Skip to main content

How to install and configure Postfix

Learn how to install and configure Postfix, which is a Sendmail-compatible mail transport agent that is designed to be secure, fast, and easy to configure.
Image
How to install and configure Postfix
"Mailboxes" by Sam Howzit is licensed under CC BY 2.0

The most commonly used implementations of SMTP in most Linux distros are Sendmail and Postfix. Postfix is an open source mail-transfer agent that was originally developed as an alternative to Sendmail and is usually set up as the default mail server.

Installing Postfix

Before beginning to install, first things first. A good habit to have is to check and see if the software is installed on the server already. It’s always helpful to check if something is there before getting to work.

To check on RPM-based distros, use this command:

$ rpm -qa | grep postfix

If the previous command shows that the RPM is not installed, you can install the Postfix RPM with the following (on yum-based distros):

$ yum install -y postfix

After Postfix is installed, you can start the service and enable it to make sure it starts after reboot:

$ systemctl start postfix
$ systemctl enable postfix

Configuring Postfix

After Postfix is installed, you can start configuring the service to your liking. All of the options you need for the service are located in /etc/postfix. The main configuration file for the Postfix service is located at /etc/postfix/main.configuration. Within the configuration file, there are many options that you can add, some of them more common than others. Let's go over a few you may see the most when setting up the service, and when needing to troubleshooting it:

  • myhostname declares the mail server’s hostname. Hostnames normally have prefixes in them, like this:
myhostname = mail.sinisterriot.com
  • mydomain declares the domain that is actually handling mail, like this:
mydomain = sinisterriot.com
  • mail_spool_directory declares the directory where mailbox files are placed, like so:
mail_spool_directory = /var/mail
  • mynetworks declares a list of trusted remote SMTP servers that can relay through the server, like this:
mynetworks = 127.0.0.0/8, 168.100.189.0/28

The list provided with mynetworks should only contain local network IP addresses, or network/netmask patterns that are separated by commas or whitespace. It’s important to only use local network addresses to avoid unauthorized users using your mail server for malicious activity, resulting in your server and addresses being blacklisted.

Testing Postfix

Before putting something into production, testing it in a dev environment is always a good idea. This process has the same concept: Once you get the mail server configured, test it to make sure that it works.

First, I recommend testing whether you can send an email to a local recipient. If successful, you can proceed to a remote recipient. I prefer to use the telnet command to test my mail server:

$ telnet mail.sinisterriot.com 26

Add the HELO command to tell the server which domain you are coming from:

HELO sinisterriot.com

Next is the sender. This ID can be added with the MAIL FROM command:

MAIL FROM: somewhere@sinisteriot.com

This entry is followed by the recipient, and you can add more than one by using the RCPT TO command multiple times:

RCPT TO: someone@sinisterriot.com

Finally, we can add the content of the message. To reach the content mode, we add the prefix DATA on a line by itself, followed by the Subject line, and the body message. Listed below is an example:

DATA

Subject: This is a test message  

Hello,

This is a test message

.

In order to finish the message body and close it, you need to add a single period (.) or dot on a line by itself. Once this process is complete, the server will attempt to send the email with the information you provided. The code response will notify you if the email was successful or not. Once done, use the quit command to close the mailing window.

In any regard, check the mail logs for errors. They are located in /var/log/maillog by default, but this location can be changed to another place. As a system administrator, checking error logs is a good habit to have. This practice is great in troubleshooting and gives us insight into identifying and fixing an issue faster. Deciphering mail logs is an important part of admin work as well, as each part of the log lets us know what is important. In my past years, knowing these parts has helped me write scripts for specific requests while only needing to redact or leave out parts of the mail logs.

Securing Postfix

Securing your services is just as important as setting them up. It is safer to transfer data over a secure connection than over one that is unprotected. Next, we will cover how to secure our newly configured mail server. You can do that by generating an SSL session over Transport Layer Security (TLS) for the SMTP server.

First, you need to generate the private key and the Certificate Signing Request (CSR). You can do this via the openssl command:

$ openssl req -nodes -newkey rsa:2048 -keyout privatekey.key -out mail.csr

Then, generate a signing request and copy it to the /etc/postfix directory:

$ openssl x509 -req -days 365 -in mail.csr -signkey privatekey.key -out secure.crt
$ cp {privatekey.key,secure.crt} /etc/postfix

This sequence issues a signed certificate to the mail server, also known as a Certificate Authority (CA) certificate. This practice means that the CA must trust the certificate signer to secure the private key and transmit data over the internet. In the other kind of certificate, a self-signed, the CA does not trust the certificate signer, leaving the information vulnerable to steal and open to be compromised. It’s always better to go with a signed certificate.

Once this process is complete, you can add TLS options to the Postfix config file:

smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/secure.crt
smtpd_tls_key_file = /etc/postfix/privatekey.key
smtp_tls_security_level = may

Next, restart the service to put the new options into effect:

$ systemctl restart postfix

Now, you have a functioning, secure email server.

Topics:   Linux   Networking   Email  
Author’s photo

Gabby Taylor

Related Content

OUR BEST CONTENT, DELIVERED TO YOUR INBOX