UNIXADMINSCHOOL.COM

Configuring Email Services in Linux (RHEL5/6)

Overview of Email Services

The email system is divided into three different parts: MUA, MDA, and MTA. The mail user agent (MUA) deals specifically with end users. It is what they use to type and read emails they receive.

The MUA is a mail client of some sort, such as Thunderbird or Evolution. The mail delivery agent (MDA) handles the delivery of mail from the receiving mail server to the spool where the mail sits until an MUA picks it up for the user.

Finally, the mail transfer agent (MTA) is responsible for moving mail from one server to another until it arrives at its destination.

Task 1: Installing Postfix

Red Hat provides both Sendmail and Postfix as viable mail programs. In this post we are focusing only on Postfix. Postfix provides for easier administration, allows increased security, and supports virtual domains. It is also the default mail program on RHEL6.

Step 1. To get started, you just need to verify that Postfix is installed correctly:

# rpm -qa | grep postfix
postfix-2.6.6-2.el6.x86_64

If the package isn’t installed for some reason, you should install it now with the following:

# yum install –y postfix

Step 2. The service should be already set to start during system boot, so you should just verify that:

# chkconfig postfix –list
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off

If the service isn’t set to start on boot, you can enable it with the following:

# chkconfig postfix on

Because the Postfix service comes installed by default, you really don’t need to do much to get started.

Task 2 : Configuring Postfix

Postfix actually starts a service called master, which is its main service. This master service starts three other services besides itself: nqmgr, pickup, and smtpd. The nqmgr service is responsible for mail transmission, relay, and delivery. The pickup service transfers messages, and the smtpd service directs incoming mail. There are numerous things to know when working with Postfix, so let’s take a look.

Here are the management commands for Postfix:

  • mailq            Allows you to view the mail queue (* means active, ! means on hold)
  • postmap      Postfix lookup table management
  • postsuper    Allows you to perform maintenance jobs on the Postfix queue
  • postconf      Postfix configuration utility

The main config files for Postfix are located in the /etc/postfix directory:

  • master.cf   Contains settings to control the master service
  • main.cf      Opens the primary config file for Postfix
  • access         Provides access control
  • transport   Maps email addresses to relay hosts
  • service       Identifies the name of the service
  • type            Names the transport mechanism used
  • private       Names the service used by Postfix only
  • unpriv       Names the service to be run by nonroot users
  • chroot       Indicates whether the mail queue should be run in a chrooted environment
  • wakeup     Specifies the wakeup interval for the service
  • maxproc   Indicates the maximum number of processes the service can execute
  • command Names the command to be executed plus arguments

In the master.cf file, the columns are arranged in the following order:

<service> <type> <private> <unpriv> <chroot> <wakeup> <maxproc> <cmd>

Before you can change any of the options in the config file, make sure that the Postfix service is not running. Now let’s look at the default options for Postfix:

# head –n 35 /etc/postfix/master.cf
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: “man 5 master”).
#
# ============================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ============================================================
smtp inet n – n – – smtpd

pickup fifo n – n 60 1 pickup
cleanup unix n – n – 0 cleanup
qmgr fifo n – n 300 1 qmgr

You can make adjustments here for any of the subservices that you’d like to edit, but for purposes of this example, keep the default values for now.

Next, let’s look at the main config file, which requires some  editing before you can use Postfix. Because the config file is 667 lines long, the whole file is not shown here. Instead, we look at key sections. The following variables need to be set for the Postfix server to work properly:

  • myhostname Defines the full hostname of the Postfix server
  • mydomain Defines the domain name
  • myorigin Defines the name that outgoing mail originates from
  • inet_interfaces Identifies the interface on which to receive mail
  • mydestination Defines the domains for which Postfix accepts mail
  • mynetworks Lists trusted networks
  • virtual_alias_maps Defines virtual aliases for incoming mail

You can proceed as follows:

Step 1. Open the master.cf file with any text editor and set the preceding variables:

# nano /etc/postfix/main.cf

Step 2. Change the following options to reflect the lab environment:

myhostname = rhel01.example.com
mydomain = example.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 172.168.1.0/24, 127.0.0.0/8

When you have these settings in place, save the file and exit. Mail servers rely heavily on DNS to function properly. If you don’t have a DNS server already configured or you use an external DNS server, make sure it is set up with the correct MX records before you start the Postfix service.

Step 3. Check that the directory structure and config file are correct:

# postfix check

Step 4. When you are confident that the DNS records are in place, the Postfix options are set correctly, and the config checks out, you can start the Postfix service:

# service postfix start
Starting postfix: [ OK ]

Step 5. Verify:

# service postfix status
master (pid 3156) is running…

Because Postfix is the default outgoing mail server, you don’t need to change the default MTA. It doesn’t hurt, though, to check that it is set correctly.

Step 6. Verify that the current default for the outgoing mail is Postfix:

# alternatives —display mta | grep current

link currently points to /usr/sbin/sendmail.postfix

An alternative to adjusting the main.cf config file by hand is to use the postconf utility.

