Install Postfix 3 on Linux CentOS for sending e-mail over SMTP, SMTPS and STARTTLS A brief tutorial explaining how to install and configure Postfix 3 on a Linux CentOS 7.x machine to send e-mail using SMTP (TCP 25), SMTPS (TCP 465) and/or STARTTLS (TCP 587)

Install Postfix 3 on Linux CentOS for sending e-mail over SMTP, SMTPS and STARTTLS

Few days ago I wrote a post about how to install and configure sSMTP, a simple and free alternative to Postfix and Sendmail which can be used to send e-mail through external SMTP services hosted by providers such as GMail, Aruba, Yahoo and so on.

Although sSMTP is a great piece of software, those who prefer to setup the real deal will definitely benefit from this article, in which I'll explain how to setup and configure Postfix 3 - the latest installment of the most efficient, secure and widely used mail server born as a (better) alternative to Sendmail.

Before proceeding, it's important to emphasize the fact that this article will only explain how to send e-mail using an external SMTP service using Postfix, being it nothing more than 10% of what this awesome piece of software can actually do. If you need further info about Postfix and its features, I strongly suggest to take a look on the Postfix official documentation at postfix.org. Also, the instructions below will be ok for a CentOS / Fedora / RHEL Linux machine: although the tutorial will also work for any other distribution, Ubuntu and Debian users might have to slightly adapt some commands to their package managers.

Step 1: Check Postfix version

The first thing we should do is to check if Postfix is already installed within our system, and - in case it is - the installed version. This can easily be done by executing the following terminal command:

 

Regardless of how recent our CentOS version is, there's an high chance that we'll still have Postfix 2. Although such version can be good enough for most users, it has very limited capabilities when dealing with the deprecated SMTPS service, also known as SMTP over SSL (on TCP port 465). In short words, this basically means that - whenever we try to connect to a SMTP server using such protocol - it will most likely fail with the following error message in the /var/log/maillog  file:

CLIENT wrappermode (port smtps/465) is unimplemented
instead, send to (port submission/587) with STARTTLS

Unfortunately such issue is not easy to overcome with Postfix 2, as the whole 2.x version tree does not natively support SMTP on SSL through TCP port 465. Our only chance to make the connection work is to either use the TCP port 587 and use STARTTLS - which is natively supported - or to forward the connection through Stunnel or other tools that can perform SSL tunneling of some sort.

The whole issue is well-explained in this section of the Postfix documentation: additional info can be gathered from this page from the iRedMail documentation, which has little to do with Postfix but still offers a great historical insight on the SMTP protocols and ports since 1997.

Luckily enough, setting up a SSL tunnel is not the only option: we can also upgrade to Postfix 3, which features a built-in SMTPS support thanks to its new TLS Wrapper Mode feature.

Step 2: Uninstall Postfix 2 / Sendmail / sSMTP

The next thing we have to do is to ensure that there aren't any other mail sending softwares configured within our server, unless we really want to keep Postfix 3 and one (or more) of them. In case we don't, we can easily uninstall all of them with the following terminal commands:

Although performing a yum remove  is a required step for Postfix - assuming we want to install a newer version - we could also choose to  systemctl disable  and  systemctl stop  sSMTP and/or Sendmail instead of removing them. The only important thing to do here is to ensure that neither of them will be up and running, otherwise they will prevent our soon-to-be-installed Postfix 3 from working properly.

Step 3: Install Postfix 3

Now it's the time to install Postfix 3. It's package name is postfix3, however there's a high chance that - if we just attempt a sudo yum install postfix3  - we'll get something like this:

No package postfix3 available.

Unfortunately, the postfix3 package isn't (yet) included in the default CentOS 7 repositories. In order to install it, we have to add a third-party repository - such as Ghettoforge's - to our repo list. Again, in case we're not using CentOS, we can choose a different repo from the official Postfix Packages and Ports page.

To add the Ghettoforge repo to your YUM repository list, create a new /etc/yum.repos.d/gf.repo  file using nano, vim or any other text editor and fill it with the following contents:

Before using that repo we'll also have to download the RPM-GPG-KEY-gf.el7 file from the Ghettoforge Key Page and save it within our /etc/pki/rpm-gpg/  folder.

As a matter of fact, we could also set gpgcheck=0  in the above file (both entries) and go ahead, without having to download anything... Although it's definitely not recommended for obvious security reasons.

Once done, we'll be able to issue the sudo yum install postfix3  terminal command and have Postfix 3.3.2 (at the time of writing) installed in few seconds. Don't forget to also execute a  sudo yum enable postfix  to ensure that the service will start upon each boot.

