POSTFIX
Postfix is a free open source mail transfer agent (MTA), a computer program for the routing and delivery of email. It is intended as a fast, easy-to-administer, and secure alternative to the widely-used Sendmail MTA which is installed by default with CentOS.
First we need to remove the Sendmail MTA
yum remove sendmail
Install Postfix
yum install postfix
Installation Of Required Packages for SMTP AUTH
yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain
Postfix configuration files are stored in /etc/postfix. The two main postfix configuration files are master.cf and main.cf. First we are going to make some additions or changes to the main.cf configuration file as below
#NOTE: Make sure you uncomment inet_interfaces = localhost
home_mailbox = Maildir/
mailbox_command =
mynetworks = 127.0.0.0/8,221.132.35.94
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
relay_domains =
local_recipient_maps =
mailbox_command =
mynetworks = 127.0.0.0/8,221.132.35.94
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
relay_domains =
local_recipient_maps =
#configure SMTP-AUTH
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = cyrus
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = cyrus
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
////////////////////////
edit /usr/lib/sasl2/smtpd.conf so that Postfix allows PLAIN and LOGIN logins.
edit /usr/lib/sasl2/smtpd.conf so that Postfix allows PLAIN and LOGIN logins.
On a 64Bit CentOS you must edit the file /usr/lib64/sasl2/smtpd.conf instead. It should look like this:
pwcheck_method: saslauthd
mech_list: plain login
////////////////////
Create the certificates for TLS
///////////////////////
mech_list: plain login
////////////////////
Create the certificates for TLS
///////////////////////
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
/////////////////////////
Configure Postfix for TLS
Configure Postfix for TLS
#The following lines should be added, edited or uncommented in main.cf file
///////////////////////
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
///////////////////////
DOVECOT
///////////////////////
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
///////////////////////
DOVECOT
It’s an open source IMAP and POP3 server for Linux/UNIX-like systems, written primarily with security in mind.
Install Dovecot (POP3S/IMAPS Server)
yum install dovecot
Open the dovecot config file /etc/dovecot.conf and make the following changes.
protocols = pop3 pop3s imap imaps
mail_location = maildir:~/Maildir/
pop3_uidl_format = %08Xu%08Xv
imap_client_workarounds = delay-newmail outlook-idle netscape-eoh
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
mail_location = maildir:~/Maildir/
pop3_uidl_format = %08Xu%08Xv
imap_client_workarounds = delay-newmail outlook-idle netscape-eoh
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
/////////////
Test dovecot
/////////////
[root@localhost ~]# telnet localhost 110
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
+OK Dovecot ready.
quit
+OK Logging out
Connection closed by foreign host.
//////////
Set the necessary services to automatically start at boot and then start all services
//////////
chkconfig postfix on/start
chkconfig saslauthd on/start
chkconfig dovecot on/start
////////////////////////
To see if SMTP-AUTH and TLS work properly now run the following command (you can also run the telnet command on the other ports to test if TLS and AUTH is working)
Test dovecot
/////////////
[root@localhost ~]# telnet localhost 110
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
+OK Dovecot ready.
quit
+OK Logging out
Connection closed by foreign host.
//////////
Set the necessary services to automatically start at boot and then start all services
//////////
chkconfig postfix on/start
chkconfig saslauthd on/start
chkconfig dovecot on/start
////////////////////////
To see if SMTP-AUTH and TLS work properly now run the following command (you can also run the telnet command on the other ports to test if TLS and AUTH is working)
telnet localhost 25
After you have established the connection to your Postfix mail server type
ehlo localhost
If you see the lines
250-STARTTLS
and
250-AUTH PLAIN LOGIN
everything is fine.
/////////////////////
# telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 server1.example.com ESMTP Postfix
ehlo localhost
250-server1.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
Setup mail server on Centos with postfix, dovecot, cyrus
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 server1.example.com ESMTP Postfix
ehlo localhost
250-server1.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
Setup mail server on Centos with postfix, dovecot, cyrus
This is a smart blog. I mean it. You have an excellent knowledge about this topic. Thanks for sharing such a great blogs to us. VoIP Systems for Small Business
ReplyDeleteYou have provided valuable data for us. It is great and informative for everyone.Read more info about Smtp Server For Bulk Email Keep posting always. I am very thankful to you.
ReplyDelete
ReplyDeleteGreat blog.We are leading bulletproof smtp Service Provider. We offer the best SMTP Server for Mass Mailing, Send unlimited Bulk marketing and transactional emails.
Very well written article. It was an awesome article to read. Complete rich content and fully informative. I totally Loved it.Smtp Provider India
ReplyDeleteVery good, This information is essential and informative which you have shared here. Read more info about Direct Mail Marketing Printing. It is beneficial for beginners to develop their knowledge. It is very gainful information. Thanks for share it.
ReplyDelete