Skip to main content

Postfix and Dovecot Configuration

Installation

  1. hostnamectl set-hostname mail.<domain>.<tld>
  2. yum -y install postfix dovecot

Postfix Configuration

  1. Append the following to /etc/postfix/main.cf:

    1. myhostname = mail.<domain>.<tld>
    2. mydomain = <domain>.<tld>
    3. myorigin = $mydomain
    4. home_mailbox = mail/
    5. mynetworks = 127.0.0.0/8 <domain IP>
    6. inet_interfaces = all
    7. mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
    8. smtpd_sasl_type = dovecot
    9. smtpd_sasl_path = private/auth
    10. smtpd_sasl_local_domain =
    11. smtpd_sasl_security_options = noanonymous
    12. broken_sasl_auth_clients = yes
    13. smtpd_sasl_auth_enable = yes
    14. smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    15. smtp_tls_security_level = may
    16. smtpd_tls_security_level = may
    17. smtp_tls_note_starttls_offer = yes
    18. smtpd_tls_loglevel = 1
    19. smtpd_tls_key_file = /etc/letsencrypt/live/<domain>.<tld>/privkey.pem
    20. smtpd_tls_cert_file = /etc/letsencrypt/live/<domain>.<tld>/fullchain.pem
    21. smtpd_tls_received_header = yes
    22. smtpd_tls_session_cache_timeout = 3600s
    23. smtpd_use_tls=yes
    24. tls_random_source = dev:/dev/urandom
    25. virtual_alias_domains = <domain>.<tld>
    26. virtual_alias_maps = hash:/etc/postfix/virtual

  2. Find and uncomment the following lines in /etc/postfix/main.cf:

    1. #inet_interfaces = localhost
    2. #mydestination = $myhostname, localhost.$mydomain, localhost

  3. Append the following lines to /etc/postfix/master.cf:

    1. submission inet n - n - - smtpd
    2. -o syslog_name=postfix/submission
    3. -o smtpd_sasl_auth_enable=yes
    4. -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination
    5. -o milter_macro_daemon_name=ORIGINATING
    6. smtps inet n - n - - smtpd
    7. -o syslog_name=postfix/smtps
    8. -o smtpd_sasl_auth_enable=yes
    9. -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination
    10. -o milter_macro_daemon_name=ORIGINATING

  4. Make sure that the following is present in /etc/postfix/main.cf:

    1. alias_maps = hash:/etc/aliases

  5. Edit and add the desired email address to /etc/postfix/virtual such as the following:

    1. info@<domain>.<tld> admin
    2. webmaster@<domain>.<tld> admin

  6. Create a map database: postmap /etc/postfix/virtual

Dovecot Configuration

  1. Find and modify the following lines in /etc/dovecot/conf.d/10-master.conf:

    1. # Postfix smtp-auth
    2. unix_listener /var/spool/postfix/private/auth {
    3. mode = 0660
    4. user = postfix
    5. group = postfix
    6. }

  2. Find and modify the following lines in /etc/dovecot/conf.d/10-auth.conf:

    1. auth_mechanisms = plain login

  3. Find and modify the following lines in /etc/dovecot/conf.d/10-mail.conf:

    1. mail_location = maildir:~/mail

  4. Find and modify the following lines in /etc/dovecot/conf.d/20-pop3.conf:

    1. pop3_uidl_format = %08Xu%08Xv

  5. Find and modify the following lines in /etc/dovecot/conf.d/10-ssl.conf:

    1. ssl_cert = </etc/letsencrypt/live/<domain>.<tld>/fullchain.pem
    2. ssl_key = </etc/letsencrypt/live/<domain>.<tld>/privkey.pem

Restart and Enable Services

  1. systemctl restart postfix
  2. systemctl enable postfix
  3. systemctl restart dovecot
  4. systemctl enable dovecot

Open Firewall Ports

  1. firewall-cmd --permanent --add-service=smtp
  2. firewall-cmd --permanent --add-port=587/tcp
  3. firewall-cmd --permanent --add-port=465/tcp
  4. firewall-cmd --permanent --add-port=110/tcp
  5. firewall-cmd --permanent --add-service=pop3s
  6. firewall-cmd --permanent --add-port=143/tcp
  7. firewall-cmd --permanent --add-service=imaps
  8. firewall-cmd --reload

Configure DNS

  1. Add an A record for the mail server:

    1. name = mail.<domain>.<tld>`
    2. IP = <mail server IP>

  2. Add an MX record:

    1. Hostname = mail.<domain>.<tld>
    2. Priority = 5

  3. Add the following TXT records:

    1. Name = @
    2. Text = "v=spf1 ip4:<domain IP> ~all"
    4. Name = _dmarc.<domain>.<tld>
    5. Text = v=DMARC1; p=none

  4. Add PTR record for <domain>.<tld>

  5. Finally, test your email at https://www.mail-tester.com/

Notes on Using Let's Encrypt for SSL

Make sure that Encryption is set to STARTTLS when configuring mail clients

References

  1. Krizna Article
  2. Ubuntu Postfix Alias Configuration
No Comments
Back to top