I wanted a dedicated mail server that would handle outgoing messages from web applications on the same subnet.
-
yum remove postfixpostfix is the mail server installed by default with CentOS 6.2. If in doubt that you have postfix using up port 25, use these instructions to see what is running on port 25.
lsof -
yum install sendmail yum install sendmail.cf -
cd /etc/mail cp sendmail.mc sendmail.mc.original cp sendmail.cf sendmail.cf.originalMost important part is to back up the MC macro file because that generates the CF file.
-
vi sendmail.mc vi access make -C /etc/mailYou must study the documentation to figure out what syntax to put into the sendmail.mc file. sendmail configuration readme PDF .
-
/sbin/service sendmail start -
ps ax|grep sendmailshould show a line about accepting connections; if not, check the log for errors
cd /var/log cat maillog|more
FIREWALL: use the # setup program when you have a KVM available, or try your luck with iptables from the console http://www.blogger.com/img/blank.gif(danger warning do not enter; http://www.thegeekstuff.com/2011/06/iptables-rules-examples/ is reasonable but read the comments ( useful to know how to refer to a subnet: 192.168.100.0/24 ) ).
One of the non-obvious things about the CentOS 6 Firewall Configuration is that you can get to it as soon you login with a GUI Desktop. It is on the menu, under System > Administration > Firewall. For this use case, what we want to do is AVOID granting access to the MAIL server on the Trusted Services page and instead use a CUSTOM RULE file. The custom rule file will be of type filter (not mangle) and will contain 3 lines which first grant our own subnet (123.123.123.*) access and then drop the connection to anyone else playing with port 25.
-A INPUT -i eth10 -p tcp -s 123.123.123.0/24 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 25 -j DROP