Skip to main content

Mail Server Configuration on Centos 7


An email server is a system or set of systems which handles the receiving and sending of email messages on the Internet. There are multiple types of email servers such as SMTP servers which use the Simple Mail Transfer Protocol that is used for e-mail transmission. An SMTP server usually runs in conjunction with an IMAP or POP3 server whose purpose is to provide e-mail retrieval and/or storage. Running an email server is not an easy task. It requires installing, configuring, understanding and maintaining a number of different services.

Postfix is a free open source mail transfer agent (MTA). It is easy to administer, fast and as well as the secure MTA. It’s an alternative to Sendmail, which is the default MTA for RHEL.

As you can imagine, there are number of different SMTP, POP3 and IMAP servers out there. In this article, we are talking Postfix, Dovecot and DKIM so we will walk you through the steps of installing and configuring an email server with Postfix, Dovecot and OpenDKIM on a CentOS 7 system.

Before proceeding any further, it is recommended to verify your host/domain name is a valid FQDN (fully qualified domain name) and it has a valid MX DNS record.

To complete this article, you will need to have root access (or sudo privileges) on the CentOS system. So, use your favorite SSH client to connect to your server. In *NIX like operating systems, you can fire up your terminal and execute:

#sshroot@YOUR_SERVER_IP -p 22

Once you're logged into your CentOS 7 system, Before install postfix, remove sendmail from the server. Because sendmail is the default MTA in Redhat/CentOS.T

# yum remove sendmail 

Add hostname entries in /etc/hosts file as shown below:
 
# vi /etc/hosts

192.168.1.101   mail.mydomain.com    mail

Install (if it's not already installed) a tool named screen using yum:
 
#yum install screen

and initiate a new screen session using the command below:

# screen -U -S postfix-dovecot-dkim

Update the System
Once you are in a screen session, it is preferred to make sure your system is fully up-to-date. So, run the following yum command to update your CentOS 7:

# yum update

Note: It is recommended to reboot your system if there's a kernel upgrade.

SSL Certificate

 You will need an SSL certificate to make the e-mail server secure and capable of communicating over SSL with other servers or clients. In our example, we are using a self-signed certificate which can be generated using the commands below:

# yum install openssl # mkdir -p /root/SSL/mydomain.com

# cd /root/SSL/mydomain.com 

# openssl genrsa -out mydomain.com.key 2048 

# openssl req -new -x509 -nodes -days 365 -key mydomain.com.key -out mydomain.com.crt


Enter your SSL certificate details like Country, City, Common Name, etc., for example:
Country Name (2 letter code) [XX]:US State or Province Name (full name) []:Oregon Locality Name (eg, city) [Default City]:Portland Organization Name (eg, company) [Default Company Ltd]:E-Mail Dept. Organizational Unit Name (eg, section) []:IT Common Name (eg, your name or your server's hostname) []:mydomain.com

Once you have the certificate and key, use the following commands to copy them to /etc/pki/tls/certs/ and /etc/pki/tls/private/ respectively:

# cp -av mydomain.com.crt /etc/pki/tls/certs/ 

# cp -av mydomain.com.key /etc/pki/tls/private/

Install Postfix

What is Postfix? It is a Mail Transfer Agent (MTA) which is responsible for transferring e-mail messages from one computer to another. An MTA has the capability to act as a client for sending e-mails or as a server for receiving e-mails via the SMTP protocol.
Install postfix using yum:

# yum install postfix

Once installed, create the /etc/mail directory, edit Postfix main configuration file /etc/postfix/main.cf and set the following configuration options:

# mkdir /etc/mail 
# vim /etc/postfix/main.cf 
   inet_interfaces = all 
   inet_protocols = ipv4 
   myhostname=mail.mydomain.com 
  mydestination = /etc/mail/my_domains, $myhostname 
 virtual_alias_maps = hash:/etc/mail/virtual 
 home_mailbox = Maildir/ 
 tls_random_source = dev:/dev/urandom 
broken_sasl_auth_clients = yes 
smtpd_sasl_auth_enable = yes 
smtpd_sasl_type = dovecot 
smtpd_sasl_path = private/auth 
smtpd_sasl_security_options = noanonymous 
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options 
smtpd_use_tls = yes 
smtpd_tls_key_file = /etc/pki/tls/private/mydomain.com.key 
smtpd_tls_cert_file = /etc/pki/tls/certs/mydomain.com.crt 
smtpd_tls_received_header = yes 
smtpd_tls_session_cache_timeout = 3600s 
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination 
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

Note: Make sure you replace galaxy.mydomain.com with your actual server's hostname. Also verify the paths used in smtpd_tls_key_file and smtpd_tls_cert_file exist.

