{"id":775,"date":"2015-05-12T01:56:01","date_gmt":"2015-05-12T10:56:01","guid":{"rendered":"http:\/\/blog.box.kr\/?p=775"},"modified":"2015-05-12T01:56:01","modified_gmt":"2015-05-12T10:56:01","slug":"setup-mail-server-on-centos-7","status":"publish","type":"post","link":"https:\/\/blog.box.kr\/?p=775","title":{"rendered":"Setup mail server on centos 7"},"content":{"rendered":"

<\/h1>\n
This article helps you to install and configure basic mail server on Centos<\/a> 7. Here i have used Postfix for SMTP, Dovecot for POP\/IMAP and Dovecot SASL for SMTP AUTH.
\nBefore proceeding please make sure you have assigned static IP for the server and have internet connectivity for installing packages.<\/p>\n

Setup mail server on centos 7<\/h1>\n

1. Installing packages<\/a>
\n2. Postfix configuration<\/a>
\n3. Dovecot configuration<\/a>
\n4. User creation<\/a><\/p>\n

Installing packages<\/a><\/h2>\n

Step 1 \u00bb<\/strong> Assign hostname for the server using the below command.
\n[root@krizna ~]# hostnamectl set-hostname mail.krizna.com<\/code>
\nStep 2 \u00bb<\/strong> Make a host entry with your IP in \/etc\/hosts<\/strong> file.
\n172.27.0.51 mail.krizna.com<\/code>
\nStep 3 \u00bb<\/strong> Now start installing packages.
\n[root@krizna ~]# yum -y install postfix dovecot<\/code>
\nAfter package installation continue with postfix configuration.<\/p>\n

Postfix configuration<\/a><\/h2>\n

First create SSL certificate for encryption.
\nStep 4 \u00bb<\/strong> Follow the below steps one by one for creation.
\n[root@mail ~]# mkdir \/etc\/postfix\/ssl
\n[root@mail ~]# cd \/etc\/postfix\/ssl
\n[root@krizna ssl]# openssl genrsa -des3 -out server.key 2048
\n[root@krizna ssl]# openssl rsa -in server.key -out server.key.insecure
\n[root@krizna ssl]# mv server.key server.key.secure
\n[root@krizna ssl]# mv server.key.insecure server.key<\/code>Leave blank for A challenge password []<\/strong> value in the below step.
\n[root@krizna ssl]# openssl req -new -key server.key -out server.csr
\n[root@krizna ssl]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt<\/code>
\nStep 5 \u00bb<\/strong> Now open \/etc\/postfix\/main.cf<\/strong> file for changes.
\nFind and uncomment the below lines.
\n#inet_interfaces = localhost #---> line no 116
\n#mydestination = $myhostname, localhost.$mydomain, localhost #--> line no 164<\/code>
\nand add below lines at the end of the file. change myhostname<\/strong> and mydomain<\/strong>values with yours and home_mailbox<\/strong> value to your desired directory. Here it will store mails in the users home directory (Eg: \/home\/john\/mail ).<\/p>\n