Syntax: postconf [options] [parameter=value]
Options:

-a Lists the available SASL server plug-in types
-d Prints the default parameter settings instead of the actual settings

-e Edits the main.cf config file
-n Prints all parameter settings that are not at their default values
-v Enables verbose logging for debugging

For example, if you want to set the mynetworks option, you could do the following:

# postconf –e mynetworks=”127.0.0.1 /8 172.168.1.0 /24”

Verify the change with the following command:

# postconf –n | grep mynet
mynetworks = 127.0.0.0/8 172.168.1.0/24

Task 3: Securing Email servicer ( Postfix) with Iptables

For Postfix, only a single firewall rule is required. You need to open TCP port 25  for the SMTP service.

Step 1. Use the iptables command to create your firewall rule:

# iptables -I INPUT 5 -p tcp -m tcp –dport 25 -j ACCEPT

Step 2. Save the rule you just created:

# service iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]

Step 3. Restart the firewall service for the changes to take effect:

# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]

Postfix is one of those rare Linux services that doesn’t really have much in terms of SELinux configuration. There is a single Boolean option that is already enabled by default.

Verify that protection to mailboxes is disabled:

# getsebool -a | grep postfix
allow_postfix_local_write_mail_spool –> on

Task 4: Alias Mapping in Postfix

Postfix is able to use aliases for managing domains and users. The /etc/aliases file contains the current mappings and should be edited to reflect any changes required for your network.

Using the newaliases command, you can view the statistics of the file or update the aliases database. You can use the aliases file to create distribution groups or redirect mail to users who no longer exist in your domain.

For example, add the following line to the /etc/aliases file:

helpdesk: user01, user02

Then run the newaliases command to update the database:

# newaliases

Now when you email helpdesk@example.com, the message goes to both users.

Task 5: Receiving Email with Dovecot

Now that you can send mail, you also need to be able to receive it. Dovecot enables you to set up an incoming mail server that allows for multiple protocols to be used when accessing mail.

Step 1. Unlike you did with Postfix, you first need to set up Dovecot by installing the correct package:

# yum install -y dovecot

Step 2. Verify the installation:

# rpm -qa | grep dovecot
dovecot-2.0-0.10.beta6.20100630.el6.x86_64

Step 3. Enable the service to start on system boot:

# chkconfig dovecot on

Step 4. Verify the service will start at boot:

# chkconfig dovecot –list
dovecot 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Task 6 : Configuring Dovecot

Dovecot, unlike Postfix, has only a single config file that you need to configure. Like its partner Postfix, the Dovecot config file is long—more than 1,000+ lines. Although the entire file is not shown here, you need to configure a few key options.

Step 1. Start by opening the file for editing:

# nano /etc/dovecot/dovecot.conf

Step 2. Define the protocols that you’d like to have the Dovecot server use:

protocols = imap pop3

Step 3. You should also define the IP address for the server to listen on, disable SSL, and define where user mailboxes should be stored:

listen = 172.168.1.1
ssl_disable = yes
mail_location = maildir:~/Maildir

Step 4. Save the file and exit.

Normally, Dovecot attempts to find a mailbox for a user, but if one is not found, it runs into trouble, which is why you explicitly define the mail_location option. From these changes, you can also see that you
will listen using the IMAP and POP3 protocols. If necessary, you can use the secure versions of both protocols (including SSL).

The following protocols can be used with Dovecot:

IMAP TCP port 143
POP3 TCP port 110
IMAPS TCP port 995
POP3S TCP port 993
LMTP TCP port 24

As already mentioned, use only the first two protocols for this setup. This is all you really need to configure to get the Dovecot server working.

Step 5. Now start the Dovecot service:

# service dovecot start
Starting Dovecot Imap: [ OK ]

Step 6. Verify that it is running properly:

# service dovecot status
dovecot (pid 2909) is running…

Task  7 : Sucuring dovecaot services with iptables

Dovecot requires a little more on the security end than Postfix did, mainly because there are more protocols involved. First, you need to make sure to open only the firewall ports for the protocols you are actually using—in this case, 143 and 110.

Step 1. Use the iptables command to create your firewall rules:

# iptables -I INPUT 5 -p tcp -m tcp –dport 110 -j ACCEPT
# iptables -I INPUT 5 -p tcp -m tcp –dport 143 -j ACCEPT

Step 2. Save the rules you just created:

# service iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]

Step 3. Restart the firewall service for the changes to take effect:

# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]

When it comes to SELinux, the Dovecot service doesn’t have any SELinux protections; therefore, there is nothing required for you to configure.

How to Test Email Server Configuration ?

November 16, 2015

0 responses on "Configuring Email Services in Linux (RHEL5/6)"

Leave a Message

Why Unixadminschool.com?

These days, working as UNIX and Linux system administrator is just more than knowing about any single operating system or technology. Our training content is carefully designed to explain real world scenarios in easy and systematic manner, so that you don’t need to spend so much time to understand these concepts from different sources – like expert blogs, books and forums.
top
Visit Us On TwitterVisit Us On FacebookVisit Us On Google PlusVisit Us On YoutubeVisit Us On Linkedin