How to Install and configure mail-server (Postfix, Dovecot, MariaDB/MySQL) in CentOS/RHEL 7
Содержание
It is assumed that you have already installed and configured Apache, PHP/MySQL and MariaDB. Instructions for setting up can be read at this link.
Installing PostfixAdmin
Download archive with PostfixAdmin, unpack and let its contents in different folders:
$ wget http://sourceforge.net/projects/postfixadmin/files/latest/download?source=files -O postfixadmin.tar.gz
$ tar zxvf postfixadmin.tar.gz --no-same-owner --no-same-permissions --directory=/usr/share
$ rm -f postfixadmin.tar.gz
$ ln -s /usr/share/postfixadmin-2.92 /usr/share/postfixadmin
$ chcon -u system_u /usr/share/postfixadmin* -R
$ mkdir /usr/share/doc/postfixadmin-2.92
$ chcon -u system_u /usr/share/doc/postfixadmin-2.92
$ mv /usr/share/postfixadmin/{ADDITIONS,DOCUMENTS,VIRTUAL_VACATION} /usr/share/doc/postfixadmin-2.92
$ rm -rf /usr/share/postfixadmin/debian
$ chcon -t httpd_sys_rw_content_t /usr/share/postfixadmin/templates_c
$ chown root:apache /usr/share/postfixadmin/templates_c
$ chmod g+w /usr/share/postfixadmin/templates_c
$ mkdir /etc/postfixadmin
$ touch /etc/postfixadmin/config.local.php
$ chown root:apache /etc/postfixadmin/config.local.php
$ chmod 0640 /etc/postfixadmin/config.local.php
$ chcon -u system_u /etc/postfixadmin -R
$ chcon -t httpd_sys_content_t /etc/postfixadmin/config.local.php
$ ln -s /etc/postfixadmin/config.local.php /usr/share/postfixadmin/
$ chcon -u system_u /usr/share/postfixadmin/config.local.php -R
Now let’s create the MySQL database which will store information on postal users:
$ mysql -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 10 Server version: 5.5.40-MariaDB MariaDB Server Copyright (c) 2000, 2014, Oracle, Monty Program Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE `%VMailDB%` DEFAULT CHARACTER SET utf8; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> CREATE USER '%VMailUser%'@'localhost' IDENTIFIED BY '%VMailPassWord%'; Query OK, 0 rows affected (0.03 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON `%VMailDB%`.* TO '%VMailUser%'@'localhost'; Query OK, 0 rows affected (0.03 sec) MariaDB [(none)]> \q Bye
Let’s agree that here and below instead of %VMailDB% and %VMailUser% and %VMailPassWord% to enter the database name, user name, and password. No percent sign!
Write the data to the created database in the configuration file and make a few extra PostfixAdmin settings:
$ nano -w /etc/postfixadmin/config.local.php
<?php
$CONF['configured'] = true;
$CONF['setup_password'] = 'changeme';
$CONF['default_language'] = 'en';
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = '%VMailUser%';
$CONF['database_password'] = '%VMailPassWord%';
$CONF['database_name'] = '%VMailDB%';
$CONF['admin_email'] = 'postmaster@example.com';
$CONF['page_size'] = '50';
$CONF['default_aliases'] = array (
'MAILER-DAEMON' => 'postmaster@example.com',
'abuse' => 'postmaster@example.com',
'postmaster' => 'hostmaster@example.com',
'webmaster' => 'hostmaster@example.com',
'hostmaster' => 'root@example.com',
'root' => 'admin@example.com'
);
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';
$CONF['transport'] = 'YES';
$CONF['transport_options'] = array (
'dovecot', // for virtual accounts
'virtual', // for virtual accounts
'local', // for system accounts
'relay' // for backup mx
);
$CONF['transport_default'] = 'dovecot';
$CONF['vacation'] = 'NO';
$CONF['vacation_control'] = 'NO';
$CONF['vacation_control_admin'] = 'NO';
$CONF['backup'] = 'YES';
$CONF['sendmail'] = 'YES';
$CONF['logging'] = 'YES';
$CONF['fetchmail'] = 'YES';
$CONF['fetchmail_extra_options'] = 'YES';
$CONF['footer_text'] = 'Return to mail.example.com';
$CONF['footer_link'] = 'http://mail.example.com';
$CONF['used_quotas'] = 'YES';
$CONF['new_quota_table'] = 'YES';
Connect PostfixAdmin to Apache Web server:
