ALL
-------
PHP 7.1 on CentOS/RHEL 7
Postfix admin support PHP version 7.1
# yum -y install httpd*
systemctl enable httpd.service
systemctl restart httpd.service
yum install epel-release
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
Install PHP 7 on CentOS
## Install PHP 7.1
yum --enablerepo=remi-php71 install php
# php -v
PHP 7.4.1 (cli) (built: Dec 17 2019 16:35:58) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
### For PHP 7.1
yum --enablerepo=remi-php71 install php-mysql php-imap php-xml php-soap php-xmlrpc php-mbstring php-json php-gd php-mcrypt php-pear php-pear-DB php-ldap php-imagick php-pspell php-curl -y
PHP 7.x on RHEL 8 / CentOS 8
dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm -y
dnf module list php
dnf -y install dnf-plugins-core
Enable latest PHP Module Stream (remi-7.4)
dnf -y module enable php:remi-7.4
following dnf command to install PHP 7.4,
dnf install -y php-imap php-mbstring php-mysqlnd php-json php-curl php-zip php-xml php-bz2 php-intl php-gmp php-opcache php-gd php-mysqlnd
php -v
systemctl start php-fpm
systemctl enable php-fpm
Install and start MariaDB 10
# cd /etc/yum.repos.d
The MariaDB Repository Configuration
# curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
# yum -y install mariadb mariadb-server
systemctl enable --now mariadb
systemctl restart mariadb.service
# mysql_secure_installation
<---Enter
You already have your root account protected, so you can safely answer 'n'.
Switch to unix_socket authentication [Y/n] y
Enabled successfully!
Reloading privilege tables..
... Success!
You already have your root account protected, so you can safely answer 'n'.
Change the root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
y - y -y -y = Yes
# mysql -u root -p
# cp /etc/php.ini /etc/php.ini.ORG
# vi /etc/php.ini
…………
846 upload_max_file = 32M
694 post_max_size = 48M
409 memory_limit = 256M
388 max_execution_time = 600
405 max_input_vars = 3000
398 max_input_time = 1000
923 date.timezone = Asia/Dhaka
# systemctl restart httpd
Create system user
user = vmail
group = mail
For security reasons, we will create a new system user who will be the owner of all mailboxes.
useradd -r -u 150 -g mail -d /home/vmail -s /sbin/nologin -c "Virtual Mail User" vmail mkdir -p /home/vmail chmod -R 770 /home/vmail chown -R vmail:mail /home/vmail
create a database for our postfixadminHQ instance.
mysql -uroot -p
MariaDB [(none)]> CREATE DATABASE postfixadmin;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON postfixadmin.* TO 'postfixadmin'@'localhost' IDENTIFIED BY 'strong_password';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> exit
# cd /var/www/html
wget -q -O - "https://github.com/postfixadmin/postfixadmin/archive/postfixadmin-3.2.3.tar.gz" | tar -xzf - -C /var/www/html
wget -q -O - "https://sourceforge.net/projects/postfixadmin/files/latest/download -O postfixadmin.tar.gz" | tar -xzf - -C /var/www/html
[root@mail html]# mv postfixadmin-3.2 postfixadmin
Postfixadmin3.2.3
# cp /var/www/html/postfixadmin/config.inc.php /var/www/html/postfixadmin/config.inc.php.ORG
# vi /var/www/html/postfixadmin/config.inc.php
$CONF['configured'] = true; # line 25: change
$CONF['setup_password'] = 'xxxxxxxxxx'; # line 30:
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfixadmin';
$CONF['database_password'] = 'strong_password';
$CONF['database_name'] = 'postfixadmin';
$CONF['domain_path'] = 'NO';
$CONF['domain_in_mailbox'] = 'YES';
$CONF['page_size'] = '100';
$CONF['aliases'] = '0';$CONF['mailboxes'] = '0';$CONF['maxquota'] = '0';$CONF['domain_quota_default'] = '0';
If you use Apache web server, create a virtual host for PostfixAdmin.
