How To Install Postfix on Rocky Linux 9
In this tutorial, we will show you how to install Postfix on Rocky Linux 9. In today’s digital age, having a reliable email server is crucial for both personal and corporate communication. Postfix, a powerful and flexible mail transfer agent (MTA), is widely used for its stability, security, and ease of configuration.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you the step-by-step installation of the Postfix open-source Mail Transfer Agent (MTA) on Rocky Linux 9 or RHEL-based.
Prerequisites
- A server running one of the following operating systems: Rocky Linux 9.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- An active internet connection. You’ll need an internet connection to download the necessary packages and dependencies for Postfix.
- A
non-root sudo useror access to theroot user. We recommend acting as anon-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Install Postfix on Rocky Linux 9
Step 1. The first step in any software installation process on a Linux system is to update the system packages. This is a crucial step as it ensures that you have the latest security patches and software updates, providing a secure environment for your new software. To update your system packages on Rocky Linux 9, you can use the following command:
sudo dnf update
Step 2. Setting up the Hostname and DNS Records.
To begin, set a proper hostname for your server. This helps identify your server on the network and is crucial for email delivery. Use the following command to set the hostname:
sudo hostnamectl set-hostname mail.idroot.us
Replace mail.idroot.us with your desired hostname.
Next, configure the DNS records for your domain. Create an A record pointing to your server’s IP address and an MX record pointing to your hostname. This ensures that emails addressed to your domain are correctly routed to your Postfix server.
Step 3. Configuring SELinux for Postfix.
SELinux is a security feature in Rocky Linux that enforces access controls. To allow Postfix to function correctly, you need to configure SELinux accordingly. Execute the following commands:
sudo semanage port -a -t smtp_port_t -p tcp 25 sudo semanage port -a -t smtp_port_t -p tcp 587 sudo semanage port -a -t smtpd_port_t -p tcp 465
These commands add the necessary port definitions for SMTP (25 and 587) and SMTPS (465) to SELinux.
Step 4. Installing Postfix on Rocky Linux 9.
With the system configuration in place, you can now proceed to install Postfix. Use the following command to install Postfix and its dependencies:
sudo dnf install postfix
Once the installation is complete, enable and start the Postfix service using the following commands:
sudo systemctl enable postfix sudo systemctl start postfix
These commands ensure that Postfix starts automatically on system boot and is currently running.
Step 5. Basic Postfix Configuration.
To configure Postfix, you need to edit its main configuration file located at /etc/postfix/main.cf. Open the file using a text editor of your choice, for example:
sudo nano /etc/postfix/main.cf
Modify the following lines in the configuration file:
myhostname = mail.idroot.us mydomain = idroot.us myorigin = $mydomain inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks = 192.168.1.0/24, 127.0.0.0/8 home_mailbox = Maildir/
Replace mail.idroot.us and idroot.us with your hostname and domain, respectively. Adjust the mynetworks line to include your server’s IP address range.
To configure Postfix to send emails, add the following lines at the end of the configuration file:
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
These settings enable TLS encryption for outgoing emails and configure logging for troubleshooting purposes.
Additionally, you can set mailbox and message size limits to prevent abuse and maintain server performance. Add the following lines to the configuration file:
mailbox_size_limit = 1073741824 message_size_limit = 10485760
The mailbox_size_limit sets the maximum size of a user’s mailbox (in bytes), while the message_size_limit sets the maximum size of a single email message (in bytes). Adjust these values according to your needs.
Save the changes and exit the text editor. Restart Postfix for the changes to take effect:
sudo systemctl restart postfix
Step 6. Securing Postfix with TLS.
To ensure secure email communication, it’s essential to configure Postfix to use TLS (Transport Layer Security) encryption. TLS encrypts the connection between the email client and the server, preventing eavesdropping and tampering.
To enable TLS, you need a digital certificate. You can either generate a self-signed certificate or obtain one from a trusted certificate authority (CA). For production environments, it’s recommended to use a certificate from a reputable CA.
To generate a self-signed certificate, use the following command:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/postfix/key.pem -out /etc/postfix/cert.pem
This command generates a self-signed certificate valid for 365 days. Provide the necessary information when prompted.
Next, edit the Postfix configuration file (/etc/postfix/main.cf) and add the following lines:
smtpd_tls_cert_file = /etc/postfix/cert.pem smtpd_tls_key_file = /etc/postfix/key.pem smtpd_tls_security_level = may smtpd_tls_loglevel = 1
These settings configure Postfix to use the generated certificate and enable TLS encryption for incoming connections.
Restart Postfix to apply the changes:
sudo systemctl restart postfix
Your Postfix server is now configured to use TLS encryption for secure email communication.
Step 7. Testing Postfix.
To verify that your Postfix installation is functioning correctly, send a test email using the mail command:
echo "This is a test email" | mail -s "Test Email" recipient@idroot.us
Replace recipient@idroot.us with a valid email address where you can receive the test email.
Check the mail log for any errors or warnings:
sudo tail -f /var/log/maillog
If the email is sent successfully and there are no errors in the log, your Postfix server is set up correctly.
Step 8. Configuring SMTP Authentication.
To enable SMTP authentication, which allows users to send emails using their email client, follow these steps:
sudo dnf install cyrus-sasl cyrus-sasl-plain
Edit the Postfix configuration file (/etc/postfix/main.cf) and add the following lines:
smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
Create a SASL password file to store user credentials:
sudo touch /etc/postfix/sasl_passwd sudo chmod 600 /etc/postfix/sasl_passwd
Add user credentials to the SASL password file:
user1@example.com:password1 user2@example.com:password2
Replace user1@example.com and user2@example.com with actual email addresses and their corresponding passwords.
Generate a SASL password database:
sudo postmap /etc/postfix/sasl_passwd
Restart Postfix:
sudo systemctl restart postfix
Congratulations! You have successfully installed Postfix. Thanks for using this tutorial for installing the Postfix open-source Mail Transfer Agent (MTA) on your Rocky Linux 9 system. For additional help or useful information, we recommend you check the official Postfix website.
