Faruque Ahmed : MCP, MCSA, MCSE, MCTS, MCIT, CCNA, OCA, OCP, GCP

mail server on centos 7

----@- dhA -@-----

[root@mail ~]# useradd -m u1 -s /sbin/nologin

[root@mail ~]# passwd u1

useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin u1

useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin u2

useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin virusalert

useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin virusmails

useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin spamalert

useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin spam.police

useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin sys_admin

useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin inmail

useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin outmail

useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin junkmail

Setup mail server on centos 7

1. Remove default MTA sendmail first if it’s already installed. Sendmail will not be installed by default in minimal installation, so you can skip this step.

yum remove sendmail

2. Setup DNS server and add the Mail server MX records in the forward and reverse zone files.

To install and configure DNS server, refer the following link.

Setting Up DNS Server On CentOS 7

And, don’t forget to ask your ISP to point your external static IP to your mail domain.

3. Add hostname entries in /etc/hosts file as shown below:

vi /etc/hosts

Add your FQDN:

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.150 server1.unixmen.local server1

4. I disabled SELinux to reduce the complexity in postfix configuration.

To do that, edit:

vi /etc/sysconfig/selinux

Change SELINUX=enforcing to SELINUX=disabled.

SELINUX=disabled

5. Install EPEL Repository:

Squirrelmail webmail client is not available in CentOS official repositories. So let us enable EPEL repository.

yum install epel-release

6. Allow the Apache default port 80 through your firewall/router:

firewall-cmd --permanent --add-port=80/tcp

Restart firewall using command:

firewall-cmd --reload

Restart your server to take effect all changes.

I

Now, log out from user “senthil“ and log in to user “kumar“ mail and check for any new mail.

Hurrah! We have got a new mail from senthil@unixmen.local mail id.

To read the mail, click on it. You’ll now be able to read, reply, delete or compose a new mail.

That’s all for now. We’ve successfully configured a local mail server that will serve in/out mails within a local area network.

Hope this tutorial will help you.

Good luck!

#######################################################################

Postfix With Data base Configuration

1. Installing packages

2. Postfix configuration

3. Dovecot configuration

4. User creation

Installing packages

Step 1 » Assign hostname for the server using the below command.

[root@krizna ~]# hostnamectl set-hostname mail.krizna.com

Step 2 » Make a host entry with your IP in /etc/hosts file.

172.27.0.51 mail.krizna.com

Step 3 » Now start installing packages.

[root@krizna ~]# yum -y install postfix dovecot

After package installation continue with postfix configuration.

Postfix configuration

First create SSL certificate for encryption.

Step 4 » Follow the below steps one by one for creation.

[root@mail ~]# mkdir /etc/postfix/ssl

[root@mail ~]# cd /etc/postfix/ssl

[root@krizna ssl]# openssl genrsa -des3 -out server.key 2048

[root@krizna ssl]# openssl rsa -in server.key -out server.key.insecure

[root@krizna ssl]# mv server.key server.key.secure

[root@krizna ssl]# mv server.key.insecure server.keyLeave blank for A challenge password [] value in the below step.

[root@krizna ssl]# openssl req -new -key server.key -out server.csr

[root@krizna ssl]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Country Name (2 letter code) [XX]:BD

State or Province Name (full name) []:Dhaka

Locality Name (eg, city) [Default City]:Dhaka

Organization Name (eg, company) [Default Company Ltd]:World Communication Network Ltd.

Organizational Unit Name (eg, section) []:worldcm.net

Common Name (eg, your name or your server's hostname) []:mail.worldcm.net

Email Address []: admin@worldcm.net

A challenge password []:world

An optional company name []: worldcm

An optional company name []: worldcmStep 5 » Now open /etc/postfix/main.cf file for changes.

Find and uncomment the below lines.

