In this comprehensive guide, we’ll configure a full-featured Postfix email server on AlmaLinux 9 with SASL authentication. This setup allows authenticated users to send emails securely, making it ideal for personal servers or small business environments. We’ll cover installation, configuration, security hardening, and testing.<\/p>\n
Postfix is a powerful, open-source mail transfer agent (MTA) known for its security and reliability. Enabling SASL authentication lets users authenticate before sending emails, preventing unauthorized relaying and enhancing control over your mail server.<\/p>\n
yourdomain.com<\/code> with your actual domain)<\/li>\n- Basic knowledge of Linux command-line operations<\/li>\n<\/ul>\n
1. Install and Initialize Postfix<\/h2>\nsudo dnf update -y\nsudo dnf install postfix -y\n\n# Enable and start the service\nsudo systemctl enable --now postfix\nsudo systemctl status postfix\n<\/code><\/pre>\n2. Configure Core Postfix Settings<\/h2>\n
Edit \/etc\/postfix\/main.cf<\/code> to define server behavior and security parameters:<\/p>\n# Server Identity\nmyhostname = mail.yourdomain.com\nmydomain = yourdomain.com\nmyorigin = $mydomain\n\n# Network Configuration\ninet_interfaces = all # Listen on all interfaces (adjust based on your security requirements)\ninet_protocols = all # Enable IPv4\/IPv6\n\n# Mail Delivery Rules\nmydestination = $myhostname, localhost.$mydomain, localhost, $mydomain\nmynetworks =127.0.0.0\/8 [::1]\/128 # Restrict unauthenticated relaying to localhost\n\n# Mail Storage\nhome_mailbox = Maildir\/ # Use Maildir format for email storage\n\n# SMTP Banner\nsmtpd_banner = $myhostname ESMTP Postfix\n<\/code><\/pre>\nVerify syntax and apply changes:<\/p>\n
sudo postfix check\nsudo systemctl reload postfix\n<\/code><\/pre>\n3. Enable SASL Authentication<\/h2>\n
Install SASL libraries and configure PAM authentication:<\/p>\n
# Install SASL packages\nsudo dnf install cyrus-sasl cyrus-sasl-plain -y\n\n# Configure SASL daemon\necho 'MECH=pam' | sudo tee -a \/etc\/sysconfig\/saslauthd\nsudo systemctl enable --now saslauthd\nsudo systemctl status saslauthd\n<\/code><\/pre>\n4. Configure Postfix to Use SASL<\/h2>\n
Modify \/etc\/postfix\/main.cf<\/code> to enable authentication and restrict relay access:<\/p>\n# Enable SASL authentication\nsmtpd_sasl_auth_enable = yes\n\n# Security policies\nsmtpd_sasl_security_options = noanonymous\nbroken_sasl_auth_clients = yes # Enable compatibility with older clients\n\n# Relay control: Allow authenticated users\nsmtpd_recipient_restrictions =\npermit_mynetworks,\npermit_sasl_authenticated,\nreject_unauth_destination\n<\/code><\/pre>\nCreate the SASL configuration file:<\/p>\n
sudo mkdir -p \/etc\/sasl2\necho -e \"pwcheck_method: saslauthd\\nmech_list: plain login\" | sudo tee \/etc\/sasl2\/smtpd.conf\nsudo systemctl reload postfix\n<\/code><\/pre>\n5. Create User Accounts for Authentication<\/h2>\n
Add a user account to test authentication:<\/p>\n
sudo adduser newuser\nsudo passwd newuser\n<\/code><\/pre>\n6. Test the Configuration<\/h2>\n
Install Swaks, a command-line SMTP testing tool:<\/p>\n
sudo dnf install epel-release -y\nsudo dnf install swaks\n\n# Test authentication and email delivery\nswaks \\\n--server localhost \\\n--port25 \\\n--helo smtp.server.com \\\n--to test@yourdomain.com \\\n--from test2@yourdomain.com \\\n--auth LOGIN \\\n--auth-user newuser \\\n--auth-password 'your_secure_password' \\\n--tls \\\n--body \"Subject: Test Email via Swaks\\n\\nThis is a test message.\"\n<\/code><\/pre>\nCritical Security Considerations<\/h2>\n\n- Restrict
mynetworks<\/code>:<\/strong> Only allow trusted networks to bypass authentication.<\/li>\n<\/ul>\nTags: `Postfix, AlmaLinux9, SASL Authentication, Email Server, Linux Configuration, Cyrus SASL, SMTP Authentication, Systemd Services, Mail Server Setup, Email Security, Swaks Testing Tool, Linux Command Line, Maildir, EPEL Repository, PAM Authentication, Postfix Configuration, User Management, Network Security, SMTP Relay, Installation Guide, Configuration Guide, Linux System Administration, Open Source Tools, Security Best Practices`<\/p>\n","protected":false},"excerpt":{"rendered":"
Setting Up a Secure Postfix Mail Server with Authentication on AlmaLinux 9 In this comprehensive guide, we’ll configure a full-featured Postfix email server on AlmaLinux 9 with SASL authentication. This setup allows authenticated users to send emails securely, making it ideal for personal servers or small business environments. We’ll cover installation, configuration, security hardening, and … Continue reading “Setting Up a Secure Postfix Mail Server with Authentication on AlmaLinux 9”<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[13,211],"tags":[],"_links":{"self":[{"href":"https:\/\/mellowhost.com\/blog\/wp-json\/wp\/v2\/posts\/963"}],"collection":[{"href":"https:\/\/mellowhost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mellowhost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mellowhost.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/mellowhost.com\/blog\/wp-json\/wp\/v2\/comments?post=963"}],"version-history":[{"count":4,"href":"https:\/\/mellowhost.com\/blog\/wp-json\/wp\/v2\/posts\/963\/revisions"}],"predecessor-version":[{"id":967,"href":"https:\/\/mellowhost.com\/blog\/wp-json\/wp\/v2\/posts\/963\/revisions\/967"}],"wp:attachment":[{"href":"https:\/\/mellowhost.com\/blog\/wp-json\/wp\/v2\/media?parent=963"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mellowhost.com\/blog\/wp-json\/wp\/v2\/categories?post=963"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mellowhost.com\/blog\/wp-json\/wp\/v2\/tags?post=963"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}