Stop Getting Blacklisted: The 2010 Guide to a Bulletproof Postfix Setup
If you are still running your company's critical email infrastructure on a $5 shared hosting plan, you are gambling with your business. I've seen it a dozen times this year alone: a marketing department sends out a newsletter, a neighbor on the same shared IP sends out 50,000 pharmacy spam emails, and suddenly your invoice to a major client bounces because the IP is on Spamhaus.
In the world of email delivery, reputation is currency. And you cannot build a reputation on a dirty IP address. Today, we are going to configure Postfix—the most robust MTA (Mail Transfer Agent) available on Linux—to handle high-volume delivery without breaking a sweat. We will focus on reliability, security, and why the underlying disk I/O matters more than you think.
The Prerequisites: Infrastructure Matters
Before we touch a single configuration file, let's talk about the metal. Email queues are I/O intensive. When you have hundreds of concurrent SMTP connections processing headers, running ClamAV scans, and writing to Maildirs, a standard 7.2k SATA drive will choke. This causes iowait spikes, which lead to timeouts.
For production mail servers, we strictly recommend SAS 15k RPM RAID-10 arrays or the emerging Enterprise SSD storage tiers. At CoolVDS, we don't oversell our storage throughput. When you run iostat on our nodes, you see the raw performance required to clear mail queues instantly. You also need a Static, Clean IP Address. Dynamic IPs are dead on arrival for email.
Step 1: The DNS Foundation
Most Postfix configurations fail not because of the software, but because of DNS. Before installing packages, ensure your Reverse DNS (rDNS/PTR) matches your hostname. Major providers like Hotmail and Gmail verify this rigorously.
- A Record:
mail.yourdomain.no->192.168.1.50 - PTR Record:
192.168.1.50->mail.yourdomain.no
If these don't match, your "spam score" starts at a deficit. If you are hosting with CoolVDS, you can set your PTR record directly in our control panel in seconds. Do this first. Propagation takes time.
Step 2: Installing Postfix on CentOS 5 / Debian Lenny
Forget Sendmail. It's monolithic and a nightmare to secure. Postfix is modular. Let's get the binaries.
On Debian 5 (Lenny) / Ubuntu 10.04 LTS:
apt-get update
apt-get install postfix
On CentOS 5:
yum install postfix
chkconfig postfix on
During the installation on Debian, select "Internet Site". This will generate a basic main.cf. But basic isn't enough for us.
Step 3: The main.cf Configuration
Open /etc/postfix/main.cf. We need to define our identity and, crucially, secure the server against becoming an Open Relay. An open relay is the fastest way to get your server terminated.
# /etc/postfix/main.cf
# NETWORK IDENTITY
myhostname = mail.yourdomain.no
mydomain = yourdomain.no
myorigin = $mydomain
# LISTENING INTERFACES
inet_interfaces = all
inet_protocols = ipv4
# RELAY RESTRICTIONS (CRITICAL)
mynetworks = 127.0.0.0/8, [::1]/128
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client zen.spamhaus.org
Pro Tip: Notice the reject_rbl_client zen.spamhaus.org line? This offloads 90% of your spam filtering to Spamhaus's real-time blocklist before your server even accepts the body of the email. It saves massive CPU cycles. Use it.
Step 4: Storage Format - Maildir vs. Mbox
By default, many older setups use Mbox, which stores all emails in a single flat file. If that file gets corrupted, you lose everything. It also suffers from file locking issues under load.
Switch to Maildir format. This stores every email as a separate file. It is faster, safer, and easier to back up incrementally.
# Add to main.cf
home_mailbox = Maildir/
This is where your choice of VPS host shines or suffers. Maildir creates thousands of small files. On a cheap VPS with high "seek latency," listing a directory with 10,000 emails can take seconds. On CoolVDS's high-performance virtualization platform, directory traversal is near-instantaneous due to our optimized I/O schedulers.
Step 5: Authentication & Encryption (TLS)
Sending passwords in cleartext over port 25 is reckless. Even if you aren't handling state secrets, you are likely handling customer data protected by the Personopplysningsloven (Personal Data Act). Enable TLS.
First, generate a certificate (or buy one from Verisign/GoDaddy if you don't want warnings):
openssl req -new -x509 -days 365 -nodes -out /etc/postfix/postfix.pem -keyout /etc/postfix/postfix.pem
Then add to main.cf:
smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/postfix/postfix.pem
smtpd_tls_key_file = /etc/postfix/postfix.pem
smtpd_tls_loglevel = 1
Step 6: Restart and Verify
Reload the configuration.
/etc/init.d/postfix restart
Tail your logs immediately to catch syntax errors:
tail -f /var/log/maillog
The CoolVDS Advantage for Norwegian Businesses
Running a mail server requires vigilance. You need to monitor your IP reputation, update your SPF records (v=spf1 mx -all), and watch your disk usage.
However, latency is a silent killer. If your users are in Oslo or Bergen, hosting your mail server in a US datacenter adds 100-150ms to every IMAP command. Navigating folders becomes sluggish. CoolVDS offers premium connectivity via NIX (Norwegian Internet Exchange), ensuring your local latency is in the single digits. Plus, keeping your data on servers physically located within the EEA simplifies compliance with Datatilsynet regulations regarding international data transfers.
Don't let a blacklisted IP ruin your quarter. Provision a clean, high-performance CoolVDS instance today and take full control of your email delivery.