Set up a Postfix Mail Server With Dovecot and RoundCube on CentOS 7

Leave your reply

Introduction

Learn how to set up a mail server on a Servidor Cloud running CentOS 7. This tutorial features Postfix as an SMTP server, Dovecot for POP/IMAP functionality, and RoundCube as a webmail program for users to check and receive email from a web browser.

The tutorial will also walk you through the process of creating and using a self-signed SSL certificate for use in securing incoming and outgoing email connections.

Requirements

  • A Servidor Cloud running CentOS 7.
  • Postfix installed and running.

To check the status of Postfix on the server, use the command:

sudo postfix status

If Postfix is installed and running, you will see the output:

[user@localhost ~]# sudo postfix status
postfix/postfix-script: the Postfix mail system is running: PID: 1681

Firewall Access

If you have a firewall, you will need to allow access to the following ports:

  • SMTP: 25
  • POP3: 110
  • IMAP: 143
  • SMTP Secure: 465
  • MSA: 587
  • IMAP Secure: 993
  • POP3 Secure: 995

For more information about using a firewall on a Servidor Cloud, consult our documentation on the topic.

Create an SSL Certificate

We will create a self-signed SSL certificate to secure incoming and outgoing email connections:

sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout mailserver.key -out mailserver.crt -nodes -days 365

Answer the questions at the prompts, or just hit [Enter] to leave an answer blank. This command will create two files: mailserver.key and mailserver.crt.

Create a folder for the SSL certificate files:

sudo mkdir /etc/postfix/ssl

Then move the files into this folder:

sudo mv mailserver.key /etc/postfix/ssl
sudo mv mailserver.crt /etc/postfix/ssl

Configure Postfix

The following steps will enable a basic Postfix set-up, allowing you to send and receive mail. For more information on these configurations, consult the official documentation.

Before you begin the configuration changes, be sure that you have the most recent version of Postfix by running the command:

sudo yum update postfix

Edit master.cf

First we will edit the /etc/postfix/master.cf file to enable the submission daemon to send and accept mail securely:

sudo nano /etc/postfix/master.cf

Delete the hash mark (#) to un-comment the following lines:

#submission inet n       -       n       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING

Save and exit the file.

Edit main.cf

The /etc/postfix/main.cf file contains the configuration options for your Postfix installation. Edit this file:

sudo nano /etc/postfix/main.cf

Make the following changes:

Set Hostname

Edit the line which reads:

#myhostname = host.domain.tld

Delete the hash mark (#) to un-comment the line, and replace host.domain.tld with the hostname of the server:

myhostname = example.com

Set Domain

Edit the line which reads:

#mydomain = domain.tld

Delete the hash mark (#) to un-comment the line, and replace domain.tld with the domain you want to receive mail for:

mydomain = example.com

Enable Other Settings

Delete the hash mark (#) to un-comment the following lines:

#myorigin = $myhostname
#inet_interfaces = all
#inet_interfaces = localhost
#inet_protocols = all
#mydestination = $myhostname, localhost.$mydomain, localhost
#home_mailbox = Maildir/

Add Configurations

Finally, add the following lines to the end of the file:

smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key
smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level=may

Save and exit the file, then restart Postfix to load the new configurations:

sudo systemctl restart postfix

Test Postfix With Telnet

To test Postfix we will telnet to the server and perform a basic "handshake protocol," just as an email program would.

First, install Telnet:

sudo yum install telnet

Once Telnet is installed, use it to connect to the server's SMTP port:

telnet localhost 25

The server will respond with:

[user@localhost ~]$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

Start by telling the server who the mail is being sent from:

mail from: some-person@some-other-server.com

Then tell the server who you are sending mail to, replacing user@example.com with your own username and domain name:

rcpt to: user@example.com

Now add a simple message. Tell the server your message body starts here:

data 

Type the message, then follow it with [Enter], a period ., and [Enter]:

hello world 
.

Close the session by typing quit and hitting Enter.

If you are successful, your test message will appear in /home/username/Maildir/new. You can view this message with the command:

ll /home/username/Maildir/new

To read the message, copy and paste the name of the file (it will be a long name like 1481229255.Vfd01I402b66aM546595.example.com) and read it with more:

more 1481229255.Vfd01I402b66aM546595.example.com

You will see the email message, along with all of the header information:

From some-person@some-other-server.com  Thu Dec  8 19:43:10 2016
Return-Path: <some-person@some-other-server.com>
X-Original-To: user@example.com
Delivered-To: user@example.com
Received: from localhost (localhost [127.0.0.1])
        by mail.example.com (Postfix) with SMTP id 6CFD589184
        for <user@example.com>; Thu,  8 Dec 2016 19:42:33 +0000 (UTC)
Message-Id: <20161208194238.6CFD589184@mail.oxnardindustries.com>
Date: Thu,  8 Dec 2016 19:42:33 +0000 (UTC)
From: some-person@some-other-server.com

hello world

Install and Configure Dovecot

We will be using Dovecot as a POP3/IMAP server, so that users can receive and check their email. You can find more information about Dovecot on the Dovecot website.

