63 Comments


  1. Great write up. Thanks very much. These instructions were concise and worked flawlessly.

    You definitely saved me a ton of time on this. Cheers!

    Reply

    1. @Tim: Great to hear it! I used to depend on RPMs to install Postfix, but building from the source is more secure and clearly not that difficult, so I prefer it this way now. :)

      Reply
  2. Rob

    You did a ‘make uprade’, and in the text it’s clear that the RHEL/CentOS Postfix package is still in place (otherwise upgrade wouldn’t make much sense). Don’t forget to exclude Postfix from your yum repository, because otherwise a ‘yum upgrade [postfix]‘ may overwrite your newly compiled Postfix-2.8.

    /etc/yum.conf (for overall config):
    exclude=postfix*

    Reply
  3. Nick

    Thank you for this truly valuable article. Would you please clarify, after we have completed all this process and, for any reason, the new postfix installation doesn’t seem to work as expected, is it possible to roll back to the version running before the upgrade? That is, how can we uninstall the new 2.8.0 version? Can we automatically return to our previous version (postfix-2.3.3-2.1) or we must install it from scratch, after we remove 2.8.0?

    Reply

    1. Presuming you kept the source directory (and you should until you know you’re happy with it), just do a make uninstall and it should remove it. Then you can use yum to install 2.3.3 (but if you don’t want 2.8, you’d still be better off using 2.6 or 2.7).

      Reply
  4. Nick

    Thanks Steve.
    Please, allow me two more questions:
    1/ Is there a way we can -minimally- test the newly compiled version before we do a “make upgrade”, so we at least know it is compiled correctly?
    2/ Can we easily build an rpm (for example, using a command like “make rpm”) and then use it to upgrade (rpm -Uvh) rather than directly upgrading from source with “make upgrade”?

    Reply

    1. 1) I don’t know of a way to test the compiled version, because it’s actually a number of binaries that interact with each other. However, reading through the compile output for fatal errors is the best way to verify that it compiled correctly. 2) Yes, you can certainly build your own RPMs.

      Reply
  5. Nick

    Hi again,

    I just followed your directions. I also included the vda patch for 2.8.0 which was published just yesterday (see http://vda.sourceforge.net)! In the parent dir of the source directory (say the source dir is postfix-2.8.0), place the downloaded file: postfix-vda-2.8.0.patch and then run:
    # cd postfix-2.8.0
    # patch -p1 < ../postfix-vda-2.8.0.patch

    You get:
    patching file README_FILES/VDA_README
    patching file src/global/mail_params.h
    patching file src/util/file_limit.c
    patching file src/virtual/mailbox.c
    patching file src/virtual/maildir.c
    patching file src/virtual/virtual.c
    patching file src/virtual/virtual.h

    After that, I continued with your directions. "make" worked fine; however, after "make upgrade", when I restarted postfix, I found out that it wouldn't work with ldap. In the logs: "fatal: unsupported dictionary type: ldap".

    I then tried to "make uninstall" but I got the message:
    "make: *** No rule to make target `uninstall'. Stop."

    Then I did everything from the start, but I added to your "make makefiles" command the following line (in CCARGS):
    -DHAS_LDAP -DLDAP_DEPRECATED=1 \
    (I decided I should use it based on the output of /etc/postfix/makedefs.out, although I know nothing about it.)

    Then, everything went fine. After "make", I did: "make upgrade" (without having uninstalled the previous version), and things went fine. LDAP support is now included. Thank God.

    You may want to update your great article to include the above addition for correct support of LDAP (and optionally for including VDA).

    A useful addition in your how-to would be to describe the correct additions (in "make makefile") to add mysql support.

    Since uninstall did not work, it would be interesting to investigate how we could uninstall. Otherwise, we would probably not be able to install the 2.3.3 version again, in case of continued problem with the compiled version. I didn't try that, as I'm on a production server and have little opportunity for experimentation.

    All the best.

