Email - Postfix


Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), TLS

The postfix installation install also an alias to the sendmail command line.

Security / Privileges

SMTP servers need to decide whether an SMTP client is authorized to send mail:

  • to remote destinations,
  • or only to destinations that the server itself is responsible for.

Once a remote client is authenticated, a server generally give the same network privileges.

Relaying is allowed only for authenticated users, and IP addresses you specify in mynetworks.


See Postfix - Architecture (Processes)


nmap -Pn -p T:25 server
Starting Nmap 7.80 ( ) at 2020-06-15 13:54 W. Europe Daylight Time
Nmap scan report for (xxxxxx)
Host is up.

25/tcp filtered smtp

Nmap done: 1 IP address (1 host up) scanned in 3.16 seconds



Which mail should be saved on the machine

  • If you don't want to store email for a specific domain on the server leave it untouch
mydestination = $myhostname, localhost.$mydomain, localhost


postconf.5.html: Example of value and their consequence

  • all
netstat -tulpn | egrep (master|:25)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0    *               LISTEN      5611/master

netstat -tulpn | egrep (master|:25)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0  *               LISTEN      2413/master
tcp        0      0*               LISTEN      2413/master


The home_mailbox parameter specifies the optional pathname of a mailbox file relative to a user's home directory. The default mailbox file is /var/spool/mail/user or /var/mail/user.

home_mailbox = Mailbox
# for qmail-style delivery (the / is required).
home_mailbox = Maildir/ 


  • Maildir separates messages into individual files that are then moved between directories based on user action.
  • Mailbox stores all messages within a single file.


Postfix - Virtual Aliasing (Email Redirect)

Sasl authentication

With Sasl:

  • a remote SMTP client can authenticate to the Postfix SMTP server,
  • the Postfix SMTP client can authenticate to a remote SMTP server

More Postfix - SASL (SMTP Authorization)


default to (CONNECT, GET, POST)

List of commands that cause the Postfix SMTP server to immediately terminate the session with a 221 code.


postconf mail_version
# or
yum info postfix


  • /var/log/maillog
  • /var/log/messages – Contains global system messages, including the messages that are logged during system startup.


Task Runner