|
|
|
PostFix with DoveCot Install for CentOS-4 (WBEL-4 / TaoLinux-4 / RHEL-4) Part 1 |
|
|
|
|
Written by Johnny Hughes
|
|
Saturday, 30 September 2006 |
This is a guide to install a PostFix mailserver (with DoveCot, MailScanner, ClamAV, SquirrelMail, and SpamAssassin) on CentOS-4.X. There are 4 parts, this is part 1. This install procedure also works with White Box Enterprise Linux 4 and TaoLinux-4
Part 3 | Part 4
Part 1: PostFix with DoveCot Install Guide Below is the full text for part 1 of the guide. If you have any questions concerning this article, please ask at in the HughesJR.com forums Postfix Mail Server section.
Note: The UW imapd program in EL-3 has been replaced by one of 2 choices in EL-4 distros. The choices are dovecot and cyrus-imapd. Each has it pluses and minuses. Dovecot uses regular Linux users and is similar to the previous UW imapd, cyrus-impad uses virtual users and can store the mail and user information in a MySQL database. I will handle these different options as different "Parts" of the same Guide. This "Part" is Part 1, the PostFix - Dovecot Guide. If you would rather use cyrus-imapd, skip to Part 2, the PostFix - CyrusImapD Guide.
You only need to follow either "Part 1" OR "Part 2" to get the initial Postfix install done ... then skip to "Part 3" for Squirrelmail Webmail and "Part 4" if you want MailScanner, SpamAssassin, ClamAV for scanning Mail. |
This is going to be a Postfix mail server install on CentOS-4.x (or WBEL-4, TaoLinux-4 ... I will use the name CentOS-4 throughout the rest of this guide). The first step is going to be to do a minimal install of CentOS-4. This is accomplished by selecting a custom install and unchecking everything. Turn off SELinux as well. This will give you an install with about 698MB of packages (This may change as new releases are done). It is the same as the minimum recommended install by RedHat of their Enterprise product. There are several items in that install that could be removed if absolutely necessary ... however, we will only remove sendmail, because we are going to install PostFix as the MTA. This Guide also assumes SELinux is off. If you want to use SELinux with your postfix, see this Guide after you complete the basic setup below. The Guide also assumes IPv6 is disabled.
You can disable SELinux by editing the file /etc/sysconfig/selinux and find the line:
SELINUX= and setting it to
SELINUX=disabled
You can turn off IPv6 by editing the file /etc/modprobe.conf adding this line as the top line of the file:
alias net-pf-10 off
After making both changes, reboot the machine.
This install is as lean as possible, and does not contain a GUI. You will need to know how to use an editor in console mode. There are several, I use vi ... nano is also in this install. Either can be used ... please become familiar with a console editor before attempting this install. You will see steps that say edit file /xxx/xxxx ... you should use your preferred editor to do these steps.
All commands in this guide are done at the command prompt as the user root.
1. Now is a good time to discuss what needs to be set up for naming. There are specific naming requirements for an e-mail server. The first is the name of the server itself. In CentOS, there are 2 places the server name needs to be ... and it needs to be the same in each place. The places are:
a. The file /etc/sysconfig/network ... mine says this:
| CODE | NETWORKING=yes
HOSTNAME=mail2.home.local |
(mail2 is the computer name .... home.local is the domain name.)
b. The file /etc/hosts needs the same entry ... here is my /etc/hosts:
| CODE | # Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.0.72 mail2.home.local mail2 |
2. Another requirement for a mail server is to have an DNS MX record for the domain (in my case home.local) that points to the e-mail server (in my case mail2.home.local). This domain is not real outside my test network, it does work inside my network (on a 192.168.0.0 network) because I have a DNS server for testing. You would need to add (or have your service provider add) an MX record for your domain. Here is what a dig lookup looks like for my MX record on home.local.
| QUOTE | dig -t mx home.local
; <<>> DiG 9.2.2 <<>> -t mx home.local
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16265
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;home.local. IN MX
;; ANSWER SECTION:
home.local. 3600 IN MX 10 mail2.home.local.
;; ADDITIONAL SECTION:
mail2.home.local. 3600 IN A 192.168.0.72
;; Query time: 2 msec
;; SERVER: 192.168.0.2#53(192.168.0.1)
;; WHEN: Mon May 17 21:12:39 2004
;; MSG SIZE rcvd: 65 |
The question in the question section is home.local's mx record ... the answer sections says home.local's email server is mail2.home.local ... and the additional section says mail2.home.local is 192.168.0.72. I have a seperate A record for 192.168.0.72 tied to the name mail2.home.local on the DNS server.
In order for your e-mail server to really work (to recieve mail from the internet), you need a real domain name that you own, an IP address, and a valid DNS MX record and A record pointing to your mail server. You can use services like zoneedit.com and dyndns.org (or others) to apply a domain name to a dynamic IP address (like a cable or DSL account) ... then setup A and MX records there.
Here is the procedure. (You should already have your Minimal install of EL-4).
