For some internal DMK (https://www.dbi-services.com/fr/produits/dmk-management-kit/) development I had to configure a SMTP relay on my VM. Purpose of the SMTP relay is to send the email locally from DMK without any authentication. This Email will be transferred to the SMTP server created by one of my colleague on our AWS Cloud. This SMTP server is of course using authentication. To do so I have been installing and configuring postfix. Through this blog, I have just wanted to share my experience on this installation, hoping it might help someone.
Installation of postfix
My lab is running Oracle Linux Server release 8.6.
[root@srv-ol8-ora ~]# cat /etc/oracle-release Oracle Linux Server release 8.6
I have no postfix currently installed on my VM.
[root@srv-ol8-ora ~]# rpm -qa | grep postfix
I installed it.
[root@srv-ol8-ora ~]# dnf install -y postfix Last metadata expiration check: 0:09:18 ago on Mon 23 Jan 2023 09:13:46 AM CET. Dependencies resolved. ============================================================================================================================================================================================================================== Package Architecture Version Repository Size ============================================================================================================================================================================================================================== Installing: postfix x86_64 2:3.5.8-4.el8 ol8_baseos_latest 1.5 M Installing dependencies: libicu x86_64 60.3-2.el8_1 ol8_baseos_latest 8.8 M Transaction Summary ============================================================================================================================================================================================================================== Install 2 Packages Total download size: 10 M Installed size: 36 M Downloading Packages: (1/2): postfix-3.5.8-4.el8.x86_64.rpm 15 MB/s | 1.5 MB 00:00 (2/2): libicu-60.3-2.el8_1.x86_64.rpm 33 MB/s | 8.8 MB 00:00 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Total 38 MB/s | 10 MB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libicu-60.3-2.el8_1.x86_64 1/2 Running scriptlet: libicu-60.3-2.el8_1.x86_64 1/2 Running scriptlet: postfix-2:3.5.8-4.el8.x86_64 2/2 Installing : postfix-2:3.5.8-4.el8.x86_64 2/2 Running scriptlet: postfix-2:3.5.8-4.el8.x86_64 2/2 Verifying : libicu-60.3-2.el8_1.x86_64 1/2 Verifying : postfix-2:3.5.8-4.el8.x86_64 2/2 Installed: libicu-60.3-2.el8_1.x86_64 postfix-2:3.5.8-4.el8.x86_64 Complete!
The appropriate package has been installed.
[root@srv-ol8-ora ~]# rpm -qa | grep postfix postfix-3.5.8-4.el8.x86_64
Firewall configuration
If running a local firewall, this one needs to be configured to allow SMTP traffic.
[root@srv-ol8-ora ~]# firewall-cmd --zone=public --add-service=smtp --permanent success [root@srv-ol8-ora ~]# firewall-cmd --reload success
Or if the firewall is not needed, which is the case on my side, I have simply deactivated it.
[root@srv-ol8-ora postfix]# systemctl stop firewalld [root@srv-ol8-ora postfix]# systemctl disable firewalld Removed /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Remove sendmail
If installed, sendmail should be removed as per oracle documentation : https://docs.oracle.com/en/learn/oracle-linux-postfix/#introduction
On my lab VM, sendmail is not installed.
[root@srv-ol8-ora ~]# rpm -qa | grep sendmail
Set Postfix as the default Mail Transfer Agent
[root@srv-ol8-ora ~]# alternatives --set mta /usr/sbin/sendmail.postfix
Enable and start the Postfix service
[root@srv-ol8-ora ~]# systemctl enable --now postfix Created symlink /etc/systemd/system/multi-user.target.wants/postfix.service → /usr/lib/systemd/system/postfix.service.
Install SASL
SASL (Simple Authentication and Security Layer) is mandatory to be used in the Postfix SMTP client.
We need both following packages : cyrus-sasl cyrus-sasl-plain. I checked which cyrus packages are already installed and available.
[root@srv-ol8-ora postfix]# dnf list cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain Last metadata expiration check: 1:59:10 ago on Mon 23 Jan 2023 09:13:46 AM CET. Installed Packages cyrus-sasl-lib.x86_64 2.1.27-6.el8_5 @ol8_baseos_latest Available Packages cyrus-sasl.i686 2.1.27-6.el8_5 ol8_baseos_latest cyrus-sasl.src 2.1.27-6.el8_5 ol8_baseos_latest cyrus-sasl.src 2.1.27-6.el8_5 ol8_appstream cyrus-sasl.x86_64 2.1.27-6.el8_5 ol8_baseos_latest cyrus-sasl-lib.i686 2.1.27-6.el8_5 ol8_baseos_latest cyrus-sasl-plain.i686 2.1.27-6.el8_5 ol8_baseos_latest cyrus-sasl-plain.x86_64 2.1.27-6.el8_5
I have installed both needed packages.
