mail server on centos 7
----@- dhA -@-----
[root@mail ~]# useradd -m u1 -s /sbin/nologin
[root@mail ~]# passwd u1
useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin u1
useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin u2
useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin virusalert
useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin virusmails
useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin spamalert
useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin spam.police
useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin sys_admin
useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin inmail
useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin outmail
useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin junkmail
Setup mail server on centos 7
1. Remove default MTA sendmail first if it’s already installed. Sendmail will not be installed by default in minimal installation, so you can skip this step.
yum remove sendmail
2. Setup DNS server and add the Mail server MX records in the forward and reverse zone files.
To install and configure DNS server, refer the following link.
And, don’t forget to ask your ISP to point your external static IP to your mail domain.
3. Add hostname entries in /etc/hosts file as shown below:
vi /etc/hosts
Add your FQDN:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.150 server1.unixmen.local server1
4. I disabled SELinux to reduce the complexity in postfix configuration.
To do that, edit:
vi /etc/sysconfig/selinux
Change SELINUX=enforcing to SELINUX=disabled.
SELINUX=disabled
5. Install EPEL Repository:
Squirrelmail webmail client is not available in CentOS official repositories. So let us enable EPEL repository.
yum install epel-release
6. Allow the Apache default port 80 through your firewall/router:
firewall-cmd --permanent --add-port=80/tcp
Restart firewall using command:
firewall-cmd --reload
Restart your server to take effect all changes.
I
Now, log out from user “senthil“ and log in to user “kumar“ mail and check for any new mail.
Hurrah! We have got a new mail from senthil@unixmen.local mail id.
To read the mail, click on it. You’ll now be able to read, reply, delete or compose a new mail.
That’s all for now. We’ve successfully configured a local mail server that will serve in/out mails within a local area network.
Hope this tutorial will help you.
Good luck!
#######################################################################
Postfix With Data base Configuration
1. Installing packages
2. Postfix configuration
3. Dovecot configuration
4. User creation
Installing packages
Step 1 » Assign hostname for the server using the below command.
[root@krizna ~]# hostnamectl set-hostname mail.krizna.com
Step 2 » Make a host entry with your IP in /etc/hosts file.
172.27.0.51 mail.krizna.com
Step 3 » Now start installing packages.
[root@krizna ~]# yum -y install postfix dovecot
After package installation continue with postfix configuration.
Postfix configuration
First create SSL certificate for encryption.
Step 4 » Follow the below steps one by one for creation.
[root@mail ~]# mkdir /etc/postfix/ssl
[root@mail ~]# cd /etc/postfix/ssl
[root@krizna ssl]# openssl genrsa -des3 -out server.key 2048
[root@krizna ssl]# openssl rsa -in server.key -out server.key.insecure
[root@krizna ssl]# mv server.key server.key.secure
[root@krizna ssl]# mv server.key.insecure server.keyLeave blank for A challenge password [] value in the below step.
[root@krizna ssl]# openssl req -new -key server.key -out server.csr
[root@krizna ssl]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Country Name (2 letter code) [XX]:BD
State or Province Name (full name) []:Dhaka
Locality Name (eg, city) [Default City]:Dhaka
Organization Name (eg, company) [Default Company Ltd]:World Communication Network Ltd.
Organizational Unit Name (eg, section) []:worldcm.net
Common Name (eg, your name or your server's hostname) []:mail.worldcm.net
Email Address []: admin@worldcm.net
A challenge password []:world
An optional company name []: worldcm
An optional company name []: worldcmStep 5 » Now open /etc/postfix/main.cf file for changes.
Find and uncomment the below lines.
