第 2 章 Deploying and configuring a Postfix SMTP server

Procedure

1. Remove the Sendmail utility:

   # dnf remove sendmail

2. Install Postfix:

   # dnf install postfix

3. To configure Postfix, edit the /etc/postfix/main.cf file and make the following changes:

   1. By default, Postfix receives emails only on the loopback interface. To configure Postfix to listen on specific interfaces, update the inet_interfaces parameter to the IP addresses of these interfaces:

      inet_interfaces = 127.0.0.1/32, [::1]/128, 192.0.2.1, [2001:db8:1::1]

      To configure Postfix to listen on all interfaces, set:

      inet_interfaces = all

   2. If you want that Postfix uses a different hostname than the fully-qualified domain name (FQDN) that is returned by the gethostname() function, add the myhostname parameter:

      myhostname = smtp.example.com

      For example, Postfix adds this hostname to header of emails it processes.

   3. If the domain name differs from the one in the myhostname parameter, add the mydomain parameter:

      mydomain = example.com

   4. Add the myorigin parameter and set it to the value of mydomain:

      myorigin = $mydomain

      With this setting, Postfix uses the domain name as origin for locally posted mails instead of the hostname.

   5. Add the mynetworks parameter, and define the IP ranges of trusted networks that are allowed to send mails:

      mynetworks = 127.0.0.1/32, [::1]/128, 192.0.2.1/24, [2001:db8:1::1]/64

      If clients from not trustworthy networks, such as the internet, should be able to send mails through this server, you must configure relay restrictions in a later step.

4. Verify if the Postfix configuration in the main.cf file is correct:

   # postfix check

5. Enable the postfix service to start at boot and start it:

   # systemctl enable --now postfix

6. Allow the SMTP traffic through firewall and reload the firewall rules:

   # firewall-cmd --permanent --add-service smtp
   # firewall-cmd --reload

Verification

1. Verify that the postfix service is running:

   # systemctl status postfix

   • Optional: Restart the postfix service, if the output is stopped, waiting, or the service is not running:

     # systemctl restart postfix

   • Optional: Reload the postfix service after changing any options in the configuration files in the /etc/postfix/ directory to apply those changes:

     # systemctl reload postfix

2. Verify the email communication between local users on your system:

   # echo "This is a test message" | mail -s <subject> <user@mydomain.com>

3. To verify that your mail server does not relay emails from external IP ranges to foreign domains, follow the below mentioned procedure:

   1. Log in to a client which is not within the subnets that you defined in mynetworks.
   2. Configure the client to use your mail server.
   3. Try to send an email to an email address that is not under the domain you specified in mydomain on your mail server. For example, try to send an email to non-existing-user@redhat.com.

   4. Check the /var/log/maillog file:

      554 Relay access denied - the server is not going to relay.
      250 OK or similar - the server is going to relay.