Updated: 01-August-2005

Contents Why? Activating Postfix on OS X 10.4 (Tiger) Activating Postfix on OS X 10.3 (Panther) Sending e-mail from within firewalls Upgrading from 10.2 Jaguar to 10.3 Panther Installing Postfix on OS X 10.2 (Jaguar) Stopping Postfix Troubleshooting - Postfix broken after update or 'repair permissions' Troubleshooting - when your e-mails bounce SMTP traffic blocked by a firewall!

Check out the author's weblog: David's World

Learn more about the Hommingberger Gepardenforelle here.

Why? Send mail from everywhere with your Powerbook

In this tutorial, you will learn how to send emails that will carry your original email address, regardless of where you are.

Without direct access to the mail (SMTP) server installed at their internet service provider or their company/workplace, many people are deprived from their usual means of communication: email. While they can check emails from everywhere, sending is prohibited, because of technical security measures. In tech-speak: modern SMTP servers force their users to use a specific domain part. That means, if your email address is david@nicecompany.com, chances are that you won't be able to send messages from outside NiceCompany while you're on the road. You can't use NiceCompany's e-mail service, and you can't use any other e-mail service either.

Why's that? Security measures! NiceCompany and everyone else have to keep spammers away, who would use their mail servers as a stepping stone to everybody's mailboxes. On the other hand, if you use a free mail service, such as Yahoo, Hotmail or GMX, they will probably force you to use their e-mail address. Even internet service providers that target professional and semi-professional markets may not let you send e-mails with a foreign address in their "From" field. T-Online in Germany nowadays charges you a few bucks extra a month if you want to use their relay server. Or, you're in an organization that blocks port 25, a data channel used to transport e-mails from your machine, then from one server to another.

I have two solutions for the dilemma. The very simple one is explained here. You will need an authenticating mail server that relays mail for you, operating on port 587 (submission) instead of port 25. If you have such a server available (from your ISP or web-host), this is much easier and more reliable than solution two.

This is the second solution: Simply run your own SMTP server locally on your laptop. Newer versions of Apple's Mac OS X operating system, starting with 10.3 (Panther), come with the SMTP server postfix pre-installed, set up and almost ready to go. I will show how to activate and configure it, and how you can install postfix on the older "Jaguar" system.

Oh, by the way. SMTP stands for Simple Mail Transfer Protocol. But that's not important to keep in mind. In fact, once you've set up postfix, you can almost forget about it. It does its job in the background!

There are one or two drawbacks to this approach, and these become more and more imminent. Using your own mail server from dialup connections can result in your e-mail being rejected. More here.

Activating Postfix on OS X 10.4 (Tiger)

I haven't tested the below instructions - they were sent to me by various people (thanks). They sounds sensible, please use with care.

• You must be logged in as a user that is allowed to administer the system (see System Preferences).
• Download the file Postfix. It should be automatically extracted to your desktop into a folder named Postfix.
• Start the Terminal (in /Applications/Utilities/Terminal.App) and type in the following commands:
• sudo postfix start
  You should not get an error message. Now do the following steps to make sure Postfix is started when you boot up your system. Note that the first step may produce an error message (directory already exists.)
• cd /System/Library
  sudo mkdir StartupItems
  cd StartupItems
  sudo mv ~/Desktop/Postfix .
  sudo chown -R 0:0 Postfix
  sudo chmod +rx Postfix/Postfix
  
• sudo pico /etc/hostconfig
• Find the line MAILSERVER=... and change it to MAILSERVER=-YES-. If there is no such line, then add one at the end.
• Set your mail client (Entourage, Mail, Eudora...) to use 127.0.0.1 (localhost) as SMTP (mail) server to send email.
• Postfix more or less runs out of the box. You may want to configure a static name for your host. This can be done by editing the main.cf file:
  sudo pico /etc/postfix/main.cf
• Does everything work? Can you send e-mail?
• (Thanks to Guillermo Álvarez Fernández for the hints.)

