Table of Contents
Postfix is a Mail Transport Agent (MTA) responsible for the transfer of e-mails between mail servers using the SMTP protocol. In this article I will share the steps to configure postfix mail server and client using postfix SMTP relay along with some examples to check SMTP server check configuration and connection in CentOS/RHEl 7/8 Linux.
I have two Virtual Machines on Oracle VirtualBox installed on my Linux Server. We will use one of these VMs (
centos-8.example.com) to configure Postfix Mail Server and DNS Server while the other VM (
rhel-8.example.com) to act as client. I have verified these steps on CentOS/RHEL 8, but I assume the same steps would work on CentOS/RHEL 7. Please do let me know if you face any trouble while following these steps using the comment section below this article.
Below is my Postfix Mail Server (also my DNS Server)
Below is my Client Server
Why DNS Server is needed for SMTP Mail Server
- If you wish to configure postfix mail server for a single node where user’s can send mail locally to each other and you can receive email alerts for system activities on localhost then you do not need DNS Server for your SMTP Mail Server.
- A user deepak on a workstation
server1.example.comwill not be aware of user
server2.example.comwhich is where DNS server comes in.
- We use MX records in DNS servers as they provide mail-routing information. They specify mail exchangers for domains that is, the names of the mail hubs that handle all the mail for a domain name.
- So we configure postfix mail server which acts as MTA, this will act as SMTP relay host and can receive message from user
server1.example.comand transfer it to user
server2.example.comand vice versa.
- MTAs such as Postfix need a way to determine which host or hosts are the mail hubs for a domain. DNS MX records provide this information.
I have already written another article with detailed explanation and steps to configure BIND DNS Server in chroot environment in CentOS/RHEL 7 and 8 Linux. Additionally here we need to add some MX and CNAME records to our existing DNS forward and reverse zone files to configure postfix mail server.
Sample DNS Forward and Reverse Zone File on DNS Server
Below is my sample forward zone file. Here I am using a single mail server which is my localhost i.e.
centos-8.example.com. I have also defined a CNAME record so I can use a more familiar FQDN to mail server instead of
[root@centos-8 ~]# cat /var/named/example.com.zone $TTL 1D @ IN SOA example.com root ( 4 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS localhost localhost IN A 127.0.0.1 ; Host Address example.com. IN A 192.168.0.10 centos-8 IN A 192.168.0.10 rhel-8 IN A 192.168.0.11 ; Mail Server example.com. IN MX 10 192.168.0.10 ; CNAME mail IN CNAME centos-8.example.com.
And my sample reverse zone file. Similar to my forward zone file I have defined my CNAME and MX record address.
[root@centos-8 ~]# cat /var/named/example.com.rzone $TTL 1D @ IN SOA example.com. root.example.com. ( 20191116 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS localhost. 10 IN PTR centos-8.example.com. 10 IN PTR mail.example.com. 11 IN PTR rhel-8.example.com.
Make sure you verify your zone configuration files before you restart the named-chroot service
[root@centos-8 ~]# systemctl restart named-chroot.service
Verify DNS Server configuration
Make sure your DNS server is working properly to configure postfix mail server, which you can do by performing host lookup. You need
bind-utils rpm to be able to use nslookup which you can install using
[root@centos-8 ~]# nslookup mail.example.com Server: 192.168.0.10 Address: 192.168.0.10#53 mail.example.com canonical name = centos-8.example.com. Name: centos-8.example.com Address: 192.168.0.10
Using host command we can query the mail server (MX record)
[root@centos-8 ~]# host -t mx example.com example.com mail is handled by 10 192.168.0.10.example.com.
Make sure port 25 is reachable as by default our postfix mail server will use port 25
[root@centos-8 ~]# telnet localhost 25 Trying ::1... Connected to localhost. Escape character is '^]'. 220 centos-8.example.com ESMTP Postfix QUIT 221 2.0.0 Bye Connection closed by foreign host.
