Postfix is a Mail Transport Agent (MTA) responsible for the transfer of e-mails between mail servers using the SMTP protocol. In this article I will share the steps to configure postfix mail server and client using postfix SMTP relay along with some examples to check SMTP server check configuration and connection in CentOS/RHEl 7/8 Linux.
Lab Environment
I have two Virtual Machines on Oracle VirtualBox installed on my Linux Server. We will use one of these VMs (centos-8.example.com
) to configure Postfix Mail Server and DNS Server while the other VM (rhel-8.example.com
) to act as client. I have verified these steps on CentOS/RHEL 8, but I assume the same steps would work on CentOS/RHEL 7. Please do let me know if you face any trouble while following these steps using the comment section below this article.
Below is my Postfix Mail Server (also my DNS Server)
Node | Details |
---|---|
hostname/FQDN | centos-8.example.com |
IP Address | 192.168.0.10 |
CNAME | mail.example.com |
OS | CentOS 8 |
Below is my Client Server
Node | Details |
---|---|
hostname/FQDN | rhel-8.example.com |
IP Address | 192.168.0.11 |
OS | RHEL 8 |
Why DNS Server is needed for SMTP Mail Server
- If you wish to configure postfix mail server for a single node where user's can send mail locally to each other and you can receive email alerts for system activities on localhost then you do not need DNS Server for your SMTP Mail Server.
- A user deepak on a workstation
server1.example.com
will not be aware of useramit
available onserver2.example.com
which is where DNS server comes in. - We use MX records in DNS servers as they provide mail-routing information. They specify mail exchangers for domains that is, the names of the mail hubs that handle all the mail for a domain name.
- So we configure postfix mail server which acts as MTA, this will act as SMTP relay host and can receive message from user
deepak
fromserver1.example.com
and transfer it to useramit
onserver2.example.com
and vice versa. - MTAs such as Postfix need a way to determine which host or hosts are the mail hubs for a domain. DNS MX records provide this information.
I have already written another article with detailed explanation and steps to configure BIND DNS Server in chroot environment in CentOS/RHEL 7 and 8 Linux. Additionally here we need to add some MX and CNAME records to our existing DNS forward and reverse zone files to configure postfix mail server.
Sample DNS Forward and Reverse Zone File on DNS Server
Below is my sample forward zone file. Here I am using a single mail server which is my localhost i.e. centos-8.example.com
. I have also defined a CNAME record so I can use a more familiar FQDN to mail server instead of centos-8.example.com
[root@centos-8 ~]# cat /var/named/example.com.zone $TTL 1D @ IN SOA example.com root ( 4 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS localhost localhost IN A 127.0.0.1 ; Host Address example.com. IN A 192.168.0.10 centos-8 IN A 192.168.0.10 rhel-8 IN A 192.168.0.11 ; Mail Server example.com. IN MX 10 192.168.0.10 ; CNAME mail IN CNAME centos-8.example.com.
And my sample reverse zone file. Similar to my forward zone file I have defined my CNAME and MX record address.
[root@centos-8 ~]# cat /var/named/example.com.rzone
$TTL 1D
@ IN SOA example.com. root.example.com. (
20191116 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS localhost.
10 IN PTR centos-8.example.com.
10 IN PTR mail.example.com.
11 IN PTR rhel-8.example.com.
Make sure you verify your zone configuration files before you restart the named-chroot service
[root@centos-8 ~]# systemctl restart named-chroot.service
Verify DNS Server configuration
Make sure your DNS server is working properly to configure postfix mail server, which you can do by performing host lookup. You need bind-utils
rpm to be able to use nslookup which you can install using yum
.
[root@centos-8 ~]# nslookup mail.example.com
Server: 192.168.0.10
Address: 192.168.0.10#53
mail.example.com canonical name = centos-8.example.com.
Name: centos-8.example.com
Address: 192.168.0.10
Using host command we can query the mail server (MX record)
[root@centos-8 ~]# host -t mx example.com
example.com mail is handled by 10 192.168.0.10.example.com.
