This tutorial will show you how to get a simple mailserver on CentOS 7, with Postfix as MTA, Dovecot as MDA and Sieve for sorting mail - all over an encrypted connection for improved security.
In order to configure everything, you will first need to install these packages:
yum install postfix dovecot dovecot-pigeonhole mailx
The first configuration step is done in /etc/dovecot/conf.d/15-lda.conf
, by adding a postmaster address. This allows people to contact you in case of a failure. We will also be allowing auto-creation of folders and auto-subscription of said folders to avoid an inconsistent state between your mail client and the server:
postmaster_address = yourname@yourdomain.tld
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
The next step is to assign the correct path for your users' mailboxes in /etc/dovecot/conf.d/10-mail.conf
:
mail_location = maildir:~/Maildir
Make sure that there is only one mention of "mail_location" in the file to avoid problems. The last step for ensuring basic functionality is to tell Postfix to deliver the mails via Dovecot. Add the following line to /etc/postfix/main.cf
:
mailbox_command = /usr/libexec/dovecot/deliver
Restart both services and you can send the first test mail:
systemctl restart postfix
systemctl restart dovecot
Since it is considered rude to use the root-account for mailing, you should create a separate user for your mailing needs:
useradd -m youruser
passwd youruser
Now, you can test the mail functionality with the following command:
echo "TEST" | mail -s "testmail" youruser@localhost && tail -f /var/log/maillog
If your log files contain a line similar to the following one (The last part is the important) ..
postfix/local[27114]: 3F63C5B71: to=<youruser@localhost>, orig_to=<youruser@localhost>, relay=local, delay=0.01, delays=0/0/0/0.01, dsn=2.0.0, status=sent (delivered to command: /usr/libexec/dovecot/deliver)
.. then everything is working properly.
At this point, there are two important things missing - encryption and mail sorting.
The first can be configured, for Dovecot, in /etc/dovecot/conf.d/10-ssl.conf
, assuming you already have a certificate at hand:
ssl = require
ssl_cert = </path/to/your/certificate
ssl_key = </path/to/your/key
For sieve to work, edit the protocol section in /etc/dovecot/conf.d/15-lda.conf
to look like this:
protocol lda {
mail_plugins = $mail_plugins sieve
}
Restart the service:
systemctl restart dovecot
And that's it. You can now log in via IMAP or POP3 in a secure way, send transport encrypted mails, and write filters with Sieve.
It is also important to allow the IMAP, SMTP, and POP3 ports in firewalld as follows
firewall-cmd --permanent --add-service=smtp
firewall-cmd --permanent --add-service=pop3
firewall-cmd --permanent --add-service=imap
firewall-cmd --permanent --add-service=smtps
firewall-cmd --permanent --add-service=pop3s
firewall-cmd --permanent --add-service=imaps
firewall-cmd --reload