Intro to SMTP & postfix

With RHEL6, Red Hat changed it's long-standing preference for mail services from sendmail to postfix. This move makes configuration of mail servers much simpler and straight-forward.

The table below lists several acronymns that are used within the world of email. Following the table is a graphic that shows their use in the email cycle.

Table 11.5. Email Terms and Concepts

Term Description
MTA Mail Transfer Agent. Conveys (transfers) mail from Server to Server (ex: sendmail, postfix).
MUA Mail User Agent. An end-user software interface that conveys mail between Client and Server (ex: Evolution, Thunderbird, mutt, mail, elm).
MDA Mail Delivery Agent. Moves mail from Server to local mail spools.

Figure 11.1. Email Cycle and Terminology

Email Cycle and Terminology

Installing postfix

postfix can be installed with the command `yum -y install postfix`.

postfix Configuration

The configuration files for postfix live at '/etc/postfix'. The main configuration file is '/etc/postfix/main.cf'. There are five essential directives within that file that need to be configured for basic postfix operation. They are listed below.

  1. 'myhostname' - Provides the hostname for the server.
  2. 'mydomain' - Provides the mail domain for the server (often different than a DNS domain).
  3. 'myorigin' - Provides the host/domain that should be shown as the origin for outbound mail from the system.
  4. 'inet_interfaces' - Controls which interfaces the mailserver listens on. Note that, by default, only localhost is configured.
  5. 'mynetworks' - Comma-separated list of IP addresses and networks that can relay through this mailserver (ex: 92.168.0.0/16, 10.0.0.0/8.)

Another important configuration file is '/etc/aliases' which is crucial for forwarding mail. When this file is altered, the command `newaliases` must be run. Additionally, crucial mail information is logged in '/var/log/maillog'.

postfix as a Service

`service postfix start` & `chkconfig postfix on`.

Commands to Manipulate postfix

The following commands can be used to help configure and administrate the postfix server.

  • `postconf` - Applies configuration changes on the fly (not persistent). Can also display available directives and default directives.
  • `grep -v "^#\|^$" /etc/postfix/main.cf` - Filters out all comments and unused directives in the postfix config file for clear reading.
  • `alternatives` OR `system-switch-mail` will facilitate switching between MTAs if both sendmail & postfix are installed on the system.

Securing postfix

The following SELinux commands show crucial information regarding postfix. Note that the fcontext output shows several locations where postfix stores its queue and other critical information. Additionally, the port output shows which ports may need to be opened for mail to be received by the box.

    14:17:50
    root@intrepid ~/
    --> semanage boolean -l | grep postfix
    postfix_local_write_mail_spool (on   ,   on)  Allow postfix to local write mail spool