$ nano -w /etc/httpd/conf.d/postfixadmin.conf
# postfixadmin - Web based Management tool created for Postfix.
#
# Allows only localhost by default
#
# But allowing postfixadmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL
Alias /postfixadmin /usr/share/postfixadmin
<Directory /usr/share/postfixadmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 127.0.0.1
Require ip ::1
Require ip 192.168.0.0/16
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
Allow from 192.168.0.0/16
</IfModule>
</Directory>
$ chcon -u system_u /etc/httpd/conf.d/postfixadmin.conf
$ systemctl reload httpd.service
Open the link in your browser https://mail.example.com/postfixadmin/setup.php
Check whether written anytime OK in requirements. Next, set the password to change settings and save to the file hash of the resulting /etc/postfixadmin/config.local.php
$ nano -w /etc/postfixadmin/config.local.php $CONF['setup_password'] = 'd2aec49ec9b65d5e606ea7ddcdb78d3a:831aa5735816eb6480232a93e859a1de84aec174';
Now open the browser again link https://mail.example.com/postfixadmin/setup.php, enter a password and create the Admin account.
The administrator account has been created, open the PostfixAdmin at https://mail.example.com/postfixadmin/ and enter the administrators data. Our goal is to create a domain and user mailboxes.
To create a domain, choose «Domain List» and click «New Domain». Fill in the form (in the «Transport» you should choose «dovecot») and click on the «Add Domain» button.
After you create a domain-create users and aliases. To do this, choose «Virtual List» and click «Add Mailbox». Fill in the form and click on the button «Add Mailbox». The default domain is created, a number of system aliases, mail with which eventually redirect to the address admin@example.com. You must now create a redirect with the name admin@example.com to e-mail the administrator. To do this, choose «Virtual List» and click «Add Alias». Enter admin in the Alias field, in the «To» box, enter the full address to redirect, and click on the button «Add Alias».
Now open the list of mailboxes and aliases created by selecting «Virtual List» in menu «Virtual List». If everything is OK, proceed to further configure your mail system.
Fix PostfixAdmin work with Russian symbols
- Firstly correct character set in MySQL tables:
$ echo "ALTER DATABASE \`%VMailDB%\` CHARACTER SET utf8;" >temp.txt $ echo "ALTER TABLE \`%VMailDB%\`.\`quota\` DROP PRIMARY KEY, ADD PRIMARY KEY (`username`) COMMENT '';" >>temp.txt $ mysql -u root -p --database=%VMailDB% -B -N -e "SHOW TABLES" | awk '{print "SET foreign_key_checks = 0; ALTER TABLE", $1, "CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci; SET foreign_key_checks = 1; "}' >>temp.txt $ mysql -u root -p --database=%VMailDB% <temp.txt $ rm -f temp.txt - And now the correct php scripts PostfixAdmin to work properly with UTF-8:
Fix to all calls to the functionhtmlentitiesin the directories/usr/share/postfixadminand/usr/share/postfixadmin/templates, you need to add the two arguments|, ENT_QUOTES, 'UTF-8'|.
Fix bug with saving extra-options for fetchmail
- In the file
fetchmail.phpfunctionescape_stringruns twice, so slashes are stored in MySQL.
$ nano -w /usr/share/postfixadmin/fetchmail.php # $formvars[$key]= escape_string( function_exists($func) ?$func($val) :$val); $formvars[$key]= function_exists($func) ?$func($val) :$val;
Installing postfix
To determine where they will physically be user mailboxes. If you plan to leave them in the default folder, skip this item. I have the mail physically rests with the special section, which mounted as well in /srv. To do so is Mount section and do the following:
$ mv /var/spool/mail/ /srv/ $ ln -s /srv/mail/ /var/spool/mail $ chcon -u system_u -t mail_spool_t /var/spool/mail -R
In CentOS 7 the default mailer is a postfix, in previous CentOS versions you had to run the command:
$ yum -y install postfix && yum -y remove sendmail
Edit the main configuration file postfix:
$ nano -w /etc/postfix/main.cf myhostname = mail.example.com mydomain = example.com myorigin = $mydomain inet_interfaces = all inet_protocols = ipv4 mynetworks_style = host mynetworks = $config_directory/mynetworks smtpd_banner = $myhostname ESMTP $mail_name # ---------------------- VIRTUAL DOMAINS START ---------------------- virtual_alias_maps = proxy:mysql:$config_directory/sql/virtual_alias_maps.cf virtual_mailbox_domains = proxy:mysql:$config_directory/sql/virtual_domains_maps.cf virtual_mailbox_maps = proxy:mysql:$config_directory/sql/virtual_mailbox_maps.cf #virtual_mailbox_limit_maps = proxy:mysql:$config_directory/sql/virtual_mailbox_limit_maps.cf virtual_mailbox_base = /var/spool/mail virtual_uid_maps = static:8 virtual_gid_maps = static:12 mailbox_size_limit = 104857600 message_size_limit = 104857600 relay_domains = proxy:mysql:$config_directory/sql/relay_domains.cf relay_recipient_maps = proxy:mysql:$config_directory/sql/relay_recipient_maps.cf transport_maps = proxy:mysql:$config_directory/sql/transport_maps.cf #transport_maps = hash:$config_directory/transport #virtual_transport = dovecot dovecot_destination_recipient_limit = 1 # ----------------------- VIRTUAL DOMAINS END ----------------------- # ------------------------- SASL PART START ------------------------- broken_sasl_auth_clients = yes smtpd_helo_required = yes smtpd_client_restrictions = permit_sasl_authenticated smtpd_sender_restrictions = permit_sasl_authenticated smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_type = dovecot # Can be an absolute path, or relative to $queue_directory smtpd_sasl_path = private/auth # -------------------------- SASL PART END -------------------------- # -------------------------- TLS PART START ------------------------- smtpd_use_tls = yes smtpd_tls_auth_only = yes smtpd_tls_CAfile = /etc/pki/tls/certs/sub.class2.server.ca.pem smtpd_tls_cert_file = /etc/pki/tls/certs/mail.example.com.crt smtpd_tls_key_file = /etc/pki/tls/private/mail.example.com.key smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3 smtpd_tls_received_header = yes smtpd_tls_loglevel = 1 tls_random_source = dev:/dev/urandom # --------------------------- TLS PART END -------------------------- # ------------------ SMTPD RESTRICTIONS PART START ------------------ disable_vrfy_command = yes non_fqdn_reject_code = 450 invalid_hostname_reject_code = 450 maps_rbl_reject_code = 450 unverified_sender_reject_code = 550 #header_checks = pcre:$config_directory/header_checks #body_checks = pcre:$config_directory/body_checks #warning: the restrictions reject_unknown_(sender|recipient)_domain #will trigger if your DNS becomes unavailable smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_invalid_helo_hostname warn_if_reject reject_non_fqdn_helo_hostname warn_if_reject reject_unknown_helo_hostname warn_if_reject reject_unknown_client reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_sender_domain reject_unknown_recipient_domain check_client_access hash:$config_directory/rbl_override reject_rbl_client zen.spamhaus.org reject_rbl_client bl.spamcop.net reject_rbl_client dnsbl.sorbs.net=127.0.0.2 reject_rbl_client dnsbl.sorbs.net=127.0.0.3 reject_rbl_client dnsbl.sorbs.net=127.0.0.4 reject_rbl_client dnsbl.sorbs.net=127.0.0.5 reject_rbl_client dnsbl.sorbs.net=127.0.0.7 reject_rbl_client dnsbl.sorbs.net=127.0.0.9 reject_rbl_client dnsbl.sorbs.net=127.0.0.11 reject_rbl_client dnsbl.sorbs.net=127.0.0.12 permit smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit # ------------------- SMTPD RESTRICTIONS PART END --------------------
«VIRTUAL DOMAINS» unit is responsible for our accepted domains and users that we tended to PostfixAdmin. Unit «SASL» need to authenticate users on the Simple Mail Transfer Protocol (SMTP) to send mail through our servers. In the «TRANSPORT LAYER SECURITY» set our SSL certificates so that all communication with the mail server in encrypted form. A block of «RESTRICTIONS» SMTPD need to trim away the lion’s share of spam.
