Postfix /etc/systemd/postfix@.service
Authentic
๐ Debian 13 (Trixie)
87 lines
Compatibility
Currently viewing:
Debian 13 (Trixie)
Also compatible:
Different versions:
File Info
- Size
- 87 lines
- MD5
- 53ec4233bbab805c28584385bc8cbab4
- SHA256
- be701f7ece4576dd48c6151bad521813f6255fe70f7c5e4f25715c527e97ddb4
Quick Commands
curl:
curl https://exampleconfig.com/api/v1/config/original/53ec4233bbab805c28584385bc8cbab4?hint=postfix@.service
wget:
wget -O postfix@.service https://exampleconfig.com/api/v1/config/original/53ec4233bbab805c28584385bc8cbab4?hint=postfix@.service
/etc/systemd/postfix@.service
[Unit] Description=Postfix Mail Transport Agent (instance %i, /etc/postfix-%I) Documentation=man:postfix(1) After=network.target nss-lookup.target # network-online.target is a semi-working work-around for specific # network_interfaces, https://bugs.debian.org/854475#126 # Please add local override wanting network-online.target or # systemd-networkd-wait-online@INTERFACE:no-carrier.service #After=network-online.target #Wants=network-online.target PartOf=postfix.service Before=postfix.service ReloadPropagatedFrom=postfix.service AssertPathExists=/etc/postfix-%I/main.cf [Service] Type=forking # Force operations on single non-default instance Environment=MAIL_CONFIG=/etc/postfix-%I # perform 2-stage startup ExecStartPre=+postfix check ExecStart=postfix debian-systemd-start ExecStop=postfix stop ExecReload=postfix reload # Postfix consists of multiple processes run by a master(8) orchestrator, # each of them having different requirements. From the whole set, local(8) # (the Postfix local delivery agent) is the most demanding one, because it # runs things as user, and a user needs to be able to run suid/sgid programs # (if not only to be able to deliver mail to /var/spool/postfix/postdrop). # Individual Postfix daemons are started as root, optionally perform chroot # into the queue directory, and drop privileges voluntary # listen(2) on privileged ports (smtp) CapabilityBoundingSet=CAP_NET_BIND_SERVICE # chroot into queue dir CapabilityBoundingSet=CAP_SYS_CHROOT # drop root privs, run as user when delivering local mail CapabilityBoundingSet=CAP_SETGID CAP_SETUID # processes access protected files in non-root-owned dirs (acl root:rwx); CapabilityBoundingSet=CAP_DAC_OVERRIDE # https://bugs.debian.org/1099891 : CapabilityBoundingSet=CAP_DAC_READ_SEARCH # chown(2) is needed for procmal &Co to create /var/mail/$USER CapabilityBoundingSet=CAP_CHOWN # users might run suid/sgid programs from ~/.forward: RestrictSUIDSGID=no # for the same reason, NoNewPrivileges can not be set to yes NoNewPrivileges=no # if you don't use procmail for delivery to /var/mail/$USER, # CAP_CHOWN can be removed. # if you don't use local(8) at all, only doing local delivery over LMTP # or using virtual(8), you can also set #RestrictSUIDSGID=yes #NoNewPrivileges=yes # Also, CAP_DAC_OVERRIDE can be eliminated by adding root user to ACL to # postfix-owned dis in spool: public, private; and whatever maps in protected # subdirs you use, relying on cap_dac_override LockPersonality=yes MemoryDenyWriteExecute=yes ProtectControlGroups=yes ProtectClock=yes PrivateDevices=yes ProtectHostname=yes ProtectKernelLogs=yes ProtectKernelModules=yes ProtectKernelTunables=yes # ProtectProc is not usable with User=root: #ProtectProc=noaccess ProcSubset=pid # ProtectSystem can be "yes" if rw maps are in /etc, or "full" # Alternative would be "strict" +ReadWritePaths=/var ProtectSystem=full # Need to write to ~/Maildir/ etc: ProtectHome=no RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 RestrictNamespaces=yes RestrictRealtime=yes SystemCallFilter=@system-service @setuid chroot [Install] WantedBy=multi-user.target
How to Install Postfix
Alpine Linux
sudo apk add postfix
Debian
sudo apt update && sudo apt install postfix
Red Hat Enterprise Linux
sudo yum install postfix
Ubuntu
sudo apt update && sudo apt install postfix
Configuration File Location
Complete Postfix Configuration Guide
- What is postfix@.service?
- Download the original 'postfix@.service' (main.cf) configuration file from a fresh Postfix installation on Debian 13 (Trixie). This is the factory-default mail server configuration, essential for email system recovery, anti-spam setup, and understanding secure mail relay settings.
- Technical Details
- Located at '/etc/systemd/postfix@.service', this 87-line file controls SMTP authentication, TLS encryption, spam filtering, mail routing, and delivery policies. Powers email infrastructure for millions of domains and handles everything from personal mail servers to enterprise email systems processing thousands of messages daily.
- Common Configuration Question
- How do you configure Postfix for secure mail delivery, spam prevention, and high availability on Debian 13?
- Why Use This Configuration?
- This default configuration includes SPF/DKIM support, TLS encryption, and anti-spam measures. Critical for email administrators, system administrators, and DevOps engineers managing production mail infrastructure.
Frequently Asked Questions
When should I use this postfix@.service file?
Use this original configuration file when you need to restore Postfix to its default state after misconfiguration, during fresh installations, or as a baseline for customization. It's particularly useful for troubleshooting when your current config isn't working properly.
How do I restore Postfix to default settings?
Download this file and replace your current configuration at /etc/systemd/postfix@.service. Make sure to backup your existing configuration first, then restart the Postfix service to apply the changes.
Is this postfix@.service file secure for production use?
This is the factory-default configuration that ships with Postfix on Debian 13 (Trixie). While it provides a secure baseline, you should review and customize security settings based on your specific production requirements and compliance needs.
What's the difference between this and other OS versions?
This configuration is specifically from Debian 13 (Trixie). Different operating systems and versions may have slightly different default settings, security patches, or feature availability. Check the compatibility section above for other OS versions.
Can I use this configuration file for Postfix troubleshooting?
Yes, this original configuration is excellent for troubleshooting. Compare it with your current settings to identify modifications that might be causing issues, or temporarily replace your config with this one to isolate problems.
