Configure Postfix to Forward Mail to a Central Relay Server

Rather than having individual Linux systems in your network sending mail out directly to the Internet, we can instead configure them to forward mail to a central mail relay server. Such systems are known as null clients, and these do not accept local delivery of any messages, they only forward mail out to a relay server.

This has various benefits, such as centralizing mail logs onto one server and only requiring the firewall to allow outbound port 25 for SMTP on one server rather than allowing all servers to connect out to the Internet on port 25. This means that the mail relay server can sit inside your DMZ network to send mail out while access remains locked down to the rest of your internal network.

Here we are going to cover how to configure a null client by using Postfix to forward mail to a central relay server that exists in our local network. In this instance we will be assuming that Postfix or some other mail program has already been set up and configured on the mail relay server to send mail out to the Internet, we are only concerned with configuring Postfix to send mail out via the relay here.

The central mail relay server is also configured to allow unauthenticated messages from within our local network. In a production environment if your mail relay server is accessible from the Internet ensure that authentication is configured, otherwise anyone will be able to send mail through your relay which will get your server black listed quite fast as it will be used to send spam.


Red Hat Certified Engineer RHCE Video Course
Studying for your RHCE certification? Checkout our RHCE video course over at Udemy which is 20% off when you use the code ROOTUSER.


Example Environment

Here is a quick look at our example environment which should give you an idea of how this will work.

  • Null Client: 192.168.0.5
  • Mail Relay Server: 192.168.0.25

The null client is where we will be working, we will install and configure Postfix on the null client to forward messages to the mail relay server. The mail relay server will then send the message to the intended destination over the Internet. In this example we only have one null client forwarding mail to the relay server, however this could scale to work with hundreds or thousands of null clients all forwarding mail out through a central mail relay server.

The central mail server will accept messages from the null client and perform a DNS lookup on the destination email addresses domain to resolve the MX record. The mail relay server will then attempt to connect to the server specified in the MX record over TCP port 25 by default which is the port for SMTP and deliver the message to the intended destination.

Install Postfix

To begin you will need to first install Postfix on the null client Linux system if it is not already there, this can be done via yum as shown below.

yum install postfix -y

Ensure that Postfix start up automatically on boot, and also start it up now.

systemctl enable postfix
systemctl start postfix

For further information regarding service management with systemctl, see our guide here.

Configuring Postfix

Now that Postfix has been installed and is running on the null client system we need to configure Postfix.

The main configuration file for Postfix is /etc/postfix/main.cf, we can either edit this file directly with a text editor, or we can make use of the ‘postconf -e’ command.

After any changes have been made to this configuration file, Postfix must be either restarted or reloaded in order to apply the configuration changes. A summary of all configuration settings can be display by running ‘postconf’.

Below are the particular settings that we will be setting on our null client.

  • inet_interfaces = loopback-only – This controls the network interfaces that Postfix listens on, the default is localhost however we have modified this to loopback-only as we only want the local server at 127.0.0.1 and ::1 to be able to send messages. Note that if this parameter is changed you will need to restart Postfix, a reload will not apply interface changes.
  • mydestination= – This configures the null client to not act as an end point for any mail domains, as we are configuring a null client set this to be blank.
  • myhostname = hostname – This specifies the hostname of the server for postfix to use, replace hostname with the name of your server if using $myhostname for myorigin as outlined below.
  • mynetworks=127.0.0.0/8 [::1]/128 – This allows mail messages originating from localhost, that is the null client itself, to be a trusted SMTP client.
  • myorigin = $myhostname – This is the domain name that all sent mail will appear as coming from, by default mail will appear as coming from the hostname of the server however you can change this to a particular domain name for example.
  • relayhost = 192.168.0.25 – This tells postfix where the relay server is, this is where Postfix will forward mail to.
  • local_transport=error: local delivery disabled – Local mail delivery is off as we are forwarding through a mail relay server.

For further information on the settings within the Postfix configuration check the manual page by running ‘man 5 postconf’.

To perform a syntax check of the Postfix configuration, run ‘postfix check’ as shown below. I have manually added a line to /etc/postfix/main.cf with the text of ‘testing’ which is invalid to test if this would be picked up, which it has.

[root@centos ~]# postfix check
postfix: fatal: /etc/postfix/main.cf, line 1-30: missing '=' after attribute name: "testing"

This is useful for finding any mistakes in the configuration that will prevent Postfix from working correctly.

As our changes above have modified inet_interfaces, Postfix must be restarted rather than reloaded to apply these changes.

systemctl restart postfix

Testing Postfix

Now that we have configured Postfix as a null client to forward all mail through to the relay server at 192.168.0.25 we will perform a test by sending a test message as shown below.

echo "Testing" | mail -s "Test Message" [email protected]

Note that the firewall on the mail relay server will need to accept inbound TCP port 25 connections from our null client IP addresses.

Now that we have sent our test message we will take a look at the mail log file in /var/log/maillog. This file is full of useful information and should be used when troubleshooting Postfix mail problems.

Aug 29 22:54:14 localhost postfix/pickup[15220]: B24C921CCDDF: uid=0 from=<root>
Aug 29 22:54:14 localhost postfix/cleanup[15363]: B24C921CCDDF: message-id=<20150830055414.B24C921CCDDF@nullclient>
Aug 29 22:54:14 localhost postfix/qmgr[15221]: B24C921CCDDF: from=<[email protected]>, size=435, nrcpt=1 (queue active)
Aug 29 22:54:14 localhost postfix/smtp[15365]: B24C921CCDDF: to=<[email protected]>, relay=192.168.0.25[192.168.0.25]:25, delay=0.01, delays=0/0/0/0, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as B310121CCDD2)
Aug 29 22:54:14 localhost postfix/qmgr[15221]: B24C921CCDDF: removed

These log messages were found which correspond with our test message, we can see that our ‘nullclient’ system has sent a message to [email protected] and used 192.168.0.25 as the relay server which was sent. To further follow the process we could then check the mail log on the relay server to confirm if the message has correctly sent out to the Internet, however in this instance we have confirmed that our message has reached the central mail relay server as intended.

If the message does not send correctly it should remain in the mail queue which can be viewed with the commands ‘mailq’ or ‘postqueue -p’. To attempt to resend all messages in the queue use ‘postqueue -f’.

Summary

By configuring Postfix as a null client on a Linux system we have been able to forward all mail messages to a mail relay server which will then complete delivery of our messages.


This post is part of our Red Hat Certified Engineer (RHCE) exam study guide series. For more RHCE related posts and information check out our full RHCE study guide.

  1. myorigin = $myhostname

    should be myorigin = $mydomain

    if not changed, the email address will be [email protected]

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>