Configure Postfix#
Set up an email server for EclecticIQ Intelligence Center before you proceed to configure email settings in EclecticIQ Intelligence Center system settings.
If you skip this step, you will still be able to configure email settings in EclecticIQ Intelligence Center. However, EclecticIQ Intelligence Center won’t be able to send any automatic notification messages, and it won’t be aware of any Intelligence Center user email addresses.
EclecticIQ Intelligence Center needs a configured email server to successfully create Intelligence Center users and to send password reset emails when users request it.
Dependencies#
Postfix relies on Cyrus SASL to implement SASL (Simple Authentication and Security Layer).
Make sure the following Cyrus SASL components are installed on the system for Postfix to work as expected:
cyrus-sasl-lib-2.1.xor latercyrus-sasl-plain-2.1.xor later
Install Cyrus SASL#
The cyrus-sasl-plain package requires the
cyrus-sasl-lib library.
To install Cyrus SASL on your system:
First, install the required Cyrus SASL library:
yum install cyrus-sasl-lib
Then, install the Cyrus SASL package supporting
AUTH PLAINandAUTH LOGINauthentication schemes:yum install cyrus-sasl-plain
About Postfix#
Postfix is the default email server shipped with the Intelligence Center.
If you want to enable email-based Intelligence Center features such as email notifications, first configure Postfix to handle email traffic.
Postfix configuration and setup may vary, depending on the target environment EclecticIQ Intelligence Center is installed on.
The following links point to relevant sections of the official Postfix documentation:
Postfix
main.cfconfiguration file parameters
EclecticIQ Intelligence Center ships with an example Postfix configuration
file you can use as a customizable template:
/etc/postfix/main.cf
The default installation location of the Postfix configuration file is
/etc/postfix.The Postfix configuration file is
main.cf.
Configure Postfix#
To configure Postfix as the default email server for the Intelligence Center:
Open
main.cfin a text editor:vi /etc/postfix/main.cfExample main.cf file
myhostname = box11.platform.host.com mydomain = platform.host.com myorigin = $mydomain mydestination = relayhost = [smtp.email.server.com]:587 inet_interfaces = loopback-only smtp_sasl_security_options = noanonymous smtp_sasl_auth_enable = yes smtp_use_tls = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
Set the configuration parameters to appropriate values for your system.
Links in the table below point to further details about the parameters on the Postfix official documentation.
Parameter
Description
Example
myhostnameDefines the host name of EclecticIQ Intelligence Center host server where Postfix is installed.
box11.platform.host.commydomainDefines the internet name of EclecticIQ Intelligence Center host server where Postfix is installed
platform.host.commyoriginDefines the domain name to use as sent-from and send-to address for local email traffic.
Automatic email messages generated by system processes such as cronjobs use the myorigin value for this purpose.
$mydomain(domain with multiple machines)$myhostname(domain with one machine)mydestinationDefines the list of domains the email server accepts email from.
localhostlocalhost.$mydomainmail.$mydomainwww.$mydomainftp.$mydomainrelayhostDefines the next-hop destination of non-local email.
It identifies the next email handler in the chain of email servers handling non-local email traffic.
Format:
[smtp.domain.name]:port[ smtp.email.server.com ]:587inet_interfacesDefines the network interface addresses Postfix receives mail on.
127.0.01smtp_sasl_security_optionsDefines one or more SASL security options for the SMTP client.
(Optional)
noplaintextnoactivenodictionarynoanonymousmutual_authsmtp_sasl_auth_enableEnables/Disables SASL authentication.
yesnosmtp_use_tlsEnables/Disables a TLS layer when available on the remote server.
For more information, see the Postfix TLS Support official documentation.
yesnosmtp_sasl_password_mapsDefines a lookup table with one or more lines, where each line contains a username:password pair, and a remote host name or a next-hop domain to identify:
The Remote host name, or the next-hop domain
The sender, by validating their username and password
(Optional)
For more information, see the Postfix official documentation.
# sasl_passwd file line examples: [ smtp.email.server.com ]:587 username:password example.com username:password
smtp_tls_policy_maps
Defines a lookup table with one or more SMTP client TLS security policies by next-hop destination.
(Optional)
For more information, see the smtp_tls_policy_maps entry in main.cf(5) - Linux man page.
# tls_policy file line examples: [ smtp.email.server.com ]:587 encrypt example.gov encrypt protocols=TLSv1 example.com verify ciphers=high example.net secure
Create the password map#
/etc/postfix/sasl_passwd is a text file containing a
lookup table file to map the following information:
Next-hop domain or destination SMTP host
Email sender username
Email sender password
To add an entry to the /etc/postfix/sasl_passwd:
Open the file in a text editor:
nano /etc/postfix/sasl_passwdEnter the next-hop domain or destination SMTP host, email sender username, and email sender password in the following format:
[mail.isp.example] username:password
Optionally, you can specify a custom TCP port – the default mail submission port is 587:
[mail.isp.example]:587 username:password
Create the hash file#
Create the hash db file for Postfix by running the postmap command:
postmap /etc/postfix/sasl_passwd
The command creates a new file:
/etc/postfix/sasl_passwd.db.
Every time you make changes to /etc/postfix/sasl_passwd,
you need to run the postmap command.
Start and enable the service#
Enable the Postfix service to automatically start at system boot:
systemctl enable postfix
Start the Postfix service:
systemctl restart postfix
Verify that Postfix is up and running by checking the status:
systemctl status postfix
Check file ownership#
The default owner of /etc/postfix is root:root.