Of Stack

CentOS 7.2 deploy mail server (Postfix)

  • 2020-05-13 04:15:15
  • OfStack

1. Postfix profile

Postfix is an E-mail server created by Wietse Venema, a Dutch researcher at the IBM Watson research center (T.J.Watson Research Center), to improve the sendmail mail server. First appeared in the late 1990s, is an open source software.
Postfix's official website: http: / / www postfix. org /
Postfix download address: http: / / www postfix. org/download html

2. Postfix installation

Install Postfix to configure the SMTP server
[1] Postfix will be installed even if the CentOS system is installed with [minimal installation], but if Postfix is not installed, please install it first, as shown below.
[root@linuxprobe ~]# yum -y install postfix

[2] this example shows configuring SMTP-Auth to use SASL functions of Dovecot. 


[root@linuxprobe ~]# vi /etc/postfix/main.cf
# line 75: uncomment and specify hostname

myhostname = linuxprobe.srv.world
# line 83: uncomment and specify domain name

mydomain = srv.world
# line 99: uncomment

myorigin = $mydomain
# line 116: change

inet_interfaces = all
# line 164: add

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
# line 264: uncomment and specify your local network

mynetworks = 127.0.0.0/8, 10.0.0.0/24
# line 419: uncomment (use mailboxdir)

home_mailbox = mailbox/
# line 574: add

smtpd_banner = $myhostname ESMTP
# add follows to the end

# limit an email size for 10M

message_size_limit = 10485760

# limit a mailbox for 1G

mailbox_size_limit = 1073741824
# for SMTP-Auth

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks,permit_auth_destination,permit_sasl_authenticated,reject

[root@linuxprobe ~]# systemctl restart postfix
[root@linuxprobe ~]# systemctl enable postfix

[3] if Firewalld is running, allow the SMTP service. SMTP USES 25 / TCP. 


[root@dlp ~]# firewall-cmd --add-service=smtp --permanent
success
[root@dlp ~]# firewall-cmd --reload
success

3. Dovecot installation

Install Dovecot to configure the POP/IMAP server
Install Dovecot [1].
[root@linuxprobe ~]# yum -y install dovecot

[2] this example shows configuration to provide SASL functionality to Postfix. 


[root@linuxprobe ~]# vi /etc/dovecot/dovecot.conf
# line 24: uncomment
protocols = imap pop3 lmtp
# line 30: uncomment and change ( if not use IPv6 )
listen = *
[root@linuxprobe ~]# vi /etc/dovecot/conf.d/10-auth.conf
# line 10: uncomment and change ( allow plain text auth )
disable_plaintext_auth = no
# line 100: add
auth_mechanisms = plain login
[root@linuxprobe ~]# vi /etc/dovecot/conf.d/10-mail.conf
# line 30: uncomment and add
mail_location = maildir:~/Maildir
[root@linuxprobe ~]# vi /etc/dovecot/conf.d/10-master.conf
# line 96-98: uncomment and add like follows
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
 mode = 0666
 user = postfix
 group = postfix
}
[root@linuxprobe ~]# vi /etc/dovecot/conf.d/10-ssl.conf
# line 8: change (not require SSL)
ssl = no

[root@linuxprobe ~]# systemctl start dovecot
[root@linuxprobe ~]# systemctl enable dovecot

[3] if Firewalld is running, allow the POP/IMAP service. POP USES 110 / TCP, and IMAP USES 143 / TCP. 


[root@vdevops ~]# firewall-cmd --add-port={110/tcp,143/tcp} --permanent
success
[root@vdevops ~]# firewall-cmd --reload
success

4. SSL Settings

Configure SSL to encrypt the connection
[1] first create a certificate, portal: / / www ofstack. com article / 97434. htm

[2] configure Postfix and Dovecot for SSL. 


# add to the end
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt
smtpd_tls_key_file = /etc/pki/tls/certs/server.key
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
[root@linuxprobe ~]# vi /etc/postfix/master.cf
# line 26-28: uncomment
smtps  inet n  -  n  -  -  smtpd
 -o syslog_name=postfix/smtps
 -o smtpd_tls_wrappermode=yes
[root@linuxprobe ~]# vi /etc/dovecot/conf.d/10-ssl.conf
# line 8: change
ssl = yes
# line 14,15: specify certificates
ssl_cert = </etc/pki/tls/certs/server.crt
ssl_key = </etc/pki/tls/certs/server.key
[root@linuxprobe ~]# systemctl restart postfix dovecot

[3] if Firewalld is running, please allow the SMTPS/POP3S/IMAPS service. SMTPS USES 465 /
TCP, POP3S use 995 / TCP, IMAPS use 993 / TCP. 


