Linux

How to Setup a Linux Mail Server using Postfix

MTA using PostFix

Introduction to Mail Servers

A mail server is an MTA (Mail Transfer Agent) or an application to receive emails from users and remote senders and forwards outgoing emails for delivery. In short, it is used to send and receive emails under a single domain. There are a number of mail service providers available, but if we want to send and receive emails through our own server and don’t want the providers or anyone going through the emails then it’s a good solution to setup our own mail server and configure it to our requirement.

1. Install and Configure Postfix

Postfix is a widely used Mail Transfer Agent(MTA) on Linux servers. Here is a complete tested and verified article to install and configure a postfix mail server with Dovecot SASL Authentication, DKIMProxy, Mail Aliasing and Transport from source code on a CentOS server.

1a: Remove Existing MTA’s

If there is any existing Mail server application is running on the server, we need to remove it first. To find any running MTA’s, run the command in the terminal:

netstat -plnt | grep 25

 

If any MTA is available, the command will display the application name. To remove the installed package of the application, run the command in terminal:

rpm  -e `rpm -qa | grep "<application name>"` --nodeps
1b: Install the required dependencies:

To install the required dependencies for the mail server, run in terminal.

yum install db*-devel  gcc-c++.x86_64  openssl-devel.x86_64  mysql-devel  -y
1c: Download Source Code

Download the latest source code of the mail server and unpack the contents:

wget  ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.11.3.tar.gz
tar zxvf postfix-2.6.5.tar.gz
 1d: Adding Users and Groups:

Postfix sends or receives mails by running the application as a specific user who can only run the application and send mails. This is for security reasons. So we create a user and group for the application:

groupadd postfix -g 2000
groupadd postdrop -g 2001
useradd postfix -u 2000 -g 2000
1e: Compile Postfix

So now we have installed the dependencies and required packages, lets compile postfix.

cd postfix-2.6.5
make -f Makefile.init makefiles 'CCARGS=-DUSE_TLS -DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\"dovecot\"' 'AUXLIBS=-L/usr/lib64/mysql -lmysqlclient -lz -lm -lssl -lcrypto'

Here we configure the application to use the configuration provided during installation. And the configuration is written to a MakeFile to install Postfix. Now to install using the created MakeFile:

make && make install
1f: Configuring Postfix

After installation, we need to configure the mail server application. The main configuration file of postfix is “main.cf”. So we edit the file to configure postfix

vim /etc/postfix/main.cf

Now we need to provide our hostname and domain name for the mail server for remote users to send mail. In ‘main.cf’ file, uncomment the myhostname and mydomain lines if commented and configure the names:

myhostname= host.test.com
mydomain=  test.com
mynetworks = 127.0.0.0/8, 168.100.189.0/28
inet_interfaces = all(Default)

(Note: when providing more than one hostname, make sure all hostnames are separated by a single space. More than one space between hostnames is unaccounted as postfix looks for the next hostname after a single space only)

1g: Reload Postfix

Save the file and exit from editor. This is a basic configuration for postfix. Now we need to reload Postfix, to run with new configurations. To reload, run:

postfix reload

2. Install and Configure Dovecot

Dovecot is an open source IMAP / POP3 mail delivery agent with authentication features. With Dovecot users can login to the mail server 1to view the mails using username and password. The username and password are not sent in plain-text as Dovecot urges the user to use SSL.

2a: Install the dependencies for Dovecot

To integrate Dovecot with postfix, first we install the dependencies for dovecot

yum install gcc pam-devel
2b: Add the Users and Groups for Dovecot
groupadd dovecot -g 3000
useradd dovecot -u 3000 -g 3000
useradd dovenull -u 3001 -g 3000
2c: Download Dovecot and Unpack

Download the latest version of Dovecot from Dovecot’s official page and unpack the contents

wget http://www.dovecot.org/releases/2.0/dovecot-2.0.21.tar.gz
tar zxvf dovecot-2.0.21.tar.gz
2d: Compile Dovecot

Compile and install Dovecot onto the server.

cd dovecot-2.0.21
./configure --with-mysql --with-sql-drivers
make
make install

3. Install and Configure DKIMproxy

DKIMproxy is an SMTP proxy that signs or verifies emails using the Mail::DKIM Perl module. DKIM stands for Domain Keys Identified Mail. The DKIM proxy is of two separate proxies. An Outbound proxy for signing outgoing emails and an Inbound proxy to verify the incoming emails are signed or not. DKIM signed emails contain information about the sender of the mail and from which domain he has sent. If the emails are not signed with DKIM, then it’s sure that the emails sent will land in the spam folder as the sender is not verified.

3a: Installing the dependencies

First we install the dependencies required for DKIMproxy

yum install perl-Crypt-OpenSSL-RSA perl-Digest-SHA perl-Error perl-Mail-DKIM perl-MailTools perl-Net-Server openssl-devel -y
3b: Download DKIMproxy

DOwnload the latest version of DKIM proxy from the official page and unpack the contents

http://search.cpan.org/CPAN/authors/id/J/JA/JASLONG/Mail-DKIM-0.39.tar.gz
tar xvf  Mail-DKIM-0.39.tar.gz
3c: Install and Configure

Now we compile and install the package

cd Mail-DKIM-0.39.tar.gz
./configure --prefix=/usr/local/dkimproxy --sysconfdir=/etc/dkimproxy/

After installation, edit /etc/postfix/main.cf file of postfix and add the following lines:

debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /etc/postfix
readme_directory = no
inet_protocols = ipv4
alternate_config_directories = /etc/postfix2 //Only in the case of multiple instances
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_client_restrictions = permit_mynetworks,permit_sasl_authenticated,reject
3d: Configuring Dovecot

By default there will be no conf file in /usr/local/etc/ (or to where you installed dovecot). So copy sample file dovecot-example.conf from the downloaded folder of Dovecot and modify the conf as follows:

protocols = imap imaps pop4 pop3s
protocol imap {
}
protocol pop3 {
}
protocol lda {
}
ssl = yes
ssl_cert_file=/etc/pki/tls/certs/dovecot.pem
ssl_key_file=/etc/pki/dovecot/private/dovecot.pem
auth default {
mechanisms = plain login
passdb pam {
}
userdb passwd {
}
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
mode = 0660
user = postfix
group = postfix
}
}
{
}
3e: Restart Postfix and Dovecot

Now we need to restart postfix to load the new configurations that we made to the necessary files

postfix -c /etc/postfix start
or
postfix -c /etc/postfix stop;postfix -c /etc/postfix start  ( To restart)

Start Dovecot by the command

$ dovecot

If any error occurs, check the corresponding logs. If there is no error, then we can check whether the configurations setup will work or not by running dovecot:

Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
220 localhost.localdomain ESMTP Postfix
ehlo localhost
250-localhost.localdomain
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

The 6th line will display the authentication mechanism.

3f: Checking Dovecot is integrated with postfix

To check whether Dovecot is loaded on postfix on startup, run the command in terminal:

postconf -a

if Dovecot is loaded, the output will be

dovecot
cyrus

4. Setup PostFix Mail Aliasing

When sending emails, we need to add email addresses one by one. Instead of adding the mail addresses, we can add an alias for the mail address, so that whenever we are sending mail, we need to add only the alias instead of a list of email addresses.

4a: Aliasing mail addresses

Add the following entries in the file /etc/aliases

vim /etc/aliases
test1:   abcr@gmail.com
test2:   allan@gmail.com

If a mail is send to test1, the mail will be forwarded to abcr@gmail.com as postfix checks the alias mapped to the corresponding mail address. After adding the aliases, run the following command to tell postfix to load the alias file.:

$ newaliases

5. Setup PostFix Transports

Mail transports are routes that are set for sending emails. We can create routes for emails to a particular destination or domain. Such routes are called transports. This is very useful when sending emails to local network and remote network, where you can define different transports for each network.

5a: Add transport configuration to postfix

To add transport configuration, add the following lines in the /etc/postfix/main.cf file:

transport_maps = hash:/etc/postfix/transport
transport1_destination_recipient_limit=100
transport1_initial_destination_concurrency=1
transport1_destination_concurrency_limit=10
transport1_destination_rate_delay=3s
5b: Define transport route

Add the following entries in /etc/postfix/master.cf file to define a transport/route

transport1 unix   -   -   n   -    10 smtp
 -o smtp_bind_address=192.168.1.32
 -o syslog_name=postfix-localroute1

Here localroute1 is the name I have given for the particular transport. you can have your own name.

5c: Configure Transports for Domains

Add the following lines to /etc/postfix/transport file, (Location may vary depending on the installation. If you have installed in a different directory, add that  location) to configure transports for each domains to which mails are sent to

test.com         transport1:

Now mails from the domain “test.com” will go through transport1.

5d: Reload Postfix

Now reload postfix with transport configuration, or you can reload the transport map onto the running postfix configuration. ( Note : Always reload or execute the reloading or restarting command, whenever you make an edit in the configuration file for transport)

postmap /etc/postfix/transport
or
postfix -c /location of postfix  stop; postfix -c /location of postfix start
5e: Testing Postfix

Now send a mail to test the working of transport and check the log to see what is happening by

tailf /var/log/maillog

Jan  4 09:30:40 instance2 postfix-localroute1/smtp[9205]: DE1375A0961: to=<allan@test.com>, relay=ASPMX.L.GOOGLE.com[74.125.25.27]:25, delay=53542, delays=53516/23/0.69/0.97, dsn=2.0.0, status=sent (250 2.0.0 OK 1357271941 sn9si49318049pbc.189

Now you can see the mail sent to test.com was routed through localroute1 transport which was defined in the configuration. Now the transport part is all working.

A sample conf file for Postfix

Here is a sample main.cf file confiuration for postfix, excluding the relay part. This might come in handy.

myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost
unknown_local_recipient_reject_code = 550
mynetworks =  127.0.0.0/8
mail_spool_directory = /var/spool/mail
smtpd_banner = $myhostname ESMTP $mail_name
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /etc/postfix
readme_directory = no
inet_protocols = ipv4
alternate_config_directories = /etc/postfix2
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_client_restrictions = permit_mynetworks,permit_sasl_authenticated,reject
smtp_use_tls = yes
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_cert_file = /etc/postfix/FOO-cert.pem
smtp_tls_key_file = /etc/postfix/FOO-key.pem
smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
transport_maps = hash:/etc/postfix/transport
transport1_destination_recipient_limit=100
transport1_initial_destination_concurrency=1
transport1_destination_concurrency_limit=10
transport2_destination_rate_delay=3s

Conclusion

Now we have a Postfix mail server configured to send and receive emails, with Dovecot for user authentication, DKIMproxy to sign or verify incoming and outgoing emails, with Mail Aliasing for users or email addresses and Mail Transport for domains.

I hope this tutorial helps you setup your own PostFix based Linux Mail Server. Drop a comment or feedback if you have tries this.