Configure mail server on Centos 7 with Postfix, Dovecot, Apache, postfixadmin and Roundcube.

We starting from Centos 7 Infrastructure Server with Mail Server from Installer.
We have now:

1 – We have public IP
2 – Revers DNS for this IP
3 – Domain already bought.

Step 0. Preparing with minimal aplication to install:

yum -y install wget whois nc vim gpm ppp rp-pppoe dialog logwatch telnet nmap mutt
yum -y install epel-release
yum -y update
yum -y install perl-MailTools perl-MIME-EncWords perl-Email-Valid perl-Test-Pod dovecot dovecot-mysql  dovecot-pigeonhole  perl-Mail-Sender perl-Log-Log4perl imapsync offlineimap amavisd-new clamav perl-Razor-Agent mariadb-server opendkim vim wget crypto-utils mod_ssl.x86_64 php php-mysql php-fpm  clamav-update php-imap.x86_64 NetworkManager-tui mailx lrzip lzop lz4 arj  unzoo cabextract p7zip fail2ban php-mcrypt.x86_64
systemctl stop rpcbind
systemctl disable rpcbind

Step 1.  Setup your hostname server.
hostnamectl set-hostname mail.your-domain.tk
Edit you /etc/hosts to look like this
[root@mail ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.47 mail.your-domain.com mail

Step 2.  Test postfix local delivery
We create 2 users for local delivery test.
useradd -d /home/john -M -N -s /sbin/nologin john
useradd -d /home/mark -M -N -s /sbin/nologin mark

Now we will send a local mail.
echo Hello | mail -s test john@localhost
and will check if mail has been delivered
tail -f /var/log/maillog
Oct 21 14:55:58 localhost postfix/local[2916]: 770201440486: to=<john@localhost.your-domain.com>, orig_to=<john@localhost>, relay=local, delay=0.19, delays=0.13/0.02/0/0.04, dsn=2.0.0, status=sent (delivered to mailbox)

if works go to next step

Step 3. Setup MariaDB.
Config next /etc/my.cnf.d/server.cnf file like this:
# this is read by the standalone daemon and embedded servers
[server]
innodb_file_per_table
innodb_file_format = Barracuda
# this is only for the mysqld standalone daemon
[mysqld]

Enable mariadb service
systemctl enable mariadb.service
Start mariadb database server
systemctl start mariadb.service
Secure mariadb installation
mysql_secure_installation

Step 4. Configure Clam Antivirus

We need to configure how clam refreshes his database
vim /etc/sysconfig/freshclam

comment or remove last line
#  FRESHCLAM_DELAY=disabled-warn    # REMOVE ME

we will make a edit clamav config file
vim /etc/freshclam.conf

comment or remove line with words   “example”.

and finally update your viruses database.
freshclam

Step 5. Configure basic settings in spamassasin

Enable spamassasin service

systemctl start spamassassin.service
systemctl status spamassassin.service
systemctl enable spamassassin.service
update spamassasin definitions
sa-update
 Step 6. Integrate spamassasin and clamav with amavisd.
First install some app:
yum -y install clamav clamav-devel clamav-server clamd
We need to provide some config files.
cp /usr/share/doc/clamav-server-0.99.2/clamd.sysconfig /etc/sysconfig/clamd.amavisd
We need to adapt config file to our actual configuration.
vim /etc/sysconfig/clamd.amavisd

