Configure Postfix on RHEL 7 to Forward All Email to a Central Mail Server

On RHEL 7, Postfix is used as the mail service. 

We are going to deploy Postfix on a null client. A null client is a machine that can only send mail. It receives no mail from the network, and it does not deliver any mail locally. We use a RHEL 7.0 virtual machine in this article.

Please check this post if you need to configure Postfix as a gateway.

Configure Postfix on a Null Client

The postfix package should be installed by default, do the following if it’s not the case:

# yum install -y postfix

Ensure the service is enabled on boot:

# systemctl enable postfix

Now, I saw some people adding a firewalld rule to allow incoming traffic for an smtp service. This is normally required for a central SMTP server, but makes little to no sense when talking about a null client. A null client cannot receive emails from outside, therefore no firewall configuration is required.

Only a few parameters are important for setting up an environment where email can be forwarded to a central mail server.

The file has quite a few Postfix configuration examples:

# less /usr/share/doc/postfix-2.10.1/README_FILES/STANDARD_CONFIGURATION_README

Check the “Postfix on a null client” section for more info.

Open the file /etc/postfix/ for editing, and add the following:

myhostname = srv1.rhce.local
mydomain = rhce.local
myorigin = $mydomain
relayhost = []
inet_interfaces = loopback-only
mydestination =
mynetworks = [::]/128
local_transport = error: local delivery disabled

The relayhost prevents mail from getting stuck on the null client if it is turned off while some remote destination is unreachable.

The loopback-only tells to not accept mail from the network. Only messages that originate from the network and the [::1]/128 network are forwarded to the relay host by the null client.

We prevent the local null client from sorting any mail into mailboxes by putting a local_transport parameter. We also disable local mail delivery by not specifying mydestination. All mail goes to the mail server as specified in relayhost. Note that we can also use a DNS name for the relayhost, as well as turn off MX lookups by putting a record in square brackets.

Check for syntax errors:

# postfix check

Restart the service:

# systemctl restart postfix

Send a test email to the root user:

# echo test | mailx -s Test root

Check /var/log/maillog:

postfix/pickup[2636]: 3DF9920832: uid=0 from=<root>
postfix/cleanup[2668]: 3DF9920832: message-id=<20160531192921.3DF9920832@srv1.rhce.local>
postfix/qmgr[2637]: 3DF9920832: from=<root@rhce.local>, size=416, nrcpt=1 (queue active)
postfix/smtp[2670]: 3DF9920832: to=<root@rhce.local>, orig_to=<root>, relay=[]:25, delay=0.36, delays=0.3/0/0/0.05, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 5794EC3287)
postfix/qmgr[2637]: 3DF9920832: removed

Configure Postfix as a Central Mail Server for a Domain

To test email delivery, we can use a FreeIPA server that we set up some time ago, and configure it as a central mail server for our rhce.local domain.

The following /etc/postfix/ configuration should do the job:

myhostname = ipa.rhce.local
mydomain = rhce.local
myorigin = rhce.local
inet_interfaces = all
inet_protocols = ipv4
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

The mydestination parameter specifies the list of domains that the server considers itself the final destination for.

Configure firewall and restart the Postfix service:

# firewall-cmd --add-service=smtp --permanent
# firewall-cmd --reload

Useful to know, we can delete all messages from the email queue with postsuper:

# postsuper -d ALL

8 thoughts on “Configure Postfix on RHEL 7 to Forward All Email to a Central Mail Server

  1. Hello,
    How do I figure out which IP is the relayhost in Exam?

    Relayhost meaning the main server right?


    • I don’t use Exim anymore, but I believe that I had a route_list configured to relay emails. Relayhost means the next server where you want to forward emails to, it may be the main server, or it may be just another relay.

  2. I have noticed that a null client doesnt require smtp to be enabled on the firewall ,which makes sense since no one is connecting to the server …

  3. Hi Tomas, will I fail the exam if I dont set the local_transport = error: local delivery disabled ?

  4. Hey Tomas, what about user-based security for SMTP? Are different smtpd_*_restrictions the exam objective?
    And what about mapping: virtual, relocated, transport…?

    • I appreciate you may have questions, but any exam objective related question is best raised directly with RedHat.

      You need to know smtpd_client_restrictions. Please take a look here, I’ve covered Postfix as well.

Leave a Reply

Your email address will not be published. Required fields are marked *