For some internal DMK (https://www.dbi-services.com/fr/produits/dmk-management-kit/) development I had to configure a SMTP relay on my VM. Purpose of the SMTP relay is to send the email locally from DMK without any authentication. This Email will be transferred to the SMTP server created by one of my colleague on our AWS Cloud. This SMTP server is of course using authentication. To do so I have been installing and configuring postfix. Through this blog, I have just wanted to share my experience on this installation, hoping it might help someone.
Installation of postfix
My lab is running Oracle Linux Server release 8.6.
[[email protected] ~]# cat /etc/oracle-release Oracle Linux Server release 8.6
I have no postfix currently installed on my VM.
[[email protected] ~]# rpm -qa | grep postfix
I installed it.
[[email protected] ~]# dnf install -y postfix Last metadata expiration check: 0:09:18 ago on Mon 23 Jan 2023 09:13:46 AM CET. Dependencies resolved. ============================================================================================================================================================================================================================== Package Architecture Version Repository Size ============================================================================================================================================================================================================================== Installing: postfix x86_64 2:3.5.8-4.el8 ol8_baseos_latest 1.5 M Installing dependencies: libicu x86_64 60.3-2.el8_1 ol8_baseos_latest 8.8 M Transaction Summary ============================================================================================================================================================================================================================== Install 2 Packages Total download size: 10 M Installed size: 36 M Downloading Packages: (1/2): postfix-3.5.8-4.el8.x86_64.rpm 15 MB/s | 1.5 MB 00:00 (2/2): libicu-60.3-2.el8_1.x86_64.rpm 33 MB/s | 8.8 MB 00:00 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Total 38 MB/s | 10 MB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libicu-60.3-2.el8_1.x86_64 1/2 Running scriptlet: libicu-60.3-2.el8_1.x86_64 1/2 Running scriptlet: postfix-2:3.5.8-4.el8.x86_64 2/2 Installing : postfix-2:3.5.8-4.el8.x86_64 2/2 Running scriptlet: postfix-2:3.5.8-4.el8.x86_64 2/2 Verifying : libicu-60.3-2.el8_1.x86_64 1/2 Verifying : postfix-2:3.5.8-4.el8.x86_64 2/2 Installed: libicu-60.3-2.el8_1.x86_64 postfix-2:3.5.8-4.el8.x86_64 Complete!
The appropriate package has been installed.
[[email protected] ~]# rpm -qa | grep postfix postfix-3.5.8-4.el8.x86_64
Firewall configuration
If running a local firewall, this one needs to be configured to allow SMTP traffic.
[[email protected] ~]# firewall-cmd --zone=public --add-service=smtp --permanent success [[email protected] ~]# firewall-cmd --reload success
Or if the firewall is not needed, which is the case on my side, I have simply deactivated it.
[[email protected] postfix]# systemctl stop firewalld [[email protected] postfix]# systemctl disable firewalld Removed /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Remove sendmail
If installed, sendmail should be removed as per oracle documentation : https://docs.oracle.com/en/learn/oracle-linux-postfix/#introduction
On my lab VM, sendmail is not installed.
[[email protected] ~]# rpm -qa | grep sendmail
Set Postfix as the default Mail Transfer Agent
[[email protected] ~]# alternatives --set mta /usr/sbin/sendmail.postfix
Enable and start the Postfix service
[[email protected] ~]# systemctl enable --now postfix Created symlink /etc/systemd/system/multi-user.target.wants/postfix.service → /usr/lib/systemd/system/postfix.service.
Install SASL
SASL (Simple Authentication and Security Layer) is mandatory to be used in the Postfix SMTP client.
We need both following packages : cyrus-sasl cyrus-sasl-plain. I checked which cyrus packages are already installed and available.
[[email protected] postfix]# dnf list cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain Last metadata expiration check: 1:59:10 ago on Mon 23 Jan 2023 09:13:46 AM CET. Installed Packages cyrus-sasl-lib.x86_64 2.1.27-6.el8_5 @ol8_baseos_latest Available Packages cyrus-sasl.i686 2.1.27-6.el8_5 ol8_baseos_latest cyrus-sasl.src 2.1.27-6.el8_5 ol8_baseos_latest cyrus-sasl.src 2.1.27-6.el8_5 ol8_appstream cyrus-sasl.x86_64 2.1.27-6.el8_5 ol8_baseos_latest cyrus-sasl-lib.i686 2.1.27-6.el8_5 ol8_baseos_latest cyrus-sasl-plain.i686 2.1.27-6.el8_5 ol8_baseos_latest cyrus-sasl-plain.x86_64 2.1.27-6.el8_5
I have installed both needed packages.