Activating Postfix on OS X 10.3 (Panther)

You will need to switch on Postfix so it will be loaded at startup, and you may want to configure a few file permissions as follows.

• You must be logged in as a user that is allowed to administer the system (see System Preferences).
• Start the Terminal (in /Applications/Utilities/Terminal.App). Enter the following:
• sudo pico /etc/postfix/master.cf
• (Enter your password if it prompts for a password.) Find line 77, which starts with "smtp". Remove the # sign at the beginning of this line, then enter Control-X, 'y' and Return to save the file and exit the editor.
• sudo pico /etc/hostconfig
• Find the line MAILSERVER=... and change it to MAILSERVER=-YES-. If you had a previous install of postfix and upgraded to panther now, see below!
• By now, the mail server will start up every time you boot.
• save the file (Control-X, 'y').
• sudo /System/Library/StartupItems/Postfix/Postfix start or, simply, sudo postfix reload (if postfix is already running)
• The previous step should lead to a message: "starting the mail services" or refreshing the Postfix mail system. Otherwise, you've probably made a mistake in any of the previous steps.
• If postfix complains about a missing "postfix" user or a missing "postdrop" group with an error message like parameter mail_owner: unknown user name value: postfix, then do the following:
  • Start the Netinfo Manager (you'll find it next to the Terminal in /Applications/Utilities)
  • Create the following postfix and postdrop groups and also a postfix user:
    /groups/postdrop attributes:
    name postdrop
    gid 255
    passwd *
    
    /groups/postfix attributes:
    name postfix
    gid 256
    passwd *
    users postfix
    
    /users/postfix attributes:
    name postfix
    uid 255
    passwd *
    gid 256
    home /etc/postfix
    _shadow_passwd (no value)
    shell /dev/null
    
    
  • You may also need to create an alias for postfix in the Netinfo domain, which means creating a folder inside the /aliases structure with the following attributes:
    
    name postfix
    members root
    
• In case you get warnings about wrong permissions / ownerships for files and directories, you will want to do the following in Terminal:

  	    sudo chown -R postfix /private/var/spool/postfix
  	    sudo chown root /private/var/spool/postfix
  	    sudo chown root /private/var/spool/postfix
  	    sudo chown :postdrop /private/var/spool/postfix/public
  	    sudo chown :postdrop /private/var/spool/postfix/maildrop
  	    sudo chown :postdrop /usr/sbin/postqueue
  	    sudo chown :postdrop /usr/sbin/postdrop
  	    sudo postfix start
  	  

• Set your mail client (Entourage, Mail, Eudora...) to use 127.0.0.1 (localhost) as SMTP (mail) server to send email.
• Postfix more or less runs out of the box. You may want to configure a static name for your host. This can be done by editing the main.cf file:
  sudo pico /etc/postfix/main.cf

Firewalled - if you can't send e-mail from within an intranet!

In some cases, the organization that provides internet access (your company, university or the like) will run a firewall that blocks e-mail traffic coming from your own SMTP server like postfix. Instead, they usually want you to use their own SMTP server. Doing so does make a lot of sense given all the rogue viruses and trojans on Windows machines, which often come with their own little SMTP server to send e-mail. So don't blame your system administrators!

Instead, you can simply instruct postfix to use their SMTP server if necessary, that is, if a firewall blocks direct e-mail connections. Simply add the following line to main.cf:

fallback_relay = mailsmtpserver.mydomain.com

Obviously, you need to insert the address of your company-provided SMTP server here.

Some e-mail clients such as Apple Mail let you pick a server everytime you send an e-mail. The solution via postfix is much more comfortable: configure once, enjoy everytime.

Upgrading from 10.2 Jaguar to 10.3 Panther

What happens to a postfix installation, when Panther is installed? It is replaced with Apple's postfix. The configuration files are renamed (to *.applesaved) and new configuration files are put in place.