Create a list of exceptions to the RBL list. In order to be able to receive mail from those servers even if they somehow get into RBL list.
$ nano -w /etc/postfix/rbl_override mail.example.com OK 1.2.3.4 OK mail.example.org OK 2.3.4.5 OK $ postmap /etc/postfix/rbl_override $ chcon -u system_u /etc/postfix/rbl_override*
Create a list of hosts that can without authorization to send mail via our mail service (a very dangerous thing, to my memory really is needed for only one blade center who couldn’t log in, everything else is authenticated on the smtp quietly and no problems sending mail).
$ nano -w /etc/postfix/mynetworks # localhost 127.0.0.0/8 # sw01.example.com 192.168.255.123/32 $ chcon -u system_u /etc/postfix/mynetworks
Configure the dovecot as mail transport:
$ nano -w /etc/postfix/master.cf
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
dovecot unix - n n - - pipe
flags=DRhu user=mail:mail argv=/usr/libexec/dovecot/deliver -d ${recipient}
Create extra configuration files with data for connection to SQL tables with data on our domains and users:
$ mkdir /etc/postfix/sql $ nano -w /etc/postfix/sql/virtual_alias_maps.cf hosts = localhost dbname = %VMailDB% user = %VMailUser% password = %VMailPassWord% table = alias select_field = goto where_field = address additional_conditions = AND active = '1' $ nano -w /etc/postfix/sql/virtual_domains_maps.cf hosts = localhost dbname = %VMailDB% user = %VMailUser% password = %VMailPassWord% table = domain select_field = description where_field = domain additional_conditions = AND backupmx = '0' AND active = '1' $ nano -w /etc/postfix/sql/virtual_mailbox_maps.cf hosts = localhost dbname = %VMailDB% user = %VMailUser% password = %VMailPassWord% table = mailbox select_field = maildir where_field = username additional_conditions = AND active = '1' $ nano -w /etc/postfix/sql/virtual_mailbox_limit_maps.cf hosts = localhost dbname = %VMailDB% user = %VMailUser% password = %VMailPassWord% table = mailbox select_field = quota where_field = username additional_conditions = AND active = '1' $ nano -w /etc/postfix/sql/relay_domains.cf hosts = localhost dbname = %VMailDB% user = %VMailUser% password = %VMailPassWord% table = domain select_field = domain where_field = domain additional_conditions = AND backupmx = '1' AND active = '1' $ nano -w /etc/postfix/sql/relay_recipient_maps.cf hosts = localhost dbname = %VMailDB% user = %VMailUser% password = %VMailPassWord% table = alias select_field = goto where_field = address additional_conditions = AND active = '1' $ nano -w /etc/postfix/sql/transport_maps.cf hosts = localhost dbname = %VMailDB% user = %VMailUser% password = %VMailPassWord% table = domain select_field = transport where_field = domain additional_conditions = AND active = '1' $ chown root:postfix /etc/postfix/sql/ -R $ chcon -u system_u /etc/postfix/sql -R $ chmod 0640 /etc/postfix/sql/*.cf $ chmod 0750 /etc/postfix/sql/ $ newaliases
Postfix is configured, but it will not run until you configure the dovecot.
