Configure postfix for Drupal development

Submitted by steev on

Drupal sends a lot of email given half a chance. Especially with modules like messaging and notifications its possible to send email when new content is generated, when taxonomy terms are updated etc. It is generally considered 'poor practice' to send your user base test emails from your dev machine 'Testing from dev machine' sent to 50 000 users, wins you no friends and may lose you clients!

I have come across two approaches to this. The 'Sledgehammer' - run a script like 'update user set email to fakeemail.com' - which works in this instance. i.e. no users will be sent emails by accident although you presumably have a working postfix or sendmail daemon on a dev machine which may or may not one day be connected to the wrong database by accident.

Possibly the best way to do this is to prevent postfix from sending any emails outside of your domain. This also allows you to test mailshots without having to reconfigure a load of things, you don't have to set up dummy accounts for developers, your support staff can still use their live accounts to test things etc. Obviously if you're using an smtp gateway like Gmail then you're still up sh1t creek. But we'll deal with that at the end.

Postfix - A more friendly send mail?
If so i'd hate to run into sendmail in a dark alley. I have no idea why anyone can't write mail servers without slpurging out a selection of near incomprehensible man pages. I guess its because its difficult. But still, human configurable postfix is not. At least not for this human. Arcane power words and bizarre config files that can't be formatted at run time...

main.cf - might as well still be 1996
Ok, maybe thats harsh and i'll stop moaning now. This does what it says on the tin. Its the main conf/runtime program. Each stanza does something a bit like what you think it does but in a horrendously over complex 'look at me mom' way. But still. The objective is to prevent postfix sending emails to anyone not on my domain so i can use it for testing Drupal, Wordpress or any other application that sends email.

Add these lines to the bottom of your main.cf

authorized_submit_users = root
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access, reject
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access, reject
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/access, reject

  • authorized_submit_users = root
    • Postfix listens on port 25 for smtp connections but will also accept mail from userland mail programs (type mail steev@initsix.co.uk on your command line, and you'll be able to send email). So if your app sends email it might also use this method. Some email is good for you. Stuff from root telling you the /var partition is full etc. So this setting allows root to send email but denies it for every other user on the box. Similarly they must have a name - i.e. the process that sends the email must be coming from a uid in the /etc/passwd file else it will fail as well.
    • This line applies a restriction to different criteria:
      • smtpd_client_restrictions - Restricting which address emails can be sent to. This can also be set using reject_unauth_destination.
      • smtpd_sender_restrictions
        • Just that. Checks the email and rejects based on who its from "Reject MAIL FROM information"
      • smtpd_recipient_restrictions
        • The most deadly of all the magical power words. This prevents emails being sent to a particular address, or any address which may lead you to think you've broken postfix. "Reject RCPT TO information"

The second requirement for the magic of postfix is the access file. Place these lines in the magic receptacle (/etc/postfix/access). This line tells postfix that its ok to receive mail from, and send mail to initsix.co.uk (note how this file is referenced in the earlier commands):

initsix.co.uk OK

And then run this util to make the file into a hashed db format - once this file becomes huge then yeah, a db file makes sense...

$ portmap /etc/postfix/access

Aside from restarting postfix:

$ /etc/init.d/postfix restart

Thats about it folks. Please let me know if you know of better ways and/or spot any mistakes.

The other scenario is where you don't have control over the smtp server, or you're using external smtp libraries. I advise using the devel module and a simple drush script at build time or even changing the settings.php to include this configuration option:
$conf['smtp_library'] = 'sites/all/modules/devel/devel.module';

or preferably set it dynamically via a Drush command:

$ drush -y vset smtp_library sites/all/modules/devel/devel.module

Need to do some work on the old Amazon email solution - Amazon Simple Email Service...looking forward to that one.

References: 

http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions
http://www.postfix.org/postconf.5.html#reject_unauth_destination
http://www.postfix.org/SMTPD_ACCESS_README.html
http://www.howtoforge.com/forums/showthread.php?t=31633
http://www.postfix.org/access.5.html
http://serverfault.com/questions/94168/postfix-on-development-server-allow-only-...
http://www.postfix.org/SMTPD_ACCESS_README.html
http://www.postfix.org/postconf.5.html#permit_auth_destination
http://www.linuxquestions.org/questions/red-hat-31/how-to-make-postfix-only-rela...

Add new comment