Mailsystem Centos 6 (Postfix,Mysql,Dovecot) with TLS and SSL

So for my virtual machines I have set up an mail system with Postfix that will look up users and domain in a Mysql server. Then store the emails in one mailbox.
For users to get there mail it uses Dovecot IMAP and Squrrelmail for displaying email.

This setup can be deployed all on one machine as I do. Or If you have allot of mail u can use cluster function for postfix. And use an replicated mysql (Postfic only need read mysql).
And then store the email on disk with GlusterFs or similar.
Then you email solutions can grove BIG

All communcations is proteced with SSL and TLS.

I have split the guiden so its easy to follow. First out is setting up Postfix. Then we move along with the setup.

 

Postfix

Install Packges

yum install postfix mysql-server mysql httpd php php-mysql dovecot

Adding email user Its under this user all email will be saved

sudo groupadd -g 5000 vmail
sudo useradd -m -g vmail -u 5000 -d /home/vmail -s /bin/bash vmail

 

Setting up Mysql for postfix and postfix admin

create database mail;
 CREATE USER 'postfix'@'localhost' IDENTIFIED BY 'some_pass';
 CREATE USER 'postfixadmin'@'localhost' IDENTIFIED BY 'some_pass';
 GRANT ALL PRIVILEGES ON mail.* TO 'postfixadmin'@'localhost';
 GRANT SELECT ON mail.* TO 'postfix'@'localhost';
 

Install and setup PostfixAdmin

Postfix admin will create all your tables and help you admin your email server.

Download and unpack http://sourceforge.net/projects/postfixadmin/ into /var/www/html or in other folder that you can enter.

Open the file config.inc.php And change the following

$CONF['configured'] = true;
$CONF['setup_password'] = 'mypass';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfixadmin';
$CONF['database_password'] = 'some_pass';
$CONF['database_name'] = 'mail';

Postadmin will now create all the tables that you need for postfix. and create an admin user for you to use and admin the mail system.
Add the password and login to postfixadmin to create you first domain and user.

Setup Postfix to use the mysql server

First we create some files that contains the config. then we sett postfix to use the config maps. No we can use the postfix mysql user that only has read access to the database.
Create the files in /etc/postfixe

File mysql_relay_domains_maps.cf

user = postfix
password = some:pass
hosts = 127.0.0.1
dbname = mail
table = domain
select_field = domain
where_field = domain
additional_conditions = and backupmx = '1'

 

File mysql_virtual_alias_maps.cf

user = postfix
password = some_pass
hosts = 127.0.0.1
dbname = mail
table = alias
select_field = goto
where_field = address

File mysql_virtual_domains_maps.cf

user = postfix
password = some_pass
hosts = 127.0.0.1
dbname = mail
table = domain
select_field = domain
where_field = domain
#additional_conditions = and backupmx = '0' and active = '1'

File mysql_virtual_mailbox_limit_maps.cf

user = postfix
password = postfix21213
hosts = 127.0.0.1
dbname = virtual_mail
table = mailbox
select_field = quota
where_field = username
#additional_conditions = and active = '1'

File mysql_virtual_mailbox_maps.cf

user = postfix
password = some_pass
hosts = 127.0.0.1
dbname = mail
table = mailbox
select_field = maildir
where_field = username
#additional_conditions = and active = '1'

 

 

Setting up Postfix for SASL / SSL and Mysql

First Create some SSL certs for postfix remember where the certs are stored. I use 2048 size of keys.

yum install crypto-utils
genkey --days 365 mail.example.com

 

This is my config for my hole postfix. It includes both SASL and ssl for postfix. And the settings for postfix to mysql.

 

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = us1.northamlin.com
mydomain = northamlin.com
myorigin = $myhostname
inet_interfaces = all
inet_protocols = all
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

debug_peer_level = 2
debugger_command =
 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
 ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.6.6/samples
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_limit = 51200000
virtual_minimum_uid = 5000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_transport = virtual
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the your maildir has overdrawn your diskspace quota, please free up some of spaces of your mailbox try again.
virtual_overquota_bounce = yes
smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = yes
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache

Verify that the SSL KEY has the correct link so it matches your config.

Test by running

$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.example.com ESMTP Postfix
EHLO example.com
250-mail.example.com
250-PIPELINING
250-SIZE 20480000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit

Test to send an email into a user. Ido en telnet into port 25 then run the command.
As you see I first test some emails before a go for one i have in the mysql

telnet www.elinodrift.se 25
Connected to www.elinodrift.se.
Escape character is '^]'.
220 us1.elino.se ESMTP Postfix
helo test.elino.se
250 us1.elino.se
mail from:matte@elino.se
250 2.1.0 Ok
rcpt to:matte@hotmail.com
554 5.7.1 <matte@hotmail.com>: Relay access denied
rcpt to:error@elinodrift.se
550 5.1.1 <error@elinodrift.se>: Recipient address rejected: User unknown in virtual mailbox table
rcpt to:matte@elinodrift.se
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
hejsan
.
250 2.0.0 Ok: queued as 9F9D4141082
wuit
502 5.5.2 Error: command not recognized
quit
221 2.0.0 Bye

Then the logs on the server looks like

Dec 24 03:12:23 us1 postfix/smtpd[1854]: connect from 37-46-182-158.customers.ownit.se[37.46.182.158]
Dec 24 03:12:44 us1 postfix/smtpd[1854]: NOQUEUE: reject: RCPT from 37-46-182-158.customers.ownit.se[37.46.182.158]: 554 5.7.1 <matte@hotmail.com>: Relay access denied; from=<matte@elino.se> to=<matte@hotmail.com> proto=SMTP helo=<test.elino.se>
Dec 24 03:13:01 us1 postfix/smtpd[1854]: NOQUEUE: reject: RCPT from 37-46-182-158.customers.ownit.se[37.46.182.158]: 550 5.1.1 <error@elinodrift.se>: Recipient address rejected: User unknown in virtual mailbox table; from=<matte@elino.se> to=<error@elinodrift.se> proto=SMTP helo=<test.elino.se>
Dec 24 03:13:13 us1 postfix/smtpd[1854]: 9F9D4141082: client=37-46-182-158.customers.ownit.se[37.46.182.158]
Dec 24 03:13:18 us1 postfix/cleanup[1877]: 9F9D4141082: message-id=<>
Dec 24 03:13:18 us1 postfix/qmgr[1851]: 9F9D4141082: from=<matte@elino.se>, size=211, nrcpt=1 (queue active)
Dec 24 03:13:18 us1 postfix/virtual[1879]: 9F9D4141082: to=<matte@elinodrift.se>, relay=virtual, delay=42, delays=42/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir)
ls -l /home/vmail/
totalt 4
drwx------ 5 vmail vmail 4096 23 dec 16.24 matte@elinodrift.se
 

All Looks GOOD 🙂