[root@srv-ol8-ora postfix]# dnf install cyrus-sasl cyrus-sasl-plain Last metadata expiration check: 1:59:36 ago on Mon 23 Jan 2023 09:13:46 AM CET. Dependencies resolved. ============================================================================================================================================================================================================================== Package Architecture Version Repository Size ============================================================================================================================================================================================================================== Installing: cyrus-sasl x86_64 2.1.27-6.el8_5 ol8_baseos_latest 96 k cyrus-sasl-plain x86_64 2.1.27-6.el8_5 ol8_baseos_latest 47 k Transaction Summary ============================================================================================================================================================================================================================== Install 2 Packages Total download size: 144 k Installed size: 194 k Is this ok [y/N]: y Downloading Packages: (1/2): cyrus-sasl-plain-2.1.27-6.el8_5.x86_64.rpm 946 kB/s | 47 kB 00:00 (2/2): cyrus-sasl-2.1.27-6.el8_5.x86_64.rpm 1.6 MB/s | 96 kB 00:00 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Total 2.2 MB/s | 144 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : cyrus-sasl-plain-2.1.27-6.el8_5.x86_64 1/2 Running scriptlet: cyrus-sasl-2.1.27-6.el8_5.x86_64 2/2 Installing : cyrus-sasl-2.1.27-6.el8_5.x86_64 2/2 Running scriptlet: cyrus-sasl-2.1.27-6.el8_5.x86_64 2/2 Verifying : cyrus-sasl-2.1.27-6.el8_5.x86_64 1/2 Verifying : cyrus-sasl-plain-2.1.27-6.el8_5.x86_64 2/2 Installed: cyrus-sasl-2.1.27-6.el8_5.x86_64 cyrus-sasl-plain-2.1.27-6.el8_5.x86_64 Complete!
Checking…
[root@srv-ol8-ora postfix]# dnf list cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain Last metadata expiration check: 1:59:46 ago on Mon 23 Jan 2023 09:13:46 AM CET. Installed Packages cyrus-sasl.x86_64 2.1.27-6.el8_5 @ol8_baseos_latest cyrus-sasl-lib.x86_64 2.1.27-6.el8_5 @ol8_baseos_latest cyrus-sasl-plain.x86_64 2.1.27-6.el8_5 @ol8_baseos_latest Available Packages cyrus-sasl.i686 2.1.27-6.el8_5 ol8_baseos_latest cyrus-sasl.src 2.1.27-6.el8_5 ol8_baseos_latest cyrus-sasl.src 2.1.27-6.el8_5 ol8_appstream cyrus-sasl-lib.i686 2.1.27-6.el8_5 ol8_baseos_latest cyrus-sasl-plain.i686 2.1.27-6.el8_5 ol8_baseos_latest
Configure postfix
I have added following needed parameter to the postfix configuration, including the SMTP server name and a reference to a file (sasl_passwd) storing the username and password.
[root@srv-ol8-ora ~]# postconf -e "relayhost = [email-smtp.eu-central-1.amazonaws.com]:587" [root@srv-ol8-ora ~]# postconf -e "smtp_sasl_auth_enable = yes" [root@srv-ol8-ora ~]# postconf -e "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd" [root@srv-ol8-ora ~]# postconf -e "smtp_sasl_security_options = noanonymous" [root@srv-ol8-ora ~]# postconf -e "smtp_sasl_tls_security_options = noanonymous" [root@srv-ol8-ora ~]# postconf -e "smtp_use_tls = yes" ol8_baseos_latest
I have created the file storing the username and password for sending emails. The file is called sasl_passwd in stored in /etc/postfix. The format is [<smtp_server_name>]:<port> <username>:<password>.
[root@srv-ol8-ora ~]# vi /etc/postfix/sasl_passwd [root@srv-ol8-ora ~]# cat /etc/postfix/sasl_passwd [email-smtp.eu-central-1.amazonaws.com]:587 A*****************H:B******************z
I have change file permission
[root@srv-ol8-ora ~]# chmod 600 /etc/postfix/sasl_passwd
I have run postmap on the file so it will create a database-like file so postfix can read it.
[root@srv-ol8-ora ~]# postmap /etc/postfix/sasl_passwd
And finally reload postfix configuration.
[root@srv-ol8-ora ~]# postfix reload postfix/postfix-script: refreshing the Postfix mail system
Test
In order to run test, I have installed mailx.
[root@srv-ol8-ora ~]# dnf list mailx Last metadata expiration check: 0:52:42 ago on Mon 23 Jan 2023 09:13:46 AM CET. Available Packages mailx.src 12.5-29.el8 ol8_baseos_latest mailx.x86_64 12.5-29.el8 ol8_baseos_latest [root@srv-ol8-ora ~]# dnf install mailx Last metadata expiration check: 0:52:56 ago on Mon 23 Jan 2023 09:13:46 AM CET. Dependencies resolved. ============================================================================================================================================================================================================================== Package Architecture Version Repository Size ============================================================================================================================================================================================================================== Installing: mailx x86_64 12.5-29.el8 ol8_baseos_latest 257 k Transaction Summary ============================================================================================================================================================================================================================== Install 1 Package Total download size: 257 k Installed size: 491 k Is this ok [y/N]: y Downloading Packages: mailx-12.5-29.el8.x86_64.rpm 5.1 MB/s | 257 kB 00:00 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Total 4.7 MB/s | 257 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : mailx-12.5-29.el8.x86_64 1/1 Running scriptlet: mailx-12.5-29.el8.x86_64 1/1 Verifying : mailx-12.5-29.el8.x86_64 1/1 Installed: mailx-12.5-29.el8.x86_64 Complete!