Configure Postfix Mail Server (CentOS/RHEL 7/8)
Now we are done with all the pre-requisites. It is time we configure postfix mail server. Several steps are necessary to configure the Postfix server.The basic steps involved in this process are
- Edit the
master.cf file
- Determine local mail delivery method.
- Edit the
main.cf
file. - Create an aliases table.
- Start and test Postfix.
- Create a boot script to start Postfix.
- Create any user-defined files.
We will distribute these tasks in different articles or else this will become a long boring article. let us try to have and configure postfix mail server (basic).
Install Postfix rpm
First thing first, to configure postfix mail server we need the main ingredient which is postfix rpm. By default postfix is installed with most of the CentOS/RHEL 7/8 software group but if not you can install it using yum
[root@centos-8 ~]# yum -y install postfix
Postfix RPM installation automatically perform the following actions:
- Create a new system user named
postfix
- Create a new system group named
postfix
- Create the
/etc/postfix
and/var/spool/postfix
directories - Create all Postfix message queue directories
- Create a default Postfix configuration file
- Create a default Postfix aliases database
Configure master.cf file
The Postfix master daemon launches all of the other Postfix services as they are needed. The various services, and how they are run, are specified in the master.cf file.
To configure postfix mail server (a basic SMTP Server) we do not need to do any modification in this file at this moment.
For more details on individual parameters and sections inside master.cf file you can refer Postfix: The Definitve Guide and Postfix Mail Server
Configure main.cf
Similar to sendmail, Postfix uses a configuration file to define its operational behaviour. What's different about the Postfix configuration file is that instead of using cryptic codes, or needing to be compiled, it uses plain text and common-sense descriptions for parameter names and values.
The global Postfix configuration file is called main.cf
. It is located in the Postfix configuration directory, which by default is /etc/postfix
.
It is important that you take a backup of your existing main.cf
file
[root@centos-8 ~]# cp /etc/postfix/main.cf /etc/postfix/main.cf.BAK
Now this file contains multiple parameters but we need to work only on limited directives to configure postfix mail server in this article, so I will only concentrate on these directives:
Modify inet_interfaces
The inet_interfaces
is used to dictate on which network card the SMTP mail server will listen. It is by default set to "localhost
" so it means by default postfix mail server will only listen to all traffic coming on loopback address. Now this does not makes any sense if you are going to use this mail server on the domain environment. Now if you are going to use this SMTP mail server only on local machine to deliver mail from crontab
jobs to root or specific users then that is fine but if you wish to use SMTP mail server in domain environment then we need to change this.
We will use all, to use all the addresses that are available on our SMTP mail server machine
inet_interfaces = all
$myhostname
. Make sure you also define this variable in the file when you configure postfix mail server.
myhostname = centos-8.example.com
Modify mydomain
Next we need to set the local domain-name of the mail server. For example, if our mailserver's FQDN is mailserver.example.com
and this mailserver
is responsible for delivering mail for the whole private example.com
domain, the domain name will be example.com
mydomain = example.com
myhostname
instead of domain name.
Modify myorigin
The myorigin
parameter defines the format of the origin address for all messages sent by the Postfix system. By default, the myorigin
parameter will assume the value of the myhostname
parameter.
If myorigin
is set to myhostname
then any message delivered will contain FQDN of the localhost. So if a user deepak
sends mail from centos-8.example.com
then his address in "From:
" section would look like "deepak@centos-8.example.com
" but if you set myorigin
to mydomain
which is example.com
in our case, the "From:
" section would be "deepak@example.com
"
So we will use myorigin
as domain name
myorigin = $mydomain
Define myhostname
The myhostname
parameter specifies the fully qualified domain name (FQDN) of the mail server. This address will be used as the default address for all local users, unless specified otherwise by the mail administrator.
myhostname = centos-8.example.com
Modify mydestination
The mydestination
parameter defines what hostnames the Postfix server accepts messages for as the final destination. This parameter applies only to the main hostname and aliases for the local system and should not include virtual domains for other hosts.
