How To Configure ISP Mail Server With Virtual Users/Domains On Centos 5.0 Using Postfix, Dovecot, MySQL, phpMyAdmin, TLS/SSL
Contributed By Eliufoo C. Mahinda
Emancipate yourself from mental slavery;
None but ourselves can free our minds.
-Redemption Song -Bob Marley
Acknowledgement To:
Babaraleem, the original author of How To configure ISP Mail Server With Virtual Users/Domain On Centos 4.5 Using Postifix, Dovecot, MySQL, phpMyAdmin, TLS/SSL.
url: https://www.howtoforge.com/virtual-users-and-domains-postfix-dovecot-mysql-centos4.5
I decided to update and add extra information on a tutorial I found online by Babaraleem to further assist Postfix newbie's. I experienced a difficult time following up on an out of date howto, when setting up my own mail server. I spent a long time troubleshooting, googling and reading other tutorials and documentation on postfix. The final results is this howto.
You may find out that most tutorials/howto's found online contain very limited information on how to verity and test your server configuration, you will have to look for another documentation to know how to test your server. I hope the information gathered in this howto will be helpful.
This howto will explain how to go about setting up an email server on Centos 5 using Postfix, Dovecot, RoundCube, Virtual Users/Domain and phpAdmin. I have also done a similar setup on Fedora Core 6. My best advice is to set this up first on a workstation and test it thoroughly before setting up on a server and going live with it!
This howto does not go into much detail, if you are looking for a full explanation of what is going on then read the documentation for each program. This is merely a step by step guide to get you up and running. You may use apt / yum to install software.
The content of this howto is broken down in three phases, compiling/installation, configuring and verifying your configuration.
Pre-Configuration Requirements:
1. Hostname mail.example.co.tz with IP address (192.168.49.81) to eth0. (You can assign an IP address and hostname of your choice.)
2. Create an alias eth0:0. Assign IP address (192.168.49.81). (You can assign an IP address of your choice.)
3. Make entries of your hostname and IP in /etc/hosts . In my case my /etc/hosts file shows
127.0.0.1 localhost.localdomain localhost 192.168.49.80 dns.example.co.tz dns 192.168.49.81 mail.example.co.tz mail
Installation Of Required Packages:
We need the following packages to be installed: Cyrus-sasl for SMTP AUTH
Description: The basic SMTP protocol does not provide a mechanism to authenticate users. Since email envelope addresses are so easy to fake, you can't know who is sending mail to your server unless you have a reliable means to authenticate clients. To allow mail relay privileges on your server, you need assurance that senders are who they claim to be, and you cannot rely on the senders' email addresses as identification. In this section, we look at installing and verify packpages for the Simple Authentication and Security Layer (SASL) as a means to control mail relaying and generally to identify who is using your mail server.
yum -y install cyrus*
Below packages will be installed.
rpm -qa | grep cyrus
cyrus-sasl-sql-2.1.22-4
cyrus-sasl-2.1.22-4
cyrus-sasl-devel-2.1.22-4
cyrus-sasl-md5-2.1.22-4
cyrus-sasl-ntlm-2.1.22-4
cyrus-sasl-ldap-2.1.22-4
cyrus-sasl-plain-2.1.22-4
cyrus-sasl-gssapi-2.1.22-4
cyrus-sasl-lib-2.1.22-4
We need at least the following packages installed in order to make Cyrus-SASL and Postfix work and Postfix get what it needs to when it has to compile with SASL support:
cyrus-sasl-2.1.22-4
cyrus-sasl-authd-2.1.22-4
cyrus-sasl-devel-2.1.22-4
Then you have to choose at least one of the following mechanisms to use when authenticating users:
cyrus-sasl-gssapi-2.1.22-4
cyrus-sasl-md5-2.1.22-4
cyrus-sasl-plain-2.1.22-4
Installing openssl used for TLS support
Description:
TLS (formerly SSL) stands for Transport Layer Security. Once this layer is established, it encrypts the communication between two hosts. If we use SMTP AUTH and the mechanisms PLAIN or LOGIN usernames and passwords are sent plaintext over the internet. This means that anyone could sniff the communication and read the passwords. If you don't want this - which I'm sure you don't - you can use TLS to help.
yum install -y openssl openssl-devel mod_ssl
Verify the required packages are installed.
rpm -qa | grep openssl
openssl097a-0.9.7a-9
openssl-0.9.8b-15.fc6
mod_ssl-2.2.6-1.fc6
openssl-perl-0.9.8b-15.fc6
openssl-devel-0.9.8b-15.fc6
Install dovecot
If you install postfix before dovecot, then dovecot will not be installed on your system because of packages conflicts.
Description:
Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems, written with security primarily in mind. This will install dovecot along with dependencies (mysql and postgresql).
yum install -y dovecot
Download, compile and install postfix with MySQL, TLS and SASL support (+LDAP).
Description: I am assuming you already know what postfix is hence, won't explain what it is.
Unzipping postfix:
tar zxvf postfix-2.5.2.tar.gz
Change directory to postfix root directory:
cd postfix-2.5.2/
Compiling postfix with MySQL, TLS, SASL support:
NOTE: You need to have db4-packages installed.
make makefiles \
CCARGS='-DUSE_SASL_AUTH -DHAS_SSL -DHAS_MYSQL -DHAS_LDAP -DUSE_CYRUS \
-I/usr/include/sasl -I/usr/include/openssl \
-I/usr/include/mysql -I/usr/include' \
AUXLIBS='-L/usr/lib -L/usr/lib/openssl/engines \
-L/usr/lib/mysql -L/usr/lib \
-lsasl2 -lcrypto -lssl -lmysqlclient -lz -lm -lldap -llber \
-Wl,-rpath /usr/lib/mysql -Wl,-rpath /usr/lib \
-Wl,-rpath /usr/lib/openssl/engines'
make install
NOTE: See Appendix A for further explanation on complier arguments.
We will verify if features were compiled with postfix shortly.