#inet_interfaces = localhost #---> line no 116

#mydestination = $myhostname, localhost.$mydomain, localhost #--> line no 164

and add below lines at the end of the file. change myhostname andmydomain values with yours and home_mailbox value to your desired directory. Here it will store mails in the users home directory (Eg: /home/john/mail ).

myhostname = mail.krizna.com

mydomain = krizna.com

myorigin = $mydomain

home_mailbox = mail/

mynetworks = 127.0.0.0/8

inet_interfaces = all

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/auth

smtpd_sasl_local_domain =

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_sasl_auth_enable = yes

smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

smtp_tls_security_level = may

smtpd_tls_security_level = may

smtp_tls_note_starttls_offer = yes

smtpd_tls_loglevel = 1

smtpd_tls_key_file = /etc/postfix/ssl/server.key

smtpd_tls_cert_file = /etc/postfix/ssl/server.crt

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

myhostname = mail.krizna.com

mydomain = krizna.com

myorigin = $mydomain

home_mailbox = mail/

mynetworks = 127.0.0.0/8

inet_interfaces = all

mydestination = $myhostname, localhost.$mydomain, localhost,$mydomain

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/auth

smtpd_sasl_local_domain =

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_sasl_auth_enable = yes

smtpd_recipient_restrictions =permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

smtp_tls_security_level = may

smtpd_tls_security_level = may

smtp_tls_note_starttls_offer = yes

smtpd_tls_loglevel = 1

smtpd_tls_key_file = /etc/postfix/ssl/server.key

smtpd_tls_cert_file = /etc/postfix/ssl/server.crt

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

Step 6 » Open /etc/postfix/master.cf file, add the below lines after “smtp inet n – n – – smtpd” line.

submission inet n – n – – smtpd

-o syslog_name=postfix/submission

-o smtpd_sasl_auth_enable=yes

-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

-o milter_macro_daemon_name=ORIGINATING

smtps inet n – n – – smtpd

-o syslog_name=postfix/smtps

-o smtpd_sasl_auth_enable=yes

-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

-o milter_macro_daemon_name=ORIGINATING

submission inet n – n – – smtpd

–o syslog_name=postfix/submission

–o smtpd_sasl_auth_enable=yes

–osmtpd_recipient_restrictions=permit_sasl_authenticated,reject

–o milter_macro_daemon_name=ORIGINATING

smtps inet n – n – – smtpd

–o syslog_name=postfix/smtps

–o smtpd_sasl_auth_enable=yes

–osmtpd_recipient_restrictions=permit_sasl_authenticated,reject

–o milter_macro_daemon_name=ORIGINATING

Now check the configuration using postfix check command.

Step 7 » Now configure Dovecot SASL for SMTP Auth. Open/etc/dovecot/conf.d/10-master.conf file, find “# Postfix smtp-auth” line ( line no:95 ) and add the below lines.

# Postfix smtp-auth

unix_listener /var/spool/postfix/private/auth {

mode = 0660

user = postfix

group = postfix

}

Step 8 » Open /etc/dovecot/conf.d/10-auth.conf file, find “auth_mechanisms = plain” ( Line no: 100 ) and add login to the value like below.

auth_mechanisms = plain login

Step 9 » Postfix configuration is over. Now restart both postfix and dovecot services and enable auto start.

[root@mail ~]# systemctl restart postfix

[root@mail ~]# systemctl enable postfix

[root@mail ~]# systemctl restart dovecot

[root@mail ~]# systemctl enable dovecot

Step 10 » Add the firewall rules to allow 25, 587 and 465 ports.

[root@mail ~]# firewall-cmd --permanent --add-service=smtp

[root@mail ~]# firewall-cmd --permanent --add-port=587/tcp

[root@mail ~]# firewall-cmd --permanent --add-port=465/tcp

[root@mail ~]# firewall-cmd --reloadNow start testing connectivity for each ports 25,587 and 465 using telnet and make sure you are getting AUTH PLAIN LOGIN line after issuing ehlo mail.krizna.com command in telnet.

[root@mail ~]# telnet mail.krizna.com 465

Trying 172.27.0.51...

