The War for the Inbox: configuring Postfix the Right Way
Let’s be honest: configuring a mail server is usually a nightmare. You spend hours tweaking main.cf, finally get the service running, and then—bam. Your critical invoice to a client lands in their Junk folder. Or worse, it vanishes into the void because Hotmail or Yahoo decided your IP block looks suspicious.
I’ve managed mail clusters for ISPs across the Nordics, and I can tell you that 90% of delivery issues aren't about content; they are about infrastructure and configuration. If you are running your business email off a cheap, oversold shared hosting plan, you are sharing your reputation with spammers. It’s that simple.
In this guide, we are going back to basics. No web panels, no bloat. Just raw Postfix configuration on a dedicated VPS to get you 10/10 deliverability.
1. The Foundation: It Starts with the Hostname and DNS
Before you even type apt-get install, you need to understand the concept of Reverse DNS (rDNS) or PTR records. In 2011, major spam filters (Spamhaus, Barracuda) ruthlessly block IPs that don't have a valid PTR record matching the HELO hostname.
If your server hostname is mail.yourdomain.no, your IP address must resolve back to mail.yourdomain.no. Most budget VPS providers force you to open a support ticket to change this, waiting 24 hours while your email queues back up.
Pro Tip: This is why I deploy mail servers on CoolVDS. Their control panel lets you set your custom Reverse DNS instantly. No tickets, no waiting. It’s a requirement for any serious sysadmin.
2. Installing Postfix (The Clean Way)
We are avoiding the bloated default stacks. Whether you are on Debian 6 (Squeeze) or CentOS 5.5, the goal is a minimal footprint.
On Debian/Ubuntu:
apt-get update
apt-get install postfix mailutils libsasal2-2 ca-certificates
On CentOS/RHEL:
yum install postfix cyrus-sasl cyrus-sasl-plain
During installation, select "Internet Site". This creates a basic configuration, but don't trust it. We need to harden it.
3. Hardening main.cf
Open /etc/postfix/main.cf with vi (or nano if you must). We need to prevent your server from becoming an Open Relay. If you become an open relay, you will be blacklisted globally within hours.
Find and edit these lines:
myhostname = mail.yourcompany.no
myorigin = /etc/mailname
mydestination = $myhostname, localhost.$mydomain, localhost
# NETWORK SECURITY
inet_interfaces = all
inet_protocols = ipv4
# RELAY CONTROL - CRITICAL
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client zen.spamhaus.org
Notice inet_protocols = ipv4. While IPv6 is the future, in 2011, the peering routing can still be flaky, and Google's IPv6 spam filters are incredibly aggressive. Stick to IPv4 for stability unless you really know what you are doing.
4. Storage Performance: Maildir vs. Mbox
The old mbox format stores all emails in a single file. This is a disaster for performance. If you have 50 users accessing email via IMAP, the file locking overhead will kill your server's I/O.
Always use Maildir format. It stores each email as a separate file.
home_mailbox = Maildir/
However, Maildir creates thousands of tiny files. This creates a massive random I/O workload. If you run this on a standard SATA drive in a crowded node, reading a mailbox feels like browsing the web over dial-up.
This is where hardware selection matters. At CoolVDS, we utilize high-performance SAS RAID-10 arrays or enterprise SSDs on select plans. The difference in IMAP sync speed between a standard 7.2k RPM drive and a CoolVDS instance is night and day when you have a 2GB inbox.
5. Authentication and Security
You need SASL authentication so your roaming users (sales team on laptops) can send mail through the server safely.
Uncomment these lines in main.cf:
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_tls_security_level = may
We use smtpd_tls_security_level = may (Opportunistic TLS). This encrypts the connection if the other server supports it. With the Norwegian Data Inspectorate (Datatilsynet) becoming stricter about privacy under the Personal Data Act, sending unencrypted email is becoming a liability.
6. The Norwegian Context: Latency and Law
If your primary user base is in Oslo, Bergen, or Trondheim, hosting your mail server in Germany or the US adds unnecessary latency to every IMAP command. Every click in Outlook has a delay.
Furthermore, keeping data within the EEA is crucial for compliance. While cloud computing is growing, knowing exactly where your physical bits reside provides legal safety. CoolVDS infrastructure is optimized for Nordic routing—ping times to NIX (Norwegian Internet Exchange) are typically under 10ms.
Final Testing
Once configured, restart the service:
/etc/init.d/postfix restart
Tail your logs immediately to watch for errors:
tail -f /var/log/mail.log
Don't just hope for the best. Telnet into your server on port 25 from an external IP and try to send a mail to a random domain. If it lets you, you have an open relay. Fix it immediately.
Building a mail server requires patience and clean infrastructure. Don't let a noisy neighbor or a blacklisted IP range ruin your business communication. Deploy a clean, high-performance instance on CoolVDS today and own your inbox.