#inet_interfaces = localhost #---> line no 116
#mydestination = $myhostname, localhost.$mydomain, localhost #--> line no 164
and add below lines at the end of the file. change myhostname andmydomain values with yours and home_mailbox value to your desired directory. Here it will store mails in the users home directory (Eg: /home/john/mail ).
myhostname = mail.krizna.com
mydomain = krizna.com
myorigin = $mydomain
home_mailbox = mail/
mynetworks = 127.0.0.0/8
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_key_file = /etc/postfix/ssl/server.key
smtpd_tls_cert_file = /etc/postfix/ssl/server.crt
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
myhostname = mail.krizna.com
mydomain = krizna.com
myorigin = $mydomain
home_mailbox = mail/
mynetworks = 127.0.0.0/8
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost,$mydomain
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_key_file = /etc/postfix/ssl/server.key
smtpd_tls_cert_file = /etc/postfix/ssl/server.crt
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
Step 6 » Open /etc/postfix/master.cf file, add the below lines after “smtp inet n – n – – smtpd” line.
submission inet n – n – – smtpd
-o syslog_name=postfix/submission
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n – n – – smtpd
-o syslog_name=postfix/smtps
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
1
2
3
4
5
6
7
8
9
10
submission inet n – n – – smtpd
–o syslog_name=postfix/submission
–o smtpd_sasl_auth_enable=yes
–osmtpd_recipient_restrictions=permit_sasl_authenticated,reject
–o milter_macro_daemon_name=ORIGINATING
smtps inet n – n – – smtpd
–o syslog_name=postfix/smtps
–o smtpd_sasl_auth_enable=yes
–osmtpd_recipient_restrictions=permit_sasl_authenticated,reject
–o milter_macro_daemon_name=ORIGINATING
Now check the configuration using postfix check command.
Step 7 » Now configure Dovecot SASL for SMTP Auth. Open/etc/dovecot/conf.d/10-master.conf file, find “# Postfix smtp-auth” line ( line no:95 ) and add the below lines.
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
Step 8 » Open /etc/dovecot/conf.d/10-auth.conf file, find “auth_mechanisms = plain” ( Line no: 100 ) and add login to the value like below.
auth_mechanisms = plain login
Step 9 » Postfix configuration is over. Now restart both postfix and dovecot services and enable auto start.
[root@mail ~]# systemctl restart postfix
[root@mail ~]# systemctl enable postfix
[root@mail ~]# systemctl restart dovecot
[root@mail ~]# systemctl enable dovecot
Step 10 » Add the firewall rules to allow 25, 587 and 465 ports.
[root@mail ~]# firewall-cmd --permanent --add-service=smtp
[root@mail ~]# firewall-cmd --permanent --add-port=587/tcp
[root@mail ~]# firewall-cmd --permanent --add-port=465/tcp
[root@mail ~]# firewall-cmd --reloadNow start testing connectivity for each ports 25,587 and 465 using telnet and make sure you are getting AUTH PLAIN LOGIN line after issuing ehlo mail.krizna.com command in telnet.
[root@mail ~]# telnet mail.krizna.com 465
Trying 172.27.0.51...
Connected to mail.krizna.com.
Escape character is '^]'.
220 mail.krizna.com ESMTP Postfix
ehlo mail.krizna.com <------- Type this command
250-mail.krizna.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
Dovecot configuration
Start configuring Dovecot .
Step 11 » Open /etc/dovecot/conf.d/10-mail.conf file, find#mail_location = (line no : 30 ) and add the same directory which is given tohome_mailbox in the postfix config file ( Step 5).
mail_location = maildir:~/mail
Step 12 » Open /etc/dovecot/conf.d/20-pop3.conf file, find and uncomment the below line ( line no : 50 ) .
pop3_uidl_format = %08Xu%08Xv
Step 13 » Restart dovecot service.
[root@mail ~]# systemctl restart dovecot
Step 14 » Add firewall rules to allow 110,143,993 and 995.
[root@mail ~]# firewall-cmd --permanent --add-port=110/tcp
[root@mail ~]# firewall-cmd --permanent --add-service=pop3s
[root@mail ~]# firewall-cmd --permanent --add-port=143/tcp
[root@mail ~]# firewall-cmd --permanent --add-service=imaps
[root@mail ~]# firewall-cmd --reload
Check the connectivity for the ports 110,143,993 and 995 using telnet.