Install Dovecot with the command:

sudo yum install dovecot

You can check on the status of Dovecot with the command:

sudo systemctl status dovecot

If Dovecot is running, you will see output similar to:

[user@mail dovecot]$ sudo systemctl status dovecot -l
● dovecot.service - Dovecot IMAP/POP3 email server
   Loaded: loaded (/usr/lib/systemd/system/dovecot.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2016-12-08 21:04:48 UTC; 3s ago
  Process: 8985 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS)
 Main PID: 8989 (dovecot)
   CGroup: /system.slice/dovecot.service
           ├─8989 /usr/sbin/dovecot -F
           ├─8992 dovecot/anvil
           ├─8993 dovecot/log
           └─8995 dovecot/config

Dec 08 21:04:48 example.com systemd[1]: Starting Dovecot IMAP/POP3 email server...
Dec 08 21:04:48 example.com systemd[1]: Started Dovecot IMAP/POP3 email server.
Dec 08 21:04:48 example.com dovecot[8989]: master: Dovecot v2.2.10 starting up for imap (core dumps disabled)
Active: active (running) since Thu 2016-12-08 21:04:48 UTC; 3s ago

This means that Dovecot is installed and running.

Install Roundcube

Roundcube is a free, open source webmail program with robust built-in multilingual capabilities, and many convenient features for your users. You can read more about Roundcube on the Roundcube website.

Roundcube requires several PHP and MariaDB packages as a prerequisite. Install and/or update these first with the command:

sudo yum install mysql mariadb-server php php-common php-json php-xml php-mbstring

Next, create a MariaDB username and database for the Roundcube installation. Log into the MariaDB client with the command:

mysql -u root -p 

Log in with the root password, then create a Roundcube database:

create database roundcube_db;

Create a user for this database. Note: Be sure to give the user a strong password.

grant all on roundcube_db.* to roundcube_user@localhost identified by 'roundcube_db_password';

Replace:

  • roundcube_user with the username you want to create for your database.
  • roundcube_db_password with a strong password for this user.

Then exit MariaDB:

quit;

Go to your website's document root. Download the current release from the Roundcube website by using the command:

sudo wget [download URL]

To find the download URL, visit the current release page on the Roundcube website. Copy the URL for the green "Download" link. You can paste it into the command line by clicking Shift + Insert.

For example, to download the current stable release as of this article's publication the command is:

sudo wget https://github.com/roundcube/roundcubemail/releases/download/1.2.3/roundcubemail-1.2.3-complete.tar.gz

Uncompress this file using the command:

sudo tar -xvf [filename]

Tip: You can use tab completion to make this process easier. Type sudo tar -xvf roundcube then hit Tab. The shell will automatically fill out the rest of the file name on the command line.

To unzip the file downloaded above, the command is:

 sudo tar -xvf roundcubemail-1.2.3-complete.tar.gz

Rename the extracted directory roundcube:

sudo mv roundcubemail-1.2.3 roundcube

Set the ownership of the files to the Apache user:

sudo chown -R apache:apache roundcube

To complete the installation, switch to a browser and go to the URL http://example.com/roundcube/installer/.

Scroll down to the bottom of the page and click NEXT.

In the next section, you will need to fill out the database information.

Fill out the MariaDB database name, username, and password which you created above. Then scroll down and click CREATE CONFIG.

Note: There are many potential configurations. You can change or set them at any time in the future.

After the config file is created, click CONTINUE to continue.

Click the Initialize database button to set up the database.

Test the mail server configuration by sending a test SMTP email.

  • Sender: Your new email address on this server. (For example, jdoe@example.com)
  • Recipient: An external email address. (For example, jdoe@gmail.com)

Then click Send test mail. After a few moments, check the external email account to see if your email was sent.

Test the IMAP configurations by logging in with your username and password.

Note that your username is NOT your full email address. For example, log in with the username jdoe, not jdoe@example.com.

Now that the configuration is complete, you can log in at http://example.com/webmail to check and send email.