Install Postfix 3 on Linux CentOS for sending e-mail over SMTP, SMTPS and STARTTLS A brief tutorial explaining how to install and configure Postfix 3 on a Linux CentOS 7.x machine to send e-mail using SMTP (TCP 25), SMTPS (TCP 465) and/or STARTTLS (TCP 587)

Install Postfix 3 on Linux CentOS for sending e-mail over SMTP, SMTPS and STARTTLS

Few days ago I wrote a post about how to install and configure sSMTP, a simple and free alternative to Postfix and Sendmail which can be used to send e-mail through external SMTP services hosted by providers such as GMail, Aruba, Yahoo and so on.

Although sSMTP is a great piece of software, those who prefer to setup the real deal will definitely benefit from this article, in which I’ll explain how to setup and configure Postfix 3 – the latest installment of the most efficient, secure and widely used mail server born as a (better) alternative to Sendmail.

Before proceeding, it’s important to emphasize the fact that this article will only explain how to send e-mail using an external SMTP service using Postfix, being it nothing more than 10% of what this awesome piece of software can actually do. If you need further info about Postfix and its features, I strongly suggest to take a look on the Postfix official documentation at postfix.org. Also, the instructions below will be ok for a CentOS / Fedora / RHEL Linux machine: although the tutorial will also work for any other distribution, Ubuntu and Debian users might have to slightly adapt some commands to their package managers.

Step 1: Check Postfix version

The first thing we should do is to check if Postfix is already installed within our system, and – in case it is – the installed version. This can easily be done by executing the following terminal command:

 

Regardless of how recent our CentOS version is, there’s an high chance that we’ll still have Postfix 2. Although such version can be good enough for most users, it has very limited capabilities when dealing with the deprecated SMTPS service, also known as SMTP over SSL (on TCP port 465). In short words, this basically means that – whenever we try to connect to a SMTP server using such protocol – it will most likely fail with the following error message in the   file:

CLIENT wrappermode (port smtps/465) is unimplemented
instead, send to (port submission/587) with STARTTLS

Unfortunately such issue is not easy to overcome with Postfix 2, as the whole 2.x version tree does not natively support SMTP on SSL through TCP port 465. Our only chance to make the connection work is to either use the TCP port 587 and use STARTTLS – which is natively supported – or to forward the connection through Stunnel or other tools that can perform SSL tunneling of some sort.

The whole issue is well-explained in this section of the Postfix documentation: additional info can be gathered from this page from the iRedMail documentation, which has little to do with Postfix but still offers a great historical insight on the SMTP protocols and ports since 1997.

Luckily enough, setting up a SSL tunnel is not the only option: we can also upgrade to Postfix 3, which features a built-in SMTPS support thanks to its new TLS Wrapper Mode feature.

Step 2: Uninstall Postfix 2 / Sendmail / sSMTP

The next thing we have to do is to ensure that there aren’t any other mail sending softwares configured within our server, unless we really want to keep Postfix 3 and one (or more) of them. In case we don’t, we can easily uninstall all of them with the following terminal commands:

Although performing a   is a required step for Postfix – assuming we want to install a newer version – we could also choose to    and    sSMTP and/or Sendmail instead of removing them. The only important thing to do here is to ensure that neither of them will be up and running, otherwise they will prevent our soon-to-be-installed Postfix 3 from working properly.

Step 3: Install Postfix 3

Now it’s the time to install Postfix 3. It’s package name is postfix3, however there’s a high chance that – if we just attempt a   – we’ll get something like this:

No package postfix3 available.

Unfortunately, the postfix3 package isn’t (yet) included in the default CentOS 7 repositories. In order to install it, we have to add a third-party repository – such as Ghettoforge‘s – to our repo list. Again, in case we’re not using CentOS, we can choose a different repo from the official Postfix Packages and Ports page.

To add the Ghettoforge repo to your YUM repository list, create a new   file using nano, vim or any other text editor and fill it with the following contents:

Before using that repo we’ll also have to download the RPM-GPG-KEY-gf.el7 file from the Ghettoforge Key Page and save it within our   folder.

As a matter of fact, we could also set   in the above file (both entries) and go ahead, without having to download anything… Although it’s definitely not recommended for obvious security reasons.

Once done, we’ll be able to issue the   terminal command and have Postfix 3.3.2 (at the time of writing) installed in few seconds. Don’t forget to also execute a    to ensure that the service will start upon each boot.

Step 4: Postfix 3 Setup

Now that Postfix 3 is installed on our system, we just have to configure it to have our e-mail messages sent through the external SMTP service. The configuration involves three files:

  • The   file, where we need to enable the smtps support.
  • The   file, which we have to create and fill it with the login credentials to connect to our external SMTP server(s).
  • The   file, where we’ll configure the service and tell it the SMTP service/account to use.

4.1: Enable SMTPS support

Open the     file and uncomment (or add) the following lines to enable the smtps support:

4.2: Setup Connection Info

Open the     file, or create it if it doesn’t exist yet, and add your external SMTP servers and their respective login credentials, one per line, using the following format:

The square brackets are not mandatory, they will just make the system skip the DNS probe to these servers.

Once done, open a terminal window and type the following command to encrypt the password file:

The command will encrypt the plain-text connection info settings into a new encrypted    file. Before going further, it could be wise – for security reasons – to restrict both files permissions in the following way:

4.3: Configure Postfix

It’s now time to open the    file and finalize the Postfix setup by adding / uncommenting the following parameters and configure them in the following way:

In case you have a public hostname you want to be shown in the Return-Path mail header, it wouldn’t hurt to also set the myhostname and mydomain parameters in the following way:

Step 5: Test run

We’re ready for a test run to check that everything is working properly.

Before doing that, be sure to restart the Postfix service and reload the configuration by issuing the following commands:

Once done, we can send a test e-mail to a real e-mail address under our own control in the following way:

Right after that, we can check our mailbox and ensure that the e-mail are being sent.

That’s about it: I sincerely hope that this tutorial will help other System Administrator who wish to install Postfix on their system!

 

 

 

 

 

 

 

 

RELATED POSTS

About Ryan

IT Project Manager, Web Interface Architect and Lead Developer for many high-traffic web sites & services hosted in Italy and Europe. Since 2010 it's also a lead designer for many App and games for Android, iOS and Windows Phone mobile devices for a number of italian companies.

View all posts by Ryan