RedHat 7 install and configure postfix

This tutorial assumes you have your email server domain pointing to your own hosting server IP, eg. mail.yourwebsite.com, if not, follow below post to add a new DNS record.

Create DNS records

This post is inspired by Run Your Own Email Server on CentOS 8/RHEL 8 – Postfix SMTP Server, a great article that makes me sent my first hello world email successfully on my own RHEL7 server.

RHEL 7 default postfix repo contains version 2.x, to update latest postfix (3 or later), follow below steps.

Add ghettoforge repository to your RHEL 7 system

sudo yum --nogpg install https://mirror.ghettoforge.org/distributions/gf/gf-release-latest.gf.el7.noarch.rpm

To verify repo added success, type below command:

sudo yum repolist
# Output should contains below message.
!gf/x86_64                                                                             Ghettoforge packages that won't overwrite core distro packages.                                                    86
!gf-plus/x86_64                                                                        Ghettoforge packages that will overwrite core distro packages.                                                    12

Enable gf-plus repository

sudo  yum-config-manager --enable gf-plus

Remove current postfix 2.x version if installed

sudo yum -y remove postfix*

Clean packages and cache

sudo yum clean all
sudo yum makecache

Install postfix 3 and corresponding packages

Install postfix3 and corresponding dependencies

sudo yum install postfix3 postfix3-mysql postfix3-utils

On RHEL 8 use below command

sudo dnf install postfix postfix-mysql

Verify your installation

rpm -qi postfix3

Output example:

Name        : postfix3
Epoch       : 2
Version     : 3.6.2
Release     : 1.gf.el7
Architecture: x86_64
Install Date: Sun 07 Nov 2021 10:49:54 AM AST
Group       : System Environment/Daemons
Size        : 10158351
License     : IBM

Enable postifx service

sudo systemctl enable postfix

Start postfix service

sudo systemctl start postfix

Check postfix status

sudo systemctl status postfix

Example output

● postfix.service - Postfix Mail Transport Agent
   Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/postfix.service.d
           └─restart.conf
   Active: active (running) since Fri 2021-12-31 12:19:53 AST; 7s ago

Your postfix mail configuration file under /etc/postfix folder.

Below change in file /etc/postfix/main.cf

# Below change in file /etc/postfix/main.cf

# Check you inet_interfaces configuraiton
postconf inet_interfaces

# Set its value to "all" if it's not the current value
sudo postconf -e "inet_interfaces = all"

# Set your mail host name
sudo postconf -e "myhostname = mail.yourwebsite.com"

# Set your web site domain
sudo postconf -e "mydomain = yourwebsite.com"

# Uncomment "myorigin" below line:
myorigin = $mydomain

# Enable IPV4
inet_protocols = ipv4

# Uncomment "mydesitination" of below line:
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

# Uncomment "mynetworks" and update as per your local server IP address.
mynetworks = 192.168.0.0/28, 127.0.0.0/8 

# Uncomment "smtpd_banner", this is optional
smtpd_banner = $myhostname ESMTP $mail_name

# Reload your postfix configuration
sudo postfix reload

If you have error message like :

Process: 936948 ExecStartPre=/usr/sbin/restorecon -R /var/spool/postfix/pid/master.pid (code=exited, status=255)

try this solution:

This has been fixed by removing "/master.pid" filename from /usr/lib/systemd/system/postfix.service

Change: ExecStartPre=-/usr/sbin/restorecon -R /var/spool/postfix/pid/master.pid

To: ExecStartPre=-/usr/sbin/restorecon -R /var/spool/postfix/pid

Update firewall rules to allow server send out email

# Add smtp, smtps services to firewall rules
sudo firewall-cmd --add-service={smtp,smtps} --permanent

# Reload firewall configuration
sudo firewall-cmd --reload

# Verify firewall listed services
sudo firewall-cmd --list-services 

# Output example
smtp smtps

Configure relay host

In order to send email out to other email domain server which blocks 25 port, a relay host is required, follow this article to set up a relay host with sendinblue support, set up SMTP relay to bypass port 25 blocking, my next goal will be setting up my own relay host.

# Brevo (formerly sendinblue) example, edit /etc/postfix/main.cf
sudo vi /etc/postfix/main.cf
# Make below updates
relayhost = [smtp-relay.brevo.com]:587

# Outbound relay configurations
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
header_size_limit = 4096000

Save and close main.cf file

Configure sasl credentials, create and make below updates in /etc/postfix/sasl_passwd  file

# Edit /etc/postfix/sasl_passwd  file
sudo vi /etc/postfix/sasl_passwd

# Add below line with your Brevo smtp account and credential
[smtp-relay.brevo.com]:587      smtp_username:smtp_password

# Save and close /etc/postfix/sasl_passwd file and run below command
sudo postmap /etc/postfix/sasl_passwd
 

Update file access to only allow root user edit this file

sudo chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

Restart postfix server

sudo systemctl restart postfix

Make proper updates on brevo side.

Once you have relay server setup complete, you should be able to test sending out email from your own server

# Run below command to send out email
echo "test email" | sendmail hello@yourwebsite.com

# Check email log
sudo tail /var/log/maillog -n 200

# Example:
Dec 28 12:40:53 rhel7 postfix/lmtp[23332]: 0367341715DF: to=<hello@yourwebsite.com>, relay=mail.yourwebsite.com[private/dovecot-lmtp], delay=0.29, delays=0.06/0.05/0.18/0.01, dsn=2.0.0, status=sent (250 2.0.0 <hello@yourwebsite.com> QEHKDhU+y2ElWwAAL1oCug Saved)

Next step is setting up email server that can receive incoming emails from other SMTP server, dovecot will be used on RHEL7, stay tuned.

Leave a Comment

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.

Scroll to Top