ALL

-------

PHP 7.1 on CentOS/RHEL 7

Postfix admin support PHP version 7.1

# yum -y install httpd*

systemctl enable httpd.service

systemctl restart httpd.service

yum install epel-release

rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm

Install PHP 7 on CentOS

## Install PHP 7.1

yum --enablerepo=remi-php71 install php

# php -v

PHP 7.4.1 (cli) (built: Dec 17 2019 16:35:58) ( NTS )

Zend Engine v3.4.0, Copyright (c) Zend Technologies

### For PHP 7.1

yum --enablerepo=remi-php71 install php-mysql php-imap php-xml php-soap php-xmlrpc php-mbstring php-json php-gd php-mcrypt php-pear php-pear-DB php-ldap php-imagick php-pspell php-curl -y

PHP 7.x on RHEL 8 / CentOS 8

dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm -y

dnf module list php

dnf -y install dnf-plugins-core

Enable latest PHP Module Stream (remi-7.4)

dnf -y module enable php:remi-7.4

following dnf command to install PHP 7.4,

dnf install -y php-imap php-mbstring php-mysqlnd php-json php-curl php-zip php-xml php-bz2 php-intl php-gmp php-opcache php-gd php-mysqlnd

php -v

systemctl start php-fpm

systemctl enable php-fpm

Install and start MariaDB 10

# cd /etc/yum.repos.d

The MariaDB Repository Configuration

# curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash

# yum -y install mariadb mariadb-server

systemctl enable --now mariadb

systemctl restart mariadb.service

# mysql_secure_installation

<---Enter

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] y

Enabled successfully!

Reloading privilege tables..

... Success!

You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n] y

New password:

Re-enter new password:

Password updated successfully!

Reloading privilege tables..

... Success!

y - y -y -y = Yes

# mysql -u root -p

# cp /etc/php.ini /etc/php.ini.ORG

# vi /etc/php.ini

…………

846 upload_max_file = 32M

694 post_max_size = 48M

409 memory_limit = 256M

388 max_execution_time = 600

405 max_input_vars = 3000

398 max_input_time = 1000

923 date.timezone = Asia/Dhaka

# systemctl restart httpd

Create system user

user = vmail

group = mail

For security reasons, we will create a new system user who will be the owner of all mailboxes.

useradd -r -u 150 -g mail -d /home/vmail -s /sbin/nologin -c "Virtual Mail User" vmail mkdir -p /home/vmail chmod -R 770 /home/vmail chown -R vmail:mail /home/vmail

create a database for our postfixadminHQ instance.

mysql -uroot -p

MariaDB [(none)]> CREATE DATABASE postfixadmin;

MariaDB [(none)]> GRANT ALL PRIVILEGES ON postfixadmin.* TO 'postfixadmin'@'localhost' IDENTIFIED BY 'strong_password';

MariaDB [(none)]> FLUSH PRIVILEGES;

MariaDB [(none)]> exit

# cd /var/www/html

wget -q -O - "https://github.com/postfixadmin/postfixadmin/archive/postfixadmin-3.2.3.tar.gz" | tar -xzf - -C /var/www/html

wget -q -O - "https://sourceforge.net/projects/postfixadmin/files/latest/download -O postfixadmin.tar.gz" | tar -xzf - -C /var/www/html

[root@mail html]# mv postfixadmin-3.2 postfixadmin

Postfixadmin3.2.3

# cp /var/www/html/postfixadmin/config.inc.php /var/www/html/postfixadmin/config.inc.php.ORG

# vi /var/www/html/postfixadmin/config.inc.php

$CONF['configured'] = true; # line 25: change

$CONF['setup_password'] = 'xxxxxxxxxx'; # line 30:

$CONF['database_type'] = 'mysqli';

$CONF['database_host'] = 'localhost';

$CONF['database_user'] = 'postfixadmin';

$CONF['database_password'] = 'strong_password';

$CONF['database_name'] = 'postfixadmin';

$CONF['domain_path'] = 'NO';

$CONF['domain_in_mailbox'] = 'YES';

$CONF['page_size'] = '100';

$CONF['aliases'] = '0';$CONF['mailboxes'] = '0';$CONF['maxquota'] = '0';$CONF['domain_quota_default'] = '0';

If you use Apache web server, create a virtual host for PostfixAdmin.

