Ce contenu n'est pas disponible dans la langue sélectionnée.
19.3. Mail Transport Agents
Red Hat Enterprise Linux offers two primary MTAs: Postfix and Sendmail. Postfix is configured as the default MTA, although it is easy to switch the default MTA to Sendmail. To switch the default MTA to Sendmail, you can either uninstall Postfix or use the following command to switch to Sendmail:
~]# alternatives --config mta
You can also use a command in the following format to enable or disable the desired service:
chkconfig service_name on | off
19.3.1. Postfix
Originally developed at IBM by security expert and programmer Wietse Venema, Postfix is a Sendmail-compatible MTA that is designed to be secure, fast, and easy to configure.
To improve security, Postfix uses a modular design, where small processes with limited privileges are launched by a master daemon. The smaller, less privileged processes perform very specific tasks related to the various stages of mail delivery and run in a changed root environment to limit the effects of attacks.
Configuring Postfix to accept network connections from hosts other than the local computer takes only a few minor changes in its configuration file. Yet for those with more complex needs, Postfix provides a variety of configuration options, as well as third party add-ons that make it a very versatile and full-featured MTA.
The configuration files for Postfix are human readable and support upward of 250 directives. Unlike Sendmail, no macro processing is required for changes to take effect and the majority of the most commonly used options are described in the heavily commented files.
19.3.1.1. The Default Postfix Installation
The Postfix executable is
/usr/sbin/postfix. This daemon launches all related processes needed to handle mail delivery.
Postfix stores its configuration files in the
/etc/postfix/ directory. The following is a list of the more commonly used files:
access— Used for access control, this file specifies which hosts are allowed to connect to Postfix.main.cf— The global Postfix configuration file. The majority of configuration options are specified in this file.master.cf— Specifies how Postfix interacts with various processes to accomplish mail delivery.transport— Maps email addresses to relay hosts.
The
aliases file can be found in the /etc/ directory. This file is shared between Postfix and Sendmail. It is a configurable list required by the mail protocol that describes user ID aliases.
Important
The default
/etc/postfix/main.cf file does not allow Postfix to accept network connections from a host other than the local computer. For instructions on configuring Postfix as a server for other clients, see Section 19.3.1.2, “Basic Postfix Configuration”.
Restart the
postfix service after changing any options in the configuration files under the /etc/postfix directory in order for those changes to take effect:
~]# service postfix restart
19.3.1.2. Basic Postfix Configuration
By default, Postfix does not accept network connections from any host other than the local host. Perform the following steps as
root to enable mail delivery for other hosts on the network:
- Edit the
/etc/postfix/main.cffile with a text editor, such asvi. - Uncomment the
mydomainline by removing the hash sign (#), and replace domain.tld with the domain the mail server is servicing, such asexample.com. - Uncomment the
myorigin = $mydomainline. - Uncomment the
myhostnameline, and replace host.domain.tld with the host name for the machine. - Uncomment the
mydestination = $myhostname, localhost.$mydomainline. - Uncomment the
mynetworksline, and replace 168.100.189.0/28 with a valid network setting for hosts that can connect to the server. - Uncomment the
inet_interfaces = allline. - Comment the
inet_interfaces = localhostline. - Restart the
postfixservice.
Once these steps are complete, the host accepts outside emails for delivery.
Postfix has a large assortment of configuration options. One of the best ways to learn how to configure Postfix is to read the comments within the
/etc/postfix/main.cf configuration file. Additional resources including information about Postfix configuration, SpamAssassin integration, or detailed descriptions of the /etc/postfix/main.cf parameters are available online at http://www.postfix.org/.
19.3.1.2.1. Configuring Postfix to Use Transport Layer Security
Configuring postfix to use transport layer security (TLS) is described in the Red Hat Knowledgebase solution How to configure postfix with TLS?
Important
Due to the vulnerability described in Resolution for POODLE SSL 3.0 vulnerability (CVE-2014-3566) in Postfix and Dovecot, Red Hat recommends disabling
SSL, if it is enabled, and using only TLSv1.1 or TLSv1.2. Backwards compatibility can be achieved using TLSv1.0. Many products Red Hat supports have the ability to use SSLv2 or SSLv3 protocols. However, the use of SSLv2 or SSLv3 is now strongly recommended against.
19.3.1.3. Using Postfix with LDAP
Postfix can use an
LDAP directory as a source for various lookup tables (e.g.: aliases, virtual, canonical, etc.). This allows LDAP to store hierarchical user information and Postfix to only be given the result of LDAP queries when needed. By not storing this information locally, administrators can easily maintain it.
19.3.1.3.1. The /etc/aliases lookup example
The following is a basic example for using
LDAP to look up the /etc/aliases file. Make sure your /etc/postfix/main.cf file contains the following:
alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf
Create a
/etc/postfix/ldap-aliases.cf file if you do not have one already and make sure it contains the following:
server_host = ldap.example.com search_base = dc=example, dc=com
where
ldap.example.com, example, and com are parameters that need to be replaced with specification of an existing available LDAP server.
Note
The
/etc/postfix/ldap-aliases.cf file can specify various parameters, including parameters that enable LDAP SSL and STARTTLS. For more information, see the ldap_table(5) man page.
For more information on
LDAP, see Section 20.1, “OpenLDAP”.
