Configuring a RHEL 8 Postfix Email Server
Previous | Table of Contents | Next |
Setting Up a RHEL 8 Web Server | Adding a New Disk Drive to a RHEL 8 System |
You are reading a sample chapter from the Red Hat Enterprise Linux 8 (RHEL 8) Essentials book. Purchase a full copy of Red Hat Enterprise Linux 8 (RHEL 8) Essentials in eBook ($9.99) or Print ($36.99) format Red Hat Enterprise Linux 8 Essentials Print and eBook (ePub/PDF/Kindle) editions contain 31 chapters and over 250 pages |
Along with acting as a web server, email is one of the primary uses of a RHEL 8 system, particularly in business environments. Given both the importance and popularity of email it is surprising to some people to find out how complex the email structure is on a Linux system and this complexity can often be a little overwhelming to the RHEL 8 newcomer.
The good news is that much of the complexity is there to allow experienced email administrators to implement complicated configurations for large scale enterprise installations. The fact is, for most Linux administrators it is relatively straight forward to set up a basic email system so that users can send and receive electronic mail.
In this chapter of RHEL 8 Essentials, we will explain the basics of Linux-based email configuration and step through configuring a basic email environment. In the interests of providing the essentials, we will leave the complexities of the email system for more advanced books on the subject.
The structure of the Email System
There are a number of components that make up a complete email system. Below is a brief description of each one:
Mail User Agent
This is the part of the system that the typical user is likely to be most familiar with. The Mail User Agent (MUA), or mail client, is the application that is used to write, send and read email messages. Anyone who has written and sent a message on any computer has used a Mail User Agent of one type or another.
Typical Graphical MUA’s on Linux are Evolution, Thunderbird and KMail. For those who prefer a text based mail client, there are also the more traditional pine and mail tools.
Mail Transfer Agent
The Mail Transfer Agent (MTA) is the part of the email system that does much of the work of transferring the email messages from one computer to another (either on the same local network or over the internet to a remote system). Once configured correctly, most users will not have any direct interaction with their chosen MTA unless they wish to re-configure it for any reason. There are many choices of MTA available for Linux including sendmail, Postfix, Fetchmail, Qmail and Exim.
Mail Delivery Agent
Another part of the infrastructure that is typically hidden from the user, the Mail Delivery Agent (MDA) sits in the background and performs filtering of the email messages between the Mail Transfer Agent and the mail client (MUA). The most popular form of MDA is a spam filter to remove all the unwanted email messages from the system before they reach the inbox of the user’s mail client (MUA). Popular MDAs are Spamassassin and Procmail. It is important to note that some Mail User Agent applications (such as Evolution, Thunderbird and KMail) include their own MDA filtering. Others, such as Pine and Basla, do not. This can be a source of confusion to the Linux beginner.
SMTP
SMTP is an acronym for Simple Mail Transport Protocol. This is the protocol used by the email systems to transfer mail messages from one server to another. This protocol is essentially the communications language that the MTAs use to talk to each other and transfer messages back and forth.
SMTP Relay
SMTP Relay is a protocol that allows an external SMTP server to be used to send emails instead of hosting a local SMTP server. This will typically involve using a service such as MailJet, SendGrid or MailGun. These services avoid the necessity to configure and maintain your own SMTP server and often provide additional benefits such as analytics.
Configuring a RHEL 8 Email Server
Many systems use the Sendmail MTA to transfer email messages and on many Linux distributions this is the default Mail Transfer Agent. Sendmail is, however, a complex system that can be difficult for beginner and experienced user alike to understand and configure. It is also falling from favor because it is considered to be slower at processing email messages than many of the more recent MTAs available.
Many system administrators are now using Postfix or Qmail to handle email. Both are faster and easier to configure than Sendmail.
For the purposes of this chapter, therefore, we will look at Postfix as an MTA because of its simplicity and popularity. If you would prefer to use Sendmail there are many books that specialize in the subject and that will do the subject much more justice than we can in this chapter.
As a first step, this chapter will cover the configuration of a RHEL 8 system to act as a full email server. Later in the chapter, the steps to make use of an SMTP Relay service will also be covered.
Postfix Pre-Installation Steps
The first step before installing Postfix is to make sure that Sendmail is not already running on your system. You can check for this using the following command:
# systemctl status sendmail
If sendmail is not installed, the tool will display a message similar to the following:
Unit sendmail.service could not be found.
