Tuesday, June 4, 2013

Mail Server Setup using Postfix on CentOS 6.4 - 1

Mail ServerSetup using Postfix on CentOS 6.4

Part 1 MTA Postfix
§  Chapter 1  Email Service
§  Chapter 2  Mail Transfer Agents
§  Chapter 3  Installation and Startup
§  Chapter 4  Postfix Configuration
Part 2 IMAP & POP3 Server
§  Chapter 5 IMAP and POP3 on Dovecot
§  Chapter 6 MUA Configuration
Part 3 Postfix aliases & access control
§  Chapter 7 Postfix Aliases
§  Chapter 8 Postfix Access Control
§  Chapter 9 Postfix Mailing List using Mailman
Part 4 Postfix Authentication
§  Chapter 10   Postfix Authentication using SASL
§  Chapter 11  Postfix Mail Encryption using SSL/TLS
Part 5 Postfix security
§  Chapter 12 Postfix Antispam
§  Chapter 13 Postfix Antivirus
Part 6 Postfix Extended Features
§  Chapter 14 Postfix Backup mail server (Queuing Server)
§  Chapter 15 Squirrelmail as a webmail
§  Chapter 16 Postfix Admin with MySQL

Mail Server Testing Environment
l  Postfix Mail  server (ms1.chul.com)
l  MUA - Evolution
l  Linux mail client
l  MUA - Thunderbird
l  Postfix Backup Mail server (ms2.chul.com)
3. Windows 7
l  Mail client using MS Outlook 2010

Chapter 1 Email Service
E-mail System Components
1.Mail User Agent (MUA):
A client used to compose and read e-mail (Outlook, Evolution, Thunderbird, Mutt)
2.Mail Transfer Agent (MTA):
An SMTP server used to relay or accept e-mail for delivery (Postfix, Sendmail, Exim, Qmail, Exchange server)
3.Mail Delivery Agent (MDA):
A program used by the final MTA to deliver e-mail to the message store
May be included with the MTA or a separate program such as procmail
4.Mail Access Agent (MAA):
An IMAP/POP3 server used by an MUA to access the message store (Dovecot, Cyrus IMAP)

Chapter 2 Mail Transfer Agents
Sendmail mail transfer agent, popular but insecure, complicated to configure
Fast, easy to configure, and secure mail transfer agent compatible with Sendmail and designed to replace it
Fast, flexible, and secure MTA with its own implementation and competitive with Postfix
MTA based on smail3

Chapter 3  Installation and startup
1. Package installation
l  postfix-2.6.6-2.2.el6_1.i686
2. Service startup and main directory
# service sendmail stop
# service postfix start
# ls –l /etc/postfix
3. Service startup checking
# ps –ef | grep postfix
# netstat –nat | grep 25
4. Runlevel registration
# chkconfig  postfix on
# chkconfig –list postfix
5. Testing on command
# telnet localhost 25
# mail –v –s ‘testing mail’  linux@chul.com < /etc/passwd

Chapter 4  Postfix Configuration
1. How to use postconf
a. postconf can display or edit /etc/postifx/main.cf settings
b. postconf :  Display all settings including defaults:
c. postconf –n : Display changes from default settings:
d. Modify current main.cf: postconf -e 'parameter=value‘
    # postconf -e mynetworks_style=subnet
e. Much simpler than editing /etc/mail/sendmail.cf
2. Postfix Daemons - /etc/postfix/master.cf
a. master: postfix master process, runs Postfix daemons on demand
b. smtpd: postfix smtp server, accepts network connection requests and performs zero or more SMTP  transactions  per  connection
c. pickup: Postfix local mail pickup, waits for hints that new mail has been
 dropped into the ‘maildrop’ directory, and  feeds  it  into  the ‘cleanup’  daemon.
d. qmgr: postfix queue manager, awaits  the arrival of incoming mail and
    arranges for its delivery via Postfix delivery processes.
3. Postfix: Accepting Inbound E-mail
a. listen on port 25/tcp on all IP addresses
   inet_interfaces = all
b. include all domains/hosts for which we accept local delivery
   myhostname = server.chul.com
   mydomain = chul.com
   mydestination = $myhostname, $mydomain, jeong.com, localhost
4. Postfix: Outbound SMTP Relay
a. To relay e-mail sent by hosts on your internal network to the Internet:
     inet_interfaces = all
b. To include all internal nets or hosts for which it will relay
     mynetworks =
     mynetworks_style = subnet
5. Postfix: Masquerading
a. Causes MTA to modify the envelope & headers of an outbound e-mail message
b. Reduces the number of MX records and hosts/domains to be listed in mydestination
        myorigin = chul.com
        masquerade_exceptions = root
6. Postfix Operation
a. always_bcc = address : Writes all messages
b. postqueue –p  : Displays status of the mail queues
c. postqueue –f  : Attempts to immediately deliver all queued mail
d. tail -f /var/log/maillog : Watch the mail log update in real time
7. Testing mail sending and receiving using domains

Chapter 5 IMAP and POP3 on Dovecot
1.Dovecot supports POP3, POP3s, IMAP, and IMAPs
# yum -y install dovecot
a. # vi /etc/dovecot/dovecot.conf
      protocols = imap pop3
      listen = *
b. # vi /etc/dovecot/conf.d/10-auth.conf
      disable_plaintext_auth = no
      auth_mechanisms = plain login
c. # vi /etc/dovecot/conf.d/10-mail.conf
      mail_location = maildir:~/Maildir
d. # vi /etc/dovecot/conf.d/10-master.conf
       unix_listener auth-userdb {
            mode = 0600
            user = postfix
            group = postfix
# service dovecot start
# chkconfig dovecot on
2. Testing dovecot
# telnet localhost 110
# telnet localhost 143

