"What is Postfix? It is Wietse Venema's mailer that started life at IBM research as an alternative to the widely-used Sendmail program. Postfix attempts to be fast, easy to administer, and secure. The outside has a definite Sendmail-ish flavor, but the inside is completely different."
In Red Hat Enterprise Linux, the postfix package provides postfix. Run rpm -q postfix
to see if the postfix package is installed. If it is not installed, run the following command as the root user to install it:
yum install postfix
13.1. Postfix and SELinux
When Postfix is enabled, it runs confined by default. Confined processes run in their own domains, and are separated from other confined processes. If a confined process is compromised by an attacker, depending on SELinux policy configuration, an attacker's access to resources and the possible damage they can do is limited. The following example demonstrates the Postfix and related processes running in their own domain. This example assumes the postfix package is installed and that the Postfix service has been started:
-
Run getenforce
to confirm SELinux is running in enforcing mode:
$ getenforce
Enforcing
The getenforce
command returns Enforcing
when SELinux is running in enforcing mode.
-
Run service postfix start
as the root user to start postfix
:
service postfix start
Starting postfix: [ OK ]
-
Run ps -eZ | grep postfix
to view the postfix
processes:
ps -eZ | grep postfix
system_u:system_r:postfix_master_t:s0 1651 ? 00:00:00 master
system_u:system_r:postfix_pickup_t:s0 1662 ? 00:00:00 pickup
system_u:system_r:postfix_qmgr_t:s0 1663 ? 00:00:00 qmgr
For example, the SELinux context associated with the Postfix master
process is unconfined_u:system_r:postfix_master_t:s0
. The second last part of the context, postfix_master_t
, is the type for this process. A type defines a domain for processes and a type for files. In this case, the master
process is running in the postfix_master_t
domain.