Along with acting as a web server, email is one of the primary uses of a CentOS Stream 9 system, particularly in business environments. Given the importance and popularity of email, it is surprising to some people to find out how complex the email structure is on a Linux system. This complexity can often be overwhelming to the CentOS 9 newcomer.
The good news is that much of the complexity is there to allow experienced email administrators to implement complicated configurations for large-scale enterprise installations. However, for most Linux administrators, setting up a basic email system is relatively straightforward so that users can send and receive electronic mail.
This chapter of CentOS Stream 9 Essentials will explain the basics of Linux-based email configuration and step through configuring a basic email environment. To provide the essentials, we will leave the complexities of the email system for more advanced books on the subject.
The Structure of the Email System
Several components make up a complete email system. Below is a brief description of each one:
Mail User Agent
The typical user will likely be most familiar with this part of the system. The Mail User Agent (MUA), or mail client, is the application that is used to write, send and read email messages. Anyone who has written and sent a message on any computer has used a Mail User Agent of one type or another.
Typical Graphical MUAs on Linux are Evolution, Thunderbird, and KMail. For those who prefer a text-based mail client, there are also the more traditional Pine and mail tools. 30.1.2 Mail Transfer Agent
The Mail Transfer Agent (MTA) is the part of the email system that transfers email messages from one computer to another (either on the same local network or over the internet to a remote system). Once configured correctly, most users will only directly interact with their chosen MTA if they wish to re-configure it. Many MTA choices are available for Linux, including Sendmail, Postfix, Fetchmail, Qmail, and Exim.
Mail Delivery Agent
Another part of the infrastructure typically hidden from the user, the Mail Delivery Agent (MDA), sits in the background and performs filtering of the email messages between the Mail Transfer Agent and the mail client (MUA). The most popular form of MDA is a spam filter to remove all unwanted email messages from the system before they reach the inbox of the user’s mail client (MUA). Popular MDAs are Spamassassin and Procmail. It is important to note that some Mail User Agent applications (such as Evolution, Thunderbird, and KMail) include their own MDA filtering. Others, such as Pine and Basla, do not. This can be a source of confusion for the Linux beginner.
SMTP is an acronym for Simple Mail Transport Protocol. The email systems use this protocol to transfer mail messages from one server to another. This protocol is the communication language that the MTAs use to talk to each other and transfer messages back and forth.
SMTP Relay is a protocol that allows an external SMTP server to send emails instead of hosting a local SMTP server. This will typically involve using a service such as Mailjet, SendGrid, or MailGun. These services avoid configuring and maintaining your own SMTP server and often provide additional benefits such as analytics.
Configuring a CentOS 9 Email Server
Many systems use the Sendmail MTA to transfer email messages; on many Linux distributions, this is the default Mail Transfer Agent. Unfortunately, Sendmail is a complex system that can be difficult for beginners and experienced users to understand and configure. It is also falling from favor because it is considered slower at processing email messages than many of the more recent MTAs available.
Many system administrators are now using Postfix or Qmail to handle email. Both are faster and easier to configure than Sendmail.
For this chapter, therefore, we will look at Postfix as an MTA because of its simplicity and popularity. However, if you prefer to use Sendmail, many books specialize in the subject and will do the subject much more justice than we can in this chapter.
As a first step, this chapter will cover configuring a CentOS 9 system to act as a full email server. Later in the chapter, the steps to use an SMTP Relay service will also be covered.
Postfix Pre-Installation Steps
The first step before installing Postfix is to ensure that Sendmail is not already running on your system. You can check for this using the following command:
# systemctl status sendmailCode language: plaintext (plaintext)
If sendmail is not installed, the tool will display a message similar to the following:
Unit sendmail.service could not be found.Code language: plaintext (plaintext)
If sendmail is running on your system, it is necessary to stop it before installing and configuring Postfix. To stop sendmail, run the following command:
# systemctl stop sendmailCode language: plaintext (plaintext)
The next step is to ensure that sendmail does not get restarted automatically when the system is rebooted:
# systemctl disable sendmailCode language: plaintext (plaintext)
Sendmail is now switched off and configured to not auto-start when the system is booted. Optionally, to altogether remove sendmail from the system, run the following command:
# dnf remove sendmailCode language: plaintext (plaintext)
Since sending and receiving email messages involves network connections, the firewall must be configured to allow SMTP traffic. If firewalld is active, use the firewall-cmd tool will as follows:
# firewall-cmd --permanent --add-service=smtpCode language: plaintext (plaintext)
It will also be essential to configure any other firewall or router between the server and the internet to allow connections on ports 25, 143, and 587 and, if necessary, to configure port forwarding for those ports to the corresponding ports on the email server. With these initial steps completed, we can now install Postfix.