Chapter 6 MUA Configuration
l  Evolution on Server system of Linux for POP3
      # yum install evolution
      user is tland@chul.com
l  Thunderbird on Client system of Linux for IMAP
      # yum install thunderbird
      user is admin@chul.com
l  Outlook 2010 on Client system of Windows 7 for IMAP
       user is jeong@chul.com
2.Text-mode: Mutt and Fetchmail
# mutt -f pop://user@server
# mutt -f pops://user@server

Chapter 7 Postfix Aliases
1. Postfix Aliases
1) Local Aliases –  mail forwarding
2) Virtual Aliases – Incoming and Outgoing Aliases
2.1) Incoming Aliases for Multiple domains (jeong.com, linux.com)
  a. Virtual Alias Domains – Virtual domains using Linux system accounts
  b. Virtual Mailbox Domains – Virtual domains using non-Linux accounts
  c. Virtual Mailbox Domains using Database such as MySQL and LDAP
      - Virtual domains and user mapping using Database
2.2) Outgoing Aliases – change sender’s mail address to receiver (Masquerading)
2. Postfix Local Aliases (/etc/aliases)
a. /etc/aliases contains alias maps
    postmaster:            root
    admin:               tland@chul.com
    alist:               kim,itc,dara,tland
    tland:             linux,jeong
b. Using aliases
# vi /etc/postfix/main.cf
alias_maps = hash:/etc/aliases
# newaliases    or    service postfix restart
# ls –l /etc/aliases*
3.Incoming Virtual Aliases
3.1 Virtual Alias Domains – multiple domains using system accounts
a. Check /etc/postfix/master.cf
   virtual   unix  -       n       n       -       -       virtual
b. Add two alias domains to  /etc/postfix/main.cf
     virtual_alias_domains = jeong.com, linux.com
     virtual_alias_maps = hash:/etc/postfix/virtual
c. Create virtual mapping to /etc/postfix/virtual
admin@jeong.com       admin
info@jeong.com                  jeong
admin@linux.com                  linux
info@linux.com                          itc
@jeong.com                   catchall              //user unknown
@linux.com                   catchall              //user unknown
d. File hash
# postmap /etc/postfix/virtual; ls –l /etc/postfix/virtual*
# service postfix restart
3.2 Virtual Mailbox Domains – multiple domains with non-Linux accounts
a. Check /etc/postfix/master.cf
   virtual   unix  -       n       n       -       -       virtual
b. Add two alias domains to  /etc/postfix/main.cf
     virtual_mailbox_domains = jeong.com, linux.com
     virtual_mailbox_base = /var/spool/mailbox
     virtual_mailbox_maps = hash:/etc/postfix/vmailbox
     virtual_uid_maps = static:1000
     virtual_gid_maps = static:1000
c. Create virtual mapping to /etc/postfix/vmailbox
admin@jeong.com                    jeong.com/admin
info@jeong.com                  jeong.com/info
admin@linux.com                  linux.com/admin
info@linux.com                          linux.com/info
@jeong.com                                jeong.com/catchall
@linux.com                                linux.com/catchall
d. Create User and Directory and File hashing
# useradd –u 1000 vuser
# mkdir –p /var/spool/vmailbox/jeong.com    linux.com
# chown vuser.vuser /var/spool/vmailbox; chmod 700 /var/spool/vmailbox
# postmap /etc/postfix/vmailbox; ls –l /etc/postfix/vmailbox*
# service postfix restart
3.3 Virtual Mailbox Domains using Database like MySQL
a. Checking Postfix for MySQL Map Support
# postconf –m
b. Configuring Database
Create db, table and users on MySQL
c. Configuring Postfix to Use the Database
# vi /etc/postfix/main.cf
virtual_mailbox_domains = mysql:/etc/postfix/sql/virtual_mailbox_domains.cf
virtual_uid_maps = mysql:/etc/postfix/sql/virtual_uid_maps.cf
virtual_gid_maps = mysql:/etc/postfix/sql/virtual_gid_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/sql/virtual_mailbox_recipients.cf
virtual_alias_maps = mysql:/etc/postfix/sql/virtual_alias_maps.cf
# mkdir /etc/postfix/sql
# service postfix restart
4. Postfix Outgoing Aliases (/etc/postfix/generic)
a.  Activate outgoing aliases in /etc/postfix/main.cf
 smtp_generic_maps = hash:/etc/postfix/generic
b. Creating table in /etc/postfix/generic
root@server.chul.com                 admin@chul.com
linux@chul.com                                       linux@jeong.com
c. Save and close the file. Create or update generic postfix table
# postmap /etc/postfix/generic
d. Restart postfix
# service postfix restart
5. Alias Testing
a. Local aliases
b. Incoming virtual alias testing – virtual domains and virtual box
c. Outgoing virtual alias testing using MTA such as gmail, naver and yahoo

Chapter 8  Postfix Access Control
1. Activate access control in /etc/postfix/main.cf
smtpd_client_restrictions =
     check_client_access hash:/etc/postfix/access
2. Creating access file format in /etc/postfix/access
1.2.3                                                      REJECT                              OK
admin@spammer.com                 OK
server.spammer.com                    REJECT
chul.com                                      OK
3. Creating Hash file
# postmap  /etc/postfix/access
# service postfix restart

1 comment:

  1. how you configure the ns.chul.com and ms1 and ms2??thanks