[root@mail ~]# vi /etc/httpd/conf.d/postfixadmin.conf
Alias /postfixadmin /var/www/html/postfixadmin/public
<Directory /var/www/html/postfixadmin/public/>
Order Deny,Allow
Deny from all
# IP address you permit to access
Allow from all
</Directory>
mkdir -p /var/www/html/postfixadmin/templates_c chmod 777 /var/www/html/postfixadmin/templates_c cd /var/www/html/ chown -R root.apache postfixadmin
[root@mail ~]# chgrp -R apache /var/www/html/postfixadmin/templates_c
systemctl restart httpd
Creat Admin Passwd-command:
bash /var/www/html/postfixadmin/scripts/postfixadmin-cli admin add admin@your_domain_name.com --password mysql_password --password2 mysql_password --superadmin 1 --active 1
http://(your server's hostname or IP address)/postfixadmin/setup.php
Creat Password
# vi /var/www/html/postfixadmin/config.inc.php
$CONF['setup_password'] = 'set passwd';
Install and Configure Dovecot
Install dovecot with MySQL support using the command bellow:
yum install dovecot* dovecot-lmtpd dovecot-mysql
yum install dovecot* dovecot-lmtpd dovecot-mysql -y
# cd /etc/dovecot/conf.d/
cp 10-auth.conf 10-auth.conf.ORG
cp 10-mail.conf 10-mail.conf.ORG
cp 10-master.conf 10-master.conf.ORG
cp 10-ssl.conf 10-ssl.conf.ORG
cp 15-lda.conf 15-lda.conf.ORG
cp 20-lmtp.conf 20-lmtp.conf.ORG
cp 20-managesieve.conf 20-managesieve.conf.ORG
cp 90-sieve.conf 90-sieve.conf.ORG
cp 90-acl.conf 90-acl.conf.ORG
Open the /etc/dovecot/conf.d/10-mail.conf file and change the following values:
vi /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:/home/vmail/%d/%n mail_privileged_group = mail mail_uid = vmail mail_gid = mail first_valid_uid = 150 last_valid_uid = 150
Open the /etc/dovecot/conf.d/10-auth.conf file and change the following values:
vi /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no
auth_mechanisms = plain login #!include auth-system.conf.ext !include auth-sql.conf.ext
Create a new dovecot-sql.conf.ext file:
vi /etc/dovecot/dovecot-sql.conf.ext
driver = mysql connect = host=localhost dbname=postfixadmin user=postfixadmin password=strong_password default_pass_scheme = MD5-CRYPT password_query = SELECT username as user, password, '/home/vmail/%d/%n' as userdb_home, 'maildir:/home/vmail/%d/%n' as userdb_mail, 150 as userdb_uid, 8 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1' user_query = SELECT '/home/vmail/%d/%u' as home, 'maildir:/home/vmail/%d/%u' as mail, 150 AS uid, 8 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
In the vi /etc/dovecot/conf.d/10-ssl.conf file enable SSL support:
ssl = yes
Open the /etc/dovecot/conf.d/15-lda.conf file and set the postmaster_address email address.
postmaster_address = postmaster@worldcm.net
-----------------------------------------------------------------------------------
[root@mail ~]# vi /etc/dovecot/conf.d/10-master.conf
service imap-login {
inet_listener imap {
#port = 143
}
inet_listener imaps {
#port = 993
#ssl = yes
}
# Number of connections to handle before starting a new process. Typically
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
# is faster. <doc/wiki/LoginProcess.txt>
#service_count = 1
# Number of processes to always keep waiting for more connections.
#process_min_avail = 0
# If you set service_count=0, you probably need to grow this.
#vsz_limit = $default_vsz_limit
}
service pop3-login {
inet_listener pop3 {
#port = 110
}
inet_listener pop3s {
#port = 995
#ssl = yes
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
}
# Create inet listener only if you can't use the above UNIX socket
#inet_listener lmtp {
# Avoid making LMTP visible for the entire internet
#address =
#port =
#}
service imap {
# Most of the memory goes to mmap()ing files. You may need to increase this
# limit if you have huge mailboxes.
#vsz_limit = $default_vsz_limit
# Max. number of IMAP processes (connections)
#process_limit = 1024
}
service pop3 {
# Max. number of POP3 processes (connections)
#process_limit = 1024
}
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
#group = vmail
}
user = dovecot
}
# Postfix smtp-auth
#unix_listener /var/spool/postfix/private/auth {
# mode = 0666
#}
# Auth process is run as this user.
#user = $default_internal_user
service auth-worker {
user = vmail
}
service dict {
# If dict proxy is used, mail processes should have access to its socket.
# For example: mode=0660, group=vmail and global mail_access_groups=vmail
unix_listener dict {
#mode = 0600
#user =
#group =
}
}
-----------------------------------------------------------------------------------
Open the vi /etc/dovecot/conf.d/10-master.conf file, find the service lmtp section and change it to:
service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { mode = 0600 user = postfix group = postfix } }
find the service auth section and change it to:
service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } unix_listener auth-userdb { mode = 0600 user = vmail #group = vmail } user = dovecot }
Change the service auth-worker section to the following:
service auth-worker { user = vmail }
-----------------------------------------x-----------------------------------------
Set the permissions:
chown -R vmail:dovecot /etc/dovecot chmod -R o-rwx /etc/dovecot
Enable and restart the dovecot service
systemctl enable dovecot systemctl restart dovecot
Install and configure Spamassassin
Install spamassassin using the command bellow:
yum install spamassassin
Create a spamassassin system user:
groupadd spamd useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd chown spamd:spamd /var/log/spamassassin
Configure Postfix to use SpamAssassin
Open the master.cf file and edit as follows:
vi /etc/postfix/master.cf
change
smtp inet n - n - - smtpd
with
smtp inet n - n - - smtpd -o content_filter=spamassassin
add the following line at the end of the file:
spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
Enable and restart the spamassassin service
systemctl enable spamassassin systemctl restart spamassassin
# yum -y install postfix*
# mkdir -p /etc/postfix/sql/
# cd /etc/postfix
touch body_checks
touch recipient_bcc
touch sender_bcc
touch block_attachments
cp /etc/aliases /etc/postfix/aliases
cp main.cf main.cf.ORG
cp master.cf master.cf.ORG
cp aliases aliases.ORG
cp access access.ORG
Block # LINE main.cf
116 #inet_interfaces = localhost
inet_interfaces = all
119 # inet_protocols = all
inet_protocols = ipv4
164 #mydestination = $myhostname, localhost.$mydomain, localhost
mydestination = localhost
386 #alias_maps = hash:/etc/aliases
397 #alias_database = hash:/etc/aliases
inet_protocols = ipv4
header_checks = pcre:/etc/postfix/header_checks
body_checks = pcre:/etc/postfix/body_checks
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = pcre:/etc/postfix/block_attachments
sender_bcc_maps = hash:/etc/postfix/sender_bcc
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
myhostname = mail.worldcm.net
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
virtual_alias_maps =
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf,
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf,
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
virtual_mailbox_maps =
proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf,
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_limit_maps.cf
mynetworks = 127.0.0.0/8, [::1]/128
virtual_transport = lmtp:unix:private/dovecot-lmtp
message_size_limit = 51200000
smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt
smtpd_tls_key_file = /etc/pki/tls/certs/server.key
#smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_banner = $myhostname ESMTP
bounce_queue_lifetime = 1d
smtpd_helo_required = yes
disable_vrfy_command = yes
#receive_override_options = no_address_mappings
enable_original_recipient = no
#SMTPD CLIENT RESTRICTIONS
smtpd_client_restrictions =
permit_mynetworks,
check_client_access hash:/etc/postfix/access,
reject_unauth_pipelining,
permit_inet_interfaces
#SMTPD ETRN RESTRICTIONS
smtpd_etrn_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject
# SMTPD SENDER RESTRICTIONS
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_sender_access hash:/etc/postfix/access,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch,
reject_unlisted_sender,
reject_unauth_pipelining,
reject_non_fqdn_hostname,
reject_unauth_destination
######Faruq
smtpd_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_invalid_hostname,
permit
##### SMTPD RECIPIENT RESTRICTIONS ,
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_invalid_hostname,
check_recipient_access hash:/etc/postfix/access,
check_client_access hash:/etc/postfix/access,
check_sender_access hash:/etc/postfix/access,
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_unknown_recipient_domain,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unlisted_recipient,
reject_multi_recipient_bounce
# vi /etc/postfix/master.cf
# ==========================================================================
smtp inet n - n - - smtpd -o content_filter=spamassassin
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
#### Add this line last
spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
------