Postfix main.cf — Basic Configuration

Distro:

Scope: single domain, one server handling both send and receive.

Install Postfix

Ubuntu 20.04 / 22.04 / 24.04

sudo apt update && sudo apt install postfix -y

The installer will prompt you — pick Internet Site and enter your server's FQDN when asked (e.g. mail.example.com).

RHEL / CentOS 7

sudo yum install postfix -y
sudo systemctl enable --now postfix

RHEL 8 / 9 — Rocky / AlmaLinux 8 / 9

sudo dnf install postfix -y
sudo systemctl enable --now postfix

On all EL distros the service does not auto-start after install. The --now flag enables and starts it together.

Where the Config Lives

/etc/postfix/main.cf

Two commands worth running before you touch anything:

postconf -n      # shows only params that differ from compiled-in defaults
postfix check    # validates syntax — run this before every reload

The Parameters

myhostname

The FQDN of this mail server. Most other domain-related settings derive from this one, so set it correctly first.

myhostname = mail.example.com

alias_maps and alias_database

Points Postfix to the local alias table — used to forward mail for system accounts like root and postmaster to an actual user mailbox.

alias_maps    = hash:/etc/aliases
alias_database = hash:/etc/aliases

Add a line in /etc/aliases to forward root to your admin account:

root: youruser

Rebuild the database after every edit to that file:

sudo newaliases

myorigin

The domain Postfix stamps on outgoing mail when the sender has no domain part. Using $mydomain means it inherits from myhostname — only one place to update later.

myorigin = $mydomain

mydestination

Defines which domains this server treats as local. Mail addressed to these will be delivered here, not forwarded anywhere else.

mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost

relayhost

Leave empty for direct delivery to each recipient's MX. Only set this if routing outbound mail through a smarthost.

relayhost =

mynetworks

IP ranges allowed to relay mail through this server without authentication. Keep this as narrow as possible.

Ubuntu 20.04 / 22.04 / 24.04 (IPv6 loopback included by default):

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

RHEL / CentOS 7 / 8 / 9 — Rocky / AlmaLinux:

mynetworks = 127.0.0.0/8

mailbox_size_limit

Per-mailbox size cap in bytes. 0 removes the limit entirely.

mailbox_size_limit = 0

recipient_delimiter

Separator character for address tags (e.g. [email protected]). The + sign is the standard choice and works on all versions.

recipient_delimiter = +

inet_interfaces

Which network interfaces Postfix listens on for incoming SMTP.

inet_interfaces = all

Set to loopback-only if this server only sends mail and should never accept inbound SMTP connections.

inet_protocols

The IP stack Postfix uses. Set this to match what is actually configured on the interface — do not enable all if IPv6 is not set up.

Ubuntu 20.04 / 22.04 / 24.04 — default is ipv4:

inet_protocols = ipv4

RHEL / CentOS 7 / 8 / 9 — Rocky / AlmaLinux — default is all:

inet_protocols = all

Final Config Block

Swap mail.example.com for your actual FQDN.

Ubuntu 20.04 / 22.04 / 24.04:

myhostname         = mail.example.com
alias_maps         = hash:/etc/aliases
alias_database     = hash:/etc/aliases
myorigin           = $mydomain
mydestination      = $myhostname, $mydomain, localhost.$mydomain, localhost
relayhost          =
mynetworks         = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces    = all
inet_protocols     = ipv4

RHEL / CentOS 7 / 8 / 9 — Rocky / AlmaLinux 8 / 9:

myhostname         = mail.example.com
alias_maps         = hash:/etc/aliases
alias_database     = hash:/etc/aliases
myorigin           = $mydomain
mydestination      = $myhostname, $mydomain, localhost.$mydomain, localhost
relayhost          =
mynetworks         = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces    = all
inet_protocols     = all

Apply and Test

Validate, then reload:

postfix check
sudo systemctl reload postfix

The mail command is not bundled with Postfix — install it separately:

# Ubuntu 20.04 / 22.04 / 24.04
sudo apt install mailutils -y

# RHEL / CentOS 7
sudo yum install mailx -y

# RHEL 8 / 9 — Rocky / AlmaLinux 8 / 9
# mailx was removed in EL8; s-nail is the replacement
sudo dnf install s-nail -y

Send a test:

echo "Test body" | mail -s "Test subject" [email protected]

Watch the log to confirm delivery:

# Ubuntu
sudo tail -f /var/log/mail.log

# RHEL / CentOS / Rocky / AlmaLinux
sudo tail -f /var/log/maillog

Distro Differences at a Glance

A Few Things Worth Knowing

Relay protection — EL7 vs everything else

Postfix 2.10 (EL7) does not have smtpd_relay_restrictions — that parameter was introduced in Postfix 3.0. On EL7, relay control is handled by smtpd_recipient_restrictions, which defaults to permit_mynetworks, reject_unauth_destination. That default is safe and should not be removed.

On EL8, EL9, and all Ubuntu versions covered here (Postfix 3.x), smtpd_relay_restrictions exists and is active by default once compatibility_level is set — EL8/9 sets it to 2, Ubuntu sets it to 3.6. Same outcome, different mechanism.

TLS

All distros covered here ship with TLS set to may (opportunistic). That is acceptable for a basic setup. For a server that faces the internet, set both smtpd_tls_security_level and smtp_tls_security_level to encrypt.

DNS

If this server needs to receive mail from the internet, the domain's MX record must resolve to the value in myhostname. Without it, inbound delivery will not work regardless of how Postfix is configured.