though Debian 6 Squeeze users can adapt easily). We are going to build a Postfix server that actually delivers.
1. The Foundation: DNS and Hostnames
Before you even touch yum install, you need to fix your identity. The number one reason for email delivery failure in 2011 isn't software; it's bad DNS.
Your VPS hostname must match your Reverse DNS (rDNS/PTR record). If your server identifies as mail.example.no, but a lookup on your IP returns vps-192-168-0-1.provider.net, Gmail and Yahoo will drop your packets like a hot stone.
Pro Tip: Unlike budget providers that force you to open a support ticket to change PTR records, CoolVDS allows you to set your Reverse DNS instantly from the control panel. Do this first. Wait for propagation. Then proceed.
2. Installing and Configuring Postfix 2.8
First, remove Sendmail if it's lurking in the shadows. It’s archaic and monolithic.
yum remove sendmail
yum install postfix system-switch-mail
system-switch-mail
Select Postfix. Now, let’s get into the guts of /etc/postfix/main.cf. This is where the war is won or lost.
Crucial Basic Settings
Edit the file with vi (or nano if you must) and set these core parameters. Do not just copy-paste; understand what you are binding to.
myhostname = mail.yourdomain.no
mydomain = yourdomain.no
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
3. Storage: Maildir vs. mbox
The default behavior is often mbox, which stores all emails in a single flat file. This is a disaster waiting to happen. If that file locks during a write operation, incoming mail hangs. When you have high I/O throughput, you need Maildir.
Maildir saves every email as a separate file. It’s safer, faster, and easier to backup.
home_mailbox = Maildir/
Note on Infrastructure: Maildir creates thousands of small files. On a standard shared hosting platform with slow spinning rust (7200 RPM SATA), this kills performance due to seek times. This is why we deploy on CoolVDS instances backed by RAID-10 SAS or Enterprise SSDs. When your queue flushes 5,000 emails, you want random I/O performance, not a bottleneck.
4. Slamming the Door on Spam: Restrictions
You do not want to be an open relay. That is how your server gets hijacked by botnets. We need to tell Postfix strictly who can talk to it.
Add these lines to main.cf. The order matters immensely.
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net
We are querying Spamhaus and SpamCop in real-time. If the connecting IP is dirty, we drop the connection before wasting CPU cycles processing the message. This saves resources and keeps your reputation clean.
5. Deliverability: SPF and DKIM
In 2011, you cannot ignore Sender Policy Framework (SPF). It’s a simple TXT record in your DNS that tells the world which IPs are allowed to send mail for your domain.
Example BIND record:
yourdomain.no. IN TXT "v=spf1 mx a ip4:85.x.x.x -all"
This says: "Only my MX, my A record, and this specific IP can send mail. Hard fail (-all) everyone else."
6. The Norwegian Context: Latency and Law
Why host this in Oslo and not on a cheap box in Texas? Two reasons: Latency and Datatilsynet.
First, if your users are in Norway, routing traffic through the NIX (Norwegian Internet Exchange) ensures your IMAP sync is instantaneous. Waiting 200ms for every header sync adds up.
Second, legal jurisdiction. US-based hosting is subject to the Patriot Act. If you are handling sensitive customer data within the EU/EEA, keeping that data on Norwegian soil (as we do with our Oslo datacenter) simplifies your compliance with local privacy laws. Don't take risks with client data.
Final Thoughts
Configuring Postfix requires patience. Watch your logs at /var/log/maillog like a hawk for the first 48 hours. If you see "Relay access denied," you've done your job correctly for outsiders. If you see it for your own users, check your SASL config.
Your mail server is the lifeblood of your business communication. Don't run it on oversold hardware. If you need a stable, high-performance environment to test this setup, deploy a CoolVDS Linux instance today. We offer the clean IPs and high-speed storage you need to keep your queues empty and your inbox full.