User creation
Now create user for testing .
Step 15 » Create user with /sbin/nologin shell to restrict login access.
[root@mail ~]# useradd -m john -s /sbin/nologin
[root@mail ~]# passwd john
Mail server is ready now, Configure user in your mail client and test send/receive.
Email with Postfix, Dovecot and MariaDB on CentOS 7
The Postfix Mail Transfer Agent (MTA) is a high performance open source e-mail server system. This guide will help you get Postfix running on your CentOS 7 Linode, using Dovecot for IMAP/POP3 service, and MariaDB, a drop-in replacement for MySQL, to store information on virtual domains and users.
Prior to using this guide, be sure you have followed the getting started guideand set your hostname. Also ensure that the iptables firewall is not blocking any of the standard mail ports (25, 465, 587, 110, 995, 143, and 993). If using a different form of firewall, confirm that it is not blocking any of the needed ports either.
The steps in this guide require root privileges. Be sure to run the steps below as root or with the sudo prefix. For more information on privileges see our Users and Groupsguide.
Install Required Packages
Install any outstanding package updates:
1
yum update
The version of Postfix included in the main CentOS repository does not include support for MariaDB; therefore, you will need install Postfix from the CentOS Plus repository. Before doing so, add exclusions to the [base]and [updates] repositories for the Postfix package to prevent it from being overwritten with updates that do not have MariaDB support:
/etc/yum.repos.d/CentOS-Base.repo
1 2 3 4 5 6 7 8
[base] name=CentOS-$releasever - Base exclude=postfix #released updates [updates] name=CentOS-$releasever - Updates exclude=postfix
Install the required packages:
1 2
yum --enablerepo=centosplus install postfix yum install dovecot mariadb-server dovecot-mysql
This installs the Postfix mail server, the MariaDB database server, the Dovecot IMAP and POP daemons, and several supporting packages that provide services related to authentication.
Next, set up a MariaDB database to handle virtual domains and users.
Set up MariaDB for Virtual Domains and Users
Configure MariaDB to start on boot, then start MariaDB:
1 2
systemctl enable mariadb.service /bin/systemctl start mariadb.service
Run mysql_secure_installation. You will be presented with the opportunity to change the MariaDB root password, remove anonymous user accounts, disable root logins outside of localhost, remove test databases, and reload privilege tables. It is recommended that you answer yes to these options:
1
mysql_secure_installation
Start the MariaDB shell:
1
mysql -u root -p
Create a database for your mail server and switch to it:
1 2
CREATE DATABASE mail; USE mail;
Create a mail administration user called mail_admin and grant it permissions on the mail database. Please be sure to replace mail_admin_password with
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost' IDENTIFIED BY 'mail_admin_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY 'mail_admin_password';
FLUSH PRIVILEGES;
Create the virtual domains table:
CREATE TABLE domains (domain varchar(50) NOT NULL, PRIMARY KEY (domain) );
Create a table to handle mail forwarding:
CREATE TABLE forwardings (source varchar(80) NOT NULL, destination TEXT NOT NULL, PRIMARY KEY (source) );
Create the users table:
CREATE TABLE users (email varchar(80) NOT NULL, password varchar(20) NOT NULL, PRIMARY KEY (email) );
Create a transports table:
CREATE TABLE transport ( domain varchar(128) NOT NULL default '', transport varchar(128) NOT NULL default '', UNIQUE KEY domain (domain) );
Exit the MariaDB shell:
1
quit
Bind MariaDB to localhost (127.0.0.1) by editing /etc/my.cnf, and adding the following to the [mysqld] section of the file:
/etc/my.cnf
1
bind-address=127.0.0.1
This is required for Postfix to be able to communicate with the database server. If you have MariaDB set up to listen on another IP address (such as an internal IP), you will need to substitute this IP address in place of127.0.0.1 during the Postfix configuration steps. It is not advisable to run MariaDB on a publicly-accessible IP address.
