how to build a mail system with dovecot and postfix on Centos 7

edited August 2014 in Proposed How-Tos
I will use my instance at vultr Tokyo to show you how to do that.
There are some tags of this how to:
virtual users

1. prepare work
First, vultr would block the port 25 by default, you need to open a issue to let staff open it for you, it is not the problem of your system's firewall.

first of all, you need to install below:
mariadb-server, dovecot-mysql, postfix
They would install the depends for you using:
yum install mariadb-server dovecot-mysql postfix
then create a user for virtual mail:
useradd -s /sbin/nologin -m vmail
2. database
Now I will create database and user for mail at mariadb(mysql), login the
mysql with:
mysql -u root -p
attention here, the mysql doesn't have root password orignally, so you could
using this way to make a password for the root of mysql(not the system's root):
mysqladmin -u root password(enter here, then type the password)

at mariadb, you need could create a database in this way:
create database mail;
then create a user in this way
create user 'mail'@'localhost' IDENTIFIED BY 'mypass';
then grant the access for that user to database, as the user only need readonly to databse:
grant select on mail.* to 'mail'@'localhost';

then exit from mysql shell, in system shell, save the scehme below to a place:
create table `virtual_users` ( `id` int(11) not null auto_increment, `email` varchar(32) not null, `password` varchar(128) not null, `realname` varchar(32), `quota_limit_mbytes` int(8), primary key(`id`), unique key `email` (`email`) ); CREATE TABLE `virtual_aliases` ( `id` int(11) NOT NULL auto_increment, `source` varchar(100) NOT NULL, `destination` varchar(100) NOT NULL, PRIMARY KEY (`id`) );
then import it to mysql by
mysql -u root -p mail < scheme.sql
then you could insert a user like this:
insert into virtual_users (`email`,`password`) values('','hashedpassword');

3. dovecot
actually the dovecot will do auth work at mail system,so I would to configure it first.
3.1 enable lmtp
modify /etc/dovecot/dovecot.conf:
protocols = pop3 lmtp modify /etc/dovecot/conf.d/10-master.conf: service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { user = postfix group = postfix mode = 0600 } }
enable enable the virtual user,
modify the /etc/dovecot/conf.d/10-auth.conf to enable sql auth
!include auth-sql.conf.ext then the auth-sql.conf.ext passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf.ext } userdb { driver = static args = args = uid=vmail gid=vmail home=/var/spool/mail/%d/%n }
then the /etc/dovecot/dovecot-sql.conf.ext
driver=mysql connect = host=localhost dbname=mail user=mail password=password default_pass_scheme = SHA512-CRYPT password_query = SELECT email AS user, password AS password \ FROM virtual_users WHERE email = '%u'
finally, /etc/dovecot/conf.d/10-mail.conf
mail_location = mdbox:/var/spool/mail/%d/%n/mail
postfix will send mail and receive mail then delived it to dovecot
modify /etc/postfix/ to
smtp_sasl_auth_enable = no smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = noanonymous smtpd_sasl_exceptions_networks = $mynetworks smtpd_helo_restrictions = permit_sasl_authenticated, reject_unknown_helo_hostname smtpd_sender_restrictions = reject_unknown_sender_domain smtpd_relay_restrictions = reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client, reject_rhsbl_helo, reject_rhsbl_sender permit smtpd_data_restrictions = reject_unauth_pipelining, permit
the query/maps-mailboxes.query
host = user = mail password = password dbname = mail query = SELECT 1 FROM virtual_users WHERE email='%s'

5. firewall
the centos7 will block most of ports by default
firecmd-cmd --permanent --add-service=stmp
#for pop3
firecmd-cmd --permanent --add-port=110/tcp
the firewall-cmd --reload to apply
Sign In or Register to comment.