Installing dovecot
Install dovecot server and associated plugins to work with database MySQL and Sieve filters:
$ yum -y install dovecot dovecot-mysql dovecot-pigeonhole
$ nano -w /etc/dovecot/dovecot.conf
protocols = imap
$ nano -w /etc/dovecot/conf.d/10-auth.conf
#!include auth-system.conf.ext
!include auth-sql.conf.ext
$ nano -w /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:/var/spool/mail/%d/%n
mail_privileged_group = mail
mail_access_groups = mail
mmap_disable = yes
first_valid_uid = 8
first_valid_gid = 12
$ nano -w /etc/dovecot/conf.d/10-master.conf
service auth {
unix_listener auth-userdb {
mode = 0600
user = mail
group = mail
}
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
$ nano -w /etc/dovecot/conf.d/10-ssl.conf
ssl = yes
ssl_cert = </etc/pki/tls/certs/mail.example.com.crt
ssl_key = </etc/pki/tls/private/mail.example.com.key
ssl_ca = </etc/pki/tls/certs/sub.class2.server.ca.pem
ssl_protocols = !SSLv2 !SSLv3
$ nano -w /etc/dovecot/conf.d/15-lda.conf
postmaster_address = postmaster@example.com
hostname = mail.example.com
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
protocol lda {
mail_plugins = sieve
}
$ nano -w /etc/dovecot/conf.d/20-managesieve.conf
protocols = $protocols sieve
$ nano -w /etc/dovecot/conf.d/90-sieve.conf
plugin {
sieve = /var/spool/mail/%Ld/%Ln.sieve/.dovecot.sieve
sieve_dir = /var/spool/mail/%Ld/%Ln.sieve/
sieve_extensions = +notify +imapflags
}
$ nano -w /etc/dovecot/dovecot-sql.conf.ext
driver = mysql
connect = host=localhost dbname=%VMailDB% user=%VMailUser% password=%VMailPassWord%
user_query = \
SELECT CONCAT("/var/spool/mail/", domain) AS home, 8 AS uid, 12 AS gid, \
'maildir:/var/spool/mail/%d/%n' AS mail, CONCAT("dirsize:storage=", quota) AS quota \
FROM mailbox WHERE username = '%u' AND active = '1'
password_query = \
SELECT username AS user, password, \
CONCAT("/var/spool/mail/", domain) AS userdb_home, 8 AS userdb_uid, 12 AS userdb_gid \
FROM mailbox WHERE username = '%u' AND active='1'
iterate_query = SELECT username AS user FROM mailbox WHERE active='1'
$ chcon -u system_u /etc/dovecot/dovecot-sql.conf.ext
$ chmod 0600 /etc/dovecot/dovecot-sql.conf.ext
Starting services
Run the dovecot and postfix and add them to the startup:
$ systemctl enable dovecot
$ systemctl start dovecot
$ dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled)
Active: active (running) since Wed 2014-11-26 15:58:44 MSK; 3min 41s ago
Main PID: 20380 (dovecot)
CGroup: /system.slice/dovecot.service
├─20380 /usr/sbin/dovecot -F
├─20384 dovecot/anvil
├─20385 dovecot/log
└─20387 dovecot/config
Nov 26 15:58:44 example.com systemd[1]: Started Dovecot IMAP/POP3 email server.