Restart the database server:
1
/bin/systemctl restart mariadb.service
Next, perform additional Postfix configuration to set up communication with the database.
Configure Postfix to work with MariaDB
For the next four steps, replace mail_admin_password with themail_admin password input earlier.
Create a virtual domain configuration file for Postfix called/etc/postfix/mysql-virtual_domains.cf:
/etc/postfix/mysql-virtual_domains.cf
1 2 3 4 5
user = mail_admin password = mail_admin_password dbname = mail query = SELECT domain AS virtual FROM domains WHERE domain='%s' hosts = 127.0.0.1
Create a virtual forwarding file for Postfix called /etc/postfix/mysql-virtual_forwardings.cf:
/etc/postfix/mysql-virtual_forwardings.cf
1 2 3 4 5
user = mail_admin password = mail_admin_password dbname = mail query = SELECT destination FROM forwardings WHERE source='%s' hosts = 127.0.0.1
Create a virtual mailbox configuration file for Postfix called/etc/postfix/mysql-virtual_mailboxes.cf:
/etc/postfix/mysql-virtual_mailboxes.cf
user = mail_admin password = mail_admin_password dbname = mail query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email='%s' hosts = 127.0.0.1
Create a virtual email mapping file for Postfix called /etc/postfix/mysql-virtual_email2email.cf:
/etc/postfix/mysql-virtual_email2email.cf
1 2 3 4 5
user = mail_admin password = mail_admin_password dbname = mail query = SELECT email FROM users WHERE email='%s' hosts = 127.0.0.1
Set proper permissions and ownership for these configuration files:
1 2
chmod o= /etc/postfix/mysql-virtual_*.cf chgrp postfix /etc/postfix/mysql-virtual_*.cf
Create a user and group for mail handling. All virtual mailboxes will be stored under this user’s home directory:
1 2
groupadd -g 5000 vmail useradd -g vmail -u 5000 vmail -d /home/vmail -m
Complete the remaining steps required for Postfix configuration. Please be sure to replace server.example.com with the Linode’s fully qualified domain name. If you are planning on using your own SSL certificate and key, replace /etc/pki/dovecot/private/dovecot.pem with the appropriate path:
postconf -e 'myhostname = server.example.com'
postconf -e 'mydestination = localhost, localhost.localdomain'
postconf -e 'mynetworks = 127.0.0.0/8'
postconf -e 'inet_interfaces = all'
postconf -e 'message_size_limit = 30720000'
postconf -e 'virtual_alias_domains ='
postconf -e 'virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf'
postconf -e 'virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf'
postconf -e 'virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf'
postconf -e 'virtual_mailbox_base = /home/vmail'
postconf -e 'virtual_uid_maps = static:5000'
postconf -e 'virtual_gid_maps = static:5000'
postconf -e 'smtpd_sasl_type = dovecot'
postconf -e 'smtpd_sasl_path = private/auth'
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_authenticated_header = yes'
postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem'
postconf -e 'smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem'
postconf -e 'virtual_create_maildirsize = yes'
postconf -e 'virtual_maildir_extended = yes'
postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps'
postconf -e 'virtual_transport = dovecot'
postconf -e 'dovecot_destination_recipient_limit = 1'
Edit the file /etc/postfix/master.cf and add the Dovecot service to the bottom of the file:
/etc/postfix/master.cf
dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}
Configure Postfix to start on boot and start the service for the first time:
1 2
systemctl enable postfix.service /bin/systemctl start postfix.service
This completes the configuration for Postfix.