Connected to mail.krizna.com.

Escape character is '^]'.

220 mail.krizna.com ESMTP Postfix

ehlo mail.krizna.com <------- Type this command

250-mail.krizna.com

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-STARTTLS

250-AUTH PLAIN LOGIN

250-AUTH=PLAIN LOGIN

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

Dovecot configuration

Start configuring Dovecot .

Step 11 » Open /etc/dovecot/conf.d/10-mail.conf file, find#mail_location = (line no : 30 ) and add the same directory which is given tohome_mailbox in the postfix config file ( Step 5).

mail_location = maildir:~/mail

Step 12 » Open /etc/dovecot/conf.d/20-pop3.conf file, find and uncomment the below line ( line no : 50 ) .

pop3_uidl_format = %08Xu%08Xv

Step 13 » Restart dovecot service.

[root@mail ~]# systemctl restart dovecot

Step 14 » Add firewall rules to allow 110,143,993 and 995.

[root@mail ~]# firewall-cmd --permanent --add-port=110/tcp

[root@mail ~]# firewall-cmd --permanent --add-service=pop3s

[root@mail ~]# firewall-cmd --permanent --add-port=143/tcp

[root@mail ~]# firewall-cmd --permanent --add-service=imaps

[root@mail ~]# firewall-cmd --reload

Check the connectivity for the ports 110,143,993 and 995 using telnet.

User creation

Now create user for testing .

Step 15 » Create user with /sbin/nologin shell to restrict login access.

[root@mail ~]# useradd -m john -s /sbin/nologin

[root@mail ~]# passwd john

Mail server is ready now, Configure user in your mail client and test send/receive.

Email with Postfix, Dovecot and MariaDB on CentOS 7

The Postfix Mail Transfer Agent (MTA) is a high performance open source e-mail server system. This guide will help you get Postfix running on your CentOS 7 Linode, using Dovecot for IMAP/POP3 service, and MariaDB, a drop-in replacement for MySQL, to store information on virtual domains and users.

Prior to using this guide, be sure you have followed the getting started guideand set your hostname. Also ensure that the iptables firewall is not blocking any of the standard mail ports (25, 465, 587, 110, 995, 143, and 993). If using a different form of firewall, confirm that it is not blocking any of the needed ports either.

The steps in this guide require root privileges. Be sure to run the steps below as root or with the sudo prefix. For more information on privileges see our Users and Groupsguide.

Install Required Packages

1. Install any outstanding package updates:

- - - - 1

- - - - yum update

1. The version of Postfix included in the main CentOS repository does not include support for MariaDB; therefore, you will need install Postfix from the CentOS Plus repository. Before doing so, add exclusions to the [base]and [updates] repositories for the Postfix package to prevent it from being overwritten with updates that do not have MariaDB support:
  1. 1. /etc/yum.repos.d/CentOS-Base.repo

- - - - 1 2 3 4 5 6 7 8

- - - - [base] name=CentOS-$releasever - Base exclude=postfix #released updates [updates] name=CentOS-$releasever - Updates exclude=postfix

1. Install the required packages:

- - - - 1 2

- - - - yum --enablerepo=centosplus install postfix yum install dovecot mariadb-server dovecot-mysql

- 1. This installs the Postfix mail server, the MariaDB database server, the Dovecot IMAP and POP daemons, and several supporting packages that provide services related to authentication.

Next, set up a MariaDB database to handle virtual domains and users.