Installing Postfix on CentOS Stream 9
By default, the CentOS 9 installation process installs postfix for most configurations. To verify if postfix is already installed, use the following rpm command:
# rpm -q postfixCode language: plaintext (plaintext)
If rpm reports that postfix is not installed, it may be installed as follows:
# dnf install postfixCode language: plaintext (plaintext)
The dnf tool will download and install postfix and configure a special postfix user in the /etc/ passwd file.
The main configuration settings for postfix are located in the /etc/postfix/main.cf file. Many resources on the internet provide detailed information on postfix, so this section will focus on the basic options required to get email up and running. Even though the dnf installation set up some basic configuration options, it tends to miss some settings and guess incorrectly for others, so carefully review the main.cf file.
The key options in the main.cf file are as follows:
myhostname = mta1.domain.com mydomain = domain.com myorigin = $mydomain mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain inet_interfaces = $myhostname mynetworks = subnetCode language: plaintext (plaintext)
Other settings will have either been set up for you by the installation process or are only needed if you are feeling adventurous and want to configure a more sophisticated email system.
The format of myhostname is host.domain.extension. If, for example, your Linux system is named MyLinuxHost and your internet domain is MyDomain.com you would set the myhostname option as follows:
myhostname = mylinuxhost.mydomain.comCode language: plaintext (plaintext)
The mydomain setting is just the domain part of the above setting. For example:
mydomain = mydomain.comCode language: plaintext (plaintext)
The myorigin setting defines the name of the domain from which the output email appears to come from when it arrives in the recipient’s inbox and should be set to your domain name:
myorigin = $mydomainCode language: plaintext (plaintext)
One of the most crucial parameters, mydestination relates to incoming messages and declares the domains for which this server is the final delivery destination. Any incoming email messages addressed to a domain name, not on this list will be considered a relay request which, subject to the mynetworks setting (outlined below), will typically result in a delivery failure.
The inet_interfaces setting defines the network interfaces on the system via which postfix is permitted to receive email and is generally set to all:
inet_interfaces = allCode language: plaintext (plaintext)
The mynetworks setting defines which external systems are trusted to use the server as an SMTP relay. Possible values for this setting are as follows:
- host – Only the local system is trusted. Attempts by all external clients to use the server as a relay will be rejected.
- subnet – Only systems on the same network subnet can use the server as a relay. If, for example, the server has an IP address of 192.168.1.29, a client system with an IP address of 192.168.1.30 could use the server as a relay.
- class – Any systems within the same IP address class (A, B, and C) may use the server as a relay.
Trusted IP addresses may be defined manually by specifying subnets, address ranges, or referencing pattern files. The following example declares the local host and the subnet 192.168.0.0 as trusted IP addresses:
mynetworks = 192.168.0.0/24, 127.0.0.0/8Code language: plaintext (plaintext)
For this example, set the property to subnet so that any other systems on the same local network as the server can send email via SMTP relay. In contrast, external systems are prevented from doing so:
mynetworks = subnetCode language: plaintext (plaintext)
Configuring DNS MX Records
When you register and configure your domain name with a registrar, several default values will have been configured in the DNS settings. One of these is the so-called Mail Exchanger (MX) record. This record defines where emails addressed to your domain should be sent and is usually set by default to a mail server provided by your registrar. If you are hosting your own mail server, the MX record should be set to your domain or the IP address of your mail server. The steps to make this change will depend on your domain registrar but generally involves editing the DNS information for the domain and either adding or editing an existing MX record so that it points to your email server.
Starting Postfix on a CentOS 9 System
Once the /etc/postfix/main.cf file is configured with the correct settings, it is now time to start up postfix. This can be achieved from the command line as follows:
# systemctl start postfixCode language: plaintext (plaintext)
If postfix was already running, make sure the configuration changes are loaded using the following command:
# systemctl reload postfixCode language: plaintext (plaintext)
To configure postfix to start automatically at system startup, run the following command:
# systemctl enable postfixCode language: plaintext (plaintext)
The postfix process should now start up. The best way to verify everything works is to check your mail log. This is typically in the /var/log/maillog file and should now contain an entry resembling the following output:
Mar 25 11:21:48 demo-server postfix/postfix-script: starting the Postfix mail system Mar 25 11:21:48 demo-server postfix/master: daemon started -- version 3.3.1, configuration /etc/postfixCode language: plaintext (plaintext)
As long as no error messages have been logged, you have successfully installed and started postfix and are ready to test the postfix configuration.
