Changes

Jump to: navigation, search

Configuring a RHEL Postfix Email Server

17,651 bytes added, 20:31, 10 June 2019
Created page with "{{#pagetitle: Configuring a RHEL 8 Email Server }} <table border="0" cellspacing="0" width="100%"><tr> <td width="20%">Previous<td align="cent..."
{{#pagetitle: Configuring a RHEL 8 Email Server }}
<table border="0" cellspacing="0" width="100%"><tr>
<td width="20%">[[Setting Up a RHEL Web Server|Previous]]<td align="center">[[Red Hat Enterprise Linux Essentials|Table of Contents]]<td width="20%" align="right">[[Adding a New Disk Drive to a RHEL System|Next]]</td>
<tr>
<td width="20%">Setting Up a RHEL 8 Web Server<td align="center"><td width="20%" align="right">Adding a New Disk Drive to a RHEL 8 System</td>
</table>
<hr>


<htmlet>rhel8</htmlet>


Along with acting as a web server, email is one of the primary uses of a RHEL 8 system, particularly in business environments. Given both the importance and popularity of email it is surprising to some people to find out how complex the email structure is on a Linux system and this complexity can often be a little overwhelming to the RHEL 8 newcomer.

The good news is that much of the complexity is there to allow experienced email administrators to implement complicated configurations for large scale enterprise installations. The fact is, for most Linux administrators it is relatively straight forward to set up a basic email system so that users can send and receive electronic mail.

In this chapter of RHEL 8 Essentials, we will explain the basics of Linux-based email configuration and step through configuring a basic email environment. In the interests of providing the essentials, we will leave the complexities of the email system for more advanced books on the subject.

== The structure of the Email System ==

There are a number of components that make up a complete email system. Below is a brief description of each one:

=== Mail User Agent ===

This is the part of the system that the typical user is likely to be most familiar with. The Mail User Agent (MUA), or mail client, is the application that is used to write, send and read email messages. Anyone who has written and sent a message on any computer has used a Mail User Agent of one type or another.

Typical Graphical MUA’s on Linux are Evolution, Thunderbird and KMail. For those who prefer a text based mail client, there are also the more traditional ''pine'' and ''mail'' tools.

=== Mail Transfer Agent ===

The Mail Transfer Agent (MTA) is the part of the email system that does much of the work of transferring the email messages from one computer to another (either on the same local network or over the internet to a remote system). Once configured correctly, most users will not have any direct interaction with their chosen MTA unless they wish to re-configure it for any reason. There are many choices of MTA available for Linux including sendmail, Postfix, Fetchmail, Qmail and Exim.

=== Mail Delivery Agent ===

Another part of the infrastructure that is typically hidden from the user, the Mail Delivery Agent (MDA) sits in the background and performs filtering of the email messages between the Mail Transfer Agent and the mail client (MUA). The most popular form of MDA is a spam filter to remove all the unwanted email messages from the system before they reach the inbox of the user’s mail client (MUA). Popular MDAs are Spamassassin and Procmail. It is important to note that some Mail User Agent applications (such as Evolution, Thunderbird and KMail) include their own MDA filtering. Others, such as Pine and Basla, do not. This can be a source of confusion to the Linux beginner.

=== SMTP ===

SMTP is an acronym for Simple Mail Transport Protocol. This is the protocol used by the email systems to transfer mail messages from one server to another. This protocol is essentially the communications language that the MTAs use to talk to each other and transfer messages back and forth.

=== SMTP Relay ===

SMTP Relay is a protocol that allows an external SMTP server to be used to send emails instead of hosting a local SMTP server. This will typically involve using a service such as MailJet, SendGrid or MailGun. These services avoid the necessity to configure and maintain your own SMTP server and often provide additional benefits such as analytics.

== Configuring a RHEL 8 Email Server ==

Many systems use the Sendmail MTA to transfer email messages and on many Linux distributions this is the default Mail Transfer Agent. Sendmail is, however, a complex system that can be difficult for beginner and experienced user alike to understand and configure. It is also falling from favor because it is considered to be slower at processing email messages than many of the more recent MTAs available.

Many system administrators are now using Postfix or Qmail to handle email. Both are faster and easier to configure than Sendmail.

For the purposes of this chapter, therefore, we will look at Postfix as an MTA because of its simplicity and popularity. If you would prefer to use Sendmail there are many books that specialize in the subject and that will do the subject much more justice than we can in this chapter.

As a first step, this chapter will cover the configuration of a RHEL 8 system to act as a full email server. Later in the chapter, the steps to make use of an SMTP Relay service will also be covered.