    15:05:32
    root@intrepid ~/
    --> semanage fcontext -l | grep postfix
    /etc/postfix.*                                     all files          system_u:object_r:postfix_etc_t:s0 
    /etc/postfix/aliases.*                             all files          system_u:object_r:etc_aliases_t:s0 
    /etc/postfix/postfix-script.*                      regular file       system_u:object_r:postfix_exec_t:s0 
    /etc/postfix/prng_exch                             regular file       system_u:object_r:postfix_prng_t:s0 
    /etc/rc\.d/init\.d/postfix                         regular file       system_u:object_r:postfix_initrc_exec_t:s0 
    /usr/libexec/postfix/(n)?qmgr                      regular file       system_u:object_r:postfix_qmgr_exec_t:s0 
    /usr/libexec/postfix/.*                            regular file       system_u:object_r:postfix_exec_t:s0 
    /usr/libexec/postfix/bounce                        regular file       system_u:object_r:postfix_bounce_exec_t:s0 
    /usr/libexec/postfix/cleanup                       regular file       system_u:object_r:postfix_cleanup_exec_t:s0 
    /usr/libexec/postfix/lmtp                          regular file       system_u:object_r:postfix_smtp_exec_t:s0 
    /usr/libexec/postfix/local                         regular file       system_u:object_r:postfix_local_exec_t:s0 
    /usr/libexec/postfix/master                        regular file       system_u:object_r:postfix_master_exec_t:s0 
    /usr/libexec/postfix/pickup                        regular file       system_u:object_r:postfix_pickup_exec_t:s0 
    /usr/libexec/postfix/pipe                          regular file       system_u:object_r:postfix_pipe_exec_t:s0 
    /usr/libexec/postfix/scache                        regular file       system_u:object_r:postfix_smtp_exec_t:s0 
    /usr/libexec/postfix/showq                         regular file       system_u:object_r:postfix_showq_exec_t:s0 
    /usr/libexec/postfix/smtp                          regular file       system_u:object_r:postfix_smtp_exec_t:s0 
    /usr/libexec/postfix/smtpd                         regular file       system_u:object_r:postfix_smtpd_exec_t:s0 
    /usr/libexec/postfix/virtual                       regular file       system_u:object_r:postfix_virtual_exec_t:s0 
    /usr/sbin/postalias                                regular file       system_u:object_r:postfix_master_exec_t:s0 
    /usr/sbin/postcat                                  regular file       system_u:object_r:postfix_master_exec_t:s0 
    /usr/sbin/postdrop                                 regular file       system_u:object_r:postfix_postdrop_exec_t:s0 
    /usr/sbin/postfix                                  regular file       system_u:object_r:postfix_master_exec_t:s0 
    /usr/sbin/postkick                                 regular file       system_u:object_r:postfix_master_exec_t:s0 
    /usr/sbin/postlock                                 regular file       system_u:object_r:postfix_master_exec_t:s0 
    /usr/sbin/postlog                                  regular file       system_u:object_r:postfix_master_exec_t:s0 
    /usr/sbin/postmap                                  regular file       system_u:object_r:postfix_map_exec_t:s0 
    /usr/sbin/postqueue                                regular file       system_u:object_r:postfix_postqueue_exec_t:s0 
    /usr/sbin/postsuper                                regular file       system_u:object_r:postfix_master_exec_t:s0 
    /usr/sbin/sendmail\.postfix                        regular file       system_u:object_r:sendmail_exec_t:s0 
    /usr/share/munin/plugins/postfix_mail.*            regular file       system_u:object_r:mail_munin_plugin_exec_t:s0 
    /var/lib/postfix.*                                 all files          system_u:object_r:postfix_data_t:s0 
    /var/spool/postfix.*                               all files          system_u:object_r:postfix_spool_t:s0 
    /var/spool/postfix/bounce(/.*)?                    all files          system_u:object_r:postfix_spool_bounce_t:s0 
    /var/spool/postfix/defer(/.*)?                     all files          system_u:object_r:postfix_spool_maildrop_t:s0 
    /var/spool/postfix/deferred(/.*)?                  all files          system_u:object_r:postfix_spool_maildrop_t:s0 
    /var/spool/postfix/dev                             directory          system_u:object_r:device_t:s0 
    /var/spool/postfix/dev/log                         socket             system_u:object_r:devlog_t:s0 
    /var/spool/postfix/etc(/.*)?                       all files          system_u:object_r:etc_t:s0 
    /var/spool/postfix/etc/localtime                   regular file       system_u:object_r:locale_t:s0 
    /var/spool/postfix/flush(/.*)?                     all files          system_u:object_r:postfix_spool_flush_t:s0 
    /var/spool/postfix/lib(/.*)?                       all files          system_u:object_r:lib_t:s0 
    /var/spool/postfix/lib/ld.*\.so.*                  regular file       system_u:object_r:ld_so_t:s0 
    /var/spool/postfix/lib64(/.*)?                     all files          system_u:object_r:lib_t:s0 
    /var/spool/postfix/maildrop(/.*)?                  all files          system_u:object_r:postfix_spool_maildrop_t:s0 
    /var/spool/postfix/pid                             directory          system_u:object_r:var_run_t:s0 
    /var/spool/postfix/pid/.*                          all files          system_u:object_r:postfix_var_run_t:s0 
    /var/spool/postfix/postgrey(/.*)?                  all files          system_u:object_r:postgrey_spool_t:s0 
    /var/spool/postfix/private(/.*)?                   all files          system_u:object_r:postfix_private_t:s0 
    /var/spool/postfix/public(/.*)?                    all files          system_u:object_r:postfix_public_t:s0 
    /var/spool/postfix/spamass(/.*)?                   all files          system_u:object_r:spamass_milter_data_t:s0 
    /var/spool/postfix/usr(/.*)?                       all files          system_u:object_r:lib_t:s0 

    15:06:08
    root@intrepid ~/
    --> semanage port -l | grep 'postfix\|mail\|smtp'
    mail_port_t                    tcp      2000, 3905
    postfix_policyd_port_t         tcp      10031
    smtp_port_t                    tcp      25, 465, 587

Additional Notes & Considerations for postfix

In order to send and receive mail, it will be necessary to install a Mail User Agent. There are several command line versions available, including mail and mutt. Another feature-rich command-line mail agent is alpine, which may not be available from the standard repositories.

Reference Material for this Chapter

For this chapter's supporting material, please reference Chapters 13 & 17 in the RHCSA/RHCE Linux Certification Study Guide text book.