    Reply

  6. Thanks for the comments and suggestions, Nick. I’ve added the LDAP arguments to my default Makefile instructions, and I also added additional examples for those who need MySQL support. I don’t really want to get into patching Postfix in this article, as that potentially opens a huge can of worms (especially for beginning users). Concerning the uninstall, that’s lame! I’ve never had to uninstall Postfix, but I’ll poke around a bit more to see what I can find. As you know, it’s always advisable to try things out on a test server before deploying them on production servers. Of course, that’s not always possible – but it’s always preferable. :)

    Reply
  7. Nick

    Thank you Steve,

    By the way, I would like a clarification about the “huge can of worms” you mention with regard to patching. I agree, patching is a practice to be avoided, yet VDA (“Postfix Virtual Delivery Agent”) seems to be quite widespread (a lot of Postfix RPMs with VDA included are also available around). I wish full (per user) quota support could be integrated in Postfix as a standard feature, so we could avoid patching…

    Are you aware of VDA-caused problems?

    Reply

    1. By “can of worms,” I mean troubleshooting – particularly for beginning users, for whom my “How To” posts are generally designed. I’m not saying that patching should be avoided… only that it should be used by those whose needs can’t be met by other means, who know what they are doing, and who are experienced enough to understand what the patch is doing and how it may affect downstream processes. I’m well aware of why some might want VDA, but it’s a topic that goes beyond the intent of this blog post. Have you emailed Wietse and suggested he include it a future version? He just may grant your wish! :)

      Reply
  8. Marta Silva

    I did it! It was but then I got the
    “fatal: unsupported dictionary type: ldap” error.

    When I run “postconf -m” I do not see ldap ?

    My makedefs.out:

    SYSTYPE = LINUX2
    AR = ar
    ARFL = rv
    RANLIB = ranlib
    SYSLIBS = -L/usr/lib64 -L/usr/lib64/openssl -lssl -lcrypto -lsasl2 -lpcre -lz -lm -lldap -llber -Wl,-rpath,/usr/lib64/openssl -pie -Wl,-z,relro -ldb -lnsl -lresolv
    CC = gcc $(WARN) -fPIC -DUSE_TLS -DUSE_SSL -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -DPREFIX=\”/usr\” -DHAS_PCRE -DSNAPSHOT -I/usr/include/openssl -I/usr/include/sasl -I/usr/incl
    ude
    OPT = -O
    DEBUG = -g
    AWK = awk
    STRCASE =
    EXPORT = AUXLIBS=’-L/usr/lib64 -L/usr/lib64/openssl -lssl -lcrypto -lsasl2 -lpcre -lz -lm -lldap -llber -Wl,-rpath,/usr/lib64/openssl -pie -Wl,-z,relro’ CCARGS=’-fPIC -DUSE_T
    LS -DUSE_SSL -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -DPREFIX=\”/usr\” -DHAS_PCRE -DSNAPSHOT -I/usr/include/openssl -I/usr/include/sasl -I/usr/include’ OPT=’-O’ DEBUG=’-g’
    WARN = -Wall -Wno-comment -Wformat -Wimplicit -Wmissing-prototypes \
    -Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \
    -Wunused -Wno-missing-braces

    What did I do wrong? How to fix this?

    Thanks.

    — Marta

    Reply

  9. Hi, Marta. Did you install the openldap and openldap-devel packages with “yum openldap openldap-devel” ?

    Reply
  10. Josh

    Hello,

    How can I install postfix 2.8 in Fedora 13?

    “make” does not work.

    Any ideas?

    Reply

    1. @Josh: I’ll need something more specific in order to help. Do you have gcc installed (yum install gcc)? What’s the exact error make is giving you?

      Reply
  11. josh

    Hello,

    Thank you

    I did yum install gcc and it is working.

    Reply
  12. Marta

    Hi Steve,

    Thank you for your reply.

    I do have openldap installed as you can see from the following:

    “root@server]# rpm -qa | grep ldap
    nss_ldap-253-25.el5
    openldap-2.3.43-12.el5_5.3
    openldap-devel-2.3.43-12.el5_5.3

    Thanks.

