How to configure a SMTP server in Red Hat Enterprise Linux

Mail Transport Agents

Red Hat Enterprise Linux offers two primary MTAs: Postfix and Sendmail. Postfix is configured as the default MTA, although it is easy to switch the default MTA to Sendmail. To switch the default MTA to Sendmail, you can either
uninstall Postfix or use the following command to switch to Sendmail:

~]# alternatives --config mta

You can also use a command in the following format to enable or disable the desired service:

chkconfig service_name on | off

1. Postfix

Originally developed at IBM by security expert and programmer Wietse Venema, Postfix is a Sendmail-compatible MTA that is designed to be secure, fast, and easy to configure.

To improve security, Postfix uses a modular design, where small processes with limited privileges are launched by a master daemon. The smaller, less privileged processes perform very specific
tasks related to the various stages of mail delivery and run in a changed root environment to limit the effects of attacks.

Configuring Postfix to accept network connections from hosts other than the local computer takes only a few minor changes in its configuration file. Yet for those with more complex needs, Postfix provides a variety of configuration
options, as well as third party add-ons that make it a very versatile and full-featured MTA.

The configuration files for Postfix are human readable and support upward of 250 directives. Unlike Sendmail, no macro processing is required for changes to take effect and the majority of the most commonly used options are
described in the heavily commented files.

1.1. The Default Postfix Installation

The Postfix executable is 

/usr/sbin/postfix

.
This daemon launches all related processes needed to handle mail delivery.

Postfix stores its configuration files in the 

/etc/postfix/

 directory.
The following is a list of the more commonly used files:

access

 —
Used for access control, this file specifies which hosts are allowed to connect to Postfix.

main.cf

 —
The global Postfix configuration file. The majority of configuration options are specified in this file.

master.cf

 —
Specifies how Postfix interacts with various processes to accomplish mail delivery.

transport

 —
Maps email addresses to relay hosts.

The 

aliases

 file
can be found in the 

/etc/

 directory.
This file is shared between Postfix and Sendmail. It is a configurable list required by the mail protocol that describes user ID aliases.

Configuring Postfix as a server for other clients

The default 

/etc/postfix/main.cf

 file
does not allow Postfix to accept network connections from a host other than the local computer. For instructions on configuring Postfix as a server for other clients, see Section 19.3.1.2,
“Basic Postfix Configuration”.

Restart the 

postfix

 service
after changing any options in the configuration files under the 

/etc/postfix

 directory
in order for those changes to take effect:

~]# [code]service postfix restart

[/code]

1.2. Basic Postfix Configuration

By default, Postfix does not accept network connections from any host other than the local host. Perform the following steps as 

root

 to
enable mail delivery for other hosts on the network:

Edit the 

/etc/postfix/main.cf

 file
with a text editor, such as 

vi

.

Uncomment the 

mydomain

 line
by removing the hash sign (

#

),
and replace domain.tld with the domain the mail server is servicing, such as 

example.com

.

Uncomment the 

myorigin
= $mydomain

 line.

Uncomment the 

myhostname

 line,
and replace host.domain.tld with the host name for the machine.

Uncomment the 

mydestination
= $myhostname, localhost.$mydomain

 line.

Uncomment the 

mynetworks

 line,
and replace 168.100.189.0/28 with a valid network setting for hosts that can connect to the server.

Uncomment the 

inet_interfaces
= all

 line.

Comment the 

inet_interfaces
= localhost

 line.

Restart the 

postfix

 service.

Once these steps are complete, the host accepts outside emails for delivery.

Postfix has a large assortment of configuration options. One of the best ways to learn how to configure Postfix is to read the comments within the 

/etc/postfix/main.cf

 configuration
file. Additional resources including information about Postfix configuration, SpamAssassin integration, or detailed descriptions of the 

/etc/postfix/main.cf

 parameters
are available online at http://www.postfix.org/.


1.2.1. Configuring Postfix to Use Transport Layer Security

Configuring postfix to use transport layer security (TLS) is described in the Red Hat Knowledgebase solution How
to configure postfix with TLS?

Important

Due to the vulnerability described in Resolution
for POODLE SSL 3.0 vulnerability (CVE-2014-3566) in Postfix and Dovecot, Red Hat recommends disabling 

SSL

,
if it is enabled, and using only 

TLSv1.1

 or 

TLSv1.2

.
Backwards compatibility can be achieved using 

TLSv1.0

.
Many products Red Hat supports have the ability to use 

SSLv2

 or 

SSLv3

 protocols.
However, the use of 

SSLv2

 or 

SSLv3

 is
now strongly recommended against.

1.3. Using Postfix with LDAP

Postfix can use an 

LDAP

 directory
as a source for various lookup tables (e.g.: 

aliases

, 

virtual

, 

canonical

,
etc.). This allows 

LDAP

 to
store hierarchical user information and Postfix to only be given the result of 

LDAP

 queries
when needed. By not storing this information locally, administrators can easily maintain it.


1.3.1. The /etc/aliases lookup example

The following is a basic example for using 

LDAP

 to
look up the 

/etc/aliases

 file.
Make sure your 

/etc/postfix/main.cf

 file
contains the following:

alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf

Create a 

/etc/postfix/ldap-aliases.cf

 file
if you do not have one already and make sure it contains the following:

server_host = ldap.example.com
search_base = dc=example, dc=com

where 

ldap.example.com

, 

example

,
and 

com

 are
parameters that need to be replaced with specification of an existing available 

LDAP

 server.

The /etc/postfix/ldap-aliases.cf file

The 

/etc/postfix/ldap-aliases.cf

 file
can specify various parameters, including parameters that enable 

LDAP

 

SSL

 and 

STARTTLS

.
For more information, see the 

ldap_table(5)

 man
page.

For more information on 

LDAP

,
see Section 20.1,
“OpenLDAP”.