If sendmail is running on your system it is necessary to stop it before installing and configuring Postfix. To stop sendmail, run the following command:
# systemctl stop sendmail
The next step is to ensure that sendmail does not get restarted automatically when the system is rebooted:
# systemctl disable sendmail
Sendmail is now switched off and configured so that it does not auto start when the system is booted. Optionally, to completely remove sendmail from the system, run the following command:
# dnf remove sendmail
Firewall/Router Configuration
Since the sending and receiving of email messages involves network connections, the firewall-cmd tool will need to be used to add the smtp service to the firewall as follows:
# firewall-cmd --permanent --add-service=smtp
It will also be important to configure any other firewall or router between the server and the internet to allow connections on port 25, 143 and 587 and, if necessary, to configure port forwarding for those ports to the corresponding ports on the email server.
With these initial steps completed, we can now move on to installing Postfix.
Installing Postfix on RHEL 8
By default, the RHEL 8 installation process installs postfix for most configurations. To verify if postfix is already installed, use the following rpm command:
# rpm -q postfix
If rpm reports that postfix is not installed, it may be installed as follows:
# dnf install postfix
The dnf tool will download and install postfix, and configure a special postfix user in the /etc/passwd file.
Configuring Postfix
The main configuration settings for postfix are located in the /etc/postfix/'''main.cf file. There are many resources on the internet that provide detailed information on postfix so this section will focus on the basic options required to get email up and running.
The key options in the main.cf file are:
myhostname = mta1.domain.com mydomain = domain.com myorigin = $mydomain mydestination = mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain inet_interfaces = $myhostname mynetworks = subnet
Other settings will have either been set up for you by the installation process or are not needed unless you are feeling adventurous and want to configure a more sophisticated email system.
The format of myhostname is host.domain.extension. If, for example, your Linux system is named MyLinuxHost and your internet domain is MyDomain.com you would set the myhostname option as follows:
myhostname = mylinuxhost.mydomain.com
The mydomain setting is just the domain part of the above setting. For example:
mydomain = mydomain.com
The myorigin setting defines the name of the domain from which output email appears to come from when it arrives in the recipient’s inbox and should be set to your domain name:
myorigin = $mydomain
Perhaps one of the most crucial parameters, mydestination relates to incoming messages and declares the domains for which this server is the final delivery destination. Any incoming email messages addressed to a domain name not on this list will be considered a relay request which, subject to the mynetworks setting (outlined below), will typically result in a delivery failure.
The inet_interfaces setting defines the network interfaces on the system via which postfix is permitted to receive email and is generally set to all:
inet_interfaces = all
The mynetworks setting defines which external systems are trusted to use the server as an SMTP relay. Possible values for this setting are as follows:
- host - Only the local system is trusted. Attempts by all external clients to use the server as a relay will be rejected.
- subnet - Only systems on the same network subnet are permitted to use the server as a relay. If, for example, the server has an IP address of 192.168.1.29, a client system with an IP address of 192.168.1.30 would be able to use the server as a relay.
- class - Any systems within the same IP address class (A, B and C) may use the server as a relay.
Trusted IP addresses may also be defined manually by specifying subnets, address ranges or referencing pattern files. The following example declares the local host and the subnet 192.168.0.0 as trusted IP addresses.
mynetworks = 192.168.0.0/24, 127.0.0.0/8
For this example, set the property to subnet so that any other systems on the same local network as the server are able to send email via SMTP relay while external systems are prevented from doing so.
mynetworks = subnet
Configuring DNS MX Records
When you registered and configured your domain name with a registrar, a number of default values will have been configured in the DNS settings. One of these is the so-called Mail Exchanger (MX) record. This record essentially defines where email addressed to your domain should be sent and is usually set by default to a mail server provided by your registrar. If you are hosting your own mail server, the MX record should be set to your domain or the address of your mail server. The steps on how to make this change will depend on your domain registrar but generally involves editing the DNS information for the domain and either adding or editing an existing MX record to so that it points to your email server.
Starting Postfix on a RHEL 8 System
Once the /etc/postfix/main.cf file is configured with the correct settings it is now time to start up postfix. This can be achieved from the command-line as follows:
# systemctl start postfix
To configure postfix to start automatically at system startup, run the following command:
# systemctl enable postfix
The postfix process should now start up. The best way to verify that everything is working is to check your mail log. This is typically in the /var/log/maillog file and should now contain an entry resembling the following output:
Mar 25 11:21:48 rhel8-pc postfix/postfix-script[5377]: starting the Postfix mail system Mar 25 11:21:48 rhel8-pc postfix/master[5379]: daemon started -- version 3.3.1, configuration /etc/postfix
As long as no error messages have been logged, you have successfully installed and started postfix and are ready to test the postfix configuration.