    Regards,

    — Marta

    Reply
  13. Josh

    I am installing postfix in another VPS.
    Fedora 13 32 bits

    I got an error message:

    [root@dom postfix-2.8.0]# make upgrade



    gcc -Wmissing-prototypes -Wformat -fPIC -DUSE_TLS -DUSE_SSL -DUSE_SASL_AUTH -DUS
    E_CYRUS_SASL -DPREFIX=\”/usr\” -DHAS_PCRE -DSNAPSHOT -I/usr/include/openssl -I/u
    sr/include/sasl -I/usr/include -g -O -I. -I../../include -DLINUX2 -c postcat.c
    gcc -Wmissing-prototypes -Wformat -fPIC -DUSE_TLS -DUSE_SSL -DUSE_SASL_AUTH -DUS
    E_CYRUS_SASL -DPREFIX=\”/usr\” -DHAS_PCRE -DSNAPSHOT -I/usr/include/openssl -I/u
    sr/include/sasl -I/usr/include -g -O -I. -I../../include -DLINUX2 -o postcat pos
    tcat.o ../../lib/libglobal.a ../../lib/libutil.a -L/usr/lib -L/usr/lib/openssl –
    lssl -lcrypto -lsasl2 -lpcre -lz -lm -lldap -llber -Wl,-rpath,/usr/lib/openssl –
    pie -Wl,-z,relro -ldb -lnsl -lresolv
    cp postcat ../../bin
    [src/postconf]
    awk -f auto.awk
    touch autos_dummy
    touch: setting times of autos_dummy': Bad address
    make: *** [autos_dummy] Error 1
    make: *** [update] Error 1

    [root@dom postfix-2.8.0]# service postfix restart
    Shutting down postfix: [FAILED]
    touch: setting times of
    /var/lock/subsys/postfix': Bad addressK ]

    [root@dom postfix-2.8.0]#

    Reply
  14. josh

    I try it on a fresh Fedora 13 32 bits installation and I got this error.

    [root@dom postfix-2.8.0]# make

    sr/include/sasl -I/usr/include -g -O -I. -I../../include -DLINUX2 -o postcat pos
    tcat.o ../../lib/libglobal.a ../../lib/libutil.a -L/usr/lib -L/usr/lib/openssl –
    lssl -lcrypto -lsasl2 -lpcre -lz -lm -lldap -llber -Wl,-rpath,/usr/lib/openssl –
    pie -Wl,-z,relro -ldb -lnsl -lresolv
    cp postcat ../../bin
    [src/postconf]
    awk -f auto.awk
    touch autos_dummy
    touch: setting times of `autos_dummy': Bad address
    make: *** [autos_dummy] Error 1
    make: *** [update] Error 1
    [root@dom postfix-2.8.0]#

    Reply

  15. @Josh: Sorry, but these instructions are specific to Postfix 2.8 on a CentOS 5 box. Sometimes CentOS 5 -> Fedora 13 instructions are compatible, but Fedora 13 is a MUCH newer distro than CentOS 5, and it appears that in this case the instructions don’t “translate” directly. I wish I could help more, but I don’t currently have a Fedora 13 box set up to test, so I’m unable to reproduce the errors. I recommend trying the postfix-users mailing list to see if they can help you troubleshoot this specific case.

    Reply
  16. Marta Silva

    CentOS release 5.5 (Final)

    Linux server 2.6.18-194.32.1.el5 #1 SMP Wed Jan 5 17:52:25 EST 2011 x86_64 x86_64 x86_64 GNU/Linux

    Note: MTA is postfix (not sendmail)

    Thanks,

    — Marta

    Reply

    1. @Marta: Those seem to be the right libraries. I have these ones installed in my system:

      # rpm -qa | grep ldap
      openldap-2.3.43-12.el5_5.3
      python-ldap-2.2.0-2.1
      nss_ldap-253-25.el5
      php-ldap-5.1.6-27.el5_5.3
      openldap-devel-2.3.43-12.el5_5.3

      Looking at your make output, it looks like you may not be using the make makefiles command exactly as shown in this How To. Do a make tidy, then copy and paste the appropriate make makefiles command for your system above, and give it another shot.

