How To Configure ISP Mail Server With Virtual Users/Domains On Centos 5.0 Using Postfix, Dovecot, MySQL, phpMyAdmin, TLS/SSL

Want to support HowtoForge? Become a subscriber!
 
Submitted by eliufoo (Contact Author) (Forums) on Mon, 2008-07-14 15:49. :: CentOS | Postfix

How To Configure ISP Mail Server With Virtual Users/Domains On Centos 5.0 Using Postfix, Dovecot, MySQL, phpMyAdmin, TLS/SSL

Contributed By Eliufoo C. Mahinda

Emancipate yourself from mental slavery;
None but ourselves can free our minds.
-Redemption Song -Bob Marley

Acknowledgement To:

Babaraleem, the original author of How To configure ISP Mail Server With Virtual Users/Domain On Centos 4.5 Using Postifix, Dovecot, MySQL, phpMyAdmin, TLS/SSL.
url: http://www.howtoforge.com/virtual-users-and-domains-postfix-dovecot-mysql-centos4.5

I decided to update and add extra information on a tutorial I found online by Babaraleem to further assist Postfix newbie's. I experienced a difficult time following up on an out of date howto, when setting up my own mail server. I spent a long time troubleshooting, googling and reading other tutorials and documentation on postfix. The final results is this howto.

You may find out that most tutorials/howto's found online contain very limited information on how to verity and test your server configuration, you will have to look for another documentation to know how to test your server. I hope the information gathered in this howto will be helpful.

This howto will explain how to go about setting up an email server on Centos 5 using Postfix, Dovecot, RoundCube, Virtual Users/Domain and phpAdmin. I have also done a similar setup on Fedora Core 6. My best advice is to set this up first on a workstation and test it thoroughly before setting up on a server and going live with it!

This howto does not go into much detail, if you are looking for a full explanation of what is going on then read the documentation for each program. This is merely a step by step guide to get you up and running. You may use apt / yum to install software.

The content of this howto is broken down in three phases, compiling/installation, configuring and verifying your configuration.

 

Pre-Configuration Requirements:

1. Hostname mail.example.co.tz with IP address (192.168.49.81) to eth0. (You can assign an IP address and hostname of your choice.)
2. Create an alias eth0:0. Assign IP address (192.168.49.81). (You can assign an IP address of your choice.)
3. Make entries of your hostname and IP in /etc/hosts . In my case my /etc/hosts file shows

127.0.0.1 localhost.localdomain localhost
192.168.49.80 dns.example.co.tz dns
192.168.49.81 mail.example.co.tz mail

 

Installation Of Required Packages:

We need the following packages to be installed: Cyrus-sasl for SMTP AUTH

Description: The basic SMTP protocol does not provide a mechanism to authenticate users. Since email envelope addresses are so easy to fake, you can't know who is sending mail to your server unless you have a reliable means to authenticate clients. To allow mail relay privileges on your server, you need assurance that senders are who they claim to be, and you cannot rely on the senders' email addresses as identification. In this section, we look at installing and verify packpages for the Simple Authentication and Security Layer (SASL) as a means to control mail relaying and generally to identify who is using your mail server.

yum -y install cyrus*

Below packages will be installed.

rpm -qa | grep cyrus

cyrus-sasl-sql-2.1.22-4
cyrus-sasl-2.1.22-4
cyrus-sasl-devel-2.1.22-4
cyrus-sasl-md5-2.1.22-4
cyrus-sasl-ntlm-2.1.22-4
cyrus-sasl-ldap-2.1.22-4
cyrus-sasl-plain-2.1.22-4
cyrus-sasl-gssapi-2.1.22-4
cyrus-sasl-lib-2.1.22-4

We need at least the following packages installed in order to make Cyrus-SASL and Postfix work and Postfix get what it needs to when it has to compile with SASL support:

cyrus-sasl-2.1.22-4
cyrus-sasl-authd-2.1.22-4
cyrus-sasl-devel-2.1.22-4

Then you have to choose at least one of the following mechanisms to use when authenticating users:

cyrus-sasl-gssapi-2.1.22-4
cyrus-sasl-md5-2.1.22-4
cyrus-sasl-plain-2.1.22-4

 

Installing openssl used for TLS support

Description:

TLS (formerly SSL) stands for Transport Layer Security. Once this layer is established, it encrypts the communication between two hosts. If we use SMTP AUTH and the mechanisms PLAIN or LOGIN usernames and passwords are sent plaintext over the internet. This means that anyone could sniff the communication and read the passwords. If you don't want this - which I'm sure you don't - you can use TLS to help.

yum install -y openssl openssl-devel mod_ssl

Verify the required packages are installed.

rpm -qa | grep openssl

openssl097a-0.9.7a-9
openssl-0.9.8b-15.fc6
mod_ssl-2.2.6-1.fc6
openssl-perl-0.9.8b-15.fc6
openssl-devel-0.9.8b-15.fc6

 

Install dovecot

If you install postfix before dovecot, then dovecot will not be installed on your system because of packages conflicts.

Description:

Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems, written with security primarily in mind. This will install dovecot along with dependencies (mysql and postgresql).

yum install -y dovecot

 

Download, compile and install postfix with MySQL, TLS and SASL support (+LDAP).

Description: I am assuming you already know what postfix is hence, won't explain what it is.

Unzipping postfix:

tar zxvf postfix-2.5.2.tar.gz

Change directory to postfix root directory:

cd postfix-2.5.2/

Compiling postfix with MySQL, TLS, SASL support:

NOTE: You need to have db4-packages installed.

make makefiles \
CCARGS='-DUSE_SASL_AUTH -DHAS_SSL -DHAS_MYSQL -DHAS_LDAP -DUSE_CYRUS \
-I/usr/include/sasl -I/usr/include/openssl \
-I/usr/include/mysql -I/usr/include' \
AUXLIBS='-L/usr/lib -L/usr/lib/openssl/engines \
-L/usr/lib/mysql -L/usr/lib \
-lsasl2 -lcrypto -lssl -lmysqlclient -lz -lm -lldap -llber \
-Wl,-rpath /usr/lib/mysql -Wl,-rpath /usr/lib \
-Wl,-rpath /usr/lib/openssl/engines'

make install

NOTE: See Appendix A for further explanation on complier arguments.

We will verify if features were compiled with postfix shortly.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by stephaneschmit (registered user) on Mon, 2009-05-11 13:55.

This is a good hwoto despite the typos. Still, I had a hard time figuring out how I would have postfix authentificate senders.

I would recommand you read "Dovecot SASL configuration for the Postfix SMTP server" at http://www.postfix.org/SASL_README.html so that you don't waste as much time as I did searching forums.

Thanks,

- Stéphane

Submitted by Drew (not registered) on Thu, 2008-10-23 21:50.

If you are installing on x86_64 change the postfix make file args to the following:

make makefiles \
CCARGS='-DUSE_SASL_AUTH -DHAS_SSL -DHAS_MYSQL -DHAS_LDAP -DUSE_CYRUS \
-I/usr/include/sasl -I/usr/include/openssl \
-I/usr/include/mysql -I/usr/include' \
AUXLIBS='-L/usr/lib64 -L/usr/lib64/openssl/engines \
-L/usr/lib64/mysql -L/usr/lib64 \
-lsasl2 -lcrypto -lssl -lmysqlclient -lz -lm -lldap -llber \
-Wl,-rpath /usr/lib64/mysql -Wl,-rpath /usr/lib64 \
-Wl,-rpath /usr/lib64/openssl/engines'

Submitted by john (not registered) on Wed, 2009-05-20 18:21.

taking into account "Compiling on x86_64" by drew, the compiling syntax for postfix is way off  for more than just architecture and needs to be changed as follows.
Running centos 5.3 and the latest versions of dovecot, postfix, and etc.
 
Here are the build arguments for postfix 2.6.0 for a 32 bit:
make makefiles \CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DHAS_SSL_SASL -DHAS_MYSQL -DHAS_LDAP_SASL -DUSE_CYRUS_SASL -DHAS_OPENSSL\-I/usr/include/sasl -I/usr/include/openssl \-I/usr/include/mysql -I/usr/include' \AUXLIBS='-L/usr/lib -L/usr/lib/openssl/engines \-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib \-lsasl2 -lcrypto -lssl -lz -lm -lldap -llber \-Wl,-rpath /usr/lib/mysql -Wl,-rpath /usr/lib \-Wl,-rpath /usr/lib/openssl/engines'
Things were seriously missing from above; other things are missing and will be in the comments on the next pages they occur on.