Set up MariaDB for Virtual Domains and Users

1. Configure MariaDB to start on boot, then start MariaDB:

- - - - 1 2

- - - - systemctl enable mariadb.service /bin/systemctl start mariadb.service

1. Run mysql_secure_installation. You will be presented with the opportunity to change the MariaDB root password, remove anonymous user accounts, disable root logins outside of localhost, remove test databases, and reload privilege tables. It is recommended that you answer yes to these options:

- - - - 1

- - - - mysql_secure_installation

1. Start the MariaDB shell:

- - - - 1

- - - - mysql -u root -p

1. Create a database for your mail server and switch to it:

- - - - 1 2

- - - - CREATE DATABASE mail; USE mail;

Create a mail administration user called mail_admin and grant it permissions on the mail database. Please be sure to replace mail_admin_password with
1. GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost' IDENTIFIED BY 'mail_admin_password';
2. GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY 'mail_admin_password';
3. FLUSH PRIVILEGES;
4. Create the virtual domains table:

- - - - CREATE TABLE domains (domain varchar(50) NOT NULL, PRIMARY KEY (domain) );

1. Create a table to handle mail forwarding:

- - - - CREATE TABLE forwardings (source varchar(80) NOT NULL, destination TEXT NOT NULL, PRIMARY KEY (source) );

1. Create the users table:

- - - - CREATE TABLE users (email varchar(80) NOT NULL, password varchar(20) NOT NULL, PRIMARY KEY (email) );

1. Create a transports table:

CREATE TABLE transport ( domain varchar(128) NOT NULL default '', transport varchar(128) NOT NULL default '', UNIQUE KEY domain (domain) );
1. Exit the MariaDB shell:

- - - - 1

- - - - quit

1. Bind MariaDB to localhost (127.0.0.1) by editing /etc/my.cnf, and adding the following to the [mysqld] section of the file:
  1. 1. /etc/my.cnf

- - - - 1

- - - - bind-address=127.0.0.1

- 1. This is required for Postfix to be able to communicate with the database server. If you have MariaDB set up to listen on another IP address (such as an internal IP), you will need to substitute this IP address in place of127.0.0.1 during the Postfix configuration steps. It is not advisable to run MariaDB on a publicly-accessible IP address.

1. Restart the database server:

- - - - 1

- - - - /bin/systemctl restart mariadb.service

Next, perform additional Postfix configuration to set up communication with the database.

Configure Postfix to work with MariaDB

For the next four steps, replace mail_admin_password with themail_admin password input earlier.

1. Create a virtual domain configuration file for Postfix called/etc/postfix/mysql-virtual_domains.cf:
  1. 1. /etc/postfix/mysql-virtual_domains.cf

- - - - 1 2 3 4 5

- - - - user = mail_admin password = mail_admin_password dbname = mail query = SELECT domain AS virtual FROM domains WHERE domain='%s' hosts = 127.0.0.1

1. Create a virtual forwarding file for Postfix called /etc/postfix/mysql-virtual_forwardings.cf:
  1. 1. /etc/postfix/mysql-virtual_forwardings.cf

- - - - 1 2 3 4 5

- - - - user = mail_admin password = mail_admin_password dbname = mail query = SELECT destination FROM forwardings WHERE source='%s' hosts = 127.0.0.1

1. Create a virtual mailbox configuration file for Postfix called/etc/postfix/mysql-virtual_mailboxes.cf:
  1. 1. /etc/postfix/mysql-virtual_mailboxes.cf

- - - - user = mail_admin password = mail_admin_password dbname = mail query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email='%s' hosts = 127.0.0.1

1. Create a virtual email mapping file for Postfix called /etc/postfix/mysql-virtual_email2email.cf:
  1. 1. /etc/postfix/mysql-virtual_email2email.cf

- - - - 1 2 3 4 5

- - - - user = mail_admin password = mail_admin_password dbname = mail query = SELECT email FROM users WHERE email='%s' hosts = 127.0.0.1

1. Set proper permissions and ownership for these configuration files:

- - - - 1 2

- - - - chmod o= /etc/postfix/mysql-virtual_*.cf chgrp postfix /etc/postfix/mysql-virtual_*.cf