[[email protected] postfix]# dnf install cyrus-sasl cyrus-sasl-plain Last metadata expiration check: 1:59:36 ago on Mon 23 Jan 2023 09:13:46 AM CET. Dependencies resolved. ============================================================================================================================================================================================================================== Package Architecture Version Repository Size ============================================================================================================================================================================================================================== Installing: cyrus-sasl x86_64 2.1.27-6.el8_5 ol8_baseos_latest 96 k cyrus-sasl-plain x86_64 2.1.27-6.el8_5 ol8_baseos_latest 47 k Transaction Summary ============================================================================================================================================================================================================================== Install 2 Packages Total download size: 144 k Installed size: 194 k Is this ok [y/N]: y Downloading Packages: (1/2): cyrus-sasl-plain-2.1.27-6.el8_5.x86_64.rpm 946 kB/s | 47 kB 00:00 (2/2): cyrus-sasl-2.1.27-6.el8_5.x86_64.rpm 1.6 MB/s | 96 kB 00:00 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Total 2.2 MB/s | 144 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : cyrus-sasl-plain-2.1.27-6.el8_5.x86_64 1/2 Running scriptlet: cyrus-sasl-2.1.27-6.el8_5.x86_64 2/2 Installing : cyrus-sasl-2.1.27-6.el8_5.x86_64 2/2 Running scriptlet: cyrus-sasl-2.1.27-6.el8_5.x86_64 2/2 Verifying : cyrus-sasl-2.1.27-6.el8_5.x86_64 1/2 Verifying : cyrus-sasl-plain-2.1.27-6.el8_5.x86_64 2/2 Installed: cyrus-sasl-2.1.27-6.el8_5.x86_64 cyrus-sasl-plain-2.1.27-6.el8_5.x86_64 Complete!
Checking…
[[email protected] postfix]# dnf list cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain Last metadata expiration check: 1:59:46 ago on Mon 23 Jan 2023 09:13:46 AM CET. Installed Packages cyrus-sasl.x86_64 2.1.27-6.el8_5 @ol8_baseos_latest cyrus-sasl-lib.x86_64 2.1.27-6.el8_5 @ol8_baseos_latest cyrus-sasl-plain.x86_64 2.1.27-6.el8_5 @ol8_baseos_latest Available Packages cyrus-sasl.i686 2.1.27-6.el8_5 ol8_baseos_latest cyrus-sasl.src 2.1.27-6.el8_5 ol8_baseos_latest cyrus-sasl.src 2.1.27-6.el8_5 ol8_appstream cyrus-sasl-lib.i686 2.1.27-6.el8_5 ol8_baseos_latest cyrus-sasl-plain.i686 2.1.27-6.el8_5 ol8_baseos_latest
Configure postfix
I have added following needed parameter to the postfix configuration, including the SMTP server name and a reference to a file (sasl_passwd) storing the username and password.
[[email protected] ~]# postconf -e "relayhost = [email-smtp.eu-central-1.amazonaws.com]:587" [[email protected] ~]# postconf -e "smtp_sasl_auth_enable = yes" [[email protected] ~]# postconf -e "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd" [[email protected] ~]# postconf -e "smtp_sasl_security_options = noanonymous" [[email protected] ~]# postconf -e "smtp_sasl_tls_security_options = noanonymous" [[email protected] ~]# postconf -e "smtp_use_tls = yes" ol8_baseos_latest
I have created the file storing the username and password for sending emails. The file is called sasl_passwd in stored in /etc/postfix. The format is [<smtp_server_name>]:<port> <username>:<password>.
[[email protected] ~]# vi /etc/postfix/sasl_passwd [[email protected] ~]# cat /etc/postfix/sasl_passwd [email-smtp.eu-central-1.amazonaws.com]:587 A*****************H:B******************z
I have change file permission
[[email protected] ~]# chmod 600 /etc/postfix/sasl_passwd
I have run postmap on the file so it will create a database-like file so postfix can read it.
[[email protected] ~]# postmap /etc/postfix/sasl_passwd
And finally reload postfix configuration.
[[email protected] ~]# postfix reload postfix/postfix-script: refreshing the Postfix mail system
Test
In order to run test, I have installed mailx.
[[email protected] ~]# dnf list mailx Last metadata expiration check: 0:52:42 ago on Mon 23 Jan 2023 09:13:46 AM CET. Available Packages mailx.src 12.5-29.el8 ol8_baseos_latest mailx.x86_64 12.5-29.el8 ol8_baseos_latest [[email protected] ~]# dnf install mailx Last metadata expiration check: 0:52:56 ago on Mon 23 Jan 2023 09:13:46 AM CET. Dependencies resolved. ============================================================================================================================================================================================================================== Package Architecture Version Repository Size ============================================================================================================================================================================================================================== Installing: mailx x86_64 12.5-29.el8 ol8_baseos_latest 257 k Transaction Summary ============================================================================================================================================================================================================================== Install 1 Package Total download size: 257 k Installed size: 491 k Is this ok [y/N]: y Downloading Packages: mailx-12.5-29.el8.x86_64.rpm 5.1 MB/s | 257 kB 00:00 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Total 4.7 MB/s | 257 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : mailx-12.5-29.el8.x86_64 1/1 Running scriptlet: mailx-12.5-29.el8.x86_64 1/1 Verifying : mailx-12.5-29.el8.x86_64 1/1 Installed: mailx-12.5-29.el8.x86_64 Complete!