Next, create two configuration files, /etc/mail/my_domains and /etc/mail/virtual. The first one will contain all domain names handled by Postfix and the second one will contain the virtual e-mail aliases.

# touch /etc/mail/my_domains /etc/mail/virtual 
#postmap /etc/mail/virtual 

Edit /etc/postfix/master.cf and enable the submission (587) and SSL (465) ports in Postfix: 

# vim /etc/postfix/master.cf 

submissioninet n - n - - smtpd 
smtpsinet n - n - - smtpd -o 
smtpd_tls_wrappermode=yes -o 
smtpd_sasl_auth_enable=yes

Restart the Postfix service using systemctl for the changes to take effect:

# systemctl restart postfix 
# systemctl status postfix 
# systemctl enable postfix

Add Domain, Account and Aliases
Add mydomain.com to /etc/mail/my_domains so Postfix can accept and relay email for this domain. Each domain should be added on a new line.

# echo mydomain.com >> /etc/mail/my_domains

To create a new john@mydomain.com email account on the e-mail server, you can use the following commands:

# useradd -s /sbin/nologin -m smtp
# passwd smtp

If you like to add some aliases like helpdesk@mydomain.com or sales@mydomain.com, you can use add the following to /etc/mail/virtual.

helpdesk@mydomain.com smtp

Every-time you change this configuration file, you have to postmap it and restart Postfix for the changes to take effect. For example:

# postmap /etc/mail/virtual 
# systemctl restart postfix

Install Dovecot

Before installing Dovecot, let's say a word about it. What is Dovecot? It is a POP3 and IMAP server that provides a way to Mail User Agents (MUA) like Thunderbird or Outlook, etc. to access the e-mails on the e-mail server.
Install dovecot using yum:

# yum install dovecot 

Once installed, you have to edit a few Dovecot configuration files in /etc/dovecot and add/edit some configuration parameters. 
Let's start with /etc/dovecot/conf.d/10-mail.conf and /etc/dovecot/conf.d/20-imap.conf where we'll set the mail location where the e-mails are looked up from:
# vim +/mail_location /etc/dovecot/conf.d/10-mail.conf 
  
 mail_location = maildir:~/Maildir 

# vim /etc/dovecot/conf.d/20-imap.conf 

 protocol_imap { 
             mail_location = maildir:~/Maildir
     } 

Next, edit /etc/dovecot/conf.d/10-ssl.conf and set the following parameters:

# vim +/"ssl =" /etc/dovecot/conf.d/10-ssl.conf
  ssl = yes 
  ssl_cert = </etc/pki/tls/certs/mydomain.com.crt
  ssl_key = </etc/pki/tls/private/mydomain.com.key

Note: Double check the certificate and key actually exist in the paths specified in ssl_cert and ssl_key.
In /etc/dovecot/conf.d/10-auth.conf, set disable_plaintext_auth to no and enable plain and login authentication mechanisms:

# vim +/disable_plaintext_auth /etc/dovecot/conf.d/10-auth.conf 
   disable_plaintext_auth = no 
   auth_mechanisms = plain login

We'll use Dovecot's SMTP authentication service in Postfix to authenticate the e-mail accounts, so edit /etc/dovecot/conf.d/10-master.conf and make sure the following snippet exists within service auth {} section:

# vim /etc/dovecot/conf.d/10-master.conf  
service_auth {
      # Postfix smtp-auth 
      unix_listener /var/spool/postfix/private/auth 
      mode = 0660 
      user = postfix 
      group = postfix 
  } 

Finally, let's edit /etc/dovecot/dovecot.conf, set the enabled protocols and bind Dovecot to all interfaces:

# vim +/"protocols =" /etc/dovecot/dovecot.conf  
   protocols = imap pop3 lmtp 
   listen = *

Restart the Dovecot service on the system using systemctl and add it to the system's startup:

# systemctl restart dovecot 
# systemctl status dovecot 
# systemctl enable dovecot

Setup OpenDKIM

DKIM is a digital email signing and verification technology that digitally signs the e-mails on the e-mail server. This feature can be used for further verification of the e-mail message that it was signed...
Enable EPEL Repository
You can install the EPEL repository simply by using yum as in:

# yum install https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm

Verify EPEL is enabled on the system:

# yum repolist

Install OpenDKIM using yum

# yum install opendkim

Configure OpenDKIM
 The following configuration is reasonable and should work in most setups. You are free, however, to make any changes as needed for your case.