1. Create a user and group for mail handling. All virtual mailboxes will be stored under this user’s home directory:

- - - - 1 2

- - - - groupadd -g 5000 vmail useradd -g vmail -u 5000 vmail -d /home/vmail -m

Complete the remaining steps required for Postfix configuration. Please be sure to replace server.example.com with the Linode’s fully qualified domain name. If you are planning on using your own SSL certificate and key, replace /etc/pki/dovecot/private/dovecot.pem with the appropriate path:
1. postconf -e 'myhostname = server.example.com'
2. postconf -e 'mydestination = localhost, localhost.localdomain'
3. postconf -e 'mynetworks = 127.0.0.0/8'
4. postconf -e 'inet_interfaces = all'
5. postconf -e 'message_size_limit = 30720000'
6. postconf -e 'virtual_alias_domains ='
7. postconf -e 'virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf'
8. postconf -e 'virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf'
9. postconf -e 'virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf'
10. postconf -e 'virtual_mailbox_base = /home/vmail'
11. postconf -e 'virtual_uid_maps = static:5000'
12. postconf -e 'virtual_gid_maps = static:5000'
13. postconf -e 'smtpd_sasl_type = dovecot'
14. postconf -e 'smtpd_sasl_path = private/auth'
15. postconf -e 'smtpd_sasl_auth_enable = yes'
16. postconf -e 'broken_sasl_auth_clients = yes'
17. postconf -e 'smtpd_sasl_authenticated_header = yes'
18. postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination'
19. postconf -e 'smtpd_use_tls = yes'
20. postconf -e 'smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem'
21. postconf -e 'smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem'
22. postconf -e 'virtual_create_maildirsize = yes'
23. postconf -e 'virtual_maildir_extended = yes'
24. postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps'
25. postconf -e 'virtual_transport = dovecot'
26. postconf -e 'dovecot_destination_recipient_limit = 1'
Edit the file /etc/postfix/master.cf and add the Dovecot service to the bottom of the file:
1. 1. /etc/postfix/master.cf

- - - - dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}

1. Configure Postfix to start on boot and start the service for the first time:

- - - - 1 2

- - - - systemctl enable postfix.service /bin/systemctl start postfix.service

This completes the configuration for Postfix.

Configure Dovecot

1. Move /etc/dovecot/dovecot.conf to a backup file:

- - - - 1

- - - - mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf-backup

1. Copy the following into the now-empty dovecot.conf file, substituting your system’s domain name for example.com in line 37:
  1. 1. /etc/dovecot/dovecot.conf

- - - - 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52

- - - - protocols = imap pop3 log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = maildir:/home/vmail/%d/%n/Maildir ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem ssl_key_file = /etc/pki/dovecot/private/dovecot.pem namespace { type = private separator = . prefix = INBOX. inbox = yes } service auth { unix_listener auth-master { mode = 0600 user = vmail } unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } user = root } service auth-worker { user = root } protocol lda { log_path = /home/vmail/dovecot-deliver.log auth_socket_path = /var/run/dovecot/auth-master postmaster_address = postmaster@example.com } protocol pop3 { pop3_uidl_format = %08Xu%08Xv } passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf.ext } userdb { driver = static args = uid=5000 gid=5000 home=/home/vmail/%d/%n allow_all_users=yes }

1. MariaDB will be used to store password information, so/etc/dovecot/dovecot-sql.conf.ext must be created. Insert the following contents into the file, making sure to replace mail_admin_password with your mail password:
  1. 1. /etc/dovecot/dovecot-sql.conf.ext

- - - - driver = mysql connect = host=127.0.0.1 dbname=mail user=mail_admin password=mail_admin_password default_pass_scheme = CRYPT password_query = SELECT email as user, password FROM users WHERE email='%u';

1. Restrict access to the file by changing the permissions to allow users in thedovecot group to access it, while denying access to others:

- - - - 1 2

- - - - chgrp dovecot /etc/dovecot/dovecot-sql.conf.ext chmod o= /etc/dovecot/dovecot-sql.conf.ext

