Introduction to Mail Servers
A mail server is an MTA (Mail Transfer Agent) or an application to receive emails from users and remote senders and forwards outgoing emails for delivery. In short, it is used to send and receive emails under a single domain. There are a number of mail service providers available, but if we want to send and receive emails through our own server and don’t want the providers or anyone going through the emails then it’s a good solution to setup our own mail server and configure it to our requirement.
1. Install and Configure Postfix
Postfix is a widely used Mail Transfer Agent(MTA) on Linux servers. Here is a complete tested and verified article to install and configure a postfix mail server with Dovecot SASL Authentication, DKIMProxy, Mail Aliasing and Transport from source code on a CentOS server.
1a: Remove Existing MTA’s
If there is any existing Mail server application is running on the server, we need to remove it first. To find any running MTA’s, run the command in the terminal:
netstat -plnt | grep 25
If any MTA is available, the command will display the application name. To remove the installed package of the application, run the command in terminal:
rpm -e `rpm -qa | grep "<application name>"` --nodeps
1b: Install the required dependencies:
To install the required dependencies for the mail server, run in terminal.
yum install db*-devel gcc-c++.x86_64 openssl-devel.x86_64 mysql-devel -y
1c: Download Source Code
Download the latest source code of the mail server and unpack the contents:
wget ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.11.3.tar.gz tar zxvf postfix-2.6.5.tar.gz
1d: Adding Users and Groups:
Postfix sends or receives mails by running the application as a specific user who can only run the application and send mails. This is for security reasons. So we create a user and group for the application:
groupadd postfix -g 2000 groupadd postdrop -g 2001 useradd postfix -u 2000 -g 2000
1e: Compile Postfix
So now we have installed the dependencies and required packages, lets compile postfix.
cd postfix-2.6.5 make -f Makefile.init makefiles 'CCARGS=-DUSE_TLS -DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\"dovecot\"' 'AUXLIBS=-L/usr/lib64/mysql -lmysqlclient -lz -lm -lssl -lcrypto'
Here we configure the application to use the configuration provided during installation. And the configuration is written to a MakeFile to install Postfix. Now to install using the created MakeFile:
make && make install
1f: Configuring Postfix
After installation, we need to configure the mail server application. The main configuration file of postfix is “main.cf”. So we edit the file to configure postfix
vim /etc/postfix/main.cf
Now we need to provide our hostname and domain name for the mail server for remote users to send mail. In ‘main.cf’ file, uncomment the myhostname and mydomain lines if commented and configure the names:
myhostname= host.test.com mydomain= test.com mynetworks = 127.0.0.0/8, 168.100.189.0/28 inet_interfaces = all(Default)
(Note: when providing more than one hostname, make sure all hostnames are separated by a single space. More than one space between hostnames is unaccounted as postfix looks for the next hostname after a single space only)
1g: Reload Postfix
Save the file and exit from editor. This is a basic configuration for postfix. Now we need to reload Postfix, to run with new configurations. To reload, run:
postfix reload
2. Install and Configure Dovecot
Dovecot is an open source IMAP / POP3 mail delivery agent with authentication features. With Dovecot users can login to the mail server 1to view the mails using username and password. The username and password are not sent in plain-text as Dovecot urges the user to use SSL.
2a: Install the dependencies for Dovecot
To integrate Dovecot with postfix, first we install the dependencies for dovecot
yum install gcc pam-devel
2b: Add the Users and Groups for Dovecot
groupadd dovecot -g 3000 useradd dovecot -u 3000 -g 3000 useradd dovenull -u 3001 -g 3000
2c: Download Dovecot and Unpack
Download the latest version of Dovecot from Dovecot’s official page and unpack the contents
wget http://www.dovecot.org/releases/2.0/dovecot-2.0.21.tar.gz tar zxvf dovecot-2.0.21.tar.gz
2d: Compile Dovecot
Compile and install Dovecot onto the server.
cd dovecot-2.0.21 ./configure --with-mysql --with-sql-drivers make make install
3. Install and Configure DKIMproxy
DKIMproxy is an SMTP proxy that signs or verifies emails using the Mail::DKIM Perl module. DKIM stands for Domain Keys Identified Mail. The DKIM proxy is of two separate proxies. An Outbound proxy for signing outgoing emails and an Inbound proxy to verify the incoming emails are signed or not. DKIM signed emails contain information about the sender of the mail and from which domain he has sent. If the emails are not signed with DKIM, then it’s sure that the emails sent will land in the spam folder as the sender is not verified.