• I recommend NOT to remove the new files and to put the old configuration data back, as the versions of postfix that are/were installed do not seem to be compatible.
• Follow the instructions to activate Postfix on Panther.
• Make sure there is no double entry in /etc/hostconfig, e.g. Both MAILSERVER=-AUTOMATIC- and POSTFIX=-YES- (or AUTOMATIC). One is from an earlier postfix install, the other comes from Panther. On Panther, however, the (deprecated) Postfix startup script will complain that it cannot start Sendmail and Postfix.
• do an sudo rm -r /Library/StartupItems/Postfix to remove the startup item from your old install. Apple has its own item in Panther!

Installing Postfix on OS X 10.2 (Jaguar)

Jaguar comes with Sendmail installed. That's an SMTP server that could do the job. However, Sendmail is a pain, even to insiders. Configuration is quite a hassle, and, in my case, it didn't handle the dialup / LAN switching well: Sometimes I use the built-in modem to get online, sometimes - at my workplace - it's the Airport. A few times, sendmail even decided to sit on my queued email for days, until I happened to restart it manually. The bottomline: sendmail was giving me quite a bit of grief...

You're much better off with an alternative, that is easier to configure: Postfix. In the following, I will give a step-by-step introduction how to install in. It's dead-easy!

• Open a Terminal window and check if a file named /etc/aliases.db exists. If not, do the following:

  	    sudo touch /etc/aliases   # create empty aliases file if necessary
  	    newaliases
  	  

• Download the latest stable release from the Postfix Site. You need the Source Code of the Official Release. With a modern browser, everything should be extracted automatically. If not, you will have to start the Terminal (in /Applications/Utilities), change to where the file was downloaded with the "cd" command. Most likely, it works like this:

  	    cd 
  	    cd Desktop
  	  

  Then, extract the file using

  tar -xvfz postfix*

  (drop the 'z' if it's not a .gz file.). Use

  cd postfix*

  to change to this directory.
• Compile postfix. In the terminal, simply type

  	    make
  	  

  This will take a while, but should not end with an error message.
• Note the sub-folder auxiliary/MacOSX. That's where all the goodies are. Change to this folder:

  	    cd auxiliary/MacOSX
  	  

• The file README.OSX contains installation instructions. If you don't feel like reading it (and you haven't previously installed Postfix), just do the following:

  	    sudo ./backup-sendmail-binaries
  	    sudo ./niscript
  	    (cd ../..; sudo make install)    
  	  

  The make install script will ask you a lot of questions. Just hit Enter all the time -- this way, everything will be installed in its normal locations. In case the make install script asks you for setgid , tell it maildrop
• You need to make to very small changes to the configuration. One specifies the preferred name of your machine, the other one is for security:

  pico /etc/postfix/main.cf

  Add two lines to this file. myhostname = ... tells postfix what the name of your machine is. mynetworks_style = ... is a security measure. Here's what it should look like:

  myhostname = mymachine.mydomain.com
  	    mynetworks_style = host

  (Replace mymachine.mydomain.com with a name and an existing top-level domain for your machine. The machine does not have to have a static and/or public IP address. Just pick a name, and pick a domain that ideally belongs to you. Make sure you replace the last statements in the file -- sometimes the Apple system installers seem to add stuff at the end, which overwrites earlier statements.)
• In some cases you might need to do the following now to create a directory. It doesn't hurt if the folder is already in place:

  mkdir /Library/StartupItems

• Let's go back to the mac-directory and fire up postfix.

  sudo ./backup-postfix-binaries
  	    sudo ./activate-postfix

  This works well with postfix version postfix-2.0.10 and postfix-2.0.13.
• In your email client, change the address of the SMTP server to "127.0.0.1". In MS Entourage, this is done in Tools / Accounts / Edit. No authentication, no secure connection necessary. (Of course, you are free to use another external SMTP server like before for some of your mail accounts.)
• Switch on your firewall, if it isn't active. This is an important security measure.
• Test the new mail server by sending a mail to yourself. If it does not work, you can find debug output in the system's log file ("tail /var/log/system.log") and the mail log file ("tail /var/log/mail.log"). You can see if postfix is running with a "sudo ps -aux | grep postfix" in your Terminal. You can also try to do the following:

  	    bash-2.05a$ telnet localhost 25
  	    Trying ::1...
  	    telnet: connect to address ::1: Connection refused
  	    Trying 127.0.0.1...
  	    Connected to localhost.
  	    Escape character is '^]'.
  	    220 madonna.mle.ie ESMTP Postfix
  	  

  The output should be like shown above.

