Configure Postfix#

Set up an email server for EclecticIQ Intelligence Center before you proceed to configure email settings in EclecticIQ Intelligence Center system settings.

If you skip this step, you will still be able to configure email settings in EclecticIQ Intelligence Center. However, EclecticIQ Intelligence Center won’t be able to send any automatic notification messages, and it won’t be aware of any Intelligence Center user email addresses.

EclecticIQ Intelligence Center needs a configured email server to successfully create Intelligence Center users and to send password reset emails when users request it.

Dependencies#

Postfix relies on Cyrus SASL to implement SASL (Simple Authentication and Security Layer).

Make sure the following Cyrus SASL components are installed on the system for Postfix to work as expected:

  • cyrus-sasl-lib-2.1.x or later

  • cyrus-sasl-plain-2.1.x or later

Install Cyrus SASL#

The cyrus-sasl-plain package requires the cyrus-sasl-lib library.

To install Cyrus SASL on your system:

  1. First, install the required Cyrus SASL library:

    yum install cyrus-sasl-lib
    
  2. Then, install the Cyrus SASL package supporting AUTH PLAIN and AUTH LOGIN authentication schemes:

    yum install cyrus-sasl-plain
    

About Postfix#

Postfix is the default email server shipped with the Intelligence Center.

If you want to enable email-based Intelligence Center features such as email notifications, first configure Postfix to handle email traffic.

Postfix configuration and setup may vary, depending on the target environment EclecticIQ Intelligence Center is installed on.

The following links point to relevant sections of the official Postfix documentation:

EclecticIQ Intelligence Center ships with an example Postfix configuration file you can use as a customizable template: /etc/postfix/main.cf

  • The default installation location of the Postfix configuration file is /etc/postfix.

  • The Postfix configuration file is main.cf.

Configure Postfix#

To configure Postfix as the default email server for the Intelligence Center:

  1. Open main.cf in a text editor:

    vi /etc/postfix/main.cf
    

    Example main.cf file

    myhostname = box11.platform.host.com
    mydomain = platform.host.com
    myorigin = $mydomain
    mydestination =
    
    relayhost = [smtp.email.server.com]:587
    inet_interfaces = loopback-only
    
    smtp_sasl_security_options = noanonymous
    smtp_sasl_auth_enable = yes
    smtp_use_tls = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
    
  2. Set the configuration parameters to appropriate values for your system.

    Links in the table below point to further details about the parameters on the Postfix official documentation.

    Parameter

    Description

    Example

    myhostname

    Defines the host name of EclecticIQ Intelligence Center host server where Postfix is installed.

    box11.platform.host.com

    mydomain

    Defines the internet name of EclecticIQ Intelligence Center host server where Postfix is installed

    platform.host.com

    myorigin

    Defines the domain name to use as sent-from and send-to address for local email traffic.

    Automatic email messages generated by system processes such as cronjobs use the myorigin value for this purpose.

    $mydomain (domain with multiple machines)
    $myhostname (domain with one machine)

    mydestination

    Defines the list of domains the email server accepts email from.

    localhost

    localhost.$mydomain

    mail.$mydomain

    www.$mydomain

    ftp.$mydomain

    relayhost

    Defines the next-hop destination of non-local email.

    It identifies the next email handler in the chain of email servers handling non-local email traffic.

    Format: [smtp.domain.name]:port

    [ smtp.email.server.com ]:587

    inet_interfaces

    Defines the network interface addresses Postfix receives mail on.

    127.0.01

    smtp_sasl_security_options

    Defines one or more SASL security options for the SMTP client.

    (Optional)

    noplaintext

    noactive

    nodictionary

    noanonymous

    mutual_auth

    smtp_sasl_auth_enable

    Enables/Disables SASL authentication.

    yes

    no

    smtp_use_tls

    Enables/Disables a TLS layer when available on the remote server.

    For more information, see the Postfix TLS Support official documentation.

    yes

    no

    smtp_sasl_password_maps

    Defines a lookup table with one or more lines, where each line contains a username:password pair, and a remote host name or a next-hop domain to identify:

    • The Remote host name, or the next-hop domain

    • The sender, by validating their username and password

    (Optional)

    For more information, see the Postfix official documentation.

    # sasl_passwd file line examples:
    [ smtp.email.server.com ]:587 username:password
    example.com username:password
    

    smtp_tls_policy_maps

    Defines a lookup table with one or more SMTP client TLS security policies by next-hop destination.

    (Optional)

    For more information, see the smtp_tls_policy_maps entry in main.cf(5) - Linux man page.

    # tls_policy file line examples:
    [ smtp.email.server.com ]:587 encrypt
    example.gov encrypt protocols=TLSv1
    example.com verify ciphers=high
    example.net secure
    

Create the password map#

/etc/postfix/sasl_passwd is a text file containing a lookup table file to map the following information:

  • Next-hop domain or destination SMTP host

  • Email sender username

  • Email sender password

To add an entry to the /etc/postfix/sasl_passwd:

  1. Open the file in a text editor:

    nano /etc/postfix/sasl_passwd
    
  2. Enter the next-hop domain or destination SMTP host, email sender username, and email sender password in the following format:

    [mail.isp.example] username:password
    
  3. Optionally, you can specify a custom TCP port – the default mail submission port is 587:

    [mail.isp.example]:587 username:password
    

Create the hash file#

Create the hash db file for Postfix by running the postmap command:

postmap /etc/postfix/sasl_passwd

The command creates a new file: /etc/postfix/sasl_passwd.db.

Every time you make changes to /etc/postfix/sasl_passwd, you need to run the postmap command.

Start and enable the service#

  1. Enable the Postfix service to automatically start at system boot:

    systemctl enable postfix
    
  2. Start the Postfix service:

    systemctl restart postfix
    
  3. Verify that Postfix is up and running by checking the status:

    systemctl status postfix
    

Check file ownership#

The default owner of /etc/postfix is root:root.