I ran a test sending an email to my email address.
[[email protected] ~]# echo "This is a DMK test through SMTP relay." | mailx -s "DMK test" [email protected]
I checked the log file.
[[email protected] ~]# tail -f /var/log/maillog Jan 23 11:18:32 srv-ol8-ora postfix/pickup[47181]: 09472140C214: uid=0 from= Jan 23 11:18:32 srv-ol8-ora postfix/cleanup[47187]: 09472140C214: message-id= Jan 23 11:18:32 srv-ol8-ora postfix/qmgr[47182]: 09472140C214: from=, size=512, nrcpt=1 (queue active) Jan 23 11:18:32 srv-ol8-ora postfix/smtp[47184]: 09472140C214: to=, relay=email-smtp.eu-central-1.amazonaws.com[3.74.180.161]:587, delay=0.24, delays=0.01/0/0.14/0.1, dsn=5.0.0, status=bounced (host email-smtp.eu-central-1.amazonaws.com[3.74.180.161] said: 554 Message rejected: Email address is not verified. The following identities failed the check in region EU-CENTRAL-1: [email protected], root (in reply to end of DATA command)) Jan 23 11:18:32 srv-ol8-ora postfix/cleanup[47187]: 44B7C140C22A: message-id= Jan 23 11:18:32 srv-ol8-ora postfix/bounce[47186]: 09472140C214: sender non-delivery notification: 44B7C140C22A Jan 23 11:18:32 srv-ol8-ora postfix/qmgr[47182]: 44B7C140C22A: from=, size=3090, nrcpt=1 (queue active) Jan 23 11:18:32 srv-ol8-ora postfix/qmgr[47182]: 09472140C214: removed Jan 23 11:18:32 srv-ol8-ora postfix/local[47188]: 44B7C140C22A: to=, relay=local, delay=0.01, delays=0/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox) Jan 23 11:18:32 srv-ol8-ora postfix/qmgr[47182]: 44B7C140C22A: removed
The problem comes from the fact that the sender email address, [email protected], is not authorized on the AWS SMTP server. Using option -r in the mailx command will not help, as not working with SMTP. And in any case, I would have the same problem with DMK sending an email.
This is why I had to change the sender in the postfix configuration.
Changing sender in the postfix configuration
To do so I have created a new configuration file, sender_email, in /etc/postfix mapping the sender email address. This file has been added to the postfix configuration at the ender_canonical_maps parameter.
[[email protected] postfix]# vi sender_email [[email protected] postfix]# cat sender_email [email protected] [email protected] [email protected] [email protected] [[email protected] postfix]# postconf -e "sender_canonical_maps = hash:/etc/postfix/sender_email" [[email protected] postfix]# postmap /etc/postfix/sender_email [[email protected] postfix]# postfix reload postfix/postfix-script: refreshing the Postfix mail system
New test
I ran a mailx command again.
[[email protected] ~]# echo "This is a DMK test through SMTP relay." | mailx -s "DMK test" [email protected]
And checked the log file again.
[[email protected] ~]# tail -f /var/log/maillog Jan 23 12:02:45 srv-ol8-ora postfix/pickup[57484]: 46AC1140C215: uid=0 from= Jan 23 12:02:45 srv-ol8-ora postfix/cleanup[57682]: 46AC1140C215: message-id= Jan 23 12:02:45 srv-ol8-ora postfix/qmgr[57485]: 46AC1140C215: from=, size=508, nrcpt=1 (queue active) Jan 23 12:02:45 srv-ol8-ora postfix/smtp[57684]: 46AC1140C215: to=, relay=email-smtp.eu-central-1.amazonaws.com[52.28.191.33]:587, delay=0.45, delays=0.03/0.06/0.13/0.23, dsn=2.0.0, status=sent (250 Ok 01070185de4b762a-1c453360-ba6f-49f2-bc7e-508941e8cc7e-000000) Jan 23 12:02:45 srv-ol8-ora postfix/qmgr[57485]: 46AC1140C215: removed
As we can see in the log file, the email sending is now clean. I could confirm this as well getting the email in my email inbox. I could test and validate the same from the DMK software as well.