Red Hat Enterprise Linux Implementation

Email Transmission Configuration

Module Topics

Email Architecture and Null Clients
Email Message Transmission
Postfix
Postfix Null Client Configuration

Email Architecture and Null Clients

Linux servers send email to report errors and to administrators
- Generally use /usr/sbin/sendmail
- Most servers send mails when incidents occur
- Uses corporate SMTP server to transmit messages
Null client: Client machine that runs local mail server that forwards emails to outbound mail relay for delivery
- Does not accept local delivery for any messages
- Can only send messages to outbound mail relay
Users may run mail clients on null client to read and send emails

Transcript:

In today’s corporate environments, email is a common method of communication. End users may use dedicated mail clients such as Evolution and mutt to read and send email, or the organization may have a web-based interface for its mail service.

However, Linux servers also send email, usually for automatic purposes or to report errors to an administrator. They generally use, directly or indirectly, a standard program called /usr/sbin/sendmail (provided in Red Hat Enterprise Linux 7 by Postfix) to send these messages.

In practice, most servers are monitored and send out mails when incidents occur. This often requires a configured /usr/sbin/sendmail to send emails to notify the responsible system administrators by using the corporate SMTP server to transmit the messages.

A null client is a client machine that runs a local mail server which forwards all emails to an outbound mail relay for delivery. A null client does not accept local delivery for any messages, it can only send them to the outbound mail relay. Users may run mail clients on the null client to read and send emails.

This section will look at how to configure a Red Hat Enterprise Linux 7 server as a Postfix null client, which will use sendmail and the SMTP protocol to transmit mail messages to the outside world through an existing outgoing mail server.

Email Message Transmission

To send email, mail client communicates with outgoing mail server
- Server helps relay message to final destination
- Client uses SMTP to transmit messages to server
If outgoing mail relay requires no authentication from internal clients, server listens on port 25/TCP
- Relay restrict hosts that can relay
- IP address-based restrictions or firewall rules
If outbound SMTP relay is reachable from Internet, normally configured as MSA
- MSA listens on port 587/TCP and requires authentication of client before accepting mail
- May be username/password or other means
Outgoing mail relay uses DNS to look up MX record
- Identifies mail server that accepts delivery for messages sent to recipient domain
Relay uses SMTP on port 25/TCP to transmit email to server

Transcript:

To send an email, in most cases the mail client communicates with an outgoing mail server, which will help relay that message to its final destination. The mail client transmits messages to the mail server using the Simple Mail Transfer Protocol (SMTP).

The outgoing mail relay may require no authentication from internal clients, in which case the server listens on port 25/TCP. In that case, the relay will restrict which hosts can relay through IP address based restrictions or firewall rules.

In cases where the outbound SMTP relay is reachable from the Internet, it is normally configured as a mail submission agent (MSA) for security and anti-spam reasons. An MSA listens on port 587/TCP and requires authentication of the user’s mail client before accepting mail. This may be by username and password (as some webmail services provide) or through other means.

This course will only cover how to configure a basic unauthenticated null client.

The outgoing mail relay then uses DNS to look up the MX record identifying the mail server that accepts delivery for messages sent to the recipient’s domain. The relay then uses SMTP on port 25/TCP to transmit the email to that server.

Email Message Transmission

Recipient mail service may provide POP3 or IMAP server to let mail client download messages
Mail service may provide web-based interface to let clients use web browser as mail client
Mail client on desktop1.example.com fetches incoming mails from IMAP server imap1.example.com
Outgoing mails sent to smtp1.example.com
MX DNS record defines smtp1.example.com as mail server for example.com

Email_Overview

Postfix

Postfix: Powerful, easy-to-configure mail server
- Default mail server in Red Hat Enterprise Linux 7
- Provided by postfix RPM package
- Modular program made up of several programs
- Components controlled by master process
/etc/postfix/main.cf: Main configuration file of postfix mail server
- /etc/postfix contains other configuration files
- /etc/postfix/master.cf controls subservices that are started

Postfix

Setting

Purpose

Default

inet_interfaces

Controls network interfaces Postfix listens on for incoming and outgoing messages
- If set to loopback-only, Postfix listens only on 127.0.0.1 and ::1
- If set to all, Postfix listens on all network interfaces
Can list One or more host names and IP addresses, separated by white space

inet_interfaces = localhost

myorigin

Rewrite locally posted email to appear to come from this domain
Helps ensure responses return to correct domain for which mail server is responsible

myorigin = $myhostname

relayhost

Forward all messages to mail server specified supposed to be sent to foreign mail addresses
Square brackets around host name suppress MX record lookup

`relayhost = `

mydestination

Configure domains mail server is end point for
Email addressed to these domains delivered into local mailboxes

mydestination = $myhostname, localhost.$mydomain, localhost

local_transport

Determine how to deliver email addressed to $mydestination
By default, set to local:$myhostname
- Uses local mail delivery agent to deliver incoming mail to local message store in /var/spool/mail
Set to error: error message, e.g., local_transport = error: local delivery disabled, to disable local delivery completely

local_transport = local:$myhostname

mynetworks

Allow relay through mail server from comma-separated list of IP addresses and networks in CIDR notation to anywhere, without further authentication
If mynetworks not explicitly set in /etc/postfix/main.cf, is filled automatically using setting for mynetworks_style
Default for mynetworks_style: subnet
- Means all subnets in which tserver has IP address are added to mynetworks
- Often not desired situation, especially if server has external IP address
Recommended: Add mynetworks setting manually, or set mynetworks_style to host

mynetworks = 127.0.0.0/8 [::1]/128

Postfix

Edit Configuration File

Two ways to edit /etc/postfix/main.cf:
- By hand using a text editor such as vim
- Using postconf utility
postconf lets you:
- Query by individual/all settings
- Modify settings
- Query defaults
- Showing all settings that differ from built-in defaults

Postfix

To query all settings from /etc/postfix/main.cf, run postconf without any parameter:

[root@server1 ~]# postconf
2bounce_notice_recipient = postmaster
access_map_defer_code = 450
access_map_reject_code = 554
address_verify_cache_cleanup_interval = 12h
address_verify_default_transport = $default_transport
...