Receiving Mail on your Mac with Postfix

• You can use Postfix to receive e-mail, not just send it.
• This replaces part of the 'POP3' or 'IMAP' server that internet service providers usually keep for you to receive your e-mail from other servers. You will still need an IMAP server. The installation is a little unintuitive, since you have to edit the source. Here is a nice guide for it.
• Vou will need to make sure that you have a valid name server (DNS) entry for the domain-part of the relevant e-mail address. So, if you would like to receive e-mail for 'littlejoe@davids-world.com', you will need to make sure that the DNS entry for 'davids-world.com' has a mail-exchange record that points to your fixed IP address.
• The aforementioned bullet point implicates that you will only want to do this on a machine with a fixed IP address, which is usually turned on: a server. The normal user will not want to receive e-mail that way! Further instructions on how to administer a server are beyond the scope of this article.
• In the /etc/postfix directory, edit the file main.cf and change line the line that says

  inet_interfaces = localhost

  to

  inet_interfaces = all 

Stopping Postfix

• If you ever need to stop postfix, you can do so with the command

  sudo postfix stop

• You can start it with

  sudo postfix start

• or restart it (after changing the configuration file) with

  sudo postfix
  	    reload

Troubleshooting: the configuration blues

• If Postfix doesn't relay or e-mail, try running

  sudo postfix check

  - if this brings warnings or error messages about faulty file ownership or wrong permissions, chances are that you've run the OS X "repair permissions" program (for example from Disk Utility), which has messed up the postfix files. That's easy enough to repair. Download this Script (Control-click the link on to save it to your home folder) and run it with

  chmod +x repair-postfix-permissions
  	    ./repair-postfix-permissions

  This should help you! The script may ask for your user password.

Troubleshooting: when your e-mails bounce

Sometimes, you may see your e-mail (sent via the locally installed postfix) be returned to you, along with an error message saying that it wasn't accepted because an 'unknown' e-mail server was used, or one whose IP address doesn't resolve to the domain name. Or, it might say that e-mails from dialup accounts are not appreciated, recommending to "use your IP's smarthost instead". While the exact wording of the error messages differ, this usually means that the computer on the other end thinks that you're sending SPAM. (You can verify things by querying a list such as SORBS with your (dynamic) IP address that you use from home or from your hotel. You can find your IP address here.)

Unfortunately, there is no instant remedy for this -- except sending the e-mail again, this time via some permanently installed SMTP server provided by your ISP, your organization or your service provider.

You can try to use the fallback_relay option as described earlier, in order to use the company SMTP server when possible. Because switching back and forth is cumbersome, I recommend that you find an SMTP server that offers SMTP-AUTH to the world. That way, only trusted customers can use the server.

SMTP traffic blocked by a firewall!

For understandable security reasons (Windows worms!), my new university department rigorously blocks outgoing traffic on port 25 - which is SMTP data. So what to do?

Of course, there is a local SMTP server to be used. But that doesn't work from outside, which means, I'd have to switch servers in my mail client all the time. No good!

Ideally, one would always use an SSL-based SMTP server, which not only works in such cases, but is also more secure. In my case, I resorted to an alternative that I discovered only through a bit of investigation.

My provider (1&1) offers an authenticated SMTP not just on port 25, but also on a port 587, known as 'submission' (technical details here!). One just needs to point the local mail program to that port.

In case your e-mail is marked as spam for other reasons, it may make sense to try to use a certificate stating that your e-mail is legimitate. HABEAS is a company offering such certificates, which are recognized by widespread SPAM filters such as SpamAssassin. Their license is free for personal, non-commercial use, and for internet service providers. Wired has a story.

Last Modification: Tue Mar 28 2006  Dave