1. Now we need to install, or verify installed all the packages that we need for setting up Postfix with SASL, SMTP AUTH, IMAP and POP3. This will install all the required packages:
yum install postfix postfix-pflogsumm dovecot cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-ntlm cyrus-sasl-plain cyrus-sasl-sql
{the above is all one line with a space between each name (if it wraps), the cyrus-sasl-devel and cyrus-sasl-sql packages are optional, but may be used later if you install MailScanner and ClamAV}
2. Now we need to remove sendmail, since postfix is the new MTA.
yum remove sendmail
3. Once you have your MX and A DNS records set (from above), you are ready to configure your Postfix ... first we will edit the file /etc/postfix/main.cf and setup the important parameters. I am only going to list the parameters to get one fully functional domain working ... where there is no relaying except for users who have logged on. I will only discuss the parameters that need changing from the default:
myhostname = mail2.home.local
mydomain = home.local
myorigin = $mydomain
inet_interfaces = $myhostname, localhost
mydestination = $myhostname, $mydomain, localhost
local_recipient_maps = unix:passwd.byname $alias_maps
unknown_local_recipient_reject_code = 550
mynetworks_style = subnet
(this will allow me to relay mail on my 192.168.0.0/255.255.255.0 subnet ... if you only own 1 IP ... you will leave this remarked out and use mynetworks_style = host instead)
relay_domains = $mydestination
mail_spool_directory = /var/spool/mail
That is all the original stuff that needs changing .... here are the items added for SASL / SMTP AUTH (added to the bottom of the /etc/postfix/main.cf file):
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
Also in the bottom of the /etc/postfix/main.cf file, you can add a setting for max mail box size and max attachment size ... I will assume 20mb max attachment and 100mb max mailbox size...here is what to add for that:
message_size_limit = 20971520
mailbox_size_limit = 104857600
Here is my current /etc/postfix/main.cf file for this install ...
http://www.hughesjr.com/centos/4/postfix/main.cf.txt
4. Now we need to turn on IMAP, POP3, IMAPs, POP3s. All these are optional, but you will need to read or retrieve your mail somehow. Beyond the scope of this guide is generating a Certificate for using TLS and using IMAPs or POP3s. We will just turn on the standard POP3 and IMAP in this guide.
We installed Dovecot as our pop/imap daemon, so we need to set it up (if you are trying to use cyrus-impad, you are in the wrong section).
a. Edit the file [b]/etc/dovecot.conf[/b] and change the following lines (these are just the lines that must be changed from the default):
protocols = imap pop3
imap_listen = *
pop3_listen = *
#imaps_listen = *
#pop3s_listen = *
ssl_disable = yes
#ssl_cert_file = /usr/share/ssl/certs/dovecot.pem
#ssl_key_file = /usr/share/ssl/private/dovecot.pem
Here is a copy of the /etc/dovecot.conf used for this guide:
http://www.hughesjr.com/centos/4/postfix/dovecot.cf.txt
5. Next we want to get saslauthd working. We need to edit the file /etc/sysconfig/saslauthd and make sure it says this:
MECH=pam
Next we need to edit the file /usr/lib/sasl2/smtpd.conf and make sure it says:
pwcheck_method: saslauthd
Now we need to set postfix as the MTA ... do this:
alternatives --config mta
... select postfix (on my setup the number 1)
Now we need to start the saslauthd service with this command:
/etc/init.d/saslauthd restart
(if it wan't previously running, the first shutdown may fail .. but the start should say [OK].
restart postfix with the command:
/etc/init.d/postfix restart
restart dovecot with the command:
/etc/init.d/dovecot restart
6. Next we need to make sure postfix, dovecot and saslauthd will start on reboot in at least runlevels 3 and 5 ... to do this issue the following command:
chkconfig --list | grep postfix
The output should be similar to this:
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Then do:
chkconfig --list | grep saslauthd
It should also look like this:
saslauthd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
Then do:
chkconfig --list | grep dovecot
It should also look like this:
dovecot 0:off 1:off 2:off 3:on 4:on 5:on 6:off
If either is off for 3: or 5:, issue this command:
chkconfig saslauthd on
(or dovecot or postfix as applicable)
Then redo the chkconfig --list | grep saslauthd command ... it should now be on for 3: and 5:.
7. If you have iptables on, you can adjust the open ports with the command:
system-config-securitylevel-tui
Select enable and then Customize ...
You will need to open imap:tcp pop3:tcp https:tcp in the bottom, as well as checking ssh and www at the top (that includes the later squirrelmail addon as well) and it allows you to ssh into the box ... or you can use the below file in /etc/sysconfig/iptables:
http://www.hughesjr.com/centos/4/postfix/iptables.txt
This is a very basic iptables that is fairly secure for the e-mail server as a standalone machine inside your network ... security of your server is your call, not mine, this is just a suggested iptables that should allow you to have an e-mail server that works and is fairly secure.
8. In order to use PAM (ie, normal linux users with passwd / shadow usernames and passwords) as your SMTP authentication method, you MUST allow (and use) PLAIN text or Login as your Mail Client authenication method.
9. In this setup, all users who have accounts on this server with a password can send and receive e-mail.
10. If you have questions about this guide or your implementation of it, please post your questions in the Postfix Mail Server section of our Forums.
I will next add httpd (apache), php and squirrelmail to this server in another guide, so your users can also have webmail.
Part 3 | Part 4 |
|
Last Updated ( Sunday, 05 August 2007 )
|
|
|
Home 