Nov 26 15:58:44 example.com dovecot[20380]: master: Dovecot v2.2.10 starting up for imap, sieve (core dumps disabled)
$ systemctl enable postfix
$ systemctl restart postfix
$ systemctl status postfix
postfix.service - Postfix Mail Transport Agent
Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled)
Active: active (running) since Wed 2014-11-26 16:01:53 MSK; 1s ago
Process: 20542 ExecStop=/usr/sbin/postfix stop (code=exited, status=0/SUCCESS)
Process: 20558 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
Process: 20555 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
Process: 20552 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
Main PID: 20630 (master)
CGroup: /system.slice/postfix.service
├─20630 /usr/libexec/postfix/master -w
├─20631 pickup -l -t unix -u
├─20632 qmgr -l -t unix -u
└─20633 proxymap -t unix -u
Nov 26 16:01:52 example.com systemd[1]: Starting Postfix Mail Transport Agent...
Nov 26 16:01:53 example.com postfix/postfix-script[20628]: starting the Postfix mail system
Nov 26 16:01:53 example.com postfix/master[20630]: daemon started -- version 2.10.1, configuration /etc/postfix
Nov 26 16:01:53 example.com systemd[1]: Started Postfix Mail Transport Agent.
Checking SMTP service
Now let’s check whether postfix accept mail for our domain:
$ telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 mail.example.com ESMTP Postfix EHLO localhost 250-mail.example.com 250-PIPELINING 250-SIZE 104857600 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM: wakko@example.org 250 2.1.0 Ok RCPT TO: admin@example.com 250 2.1.5 Ok DATA 354 End data with <CR><LF>.<CR><LF> Hi, Admin! It's only test and nothing else. . 250 2.0.0 Ok: queued as 43A7A209ED22 QUIT 221 2.0.0 Bye Connection closed by foreign host.
Thus check the TLS connection and authorization:
$ echo -ne "\0test@example.com\0testpassword" | base64
AHRlc3RAZXhhbXBsZS5jb20AdGVzdHBhc3N3b3Jk
$ openssl s_client -starttls smtp -connect localhost:25 -crlf -ign_eof
CONNECTED(00000003)
depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority
verify return:1
depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Class 1 Primary Intermediate Server CA
verify return:1
depth=0 C = RU, CN = mail.example.com, emailAddress = hostmaster@example.com
verify return:1
---
Certificate chain
0 s:/C=RU/CN=mail.example.com/emailAddress=hostmaster@example.com
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
---
Server certificate
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
subject=/C=RU/CN=mail.example.com/emailAddress=hostmaster@example.com
issuer=/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 2450 bytes and written 410 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: ...
Session-ID-ctx:
Master-Key: ...
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 3600 (seconds)
TLS session ticket:
0000 - ...
Start Time: 1417022108
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
250 DSN
EHLO localhost
250-mail.example.com
250-PIPELINING
250-SIZE 104857600
250-ETRN
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN AHRlc3RAZXhhbXBsZS5jb20AdGVzdHBhc3N3b3Jk
235 2.7.0 Authentication successful
MAIL FROM: test@example.com
250 2.1.0 Ok
RCPT TO: test@example.org
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
It's only test message.
.
