Install the package with:
dnf install postfix
Edit /etc/postfix/main.cf
.
Consult http://www.postfix.org/BASIC_CONFIGURATION_README.html for the set of basic options.
systemctl start postfix firewall-cmd --permanent --add-service=smtp firewall-cmd --reload
After setting up proper MX and SPF records on your DNS server, you should now be able to send and receive emails. Emails will be stored under /var/spool/mail
. You can also use the /var/mail
symlink to access it.
For simplicity I installed mailx
to send and receive emails on the machine.
dnf install mailx mailx
To check Postfix logs: (remove f
to not follow)
journalctl -fu postfix
To enable Postfix on next boot:
systemctl enable postfix
dnf install postfix-perl-scripts pflogsumm -d today /var/log/maillog --problems-first --rej-add-from --verbose-msg-detail
Reference: https://www.linuxbabe.com/mail-server/block-email-spam-postfix
Install pypolicyd-spf
:
dnf install pypolicyd-spf
Prepare a user account for it:
useradd -r policyd-spf usermod -L policyd-spf usermod -s /sbin/nologin policyd-spf usermod -d / policyd-spf
Append to /etc/postfix/master.cf
:
policy-spf unix - n n - - spawn user=policyd-spf argv=/usr/libexec/postfix/policyd-spf
Append to /etc/postfix/main.cf
:
strict_rfc821_envelopes = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated reject_non_fqdn_helo_hostname reject_unknown_helo_hostname smtpd_sender_restrictions = permit_mynetworks permit_sasl_authenticated reject_unknown_sender_domain reject_unknown_reverse_client_hostname reject_unknown_client_hostname smtpd_recipient_restrictions = reject_unauth_destination check_policy_service unix:private/policy-spf
Running journalctl -fu postfix
to check there is a log line for policyd-spf
when you receive an email.
Jan 24 00:14:38 openhsc.org policyd-spf[3159]: prepend Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=xxx; helo=xxx; envelope-from=xxx; receiver=<UNKNOWN>