\n
\n<\/div>\n
\n<\/div>\n
\n\n\n\n
\n
\n
1\n<\/div>\n
2\n<\/div>\n
3\n<\/div>\n
4\n<\/div>\n
5\n<\/div>\n
6\n<\/div>\n
7\n<\/div>\n
8\n<\/div>\n
9\n<\/div>\n
10\n<\/div>\n
11\n<\/div>\n
12\n<\/div>\n
13\n<\/div>\n
14\n<\/div>\n
15\n<\/div>\n
16\n<\/div>\n
17\n<\/div>\n
18\n<\/div>\n
19\n<\/div>\n
20\n<\/div>\n
21\n<\/div>\n
22\n<\/div>\n
23\n<\/div>\n<\/div>\n<\/td>\n
\n
\n
myhostname<\/span> =<\/span> mail<\/span>.<\/span>krizna<\/span>.<\/span>com<\/span>\n<\/div>\n
mydomain<\/span> =<\/span> krizna<\/span>.<\/span>com<\/span>\n<\/div>\n
myorigin<\/span> =<\/span> $<\/span>mydomain<\/span>\n<\/div>\n
home_mailbox<\/span> =<\/span> mail<\/span>\/<\/span>\n<\/div>\n
mynetworks<\/span> =<\/span> 127.0.0.0<\/span>\/<\/span>8<\/span>\n<\/div>\n
inet_interfaces<\/span> =<\/span> all<\/span>\n<\/div>\n
mydestination<\/span> =<\/span> $<\/span>myhostname<\/span>,<\/span> localhost<\/span>.<\/span>$<\/span>mydomain<\/span>,<\/span> localhost<\/span>,<\/span> $<\/span>mydomain<\/span>\n<\/div>\n
smtpd_sasl_type<\/span> =<\/span> dovecot<\/span>\n<\/div>\n
smtpd_sasl_path<\/span> =<\/span> private<\/span>\/<\/span>auth<\/span>\n<\/div>\n
smtpd_sasl_local_domain<\/span> =<\/span>\n<\/div>\n
smtpd_sasl_security_options<\/span> =<\/span> noanonymous<\/span>\n<\/div>\n
broken_sasl_auth_clients<\/span> =<\/span> yes<\/span>\n<\/div>\n
smtpd_sasl_auth_enable<\/span> =<\/span> yes<\/span>\n<\/div>\n
smtpd_recipient_restrictions<\/span> =<\/span> permit_sasl_authenticated<\/span>,<\/span>permit_mynetworks<\/span>,<\/span>reject_unauth_destination<\/span>\n<\/div>\n
smtp_tls_security_level<\/span> =<\/span> may<\/span>\n<\/div>\n
smtpd_tls_security_level<\/span> =<\/span> may<\/span>\n<\/div>\n
smtp_tls_note_starttls_offer<\/span> =<\/span> yes<\/span>\n<\/div>\n
smtpd_tls_loglevel<\/span> =<\/span> 1<\/span>\n<\/div>\n
smtpd_tls_key_file<\/span> =<\/span> \/<\/span>etc<\/span>\/<\/span>postfix<\/span>\/<\/span>ssl<\/span>\/<\/span>server<\/span>.<\/span>key<\/span>\n<\/div>\n
smtpd_tls_cert_file<\/span> =<\/span> \/<\/span>etc<\/span>\/<\/span>postfix<\/span>\/<\/span>ssl<\/span>\/<\/span>server<\/span>.<\/span>crt<\/span>\n<\/div>\n
smtpd_tls_received_header<\/span> =<\/span> yes<\/span>\n<\/div>\n
smtpd_tls_session_cache_timeout<\/span> =<\/span> 3600s<\/span>\n<\/div>\n
tls_random_source<\/span> =<\/span> dev<\/span>:<\/span>\/<\/span>dev<\/span>\/<\/span>urandom<\/span>\n<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n

Step 6 \u00bb<\/strong> Open \/etc\/postfix\/master.cf<\/strong> file, add the below lines after \u201csmtp inet n \u2013 n \u2013 \u2013 smtpd<\/strong>\u201d line.<\/p>\n

