Configure Postfix
Set up an email server for the Intelligence Center before you proceed to configure email settings in the Intelligence Center system settings.
If you skip this step, you will still be able to configure email settings in the Intelligence Center. However, the Intelligence Center won’t be able to send any automatic notification messages, and it won’t be aware of any Intelligence Center user email addresses.
the Intelligence Center needs a configured email server to successfully create Intelligence Center users and to send password reset emails when users request it.
Dependencies
Postfix relies on Cyrus SASL to implement SASL (Simple Authentication and Security Layer).
Make sure the following Cyrus SASL components are installed on the system for Postfix to work as expected:
cyrus-sasl-lib-2.1.x or later
cyrus-sasl-plain-2.1.x or later
Install Cyrus SASL
The cyrus-sasl-plain package requires the cyrus-sasl-lib library.
To install Cyrus SASL on your system:
First, install the required Cyrus SASL library:
yum install cyrus-sasl-libThen, install the Cyrus SASL package supporting AUTH PLAIN and AUTH LOGIN authentication schemes:
yum install cyrus-sasl-plain
About Postfix
Postfix is the default email server shipped with the Intelligence Center.
If you want to enable email-based Intelligence Center features such as email notifications, first configure Postfix to handle email traffic.
Postfix configuration and setup may vary, depending on the target environment the Intelligence Center is installed on.
The following links point to relevant sections of the official Postfix documentation:
Postfix main.cf configuration file parameters
the Intelligence Center ships with an example Postfix configuration file you can use as a customizable template: /etc/postfix/main.cf
The default installation location of the Postfix configuration file is /etc/postfix.
The Postfix configuration file is main.cf.
Configure Postfix
To configure Postfix as the default email server for the Intelligence Center:
Open main.cf in a text editor:
vi/etc/postfix/main.cfExample main.cf file
myhostname = box11.platform.host.commydomain = platform.host.commyorigin = $mydomainmydestination =relayhost = [smtp.email.server.com]:587inet_interfaces = loopback-onlysmtp_sasl_security_options = noanonymoussmtp_sasl_auth_enable =yessmtp_use_tls =yessmtp_sasl_password_maps =hash:/etc/postfix/sasl_passwdsmtp_tls_policy_maps =hash:/etc/postfix/tls_policySet the configuration parameters to appropriate values for your system.
Links in the table below point to further details about the parameters on the Postfix official documentation.
Parameter
Description
Example
myhostname
Defines the host name of the Intelligence Center host server where Postfix is installed.
box11.platform.host.com
mydomain
Defines the internet name of the Intelligence Center host server where Postfix is installed
platform.host.com
myorigin
Defines the domain name to use as sent-from and send-to address for local email traffic.
Automatic email messages generated by system processes such as cronjobs use the myorigin value for this purpose.
$mydomain (domain with multiple machines)
$myhostname (domain with one machine)
mydestination
Defines the list of domains the email server accepts email from.
localhost
localhost.$mydomain
mail.$mydomain
www.$mydomain
ftp.$mydomain
relayhost
Defines the next-hop destination of non-local email.
It identifies the next email handler in the chain of email servers handling non-local email traffic.
Format: [smtp.domain.name]:port
[ smtp.email.server.com ]:587
inet_interfaces
Defines the network interface addresses Postfix receives mail on.
127.0.01
smtp_sasl_security_options
Defines one or more SASL security options for the SMTP client.
(Optional)
noplaintext
noactive
nodictionary
noanonymous
mutual_auth
smtp_sasl_auth_enable
Enables/Disables SASL authentication.
yes
no
smtp_use_tls
Enables/Disables a TLS layer when available on the remote server.
For more information, see the Postfix TLS Support official documentation.
yes
no
smtp_sasl_password_maps
Defines a lookup table with one or more lines, where each line contains a username:password pair, and a remote host name or a next-hop domain to identify:
The Remote host name, or the next-hop domain
The sender, by validating their username and password
(Optional)
For more information, see the Postfix official documentation.
# sasl_passwd file line examples: [ smtp.email.server.com ]:587 username:password example.com username:passwordsmtp_tls_policy_maps
Defines a lookup table with one or more SMTP client TLS security policies by next-hop destination.
(Optional)
For more information, see the smtp_tls_policy_maps entry in main.cf(5) - Linux man page.
# tls_policy file line examples: [ smtp.email.server.com ]:587 encrypt example.gov encrypt protocols=TLSv1 example.com verify ciphers=high example.net secure
Create the password map
/etc/postfix/sasl_passwd is a text file containing a lookup table file to map the following information:
Next-hop domain or destination SMTP host
Email sender username
Email sender password
To add an entry to the /etc/postfix/sasl_passwd:
Open the file in a text editor:
nano/etc/postfix/sasl_passwdEnter the next-hop domain or destination SMTP host, email sender username, and email sender password in the following format:
[mail.isp.example] username:passwordOptionally, you can specify a custom TCP port – the default mail submission port is 587:
[mail.isp.example]:587username:password
Create the hash file
Create the hash db file for Postfix by running the postmap command:
postmap /etc/postfix/sasl_passwdThe command creates a new file: /etc/postfix/sasl_passwd.db.
Every time you make changes to /etc/postfix/sasl_passwd, you need to run the postmap command.
Start and enable the service
Enable the Postfix service to automatically start at system boot:
systemctlenablepostfixStart the Postfix service:
systemctl restart postfixVerify that Postfix is up and running by checking the status:
systemctl status postfix
Check file ownership
The default owner of /etc/postfix is root:root.