To query particular set of options, list them after postconf
- Example: To list inet_interfaces and myorigin options with corresponding values:
  [root@server1 ~]# postconf inet_interfaces myorigin inet_interfaces = loopback-only myorigin = $myhostname
If value in /etc/postfix/main.cf starts with $, it is not a literal value
- Instead points to value of different setting
- Syntax simplifies maintenance; need to update value in one place only

Postfix

To add or change options in /etc/postfix/main.cf:
```
postconf -e 'setting = value'
```
- If setting with name already exists in configuration file, it is updated to new value
- Otherwise it is added to bottom of configuration file
To change myorigin to rewrite domain part of FROM: address to example.com:
```
[root@server1 ~]# postconf -e 'myorigin = example.com'
```

postfix requires reload or restart after making changes to /etc/postfix/main.cf.

Postfix

Troubleshooting

When troubleshooting email, log of all mail-related operations kept in systemd and /var/log/maillog
- Includes information on mail server-related actions
To display list of queued outgoing mail messages, use postqueue -p
To attempt to deliver all queued messages again immediately, use postqueue -f command
- Otherwise, Postfix attempts to resend once an hour until messages accepted or expire

Postfix Null Client Configuration

To act as null client, must configure Postfix and Red Hat Enterprise Linux so that:
- sendmail and programs that use it forward all emails to existing outbound mail relay for delivery
- Local Postfix service does not accept local delivery for any email messages
- Users may run mail clients on null client to read and send emails
Null client on server1.example.com delivers all messages to corporate SMTP mail server smtp1.example.com

Email_Intranet

Reference

postconf(5) man page

Transcript:

Remember, to act as a null client, Postfix and the Red Hat Enterprise Linux system must be configured so that the following things are true:

The sendmail command and programs that use it forward all emails to an existing outbound mail relay for delivery
The local Postfix service does not accept local delivery for any email messages
Users may run mail clients on the null client to read and send emails.

The following diagram illustrates how a null client setup works. For sending mails, the null client on server1 delivers all messages to the corporate SMTP mail server smtp1.example.com.

A complete overview of all settings that are adjustable in /etc/postfix/main.cf and their explanations can be found in the postconf(5) man page. To access this man page, use the man 5 postconf command. Omitting the 5 will display the man page for the postconf command rather than the configuration guide.

Postfix Null Client Configuration

Steps

Adjust relayhost to point to corporate mail server:
- Enclose host name of corporate mail server in square brackets
  [root@server1 ~]# postconf -e "relayhost=[smtp1.example.com]"
Configure Postfix mail server to only relay emails from local system
1. Let mail server listen on loopback interface for emails to deliver only:
  [root@server1 ~]# postconf -e "inet_interfaces=loopback-only"
2. Change null client configuration so it forwards mails originating from 127.0.0.0/8 IPv4 network and [::1]/128 IPv6 network to relay host:
  [root@server1 ~]# postconf -e "mynetworks=127.0.0.0/8 [::1]/128"
Configure Postfix so outgoing mails have sender domain rewritten to company domain example.com:
```
[root@server1 ~]# postconf -e "myorigin=desktop1.example.com"
```

Transcript:

The following steps demonstrate how to configure Postfix on server1.example.com as a null client that uses the smtp1.example.com mail server as a relay host. All mails passed on by the local null client have their sender address domain rewritten to desktop1.example.com.

Adjust the configuration of the Postfix mail server on your server1.example.com system to act as a null client that forwards all messages to the corporate mail server on smtp1.example.com, which is responsible for the desktop1.example.com domain.

Adjust the relayhost directive to point to the corporate mail server. The host name of the corporate mail server needs to be enclosed in square brackets to prevent an MX record lookup with the DNS server.
Configure the Postfix mail server to only relay emails from the local system.
1. Let the Postfix mail server listen only on the loopback interface for emails to deliver.
2. Change the configuration of the null client so that mails originating from the 127.0.0.0/8 IPv4 network and the [::1]/128 IPv6 network are forwarded to the relay host by the local null client.
Configure Postfix so all outgoing mails have their sender domain rewritten to the company domain desktop1. example.com.

Postfix Null Client Configuration

Prohibit Postfix mail server from delivering messages to local accounts
1. Configure the null client not to act as end point for any mail domain:
  - Does not accept mails where recipient is local email account for local delivery
  - Need to set mydestination to empty value
    [root@server1 ~]# postconf -e "mydestination="
2. Configure local null client not to sort mails into mailboxes on local system:
  - Local email delivery turned off
    [root@server1 ~]# postconf -e "local_transport=error: local delivery disabled"

Restart local postfix null client:

[root@server1 ~]# systemctl restart postfix

Postfix Null Client Configuration

Directive

Null Client (server1.example.com)

inet_interfaces

inet_interfaces = loopback-only

myorigin

myorigin = desktop1.example.com

relayhost

relayhost = [smtp1.example.com]

mydestination

mydestination =

local_transport

local_transport = error: local delivery disabled

mynetworks

mynetworks = 127.0.0.0/8, [::1]/128

References

Man pages: postconf(1), postconf(5), mail(1), and mutt(1)

Summary

Email Architecture and Null Clients
Email Message Transmission
Postfix
Postfix Null Client Configuration

Module Completion

Nice job!

Click the button below to complete this module of the course: