How to Install and Configure Postfix Mail Server on RHEL 9

November 28, 2025
Linux
Comment off

Postfix is a high-performance, open-source Mail Transfer Agent (MTA) that handles the sending and receiving of email over SMTP. It is the default MTA on many Linux distributions and integrates cleanly with the rest of the RHEL 9 mail stack, including Dovecot for IMAP delivery and OpenDKIM for email authentication. This tutorial covers installing Postfix, configuring main.cf for a functioning mail server, enabling TLS, configuring the submission port, and testing end-to-end delivery. All commands require sudo or a root shell.

Prerequisites

A RHEL 9 server with a static IP and a valid fully-qualified domain name (FQDN) in DNS
DNS MX record pointing to your server’s hostname
sudo or root access
TLS certificate and key files (can be self-signed for testing; use Let’s Encrypt for production)

Step 1 — Install Postfix and Mail Utilities

Install the postfix package along with mailx (the mail command) for sending test messages from the shell.

sudo dnf install -y postfix mailx

# If a previous MTA is installed (e.g. sendmail), disable it first
sudo systemctl disable --now sendmail 2>/dev/null || true

# Set Postfix as the system MTA
sudo alternatives --set mta /usr/sbin/sendmail.postfix

Step 2 — Configure /etc/postfix/main.cf

The primary Postfix configuration file is /etc/postfix/main.cf. Back it up, then set the key parameters for your server. Substitute mail.example.com and example.com with your own hostname and domain.

sudo cp /etc/postfix/main.cf /etc/postfix/main.cf.bak
sudo postconf -e "myhostname = mail.example.com"
sudo postconf -e "mydomain = example.com"
sudo postconf -e "myorigin = $mydomain"
sudo postconf -e "inet_interfaces = all"
sudo postconf -e "inet_protocols = ipv4"
sudo postconf -e "mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain"
sudo postconf -e "mynetworks = 127.0.0.0/8, 192.168.1.0/24"
sudo postconf -e "home_mailbox = Maildir/"
sudo postconf -e "smtpd_banner = $myhostname ESMTP"
sudo postconf -e "biff = no"
sudo postconf -e "append_dot_mydomain = no"

The mynetworks parameter defines which IP ranges Postfix will relay mail for without requiring authentication — keep this restricted to trusted networks. The home_mailbox = Maildir/ setting tells Postfix to deliver to Maildir format, which Dovecot also expects.

Step 3 — Configure TLS Encryption

Enable TLS for both incoming (smtpd) and outgoing (smtp) connections. For testing you can generate a self-signed certificate; in production use a certificate signed by a trusted CA.

# Generate a self-signed certificate (production: use Let's Encrypt)
sudo openssl req -newkey rsa:2048 -nodes 
  -keyout /etc/pki/tls/private/postfix.key 
  -x509 -days 365 
  -out /etc/pki/tls/certs/postfix.crt 
  -subj "/CN=mail.example.com"

# Configure Postfix to use TLS
sudo postconf -e "smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.crt"
sudo postconf -e "smtpd_tls_key_file = /etc/pki/tls/private/postfix.key"
sudo postconf -e "smtpd_tls_security_level = may"
sudo postconf -e "smtp_tls_security_level = may"
sudo postconf -e "smtpd_tls_loglevel = 1"
sudo postconf -e "smtpd_tls_received_header = yes"

Step 4 — Enable the Submission Port in master.cf

Mail clients use port 587 (submission) to send outgoing email with authentication. Uncomment the submission service in /etc/postfix/master.cf:

sudo vi /etc/postfix/master.cf

Locate the submission block (it begins with #submission) and uncomment it so it reads:

submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

Step 5 — Start Postfix and Open Firewall Ports

# Enable and start Postfix
sudo systemctl enable --now postfix
sudo systemctl status postfix

# Open SMTP (25) and submission (587) ports
sudo firewall-cmd --permanent --add-service=smtp
sudo firewall-cmd --permanent --add-port=587/tcp
sudo firewall-cmd --reload

Step 6 — Test Mail Delivery

Send a test email to a local user using the mail command, then check that the message was delivered to the user’s Maildir.

# Send a test message
echo "This is a test email from Postfix" | mail -s "Postfix Test" localuser@localhost

# Check the mail log for delivery confirmation
sudo tail -f /var/log/maillog

# Verify the message landed in the Maildir
ls -la /home/localuser/Maildir/new/

A successful delivery shows a log line containing status=sent and a new file appearing under Maildir/new/.

Conclusion

You have installed Postfix on RHEL 9, configured main.cf with the correct hostname, domain, relay networks, and Maildir delivery, added TLS certificates, enabled the submission port in master.cf, started the service, and tested local delivery. Postfix is now ready to serve as the outbound and inbound SMTP server for your domain. For a complete mail server, pair it with Dovecot for IMAP access and OpenDKIM for email authentication.

Next steps: How to Install and Configure Dovecot IMAP Server on RHEL 9, How to Configure DKIM, SPF, and DMARC on RHEL 9, and How to Set Up a DNS Server with BIND9 on RHEL 9.