== Postfix Pre-Installation Steps ==

The first step before installing Postfix is to make sure that Sendmail is not already running on your system. You can check for this using the following command:

<pre>
# systemctl status sendmail
</pre>

If sendmail is not installed, the tool will display a message similar to the following:

<pre>
Unit sendmail.service could not be found.
</pre>

If sendmail is running on your system it is necessary to stop it before installing and configuring Postfix. To stop sendmail, run the following command:

<pre>
# systemctl stop sendmail
</pre>

The next step is to ensure that sendmail does not get restarted automatically when the system is rebooted:

<pre>
# systemctl disable sendmail
</pre>

Sendmail is now switched off and configured so that it does not auto start when the system is booted. Optionally, to completely remove sendmail from the system, run the following command:

<pre>
# dnf remove sendmail
</pre>

== Firewall/Router Configuration ==

Since the sending and receiving of email messages involves network connections, the ''firewall-cmd'' tool will need to be used to add the ''smtp'' service to the firewall as follows:

<pre>
# firewall-cmd --permanent --add-service=smtp
</pre>

It will also be important to configure any other firewall or router between the server and the internet to allow connections on port 25, 143 and 587 and, if necessary, to configure port forwarding for those ports to the corresponding ports on the email server.

With these initial steps completed, we can now move on to installing Postfix.

== Installing Postfix on RHEL 8 ==

By default, the RHEL 8 installation process installs postfix for most configurations. To verify if postfix is already installed, use the following ''rpm'' command:

<pre>
# rpm -q postfix
</pre>

If ''rpm'' reports that postfix is not installed, it may be installed as follows:

<pre>
# dnf install postfix
</pre>

The ''dnf'' tool will download and install postfix, and configure a special postfix user in the ''/etc/passwd'' file.

== Configuring Postfix ==

The main configuration settings for postfix are located in the ''/etc/postfix/''''''''main.cf'' file. There are many resources on the internet that provide detailed information on postfix so this section will focus on the basic options required to get email up and running.

The key options in the ''main.cf'' file are:

<pre>
myhostname = mta1.domain.com
mydomain = domain.com
myorigin = $mydomain
mydestination = mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
inet_interfaces = $myhostname
mynetworks = subnet
</pre>

Other settings will have either been set up for you by the installation process or are not needed unless you are feeling adventurous and want to configure a more sophisticated email system.

The format of ''myhostname'' is ''host.domain.extension''. If, for example, your Linux system is named MyLinuxHost and your internet domain is MyDomain.com you would set the myhostname option as follows:

<pre>
myhostname = mylinuxhost.mydomain.com
</pre>

The ''mydomain'' setting is just the domain part of the above setting. For example:

<pre>
mydomain = mydomain.com
</pre>

The ''myorigin'' setting defines the name of the domain from which output email appears to come from when it arrives in the recipient’s inbox and should be set to your domain name:

<pre>
myorigin = $mydomain
</pre>

Perhaps one of the most crucial parameters, ''mydestination'' relates to incoming messages and declares the domains for which this server is the final delivery destination. Any incoming email messages addressed to a domain name not on this list will be considered a relay request which, subject to the ''mynetworks'' setting (outlined below), will typically result in a delivery failure.

The ''inet_interfaces'' setting defines the network interfaces on the system via which postfix is permitted to receive email and is generally set to ''all:''

<pre>
inet_interfaces = all
</pre>

The ''mynetworks'' setting defines which external systems are trusted to use the server as an SMTP relay. Possible values for this setting are as follows:

* '''host''' - Only the local system is trusted. Attempts by all external clients to use the server as a relay will be rejected.

* '''subnet''' - Only systems on the same network subnet are permitted to use the server as a relay. If, for example, the server has an IP address of 192.168.1.29, a client system with an IP address of 192.168.1.30 would be able to use the server as a relay.

* '''class''' - Any systems within the same IP address class (A, B and C) may use the server as a relay.

Trusted IP addresses may also be defined manually by specifying subnets, address ranges or referencing pattern files. The following example declares the local host and the subnet 192.168.0.0 as trusted IP addresses.

<pre>
mynetworks = 192.168.0.0/24, 127.0.0.0/8
</pre>

For this example, set the property to ''subnet'' so that any other systems on the same local network as the server are able to send email via SMTP relay while external systems are prevented from doing so.

<pre>
mynetworks = subnet
</pre>

== Configuring DNS MX Records ==

When you registered and configured your domain name with a registrar, a number of default values will have been configured in the DNS settings. One of these is the so-called ''Mail Exchanger (MX)'' record. This record essentially defines where email addressed to your domain should be sent and is usually set by default to a mail server provided by your registrar. If you are hosting your own mail server, the MX record should be set to your domain or the address of your mail server. The steps on how to make this change will depend on your domain registrar but generally involves editing the DNS information for the domain and either adding or editing an existing MX record to so that it points to your email server.

== Starting Postfix on a RHEL 8 System ==

Once the ''/etc/postfix/main.cf'' file is configured with the correct settings it is now time to start up postfix. This can be achieved from the command-line as follows:

<pre>
# systemctl start postfix
</pre>

To configure postfix to start automatically at system startup, run the following command:

<pre>
# systemctl enable postfix
</pre>

The postfix process should now start up. The best way to verify that everything is working is to check your mail log. This is typically in the ''/var/log/maillog'' file and should now contain an entry resembling the following output:

<pre>
Mar 25 11:21:48 rhel8-pc postfix/postfix-script[5377]: starting the Postfix mail system
Mar 25 11:21:48 rhel8-pc postfix/master[5379]: daemon started -- version 3.3.1, configuration /etc/postfix
</pre>

As long as no error messages have been logged, you have successfully installed and started postfix and are ready to test the postfix configuration.