An easy way to test the postfix configuration is to send email messages between local users on the system. To perform a quick test, use the mail tool as follows (where name and mydomain are replaced by the name of a user on the system and your domain name, respectively):
# mail [email protected]Code language: plaintext (plaintext)
When prompted, enter a subject for the email message and then type the message body text. To send the email message, press Ctrl-D. For example:
# mail [email protected] Subject: Test email message This is a test message. EOTCode language: plaintext (plaintext)
Rerun the mail command, this time as the other user, and verify that the message was sent and received:
$ mail Heirloom Mail version 12.5 7/5/10. Type ? for help. "/var/spool/mail/demo": 1 message 1 new >N 1 root Mon Mar 25 13:36 18/625 "Test email message" &Code language: plaintext (plaintext)
Check the log file (/var/log/maillog) for errors if the message does not appear. Successful mail delivery will appear in the log file as follows:
Mar 25 13:41:37 demo-server postfix/pickup: 94FAF61E8F4A: uid=0 from=<root> Mar 25 13:41:37 demo-server postfix/cleanup: 94FAF61E8F4A: message-id=<[email protected]> Mar 25 13:41:37 demo-server postfix/qmgr: 94FAF61E8F4A: from=<[email protected]>, size=450, nrcpt=1 (queue active) Mar 25 13:41:37 demo-server postfix/local: 94FAF61E8F4A: to=<[email protected]>, relay=local, delay=0.12, delays=0.09/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox) Mar 25 13:41:37 demo-server postfix/qmgr: 94FAF61E8F4A: removedCode language: plaintext (plaintext)
Once the local email is working, try sending an email to an external address (such as a GMail account). Also, test that incoming mail works by sending an email from an external account to a user on your domain. In each case, check the /var/log/maillog file for explanations of any errors.
Sending Mail via an SMTP Relay Server
An SMTP Relay service is an alternative to configuring a mail server to handle outgoing email messages. As previously discussed, several services are available, most of which can be found by performing a web search for “SMTP Relay Service”. Most of these services will require you to verify your domain in some way and will provide MX records with which to update your DNS settings. You will also be provided with a username and password, which must be added to the postfix configuration. The remainder of this section assumes that postfix is installed on your system and that all of the initial steps required by your chosen SMTP Relay provider have been completed.
Begin by editing the /etc/postfix/main.cf file and configure the myhostname parameter with your domain name:
myhostname = mydomain.comCode language: plaintext (plaintext)
Next, create a new file in /etc/postfix named sasl_passwd and add a line containing the mail server host provided by the relay service and the user name and password. For example:
[smtp.myprovider.com]:587 [email protected]:mypasswordCode language: plaintext (plaintext)
Note that port 587 has also been specified in the above entry. Without this setting, postfix will default to using port 25, which is blocked by default by most SMTP relay service providers. With the password file created, use the postmap utility to generate the hash database containing the mail credentials:
# postmap /etc/postfix/sasl_passwdCode language: plaintext (plaintext)
Before proceeding, take some additional steps to secure your postfix credentials:
# chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db # chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.dbCode language: plaintext (plaintext)
Edit the main.cf file once again and add an entry to specify the relay server:
relayhost = [smtp.myprovider.com]:587Code language: plaintext (plaintext)
Remaining within the main.cf file, add the following lines to configure the authentication settings for the SMTP server:
smtp_use_tls = yes smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt smtp_sasl_security_options = noanonymous smtp_sasl_tls_security_options = noanonymousCode language: plaintext (plaintext)
Finally, restart the postfix service:
# systemctl restart postfixCode language: plaintext (plaintext)
Once the service has restarted, try sending and receiving mail using either the mail tool or your preferred mail client.
A complete, end-to-end email system consists of a Mail User Agent (MUA), Mail Transfer Agent (MTA), Mail Delivery Agent (MDA), and the SMTP protocol. CentOS Stream 9 provides several MTA solutions, one of the more popular being Postfix. This chapter has outlined how to install, configure and test postfix on a CentOS Stream 9 system to act as a mail server and send and receive email using a third-party SMTP relay server.