Configure Postfix Mail Server (CentOS/RHEL 7/8)
Now we are done with all the pre-requisites. It is time we configure postfix mail server. Several steps are necessary to configure the Postfix server.The basic steps involved in this process are
- Edit the
- Determine local mail delivery method.
- Edit the
- Create an aliases table.
- Start and test Postfix.
- Create a boot script to start Postfix.
- Create any user-defined files.
We will distribute these tasks in different articles or else this will become a long boring article. let us try to have and configure postfix mail server (basic).
Install Postfix rpm
First thing first, to configure postfix mail server we need the main ingredient which is postfix rpm. By default postfix is installed with most of the CentOS/RHEL 7/8 software group but if not you can install it using yum
[root@centos-8 ~]# yum -y install postfix
Postfix RPM installation automatically perform the following actions:
- Create a new system user named
- Create a new system group named
- Create the
- Create all Postfix message queue directories
- Create a default Postfix configuration file
- Create a default Postfix aliases database
Configure master.cf file
The Postfix master daemon launches all of the other Postfix services as they are needed. The various services, and how they are run, are specified in the master.cf file.
To configure postfix mail server (a basic SMTP Server) we do not need to do any modification in this file at this moment.
Similar to sendmail, Postfix uses a configuration file to define its operational behaviour. What’s different about the Postfix configuration file is that instead of using cryptic codes, or needing to be compiled, it uses plain text and common-sense descriptions for parameter names and values.
The global Postfix configuration file is called
main.cf. It is located in the Postfix configuration directory, which by default is
It is important that you take a backup of your existing
[root@centos-8 ~]# cp /etc/postfix/main.cf /etc/postfix/main.cf.BAK
Now this file contains multiple parameters but we need to work only on limited directives to configure postfix mail server in this article, so I will only concentrate on these directives:
inet_interfaces is used to dictate on which network card the SMTP mail server will listen. It is by default set to “
localhost” so it means by default postfix mail server will only listen to all traffic coming on loopback address. Now this does not makes any sense if you are going to use this mail server on the domain environment. Now if you are going to use this SMTP mail server only on local machine to deliver mail from
crontab jobs to root or specific users then that is fine but if you wish to use SMTP mail server in domain environment then we need to change this.
We will use all, to use all the addresses that are available on our SMTP mail server machine
inet_interfaces = all
$myhostname. Make sure you also define this variable in the file when you configure postfix mail server.
myhostname = centos-8.example.com
Next we need to set the local domain-name of the mail server. For example, if our mailserver’s FQDN is
mailserver.example.com and this
mailserver is responsible for delivering mail for the whole private
example.com domain, the domain name will be example.com
mydomain = example.com
myhostnameinstead of domain name.
myorigin parameter defines the format of the origin address for all messages sent by the Postfix system. By default, the
myorigin parameter will assume the value of the
myorigin is set to
myhostname then any message delivered will contain FQDN of the localhost. So if a user
deepak sends mail from
centos-8.example.com then his address in “
From:” section would look like “
email@example.com” but if you set
mydomain which is
example.com in our case, the “
From:” section would be “
So we will use
myorigin as domain name
myorigin = $mydomain
myhostname parameter specifies the fully qualified domain name (FQDN) of the mail server. This address will be used as the default address for all local users, unless specified otherwise by the mail administrator.
myhostname = centos-8.example.com
mydestination parameter defines what hostnames the Postfix server accepts messages for as the final destination. This parameter applies only to the main hostname and aliases for the local system and should not include virtual domains for other hosts.
mydestination parameter often supports hosts that may have DNS names other than the normal hostname assigned to it. For example, we have added a CNAME record for
mydestination parameter can be configured as:
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain
This allows the Postfix server to accept messages for addresses in the following formats:
webmaster firstname.lastname@example.org email@example.com firstname.lastname@example.org
Messages sent to any of the four addresses are accepted and delivered to the Webmaster user on the local Postfix server.
