Installing packages
Step 1 » Assign hostname for the server using the below command.
[root@krizna ~]# hostnamectl set-hostname mail.krizna.com
Step 2 » Make a host entry with your IP in /etc/hosts file.
172.27.0.51 mail.krizna.com
Step 3 » Now start installing packages.
[root@krizna ~]# yum -y install postfix dovecot
After package installation continue with postfix configuration.
Step 4 » Follow the below steps one by one for creation.
[root@mail ~]# mkdir /etc/postfix/ssl [root@mail ~]# cd /etc/postfix/ssl [root@krizna ssl]# openssl genrsa -des3 -out server.key 2048 [root@krizna ssl]# openssl rsa -in server.key -out server.key.insecure [root@krizna ssl]# mv server.key server.key.secure [root@krizna ssl]# mv server.key.insecure server.keyLeave blank for A challenge password [] value in the below step. [root@krizna ssl]# openssl req -new -key server.key -out server.csr [root@krizna ssl]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Step 5 » Now open /etc/postfix/main.cf file for changes.
Find and uncomment the below lines.
#inet_interfaces = localhost #---> line no 116 #mydestination = $myhostname, localhost.$mydomain, localhost #--> line no 164
and add below lines at the end of the file. change myhostname and mydomain values with yours and home_mailbox value to your desired directory. Here it will store mails in the users home directory (Eg: /home/john/mail ).
myhostname = mail.krizna.com mydomain = krizna.com myorigin = $mydomain home_mailbox = mail/ mynetworks = 127.0.0.0/8 inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtp_tls_security_level = may smtpd_tls_security_level = may smtp_tls_note_starttls_offer = yes smtpd_tls_loglevel = 1 smtpd_tls_key_file = /etc/postfix/ssl/server.key smtpd_tls_cert_file = /etc/postfix/ssl/server.crt smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom
Step 6 » Open /etc/postfix/master.cf file, add the below lines after “smtp inet n – n – – smtpd” line.
submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_sasl_auth_enable=yes -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_sasl_auth_enable=yes -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
Now check the configuration using postfix check command.
Step 7 » Now configure Dovecot SASL for SMTP Auth. Open /etc/dovecot/conf.d/10-master.conf file, find “# Postfix smtp-auth” line ( line no:95 ) and add the below lines.
# Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix group = postfix }
Step 8 » Open /etc/dovecot/conf.d/10-auth.conf file, find “auth_mechanisms = plain” ( Line no: 100 ) and add login to the value like below.
auth_mechanisms = plain login
Step 9 » Postfix configuration is over. Now restart both postfix and dovecot services and enable auto start
[root@mail ~]# systemctl restart postfix [root@mail ~]# systemctl enable postfix [root@mail ~]# systemctl restart dovecot [root@mail ~]# systemctl enable dovecot
Step 10 » Add the firewall rules to allow 25, 587 and 465 ports.
[root@mail ~]# firewall-cmd --permanent --add-service=smtp [root@mail ~]# firewall-cmd --permanent --add-port=587/tcp [root@mail ~]# firewall-cmd --permanent --add-port=465/tcp [root@mail ~]# firewall-cmd --reload
Now start testing connectivity for each ports 25,587 and 465 using telnet and make sure you are getting AUTH PLAIN LOGIN line after issuing ehlo mail.krizna.com command in telnet.
[root@mail ~]# telnet mail.krizna.com 465 Trying 172.27.0.51... Connected to mail.krizna.com. Escape character is '^]'. 220 mail.krizna.com ESMTP Postfix ehlo mail.krizna.com <------- Type this command 250-mail.krizna.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
Start configuring Dovecot
Step 11 » Open /etc/dovecot/conf.d/10-mail.conf file, find #mail_location = (line no : 30 ) and add the same directory which is given to home_mailbox in the postfix config file ( Step 5).
mail_location = maildir:~/mail
Step 12 » Open /etc/dovecot/conf.d/20-pop3.conf file, find and uncomment the below line ( line no : 50 ) .
pop3_uidl_format = %08Xu%08Xv
Step 13 » Restart dovecot service.
[root@mail ~]# systemctl restart dovecot
Step 14 » Add firewall rules to allow 110,143,993 and 995.
[root@mail ~]# firewall-cmd --permanent --add-port=110/tcp [root@mail ~]# firewall-cmd --permanent --add-service=pop3s [root@mail ~]# firewall-cmd --permanent --add-port=143/tcp [root@mail ~]# firewall-cmd --permanent --add-service=imaps [root@mail ~]# firewall-cmd --reload
Check the connectivity for the ports 110,143,993 and 995 using telnet.
User creation
Step 15 » Create user with /sbin/nologin shell to restrict login access.
[root@mail ~]# useradd -m john -s /sbin/nologin [root@mail ~]# passwd john
Mail server is ready now, Configure user in your mail client and test send/receive.
Ref : https://www.krizna.com/centos/setup-mail-server-centos-7/
I made the settings according tuturial, but gave the following error: 554 5.7.1 : Recipients address rejected: access denied
It’s happening because the error message is self explanatory- “554 5.7.1 : Recipients address rejected: access denied”
The destination mail server is rejecting message delivery for one or more recipients. This is likely due to configuration on the destination mail server or some form of anti-spam message filtering.
Its not mail server issue, you need to update SPF, DKIM, DMARC and possibly Reverse IP/PTR entries in the DNS.