1. Configure Dovecot to start on boot, and start it for the first time:

- - - - 1 2

- - - - systemctl enable dovecot.service /bin/systemctl start dovecot.service

1. Now check /var/log/maillog to make sure Dovecot started without errors. Your log should have lines similar to the following:
  1. 1. /var/log/maillog

- - - - Mar 18 17:10:26 localhost postfix/postfix-script[3274]: starting the Postfix mail system Mar 18 17:10:26 localhost postfix/master[3276]: daemon started -- version 2.10.1, configuration /etc/postfix Mar 18 17:12:28 localhost dovecot: master: Dovecot v2.2.10 starting up for imap, pop3 (core dumps disabled)

1. Test your POP3 server to make sure it’s running properly:

- - - - 1 2

- - - - yum install telnet telnet localhost pop3

1. The terminal should output results similar to the following:

- - - - 1 2 3 4

- - - - Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. +OK Dovecot ready.

1. Enter the command quit to return to your shell. This completes the Dovecot configuration. Next, you’ll make sure aliases are configured properly.

Configure Mail Aliases

1. Edit the file /etc/aliases, making sure the postmaster and root directives are set properly for your organization:
  1. 1. /etc/aliases

- - - - 1 2

- - - - postmaster: root root: postmaster@example.com

1. Update aliases and restart Postfix:

- - - - 1 2

- - - - newaliases /bin/systemctl restart postfix.service

This completes alias configuration. Next, test Postfix to make sure it’s operating properly.

Testing Postfix

1. Test Postfix for SMTP-AUTH and TLS:

- - - - 1

- - - - telnet localhost 25

1. While still connected, issue the following command:

- - - - 1

- - - - ehlo localhost

1. You should see output similar to the following:

- - - - 1 2 3 4 5 6 7 8 9 10 11

- - - - 250-hostname.example.com 250-PIPELINING 250-SIZE 30720000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN 250-AUTH=PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN

1. Issue the command quit to terminate the Postfix connection.

Next, populate the MariaDB database with domains and email users.

Set Up and Test Domains and Users

Before continuing, modify the DNS records for any domains that you wish to handle email by adding an MX record that points to your mail server’s fully qualified domain name. If MX records already exist for a domain you would like to handle the email for, either delete them or set them to a higher priority number than your mail server. Smaller priority numbers indicate higher priority for mail delivery, with “0” being the highest priority.

In the following example, the MariaDB shell is used to add support for the domain “example.com”, which will have an email account called “sales”.

1. Log into the MariaDB shell:

- - - - 1

- - - - mysql -u root -p

1. Switch to the mail database, add support for your domain, and create an email account. Be sure to replace example.com with your domain name,sales@example.com with your chosen email, and password with a strong password:

- - - - USE mail; INSERT INTO domains (domain) VALUES ('example.com'); INSERT INTO users (email, password) VALUES ('sales@example.com', ENCRYPT('password')); quit

1. Prior to accessing any newly-created email account, a test message needs to be sent to create that user’s mailbox:

- - - - 1 2

- - - - yum install mailx mailx sales@example.com

- 1. Press Ctrl+D to complete the message. You can safely leave the field for Cc:blank. This completes the configuration for a new domain and email user.

Given the possibility for virtual hosting a large number of virtual domains on a single mail system, the username portion of an email address (i.e. before the @ sign) is not sufficient to authenticate to the mail server. When email users authenticate to the server, they must supply their email clients with the entire email address created above as their username.

Check Your Logs

After the test mail is sent, check the mail logs to make sure the mail was delivered.