The mydestination
parameter often supports hosts that may have DNS names other than the normal hostname assigned to it. For example, we have added a CNAME record for mail.example.com
. The mydestination
parameter can be configured as:
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain
This allows the Postfix server to accept messages for addresses in the following formats:
webmaster webmaster@centos-8.example.com webmaster@example.com webmaster@mail.example.com
Messages sent to any of the four addresses are accepted and delivered to the Webmaster user on the local Postfix server.
Modify mynetworks
The mynetworks
parameter is used to control which SMTP clients Postfix will relay mail for. By default, Postfix will relay mail from any client whose IP address matches the settings in the mynetworks
parameter.
The mynetworks
parameter contains a list of IP network addresses, along with subnet values, to specify alternative network restrictions on SMTP clients. The format of the mynetworks
parameter is
mynetworks = ipaddress1, ipaddress2, ...
where ipaddress1
and ipaddress2
represent IP address network values
Here, I have provided the value of my subnet
mynetworks = 192.168.0.0/24, 127.0.0.0/8
This restricts clients that can use the Postfix server as an SMTP relay host.
Modify relayhost
The relayhost
parameter defines Postfix SMTP relay host. There are two formats of the relayhost
parameter:
relay_host = gateway.my.domain relay_host = [an.ip.add.ress]
The first format identifies a SMTP relay host mail server by its DNS name. Postfix forwards all outbound mail messages to this host. The second format identifies the relay host by its numeric IP address. You should use the second format for Postfix servers that use dial-up connections to the relay host. Since the Postfix server is not connected to the Internet full time to resolve the relay host DNS name, it is best to refer to it using the IP address. This prevents problems in mail delivery due to DNS errors. In our case we use Postfix MTA as SMTP relay host.
relayhost = [centos-8.example.com]
Modify home_mailbox and mail_spool_directory
The home_mailbox
parameter can define where Postfix delivers messages to local mail users. Postfix can use three different delivery styles:
- sendmail-style:
/var/spool/mail
mailboxes - Individual:
$HOME/Mailbox
files - qmail-style:
$HOME/Maildir
directories
By default, Postfix delivers messages to the standard system mailbox directory. On most Linux systems this is the /var/spool/mail
directory.
home_mailbox = Maildir/ mail_spool_directory = /var/spool/mail
Now these configuration modifications are enough to configure postfix mail server (basic). Here I have not implemented any security related directives, I will cover them in upcoming articles.
Configure Postfix SMTP Relay (Client)
I will configure rhel-8.example.com
as my client which will use our Postfix SMTP relay server centos-8.example.com
to send emails.
Install postfix and sendmail
We will use postfix as the main configuration file although we plan to use come client tools to send the mail which requires sendmail rpm to be installed.
[root@rhel-8 ~]# yum -y install postfix
Install some more tools which we will need in this article
[root@rhel-8 ~]# yum -y install bind-utils telnet mailx sendmail
We need nslookup
tool to verify our client DNS configuration which is provided by bind-utils
telnet
will be used to make sure our SMTP port 25 is reachable
mailx
and sendmail
will be used as client software to send mails to remote server
Configure client DNS (update /etc/resolv.conf)
Now on our primary DNS server we had already defined an A and PTR record for rhel-8.example.com
so on the client node we just need to update /etc/resolv.conf
[root@rhel-8 ~]# cat /etc/resolv.conf # Generated by NetworkManager search example.com nameserver 192.168.0.10
Here 192.168.0.10 is the IP Address of our DNS Server
Verify the DNS server configuration
We will perform few DNS lookup to make sure the DNS server is reachable
[root@rhel-8 ~]# nslookup rhel-8
Server: 192.168.0.10
Address: 192.168.0.10#53
Name: rhel-8.example.com
Address: 192.168.0.11
[root@rhel-8 ~]# host -t mx mail.example.com
mail.example.com is an alias for centos-8.example.com.
So our A and MX record are working properly.