250 2.0.0 Ok: queued as 8078F20A8F43
QUIT
221 2.0.0 Bye
closed
Configuring the firewall
Checking that postfix is functioning and ready to accept mail and open it to the world:
$ firewall-cmd --permanent --zone=public --add-service=smtp $ firewall-cmd --permanent --zone=public --add-service=imaps $ firewall-cmd --permanent --zone=public --add-port=465/tcp $ firewall-cmd --permanent --zone=public --add-port=4190/tcp $ firewall-cmd --reload
Configuration of FetchMail
First of all install the needed packages:
$ yum -y install fetchmail perl-LockFile-Simple perl-Sys-Syslog
Now let’s create the config file for fetchmail:
$ nano -w /etc/postfix/fetchmail.conf $db_type = "mysql"; $db_host="localhost"; $db_name="%VMailDB%"; $db_username="%VMailUser%"; $db_password="%VMailPassWord%"; $ chcon -u system_u /etc/postfixadmin/fetchmail.conf $ chown root:postfix /etc/postfixadmin/fetchmail.conf $ chmod 0640 /etc/postfixadmin/fetchmail.conf
Then we will prepare a script that will be run by cron at certain times and pick up for us mail:
$ cp /usr/share/doc/postfixadmin-*/ADDITIONS/fetchmail.pl /usr/libexec/postfix/
$ chmod 0755 /usr/libexec/postfix/fetchmail.pl
$ sed -i 's/\/etc\/mail\/postfixadmin/\/etc\/postfixadmin/g' /usr/libexec/postfix/fetchmail.pl
$ sed -i 's/-f \$filename -i/-s -f \$filename --pidfile/g' /usr/libexec/postfix/fetchmail.pl
$ nano -w /usr/libexec/postfix/fetchmail.pl
$mda =~ s/\${mailbox}/${mailbox}/;
# syslog("info","fetch ${src_user}@${src_server} for ${mailbox}");
$ chcon -u system_u /usr/libexec/postfix/fetchmail.pl
$ mkdir /var/run/fetchmail
$ chcon -u system_u /var/run/fetchmail
$ chown postfix:mail /var/run/fetchmail
$ chmod 0775 /var/run/fetchmail
Add this script in cron:
$ crontab -u postfix -e MAILTO=root */1 * * * * /usr/libexec/postfix/fetchmail.pl
Now we need to login to our PostfixAdmin and configure email accounts, from which mail will be collected. To do this, open the Web interface PostfixAdmin and menu, then choose the «Fetch Email» click «New Entry». Select the Mailbox where you want to be mail, enter the remote server name, user name, and password, just choose the Protocol that will be picked up mail (IMAP/POP3). If the IMAP server with multiple folders for each folder you will need to create a separate entry for mail collection, and in each entry in the field «Folder» to indicate its location. If the mail is collected using Secure Sockets Layer (SSL) encryption, you must tick the «SSL active», just as it is desirable to complete the «SSL fingerpring (md5)» to Fetchmail is used for Secure Sockets Layer (SSL) certificate. Then, save the record by clicking on the «Save Changes».
And to get the fingerprint you need to run the following command:
$ echo "QUIT" | openssl s_client -connect mail.example.org:993 -showcerts | sed -ne '/BEGIN/,/END/p' >/tmp/temp.crt depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority verify return:1 depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Class 1 Primary Intermediate Server CA verify return:1 depth=0 description = 907535-Ri93n22WJHt0psNK, CN = mail.example.org, emailAddress = postmaster@example.org verify return:1 notAfter=Oct 13 05:50:16 2015 GMT verify return:1 depth=0 description = 907535-Ri93n22WJHt0psNK, CN = mail.example.org, emailAddress = postmaster@example.org notAfter=Oct 13 05:50:16 2015 GMT verify return:1 DONE $ openssl x509 -in /tmp/temp.crt -fingerprint -noout -md5 | sed "s/MD5 Fingerprint=//" 4F:80:51:CD:B5:1C:6A:37:74:3A:46:4B:E1:02:A7:BC $ rm -f /tmp/temp.crt
In this article you can read about configuring spam filter DSpam. There is a sample file with Sieve rules. And in this article you can read about the installation and customization of the Web interface for mail – RoundCube.
realmadrider
11.03.2015 - 12:51
I have mistakenly deleted mail user and group. I’ve tried to recreate them, but seems like something’s wrong as I get lots of “access denied” and “Relay access denied” in my logs. Another point is that the line “bad uid 8 in virtual_uid_maps” shows up a lot in logs even though the “mail” user obviously has the uid 8. What am I doing wrong?
Peter
12.01.2017 - 20:32
Hi,
please write manual to enable quota with dovecot & mysql.
Thx