The Simple Mail Transfer Protocol (SMTP) is a communication protocol for electronic mail transmission. As an Internet standard, SMTP was first defined in 1982 by RFC 821, and updated in 2008 by RFC 5321 to Extended SMTP additions, which is the protocol variety in widespread use today. Mail servers and other message transfer agents use SMTP to send and receive mail messages. Proprietary systems such as Microsoft Exchange and IBM Notes and webmail systems such as Outlook.com, Gmail and Yahoo! Mail may use non-standard protocols internally, but all use SMTP when sending to or receiving email from outside their own systems. SMTP servers commonly use the Transmission Control Protocol on port number 25.
User-level email clients typically use SMTP only for sending messages to a mail server for relaying, typically submit outgoing email to the mail server on port 587 or 465 as per RFC 8314. For retrieving messages, IMAP and POP3 are standard.
Postfix has two functions:
Postfix is installed in the first installation of Linux. If not sure:
# yum install postfix
We want postfix to:
Go to the config directory.
# cd /etc/postfix/ # ll totaal 144 -rw-r--r--. 1 root root 19579 jan 7 2010 access -rw-r--r--. 1 root root 11681 mrt 27 2007 canonical -rw-r--r--. 1 root root 9904 mrt 27 2007 generic -rw-r--r--. 1 root root 18287 jan 24 2008 header_checks -rw-r--r--. 1 root root 28312 nov 7 13:44 main.cf -rw-r--r--. 1 root root 5342 nov 7 13:33 master.cf -rw-r--r--. 1 root root 6816 mrt 27 2007 relocated drwxr-xr-x. 2 root root 4096 sep 25 2017 ssl -rw-r--r--. 1 root root 12500 dec 22 2008 transport -rw-r--r--. 1 root root 12494 mrt 27 2007 virtual
We can see that there are multiple files. The ssl directory can be removed. For secure mode we use a central directory (/etc/pki/tls/....).
You can list defaultsettings by # postconf -d.
The remarks are removed for readability.
queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix mail_owner = postfix myhostname = server4.example.com mydomain = example.com myorigin = $mydomain inet_interfaces = all inet_protocols = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain unknown_local_recipient_reject_code = 550 mynetworks = 127.0.0.0/8, [::1]/128 relay_domains = $mydestination relayhost = alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases recipient_delimiter = + home_mailbox = .maildir/ smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) debug_peer_level = 1 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.10.1/samples readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES # SASL smtpd_sasl_type = cyrus smtpd_sasl_auth_enable = yes smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_helo_required = yes # TLS configuration starts here. tls_random_source = dev:/dev/urandom # SMTP from your server to others. smtp_use_tls = yes smtp_tls_security_level = may smtp_tls_mandatory_ciphers = medium smtp_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1 smtp_tls_protocols=!SSLv2,!SSLv3,!TLSv1 smtp_tls_loglevel = 1 smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache # SMTP from other servers and clients to yours. smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_tls_key_file = /etc/pki/tls/private/example.com.key smtpd_tls_cert_file = /etc/pki/tls/certs/example.com.crt smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3, !TLSv1 smtpd_tls_protocols=!SSLv2,!SSLv3, !TLSv1 smtpd_tls_loglevel = 1 smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
Postfix master process configuration file. For details on the format of the file, see the master(5) manual page (command: "man 5 master").
Do not forget to execute "postfix reload" after editing this file.
# ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_wrappermode=yes # -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes # -o milter_macro_daemon_name=ORIGINATING relay unix - - n - - smtp -o smtp_fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
# systemctl start postfix # systemctl enable postfix
# postfix check # systemctl status postfix
# firewall-cmd --permanent --add-port=25/tcp # firewall-cmd --permanent --add-port=465/tcp # firewall-cmd --permanent --add-port=587/tcp # firewall-cmd --reload
Before you can test the login you must put a # before smtpd_tls_auth_only = yes and restart postfix.
The username is test and password is test1234, change it for existing one.
# perl -MMIME::Base64 -e 'print encode_base64("\000test\000test1234");' AHRlc3QAdGVzdDEyMzQ= # telnet localhost 25 Trying ::1... Connected to localhost. Escape character is '^]'. 220 server1.example.com ESMTP Postfix (2.10.1) ehlo localhost 250-server1.robkalmeijer.nl 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN auth plain AHRlc3QAdGVzdDEyMzQ= 235 2.7.0 Authentication successful quit 221 2.0.0 Bye Connection closed by foreign host.
We now know that sasl functions. You can how remove the # before smtpd_tls_auth_only = yes and restart postfix if you want TLS only login.
Before you can test the login you must put smtpd_tls_auth_only = yes in the smtpd section and restart postfix.
# openssl s_client -connect smtp.example.com:25 -starttls smtp ........ Start Time: 1611510351 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- 250 DSN ehlo localhost 250-server1.example.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN auth plain AHRlc3QAdGVzdDEyMzQ= 235 2.7.0 Authentication successful quit 221 2.0.0 Bye Connection closed by foreign host.
# openssl s_client -connect smtp.example.com:465
Now we get the good stuff! We need at least these details to be able to send an e-mail:
You must always start with the MAIL FROM command, as this tells the SMTP server that a new mail transaction is started.
We follow that up by the recipient's address and finally the message subject and body. Both the subject header and body are passed via the DATA command. I also recommend to always include the From: header again in the DATA command.
Once we are ready to send our message, we end with a single dot (.) character. Here's how that looks if you put it all together:
MAIL FROM: from@example.com 250 Sender address accepted rcpt to: john@doe.com 250 Recipient address accepted DATA 354 Continue From: from@example.com Subject: Test message! Hi, This is a test message! Best, Steven . 250 Ok: queued as bazLUK4DEBqH25dH6iZuNg
# yum install mailx -y