Configure /etc/postfix/main.cf
Now we must configure and modify certain values in our postfix main.cf to be able to send mails using SMTP relay server
Modify inet_interfaces
Similar to our SMTP Mail Server we will modify inet_interfaces
value to all
inet_interfaces = all
Modify relayhost
We will use our Postfix mail server as SMTP relay host, so we will give our postfix mail server FQDN in the relayhost
relayhost = [centos-8.example.com]
Modify mynetworks
On the client node we can add the loopback address for mynetworks
directive
mynetworks = 127.0.0.0/8
Modify mydestination
Again this directive can be null for the client side postfix main.cf
mydestination =
These are the directives we will modify for our client side postfix configuration to configure postfix mail server.
firewalld
and selinux
config. You can add SMTP rule to your firewalld
once your configuration is working properly# firewall-cmd --permanent --add-service=smtp && firewall-cmd --reload
Next start your postfix service on client node
[root@rhel-8 ~]# systemctl start postfix
You can use telnet to make sure port 25 is reachable
[root@rhel-8 ~]# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 rhel-8.example.com ESMTP Postfix
QUIT
221 2.0.0 Bye
Connection closed by foreign host.
How to check SMTP server configuration in Linux
There are different mail clients available such as mutt, mail etc. You can use SWAKS (Swiss Army Knife SMTP) to check SMTP server configuration in Linux. Once we configure postfix mail server, the next step would be to check SMTP server configuration and make sure the mails are sent and delivered successfully.
We install SWAKS on our RHEL 8 host which was our client. Now SWAKS is not available on the RHEL repo so you must install EPEL repo. Next install SWAKS using yum
[root@rhel-8 ~]# yum install swaks
So on our node we have below version of swaks installed to check SMTP server configuration
[root@rhel-8 ~]# rpm -q swaks swaks-20181104.0-5.el8.noarch
Now, to check SMTP server configuration using the standard SMTP mail port 25, with our Postfix server running on the IP address 192.168.0.10, we are sending a mail remotely to a Linux system user deepak
which has a system user account on our Postfix server:
[root@rhel-8 ~]# swaks --server 192.168.0.10 --to deepak@centos-8.example.com
=== Trying 192.168.0.10:25...
=== Connected to 192.168.0.10.
<- 220 centos-8.example.com ESMTP Postfix -> EHLO rhel-8.example.com
<- 250-centos-8.example.com
<- 250-PIPELINING
<- 250-SIZE 10240000
<- 250-VRFY
<- 250-ETRN
<- 250-STARTTLS
<- 250-ENHANCEDSTATUSCODES
<- 250-8BITMIME
<- 250-DSN
<- 250 SMTPUTF8 -> MAIL FROM:<root@rhel-8.example.com>
<- 250 2.1.0 Ok -> RCPT TO:<deepak@centos-8.example.com>
<- 250 2.1.5 Ok -> DATA
<- 354 End data with .
-> Date: Mon, 18 Nov 2019 12:34:01 +0530
-> To: deepak@centos-8.example.com
-> From: root@rhel-8.example.com
-> Subject: test Mon, 18 Nov 2019 12:34:01 +0530
-> Message-Id: <20191118123401.008780@rhel-8.example.com>
-> X-Mailer: swaks v20181104.0 jetmore.org/john/code/swaks/
->
-> This is a test mailing
->
->
-> .
<- 250 2.0.0 Ok: queued as 9DF4E6027A -> QUIT
<- 221 2.0.0 Bye
=== Connection closed with remote host.
Swaks creates output which should give us a hint if the mail transport has been successful.
You can also test that the last command has been executed successful by logging in as user deepak
on the Postfix server, then checking and reading your local mailbox's inbox, which should contain a file with the test mail sent from the swaks tool (the filename will be different on your computer), as follows:
[deepak@centos-8 ~]$ cat Maildir/new/1574061098.Vfd00Ia1558M372782.centos-8.example.com
Return-Path: <root@rhel-8.example.com>
X-Original-To: deepak@centos-8.example.com
Delivered-To: deepak@centos-8.example.com
Received: from rhel-8.example.com (rhel-8.example.com [192.168.0.11])
by centos-8.example.com (Postfix) with ESMTP id 524DD602C2
for <deepak@centos-8.example.com>; Mon, 18 Nov 2019 12:41:38 +0530 (IST)
Date: Mon, 18 Nov 2019 12:41:38 +0530
To: deepak@centos-8.example.com
From: root@rhel-8.example.com
Subject: test Mon, 18 Nov 2019 12:41:38 +0530
Message-Id: <20191118124138.008795@rhel-8.example.com>
X-Mailer: swaks v20181104.0 jetmore.org/john/code/swaks/
This is a test mailing
For every mail you send using sendmail, you should be able to see some new lines appearing in the /var/log/maillog
file, which contains status information and other important logging text for the mail.
