Linux Mail Server with Postfix and Dovecot

This is written utilizing Putty and the red lines are the commands to run.

Install Postfix and Dovecot (Dovecot will be our POP3/IMAP server).

yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot

If you have MySQL5 installed then type:

yum --enablerepo=centosplus install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot

Once we have installed these packages, we will have to edit /usr/lib/sasl2/smtpd.conf so that Postfix allows PLAIN and LOGIN logins (this will be /usr/lib64/sasl2/stmpd.conf for 64bit servers).

vi /usr/lib/sasl2/smtpd.conf

It should look like this:

pwcheck_method: saslauthd
mech_list: plain login

To edit the file press "i" which will switch you to insert mode and add the specific lines, once you have completed hit "ESC" and press ":" and type wq and press Enter. This will take you out of insert mode and save the file after you have made the changes.

SSL Creation

We will now create our folder that will store our SSL to be used for Postfix:

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/

We will now create our smtpd.key, make sure to remember the passphrase as it will be used for the rest of the SSL creation:

openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

After the smtpd.key has been created we will need to change the permissions on the file:

chmod 600 smtpd.key

We will now need to create our smtpd.csr. When prompted for the Common Name make sure to put your domain name (ie. example.com)

openssl req -new -key smtpd.key -out smtpd.csr

After the CSR has been created we will finish off the rest of the SSL creation.

openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt


openssl rsa -in smtpd.key -out smtpd.key.unencrypted

We will rename our smtpd.key.unencrypted to smtpd.key

mv -f smtpd.key.unencrypted smtpd.key

This last step in the SSL creation (make sure the common name is your domain name):

openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

PostFix Configuration

We will now need to update your Postfix configuration file, but we will back it up first.

cp /etc/postfix/main.cf /etc/postfix/main.cf.bak

We will now need to modify /etc/postfix/main.cf:

vi /etc/postfix/main.cf

Once in vi change the line that says:

inet_interfaces = localhost

Change the localhost to say all, so it should look like this:

inet_interfaces = all

Once that has been changed, copy the following to the bottom of /etc/postfix/main.cf (go into insert mode and right click the screen):

smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
mynetworks = 127.0.0.0/8
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

Save the Postfix configuration file and exit.

Dovecot Configuration

We will edit /etc/dovecot.conf:

vi /etc/dovecot.conf

Add this line to the conf file:

protocols = imap imaps pop3 pop3s

Final Configuration

Run these final commmands (copy and paste them into the shell).

chkconfig --levels 235 sendmail off
chkconfig --levels 235 postfix on
chkconfig --levels 235 saslauthd on
chkconfig --levels 235 dovecot on
/etc/init.d/sendmail stop
/etc/init.d/postfix start
/etc/init.d/saslauthd start
/etc/init.d/dovecot start



Verification
To see if SMTP-AUTH and TLS work properly now run the following command:

telnet localhost 25

After you have established the connection to your Postfix mail server type

ehlo localhost

If you see the lines

250-STARTTLS

and

250-AUTH

Everything is working fine.

Add Feedback