[root@mail ~]# vi /etc/httpd/conf.d/postfixadmin.conf

Alias /postfixadmin /var/www/html/postfixadmin/public

Order Deny,Allow

Deny from all

# IP address you permit to access

Allow from all

</Directory>

mkdir -p /var/www/html/postfixadmin/templates_c chmod 777 /var/www/html/postfixadmin/templates_c cd /var/www/html/ chown -R root.apache postfixadmin

[root@mail ~]# chgrp -R apache /var/www/html/postfixadmin/templates_c

systemctl restart httpd

Creat Admin Passwd-command:

bash /var/www/html/postfixadmin/scripts/postfixadmin-cli admin add admin@your_domain_name.com --password mysql_password --password2 mysql_password --superadmin 1 --active 1

http://(your server's hostname or IP address)/postfixadmin/setup.php

Creat Password

# vi /var/www/html/postfixadmin/config.inc.php

$CONF['setup_password'] = 'set passwd';

Install and Configure Dovecot

Install dovecot with MySQL support using the command bellow:

yum install dovecot* dovecot-lmtpd dovecot-mysql

yum install dovecot* dovecot-lmtpd dovecot-mysql -y

# cd /etc/dovecot/conf.d/

cp 10-auth.conf 10-auth.conf.ORG

cp 10-mail.conf 10-mail.conf.ORG

cp 10-master.conf 10-master.conf.ORG

cp 10-ssl.conf 10-ssl.conf.ORG

cp 15-lda.conf 15-lda.conf.ORG

cp 20-lmtp.conf 20-lmtp.conf.ORG

cp 20-managesieve.conf 20-managesieve.conf.ORG

cp 90-sieve.conf 90-sieve.conf.ORG

cp 90-acl.conf 90-acl.conf.ORG

Open the /etc/dovecot/conf.d/10-mail.conf file and change the following values:

vi /etc/dovecot/conf.d/10-mail.conf

mail_location = maildir:/home/vmail/%d/%n mail_privileged_group = mail mail_uid = vmail mail_gid = mail first_valid_uid = 150 last_valid_uid = 150

Open the /etc/dovecot/conf.d/10-auth.conf file and change the following values:

vi /etc/dovecot/conf.d/10-auth.conf

disable_plaintext_auth = no

auth_mechanisms = plain login #!include auth-system.conf.ext !include auth-sql.conf.ext

Create a new dovecot-sql.conf.ext file:

vi /etc/dovecot/dovecot-sql.conf.ext

driver = mysql connect = host=localhost dbname=postfixadmin user=postfixadmin password=strong_password default_pass_scheme = MD5-CRYPT password_query = SELECT username as user, password, '/home/vmail/%d/%n' as userdb_home, 'maildir:/home/vmail/%d/%n' as userdb_mail, 150 as userdb_uid, 8 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1' user_query = SELECT '/home/vmail/%d/%u' as home, 'maildir:/home/vmail/%d/%u' as mail, 150 AS uid, 8 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'

In the vi /etc/dovecot/conf.d/10-ssl.conf file enable SSL support:

ssl = yes

Open the /etc/dovecot/conf.d/15-lda.conf file and set the postmaster_address email address.

postmaster_address = postmaster@worldcm.net

-----------------------------------------------------------------------------------

