How to send Email from closed network?

Sending email notifications from the production system is crucial for any type of critical service condition. However provide internet access to production system is open the door for intruder, so there is something required that can send email from closed network. Here mail relay can overcome this issue. Now I will share how to send Email from closed network.

Scenario:

Pre-Requisite:

• Internet Access to SMTP Relay Server Only
• Postfix package installed to all server
• One real Email address of your organization (info@example.com)

Step 01: Configure SMTP Relay Server

Following configuration has been tested in Red Hat & CentOS Operating System only.

# Install required packages
yum install postfix openssl openssl-devel cyrus-sasl cyrus-sasl-plain -y

# Set hostname
hostnamectl set-hostname relay.example.com
echo "10.0.0.29  relay.example.com  relay" >> /etc/hosts

vim /etc/postfix/main.cf
# Change IP as per your environment
inet_interfaces = 10.0.0.29

# Enable IPv4, and IPv6 if supported
inet_protocols = ipv4

myhostname = relay.example.com
mydomain = example.com
myorigin = $mydomain

# Allow only Specific IP. Email will be send only from below ip address
mynetworks = 192.168.2.104/32, 192.168.2.128/32, 172.31.1.80/32

# Please add below lines at the end of the main.cf file
# Sender dependent sasl authentication
smtp_sender_dependent_authentication = yes
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay

relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = plain
smtp_tls_security_level = encrypt
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls=yes
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt

vim /etc/postfix/sender_relay
info@example.com [smtp.gmail.com]:587

vim /etc/postfix/sasl_passwd
info@example.com  info@example.com:P@$$w0rd

Step 02: Apply changes to SMTP Relay Server

postmap /etc/postfix/sasl_passwd /etc/postfix/sender_relay
chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

systemctl restart postfix
systemctl enable postfix
systemctl status postfix

Step 03: Configure postfix null client at all client Server to use SMTP relay

Here we have to configure postfix null all client such as Web Server, Database Server, FTP Server, Monitoring Server.

# yum install postfix -y
sed -i 's/#mydomain = domain.tld/mydomain = example.com/g' /etc/postfix/main.cf
sed -i 's/#relayhost = uucphost/relayhost = 10.0.0.29/g' /etc/postfix/main.cf

systemctl restart postfix
systemctl enable postfix
systemctl status postfix

Step 04: Send test email from any of server such as Web Server, Database Server, FTP Server, Monitoring Server

sendmail zakirpcs@gmail.com < /etc/redhat-release

If everything is ok then you will get a email from info.example.com to zakirpcs@gmail.com.