How to setup mail server on centos 7.3

by · February 12, 2018

Setup mail server on centos 7.3

This article we are going to see the steps to install and configure mail server on Centos 7.3.

I have used Postfix for SMTP, Dovecot for POP/IMAP and Dovecot SASL for SMTP AUTH.

Prerequisites

  • CentOS 7.3 (Operating system used here)
  • root privileges.

Step 1: Assigning hostname for the server using the below command.

[root@webhostingchennai ~]# hostnamectl set-hostname mail.webhostingchennai.co.in

Step 2: Make a host entry with your IP in /etc/hosts file.

[root@webhostingchennai ~]# nano /etc/hosts

123.123.123.123  mail.webhostingchennai.co.in

Step 3: Let’s begin with installing the packages.

[root@webhostingchennai ~]# yum -y install postfix dovecot

After package installation continue with postfix configuration.

Postfix configuration

First create SSL certificate for encryption.

Step 4: Follow the below steps one by one for creation.

[root@webhostingchennai ~]# mkdir /etc/postfix/ssl
[root@webhostingchennai ~]# cd /etc/postfix/ssl
[root@webhostingchennai ssl]# openssl genrsa -des3 -out server.key 2048

Generating RSA private key, 2048 bit long modulus
...................+++
.....................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
Verify failure
User interface error
139715956164512:error:0906906F:PEM routines:PEM_ASN1_write_bio:read key:pem_lib.c:382:

[root@webhostingchennai ssl]#
[root@webhostingchennai ssl]# openssl rsa -in server.key -out server.key.insecure
[root@webhostingchennai ssl]# mv server.key server.key.secure
[root@webhostingchennai ssl]# mv server.key.insecure server.key

Leave blank for A challenge password [] value in the below step.

[root@webhostingchennai ssl]# openssl req -new -key server.key -out server.csr
[root@webhostingchennai ssl]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Step 5: Now open /etc/postfix/main.cf file for changes.

Find and uncomment the below lines.

# Note: you need to stop/start Postfix when this parameter changes.
#
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
inet_interfaces = localhost

. . .

. . .

mydestination = $myhostname, localhost.$mydomain, localhost

Now, add below lines at the end of the file. change myhostname and mydomain values with yours and home_mailbox value to your desired directory. Here it will store mails in the users home directory (Eg: /home/webhostchennai/mail ).

hostname = mail.webhostingchennai.co.in
mydomain = webhostingchennai.co.in
myorigin = $mydomain
home_mailbox = mail/
mynetworks = 127.0.0.0/8
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_key_file = /etc/postfix/ssl/server.key
smtpd_tls_cert_file = /etc/postfix/ssl/server.crt
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

Step 6: Open /etc/postfix/master.cf file, add the below lines after “smtp inet n – n – – smtpd” line.

mission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING

Now, check the configuration using postfix check command.

Step 7: Now configure Dovecot SASL for SMTP Auth. Open /etc/dovecot/conf.d/10-master.conf file, find “# Postfix smtp-auth” line and add the below lines.

# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}

Step 8: Open /etc/dovecot/conf.d/10-auth.conf file, find “auth_mechanisms = plain” ( Line no: 100 ) and add login to the value like below.

auth_mechanisms = plain login

Step 9: Postfix configuration is over. Now restart both postfix and dovecot services and enable auto start.

[root@webhostingchennai ~]# systemctl restart postfix
[root@webhostingchennai ~]# systemctl enable postfix
[root@webhostingchennai ~]# systemctl restart dovecot
[root@webhostingchennai ~]# systemctl enable dovecot

Step 10: Add the firewall rules to allow 25, 587 and 465 ports.

[root@webhostingchennai ~]# firewall-cmd --permanent --add-service=smtp
[root@webhostingchennai ~]# firewall-cmd --permanent --add-port=587/tcp
[root@webhostingchennai ~]# firewall-cmd --permanent --add-port=465/tcp
[root@webhostingchennai ~]# firewall-cmd --reload

Now, start testing connectivity for each ports 25,587 and 465 using telnet and make sure you are getting AUTH PLAIN LOGIN line after issuing ehlo mail.webhostingchennai.co.in command in telnet.

Dovecot configuration

Start configuring Dovecot .
Step 11: Open /etc/dovecot/conf.d/10-mail.conf file, find #mail_location = (line no : 30 ) and add the same directory which is given to home_mailbox in the postfix config file ( Step 5).

mail_location = maildir:~/mail

Step 12: Open /etc/dovecot/conf.d/20-pop3.conf file, find and uncomment the below line (line no : 50).

pop3_uidl_format = %08Xu%08Xv

Step 13:  Restart dovecot service.

[root@webhostingchennai ~]# systemctl restart dovecot

Step 14: Add firewall rules to allow 110,143,993 and 995.

[root@webhostingchennai ~]# firewall-cmd --permanent --add-port=110/tcp
[root@webhostingchennai ~]# firewall-cmd --permanent --add-service=pop3s
[root@webhostingchennai ~]# firewall-cmd --permanent --add-port=143/tcp
[root@webhostingchennai ~]# firewall-cmd --permanent --add-service=imaps
[root@webhostingchennai ~]# firewall-cmd --reload

Check the connectivity for the ports 110,143,993 and 995 using telnet.
User creation

Now create user for testing .
Step 15: Create user with /sbin/nologin shell to restrict login access.

[root@webhostingchennai ~]# useradd -m webhostchennai -s /sbin/nologin
[root@webhostingchennai ~]# passwd webhostchennai

Mail server is ready now, Configure user in your mail client and test send/receive.

setup mail server on centos

Hope this article, helps you in installing and configuring mail server in centos 7.

Please share your valuable comments to improve us.

To Installation Linux Malware Detect on centOs : Click here

Tags:

You may also like...