\n
\n<\/div>\n
\n<\/div>\n
\n\n\n\n
\n
\n
1\n<\/div>\n
2\n<\/div>\n
3\n<\/div>\n
4\n<\/div>\n
5\n<\/div>\n
6\n<\/div>\n
7\n<\/div>\n
8\n<\/div>\n
9\n<\/div>\n
10\n<\/div>\n<\/div>\n<\/td>\n
\n
\n
submission\u00a0\u00a0\u00a0\u00a0 <\/span>inet<\/span>\u00a0\u00a0<\/span>n<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>–<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>n<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>–<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>–<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>smtpd<\/span>\n<\/div>\n
\u00a0\u00a0<\/span>–<\/span>o<\/span> syslog_name<\/span>=<\/span>postfix<\/span>\/<\/span>submission<\/span>\n<\/div>\n
\u00a0\u00a0<\/span>–<\/span>o<\/span> smtpd_sasl_auth_enable<\/span>=<\/span>yes<\/span>\n<\/div>\n
\u00a0\u00a0<\/span>–<\/span>o<\/span> smtpd_recipient_restrictions<\/span>=<\/span>permit_sasl_authenticated<\/span>,<\/span>reject<\/span>\n<\/div>\n
\u00a0\u00a0<\/span>–<\/span>o<\/span> milter_macro_daemon_name<\/span>=<\/span>ORIGINATING<\/span>\n<\/div>\n
smtps\u00a0\u00a0\u00a0\u00a0 <\/span>inet<\/span>\u00a0\u00a0<\/span>n<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>–<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>n<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>–<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>–<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>smtpd<\/span>\n<\/div>\n
\u00a0\u00a0<\/span>–<\/span>o<\/span> syslog_name<\/span>=<\/span>postfix<\/span>\/<\/span>smtps<\/span>\n<\/div>\n
\u00a0\u00a0<\/span>–<\/span>o<\/span> smtpd_sasl_auth_enable<\/span>=<\/span>yes<\/span>\n<\/div>\n
\u00a0\u00a0<\/span>–<\/span>o<\/span> smtpd_recipient_restrictions<\/span>=<\/span>permit_sasl_authenticated<\/span>,<\/span>reject<\/span>\n<\/div>\n
\u00a0\u00a0<\/span>–<\/span>o<\/span> milter_macro_daemon_name<\/span>=<\/span>ORIGINATING<\/span>\n<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n

Now check the configuration using postfix check<\/strong> command.
\nStep 7 \u00bb<\/strong> Now configure Dovecot SASL for SMTP Auth. Open \/etc\/dovecot\/conf.d\/10-master.conf<\/strong> file, find \u201c# Postfix smtp-auth<\/strong>\u201d line ( line no:95 ) and add the below lines.
\n# Postfix smtp-auth
\nunix_listener \/var\/spool\/postfix\/private\/auth {
\nmode = 0660
\nuser = postfix
\ngroup = postfix
\n}<\/code>
\nStep 8 \u00bb<\/strong> Open \/etc\/dovecot\/conf.d\/10-auth.conf<\/strong> file, find \u201cauth_mechanisms = plain<\/strong>\u201d ( Line no: 100 ) and add login<\/strong> to the value like below.
\nauth_mechanisms = plain login<\/code>
\nStep 9 \u00bb<\/strong> Postfix configuration is over. Now restart both postfix and dovecot services and enable auto start.
\n[root@mail ~]# systemctl restart postfix
\n[root@mail ~]# systemctl enable postfix
\n[root@mail ~]# systemctl restart dovecot
\n[root@mail ~]# systemctl enable dovecot<\/code>
\nStep 10 \u00bb<\/strong> Add the firewall rules to allow 25, 587 and 465 ports.
\n[root@mail ~]# firewall-cmd --permanent --add-service=smtp
\n[root@mail ~]# firewall-cmd --permanent --add-port=587\/tcp
\n[root@mail ~]# firewall-cmd --permanent --add-port=465\/tcp
\n[root@mail ~]# firewall-cmd --reload<\/code>Now start testing connectivity for each ports 25,587 and 465 using telnet and make sure you are getting AUTH PLAIN LOGIN<\/strong> line after issuing ehlo mail.krizna.com<\/strong>command in telnet.
\n[root@mail ~]# telnet mail.krizna.com 465
\nTrying 172.27.0.51...
\nConnected to mail.krizna.com.
\nEscape character is '^]'.
\n220 mail.krizna.com ESMTP Postfix
\nehlo mail.krizna.com <------- Type this command
\n250-mail.krizna.com
\n250-PIPELINING
\n250-SIZE 10240000
\n250-VRFY
\n250-ETRN
\n250-STARTTLS
\n250-AUTH PLAIN LOGIN
\n250-AUTH=PLAIN LOGIN
\n250-ENHANCEDSTATUSCODES
\n250-8BITMIME
\n250 DSN<\/code><\/p>\n

