Mail Transfer Agent (MTA) Configuration Using Postfix

Mail Transfer Agent (MTA) Configuration Using Postfix

This article provides an introduction to Mail Transfer Agent (MTA) configuration on Linux, with specific reference to the information needed for the RHCE EX300 certification exam.

Remember, the exams are hands-on, so it doesn’t matter which method you use to achieve the result, so long as the end product is correct.

• Installation
• Firewall
• SELinux
• Configure a mail transfer agent (MTA) to accept inbound email from other systems
• Configure an MTA to forward (relay) email through a smart host
• Security

Installation

The Postfix service is installed from a Yum repository using the following command.

# yum install postfix

Turn on the Postfix service and make sure it starts automatically on reboot.

# service postfix start
# chkconfig postfix on

The Postfix service is configured using the “/etc/postfix/main.cf” file. Configuration changes have to be followed by a restart of the service.

# service postfix restart
# # or
# service postfix reload

Firewall

The server acting as a mail transfer agent must have the TCP port 123 open. This can be achieved by adding the following entry to the type of firewall script described here.

# Open port for NTP server.
iptables -A INPUT -p tcp --dport 25 -j ACCEPT

SELinux

If you are using SELinux, you will need to consider the following points.

The SELinux booleans associated with the Postfix service are displayed using the getsebool command.

# getsebool -a | grep postfix
allow_postfix_local_write_mail_spool --> on
#

The setsebool command is used to set a specific boolean value.

# setsebool allow_postfix_local_write_mail_spool off
# setsebool allow_postfix_local_write_mail_spool on

More information on SELinux can be found here.

Configure a mail transfer agent (MTA) to accept inbound email from other systems

To allow Postfix to accept inbound email, edit the “ /etc/postfix/main.cf” file, setting the following values relevant for your network.

# Set this.
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

# Can leave following as defaults, or reset if desired.
#myhostname
#mydomain
#myorigin
#mynetworks

Remember to restart or reload the service for the changes to take effect.

# service postfix restart

Test the service is accessible from another machine using telnet on port 25.

# telnet rhce1.localdomain 25
Trying 192.168.0.190...
Connected to rhce1.
Escape character is '^]'.
220 rhce1.localdomain ESMTP Postfix
quit
221 2.0.0 Bye
Connection closed by foreign host.
#

You may need to install telnet to perform this test. This is done using the following command.

# yum install telnet

Configure an MTA to forward (relay) email through a smart host

To allow Postfix to accept relay email, edit the “ /etc/postfix/main.cf” file, setting the following value to the relevant host.

relayhost = 192.168.0.1

Remember to restart or reload the service for the changes to take effect.

# service postfix restart

Test the change by sending an email.

# echo "This is a test" | mail -s "Relay Test" me@example.com

Security

Host level security is provided by the Linux firewall, as described previously.

For more information see:

• RHEL6 Managing Confined Services : Postfix
• Linux man pages
• RHCSA and RHCE

Back to the Top.