Configure Dovecot
Move /etc/dovecot/dovecot.conf to a backup file:
1
mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf-backup
Copy the following into the now-empty dovecot.conf file, substituting your system’s domain name for example.com in line 37:
/etc/dovecot/dovecot.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52
protocols = imap pop3 log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = maildir:/home/vmail/%d/%n/Maildir ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem ssl_key_file = /etc/pki/dovecot/private/dovecot.pem namespace { type = private separator = . prefix = INBOX. inbox = yes } service auth { unix_listener auth-master { mode = 0600 user = vmail } unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } user = root } service auth-worker { user = root } protocol lda { log_path = /home/vmail/dovecot-deliver.log auth_socket_path = /var/run/dovecot/auth-master postmaster_address = postmaster@example.com } protocol pop3 { pop3_uidl_format = %08Xu%08Xv } passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf.ext } userdb { driver = static args = uid=5000 gid=5000 home=/home/vmail/%d/%n allow_all_users=yes }
MariaDB will be used to store password information, so/etc/dovecot/dovecot-sql.conf.ext must be created. Insert the following contents into the file, making sure to replace mail_admin_password with your mail password:
/etc/dovecot/dovecot-sql.conf.ext
driver = mysql connect = host=127.0.0.1 dbname=mail user=mail_admin password=mail_admin_password default_pass_scheme = CRYPT password_query = SELECT email as user, password FROM users WHERE email='%u';
Restrict access to the file by changing the permissions to allow users in thedovecot group to access it, while denying access to others:
1 2
chgrp dovecot /etc/dovecot/dovecot-sql.conf.ext chmod o= /etc/dovecot/dovecot-sql.conf.ext
Configure Dovecot to start on boot, and start it for the first time:
1 2
systemctl enable dovecot.service /bin/systemctl start dovecot.service
Now check /var/log/maillog to make sure Dovecot started without errors. Your log should have lines similar to the following:
/var/log/maillog
Mar 18 17:10:26 localhost postfix/postfix-script[3274]: starting the Postfix mail system Mar 18 17:10:26 localhost postfix/master[3276]: daemon started -- version 2.10.1, configuration /etc/postfix Mar 18 17:12:28 localhost dovecot: master: Dovecot v2.2.10 starting up for imap, pop3 (core dumps disabled)
Test your POP3 server to make sure it’s running properly:
1 2
yum install telnet telnet localhost pop3
The terminal should output results similar to the following:
1 2 3 4
Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. +OK Dovecot ready.
Enter the command quit to return to your shell. This completes the Dovecot configuration. Next, you’ll make sure aliases are configured properly.
Configure Mail Aliases
Edit the file /etc/aliases, making sure the postmaster and root directives are set properly for your organization:
/etc/aliases
1 2
postmaster: root root: postmaster@example.com
Update aliases and restart Postfix:
1 2
newaliases /bin/systemctl restart postfix.service
This completes alias configuration. Next, test Postfix to make sure it’s operating properly.
Testing Postfix
Test Postfix for SMTP-AUTH and TLS:
1
telnet localhost 25
While still connected, issue the following command:
1
ehlo localhost
You should see output similar to the following:
1 2 3 4 5 6 7 8 9 10 11
250-hostname.example.com 250-PIPELINING 250-SIZE 30720000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN 250-AUTH=PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
Issue the command quit to terminate the Postfix connection.
Next, populate the MariaDB database with domains and email users.
Set Up and Test Domains and Users
Before continuing, modify the DNS records for any domains that you wish to handle email by adding an MX record that points to your mail server’s fully qualified domain name. If MX records already exist for a domain you would like to handle the email for, either delete them or set them to a higher priority number than your mail server. Smaller priority numbers indicate higher priority for mail delivery, with “0” being the highest priority.
In the following example, the MariaDB shell is used to add support for the domain “example.com”, which will have an email account called “sales”.
