A basic/rudimentary e-mail server that you can expose to the public internet
While this guide was made for Slackware, it should work for RHEL as well.
This is assuming you already have DNS set up as well as Apache…
Required Software
- Postfix
- Dovecot
- Spamassassin, Amavisd-new
- Clamav
Set up your hosts file
/etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.20 yourhostname.yourdomainname.com your hostname
Install the required software above either by compiling from source, SlackBuilds, or if on RHEL use yum
Configure Postfix
Open Postfix config file /etc/postfix/main.cf and find and edit the following lines:
## Uncomment and set your mail server FQDN ##
myhostname = server.unixmen.com
## Uncomment and Set domain name ##
mydomain = unixmen.com
## Uncomment ##
myorigin = $mydomain
## Set ipv4 ##
inet_interfaces = all
## Change to all ##
inet_protocols = all
## Comment ##
#mydestination = $myhostname, localhost.$mydomain, localhost,
## Uncomment ##\\
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
##b Uncomment and add IP range ##
mynetworks = 192.168.1.0/24, 127.0.0.0/8
## Uncomment ##
home_mailbox = Maildir/
Save and exit the file. Start Postfix service now:
systemctl restart postfix
Test (skip this if you want)
Create a test user and set a password
useradd testpf
passwd testpf
Test with telnet
telnet localhost smtp
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 server.unixmen.com ESMTP Postfix
ehlo localhost
250-server.unixmen.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:<sk>
250 2.1.0 Ok
rcpt to:<sk>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
welcome to unixmen mail system
.
250 2.0.0 Ok: queued as 3E68E284C
quit
221 2.0.0 Bye
Connection closed by foreign host.
End of Test section, proceed if all is well
Install and configure Dovecot
Open the file /etc/dovecot/dovecot.conf file and edit
protocols = imap pop3 lmtp
Open /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir
Open /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = yes
auth_mechanisms = plain login
Open the file /etc/dovecot/conf.d/10-master.conf
mode = 0600
user = postfix
group = postfix
Start dovecot
systemctl start dovecot
Configure SASL
Open /etc/postfix/main.cf
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
Open /etc/dovecot.conf
auth default {
mechanisms = plain login
passdb pam {
}
userdb passwd {
}
user = root
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
Generate SSL certificates (to later configure TLS)
Ensure crypto-utils is installed
genkey --days 365 mail.example.com
The keypair should be here
/etc/pki/tls/certs/mail.example.com.cert # public cert
/etc/pki/tls/private/mail.example.com.key # private key
Open /etc/postfix/main.cf:
smtpd_tls_security_level = may
smtpd_tls_key_file = /etc/pki/tls/private/mail.example.com.key
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.example.com.cert
# smtpd_tls_CAfile = /etc/pki/tls/root.crt
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_cache
tls_random_source = dev:/dev/urandom
tls_random_exchange_name = /var/lib/postfix/prng_exch
smtpd_tls_auth_only = yes
content_filter=amavisfeed:[127.0.0.1]:10024
Open /etc/dovecot.conf:
protocols = imap imaps pop3 pop3s
#disable_plaintext_auth = no
#ssl_disable = no
ssl_cert_file = /etc/pki/tls/certs/mail.example.com.cert
ssl_key_file = /etc/pki/tls/private/mail.example.com.key
ssl_cipher_list = ALL:!LOW:!SSLv2
Restart postfix and dovecot
Configuring Amavisd-new/ClamAV and Spamassassin
Check
groups clamav
If clamav isn’t added run
gpasswd -a clamav amavis
Open /etc/clamd.conf
LocalSocket /var/run/clamav/clamd.sock
Open /etc/amavisd.conf
$max_servers = 2; # num of pre-forked children (2..30 is common), -m
$daemon_user = "amavis"; # (no default; customary: vscan or amavis), -u
$daemon_group = "amavis"; # (no default; customary: vscan or amavis), -g
...
$inet_socket_port = 10024; # listen on this local TCP port(s)
...
$mydomain = 'example.com';
$MYHOME = '/var/amavis';
$helpers_home = "$MYHOME/var";
$lock_file = "$MYHOME/var/amavisd.lock";
$pid_file = "$MYHOME/var/amavisd.pid";
$myhostname = 'mail.example.com';
$sa_tag_level_deflt = 2.0;
$sa_tag2_level_deflt = 6.2;
$sa_kill_level_deflt = 6.9;
$sa_dsn_cutoff_level = 10;
# $sa_quarantine_cutoff_level = 25;
$penpals_bonus_score = 8;
$penpals_threshold_high = $sa_kill_level_deflt;
$sa_mail_body_size_limit = 400*1024;
$sa_local_tests_only = 0;
Okay, that was a lot, theres a bit more to edit
Look for the clamav section
### http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: run clamd under the same user as amavisd, or run it under its own
# # uid such as clamav, add user clamav to the amavis group, and then add
# # AllowSupplementaryGroups to clamd.conf;
# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
# # this entry; when running chrooted one may prefer socket "$MYHOME/clamd".
Now open /etc/master.cf and add this
amavisfeed unix - - n - 2 lmtp
-o lmtp_data_done_timeout=1200
-o lmtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=
Reload postfix/dovecot
You should be good to go and have a working public facing e-mail server that can filter spam
Congratulations, you are done! But wait….want a graphical frontend?
The basic is Squirrelmail. Roundcubemail is a step up, but I prefer Rainloop