If you sent a message from root to the user deepak and the FQDN of your server is rhel-8.example.com, new output lines appended to the log file should contain amongst other things a from=<root@rhel-8.example.com>
, a to=<deepak@centos-8.example.com>
and if delivered successfully, a status=sent
information. If no such logging information shows up, check the status of the Postfix service.
For example, we will send a dummy mail from root user@rhel-8.example.com
to deepak@centos-8.example.com
[root@rhel-8 ~]# mail -s test message deepak@centos-8.example.com <. Null message body; hope that's ok
For this we had below log entry in /var/log/maillog
on rhel-8.example.com
Nov 18 12:53:13 rhel-8 sendmail[8849]: xAI7NDhe008849: from=root, size=240, class=0, nrcpts=2, msgid=<201911180723.xAI7NDhe008849@rhel-8.example.com>, relay=root@localhost Nov 18 12:53:13 rhel-8 postfix/smtpd[8831]: connect from localhost[127.0.0.1] Nov 18 12:53:13 rhel-8 sendmail[8849]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256 Nov 18 12:53:13 rhel-8 postfix/smtpd[8831]: 684EE20B88: client=localhost[127.0.0.1] Nov 18 12:53:13 rhel-8 postfix/cleanup[8834]: 684EE20B88: message-id=<201911180723.xAI7NDhe008849@rhel-8.example.com> Nov 18 12:53:13 rhel-8 postfix/qmgr[6230]: 684EE20B88: from=<root@rhel-8.example.com>, size=661, nrcpt=2 (queue active) Nov 18 12:53:13 rhel-8 sendmail[8849]: xAI7NDhe008849: to=message,deepak@centos-8.example.com, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=60240, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as 684EE20B88) Nov 18 12:53:13 rhel-8 postfix/smtpd[8831]: disconnect from localhost[127.0.0.1] ehlo=2 starttls=1 mail=1 rcpt=2 data=1 quit=1 commands=8 Nov 18 12:53:13 rhel-8 postfix/smtp[8835]: 684EE20B88: to=<deepak@centos-8.example.com>, relay=centos-8.example.com[192.168.0.10]:25, delay=0.21, delays=0.06/0/0.11/0.03, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 94D62602FF) Nov 18 12:53:13 rhel-8 postfix/smtp[8835]: 684EE20B88: to=<message@rhel-8.example.com>, relay=centos-8.example.com[192.168.0.10]:25, delay=0.21, delays=0.06/0/0.11/0.03, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 94D62602FF) Nov 18 12:53:13 rhel-8 postfix/smtpd[8831]: connect from centos-8.example.com[192.168.0.10] Nov 18 12:53:13 rhel-8 postfix/qmgr[6230]: 684EE20B88: removed
You can check the same log file (/var/log/maillog
) on server side i.e. centos-8.example.com
Nov 18 12:53:13 centos-8 postfix/smtpd[17583]: connect from rhel-8.example.com[192.168.0.11] Nov 18 12:53:13 centos-8 postfix/smtpd[17583]: 94D62602FF: client=rhel-8.example.com[192.168.0.11] Nov 18 12:53:13 centos-8 postfix/cleanup[17586]: 94D62602FF: message-id=<201911180723.xAI7NDhe008849@rhel-8.example.com> Nov 18 12:53:13 centos-8 postfix/qmgr[17460]: 94D62602FF: from=<root@rhel-8.example.com>, size=835, nrcpt=2 (queue active) Nov 18 12:53:13 centos-8 postfix/local[17587]: 94D62602FF: to=<deepak@centos-8.example.com>, relay=local, delay=0.03, delays=0.02/0/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
How Postfix (MTA) Mail Server Works?