Log into the MariaDB shell:
1
mysql -u root -p
Switch to the mail database, add support for your domain, and create an email account. Be sure to replace example.com with your domain name,sales@example.com with your chosen email, and password with a strong password:
USE mail; INSERT INTO domains (domain) VALUES ('example.com'); INSERT INTO users (email, password) VALUES ('sales@example.com', ENCRYPT('password')); quit
Prior to accessing any newly-created email account, a test message needs to be sent to create that user’s mailbox:
1 2
yum install mailx mailx sales@example.com
Press Ctrl+D to complete the message. You can safely leave the field for Cc:blank. This completes the configuration for a new domain and email user.
Given the possibility for virtual hosting a large number of virtual domains on a single mail system, the username portion of an email address (i.e. before the @ sign) is not sufficient to authenticate to the mail server. When email users authenticate to the server, they must supply their email clients with the entire email address created above as their username.
Check Your Logs
After the test mail is sent, check the mail logs to make sure the mail was delivered.
Check the maillog located in /var/log/maillog. You should see something similar to the following:
/var/log/maillog
Mar 18 17:18:47 localhost postfix/cleanup[3427]: B624062FA: message-id=<20150318171847.B624062FA@example.com> Mar 18 17:18:47 localhost postfix/qmgr[3410]: B624062FA: from=<root@example.com>, size=515, nrcpt=1 (queue active) Mar 18 17:18:47 localhost postfix/pipe[3435]: B624062FA: to=<sales@example.com>, relay=dovecot, delay=0.14, delays=0.04/0.01/0/0.09, dsn=2.0.0, $ Mar 18 17:18:47 localhost postfix/qmgr[3410]: B624062FA: removed
Check the Dovecot delivery log located in /home/vmail/dovecot-deliver.log. The contents should look similar to the following:
/home/vmail/dovecot-deliver.log
deliver(<sales@example.com>): 2011-01-21 20:03:19 Info: msgid=<<20110121200319.E1D148908@hostname.example.com>>: saved mail to INBOX
Now you can test to see what the users of your email server would see with their email clients.
Test the Mailbox
To test the sales@example.com mailbox, navigate to the mailbox directory/home/vmail/example.com/sales/Maildir and issue the following command:
1 2
cd /home/vmail/example.com/sales/Maildir find
You should see output similar to the following:
1 2 3 4 5 6 7 8
. ./dovecot-uidlist ./cur ./new ./new/1285609582.P6115Q0M368794.li172-137 ./dovecot.index ./dovecot.index.log ./tmp
Test the maillbox by using a mail client. For this test, using mutt is recommended. If it is not installed by default, install it with yum install mutt, then run:
1
mutt -f .
You may be prompted to create the root mailbox. This is not required.
If there is an email in the inbox, Postfix, Dovecot, and MySQL have been successfully configured! To quit mutt press q.
################################################################################################################
his article helps you to install and configure basic mail server on Centos 7. Here i have used Postfix for SMTP, Dovecot for POP/IMAP and Dovecot SASL for SMTP AUTH.
Before proceeding please make sure you have assigned static IP for the server and have internet connectivity for installing packages.
Setup mail server on centos 7
1. Installing packages
2. Postfix configuration
3. Dovecot configuration
4. User creation
Installing packages
Step 1 » Assign hostname for the server using the below command.
[root@krizna ~]# hostnamectl set-hostname mail.krizna.com
Step 2 » Make a host entry with your IP in /etc/hosts file.
172.27.0.51 mail.krizna.com
Step 3 » Now start installing packages.
[root@krizna ~]# yum -y install postfix dovecot
After package installation continue with postfix configuration.
Postfix configuration
First create SSL certificate for encryption.
Step 4 » Follow the below steps one by one for creation.
[root@mail ~]# mkdir /etc/postfix/ssl
[root@mail ~]# cd /etc/postfix/ssl
[root@krizna ssl]# openssl genrsa -des3 -out server.key 2048
[root@krizna ssl]# openssl rsa -in server.key -out server.key.insecure
[root@krizna ssl]# mv server.key server.key.secure
[root@krizna ssl]# mv server.key.insecure server.key
Leave blank for A challenge password [] value in the below step.
