We are now going to configure Postfix to act as a Gateway or a relay if you like, to our main email server which is a Microsoft Exchange Server. This has dual benefits:
- The Exchange Server is not directly exposed to the internet
- The load on our Exchange Server is greatly reduced due to Greylisting being employed to eliminate a vast amount of bogus mail
We'll also install Clam as our anti-virus and Spamassassin. No need to install Postfix because is comes as the default mail server with CentOS since version 6.2 from memory. Let's begin:
yum install clamd spamassassin
Once installed ensure you update Clam AV:
freshclam
Once the update completes, start the Clam AV service:
service clamd start
Set the Clam AV service to start whenever the OS is rebooted:
chkconfig --level 235 clamd on
Now we'll allow port 25, 80 and 443 through the iptables firewall. You need to edit the file:
/etc/sysconfig/iptables
Under the entry "-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT" paste the following:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
Now restart the iptables service for the changes to take effect:
service iptables restart
To check the current iptables rules use the following:
iptables --list
You should see within the output something like the following:
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination
The following file needs to be edited to enable the Autowhitelist plugin of SpamAssassin:
/etc/mail/spamassassin/v310.pre
Find the line:
#loadplugin Mail::SpamAssassin::Plugin::AWL
Remove the # at the beginning of the above line to un-comment it, so you should now have:
loadplugin Mail::SpamAssassin::Plugin::AWL
We'll now start the Postfix configuration. Firstly, we'll make edits to the file located here:
/etc/postfix/main.cf
Find:
#mydomain = domain.tld
Un-comment the above line by removing the # and changing domain.tld to your domain. The following example is for our domain, but you would use your fully qualified domain name in place of mail.Matrix7.com.au.
mydomain = mail.Matrix7.com.au
Ensure you have un-commented the following line. (remove the #):
#inet_protocols = all
Critical: Ensure you have un-commented the following. (remove the #):
#inet_interfaces = all
Critical: Ensure you have commented the following to prevent the system only allowing port 25 requests from localhost. (place a # in front of the line):
inet_interfaces = localhost
You have completed part 2. Your Postfix installation is ready to accept mail. It just doesn't know what to do with it and we'll go over that in Part 3...
Go to Part 3