      Reply
  17. Marta Silva

    Hi Steve,

    It did work this time!

    Thanks for your replies and all the help!

    — Marta

    Reply


  18. Hey, that was a huge help. Saved a good hour of time, esp. with the configuration options for the makefile. Thanks a lot for this post.

    Reply
  19. Nick

    Hi Steve,

    Because we should never build packages as root, for completeness to your great tutorial, I give the following directions (which worked for my CentOS 5.6 64bit):

    // Add group:
    # groupadd swbuilder
    // Add user (in the swbuilder group):
    # useradd -c “Software Builder Account” -g swbuilder swbuilder

    // Define password for user swbuilder:
    # passwd swbuilder
    **********

    // Now, before changing user, install any additional required packages, according to the directions

    // Switch to swbuilder user account:
    # su swbuilder

    // Go to our new home dir (/home/swbuilder):
    # cd

    // Get latest package from http://www.postfix.org/download.html
    # wget ftp://anymirror/path.to/postfix-2.8.3.tar.gz

    // Untar:
    # tar zxf postfix-2.8.3.tar.gz

    # cd postfix-2.8.3

    // compile according to directions (there were no file ownership or other problems during compilation, which included ldap) and then:

    # su root
    # make upgrade

    # postconf -d | grep mail_version
    mail_version = 2.8.3
    // Done.

    Reply

  20. Awesome tutorial. Thanks for helping me get up and running with mysql support on my REL server in no time.

    Reply
  21. DeltaHF

    Could we not just point YUM to an updated repository with more recent versions of Postfix? I can’t find any such repository, but I’m optimistic there may be something out there…

    Reply

    1. Hi, DeltaHF. I agree – it’s a pain to have to do this to get an updated version of Postfix on RedHat. I haven’t been able to find a reliable repo that has this either. I’m tempted just to create my own RPMs and host them myself :) If you find a good repo, please share it and I’ll post it here.

      Reply
      1. DeltaHF

        That would be awesome, Steve. I’ve been looking all day and still haven’t found anything, even in the CentOS Plus and Fasttrack repositories listed here.

        I’m surprised there isn’t more discussion/interest in this around the web, considering Postfix’s supposed popularity. Thanks for sharing your guide above, though – I’ll just compile it myself and see how it goes.

        Reply
        1. Nick

          CentALT repo usually has updated versions for Postfix (and other software too). I’ve been using their packages for some time and I find they don’t have issues.

          http://centos.alt.ru/repository/centos/

          For example, using their RPMs I just upgraded httpd on my Centos 5.7 systems from the ancient included version to the latest. Everything went smoothly. (I might write a short how-to on it.)

          Nick

          Reply
  22. Joel

    Hi, I’m about to try your tutorial on my company’s mail server, I’m using RHEL 5 and I have some questions if you don’t mind.
    Since this is the first time I’m attempting something like this i’d like to know what exactly should I backup, what are the cofiguration files or just files that I should save?
    What about the user’s inboxes files or directories, should I do something about them?
    Personally I’m using postfix, dovecot, and squirrelmail; by performing this update would I have to modify anything on my other services? or would it be transparent to them?
    Thanks in advance.

    Reply

    1. Hi, Joel. Theoretically, this upgrade process won’t overwrite any of your configuration settings, but backing up main.cf and master.cf is still a good idea. This won’t touch your users’ mail files. However… if you’re managing your company’s mail server and don’t have a FULL backup plan in place for that server (regardless of this upgrade), that’s probably something you should also look at. But for this Postfix upgrade, as long as you stick to these instructions, nothing will be overwritten.

      Reply
      1. Joel

        Thanks for the quick response Steve. Currently I’m preparing a test environment in another server where I’ll upgrade Postfix following your instructions. Should that test go right I’ll do it on the original mail server. I’ll keep you posted if anything goes wrong.

        P.D. Would you happen to know how to migrate all data and configuration from one physical mail server to another?