- The Postfix MTA service can receive incoming e-mails from mail clients or other remote MTA servers using the SMTP protocol.
- If an incoming e-mail is destinated for the MTA server's configured final destination domain (for example, a mail sent with the recipient address
deepak@example.com
is incoming to the example.com configured Postfix MTA server), it will deliver the mail to a local mailbox installed on the server (either in the filesystem or in a database system such as MariaDB). - If the incoming mail is not destinated for this server, it will be relayed (forwarded) to another MTA.
- Remember that this is all a Postfix server is capable of doing and nothing more: receiving incoming SMTP connections from mail clients or other MTAs, delivering mail to local mailboxes on the server, and forwarding mail to other MTAs using SMTP
- Contrary to common belief, Postfix cannot transfer the mails from its local mailboxes to the end users.
- Here we need another type of MTA called delivery agent, which uses different mail protocols, such as IMAP or POP3.
- If an incoming e-mail, sent from another computer in our network, has the same domain name in the recipient's e-mail address as our Postfix server has its FQDN in, then it gets delivered to the appropriate local mailbox defined by the recipient's part of the e-mail; all external e-mail addresses get relayed to an external MTA.
Lastly I hope the steps from the article to configure postfix mail server with SMTP relay server on RHEL/CentOS 7/8 was helpful. So, let me know your suggestions and feedback using the comment section.
Hello,
I got solution for restriction, below line added in main.cf file. Only those are able to send mail whose id added in access file and server IP in network table.
Thank you for sharing!
Hello,
I gone through above configuration, it is very helpful. I need some addition configuration need to do that is as per below.
I am configuring relay server, all application mail come to my relay and then it will forward to exchange.
1. Initially I want to block all IP, Only those IP able to send mail whom I allowed in configuration.
2. Only those mail or domain ID whom i allow.
3. Also want to restrict to no of mail sending (I want to define how many mails can send one server)
Help & Guide for above requirement.
I don’t have this postfix server anymore so I can’t help you now. I will try to setup a postfix relay server again and will try to see if I can test the requested config before I share a solution
Hi,
Thanks for that great lab.
i follows the instruction you gave and everything ok.
the client send mails to the server but it stuck at the queue and the logs shows nothing.
Can you please help?
There may be some configuration mistake or either the request is blocked in firewall. I am afraid without logs I can only assume the problem
Hi,
Server main.cf file
————————————-
myhostname = server.example.com
mydomain = example.com
myorigin = $myhostname
inet_interfaces = all
inet_protocols = ipv4
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain
mynetworks = 192.168.64.0/25, 192.168.64.0/24, 127.0.0.0/8
relayhost = [server.example.com]
home_mailbox = Maildir/
mail_spool_directory = /var/spool/mail
—————————————————–
Client main.cf
—————————————————-
inet_interfaces = all
inet_protocols = ipv4
mydestination =
mynetworks = 127.0.0.0/8
relayhost = [server.example.com]
—————————————————-
the firewall and selinux in off on all machines
The configuration looks correct. Is your DNS resolution working on client node i.e. nslookup server.example.com
Use “
journalctl -f
” on the server side for any logs (if no logs are generated then yes nothing is going to server)Use the same command on client to look out for logs (this should have some more information)
Are you able to send mails to localhost, I mean from one user on the server.example.com to another user on the same host?
Yes, The dns resolution is good on all machines.
No, iam not able to send mail locally between users in the same server.
Without logs it would hard to say what is the cause of the failure. You should first start first by checking the logs on the localhost on your server.example.com
Hi,
The guid is very nice. However using postconf for postfix is very usefully.
I hope you explain postconf.
Good luck. 🙂
Thank you for your feedback. I intentionally dropped postconf here as somehow with postconf you must be very familiar with the directives or else the config file may have wrong directives. I plan to use this in coming articles with its pros and cons. Thanks for the suggestion.