What is Postfixer?

Postfixer is a configurable collection of Capistrano tasks to assist you in installing and configuring Postfix.

Why do I need it?

Out of the box, Postfix is not configured to deliver your application's outgoing email properly:

• Email will be sent from a local hostname (application@hostname.example.com) instead of the appropriate domain address (email@example.com).
• Email to local users (such as error messages from cron) will never by delivered.
• Email is likely to be marked as spam by recipients since it will not be cryptographically signed.

Postfixer will help you get Postfix configured and set up SPF (Sender Policy Framework), Yahoo DomainKeys, DKIM (DomainKeys Identified Mail), and ADSP (Author Domain Signing Practices) for your domain.

Why are my emails being marked as SPAM?

There are several common reasons your outgoing email may be marked as spam

Problem: The server IP is on a blacklist of known spam servers.

• Solution: Don't send spam! Secure your mail transfer agent to ensure it's not being used to relay spam.
• Solution: Follow up with the blacklist maintainers to have your IP address removed from their listing.

Problem: DNS configuration checks fail

• Solution: If you use 192.168.1.1 to send email from hostname.example.com, ensure that a reverse DNS lookup for 192.168.1.1 returns hostname.example.com
• Solution: Set up the appropriate SPF entries in DNS
• Solution: Use DKIM to validate that the email server is being run by the domain's owner

Problem: Aggressive spam filters still flag your messages since they haven't whitelisted you yet

• Solution: ?

Problem: All of the above

• Solution: Use a dedicated (for pay) email delivery service such as SendGrid, AuthSMTP, Postmark, Amazon SES, or SocketLabs
• Solution: Deploy to Heroku and use the Sendgrid Add-on. It requires no configuration and the free edition delivers up to 200 emails per day.

Check out this awesome blog entry from SendGrid for more ideas

How to use

Install Dependencies

bundle install

Set up Postfixer configuration for your server

Copy the default config:

cp config-hostname.example.com.yml config-mysever.mydomain.com.yml

Update your config in config-mysever.mydomain.com.yml:

• canonical_hostname: Fully-qualified domain name (FQDN) for your application server
• additional_hostnames: Any additional hostnames that this server is known by
• email_domains: All domains for which this server should be able to send email
• forwarding_address: Email address for local messages (such as errors from cron jobs)
  • NOTE: This address should be in one of email_domains
• envelope_sender: SMTP envelope sender (where bounce messages end up)
  • This may be a black hole
  • NOTE: This address should be in one of email_domains
• application_user: Local user account under which your application runs
  • Emails addressed to this account will be sent to forwarding_address
• sudo_user: Local user account with root sudo permissions
• address: FQDN or IP address used to SSH into this server

Install and Configure Postfix

Set the CONFIG environment variable to the name of the config

export CONFIG=mysever.mydomain.com
cap email:install_packages
cap email:backup_config
cap email:generate_config
cap email:install_config
cap email:restart

Set up DNS entries for SPF and DKIM

Generate the DNS entries:

cap email:print_dns

The output is in BIND zone file format. You will need to add the entries to your domain where it is hosted--this is often your hosting provider (e.g., slicehost.com) or your domain registrar (e.g., godaddy.com).

Testing your configuration

Check your DNS entries

Ensure that DNS entries for canonical_hostname are set properly:

cap email:check_dns

You may also want to run these validators:

• DNS Validation: awesome tool, clearly lists problems and corrective actions
• DomainKey Policy Record Tester

Ensure outgoing email is properly signed and passing SPAM filters

Send a test email to the port25 verifier. In response, the verifier sends a message verifying the

cap email:send_test_email

Limitations

• Postfixer has only been tested on Ubuntu Lucid (10.04 LTS) and Maverick (10.10)
  • It should work on any Debian-based distribution
  • RedHat users: patches welcome
  • Even if you're running an unsupported distribution, you can still use generate_config, print_dns, check_dns and send_test_email
• The opendkim package for Ubuntu is in the "universe" repository
  • If email:install_packages fails, you may need to manually uncomment the universe repos in /etc/apt/sources.list
• Postfixer assumes you're using Postfix as your MTA
  • If you're using another MTA (such as Exim or Sendmail), the same concepts apply, but you'll ned to work out the configuration details
  • Note: Postfixer is only concerned with the MTA used to send email from an application server. You can use Postfix on application servers while using a different MTA and MDA on the mail exchangers for your domain.
• The DNS report assumes you're using Google Apps (who isn't?)
  • If you're using your ISP's or your own incoming mail server, replace "include:_spf.google.com" in the SPF records with something appropriate to your setup
• Postfixer does not (yet) check if your server is on a blacklist
  • I recommend the awesome DNSBL Lookup tool from mxtoolbox.com
  • If your server is on a blacklist, you'll need to request to be removed (the process should be available on the blacklist provider's web site)
• Postfixer does not check for general DNS issues
  • but I recommend DNS Validation

Contributing

• Please report bugs and feature requests in Github issues
• Pull requests and patches welcome!

License

Postfixer is released under the MIT license. See LICENSE for details.