This is a guide to creating an email server, using a Postfix - Exchange Server 2016 architecutre. In this scenario, the Posftfix Server is located on a network that is exposed to the internet, and the mailbox server is located on a private network.

Let me explain the roles of all the servers. The Mailbox server (Exchange Server 2016 installed on Windows Server 2016) holds all of the email and the data, and effectively acts as the database for the email service. In Exchange Server 2016, the mailbox server is also the Client access server, which is basically the web interface for email service. This is where the clients will log in to access the email. Next, we make use of CentOS 7 machine, which have Postfix and SpamAssasin implemented on it. Postfix will basically act as relay server in this architecture, forwarding all receving email to the Client Access server (after processing and filtering them). Postfix will also act as a relay for all outbound emails recceived from Exchange Server and the internal network clients. SpamAssasin on the CentOS machine will check all the incoming emails and filter them before sending them to the client inboxes. One thing to note is that the Edge Transport Role in Exchange Server 2016 is equivalent to what we are using the postfix server for.

A few prerequites:

  1. A domain name. In this case, I am using acme6.com.
  2. A working DNS server with both forward resolution and reverse DNS lookup for the domain name, and the IP address.
  3. A CentOS machine.
  4. One Windows Servers (preferrably 2016) that is part of the domain (acme.lcl in this case), and it should NOT be the domain controller for security reasons. It is highly recommended that you have atleast 8GB of RAM. I personally recommend 10GB of RAM and atleast 60GB of disk space.
  5. An ISO of Micrsoft Exchange Server 2016. Make sure you download the latest cumulative update. DO NOT download the original Microsoft Exchange 2016 ISO as it will not work with the latest

Here's a step-by-step tutorial on how to set up this architecture:

  1. First, we will set up the Mailbox. To do this, mount the ISO or the CD on the Windows Server 2016 on the private network which will act as the Mailbox server
    Mailbox-mounted
  2. Click setup.exe to start the installation process
    3.-Setup
  3. Select "Connect to the internet and check for updates
    4.-Check-for-updates
  4. Click next until the updates are installed and the files are copied
  5. Accept the terms of agreement -> Next
  6. Select "Use recommended settings" -> Next
  7. Choose "Mailbox role" and "Automatically install Windows Server roles and features that are required to install Exchange Server"
    Mailbox-Role-1
  8. Specify the organization name when prompted for it. Do not select the "Apply Active Directory split permissions security model to the exchange organization" if you are the person managing both the Active Directory Users and the Exchange Server
  9. Click Next, and wait for the prerequites to be checked
  10. If the machine is configured correctly, the installation will start, or highlight the install button with a few "warnings". The installation usually takes a long time, so you can start working on the postfix machine
  11. One the Mailbox role is installed on the Microsoft exchange, go to a browser, and access the exchange admin center by going to https://<IP or FQDN of the Exchange Server>/ecp. Access it using administrator credentials
  12. Go to mail flow --> accepted domains
    New-domain
  13. Add the domain name, choose authoritative, and make it the default domain name:
    Added-new-domain-to-exchange
  14. Next, go to the email address policies and click the edit icon after selecting the default policy
    Adding-email-address-format
  15. Click on email address format, and add a new policy
    New-email-address-format
  16. Select "Enter a custom address type", and enter SMTP in the field. In the email address parameters, enter the @ sign followed by the domain name. An example for acme6.com is show below. Also select "Make this format the reply email address"
    New-email-address-format-added
  17. Next, go to the send connectors tab in the mail flow section, and click on the add icon
  18. Enter a reasonable name, and select "Internet"
    Send-connector-1
  19. Select "Route Mail through smart hosts", and add the IP address of the postfix server (If you don't have it yet, create the send connector in the end)
  20. Choose none in the authentication options
  21. In the next window, click on the add icon, and enter "*" in the Domain field. It should look like this in the end:
    Send-connector-2
  22. In the next screen to select the source server, add the mailbox server that you are currently configuring, and then click finish.
  23. If everything is done correctly, your exchange server is ready to serve the domain. You can go to the recipients of the Exchange Server Admin center to start adding mailboxes and attaching them to domain users.
    Users-in-the-end

Setup the CentOS Postfix machine:

  1. First, we will install Postfix on the machine:
    yum install postfix
  2. Next, we will edit/uncomment/add the following lines in "/etc/postfix/main.conf" (Any lines starting with the '#' symbol are comments and do not need to be entered):
    #The line below sets the hostname of the postfix machine
myhostname = postfix.acme6.com
#Replace acme6.com with the domain you want to serve
mydomain = acme6.com
myorigin = $mydomain
#Ensures that all interfaces are active for email
inet_interface = all
inet_protocols = all
#Leave the parameters below intentionally blank so that the postfix machine does not think that it is the final destination for any domains
mydestination =
local_recipient_maps = 
#Add all your trusted networks here so that all the hosts on your network can make use of postfix
mynetworks = 192.168.1.0/24, 127.0.0.1/24, 192.168.2.0/24
#The line below ensures that emails are received from the untrusted clients i.e. outside networks, only emails to acme6.com are forwarded
relay_domains = acme6.com
#Add to the end of the line
transport_maps = hash:/etc/postfix/transport
  3. Next, you need to create another file in the /etc/postfix/ folder. I just use the transport file that is already in the directory. Either way, add the following lines to the file:
    acme6.com smtp:[192.168.1.15]
    In the above line, replace the domain name with the domain that you are server, and replace the IP address with the IP address of the exchange mailbox server
  4. Next, we create the database for domain-based forwarding using the following command:
    postmap /etc/postfix/transport
  5. Next, we will install SpamAssassin on the machine:
    yum install spamassassin
  6. Now, to use spamassasin, we need to create a new group and new user. Here, we will create a new user called "spamd", which belongs to a group "spamd"
    • groupadd spamd
    • useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd
  7. Now, you will change the ownership of the log directory to the spamd user
    chown spamd:spamd /var/log/spamassassin
  8. Next, we will integrate postfix and SpamAssassin. We will edit the file "/etc/postfix/master.cf". We will replace the following line (line 11):
    smtp inet n - n - - smtpd
    with
    smtp inet n - n - - smtpd -o content_filter=spamassassin
  9. At the end of "/etc/postfix/master.cf" file, the following line needs to be added:
    spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
  10. Now, let's start SpamAssassin:
    systemctl enable spamassassin
    systemctl start spamassassin
    sa-update --nogpg (This will update all the spam filter rules)
  11. And now, restart postfix
    systemctl restart postfix

References:
https://mad9scientist.com/postfix-relay-mail-specific-domains/

PS: If you liked this post and want to support me, it's very easy (and free) to do so! Sign up for any of the services using the following referral links and save/invest money for yourself while doing so, especially if you are a student!