CentOS 6.4 Email Gateway (Part 2)

We are now going to configure Postfix to act as a Gateway or a relay if you like, to our main email server which is a Microsoft Exchange Server. This has dual benefits:

  1. The Exchange Server is not directly exposed to the internet
  2. The load on our Exchange Server is greatly reduced due to Greylisting being employed to eliminate a vast amount of bogus mail

We'll also install Clam as our anti-virus and Spamassassin. No need to install Postfix because is comes as the default mail server with CentOS since version 6.2 from memory. Let's begin:

yum install clamd spamassassin

Once installed ensure you update Clam AV:

freshclam

Once the update completes, start the Clam AV service:

service clamd start

Set the Clam AV service to start whenever the OS is rebooted:

chkconfig --level 235 clamd on

Now we'll allow port 25, 80 and 443 through the iptables firewall. You need to edit the file:

/etc/sysconfig/iptables

Under the entry "-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT" paste the following:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

Now restart the iptables service for the changes to take effect:

service iptables restart

To check the current iptables rules use the following:

iptables --list

You should see within the output something like the following:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

The following file needs to be edited to enable the Autowhitelist plugin of SpamAssassin:

/etc/mail/spamassassin/v310.pre

Find the line:

#loadplugin Mail::SpamAssassin::Plugin::AWL

Remove the # at the beginning of the above line to un-comment it, so you should now have:

loadplugin Mail::SpamAssassin::Plugin::AWL

We'll now start the Postfix configuration. Firstly, we'll make edits to the file located here:

/etc/postfix/main.cf

Find:

#mydomain = domain.tld

Un-comment the above line by removing the # and changing domain.tld to your domain. The following example is for our domain, but you would use your fully qualified domain name in place of mail.Matrix7.com.au.

mydomain = mail.Matrix7.com.au

Ensure you have un-commented the following line. (remove the #):

#inet_protocols = all

Critical: Ensure you have un-commented the following. (remove the #):

#inet_interfaces = all

Critical: Ensure you have commented the following to prevent the system only allowing port 25 requests from localhost. (place a # in front of the line):

inet_interfaces = localhost

You have completed part 2. Your Postfix installation is ready to accept mail. It just doesn't know what to do with it and we'll go over that in Part 3...

No Comments Yet.

Leave a comment