Red Hat Summit2장. Deploying and configuring a Postfix SMTP server
As a system administrator, you can configure your email infrastructure by using a mail transport agent (MTA), such as Postfix, to transport email messages between hosts by using the SMTP protocol. Postfix is a server-side application for routing and delivering mail. You can use Postfix to set up a local mail server, create a null-client mail relay, use a Postfix server as a destination for multiple domains, or choose an LDAP directory instead of files for lookups.
The postfix package provides multiple configuration files in the /etc/postfix/ directory.
To configure your email infrastructure, use the following configuration files:
-
main.cf: contains the global configuration of Postfix. -
master.cf: specifies Postfix interaction with various processes to accomplish mail delivery. -
access: specifies access rules, for example hosts that are allowed to connect to Postfix. -
transport: maps email addresses to relay hosts. -
aliases: contains a configurable list required by the mail protocol that describes user ID aliases. Note that you can find this file in the/etc/directory.
The key features of Postfix:
- Security features to protect against common email related threats
- Customization options, including support for virtual domains and aliases
2.1. Installing and configuring a Postfix SMTP server
You can configure your Postfix SMTP server to receive, store, and deliver email messages. If the mail server package is not selected during the system installation, Postfix will not be available by default. Perform the following steps to install Postfix:
Prerequisites
- You have the root access.
- Register your system
Procedure
Remove the Sendmail utility:
# dnf remove sendmailInstall Postfix:
# dnf install postfixTo configure Postfix, edit the
/etc/postfix/main.cffile and make the following changes:By default, Postfix receives emails only on the
loopbackinterface. To configure Postfix to listen on specific interfaces, update theinet_interfacesparameter to the IP addresses of these interfaces:inet_interfaces = 127.0.0.1/32, [::1]/128, 192.0.2.1, [2001:db8:1::1]To configure Postfix to listen on all interfaces, set:
inet_interfaces = allIf you want that Postfix uses a different hostname than the fully-qualified domain name (FQDN) that is returned by the
gethostname()function, add themyhostnameparameter:myhostname = smtp.example.comFor example, Postfix adds this hostname to header of emails it processes.
If the domain name differs from the one in the
myhostnameparameter, add themydomainparameter:mydomain = example.comAdd the
myoriginparameter and set it to the value ofmydomain:myorigin = $mydomainWith this setting, Postfix uses the domain name as origin for locally posted mails instead of the hostname.
Add the
mynetworksparameter, and define the IP ranges of trusted networks that are allowed to send mails:mynetworks = 127.0.0.1/32, [::1]/128, 192.0.2.1/24, [2001:db8:1::1]/64If clients from not trustworthy networks, such as the internet, should be able to send mails through this server, you must configure relay restrictions in a later step.
Verify if the Postfix configuration in the
main.cffile is correct:# postfix checkEnable the
postfixservice to start at boot and start it:# systemctl enable --now postfixAllow the SMTP traffic through firewall and reload the firewall rules:
# firewall-cmd --permanent --add-service smtp # firewall-cmd --reload
Verification
Verify that the
postfixservice is running:# systemctl status postfixOptional: Restart the
postfixservice, if the output is stopped, waiting, or the service is not running:# systemctl restart postfixOptional: Reload the
postfixservice after changing any options in the configuration files in the/etc/postfix/directory to apply those changes:# systemctl reload postfix
Verify the email communication between local users on your system:
# echo "This is a test message" | mail -s <subject> <user@mydomain.com>To verify that your mail server does not relay emails from external IP ranges to foreign domains, follow the below mentioned procedure:
-
Log in to a client which is not within the subnets that you defined in
mynetworks. - Configure the client to use your mail server.
-
Try to send an email to an email address that is not under the domain you specified in
mydomainon your mail server. For example, try to send an email tonon-existing-user@redhat.com. Check the
/var/log/maillogfile:554 Relay access denied - the server is not going to relay. 250 OK or similar - the server is going to relay.
-
Log in to a client which is not within the subnets that you defined in
Troubleshooting
-
In case of errors, check the
/var/log/maillogfile.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}