Step 4: Postfix 3 Setup

Now that Postfix 3 is installed on our system, we just have to configure it to have our e-mail messages sent through the external SMTP service. The configuration involves three files:

  • The /etc/postfix/master.cf  file, where we need to enable the smtps support.
  • The /etc/postfix/sasl_passwd  file, which we have to create and fill it with the login credentials to connect to our external SMTP server(s).
  • The /etc/postfix/main.cf  file, where we'll configure the service and tell it the SMTP service/account to use.

4.1: Enable SMTPS support

Open the   /etc/postfix/master.cf  file and uncomment (or add) the following lines to enable the smtps support:

4.2: Setup Connection Info

Open the   /etc/postfix/sasl_passwd  file, or create it if it doesn't exist yet, and add your external SMTP servers and their respective login credentials, one per line, using the following format:

The square brackets are not mandatory, they will just make the system skip the DNS probe to these servers.

Once done, open a terminal window and type the following command to encrypt the password file:

The command will encrypt the plain-text connection info settings into a new encrypted  /etc/postfix/sasl_passwd.db  file. Before going further, it could be wise - for security reasons - to restrict both files permissions in the following way:

4.3: Configure Postfix

It's now time to open the /etc/postfix/main.cf   file and finalize the Postfix setup by adding / uncommenting the following parameters and configure them in the following way:

In case you have a public hostname you want to be shown in the Return-Path mail header, it wouldn't hurt to also set the myhostname and mydomain parameters in the following way:

Step 5: Test run

We're ready for a test run to check that everything is working properly.

Before doing that, be sure to restart the Postfix service and reload the configuration by issuing the following commands:

Once done, we can send a test e-mail to a real e-mail address under our own control in the following way:

Right after that, we can check our mailbox and ensure that the e-mail are being sent.

Troubleshooting

In case you don't receive the e-mail, the best thing you can do is to check the postfix log file at the following path:

And see what is going wrong. For example, if you find something like this:

It probably means that you configured your postfix to use a myhostname and/or mydomain value that matches the domain part of target's e-mail, thus making it look for a local target user instead of relying the e-mail remotely. To fix that, replace these values or add a relay fallback that will tell postfix what to do if there are no local users matching that name:

Right after that, restart postfix.

Conclusion

That's about it: I sincerely hope that this tutorial will help other System Administrator who wish to install Postfix on their system!

 

 

 

 

 

 

 

 

About Ryan

IT Project Manager, Web Interface Architect and Lead Developer for many high-traffic web sites & services hosted in Italy and Europe. Since 2010 it's also a lead designer for many App and games for Android, iOS and Windows Phone mobile devices for a number of italian companies. Microsoft MVP for Development Technologies since 2018.

View all posts by Ryan

5 Comments on “Install Postfix 3 on Linux CentOS for sending e-mail over SMTP, SMTPS and STARTTLS A brief tutorial explaining how to install and configure Postfix 3 on a Linux CentOS 7.x machine to send e-mail using SMTP (TCP 25), SMTPS (TCP 465) and/or STARTTLS (TCP 587)

  1. Hello

    This is what you say: “terminal command and have Postfix 3.3.2” , but in real is 3.2.4-1.gf.el7

    Thanks,
    Gabriel

  2. Pingback: sSMTP: a Postfix Sendmail alternative for Linux CentOS
  3. There is no need to manually create the gf.repo file, just install the gf-release package as shown at http://ghettoforge.org/index.php/Usage#How_can_I_use_the_packages_produced_by_this_project.3F

    Attempting to remove the old postfix package may cause a number of dependencies to be removed as well. Better to use yum shell or yum swap to replace the MTA instead of remove and then install the new one, then the dependencies will remain in place. Instructions for using yum shell are at http://ghettoforge.org/index.php/Postfix3#Instructions_for_replacing_the_EL_stock_postfix_packages_with_the_postfix3_packages_in_GhettoForge

    Enabling smtps (which BTW is now called “submissions”) is pointless unless you generate and assign a TLS certificate to your server. You can also or alternatively enable the submission port.

    You’re telling everyone to use your relayhost? Are you going to provide everyone with your username and password to connect to the relayhost as well or is it an open relay? I would think that using a relayhost would be beyond the scope of this tutorial, but if wanted would be better included in it’s own sub-section.

    The Return-Path is set from the envelope sender which in turn is set by the MUA, except for your test where you’re using the sendmail binary and not supplying an envelope sender in which case postfix has to supply one for you.

    There’s no reason to issue a postfix reload after restarting the service, it’s redundant.

    Using fallback_transport to fix a broken configuration is … wrong. Fix your broken configuration instead. It probably has something to do with your relayhost setting.

    I’m sure there are other issues as well.

  4. Pingback: Server Bug Fix: Dependency Error Installing Postfix 3 on Centos 6 - TECHPRPR

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.

This site uses Akismet to reduce spam. Learn how your comment data is processed.