[root@vdevops ~]# firewall-cmd --add-service={pop3s,imaps} --permanent
success
[root@vdevops ~]# firewall-cmd --add-port=465/tcp --permanent
success
[root@vdevops ~]# firewall-cmd --reload
success

Mail log report: pflogsumm

Install pflogsumm this is the Postfix log reporting tool
[1] install the postfix-perl-scripts package. 


[root@linuxprobe ~]# yum -y install postfix-perl-scripts
# generate log summary for yesterday
[root@linuxprobe ~]# perl /usr/sbin/pflogsumm -d yesterday /var/log/maillog
Postfix log summaries for Jul 14
Grand Totals
------------
messages
  2 received
  5 delivered
  0 forwarded
  0 deferred
  0 bounced
  0 rejected (0%)
  0 reject warnings
  0 held
  0 discarded (0%)

 2879 bytes received
 6572 bytes delivered
  1 senders
  1 sending hosts/domains
  2 recipients
  2 recipient hosts/domains
Per-Hour Traffic Summary
------------------------
 time   received delivered deferred bounced  rejected
 --------------------------------------------------------------------
 0000-0100   0   0   0   0   0
 0100-0200   0   0   0   0   0
 0200-0300   0   0   0   0   0
 0300-0400   0   0   0   0   0
 0400-0500   0   0   0   0   0
 0500-0600   0   0   0   0   0
 0600-0700   0   0   0   0   0
 0700-0800   0   0   0   0   0
 0800-0900   0   0   0   0   0
 0900-1000   0   0   0   0   0
 1000-1100   2   5   0   0   0
 1100-1200   0   0   0   0   0
 1200-1300   0   0   0   0   0
 1300-1400   0   0   0   0   0
 1400-1500   0   0   0   0   0
 1500-1600   0   0   0   0   0
 1600-1700   0   0   0   0   0
 1700-1800   0   0   0   0   0
 1800-1900   0   0   0   0   0
 1900-2000   0   0   0   0   0
 2000-2100   0   0   0   0   0
 2100-2200   0   0   0   0   0
 2200-2300   0   0   0   0   0
 2300-2400   0   0   0   0   0

Host/Domain Summary: Message Delivery
--------------------------------------
 sent cnt bytes defers avg dly max dly host/domain
 -------- ------- ------- ------- ------- -----------
  3  4119  0  0.4 s 0.8 s srv.world
  2  2453  0  0.1 s 0.1 s mail.srv.world

Host/Domain Summary: Messages Received
---------------------------------------
 msg cnt bytes host/domain
 -------- ------- -----------
  2  2879 mail.srv.world

Senders by message count
------------------------
  2 cent@mail.srv.world

Recipients by message count
---------------------------
  3 redhat@srv.world
  2 cent@mail.srv.world

Senders by message size
-----------------------
 2879 cent@mail.srv.world

Recipients by message size
--------------------------
 4119 redhat@srv.world
 2453 cent@mail.srv.world

message deferral detail: none
message bounce detail (by relay): none
message reject detail: none
message reject warning detail: none
message hold detail: none
message discard detail: none
smtp delivery failures: none
Warnings
--------
 tlsmgr (total: 6)
   3 redirecting the request to postfix-owned data_directory /var/li...
   3 request to update table btree:/etc/postfix/smtpd_scache in non-...

Fatal Errors: none
Panics: none
Master daemon messages
----------------------
  4 daemon started -- version 2.10.1, configuration /etc/postfix
  3 terminating on signal 15
  1 reload -- version 2.10.1, configuration /etc/postfix

[root@linuxprobe ~]# crontab -e
#  Send message log digest in AM Every day, 1:00 To the root 
00 01 * * * perl /usr/sbin/pflogsumm -e -d yesterday /var/log/maillog | mail -s 'Logwatch for Postfix' root
Related articles: