August 10, 2014

RHEL 6 Configure an MTA to Forward (Relay) Email Through a Smart Host.

Introduction

A relay mail server (MTA) is a intermediate server that forwards email to the final delivery mail server (MDA), i.e. writes message to default store /var/spool/mail/${USER}.

Remote Client --> Mail Transfer Agent, MTA (192.168.1.11) --> Mail Delivery Agent, MDA (192.168.1.12)

Configuration MTA

$ vi /etc/postfix/main.cf
...
myhostname = san.magnuskkarlsson.com
...
mydomain = magnuskkarlsson.com
...
myorigin = $mydomain
...
inet_interfaces = all
...
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
...
mynetworks = 192.168.1.0/28, 127.0.0.0/8
...
relayhost = 192.168.1.12

If you want MTA to ONLY transfer mail then set 'mydestination = '. With the above configuration the MTA will delivers local users email from remote client.

Restart service to let configuration take effects.

service postfix restart; chkconfig postfix on

Check that SMTP port 25 (TCP) is open in iptables. If you need to update the configuration, don't forget to restart iptables service.

$ vi /etc/sysconfig/iptables
...
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT 
...

Configuration MDA

$ vi /etc/postfix/main.cf
...
myhostname = rhel6.magnuskkarlsson.com
...
mydomain = magnuskkarlsson.com
...
myorigin = $mydomain
...
inet_interfaces = all
...
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
...
mynetworks = 192.168.1.0/28, 127.0.0.0/8
...
relayhost = 

Do not forget to restart postfix service after configuration changes.

Create ordinary unix user for test, via command adduser mail2.

Check iptables SMTP port 25 (tcp) is open. Update if needed and restart iptables service.

If SELinux is active (default), check that default SELinux boolean for postfix is on.

$ getenforce 
Enforcing

# getsebool -a | grep postfix
allow_postfix_local_write_mail_spool --> on

Test

Now we are ready to test by sending mail from a remote client.

$ telnet 192.168.1.11 25
Trying 192.168.1.11...
Connected to 192.168.1.11.
Escape character is '^]'.
220 san.magnuskkarlsson.com ESMTP Postfix
EHLO 192.168.1.11
250-san.magnuskkarlsson.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: foo@bar.com
250 2.1.0 Ok
RCPT TO: mail2@rhel6.magnuskkarlsson.com
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: hello 
sbj 
.
250 2.0.0 Ok: queued as 92E1040EB2
^]

telnet&gr; quit
Connection closed.

Now verify that mail was delivered on MDA (192.168.1.12).

$ cat /var/spool/mail/mail2 
...
From foo@bar.com  Sun Aug 10 01:18:34 2014
Return-Path: <foo@bar.com>
X-Original-To: mail2@rhel6.magnuskkarlsson.com
Delivered-To: mail2@rhel6.magnuskkarlsson.com
Received: from san.magnuskkarlsson.com (unknown [192.168.1.11])
 by rhel6.magnuskkarlsson.com (Postfix) with ESMTP id 2ADC210CB
 for <mail2@rhel6.magnuskkarlsson.com>; Sun, 10 Aug 2014 01:18:34 +0200 (CEST)
Received: from 192.168.1.11 (unknown [192.168.1.122])
 by san.magnuskkarlsson.com (Postfix) with ESMTP id 92E1040EB2
 for <mail2@rhel6.magnuskkarlsson.com>; Sun, 10 Aug 2014 19:01:59 +0200 (CEST)
Subject: hello 

sbj 

No comments: