How to Set Up an Email Server on Rocky Linux with Postfix
If you've ever wanted to host your own email server, you're in luck because Rocky Linux makes that process not only possible but also not too terribly hard. Why would you want to run your own mail server? There are a number of reasons, one of which is control. You might not want to hand over control of your email to a third-party host. This is especially true if you send sensitive information and don't want it stored on someone else's servers.
You might also have a website (hosted on another internal Rocky Linux server) that requires the sending of email. For example, you could have a WordPress site setup that requires the sending of password reset notifications. Without an SMTP server, that's not possible. Sure, you could always use Google's Gmail servers, but why not use your own?
We're going to walk you through the basic setup of the Postfix SMTP server. Before you do that, however, you must take care of a few steps, some of which will vary, depending on the company hosting your DNS records.
Let's get to it.
Configuring the hostname and DNS records
The first thing to do is configure the hostname on your Rocky Linux server. I'm going to use the tried-and-true example.com for this how-to.
To configure your hostname, log into Rocky Linux and open a terminal window. Let's say you want to set the hostname to mail.example.com. For that, issue the command:
sudo hostnamectl set-hostname mail.example.com
Log out and log back in so the changes take effect.
How you take care of the next step will depend on the service hosting your DNS. You'll most likely have to consult their documentation to find out how it's done. Either way, you must also consider Sender Policy Framework (SPF), which is a way for a domain to list all of the services that are used to send emails. This is like a publicly-available directory that makes it possible to confirm that an employee actually works for an organization. Another issue to think about is DKIM, which stands for DomainKeys Identified Mail and enables domain owners to automatically "sign" emails from their domain. Think of this as a means to confirm (via a digital signature) that an email did in fact come from the specified domain.
You will also need to create an A or AAAA record, which maps the FQDN to the IP address of your server. That record will look something like this:
mail.example.com IP
where the IP address is the external IP address of your mail server. If your mail server doesn't have an external IP address, you'll have to map the proper external address and port number so that it is routed through your LAN to the mail server. How this is accomplished will depend on the hardware you use on your network.
In addition to the MX and A (and/or AAAA) records, you should ensure that you have reverse DNS setup for your mail server to help with the deliverability of your email. Without proper rDNS, some providers will refuse your email, and you may have issues with both sending and receiving mail. You can use a tool like MXToolbox’s Email Health to check your domain and mail server for common reachability and deliverability misconfigurations.
If you're unsure how to get these items configured, consult with your DNS provider and the manufacturer of your network hardware.
Configure SELinux
Go back to your Rocky Linux instance and make sure SELinux is enabled with the command:
sestatus
If you find it listed as disabled, enable it by opening the SELinux configuration file with the command:
sudo nano /etc/selinux/config
Locate the following line:
SELINUX=disabled
Change that to:
SELINUX=enforcing
Save and close the file. Reboot your Rocky Linux machine so the changes take effect.
Install Postfix
It's time to install Postfix. This software is found in the standard repository, so installing it can be done with the command:
sudo dnf install postfix -y
Once the installation is complete, start and enable the service with:
sudo systemctl enable --now postfix
Configure Postfix
We now have to configure Postfix. One thing to keep in mind is that we're configuring Postfix to only send email, not receive it (as that is a far more complicated topic that requires considerable setup time and understanding to prevent the server from becoming an open relay, which could lead to a serious spam issue). Because of this, we can skip setting up Postfix to listen and instead go right to the hostname.
The Postfix hostname must be set to match the system hostname. Again, we'll use the mail.example.com address (so make sure to change this to match your hostname). Set that hostname with the command:
sudo postconf -e "myhostname = mail.yourdomain.com"
Make sure to check that the apex domain (aka root domain) is correct with the command:
postconf mydomain
The apex domain for our example should be listed as example.com. If not, set it with:
sudo postconf -e "mydomain = example.com"
Here are the rest of the configuration commands you'll need to run:
-
Set the myorigin parameter with sudo postconf -e "myorigin = example.com"
-
Set the mydestination parameter with sudo postconf -e "mydestination = example.com, $myhostname, localhost.$mydomain, localhost"
With these taken care of, restart Postfix with:
sudo systemctl restart postfix
Open the firewall
The next step is to open the firewall for port 25, which can be done with the command:
sudo firewall-cmd --permanent --add-port=25/tcp
Reload the firewall with:
sudo systemctl reload firewalld
Test the setup
Now that everything is set up, test Postfix by sending an email from the command line like so:
echo "Rocky Linux Rocks" | sendmail EMAIL
Where EMAIL is a valid email address.
If you receive the email, congratulate yourself on a job well done. If the email fails to arrive, you might need to verify if your DNS records are correct and the changes have taken effect (they can take up to 24 hours). You can also check the maillog with a command like:
tail -f /var/log/maillog
With the tail running, open another terminal window and attempt to send another email to see what kind of logs are written. From that information, you can start troubleshooting any issues that are causing problems.