Dovecot configuration<\/a><\/h2>\n

Start configuring Dovecot .
\nStep 11 \u00bb<\/strong> Open \/etc\/dovecot\/conf.d\/10-mail.conf<\/strong> file, find #mail_location =<\/strong> (line no : 30 ) and add the same directory which is given to home_mailbox<\/strong> in the postfix config file ( Step 5).
\nmail_location = maildir:~\/mail<\/code>
\nStep 12 \u00bb<\/strong> Open \/etc\/dovecot\/conf.d\/20-pop3.conf<\/strong> file, find and uncomment the below line ( line no : 50 ) .
\npop3_uidl_format = %08Xu%08Xv<\/code>
\nStep 13 \u00bb<\/strong> Restart dovecot service.
\n[root@mail ~]# systemctl restart dovecot<\/code>
\nStep 14 \u00bb<\/strong> Add firewall rules to allow 110,143,993 and 995.
\n[root@mail ~]# firewall-cmd --permanent --add-port=110\/tcp
\n[root@mail ~]# firewall-cmd --permanent --add-service=pop3s
\n[root@mail ~]# firewall-cmd --permanent --add-port=143\/tcp
\n[root@mail ~]# firewall-cmd --permanent --add-service=imaps
\n[root@mail ~]# firewall-cmd --reload<\/code>
\nCheck the connectivity for the ports 110,143,993 and 995 using telnet.<\/p>\n

User creation<\/a><\/h2>\n

Now create user for testing .
\nStep 15 \u00bb<\/strong> Create user with \/sbin\/nologin<\/strong> shell to restrict login access.
\n[root@mail ~]# useradd -m john -s \/sbin\/nologin
\n[root@mail ~]# passwd john<\/code>
\nMail server is ready now, Configure user in your mail client and test send\/receive.
\n\"Setup<\/a><\/p>\n

 <\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

This article helps you to install and configure basic mail server on Centos 7. Here i have used Postfix for SMTP, Dovecot for POP\/IMAP and Dovecot SASL for SMTP AUTH. Before proceeding please make sure you have assigned static IP for the server and have internet connectivity for installing packages. Setup mail server on centos 7 1. Installing packages 2. Postfix configuration 3. Dovecot configuration 4. User creation Installing packages Step 1 \u00bb Assign hostname for the server using the below command. [root@krizna ~]# hostnamectl set-hostname mail.krizna.com Step 2 \u00bb Make a host entry with your IP in \/etc\/hosts file. 172.27.0.51 mail.krizna.com Step 3 \u00bb Now start installing packages. [root@krizna ~]# yum -y install postfix dovecot After package installation continue with postfix configuration. Postfix configuration First create SSL certificate for encryption. Step 4 \u00bb Follow the below steps one by one for creation. [root@mail ~]# mkdir \/etc\/postfix\/ssl [root@mail ~]# cd \/etc\/postfix\/ssl [root@krizna ssl]# openssl genrsa -des3 -out server.key 2048 [root@krizna ssl]# openssl rsa -in server.key -out server.key.insecure [root@krizna ssl]# mv server.key server.key.secure [root@krizna ssl]# mv server.key.insecure server.keyLeave blank for A challenge password [] value in the below step. [root@krizna ssl]# openssl req -new -key server.key -out server.csr [root@krizna ssl]# openssl […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"ngg_post_thumbnail":0,"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[5],"tags":[],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p5q9Zn-cv","jetpack-related-posts":[{"id":716,"url":"https:\/\/blog.box.kr\/?p=716","url_meta":{"origin":775,"position":0},"title":"CentOS SSH Installation And Configuration","date":"2015-04-15","format":false,"excerpt":"http:\/\/www.cyberciti.biz\/faq\/centos-ssh\/ \u00a0 How do I install and configure ssh server and client under CentOS Linux operating systems? You need to install the following packages (which are installed by default until and unless you removed it or skipped it while installing CentOS) openssh-clients : The OpenSSH client applications openssh-server : The\u2026","rel":"","context":"In "\uae30\uc220\uc790\ub8cc"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":718,"url":"https:\/\/blog.box.kr\/?p=718","url_meta":{"origin":775,"position":1},"title":"How To Install Linux, Nginx, MySQL, PHP (LEMP) stack On CentOS 7","date":"2015-04-15","format":false,"excerpt":"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-install-linux-nginx-mysql-php-lemp-stack-on-centos-7 \u00a0 How To Install Linux, Nginx, MySQL, PHP (LEMP) stack On CentOS 7 Introduction A LEMP software stack is a group of open source software that is typically installed together to enable a server to host dynamic websites and web apps. This term is actually an acronym which represents\u2026","rel":"","context":"In "\uae30\uc220\uc790\ub8cc"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":894,"url":"https:\/\/blog.box.kr\/?p=894","url_meta":{"origin":775,"position":2},"title":"How To Install Cassandra on CentOS 7","date":"2015-06-16","format":false,"excerpt":"Apache Cassandra is a NoSQL database intended for storing large amounts of data in a decentralized, highly available cluster. NoSQL refers to a database with a data model other than the tabular relations used in relational databases such as MySQL, PostgreSQL, and Microsoft SQL. Pre-Flight Check These instructions are intended\u2026","rel":"","context":"In "\uae30\uc220"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":766,"url":"https:\/\/blog.box.kr\/?p=766","url_meta":{"origin":775,"position":3},"title":"install bugzilla with nginx on centos7","date":"2015-05-11","format":false,"excerpt":"Set the Hostname Before you begin installing and configuring the components described in this guide, please make sure you\u2019ve followed our instructions for setting your hostname. Issue the following commands to make sure it is set properly: hostname hostname -f The first command should show your short hostname, and the\u2026","rel":"","context":"In "Linux"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":510,"url":"https:\/\/blog.box.kr\/?p=510","url_meta":{"origin":775,"position":4},"title":"[\ud38c]How to enable EPEL repo on CentOS 5 & 6","date":"2014-12-28","format":false,"excerpt":"To enable EPEL (Extra Packages for Enterprise Linux) for CentOS 5 x86 or x64, log in to SSH on your server and execute the following command (dependent on your OS \u2013 unsure of what version of CentOS you are running?): \u00a0CentOS 6.x 32-bit (x86\/i386): rpm -Uvh http:\/\/mirror.overthewire.com.au\/pub\/epel\/6\/i386\/epel-release-6-7.noarch.rpm CentOS 6.x 64-bit\u2026","rel":"","context":"In "Linux"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":826,"url":"https:\/\/blog.box.kr\/?p=826","url_meta":{"origin":775,"position":5},"title":"[scrap]50 UNIX \/ Linux Sysadmin Tutorials","date":"2015-05-20","format":false,"excerpt":"http:\/\/www.thegeekstuff.com\/2010\/12\/50-unix-linux-sysadmin-tutorials\/ \u00a0 Merry Christmas and Happy Holidays to all TGS Readers. To wrap this year, I\u2019ve collected 50 UNIX \/ Linux sysadmin related tutorials that we\u2019ve posted so far. This is lot of reading. Bookmark this article for your future reference and read it whenever you get free time. Disk\u2026","rel":"","context":"In "\uae30\uc220"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/posts\/775"}],"collection":[{"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.box.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=775"}],"version-history":[{"count":0,"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/posts\/775\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.box.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=775"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.box.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=775"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.box.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=775"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}