Setup mail server on centos 7 using postfix and dovecot Rumi, March 30, 2021 Installing packages Step 1 » Assign hostname for the server using the below command. [root@krizna ~]# hostnamectl set-hostname mail.krizna.com Step 2 » Make a host entry with your IP in /etc/hosts file. 172.27.0.51 mail.krizna.com Step 3 » Now start installing packages. [root@krizna ~]# yum -y install postfix dovecot After package installation continue with postfix configuration. Step 4 » Follow the below steps one by one for creation. [root@mail ~]# mkdir /etc/postfix/ssl [root@mail ~]# cd /etc/postfix/ssl [root@krizna ssl]# openssl genrsa -des3 -out server.key 2048 [root@krizna ssl]# openssl rsa -in server.key -out server.key.insecure [root@krizna ssl]# mv server.key server.key.secure [root@krizna ssl]# mv server.key.insecure server.keyLeave blank for A challenge password [] value in the below step. [root@krizna ssl]# openssl req -new -key server.key -out server.csr [root@krizna ssl]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Step 5 » Now open /etc/postfix/main.cf file for changes. Find and uncomment the below lines. #inet_interfaces = localhost #---> line no 116 #mydestination = $myhostname, localhost.$mydomain, localhost #--> line no 164 and add below lines at the end of the file. change myhostname and mydomain values with yours and home_mailbox value to your desired directory. Here it will store mails in the users home directory (Eg: /home/john/mail ). myhostname = mail.krizna.com mydomain = krizna.com myorigin = $mydomain home_mailbox = mail/ mynetworks = 127.0.0.0/8 inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtp_tls_security_level = may smtpd_tls_security_level = may smtp_tls_note_starttls_offer = yes smtpd_tls_loglevel = 1 smtpd_tls_key_file = /etc/postfix/ssl/server.key smtpd_tls_cert_file = /etc/postfix/ssl/server.crt smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom Step 6 » Open /etc/postfix/master.cf file, add the below lines after “smtp inet n – n – – smtpd” line. submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_sasl_auth_enable=yes -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_sasl_auth_enable=yes -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING Now check the configuration using postfix check command. Step 7 » Now configure Dovecot SASL for SMTP Auth. Open /etc/dovecot/conf.d/10-master.conf file, find “# Postfix smtp-auth” line ( line no:95 ) and add the below lines. # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix group = postfix } Step 8 » Open /etc/dovecot/conf.d/10-auth.conf file, find “auth_mechanisms = plain” ( Line no: 100 ) and add login to the value like below. auth_mechanisms = plain login Step 9 » Postfix configuration is over. Now restart both postfix and dovecot services and enable auto start [root@mail ~]# systemctl restart postfix [root@mail ~]# systemctl enable postfix [root@mail ~]# systemctl restart dovecot [root@mail ~]# systemctl enable dovecot Step 10 » Add the firewall rules to allow 25, 587 and 465 ports. [root@mail ~]# firewall-cmd --permanent --add-service=smtp [root@mail ~]# firewall-cmd --permanent --add-port=587/tcp [root@mail ~]# firewall-cmd --permanent --add-port=465/tcp [root@mail ~]# firewall-cmd --reload Now start testing connectivity for each ports 25,587 and 465 using telnet and make sure you are getting AUTH PLAIN LOGIN line after issuing ehlo mail.krizna.com command in telnet. [root@mail ~]# telnet mail.krizna.com 465 Trying 172.27.0.51... Connected to mail.krizna.com. Escape character is '^]'. 220 mail.krizna.com ESMTP Postfix ehlo mail.krizna.com <------- Type this command 250-mail.krizna.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN Start configuring Dovecot Step 11 » Open /etc/dovecot/conf.d/10-mail.conf file, find #mail_location = (line no : 30 ) and add the same directory which is given to home_mailbox in the postfix config file ( Step 5). mail_location = maildir:~/mail Step 12 » Open /etc/dovecot/conf.d/20-pop3.conf file, find and uncomment the below line ( line no : 50 ) . pop3_uidl_format = %08Xu%08Xv Step 13 » Restart dovecot service. [root@mail ~]# systemctl restart dovecot Step 14 » Add firewall rules to allow 110,143,993 and 995. [root@mail ~]# firewall-cmd --permanent --add-port=110/tcp [root@mail ~]# firewall-cmd --permanent --add-service=pop3s [root@mail ~]# firewall-cmd --permanent --add-port=143/tcp [root@mail ~]# firewall-cmd --permanent --add-service=imaps [root@mail ~]# firewall-cmd --reload Check the connectivity for the ports 110,143,993 and 995 using telnet. User creation Step 15 » Create user with /sbin/nologin shell to restrict login access. [root@mail ~]# useradd -m john -s /sbin/nologin [root@mail ~]# passwd john Mail server is ready now, Configure user in your mail client and test send/receive. Ref : https://www.krizna.com/centos/setup-mail-server-centos-7/ Administrations Configurations (Linux) CentOSCentOS 7DovecotMail ServerPostfix
I made the settings according tuturial, but gave the following error: 554 5.7.1 : Recipients address rejected: access denied
It’s happening because the error message is self explanatory- “554 5.7.1 : Recipients address rejected: access denied” The destination mail server is rejecting message delivery for one or more recipients. This is likely due to configuration on the destination mail server or some form of anti-spam message filtering. Its not mail server issue, you need to update SPF, DKIM, DMARC and possibly Reverse IP/PTR entries in the DNS.