Testing Postfix
An easy way to test the postfix configuration is to send an email message between local users on the system. To perform a quick test, use the mail tool as follows (where name and mydomain are replaced by the name of user on the system and your domain name respectively):
# mail [email protected]
When prompted, enter a subject for the email message and then enter message body text. To send the email message, simply press Ctrl-D. For example:
# mail [email protected] Subject: Test email message This is a test message. EOT
Run the mail command again, this time as the other user and verify that the message was send and received:
$ mail Heirloom Mail version 12.5 7/5/10. Type ? for help. "/var/spool/mail/neilsmyth": 1 message 1 new >N 1 root Mon Mar 25 13:36 18/625 "Test email message" &
If the message does not appear, check the log file (/var/log/maillog) for errors. A successful mail delivery will appear in the log file as follows:
Mar 25 13:41:37 rhel8-pc postfix/pickup[7153]: 94FAF61E8F4A: uid=0 from=<root> Mar 25 13:41:37 rhel8-pc postfix/cleanup[7498]: 94FAF61E8F4A: message-id=<[email protected]> Mar 25 13:41:37 rhel8-pc postfix/qmgr[7154]: 94FAF61E8F4A: from=<[email protected]>, size=450, nrcpt=1 (queue active) Mar 25 13:41:37 rhel8-pc postfix/local[7500]: 94FAF61E8F4A: to=<[email protected]>, relay=local, delay=0.12, delays=0.09/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox) Mar 25 13:41:37 rhel8-pc postfix/qmgr[7154]: 94FAF61E8F4A: removed
Once local email is working, try sending an email to an external address (such as a GMail account), Also, test that incoming mail works by sending an email from an external account to a user on your domain. In each case, check the /var/log/maillog file for explanations of any errors.
Sending Mail via an SMTP Relay Server
An alternative to configuring a mail server to handle outgoing email messages is to use an SMTP Relay service. As previously discussed, a number of services are available, most of which can be found by performing a web search for “SMTP Relay Service”. Most of these services will require you to verify your domain in some way and will provide MX records with which to update your DNS settings. You will also be provided with a username and password which need to be added to the postfix configuration. The remainder of this section makes the assumption that postfix is already installed on your system and that all of the initial steps required by your chosen SMTP Relay provider have been completed.
Begin by editing the /etc/postfix/main.cf file and configuring the myhostname parameter with your domain name:
myhostname = mydomain.com
Next, create a new file in /etc/postfix named sasl_passwd and add a line containing the mail server host provided by the relay service and the user name and password. For example:
[smtp.myprovider.com]:587 [email protected]:mypassword
Note that port 587 has also been specified in the above entry. Without this setting, postfix will default to using port 25 which is blocked by default by most SMTP relay service providers.
With the password file created, use the postmap utility to generate the hash database containing the mail credentials:
# postmap /etc/postfix/sasl_passwd
Before proceeding, take some additional steps to secure your postfix credentials:
# chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db # chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
Edit the main.cf file once again and add an entry to specify the relay server:
relayhost = [smtp.myprovider.com]:587
Remaining within the main.cf file, add the following lines to configure the authentication settings for the SMTP server:
smtp_use_tls = yes smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt smtp_sasl_security_options = noanonymous smtp_sasl_tls_security_options = noanonymous
Finally, restart the postfix service:
# systemctl restart postfix
Once the service has restarted, try sending and receiving mail using either the mail tool or your preferred mail client.
Summary
A complete, end-to-end email system consists of a Mail User Agent (MUA), Mail Transfer Agent (MTA), Mail Delivery Agent (MDA) and the SMTP protocol. RHEL 8 provides a number of options in terms of MTA solutions, one of the more popular being Postfix. This chapter has outlined how to install, configure and test postfix on a RHEL 8 system both to act as a mail server and to send and receive email using a third party SMTP relay server.
You are reading a sample chapter from the Red Hat Enterprise Linux 8 (RHEL 8) Essentials book. Purchase a full copy of Red Hat Enterprise Linux 8 (RHEL 8) Essentials in eBook ($9.99) or Print ($36.99) format Red Hat Enterprise Linux 8 Essentials Print and eBook (ePub/PDF/Kindle) editions contain 31 chapters and over 250 pages |
Previous | Table of Contents | Next |
Setting Up a RHEL 8 Web Server | Adding a New Disk Drive to a RHEL 8 System |