1. Check the maillog located in /var/log/maillog. You should see something similar to the following:
  1. 1. /var/log/maillog

- - - - Mar 18 17:18:47 localhost postfix/cleanup[3427]: B624062FA: message-id=<20150318171847.B624062FA@example.com> Mar 18 17:18:47 localhost postfix/qmgr[3410]: B624062FA: from=<root@example.com>, size=515, nrcpt=1 (queue active) Mar 18 17:18:47 localhost postfix/pipe[3435]: B624062FA: to=<sales@example.com>, relay=dovecot, delay=0.14, delays=0.04/0.01/0/0.09, dsn=2.0.0, $ Mar 18 17:18:47 localhost postfix/qmgr[3410]: B624062FA: removed

1. Check the Dovecot delivery log located in /home/vmail/dovecot-deliver.log. The contents should look similar to the following:
  1. 1. /home/vmail/dovecot-deliver.log

- - - - deliver(<sales@example.com>): 2011-01-21 20:03:19 Info: msgid=<<20110121200319.E1D148908@hostname.example.com>>: saved mail to INBOX

Now you can test to see what the users of your email server would see with their email clients.

Test the Mailbox

1. To test the sales@example.com mailbox, navigate to the mailbox directory/home/vmail/example.com/sales/Maildir and issue the following command:

- - - - 1 2

- - - - cd /home/vmail/example.com/sales/Maildir find

1. You should see output similar to the following:

- - - - 1 2 3 4 5 6 7 8

- - - - . ./dovecot-uidlist ./cur ./new ./new/1285609582.P6115Q0M368794.li172-137 ./dovecot.index ./dovecot.index.log ./tmp

1. Test the maillbox by using a mail client. For this test, using mutt is recommended. If it is not installed by default, install it with yum install mutt, then run:

- - - - 1

- - - - mutt -f .

- 1. You may be prompted to create the root mailbox. This is not required.

1. If there is an email in the inbox, Postfix, Dovecot, and MySQL have been successfully configured! To quit mutt press q.

https://nazimkuet.wordpress.com/2015/08/26/setup-mail-server-on-centos-7-email-with-postfix-dovecot-and-mariadb-on-centos-7/

################################################################################################################

his article helps you to install and configure basic mail server on Centos 7. Here i have used Postfix for SMTP, Dovecot for POP/IMAP and Dovecot SASL for SMTP AUTH.

Before proceeding please make sure you have assigned static IP for the server and have internet connectivity for installing packages.

Setup mail server on centos 7

1. Installing packages

2. Postfix configuration

3. Dovecot configuration

4. User creation

Installing packages

Step 1 » Assign hostname for the server using the below command.

[root@krizna ~]# hostnamectl set-hostname mail.krizna.com

Step 2 » Make a host entry with your IP in /etc/hosts file.

172.27.0.51 mail.krizna.com

Step 3 » Now start installing packages.

[root@krizna ~]# yum -y install postfix dovecot

After package installation continue with postfix configuration.

Postfix configuration

First create SSL certificate for encryption.

Step 4 » Follow the below steps one by one for creation.

[root@mail ~]# mkdir /etc/postfix/ssl

[root@mail ~]# cd /etc/postfix/ssl

[root@krizna ssl]# openssl genrsa -des3 -out server.key 2048

[root@krizna ssl]# openssl rsa -in server.key -out server.key.insecure

[root@krizna ssl]# mv server.key server.key.secure

[root@krizna ssl]# mv server.key.insecure server.key

Leave blank for A challenge password [] value in the below step.

[root@krizna ssl]# openssl req -new -key server.key -out server.csr

[root@krizna ssl]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Step 5 » Now open /etc/postfix/main.cf file for changes.

Find and uncomment the below lines.

#inet_interfaces = localhost #---> line no 116

#mydestination = $myhostname, localhost.$mydomain, localhost #--> line no 164

and add below lines at the end of the file. change myhostname and mydomainvalues with yours and home_mailbox value to your desired directory. Here it will store mails in the users home directory (Eg: /home/john/mail ).

myhostname = mail.krizna.com

mydomain = krizna.com

myorigin = $mydomain

home_mailbox = mail/

mynetworks = 127.0.0.0/8

inet_interfaces = all

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/auth

smtpd_sasl_local_domain =

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_sasl_auth_enable = yes

smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

smtp_tls_security_level = may

smtpd_tls_security_level = may

smtp_tls_note_starttls_offer = yes

smtpd_tls_loglevel = 1

smtpd_tls_key_file = /etc/postfix/ssl/server.key

smtpd_tls_cert_file = /etc/postfix/ssl/server.crt

smtpd_tls_received_header = yessmtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

