Postfix is a high-performance, security-focused Mail Transfer Agent (MTA) that ships with RHEL 8 and is the default replacement for Sendmail. It handles the delivery of outbound email and, when configured correctly, accepts inbound mail for local users. Understanding Postfix is foundational for any RHEL administrator who needs to send system alerts, application notifications, or operate a full mail server. This tutorial covers installing Postfix, configuring the essential parameters in main.cf, opening the firewall, and testing delivery.
Prerequisites
- RHEL 8 server with a static IP address and a fully qualified hostname (e.g.,
mail.example.com) - A DNS
Arecord pointingmail.example.comto your server’s IP - An
MXrecord for your domain pointing tomail.example.com - Root or
sudoaccess - Firewalld running and active
Step 1 — Install Postfix
Postfix is available in the BaseOS repository. Install it along with the mailx utility for sending test messages.
dnf install -y postfix mailxVerify the installed version and confirm no other MTA is active.
postconf mail_version
alternatives --list | grep mtaStep 2 — Configure /etc/postfix/main.cf
The primary configuration file is /etc/postfix/main.cf. Edit the following parameters. Lines beginning with # are comments — uncomment or add these settings.
myhostname = mail.example.com
mydomain = example.com
myorigin = $mydomain
inet_interfaces = all
inet_protocols = ipv4
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 127.0.0.0/8, 192.168.1.0/24
home_mailbox = Maildir/
smtpd_banner = $myhostname ESMTPThe home_mailbox = Maildir/ setting stores messages in the modern Maildir format under each user’s home directory, which is compatible with Dovecot IMAP. The mynetworks setting controls which hosts are trusted to relay mail — restrict this to your internal network only to prevent open-relay abuse.
Step 3 — Enable and Start Postfix
Enable Postfix to start at boot and start it immediately.
systemctl enable --now postfix
systemctl status postfixCheck for any startup errors in the journal if the status shows a failure.
journalctl -u postfix --no-pager | tail -20Step 4 — Open the Firewall for SMTP
Allow inbound SMTP connections (port 25) through firewalld.
firewall-cmd --permanent --add-service=smtp
firewall-cmd --reload
firewall-cmd --list-servicesIf you also plan to support SMTP submission from mail clients, open port 587 as well: firewall-cmd --permanent --add-service=smtp-submission && firewall-cmd --reload.
Step 5 — Send a Test Email and Check Logs
Send a test message using the sendmail compatibility interface and confirm delivery.
echo "This is a test email from Postfix on RHEL 8" | sendmail [email protected]Watch the mail log in real time to verify that the message was accepted and delivered.
tail -f /var/log/maillogLook for lines containing status=sent for local delivery or status=deferred (which indicates a delivery attempt is queued). For local users, the delivered message will be in /home/username/Maildir/new/.
Step 6 — Configure Mail Aliases
Mail aliases redirect mail addressed to one account to another. The aliases file is /etc/aliases. Edit it to add redirections, then rebuild the alias database.
# /etc/aliases
postmaster: root
root: [email protected]newaliasesAfter running newaliases, Postfix reads the compiled binary database /etc/aliases.db. Any mail sent to postmaster or root will now be forwarded to the configured address.
Conclusion
Postfix is now installed and configured as a fully functional MTA on RHEL 8. It stores mail in Maildir format, restricts relaying to trusted networks, and logs all activity to /var/log/maillog. From here you can layer on TLS, authentication, and anti-spam measures to harden the installation.
Next steps: How to Install and Configure Dovecot IMAP Server on RHEL 8, How to Configure DKIM, SPF, and DMARC on RHEL 8, and How to Enable TLS on Postfix with Let’s Encrypt on RHEL 8.