I ran a test sending an email to my email address.
[root@srv-ol8-ora ~]# echo "This is a DMK test through SMTP relay." | mailx -s "DMK test" [email protected]
I checked the log file.
[root@srv-ol8-ora ~]# tail -f /var/log/maillog Jan 23 11:18:32 srv-ol8-ora postfix/pickup[47181]: 09472140C214: uid=0 from= Jan 23 11:18:32 srv-ol8-ora postfix/cleanup[47187]: 09472140C214: message-id= Jan 23 11:18:32 srv-ol8-ora postfix/qmgr[47182]: 09472140C214: from=, size=512, nrcpt=1 (queue active) Jan 23 11:18:32 srv-ol8-ora postfix/smtp[47184]: 09472140C214: to=, relay=email-smtp.eu-central-1.amazonaws.com[3.74.180.161]:587, delay=0.24, delays=0.01/0/0.14/0.1, dsn=5.0.0, status=bounced (host email-smtp.eu-central-1.amazonaws.com[3.74.180.161] said: 554 Message rejected: Email address is not verified. The following identities failed the check in region EU-CENTRAL-1: [email protected], root (in reply to end of DATA command)) Jan 23 11:18:32 srv-ol8-ora postfix/cleanup[47187]: 44B7C140C22A: message-id= Jan 23 11:18:32 srv-ol8-ora postfix/bounce[47186]: 09472140C214: sender non-delivery notification: 44B7C140C22A Jan 23 11:18:32 srv-ol8-ora postfix/qmgr[47182]: 44B7C140C22A: from=, size=3090, nrcpt=1 (queue active) Jan 23 11:18:32 srv-ol8-ora postfix/qmgr[47182]: 09472140C214: removed Jan 23 11:18:32 srv-ol8-ora postfix/local[47188]: 44B7C140C22A: to=, relay=local, delay=0.01, delays=0/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox) Jan 23 11:18:32 srv-ol8-ora postfix/qmgr[47182]: 44B7C140C22A: removed
The problem comes from the fact that the sender email address, [email protected], is not authorized on the AWS SMTP server. Using option -r in the mailx command will not help, as not working with SMTP. And in any case, I would have the same problem with DMK sending an email.
This is why I had to change the sender in the postfix configuration.
Changing sender in the postfix configuration
To do so I have created a new configuration file, sender_email, in /etc/postfix mapping the sender email address. This file has been added to the postfix configuration at the ender_canonical_maps parameter.
[root@srv-ol8-ora postfix]# vi sender_email [root@srv-ol8-ora postfix]# cat sender_email [email protected] [email protected] [email protected] [email protected] [root@srv-ol8-ora postfix]# postconf -e "sender_canonical_maps = hash:/etc/postfix/sender_email" [root@srv-ol8-ora postfix]# postmap /etc/postfix/sender_email [root@srv-ol8-ora postfix]# postfix reload postfix/postfix-script: refreshing the Postfix mail system
New test
I ran a mailx command again.
[root@srv-ol8-ora ~]# echo "This is a DMK test through SMTP relay." | mailx -s "DMK test" [email protected]
And checked the log file again.
[root@srv-ol8-ora ~]# tail -f /var/log/maillog Jan 23 12:02:45 srv-ol8-ora postfix/pickup[57484]: 46AC1140C215: uid=0 from= Jan 23 12:02:45 srv-ol8-ora postfix/cleanup[57682]: 46AC1140C215: message-id= Jan 23 12:02:45 srv-ol8-ora postfix/qmgr[57485]: 46AC1140C215: from=, size=508, nrcpt=1 (queue active) Jan 23 12:02:45 srv-ol8-ora postfix/smtp[57684]: 46AC1140C215: to=, relay=email-smtp.eu-central-1.amazonaws.com[52.28.191.33]:587, delay=0.45, delays=0.03/0.06/0.13/0.23, dsn=2.0.0, status=sent (250 Ok 01070185de4b762a-1c453360-ba6f-49f2-bc7e-508941e8cc7e-000000) Jan 23 12:02:45 srv-ol8-ora postfix/qmgr[57485]: 46AC1140C215: removed
As we can see in the log file, the email sending is now clean. I could confirm this as well getting the email in my email inbox. I could test and validate the same from the DMK software as well.
Gilmar Vieira de Almeida
20.11.2023Thanks for sharing your knowledge.