mynetworks parameter is used to control which SMTP clients Postfix will relay mail for. By default, Postfix will relay mail from any client whose IP address matches the settings in the
mynetworks parameter contains a list of IP network addresses, along with subnet values, to specify alternative network restrictions on SMTP clients. The format of the
mynetworks parameter is
mynetworks = ipaddress1, ipaddress2, ...
ipaddress2 represent IP address network values
Here, I have provided the value of my subnet
mynetworks = 192.168.0.0/24, 127.0.0.0/8
This restricts clients that can use the Postfix server as an SMTP relay host.
relayhost parameter defines Postfix SMTP relay host. There are two formats of the
relay_host = gateway.my.domain relay_host = [an.ip.add.ress]
The first format identifies a SMTP relay host mail server by its DNS name. Postfix forwards all outbound mail messages to this host. The second format identifies the relay host by its numeric IP address. You should use the second format for Postfix servers that use dial-up connections to the relay host. Since the Postfix server is not connected to the Internet full time to resolve the relay host DNS name, it is best to refer to it using the IP address. This prevents problems in mail delivery due to DNS errors. In our case we use Postfix MTA as SMTP relay host.
relayhost = [centos-8.example.com]
Modify home_mailbox and mail_spool_directory
home_mailbox parameter can define where Postfix delivers messages to local mail users. Postfix can use three different delivery styles:
By default, Postfix delivers messages to the standard system mailbox directory. On most Linux systems this is the
home_mailbox = Maildir/ mail_spool_directory = /var/spool/mail
Now these configuration modifications are enough to configure postfix mail server (basic). Here I have not implemented any security related directives, I will cover them in upcoming articles.
Configure Postfix SMTP Relay (Client)
I will configure
rhel-8.example.com as my client which will use our Postfix SMTP relay server
centos-8.example.com to send emails.
Install postfix and sendmail
We will use postfix as the main configuration file although we plan to use come client tools to send the mail which requires sendmail rpm to be installed.
[root@rhel-8 ~]# yum -y install postfix
Install some more tools which we will need in this article
[root@rhel-8 ~]# yum -y install bind-utils telnet mailx sendmail
nslookup tool to verify our client DNS configuration which is provided by
telnet will be used to make sure our SMTP port 25 is reachable
sendmail will be used as client software to send mails to remote server
Configure client DNS (update /etc/resolv.conf)
Now on our primary DNS server we had already defined an A and PTR record for
rhel-8.example.com so on the client node we just need to update
[root@rhel-8 ~]# cat /etc/resolv.conf # Generated by NetworkManager search example.com nameserver 192.168.0.10
Here 192.168.0.10 is the IP Address of our DNS Server
Verify the DNS server configuration
We will perform few DNS lookup to make sure the DNS server is reachable
[root@rhel-8 ~]# nslookup rhel-8 Server: 192.168.0.10 Address: 192.168.0.10#53 Name: rhel-8.example.com Address: 192.168.0.11
[root@rhel-8 ~]# host -t mx mail.example.com mail.example.com is an alias for centos-8.example.com.
So our A and MX record are working properly.
Now we must configure and modify certain values in our postfix main.cf to be able to send mails using SMTP relay server
Similar to our SMTP Mail Server we will modify
inet_interfaces value to all
inet_interfaces = all
We will use our Postfix mail server as SMTP relay host, so we will give our postfix mail server FQDN in the
relayhost = [centos-8.example.com]
On the client node we can add the loopback address for
mynetworks = 127.0.0.0/8
Again this directive can be null for the client side postfix
These are the directives we will modify for our client side postfix configuration to configure postfix mail server.
selinuxconfig. You can add SMTP rule to your
firewalldonce your configuration is working properly
# firewall-cmd --permanent --add-service=smtp && firewall-cmd --reload
Next start your postfix service on client node
[root@rhel-8 ~]# systemctl start postfix
You can use telnet to make sure port 25 is reachable
[root@rhel-8 ~]# telnet localhost 25 Trying ::1... Connected to localhost. Escape character is '^]'. 220 rhel-8.example.com ESMTP Postfix QUIT 221 2.0.0 Bye Connection closed by foreign host.