[root@mail ~]# vi /etc/dovecot/conf.d/10-master.conf

service imap-login {

inet_listener imap {

#port = 143

}

inet_listener imaps {

#port = 993

#ssl = yes

}

# Number of connections to handle before starting a new process. Typically

# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0

# is faster. <doc/wiki/LoginProcess.txt>

#service_count = 1

# Number of processes to always keep waiting for more connections.

#process_min_avail = 0

# If you set service_count=0, you probably need to grow this.

#vsz_limit = $default_vsz_limit

}

service pop3-login {

inet_listener pop3 {

#port = 110

}

inet_listener pop3s {

#port = 995

#ssl = yes

}

service lmtp {

unix_listener /var/spool/postfix/private/dovecot-lmtp {

mode = 0600

user = postfix

group = postfix

}

# Create inet listener only if you can't use the above UNIX socket

#inet_listener lmtp {

# Avoid making LMTP visible for the entire internet

#address =

#port =

service imap {

# Most of the memory goes to mmap()ing files. You may need to increase this

# limit if you have huge mailboxes.

#vsz_limit = $default_vsz_limit

# Max. number of IMAP processes (connections)

#process_limit = 1024

}

service pop3 {

# Max. number of POP3 processes (connections)

#process_limit = 1024

}

service auth {

unix_listener /var/spool/postfix/private/auth {

mode = 0666

user = postfix

group = postfix

}

unix_listener auth-userdb {

mode = 0600

user = vmail

#group = vmail

}

user = dovecot

}

# Postfix smtp-auth

#unix_listener /var/spool/postfix/private/auth {

# mode = 0666

# Auth process is run as this user.

#user = $default_internal_user

service auth-worker {

user = vmail

}

service dict {

# If dict proxy is used, mail processes should have access to its socket.

# For example: mode=0660, group=vmail and global mail_access_groups=vmail

unix_listener dict {

#mode = 0600

#user =

#group =

}

-----------------------------------------------------------------------------------

Open the vi /etc/dovecot/conf.d/10-master.conf file, find the service lmtp section and change it to:

service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { mode = 0600 user = postfix group = postfix } }

find the service auth section and change it to:

service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } unix_listener auth-userdb { mode = 0600 user = vmail #group = vmail } user = dovecot }

Change the service auth-worker section to the following:

service auth-worker { user = vmail }

-----------------------------------------x-----------------------------------------

Set the permissions:

chown -R vmail:dovecot /etc/dovecot chmod -R o-rwx /etc/dovecot

Enable and restart the dovecot service

systemctl enable dovecot systemctl restart dovecot

Install and configure Spamassassin

Install spamassassin using the command bellow:

yum install spamassassin

Create a spamassassin system user:

groupadd spamd useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd chown spamd:spamd /var/log/spamassassin

Configure Postfix to use SpamAssassin

Open the master.cf file and edit as follows:

vi /etc/postfix/master.cf

change

smtp inet n - n - - smtpd

with

smtp inet n - n - - smtpd -o content_filter=spamassassin

add the following line at the end of the file:

spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

Enable and restart the spamassassin service

systemctl enable spamassassin systemctl restart spamassassin

# yum -y install postfix*

# mkdir -p /etc/postfix/sql/

# cd /etc/postfix

touch body_checks

touch recipient_bcc

touch sender_bcc

touch block_attachments

cp /etc/aliases /etc/postfix/aliases

cp main.cf main.cf.ORG

cp master.cf master.cf.ORG

cp aliases aliases.ORG

cp access access.ORG

Block # LINE main.cf

116 #inet_interfaces = localhost

inet_interfaces = all

119 # inet_protocols = all

inet_protocols = ipv4

164 #mydestination = $myhostname, localhost.$mydomain, localhost

mydestination = localhost

386 #alias_maps = hash:/etc/aliases

397 #alias_database = hash:/etc/aliases

inet_protocols = ipv4

header_checks = pcre:/etc/postfix/header_checks

body_checks = pcre:/etc/postfix/body_checks

header_checks = regexp:/etc/postfix/header_checks

mime_header_checks = pcre:/etc/postfix/block_attachments

sender_bcc_maps = hash:/etc/postfix/sender_bcc

recipient_bcc_maps = hash:/etc/postfix/recipient_bcc

myhostname = mail.worldcm.net

virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf

virtual_alias_maps =

proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf,

proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf,

proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf

virtual_mailbox_maps =

proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf,

proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf

virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_limit_maps.cf

mynetworks = 127.0.0.0/8, [::1]/128

virtual_transport = lmtp:unix:private/dovecot-lmtp

message_size_limit = 51200000

smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt

smtpd_tls_key_file = /etc/pki/tls/certs/server.key

#smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache

smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache

smtpd_use_tls = yes

smtpd_tls_auth_only = yes

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/auth

smtpd_sasl_auth_enable = yes

smtpd_banner = $myhostname ESMTP

bounce_queue_lifetime = 1d

smtpd_helo_required = yes

disable_vrfy_command = yes

#receive_override_options = no_address_mappings

enable_original_recipient = no

#SMTPD CLIENT RESTRICTIONS

smtpd_client_restrictions =

permit_mynetworks,

check_client_access hash:/etc/postfix/access,

reject_unauth_pipelining,

permit_inet_interfaces

#SMTPD ETRN RESTRICTIONS

smtpd_etrn_restrictions =

permit_mynetworks,

permit_sasl_authenticated,

reject

# SMTPD SENDER RESTRICTIONS

smtpd_sender_restrictions =

permit_mynetworks,

permit_sasl_authenticated,

check_sender_access hash:/etc/postfix/access,

reject_non_fqdn_sender,

reject_unknown_sender_domain,

reject_sender_login_mismatch,

reject_unauthenticated_sender_login_mismatch,

reject_unlisted_sender,

reject_unauth_pipelining,

reject_non_fqdn_hostname,

reject_unauth_destination

######Faruq

smtpd_helo_restrictions = permit_mynetworks,

permit_sasl_authenticated,

reject_non_fqdn_hostname,

reject_invalid_hostname,

permit

##### SMTPD RECIPIENT RESTRICTIONS ,

smtpd_recipient_restrictions =

permit_mynetworks,

permit_sasl_authenticated,

reject_unauth_destination,

reject_invalid_hostname,

check_recipient_access hash:/etc/postfix/access,

check_client_access hash:/etc/postfix/access,

check_sender_access hash:/etc/postfix/access,

reject_unauth_pipelining,

reject_non_fqdn_sender,

reject_unknown_recipient_domain,

reject_non_fqdn_recipient,

reject_unknown_sender_domain,

reject_unlisted_recipient,

reject_multi_recipient_bounce

# vi /etc/postfix/master.cf

# ==========================================================================

smtp inet n - n - - smtpd -o content_filter=spamassassin

#smtp inet n - n - 1 postscreen

#smtpd pass - - n - - smtpd

#dnsblog unix - - n - 0 dnsblog

#tlsproxy unix - - n - 0 tlsproxy

submission inet n - n - - smtpd

-o syslog_name=postfix/submission

-o smtpd_tls_security_level=encrypt

-o smtpd_sasl_auth_enable=yes

# -o smtpd_reject_unlisted_recipient=no

# -o smtpd_client_restrictions=$mua_client_restrictions

# -o smtpd_helo_restrictions=$mua_helo_restrictions

# -o smtpd_sender_restrictions=$mua_sender_restrictions

-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

-o milter_macro_daemon_name=ORIGINATING

smtps inet n - n - - smtpd

-o syslog_name=postfix/smtps

-o smtpd_tls_wrappermode=yes

-o smtpd_sasl_auth_enable=yes

# -o smtpd_reject_unlisted_recipient=no

# -o smtpd_client_restrictions=$mua_client_restrictions

# -o smtpd_helo_restrictions=$mua_helo_restrictions

# -o smtpd_sender_restrictions=$mua_sender_restrictions

-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

-o milter_macro_daemon_name=ORIGINATING

#628 inet n - n - - qmqpd

#### Add this line last

spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

------