and add to last line

CLAMD_CONFIGFILE=/etc/clamd.d/amavisd.conf
CLAMD_SOCKET=/var/run/clamd.amavisd/clamd.sock
We will create a couple of new files
vim /etc/tmpfiles.d/clamd.amavisd.conf
add this content
d /var/run/clamd.amavisd 0755 amavis amavis -
Edit next file
vim /usr/lib/systemd/system/clamd@.service
with this content
[Unit]
Description = clamd scanner (%i) daemon
After = syslog.target nss-lookup.target network.target
[Service]
Type = simple
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf --foreground=yes
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target
Now we can enable clamd@amavisd service
systemctl start clamd@amavisd
systemctl enable clamd@amavisd
systemctl status clamd@amavisd
Configure amavisd service
vim /etc/amavisd/amavisd.conf
At line 16 set number of amavisd childrens.
More childres uses more ram but delivers more mail at once, one amavisd children consumes near 30% of cpu in a low end server, be careful if you receive a lot of mails at once can be a big punch in your cpu have too many childrens.
$max_servers = <number>
line 20 set $mydomain
$mydomain = ‘ceae.info’;
line 152 aprox set your hostname
$myhostname= ‘mail.ceae.info’;
Start service Amavisd
systemctl start amavisd.service
Enable service
systemctl enable amavisd.service
Step 7. Enable Apache and minim config.
yum -y install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel spamassassin unzip bzip2 unrar perl-DBD-mysql
systemctl start httpd.service
systemctl enable httpd.service
Edit config file
vim /etc/httpd/conf/httpd.conf
at line 86 edit with your admin email
# ServerAdmin root@localhost
at line 152 should be
## AllowOverride None
AllowOverride All
Config php
vim /etc/php.ini
at line 763 edit like this
;cgi.fix_pathinfo=1
cgi.fix_pathinfo=0
at line 877 edit like this
;date.timezone =
date.timezone = Europe/Berlin
And now restart apache
systemctl restart httpd.service
Step 8. Setup Postfixadmin
Download Postxiadmin
wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-3.0/postfixadmin-3.0.tar.gz?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fpostfixadmin%2Ffiles%2Fpostfixadmin%2Fpostfixadmin-3.0%2F&ts=1479731076&use_mirror=netix
 Move file to tar.gz file
mv postfixadmin-3.0.tar.gz\?r\=https\:%2F%2Fsourceforge.net%2Fprojects%2Fpostfixadmin%2Ffiles%2Fpostfixadmin%2Fpostfixadmin-3.0%2F postfixadmin-3.0.tar.gz
Extract folder
tar -zxvf postfixadmin-3.0.tar.gz -C /var/www/html/
cd /var/www/html/
chown -R root.apache postfixadmin-3.0/
 ln -s postfixadmin-3.0/ postfixadmin
We need to create postfix user database:
mysql -u root -p
MariaDB [(none)]> create database postfix;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT all on postfix.* to 'postfix'@'localhost' identified by 'yourPASSword';
Query OK, 0 rows affected (0.00 sec)
Now we have database, edit config file:
vim /var/www/html/postfixadmin/config.inc.php
$CONF[‘configured’] = true;
$CONF[‘setup_password’] = ‘YOUR-STRONG-PASSWORD’;
$CONF[‘database_type’] = ‘mysqli’;
$CONF[‘database_host’] = ‘localhost’;
$CONF[‘database_user’] = ‘postfix’;
$CONF[‘database_password’] = ‘yourPASSword’;
$CONF[‘database_name’] = ‘postfix’;
$CONF[‘show_password’] = ‘YES’;
$CONF[‘page_size’] = ’30’;
$CONF[‘default_aliases’] = array (
‘abuse’ => ‘abuse@ceae.info’,
‘hostmaster’ => ‘hostmaster@ceae.info’,
‘postmaster’ => ‘postmaster@ceae.info’,
‘webmaster’ => ‘webmaster@ceae.info’
);
$CONF[‘domain_path’] = ‘NO’;
$CONF[‘domain_in_mailbox’] = ‘YES’;
$CONF[‘maildir_name_hook’] = ‘NO’;
$CONF[‘transport’] = ‘YES’;
$CONF[‘vacation’] = ‘YES’;
$CONF[‘vacation_domain’] = ‘autoreply.ceae.info’;
$CONF[‘vacation_control’] =’YES’;
If your domain do not exist, activate this
$CONF['emailcheck_resolve_domain']='NO';
Now got to browser and type http://your-ip/postfixadmin/setup.php and setup your admin password.
Setup Postfixadmin Now login and create new domain and email http://YOUR-IP-server/postfixadmin/login.php
Step 10   Setup Dovecot.
Now we enable IMAP and POP3 service.
vim /etc/dovecot/dovecot-sql.conf.ext
# The mysqld.sock socket may be in different locations in different systems
driver = mysql