Make a copy of the opendkimconfig file and modify it as shown below. Finally, save the file and exit vim.

# mv /etc/opendkim.conf{,.orig} 
# vim /etc/opendkim.conf 
AutoRestart Yes 
AutoRestartRate 10/1h 
LogWhy Yes 
Syslog Yes 
SyslogSuccess Yes 
Mode sv 
Canonicalization relaxed/simple 
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts 
InternalHosts refile:/etc/opendkim/TrustedHosts 
KeyTable refile:/etc/opendkim/KeyTable 
SigningTable refile:/etc/opendkim/SigningTable 
SignatureAlgorithm rsa-sha256 
Socket inet:8891@localhost 
PidFile /var/run/opendkim/opendkim.pid 
UMask 022 
UserID opendkim:opendkim 
TemporaryDirectory /var/tmp

Setup DKIM Private/Public Keys
You will now need to create the necessary DKIM private and public keys. Execute the following statements as shown.

# mkdir /etc/opendkim/keys/mydomain.com 
# opendkim-genkey -D /etc/opendkim/keys/mydomain.com/ -d mydomain.com -s mail 
# chown -R opendkim: /etc/opendkim/keys/mydomain.com 
# mv /etc/opendkim/keys/mydomain.com/mail.private /etc/opendkim/keys/mydomain.com/mail

Edit the KeyTable file:

# vim /etc/opendkim/KeyTable 
 mail._domainkey.mydomain.com mydomain.com:mail:/etc/opendkim/keys/mydomain.com/mail

Now edit the SigningTable file:
# vim /etc/opendkim/SigningTable 

*@mydomain.com mail._domainkey.mydomain.com

Add the trusted hosts in the file as shown below. Make sure you change mydomain.com with your actual domain name.

# vim /etc/opendkim/TrustedHosts 
  127.0.0.1
 mydomain.com 
mail.mydomain.com

add a TXT record in domain's zone file:

# cat /etc/opendkim/keys/mydomain.com/mail.txt

verify the DKIM TXT record using dig

# dig +short mail._domainkey.mydomain.com TXT

Integrate DKIM in Postfix

# vim /etc/postfix/main.cf 
smtpd_milters = inet:127.0.0.1:8891 
non_smtpd_milters = $smtpd_milters 
milter_default_action = accept 
milter_protocol = 2 

# systemctl restart opendkim 
# systemctl enable opendkim 
# systemctl restart postfix
# systemctl restart dovecot

And that should be it. You should now have a fully functional Postfix, Dovecot and DKIM setup, ready to send and receive DKIM signed emails for your domain.






Comments

Post a Comment

Popular posts from this blog

how to take mails backup in outlook 2007

How to take backup of mails in outlook 2007. there is a very simple way to taking backup of mails 1.Opne outlook 2007 > tools >account > data files >open folder then close all other windows and copy outlook.pst file in a safe location To restore backup 1.Opne outlook 2007 > tools >account > data files > add > and give the location of outlook.pst file.
Post a Comment
Read more

Configure Vsftpd with virtual users in Ubuntu 14.04

vsftpd is a GPL licensed FTP server for UNIX systems, including Linux. It is secure and extremely fast. It is stable. Don't take my word for it, though. Below, we will see evidence supporting all three assertions. We will also see a list of a few important sites which are happily using vsftpd. This demonstrates vsftpd is a mature and trusted solution. To configure vsftpd server  with virtual users we need to enable PAM for vsftpd. apt-get install vsftpd libpam-pwdfile Now configure vsftpd to use PAM authentication vim  /etc/vsftpd.conf then paste in the following listen=YES anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 local_root=/var/www chroot_local_user=YES allow_writeable_chroot=YES hide_ids=YES #virutal user settings user_config_dir=/etc/vsftpd_user_conf guest_enable=YES virtual_use_local_privs=YES pam_service_name=vsftpd nopriv_user=vsftpd guest_username=vsftpd Now create users - You can either use a data...
Post a Comment
Read more

AWS Certification RoadMap

Post a Comment
Read more