Step 6 » Open /etc/postfix/master.cf file, add the below lines after “smtp inet n – n – – smtpd” line.

submission inet n - n - - smtpd

-o syslog_name=postfix/submission

-o smtpd_sasl_auth_enable=yes

-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

-o milter_macro_daemon_name=ORIGINATING

smtps inet n - n - - smtpd

-o syslog_name=postfix/smtps

-o smtpd_sasl_auth_enable=yes

-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

-o milter_macro_daemon_name=ORIGINATING

Now check the configuration using postfix check command.

Step 7 » Now configure Dovecot SASL for SMTP Auth. Open /etc/dovecot/conf.d/10-master.conf file, find “# Postfix smtp-auth” line ( line no:95 ) and add the below lines.

# Postfix smtp-auth

unix_listener /var/spool/postfix/private/auth {

mode = 0660

user = postfix

group = postfix

}

Step 8 » Open /etc/dovecot/conf.d/10-auth.conf file, find “auth_mechanisms = plain” ( Line no: 100 ) and add login to the value like below.

auth_mechanisms = plain login

Step 9 » Postfix configuration is over. Now restart both postfix and dovecot services and enable auto start.

[root@mail ~]# systemctl restart postfix

[root@mail ~]# systemctl enable postfix

[root@mail ~]# systemctl restart dovecot

[root@mail ~]# systemctl enable dovecot

Step 10 » Add the firewall rules to allow 25, 587 and 465 ports.

[root@mail ~]# firewall-cmd --permanent --add-service=smtp

[root@mail ~]# firewall-cmd --permanent --add-port=587/tcp

[root@mail ~]# firewall-cmd --permanent --add-port=465/tcp

[root@mail ~]# firewall-cmd --reload

Now start testing connectivity for each ports 25,587 and 465 using telnet and make sure you are getting AUTH PLAIN LOGIN line after issuing ehlo mail.krizna.comcommand in telnet.

[root@mail ~]# telnet mail.krizna.com 465

Trying 172.27.0.51...

Connected to mail.krizna.com.

Escape character is '^]'.

220 mail.krizna.com ESMTP Postfix

ehlo mail.krizna.com <------- Type this command

250-mail.krizna.com

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-STARTTLS

250-AUTH PLAIN LOGIN

250-AUTH=PLAIN LOGIN

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

Dovecot configuration

Start configuring Dovecot .

Step 11 » Open /etc/dovecot/conf.d/10-mail.conf file, find #mail_location = (line no : 30 ) and add the same directory which is given to home_mailbox in the postfix config file ( Step 5).

mail_location = maildir:~/mail

Step 12 » Open /etc/dovecot/conf.d/20-pop3.conf file, find and uncomment the below line ( line no : 50 ) .

pop3_uidl_format = %08Xu%08Xv

Step 13 » Restart dovecot service.

[root@mail ~]# systemctl restart dovecot

Step 14 » Add firewall rules to allow 110,143,993 and 995.

[root@mail ~]# firewall-cmd --permanent --add-port=110/tcp

[root@mail ~]# firewall-cmd --permanent --add-service=pop3s

[root@mail ~]# firewall-cmd --permanent --add-port=143/tcp

[root@mail ~]# firewall-cmd --permanent --add-service=imaps

[root@mail ~]# firewall-cmd --reload

Check the connectivity for the ports 110,143,993 and 995 using telnet.

User creation

Now create user for testing .

Step 15 » Create user with /sbin/nologin shell to restrict login access.

[root@mail ~]# useradd -m john -s /sbin/nologin

[root@mail ~]# passwd john

Mail server is ready now, Configure user in your mail client and test send/receive.

http://www.krizna.com/centos/setup-mail-server-centos-7/

Page updated

Google Sites

Report abuse