[root@krizna ssl]# openssl req -new -key server.key -out server.csr
[root@krizna ssl]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Step 5 » Now open /etc/postfix/main.cf file for changes.
Find and uncomment the below lines.
#inet_interfaces = localhost #---> line no 116
#mydestination = $myhostname, localhost.$mydomain, localhost #--> line no 164
and add below lines at the end of the file. change myhostname and mydomainvalues with yours and home_mailbox value to your desired directory. Here it will store mails in the users home directory (Eg: /home/john/mail ).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
myhostname = mail.krizna.com
mydomain = krizna.com
myorigin = $mydomain
home_mailbox = mail/
mynetworks = 127.0.0.0/8
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_key_file = /etc/postfix/ssl/server.key
smtpd_tls_cert_file = /etc/postfix/ssl/server.crt
smtpd_tls_received_header = yessmtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
Step 6 » Open /etc/postfix/master.cf file, add the below lines after “smtp inet n – n – – smtpd” line.
1
2
3
4
5
6
7
8
9
10
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
Now check the configuration using postfix check command.
Step 7 » Now configure Dovecot SASL for SMTP Auth. Open /etc/dovecot/conf.d/10-master.conf file, find “# Postfix smtp-auth” line ( line no:95 ) and add the below lines.
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
Step 8 » Open /etc/dovecot/conf.d/10-auth.conf file, find “auth_mechanisms = plain” ( Line no: 100 ) and add login to the value like below.
auth_mechanisms = plain login
Step 9 » Postfix configuration is over. Now restart both postfix and dovecot services and enable auto start.
[root@mail ~]# systemctl restart postfix
[root@mail ~]# systemctl enable postfix
[root@mail ~]# systemctl restart dovecot
[root@mail ~]# systemctl enable dovecot
Step 10 » Add the firewall rules to allow 25, 587 and 465 ports.
[root@mail ~]# firewall-cmd --permanent --add-service=smtp
[root@mail ~]# firewall-cmd --permanent --add-port=587/tcp
[root@mail ~]# firewall-cmd --permanent --add-port=465/tcp
[root@mail ~]# firewall-cmd --reload
Now start testing connectivity for each ports 25,587 and 465 using telnet and make sure you are getting AUTH PLAIN LOGIN line after issuing ehlo mail.krizna.comcommand in telnet.
[root@mail ~]# telnet mail.krizna.com 465
Trying 172.27.0.51...
Connected to mail.krizna.com.
Escape character is '^]'.
220 mail.krizna.com ESMTP Postfix
ehlo mail.krizna.com <------- Type this command
250-mail.krizna.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
Dovecot configuration
Start configuring Dovecot .
Step 11 » Open /etc/dovecot/conf.d/10-mail.conf file, find #mail_location = (line no : 30 ) and add the same directory which is given to home_mailbox in the postfix config file ( Step 5).
mail_location = maildir:~/mail
Step 12 » Open /etc/dovecot/conf.d/20-pop3.conf file, find and uncomment the below line ( line no : 50 ) .
pop3_uidl_format = %08Xu%08Xv
Step 13 » Restart dovecot service.
[root@mail ~]# systemctl restart dovecot
Step 14 » Add firewall rules to allow 110,143,993 and 995.
[root@mail ~]# firewall-cmd --permanent --add-port=110/tcp
[root@mail ~]# firewall-cmd --permanent --add-service=pop3s
[root@mail ~]# firewall-cmd --permanent --add-port=143/tcp
[root@mail ~]# firewall-cmd --permanent --add-service=imaps
[root@mail ~]# firewall-cmd --reload
Check the connectivity for the ports 110,143,993 and 995 using telnet.
User creation
Now create user for testing .
Step 15 » Create user with /sbin/nologin shell to restrict login access.
[root@mail ~]# useradd -m john -s /sbin/nologin
[root@mail ~]# passwd john
Mail server is ready now, Configure user in your mail client and test send/receive.