How to Configure a Local SMTP Relay on Fedora with Postfix: A Step-by-Step Guide
Automating system notifications or enabling your web applications to send email is a common requirement for server administration. While using a third-party email service is an option, setting up your own lightweight, send-only SMTP server offers greater control and can be more reliable for internal tasks. This configuration prevents your server from becoming an open relay, as it will only send emails originating from the server itself and will not receive external mail.
Using Postfix, a powerful and popular Mail Transfer Agent (MTA), you can create a secure and efficient local SMTP relay. This guide will walk you through setting up a send-only Postfix server on Fedora, a process that is also applicable to other RHEL-based systems like CentOS and AlmaLinux.
Why Set Up a Send-Only SMTP Server?
A send-only SMTP server, also known as a “null client,” is designed for one purpose: sending mail. It’s the perfect solution for:
- System Alerts: Sending notifications from cron jobs, scripts, or system monitoring tools.
- Web Application Emails: Handling transactional emails from platforms like WordPress, Magento, or custom applications running on the server.
- Enhanced Security: By not listening for or accepting incoming mail, you significantly reduce your server’s attack surface.
Prerequisites
Before you begin, ensure you have the following:
- A server running a recent version of Fedora (or a similar RHEL-based distribution).
- Root or
sudouser privileges. - A Fully Qualified Domain Name (FQDN) pointed at your server’s IP address. For example,
mail.yourdomain.com.
Step 1: Install Postfix
First, you need to install the Postfix package. If another MTA like Sendmail is already installed, Postfix will prompt you to replace it.
Open your terminal and run the following command:
sudo dnf install postfix
This command will download and install Postfix and its necessary dependencies.
Step 2: Configure Postfix for Send-Only Operation
The core of this setup lies in the Postfix configuration file, located at /etc/postfix/main.cf. This file controls every aspect of how Postfix behaves.
Before making changes, it’s always a good practice to back up the original configuration file:
sudo cp /etc/postfix/main.cf /etc/postfix/main.cf.bak
Now, open the main configuration file with your preferred text editor, such as nano or vim:
sudo nano /etc/postfix/main.cf
You will need to modify or confirm the following parameters. These settings are crucial for creating a secure, send-only server.
Set
myhostname: This parameter should be set to your server’s FQDN. Postfix uses this to identify itself when communicating with other mail servers.myhostname = mail.yourdomain.comConfigure
inet_interfaces: This is the most important setting for a send-only server. By setting it toloopback-only, you are telling Postfix to only listen for connections on the local machine (localhost). This prevents it from accepting connections from the public internet.inet_interfaces = loopback-onlyDefine
mydestination: This parameter specifies which domains Postfix will consider as local. For a send-only setup, you want to limit this to prevent Postfix from trying to deliver mail locally. Setting it to the hostname and localhost is sufficient.mydestination = $myhostname, localhost.$mydomain, localhostKeep
mynetworks_stylesimple: For this configuration, settingmynetworks_styletohostis the simplest approach, as it automatically trusts connections from the local machine.
ini
mynetworks_style = host
Save the file and exit your text editor. Your server is now configured to only send mail that originates from itself.
Step 3: Start and Enable the Postfix Service
With the configuration complete, the next step is to start the Postfix service and enable it to launch automatically at boot.
Use the following systemctl commands:
sudo systemctl start postfix
sudo systemctl enable postfix
You can verify that the service is running correctly with:
sudo systemctl status postfix
Step 4: Test Your Send-Only SMTP Server
Now it’s time to test if your configuration works. You can send a test email from the command line using the mail command. If it’s not installed, you can add it by installing the s-nail package.
sudo dnf install s-nail
Once installed, send a test email by running the command below. Replace [email protected] with a real email address you have access to.
echo "This is the body of the test email from Postfix." | mail -s "Postfix Test Email" [email protected]
Check the inbox (and the spam folder) of the recipient email address. If the email arrives, your send-only SMTP server is working correctly!
If you encounter issues, the best place to troubleshoot is the mail log. You can monitor it in real-time with this command:
sudo tail -f /var/log/maillog
This log file will provide detailed information on mail delivery attempts and any errors that occur.
Final Security and Deliverability Tips
While the loopback-only configuration is the primary security measure, here are a few more tips to ensure your server is secure and your emails are delivered successfully:
- Firewall Rules: Ensure your server’s firewall (like
firewalld) is configured to block incoming connections on port 25. This provides an extra layer of security, making sure no external systems can try to connect to your Postfix service. - Set Up SPF and DKIM Records: To improve email deliverability and prevent your server’s emails from being marked as spam, you should create SPF and DKIM records for your domain. An SPF (Sender Policy Framework) record tells receiving mail servers that your server is authorized to send email on behalf of your domain. DKIM (DomainKeys Identified Mail) adds a digital signature to your emails, further verifying their authenticity.
By following these steps, you have successfully deployed a secure and reliable send-only SMTP server using Postfix, giving you full control over your server’s email sending capabilities.
Source: https://kifarunix.com/configure-postfix-as-send-only-smtp-server-on-fedora-29/
