CentOS Stream 9
Sponsored Link

Mail Server : Install Postfix
2022/03/18
 
Install Postfix to configure SMTP Server.
[1] Install Postfix.
[root@mail ~]#
dnf -y install postfix
[2] This example shows to configure SMTP-Auth settings to use Dovecot's SASL feature.
[root@mail ~]#
vi /etc/postfix/main.cf
# line 95 : uncomment and specify hostname
myhostname = mail.srv.world

# line 102 : uncomment and specify domain name
mydomain = srv.world

# line 118 : uncomment
myorigin = $mydomain

# line 135 : change
inet_interfaces = all

# line 138 : change it if use only IPv4
inet_protocols = ipv4

# line 183 : add
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

# line 283 : uncomment and specify your local network
mynetworks = 127.0.0.0/8, 10.0.0.0/24

# line 438 : uncomment (use Maildir)
home_mailbox = Maildir/

# line 593 : add
# hide the kind or version of SMTP software
smtpd_banner = $myhostname ESMTP

# add follows to the end
# disable SMTP VRFY command
disable_vrfy_command = yes

# require HELO command to sender hosts
smtpd_helo_required = yes

# limit an email size
# example below means 10M bytes limit
message_size_limit = 10240000

# SMTP-Auth settings
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, reject

[root@mail ~]#
systemctl enable --now postfix

[3] If Firewalld is running, allow SMTP service. SMTP uses [25/TCP].
[root@mail ~]#
firewall-cmd --add-service=smtp

success
[root@mail ~]#
firewall-cmd --runtime-to-permanent

success
[4]
Configure additional settings for Postfix if you need.
It's possible to reject many spam emails with the settings below.
However, you should consider to apply the settings,
because sometimes normal emails are also rejected with them.
Especially, there are SMTP servers that forward lookup and reverse lookup of their hostnames on DNS do not match even if they are not spammers.
[root@mail ~]#
vi /etc/postfix/main.cf
# add to the end
# reject unknown clients that forward lookup and reverse lookup of their hostnames on DNS do not match
smtpd_client_restrictions = permit_mynetworks, reject_unknown_client_hostname, permit

# rejects senders that domain name set in FROM are not registered in DNS or 
# not registered with FQDN
smtpd_sender_restrictions = permit_mynetworks, reject_unknown_sender_domain, reject_non_fqdn_sender

# reject hosts that domain name set in FROM are not registered in DNS or 
# not registered with FQDN when your SMTP server receives HELO command
smtpd_helo_restrictions = permit_mynetworks, reject_unknown_hostname, reject_non_fqdn_hostname, reject_invalid_hostname, permit

[root@mail ~]#
systemctl restart postfix

Matched Content