Tutorial on using forwarding server to handle mail communication on Linux system

Time:2022-5-10

When you start and run the application server, you need a good mail server to deliver mail for you. I have opened postfix mail service for all my servers. Here are my common configurations.
Installing postfix on CentOS 6

   

Copy code

The code is as follows:

yum install postfix

Sendmail is installed by default, so it’s best to stop and remove it.

   

Copy code

The code is as follows:

service sendmail stop
yum remove sendmail

Postfix contains two configuration files, main CF and master CF, for the basic configuration, you need to modify main cf。 At the same time, postfix can define parameters like shell variables and call them through $. These parameters do not need to be defined before use. Postfix will query a parameter only when needed during operation.
Configure Postfix

   

Copy code

The code is as follows:

vim /etc/postfix/main.cf

Remove the comments on the following lines

   

Copy code

The code is as follows:

#Your host name
myhostname = yourhostname.com

#Your email domain
myorigin = $myhostname

#Specify the network interface for receiving mail. Localhost is specified here because we are only used to accept local program delivery
inet_interfaces = localhost

#Specify the protocol used. You can use “all” to increase IPv6 support
inet_protocols = ipv4

#Specify the accepted mail domain
mydestination = $myhostname, localhost.$mydomain, localhost

#Forward only messages from the local host, not the host’s network
mynetworks_style = host

postfix start

   

Copy code

The code is as follows:

service postfix start

These basic postfix configurations allow your machine to send mail, which you can verify by sending mail and checking the “maillog” log file.

   

Copy code

The code is as follows:

echo test mail | mail -s “test” [email protected] && sudo tail -f /var/log/maillog

#The output log is similar to the following
Aug 25 14:16:21 vps postfix/smtp[32622]: E6A372DC065D: to=, relay=smtp.mailserver.org[50.56.21.176], delay=0.8, delays=0.1/0/0.43/0.27, dsn=2.0.0, status=sent (250 Great success)
Aug 25 14:16:21 vps postfix/qmgr[5355]: E6A372DC065D: removed

However, the above configuration is not enough, because the mail service will be crowded with spam most of the time. You need to add SPF, PTR and dkim records. Even so, your email may still be delivered as spam because your IP address is blacklisted, most of the time because your VPS has been previously hacked.

Another option, or better, is to use email services provided by third-party email providers, such as Gmail, or even mailgun. I use mailgun because they provide 10000 free emails a month, while Gmail provides about 100 emails a day.

In “/ etc / postfix / main. CF”, you need to add “SMTP. Mailgun. Com” as your “forwarding host” and enable “SASL” authentication, so that postfix can connect and authenticate to the remote mailgun server.

Add or remove comments from the following lines.

   

Copy code

The code is as follows:

relayhost = [smtp.mailgun.org]
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps=static:your_username:your_password
smtp_sasl_security_options=noanonymous

Postfix itself will not implement “SASL” authentication, so you need to install “Cyrus SASL plain”.

   

Copy code

The code is as follows:

sudo yum install cyrus-sasl-plain

If you do not install this package, you will receive the error message “SASL authentication failed; cannot authenticate to server smtp.mailgun.org [50.56.21.176]: no mechanism available”

Restart Postfix

   

Copy code

The code is as follows:

sudo service postfix restart

Secure postfix with TLS

Postfix supports TLS, which is the successor of SSL and allows you to encrypt data using key based authentication. I recommend you readhttp://www.postfix.org/TLS_README.htmlTo see how TLS works with postfix.

To use TLS, you need to generate a private key and a certificate issued by a certificate authority. In this example, I will use a self issued certificate.

   

Copy code

The code is as follows:

sudo yum install mod_ssl openssl
#Generate private key
openssl genrsa -out smtp.key 2048

#Generate CSR
openssl req -new -key smtp.key -out smtp.csr

#Generate self signed keys
openssl x509 -req -days 365 -in smtp.csr -signkey smtp.key -out smtp.crt

#Copy the file to the correct location
cp smtp.crt /etc/pki/tls/certs
cp smtp.key /etc/pki/tls/private/smtp.key
cp smtp.csr /etc/pki/tls/private/smtp.csr

Open the postfix configuration file and add the following parameters.

   

Copy code

The code is as follows:

sudo vim /etc/postfix/main.cf

smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes

smtpd_tls_key_file = /etc/pki/tls/private/smtp.key
smtpd_tls_cert_file = /etc/pki/tls/certs
smtp_tls_CAfile = /etc/ssl/certs/ca.crt
smtp_tls_loglevel = 1

The security level “may” means declaring support for starttls on a remote SMTP client, but the client does not need to use encryption. I use “may” here according to the mailgun document prompt, but if you want to force TLS encryption, you can use “Encrypt”.

   

Copy code

The code is as follows:

service postfix restart
#Send a test email
echo test mail | mail -s “test” [email protected] && sudo tail -f /var/log/maillog

You should see the following information

   

Copy code

The code is as follows:

Aug 21 00:00:06 vps postfix/smtp[4997]: setting up TLS connection to smtp.mailgun.org[50.56.21.176]:587
Aug 21 00:00:06 vps postfix/smtp[4997]: Trusted TLS connection established to smtp.mailgun.org[50.56.21.176]:587: TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)

If everything is normal, you can comment out the following parameters.

Copy code

The code is as follows:

“smtp_tls_loglevel = 1”