The Simple Mail Transfer Protocol (SMTP) is a communication protocol for electronic mail transmission. As an Internet standard, SMTP was first defined in 1982 by RFC 821, and updated in 2008 by RFC 5321 to Extended SMTP additions, which is the protocol variety in widespread use today. Mail servers and other message transfer agents use SMTP to send and receive mail messages. Proprietary systems such as Microsoft Exchange and IBM Notes and webmail systems such as Outlook.com, Gmail and Yahoo! Mail may use non-standard protocols internally, but all use SMTP when sending to or receiving email from outside their own systems. SMTP servers commonly use the Transmission Control Protocol on port number 25.
User-level email clients typically use SMTP only for sending messages to a mail server for relaying, typically submit outgoing email to the mail server on port 587 or 465 as per RFC 8314. For retrieving messages, IMAP and POP3 are standard.
Postfix has two functions:
Postfix is installed in the first installation of Linux. If not sure:
# yum install postfix
We want postfix to:
Go to the config directory.
# cd /etc/postfix/ # ll totaal 144 -rw-r--r--. 1 root root 19579 jan 7 2010 access -rw-r--r--. 1 root root 11681 mrt 27 2007 canonical -rw-r--r--. 1 root root 9904 mrt 27 2007 generic -rw-r--r--. 1 root root 18287 jan 24 2008 header_checks -rw-r--r--. 1 root root 28312 nov 7 13:44 main.cf -rw-r--r--. 1 root root 5342 nov 7 13:33 master.cf -rw-r--r--. 1 root root 6816 mrt 27 2007 relocated drwxr-xr-x. 2 root root 4096 sep 25 2017 ssl -rw-r--r--. 1 root root 12500 dec 22 2008 transport -rw-r--r--. 1 root root 12494 mrt 27 2007 virtual
We can see that there are multiple files. The ssl directory can be removed. For secure mode we use a central directory (/etc/pki/tls/....).
You can list defaultsettings by # postconf -d.
The remarks are removed for readability.
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = server4.example.com
mydomain = example.com
myorigin = $mydomain
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8, [::1]/128
relay_domains = $mydestination
relayhost =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
recipient_delimiter = +
home_mailbox = .maildir/
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
debug_peer_level = 1
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
# SASL
smtpd_sasl_type = cyrus
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_helo_required = yes
# TLS configuration starts here.
tls_random_source = dev:/dev/urandom
# SMTP from your server to others.
smtp_use_tls = yes
smtp_tls_security_level = may
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1
smtp_tls_protocols=!SSLv2,!SSLv3,!TLSv1
smtp_tls_loglevel = 1
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
# SMTP from other servers and clients to yours.
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_key_file = /etc/pki/tls/private/example.com.key
smtpd_tls_cert_file = /etc/pki/tls/certs/example.com.crt
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3, !TLSv1
smtpd_tls_protocols=!SSLv2,!SSLv3, !TLSv1
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
Postfix master process configuration file. For details on the format of the file, see the master(5) manual page (command: "man 5 master").
Do not forget to execute "postfix reload" after editing this file.
# ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_wrappermode=yes # -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes # -o milter_macro_daemon_name=ORIGINATING relay unix - - n - - smtp -o smtp_fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
# systemctl start postfix # systemctl enable postfix
# postfix check # systemctl status postfix
# firewall-cmd --permanent --add-port=25/tcp # firewall-cmd --permanent --add-port=465/tcp # firewall-cmd --permanent --add-port=587/tcp # firewall-cmd --reload
Before you can test the login you must put a # before smtpd_tls_auth_only = yes and restart postfix.
The username is test and password is test1234, change it for existing one.
# perl -MMIME::Base64 -e 'print encode_base64("\000test\000test1234");'
AHRlc3QAdGVzdDEyMzQ=
# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 server1.example.com ESMTP Postfix (2.10.1)
ehlo localhost
250-server1.robkalmeijer.nl
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth plain AHRlc3QAdGVzdDEyMzQ=
235 2.7.0 Authentication successful
quit
221 2.0.0 Bye
Connection closed by foreign host.
We now know that sasl functions. You can how remove the # before smtpd_tls_auth_only = yes and restart postfix if you want TLS only login.
Before you can test the login you must put smtpd_tls_auth_only = yes in the smtpd section and restart postfix.
# openssl s_client -connect smtp.example.com:25 -starttls smtp
........
Start Time: 1611510351
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
250 DSN
ehlo localhost
250-server1.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth plain AHRlc3QAdGVzdDEyMzQ=
235 2.7.0 Authentication successful
quit
221 2.0.0 Bye
Connection closed by foreign host.
# openssl s_client -connect smtp.example.com:465
Now we get the good stuff! We need at least these details to be able to send an e-mail:
You must always start with the MAIL FROM command, as this tells the SMTP server that a new mail transaction is started.
We follow that up by the recipient's address and finally the message subject and body. Both the subject header and body are passed via the DATA command. I also recommend to always include the From: header again in the DATA command.
Once we are ready to send our message, we end with a single dot (.) character. Here's how that looks if you put it all together:
MAIL FROM: from@example.com 250 Sender address accepted rcpt to: john@doe.com 250 Recipient address accepted DATA 354 Continue From: from@example.com Subject: Test message! Hi, This is a test message! Best, Steven . 250 Ok: queued as bazLUK4DEBqH25dH6iZuNg
# yum install mailx -y