Configure Postfix on RHEL 7 to Forward All Email to a Central Mail Server

On RHEL 7, Postfix is used as the mail service. 

We are going to deploy Postfix on a null client. A null client is a machine that can only send mail. It receives no mail from the network, and it does not deliver any mail locally. We use a RHEL 7.0 virtual machine in this article.

Please check this post if you need to configure Postfix as a gateway.

Configure Postfix on a Null Client

The postfix package should be installed by default, do the following if it’s not the case:

# yum install -y postfix

Ensure the service is enabled on boot:

# systemctl enable postfix

Now, I saw some people adding a firewalld rule to allow incoming traffic for an smtp service. This is normally required for a central SMTP server, but makes little to no sense when talking about a null client. A null client cannot receive emails from outside, therefore no firewall configuration is required.

Only a few parameters are important for setting up an environment where email can be forwarded to a central mail server.

The file has quite a few Postfix configuration examples:

# less /usr/share/doc/postfix-2.10.1/README_FILES/STANDARD_CONFIGURATION_README

Check the “Postfix on a null client” section for more info.

Open the file /etc/postfix/main.cf for editing, and add the following:

myhostname = srv1.rhce.local
mydomain = rhce.local
myorigin = $mydomain
relayhost = [10.8.8.70]
inet_interfaces = loopback-only
mydestination =
mynetworks = 127.0.0.0/8 [::]/128
local_transport = error: local delivery disabled

The relayhost prevents mail from getting stuck on the null client if it is turned off while some remote destination is unreachable.

The loopback-only tells to not accept mail from the network. Only messages that originate from the
127.0.0.0/8 network and the [::1]/128 network are forwarded to the relay host by the null client.

We prevent the local null client from sorting any mail into mailboxes by putting a local_transport parameter. We also disable local mail delivery by not specifying mydestination. All mail goes to the mail server as specified in relayhost. Note that we can also use a DNS name for the relayhost, as well as turn off MX lookups by putting a record in square brackets.

Check for syntax errors:

# postfix check

Restart the service:

# systemctl restart postfix

Send a test email to the root user:

# echo test | mailx -s Test root

Check /var/log/maillog:

postfix/pickup[2636]: 3DF9920832: uid=0 from=<root>
postfix/cleanup[2668]: 3DF9920832: message-id=<[email protected]>
postfix/qmgr[2637]: 3DF9920832: from=<[email protected]>, size=416, nrcpt=1 (queue active)
postfix/smtp[2670]: 3DF9920832: to=<[email protected]>, orig_to=<root>, relay=10.8.8.70[10.8.8.70]:25, delay=0.36, delays=0.3/0/0/0.05, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 5794EC3287)
postfix/qmgr[2637]: 3DF9920832: removed

Configure Postfix as a Central Mail Server for a Domain

To test email delivery, we can use a FreeIPA server that we set up some time ago, and configure it as a central mail server for our rhce.local domain.

The following /etc/postfix/main.cf configuration should do the job:

myhostname = ipa.rhce.local
mydomain = rhce.local
myorigin = rhce.local
inet_interfaces = all
inet_protocols = ipv4
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

The mydestination parameter specifies the list of domains that the server considers itself the final destination for.

Configure firewall and restart the Postfix service:

# firewall-cmd --add-service=smtp --permanent
# firewall-cmd --reload

Useful to know, we can delete all messages from the email queue with postsuper:

# postsuper -d ALL

18 thoughts on “Configure Postfix on RHEL 7 to Forward All Email to a Central Mail Server

  1. Hello,
    How do I figure out which IP is the relayhost in Exam?

    Relayhost meaning the main server right?

    Regards!

    • I don’t use Exim anymore, but I believe that I had a route_list configured to relay emails. Relayhost means the next server where you want to forward emails to, it may be the main server, or it may be just another relay.

  2. I have noticed that a null client doesnt require smtp to be enabled on the firewall ,which makes sense since no one is connecting to the server …

  3. Hi Tomas, will I fail the exam if I dont set the local_transport = error: local delivery disabled ?

    • Hi, if the exameexplicitly says that you have to configure the local_transport and you don´t, then you failed, but if the exam doesn´t require it, then is ok.

    • If that’s the case then you would obviously fail at this particular exam task, but I seriously doubt that making such a mistake would cause you to fail the whole exam. To drop a few points? Yes. To fail the exam? Highly unlikely.

  4. Hey Tomas, what about user-based security for SMTP? Are different smtpd_*_restrictions the exam objective?
    And what about mapping: virtual, relocated, transport…?

    • I appreciate you may have questions, but any exam objective related question is best raised directly with RedHat.

      You need to know smtpd_client_restrictions. Please take a look here, I’ve covered Postfix as well.

  5. The configuration given here for the ipa server results in mail delivery errors due to NIS failures. For example, you will see the following error in the mail logs.

    May 12 10:51:19 ipa.rhce.local postfix/smtpd[21492]: warning: lookup [email protected], NIS domain rhce.local, map mail.aliases: internal yp server or client error
    May 12 10:51:19 ipa.rhce.local postfix/smtpd[21492]: warning: nis:mail.aliases lookup error for “[email protected]
    May 12 10:51:19 ipa.rhce.local postfix/smtpd[21492]: NOQUEUE: reject: RCPT from srv1.rhce.local[10.8.8.71]: 451 4.3.0 : Temporary lookup failure; from= to= proto=ESMTP helo=

    To fix this the /etc/postfix/main.cf file should have a line added as follows.

    alias_maps = hash:/etc/aliases

    I’d also suggest setting inet_protocols to “all” as you are instructed to give the VM an IPv6 address along with IPv4.

  6. mail server : ipa.example.local ( with two ipa users u1 , u2 )
    null client ( client.example.local ) ( local users u3, u4 )
    null client ( client1.example.local ) ( local users u5, u6 )

    can we send email from client.example.local to user u5 or u6 ,, i.e. send email to local users who are not on email server ?

    • I’m not sure on what you mean by saying that “users are not on email server”, but you can send emails to users who have mailboxes. If users u5 and u6 have mailboxes, then the mail server should be able to deliver email.

  7. to rephrase,
    mail server : ipa.example.local ( with two ipa users u1 , u2 )
    null client ( client.example.local ) ( local users u3, u4 )
    null client ( client1.example.local ) ( local users u5, u6 )

    when i send emails from null client to ( two ipa users u1 , u2 ) >>>> its succssfull.
    but when i send email from ( client.example.local ) to ( client1.example.local ) ( local users u5, u6 ) , mail is delivered but mail box is emtpy on client1.example.local …

    as per my understanding , we cant only send email to users whose accounts are created on mail server . ipa.example.local — in this case ( and they are not local users )
    and we can not send email to users on { client.example.local , and client1.example.local } — users on these systems are local users.
    Please correct me if i am wrong

    I hope i have clarified my question

    • You cannot send emails from client.example.local to client1.example.local as both are null clients and neither of them can receive emails. A null client can only send mail, it cannot receive mail from your network. That’s the reason why the mailbox on client1.example.local is empty.

Leave a Reply

Your email address will not be published. Required fields are marked *