== Testing Postfix ==

An easy way to test the postfix configuration is to send an email message between local users on the system. To perform a quick test, use the ''mail'' tool as follows (where ''name'' and ''mydomain'' are replaced by the name of user on the system and your domain name respectively):

<pre>
# mail [email protected]
</pre>

When prompted, enter a subject for the email message and then enter message body text. To send the email message, simply press Ctrl-D. For example:

<pre>
# mail [email protected]
Subject: Test email message
This is a test message.
EOT
</pre>

Run the ''mail'' command again, this time as the other user and verify that the message was send and received:

<pre>
$ mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
&quot;/var/spool/mail/neilsmyth&quot;: 1 message 1 new
&gt;N 1 root Mon Mar 25 13:36 18/625 &quot;Test email message&quot;
&amp;
</pre>

If the message does not appear, check the log file (''/var/log/maillog'') for errors. A successful mail delivery will appear in the log file as follows:

<pre>
Mar 25 13:41:37 rhel8-pc postfix/pickup[7153]: 94FAF61E8F4A: uid=0 from=&lt;root&gt;
Mar 25 13:41:37 rhel8-pc postfix/cleanup[7498]: 94FAF61E8F4A: message-id=&lt;[email protected]&gt;
Mar 25 13:41:37 rhel8-pc postfix/qmgr[7154]: 94FAF61E8F4A: from=&lt;[email protected]&gt;, size=450, nrcpt=1 (queue active)
Mar 25 13:41:37 rhel8-pc postfix/local[7500]: 94FAF61E8F4A: to=&lt;[email protected]&gt;, relay=local, delay=0.12, delays=0.09/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox)
Mar 25 13:41:37 rhel8-pc postfix/qmgr[7154]: 94FAF61E8F4A: removed
</pre>

Once local email is working, try sending an email to an external address (such as a GMail account), Also, test that incoming mail works by sending an email from an external account to a user on your domain. In each case, check the ''/var/log/maillog'' file for explanations of any errors.

== Sending Mail via an SMTP Relay Server ==

An alternative to configuring a mail server to handle outgoing email messages is to use an SMTP Relay service. As previously discussed, a number of services are available, most of which can be found by performing a web search for “SMTP Relay Service”. Most of these services will require you to verify your domain in some way and will provide MX records with which to update your DNS settings. You will also be provided with a username and password which need to be added to the postfix configuration. The remainder of this section makes the assumption that postfix is already installed on your system and that all of the initial steps required by your chosen SMTP Relay provider have been completed.

Begin by editing the ''/etc/postfix/main.cf'' file and configuring the ''myhostname'' parameter with your domain name:

<pre>
myhostname = mydomain.com
</pre>

Next, create a new file in ''/etc/postfix'' named ''sasl_passwd'' and add a line containing the mail server host provided by the relay service and the user name and password. For example:

<pre>
[smtp.myprovider.com]:587 [email protected]:mypassword
</pre>

Note that port 587 has also been specified in the above entry. Without this setting, postfix will default to using port 25 which is blocked by default by most SMTP relay service providers.

With the password file created, use the ''postmap'' utility to generate the hash database containing the mail credentials:

<pre>
# postmap /etc/postfix/sasl_passwd
</pre>

Before proceeding, take some additional steps to secure your postfix credentials:

<pre>
# chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
# chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
</pre>

Edit the ''main.cf'' file once again and add an entry to specify the relay server:

<pre>
relayhost = [smtp.myprovider.com]:587
</pre>

Remaining within the ''main.cf'' file, add the following lines to configure the authentication settings for the SMTP server:

<pre>
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
</pre>

Finally, restart the postfix service:

<pre>
# systemctl restart postfix
</pre>

Once the service has restarted, try sending and receiving mail using either the ''mail'' tool or your preferred mail client.

== Summary ==

A complete, end-to-end email system consists of a Mail User Agent (MUA), Mail Transfer Agent (MTA), Mail Delivery Agent (MDA) and the SMTP protocol. RHEL 8 provides a number of options in terms of MTA solutions, one of the more popular being Postfix. This chapter has outlined how to install, configure and test postfix on a RHEL 8 system both to act as a mail server and to send and receive email using a third party SMTP relay server.


<htmlet>rhel8</htmlet>


<hr>
<table border="0" cellspacing="0" width="100%"><tr>
<td width="20%">[[Setting Up a RHEL Web Server|Previous]]<td align="center">[[Red Hat Enterprise Linux Essentials|Table of Contents]]<td width="20%" align="right">[[Adding a New Disk Drive to a RHEL System|Next]]</td>
<tr>
<td width="20%">Setting Up a RHEL 8 Web Server<td align="center"><td width="20%" align="right">Adding a New Disk Drive to a RHEL 8 System</td>
</table>

Navigation menu