##
connect = host=localhost dbname=postfix user=postfix password=yourpassword
#
# Default password scheme.
# depends on your $CONF['encrypt'] setting:
# md5crypt  -> MD5-CRYPT
# md5       -> PLAIN-MD5
# cleartext -> PLAIN
default_pass_scheme = MD5-CRYPT
# Query to retrieve password. user can be used to retrieve username in other
# # formats also.
password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND active='1'
# Query to retrieve user information.
## user_query = SELECT maildir, 1001 AS uid, 1001 AS gid FROM mailbox WHERE username = '%u' AND active='1'
user_query = SELECT CONCAT('/var/spool/vmail/', domain,'/', maildir) AS home, CONCAT('maildir:/var/spool/vmail/',domain,'/', maildir) AS mail, 5000 AS uid, 12 AS gid, concat('dict:storage=',CAST(ROUND(quota / 1024) AS CHAR), '::proxy::quota') AS quota, CONCAT('*:storage=',CAST(quota AS CHAR), 'B') AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'
Now we edit next file:
vim /etc/dovecot/conf.d/dovecot-mysql-quota.conf.ext
connect = host=localhost dbname=postfix user=postfix password=yourpassword
map {
  pattern = priv/quota/storage
  table = quota2
  username_field = username
  value_field = bytes
}
map {
  pattern = priv/quota/messages
  table = quota2
  username_field = username
  value_field = messages
}
vim /etc/dovecot/dovecot.conf
line 24 tells dovecot what protocols  should serve
protocols = imap pop3
line 31 is what interfaces where dovecot will be listening
listen = *, ::
line 44 welcome message,
#login_greeting = Dovecot ready.
login_greeting = Server OK.
line 69 defines behavior when reboot dovecot service
shutdown_clients = yes
Edit custom logging
vim /etc/dovecot/conf.d/10-logging.conf
line 8 log file
log_path = /var/log/dovecot.log
line 32 logging verbose password for debuging
#auth_verbose_passwords = no
auth_verbose_passwords = plain
line 41 enable debug password
#auth_debug_passwords = no
auth_debug_passwords = yes
Restart dovecot
systemctl restart dovecot.service
Create user for delivery internal and log.
useradd -r -u 5000 -g mail -d /var/spool/vmail -s /sbin/nologin -c "Virtual mailbox" vmail
Create folder vmail
mkdir /var/spool/vmail
change owner of log file
chown vmail /var/log/dovecot.log
Create logrotate for dovecot
vim /etc/logrotate.d/dovecot
/var/log/dovecot.log {
missingok
notifempty
delaycompress
sharedscripts
postrotate
/bin/kill -USR1 `cat /var/run/dovecot/master.pid 2>/dev/null` 2> /dev/null || true
endscript
}
Config authenticated user
vim /etc/dovecot/conf.d/10-auth.conf
line 10 disable plain test on
disable_plaintext_auth = yes
Auth mecanism
auth_mechanisms = plain login cram-md5
and databate type user setup
#!include auth-system.conf.ext
!include auth-sql.conf.ext
Setup SSL
SSL protocols
ssl_protocols = !SSLv2 !SSLv3
SSL ciphers to use
ssl_cipher_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4
Prefer the server’s order of ciphers over client’s.
ssl_prefer_server_ciphers = yes
 Now dovecot needs to know what protocols will  serve and how
vim /etc/dovecot/conf.d/10-master.conf
service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
service pop3-login {
  inet_listener pop3 {
    port = 110
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = vmail
    group = mail
  }
Enable sieve in dovecot
vim /etc/dovecot/conf.d/15-lda.conf
protocol lda {
# Space separated list of plugins to load (default is global mail_plugins).
#mail_plugins = $mail_plugins
mail_plugins = $mail_plugins sieve
}
end for today
——–>>>>>>>>—————–>>>>>>>>>>>>>>>>

File underconstruction ……  please return back in few days.

4 thoughts on “Configure mail server on Centos 7 with Postfix, Dovecot, Apache, postfixadmin and Roundcube.”

  1. can you please write more details about the quota. I tried my luck on Google, Stack, whereever i can

    but really frustated.

    A lil help is really appreciated

Leave a Reply

Your email address will not be published. Required fields are marked *

4 + 9 =


This site uses Akismet to reduce spam. Learn how your comment data is processed.