3a: Installing the dependencies
First we install the dependencies required for DKIMproxy
yum install perl-Crypt-OpenSSL-RSA perl-Digest-SHA perl-Error perl-Mail-DKIM perl-MailTools perl-Net-Server openssl-devel -y
3b: Download DKIMproxy
DOwnload the latest version of DKIM proxy from the official page and unpack the contents
http://search.cpan.org/CPAN/authors/id/J/JA/JASLONG/Mail-DKIM-0.39.tar.gz tar xvf Mail-DKIM-0.39.tar.gz
3c: Install and Configure
Now we compile and install the package
cd Mail-DKIM-0.39.tar.gz ./configure --prefix=/usr/local/dkimproxy --sysconfdir=/etc/dkimproxy/
After installation, edit /etc/postfix/main.cf file of postfix and add the following lines:
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq setgid_group = postdrop html_directory = no manpage_directory = /usr/local/man sample_directory = /etc/postfix readme_directory = no inet_protocols = ipv4 alternate_config_directories = /etc/postfix2 //Only in the case of multiple instances smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_client_restrictions = permit_mynetworks,permit_sasl_authenticated,reject
3d: Configuring Dovecot
By default there will be no conf file in /usr/local/etc/ (or to where you installed dovecot). So copy sample file dovecot-example.conf from the downloaded folder of Dovecot and modify the conf as follows:
protocols = imap imaps pop4 pop3s protocol imap { } protocol pop3 { } protocol lda { } ssl = yes ssl_cert_file=/etc/pki/tls/certs/dovecot.pem ssl_key_file=/etc/pki/dovecot/private/dovecot.pem auth default { mechanisms = plain login passdb pam { } userdb passwd { } socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } mode = 0660 user = postfix group = postfix } } { }
3e: Restart Postfix and Dovecot
Now we need to restart postfix to load the new configurations that we made to the necessary files
postfix -c /etc/postfix start or postfix -c /etc/postfix stop;postfix -c /etc/postfix start ( To restart)
Start Dovecot by the command
$ dovecot
If any error occurs, check the corresponding logs. If there is no error, then we can check whether the configurations setup will work or not by running dovecot:
Trying 127.0.0.1… Connected to localhost. Escape character is ‘^]’. 220 localhost.localdomain ESMTP Postfix ehlo localhost 250-localhost.localdomain 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
The 6th line will display the authentication mechanism.
3f: Checking Dovecot is integrated with postfix
To check whether Dovecot is loaded on postfix on startup, run the command in terminal:
postconf -a
if Dovecot is loaded, the output will be
dovecot cyrus
4. Setup PostFix Mail Aliasing
When sending emails, we need to add email addresses one by one. Instead of adding the mail addresses, we can add an alias for the mail address, so that whenever we are sending mail, we need to add only the alias instead of a list of email addresses.
4a: Aliasing mail addresses
Add the following entries in the file /etc/aliases
vim /etc/aliases test1: abcr@gmail.com test2: allan@gmail.com
If a mail is send to test1, the mail will be forwarded to abcr@gmail.com as postfix checks the alias mapped to the corresponding mail address. After adding the aliases, run the following command to tell postfix to load the alias file.:
$ newaliases
5. Setup PostFix Transports
Mail transports are routes that are set for sending emails. We can create routes for emails to a particular destination or domain. Such routes are called transports. This is very useful when sending emails to local network and remote network, where you can define different transports for each network.
5a: Add transport configuration to postfix
To add transport configuration, add the following lines in the /etc/postfix/main.cf file:
transport_maps = hash:/etc/postfix/transport transport1_destination_recipient_limit=100 transport1_initial_destination_concurrency=1 transport1_destination_concurrency_limit=10 transport1_destination_rate_delay=3s
5b: Define transport route
Add the following entries in /etc/postfix/master.cf file to define a transport/route
transport1 unix - - n - 10 smtp -o smtp_bind_address=192.168.1.32 -o syslog_name=postfix-localroute1
Here localroute1 is the name I have given for the particular transport. you can have your own name.
5c: Configure Transports for Domains
Add the following lines to /etc/postfix/transport file, (Location may vary depending on the installation. If you have installed in a different directory, add that location) to configure transports for each domains to which mails are sent to
test.com transport1:
Now mails from the domain “test.com” will go through transport1.
5d: Reload Postfix
Now reload postfix with transport configuration, or you can reload the transport map onto the running postfix configuration. ( Note : Always reload or execute the reloading or restarting command, whenever you make an edit in the configuration file for transport)
postmap /etc/postfix/transport or postfix -c /location of postfix stop; postfix -c /location of postfix start
5e: Testing Postfix
Now send a mail to test the working of transport and check the log to see what is happening by
tailf /var/log/maillog Jan 4 09:30:40 instance2 postfix-localroute1/smtp[9205]: DE1375A0961: to=<allan@test.com>, relay=ASPMX.L.GOOGLE.com[74.125.25.27]:25, delay=53542, delays=53516/23/0.69/0.97, dsn=2.0.0, status=sent (250 2.0.0 OK 1357271941 sn9si49318049pbc.189
Now you can see the mail sent to test.com was routed through localroute1 transport which was defined in the configuration. Now the transport part is all working.
A sample conf file for Postfix
Here is a sample main.cf file confiuration for postfix, excluding the relay part. This might come in handy.
myorigin = $mydomain inet_interfaces = all mydestination = $myhostname, localhost unknown_local_recipient_reject_code = 550 mynetworks = 127.0.0.0/8 mail_spool_directory = /var/spool/mail smtpd_banner = $myhostname ESMTP $mail_name debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq setgid_group = postdrop html_directory = no manpage_directory = /usr/local/man sample_directory = /etc/postfix readme_directory = no inet_protocols = ipv4 alternate_config_directories = /etc/postfix2 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_client_restrictions = permit_mynetworks,permit_sasl_authenticated,reject smtp_use_tls = yes smtp_tls_CAfile = /etc/postfix/cacert.pem smtp_tls_cert_file = /etc/postfix/FOO-cert.pem smtp_tls_key_file = /etc/postfix/FOO-key.pem smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache transport_maps = hash:/etc/postfix/transport transport1_destination_recipient_limit=100 transport1_initial_destination_concurrency=1 transport1_destination_concurrency_limit=10 transport2_destination_rate_delay=3s
Conclusion
Now we have a Postfix mail server configured to send and receive emails, with Dovecot for user authentication, DKIMproxy to sign or verify incoming and outgoing emails, with Mail Aliasing for users or email addresses and Mail Transport for domains.
I hope this tutorial helps you setup your own PostFix based Linux Mail Server. Drop a comment or feedback if you have tries this.