Updated: 2024/05/26

Install, start and enable Postfix:
dnf install postfix
systemctl start postfix
systemctl enable postfix

Enable TCP/25 through the firewall:
firewall-cmd --zone=public --permanent --add-port=25/tcp
firewall-cmd --reload

Configure the basics in main.cf:
myhostname = smtp.domain.com
mydestination = localhost
mynetworks = 192.168.0.0/24 127.0.0.0/8
relay_domains = domain.com,domain.net

Configure TLS in main.cf:
# Public key
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
# Private key
smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
# TLS is optional for inbound
smtpd_tls_security_level = may
# Certificate authorities
smtp_tls_CApath = /etc/pki/tls/certs
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
# Opportunistic TLS for outbound
smtp_tls_security_level = may

Configure basic filtering and RBLs in main.cf:
smtpd_client_restrictions =
 reject_rbl_client zen.spamhaus.org,
 reject_rbl_client bl.spamcop.net,
 reject_rbl_client combined.rbl.msrbl.net,
 reject_invalid_helo_hostname,
 reject_non_fqdn_helo_hostname,
 reject_non_fqdn_sender,
 reject_non_fqdn_recipient,
 reject_unknown_sender_domain,
 reject_unauth_pipelining


Home > Build Procedures > Postfix SMTP gateway for Exchange on Rocky 9