        Reply

        1. I’ve never done it, but I’ve seen it discussed on the Postfix user email list. I’d recommend seeing if someone has a HowTo online, or ask on that email list. I’m sure someone there has done it.

          Reply

  23. Suresh

    Dear Steve ,

    How can I check whether smtp auth is enabled after all these installations ?

    Reply
  24. Nick

    I thought I would try to follow the same procedure on Centos 6, but there is no /etc/postfix/makedefs.out file (or anything similar) there… How can we know the build options of postfix on Centos 6 so we can build from source with the same options? Any experience/advice?

    Thanks,
    Nick

    Reply
  25. Nick

    Is there a way we can build 2.8.x RPMs based on CentOS-standard-options postfix using a similar to the above procedure?

    Can we find such (CentOS-standard-options) Postfix .src.rpm? Where?

    Building RPMs would ease the process of upgrading a number of systems; otherwise, we would have to build Postfix on each system separately.

    Thanks,
    Nick

    Reply
  26. Shork

    Hi steve,

    i’ve a problem with “make upgrade”, it give me this message:
    Please review the INSTALL instructions first.
    I’ve try with postfix-2.9.3 and postfix-2.8.7.

    Thanks

    Reply
  27. Nick

    Important addition: After upgrading, following the directions of the article, you must run:

    # postfix upgrade-configuration

    Otherwise you might end up with problems in your configuration for the new (upgraded) postfix version!

    Reply
    1. Shork

      Hi Nick,

      can you hel me for this message:

      [root@ns1 postfix-2.9.3]# make upgrade
      Please review the INSTALL instructions first.

      Thanks

      Reply
      1. ishmael

        type “make update” before “make upgrade” that’s work for me

        Reply

  28. mahardika

    hi. I’m building a mail server with postfix in centos 5.5.
    I want to replace the postfix 2.10.0 transport protocol that used TCP to SCTP​​. and I do not know how to do it. Can you help me Mr. Steve Jenkins..??

    Reply

  29. Fred DRAN

    Thanks a lot for this nice howto. It has worked without a glitch.

    Reply
  30. Brad

    You’ve a typo in your 64bit mysql makefile. Missing a space before -Wl

    -llber-Wl,-rpath,/usr/lib64/openssl

    should be

    -llber -Wl,-rpath,/usr/lib64/openssl

    Reply

      1. Thanks Steve. Well written article and kudos to you as it saved me a significant amount of time upgrading our postfix farm. I integrated HaProxy into our environment this weekend and it required postscreen in postfix which wasn’t introduced until postfix 2.8. Kills me sometimes how slow RHEL is to adopt updated versions. 2.6.6 is March 2010! On the postfix site, 2.6 is now deprecated. *boggle*

        Brad

        Reply

        1. You’re totally right. And on the flip side, Postfix development moves along pretty steadily, making it worse.

          You’ll love having Postscreen running, too. It’s one of the best anti-bot tools out there, and significantly cuts down on the inbound spam on our servers. Be sure to check out my OpenDKIM articles too. I package it for Fedora/EPEL, and if you’re looking to sign outbound (or verify inbound) mail, it’s the easiest way to do it.

          Reply
  31. john

    hi, after chmod 755 on the make… i try to execute the sh but it does nothing and immediately comes back to command line… no output, nothing… how possible? thanks

    Reply
      1. john

        yes, it’s in the same directory of postfix-2.11.2 (latest version now is .11.2 ) sh make_postfix.sh there does nothing… i’m trying to install it to replace Sendmail (if it’s better) with Sendmai i have an issue with “require smtp authentication” for port 25… if i require that i don’t know how to regularly receive emails from others addressed to my local users, ’cause it always wants authentication… is there a way to require auth on port 25 but continue to receive emails from external relays TO my users? thanks

        Reply
  32. lexusburn

    Thank you for this great and helpfull article.

    I would like to compile latest postfix 2.11.2 and link it against latest static openssl 1.0.1j because 0.9.8 what is default on centos5 is not the finest.

    Can anyone explain me how i can do this?

    Reply

Leave a Reply