it is built-in. if you want a newer version, Postfix builds on NetBSD as well (see below).

echo $PKG_PATH
pkg_add py37-spf py37-policyd-spf
which policyd-spf

grep ^postfix /etc/defaults/rc.conf


export DEBIAN_FRONTEND=noninteractive
apt -y install postfix postfix-pcre bsd-mailx postfix-policyd-spf-python
#mailutils pmailq rsyslog

systemctl status postfix


Building Postfix 3.x on NetBSD 7

this is not really required since NetBSD 8 and 9 have Postfix 3.1.4

although we are going to use Dovecot’s implementation of SASL, we could not get around this library

pkg_add cyrus-sasl
#cd /usr/pkgsrc/security/cyrus-sasl/
#make install
ll /usr/pkg/lib/sasl2/ #old
ll /usr/pkg/etc/sasl2/ #new

also we are going to enable SPF

pkg_add py-policyd-spf
#cd /usr/pkgsrc/mail/py-policyd-spf/
#make install

grab the latest release

ftp -a
ftp -a

you can use GPG v1.4 against the .gpg2 signature

gpg --version
gpg --list-keys
gpg --recv-keys 80CA15A7
gpg --verify postfix-3.4.7.tar.gz.gpg2 postfix-3.4.7.tar.gz
#Primary key fingerprint: 622C 7C01 2254 C186 6774  69C5 0C0B 590E 80CA 15A7

extract it and compile with SSL and SASL

tar xzf postfix-3.4.7.tar.gz
cd postfix-3.4.7/
#make tidy
vi makedefs


vi src/util/sys_defs.h 

|| defined(NETBSD) || defined(EKKOBSD1) || defined(DRAGONFLY) 

w/ system’s SSL

make makefiles CCARGS="-DUSE_TLS" AUXLIBS="-lssl -lcrypto"

w/ local SSL

make makefiles CCARGS="-I/usr/local/include -DUSE_TLS" AUXLIBS="-L/usr/local/lib -lssl -lcrypto"

w/ SASL/Dovecot


that was for Cyrus+Dovecot?

#ll /usr/local/include/sasl/ /usr/local/lib/sasl2/
#ll /usr/pkg/include/sasl/ /usr/pkg/lib/sasl2/
#make makefiles \
#'CCARGS=-I/usr/local/include -I/usr/pkg/include/sasl \
#-DDEF_SERVER_SASL_TYPE=\"dovecot\" \
#'AUXLIBS=-L/usr/local/lib -L/usr/pkg/lib/sasl2 \
#-lssl -lcrypto -lsasl2'

and build Wietse’s anti-spam framework^^

dmesg | egrep '] cpu[0-9]+:'
make clean
time make -j8 > ../postfix.make.log && echo BUILT

override it and check

grep postfix /etc/passwd
grep postfix /etc/group
grep maildrop /etc/group
make install

…and eventually accept all the defaults, overriding system’s built-in version.

which postfix
which postconf
postconf -d | grep version

check that you got Cyrus or Dovecot SASL enabled

postconf -a

now you CAN KEEP USING system’s built-in rc script

/etc/rc.d/postfix stop
postfix check
/etc/rc.d/postfix start


postfix/master[7421]: warning: process /usr/libexec/postfix/smtpd pid 7565 killed by signal 6
postfix/master[7421]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling

ll /etc/postfix/
chown -R root:wheel /etc/postfix/

ll /usr/libexec/postfix/
chown -R root:wheel /usr/libexec/postfix/

ll /usr/sbin/post*
ll /usr/sbin/sendmail
chown root:wheel /usr/sbin/post*
chown root:wheel /usr/sbin/sendmail
chown root:maildrop /usr/sbin/postqueue
chown root:maildrop /usr/sbin/postdrop
chmod g+s /usr/sbin/postqueue
chmod g+s /usr/sbin/postdrop

ll /usr/bin/newaliases
ll /usr/bin/mailq
chown root:wheel /usr/bin/newaliases
chown root:wheel /usr/bin/mailq


Postfix Installation From Source Code

NetBSD mail server with Postfix, BIND (for DNS), Dovecot, Pigeonhole (Sieve), SSL, DKIM and SPF

Complete (almost) Mail Server with NetBSD

Nethence | Pub | Lab | Pbraun | SNE Russia | xhtml