What is Postfixer?
Postfixer is a configurable collection of Capistrano tasks to assist you in installing and configuring Postfix.
Why do I need it?
Out of the box, Postfix is not configured to deliver your application's outgoing email properly:
- Email will be sent from a local hostname ([email protected]) instead of the appropriate domain address ([email protected]).
- Email to local users (such as error messages from cron) will never by delivered.
- Email is likely to be marked as spam by recipients since it will not be cryptographically signed.
Postfixer will help you get Postfix configured and set up SPF (Sender Policy Framework), Yahoo DomainKeys, DKIM (DomainKeys Identified Mail), and ADSP (Author Domain Signing Practices) for your domain.
Why are my emails being marked as SPAM?
There are several common reasons your outgoing email may be marked as spam
Problem: The server IP is on a blacklist of known spam servers.
-
Solution: Don't send spam! Secure your mail transfer agent to ensure it's not being used to relay spam.
-
Solution: Follow up with the blacklist maintainers to have your IP address removed from their listing.
Problem: DNS configuration checks fail
-
Solution: If you use 192.168.1.1 to send email from hostname.example.com, ensure that a reverse DNS lookup for 192.168.1.1 returns hostname.example.com
-
Solution: Set up the appropriate SPF entries in DNS
-
Solution: Use DKIM to validate that the email server is being run by the domain's owner
Problem: Aggressive spam filters still flag your messages since they haven't whitelisted you yet
Problem: All of the above
Check out this awesome blog entry from SendGrid for more ideas
How to use
Install Dependencies
bundle install
Set up Postfixer configuration for your server
Copy the default config:
cp config-hostname.example.com.yml config-mysever.mydomain.com.yml
Update your config in config-mysever.mydomain.com.yml:
-
canonical_hostname: Fully-qualified domain name (FQDN) for your application server
-
additional_hostnames: Any additional hostnames that this server is known by
-
email_domains: All domains for which this server should be able to send email
-
forwarding_address: Email address for local messages (such as errors from cron jobs)
- NOTE: This address should be in one of email_domains
-
envelope_sender: SMTP envelope sender (where bounce messages end up)
- This may be a black hole
- NOTE: This address should be in one of email_domains
-
application_user: Local user account under which your application runs
- Emails addressed to this account will be sent to forwarding_address
-
sudo_user: Local user account with root sudo permissions
-
address: FQDN or IP address used to SSH into this server
Install and Configure Postfix
Set the CONFIG environment variable to the name of the config
export CONFIG=mysever.mydomain.com
cap email:install_packages
cap email:backup_config
cap email:generate_config
cap email:install_config
cap email:restart
Set up DNS entries for SPF and DKIM
Generate the DNS entries:
cap email:print_dns
The output is in BIND zone file format. You will need to add the entries to your domain where it is hosted--this is often your hosting provider (e.g., slicehost.com) or your domain registrar (e.g., godaddy.com).
Testing your configuration
Check your DNS entries
Ensure that DNS entries for canonical_hostname are set properly:
cap email:check_dns
You may also want to run these validators:
Ensure outgoing email is properly signed and passing SPAM filters
Send a test email to the port25 verifier. In response, the verifier sends a message verifying the
cap email:send_test_email
Limitations
- Postfixer has only been tested on Ubuntu Lucid (10.04 LTS) and Maverick (10.10)
- It should work on any Debian-based distribution
- RedHat users: patches welcome
- Even if you're running an unsupported distribution, you can still use generate_config, print_dns, check_dns and send_test_email
- The opendkim package for Ubuntu is in the "universe" repository
- If email:install_packages fails, you may need to manually uncomment the universe repos in /etc/apt/sources.list
- Postfixer assumes you're using Postfix as your MTA
- If you're using another MTA (such as Exim or Sendmail), the same concepts apply, but you'll ned to work out the configuration details
- Note: Postfixer is only concerned with the MTA used to send email from an application server. You can use Postfix on application servers while using a different MTA and MDA on the mail exchangers for your domain.
- The DNS report assumes you're using Google Apps (who isn't?)
- If you're using your ISP's or your own incoming mail server, replace "include:_spf.google.com" in the SPF records with something appropriate to your setup
- Postfixer does not (yet) check if your server is on a blacklist
- I recommend the awesome DNSBL Lookup tool from mxtoolbox.com
- If your server is on a blacklist, you'll need to request to be removed (the process should be available on the blacklist provider's web site)
- Postfixer does not check for general DNS issues
Contributing
License
Postfixer is released under the MIT license. See LICENSE for details.