How to check SMTP server configuration in Linux
You can use SWAKS (Swiss Army Knife SMTP) to check SMTP server configuration in Linux. Once we configure postfix mail server, the next step would be to check SMTP server configuration and make sure the mails are sent and delivered successfully.
[root@rhel-8 ~]# yum install swaks
So on our node we have below version of swaks installed to check SMTP server configuration
[root@rhel-8 ~]# rpm -q swaks swaks-20181104.0-5.el8.noarch
Now, to check SMTP server configuration using the standard SMTP mail port 25, with our Postfix server running on the IP address 192.168.0.10, we are sending a mail remotely to a Linux system user
deepak which has a system user account on our Postfix server:
[root@rhel-8 ~]# swaks --server 192.168.0.10 --to email@example.com === Trying 192.168.0.10:25... === Connected to 192.168.0.10. <- 220 centos-8.example.com ESMTP Postfix -> EHLO rhel-8.example.com <- 250-centos-8.example.com <- 250-PIPELINING <- 250-SIZE 10240000 <- 250-VRFY <- 250-ETRN <- 250-STARTTLS <- 250-ENHANCEDSTATUSCODES <- 250-8BITMIME <- 250-DSN <- 250 SMTPUTF8 -> MAIL FROM:<firstname.lastname@example.org> <- 250 2.1.0 Ok -> RCPT TO:<email@example.com> <- 250 2.1.5 Ok -> DATA <- 354 End data with . -> Date: Mon, 18 Nov 2019 12:34:01 +0530 -> To: firstname.lastname@example.org -> From: email@example.com -> Subject: test Mon, 18 Nov 2019 12:34:01 +0530 -> Message-Id: <firstname.lastname@example.org> -> X-Mailer: swaks v20181104.0 jetmore.org/john/code/swaks/ -> -> This is a test mailing -> -> -> . <- 250 2.0.0 Ok: queued as 9DF4E6027A -> QUIT <- 221 2.0.0 Bye === Connection closed with remote host.
Swaks creates output which should give us a hint if the mail transport has been successful.
You can also test that the last command has been executed successful by logging in as user
deepak on the Postfix server, then checking and reading your local mailbox’s inbox, which should contain a file with the test mail sent from the swaks tool (the filename will be different on your computer), as follows:
[deepak@centos-8 ~]$ cat Maildir/new/1574061098.Vfd00Ia1558M372782.centos-8.example.com Return-Path: <email@example.com> X-Original-To: firstname.lastname@example.org Delivered-To: email@example.com Received: from rhel-8.example.com (rhel-8.example.com [192.168.0.11]) by centos-8.example.com (Postfix) with ESMTP id 524DD602C2 for <firstname.lastname@example.org>; Mon, 18 Nov 2019 12:41:38 +0530 (IST) Date: Mon, 18 Nov 2019 12:41:38 +0530 To: email@example.com From: firstname.lastname@example.org Subject: test Mon, 18 Nov 2019 12:41:38 +0530 Message-Id: <email@example.com> X-Mailer: swaks v20181104.0 jetmore.org/john/code/swaks/ This is a test mailing
For every mail you send using sendmail, you should be able to see some new lines appearing in the
/var/log/maillog file, which contains status information and other important logging text for the mail.
If you sent a message from root to the user deepak and the FQDN of your server is rhel-8.example.com, new output lines appended to the log file should contain amongst other things a
to=<firstname.lastname@example.org> and if delivered successfully, a
status=sent information. If no such logging information shows up, check the status of the Postfix service.
For example, we will send a dummy mail from
root email@example.com to
[root@rhel-8 ~]# mail -s test message firstname.lastname@example.org <. Null message body; hope that's ok
For this we had below log entry in
Nov 18 12:53:13 rhel-8 sendmail: xAI7NDhe008849: from=root, size=240, class=0, nrcpts=2, msgid=<201911180723.xAI7NDhe008849@rhel-8.example.com>, relay=root@localhost Nov 18 12:53:13 rhel-8 postfix/smtpd: connect from localhost[127.0.0.1] Nov 18 12:53:13 rhel-8 sendmail: STARTTLS=client, relay=[127.0.0.1], version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256 Nov 18 12:53:13 rhel-8 postfix/smtpd: 684EE20B88: client=localhost[127.0.0.1] Nov 18 12:53:13 rhel-8 postfix/cleanup: 684EE20B88: message-id=<201911180723.xAI7NDhe008849@rhel-8.example.com> Nov 18 12:53:13 rhel-8 postfix/qmgr: 684EE20B88: from=<email@example.com>, size=661, nrcpt=2 (queue active) Nov 18 12:53:13 rhel-8 sendmail: xAI7NDhe008849: to=message,firstname.lastname@example.org, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=60240, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as 684EE20B88) Nov 18 12:53:13 rhel-8 postfix/smtpd: disconnect from localhost[127.0.0.1] ehlo=2 starttls=1 mail=1 rcpt=2 data=1 quit=1 commands=8 Nov 18 12:53:13 rhel-8 postfix/smtp: 684EE20B88: to=<email@example.com>, relay=centos-8.example.com[192.168.0.10]:25, delay=0.21, delays=0.06/0/0.11/0.03, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 94D62602FF) Nov 18 12:53:13 rhel-8 postfix/smtp: 684EE20B88: to=<firstname.lastname@example.org>, relay=centos-8.example.com[192.168.0.10]:25, delay=0.21, delays=0.06/0/0.11/0.03, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 94D62602FF) Nov 18 12:53:13 rhel-8 postfix/smtpd: connect from centos-8.example.com[192.168.0.10] Nov 18 12:53:13 rhel-8 postfix/qmgr: 684EE20B88: removed
You can check the same log file (
/var/log/maillog) on server side i.e.
Nov 18 12:53:13 centos-8 postfix/smtpd: connect from rhel-8.example.com[192.168.0.11] Nov 18 12:53:13 centos-8 postfix/smtpd: 94D62602FF: client=rhel-8.example.com[192.168.0.11] Nov 18 12:53:13 centos-8 postfix/cleanup: 94D62602FF: message-id=<201911180723.xAI7NDhe008849@rhel-8.example.com> Nov 18 12:53:13 centos-8 postfix/qmgr: 94D62602FF: from=<email@example.com>, size=835, nrcpt=2 (queue active) Nov 18 12:53:13 centos-8 postfix/local: 94D62602FF: to=<firstname.lastname@example.org>, relay=local, delay=0.03, delays=0.02/0/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
How Postfix (MTA) Mail Server Works?
- The Postfix MTA service can receive incoming e-mails from mail clients or other remote MTA servers using the SMTP protocol.
- If an incoming e-mail is destinated for the MTA server’s configured final destination domain (for example, a mail sent with the recipient address
email@example.com incoming to the example.com configured Postfix MTA server), it will deliver the mail to a local mailbox installed on the server (either in the filesystem or in a database system such as MariaDB).
- If the incoming mail is not destinated for this server, it will be relayed (forwarded) to another MTA.
- Remember that this is all a Postfix server is capable of doing and nothing more: receiving incoming SMTP connections from mail clients or other MTAs, delivering mail to local mailboxes on the server, and forwarding mail to other MTAs using SMTP
- Contrary to common belief, Postfix cannot transfer the mails from its local mailboxes to the end users.
- Here we need another type of MTA called delivery agent, which uses different mail protocols, such as IMAP or POP3.
- If an incoming e-mail, sent from another computer in our network, has the same domain name in the recipient’s e-mail address as our Postfix server has its FQDN in, then it gets delivered to the appropriate local mailbox defined by the recipient’s part of the e-mail; all external e-mail addresses get relayed to an external MTA.
Lastly I hope the steps from the article to configure postfix mail server with SMTP relay server on RHEL/CentOS 7/8 was helpful. So, let me know your suggestions and feedback using the comment section.