Postfix and Dovecot Based Email Server Configuration with SMTP Authentication

Objective: Configuring a mail server using Postfix MTA, Dovecot MDA and Squirrelmail webmail.

We are using the below information to configure the mail server.



Domain Name: learnandgains.com

Server Hostname: mail.learnandgains.com

IP address: 192.168.22.30

OS: Ubuntu 20.04 LTS

 

Server Readiness:

root@ubuntu:~# dpkg-reconfigure tzdata (Set the Geographic area: Asia, Time zone: Dhaka)

root@ubuntu:~# apt install ntpdate

root@ubuntu:~# ntpdate bd.pool.ntp.org

root@ubuntu:~# sudo timedatectl set-ntp off

root@ubuntu:~# date (To check the current date in the server)

 

root@ubuntu:~# vim /etc/hostname

mail.learnandgains.com

 

root@ubuntu:~# vim /etc/hosts

192.168.22.30 mail.learnandgains.com  mail

 

root@ubuntu:~# apt update

root@ubuntu:~# apt upgrade –y

root@ubuntu:~# reboot

Configuring Postfix:

root@mail:~# apt install postfix

root@mail:~# dpkg-reconfigure postfix










Configuring Dovecot:

root@mail:~# apt install dovecot-core dovecot-imapd dovecot-pop3d

root@mail:~# vim /etc/dovecot/conf.d/10-mail.conf

Remove hash from the following lines:

mail_location = mbox:~/mail:INBOX=/var/mail/%u

mail_uid = mail

mail_gid = mail

mail_privileged_group = mail

 

root@mail:~# vim /etc/dovecot/conf.d/10-auth.conf

disable_plaintext_auth = no

 

At this stage, we may send/receive emails using client software e.g. Microsoft Outlook. However, we have to provide our NAT IP address into MTA trusted network i.e. mynetworks in main.cf file.

 

It’s not practical to add all the NAT IP address into mynetworks. Because, the NAT IP address shall be changed instantly while using mobile network. Don’t get panic! We have a solution to overcome such situation which is SMTP authentication.

 

SMTP Authentication using Dovecot Configuration:

 

root@mail:~# vim /etc/dovecot/conf.d/10-master.conf

 # Postfix smtp-auth

 

  unix_listener /var/spool/postfix/private/auth {

    mode = 0666

    user = postfix

    group = postfix

  }

 

root@mail:~# mv /etc/aliases /etc/postfix/

root@mail:~# mv /etc/aliases.db /etc/postfix/

root@mail:~# touch /etc/postfix/transport

root@mail:~# postmap /etc/postfix/transport

root@mail:~# vim /etc/postfix/main.cf

# Modify below two lines:

alias_maps = hash:/etc/postfix/aliases

alias_database = hash:/etc/postfix/aliases

 

#Add below line

transport_maps = hash:/etc/postfix/transport

 

# TLS parameters

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem

smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

smtpd_tls_security_level=may

 

##########Add these lines

smtpd_use_tls=yes

smtpd_tls_received_header = yes

smtpd_tls_auth_only = no

smtp_tls_note_starttls_offer = yes

##########

 

smtp_tls_CApath=/etc/ssl/certs

smtp_tls_security_level=may

smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

 

#Authentication from dovecot

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/auth

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_helo_required = yes

smtpd_sasl_authenticated_header = yes

smtpd_recipient_restrictions =  permit_mynetworks, permit_sasl_authenticated

broken_sasl_auth_clients = yes

smtpd_sender_restrictions = permit_sasl_authenticated

root@mail:~# vim /etc/postfix/master.cf

##Remove hash from the below lines

submission inet n       -       y       -       -       smtpd

smtps     inet  n       -       y       -       -       smtpd

root@mail:~# /etc/init.d/postfix restart

root@mail:~# /etc/init.d/dovecot restart

At this stage, we will be able to send/receive emails using authenticated inbound/outbound ports from any network using email client software. We don’t have to add the NAT IP address into mynetworks of main.cf.

Though we are able to send/receive emails using client software, it sometimes requires to send emails using webmail. We shall use squirrelmail as a webmail in our mail server.

Configuring Squirrelmail:

Step 1: Install the web server.

root@mail:~# apt-get install apache2

root@mail:~# apt-get install php7.4

Step 2: Download Squirrelmail webmail:

root@mail:~# cd /var/www/html/

root@mail:~# wget https://sourceforge.net/projects/squirrelmail/files/stable/1.4.22/squirrelmail-webmail-1.4.22.tar.gz

root@mail:~# tar -zxvf squirrelmail-1.4.21.tar.gz

Step 3: Rename the squirrelmail file into a meaningful name. We used webmail.

root@mail:~# mv squirrelmail-1.4.21 webmail

root@mail:~# cd /var/www/html/webmail

Step 4: Configure webmail.

root@mail:~# ./configure






root@mail:~# mkdir /var/www/html/webmail/attach

root@mail:~# chown -R www-data:www-data webmail/

root@mail:~# /etc/init.d/apache2 restart

root@mail:~# vim /etc/php/7.4/apache2/php.ini

upload_max_filesize = 25M

Finally, restart all the services.

root@mail:~# /etc/init.d/postfix restart

root@mail:~# /etc/init.d/dovecot restart

root@mail:~# /etc/init.d/apache2 restart

Testing webmail: Open your browser and write the address: http://192.168.22.30/webmail or http://mail.learnandgains.com/webmail



 

Comments

Post a Comment

Popular posts from this blog

Install a Comodo/Sectigo Domain Validation SSL certificate in Zimbra

Objective:  Install a Comodo/Sectigo Domain Validation (DV) SSL certificate in Zimbra. We usually get the below four files from Sectigo in the certificate bundle. The file name may vary depending on the certificate type 1.     yourdomain.com.crt - main certificate 2.     AAACertificateServices.crt – Root Certificate 3.     USERTrustRSAAAACA.crt – Intermediate Certificate - 1 4.     SectigoRSADomainValidationSecureServerCA.crt - Intermediate Certificate - 2 Step 1:  We shall create two files as below. commercial_ca.crt (includes root certificate and two intermediate certificates) commercial.crt (includes main certificate, root certificate and two intermediate certificates) Step 2:  Login to Zimbra server, move to directory /opt/zimbra/ssl/zimbra/commercial and create two files as below. root@mail:~# cd /opt/zimbra/ssl/zimbra/commercial/ root@mail:/opt/zimbra/ssl/zimbra/comme...
Read more

Adding DKIM record (1024 bit) in Zimbra

Image
Email security is very important now a days. We always look for inbound email security. However, it is very much important to enhance security for outbound emails too for successful email delivery to the recipient inbox. DomainKeys Identified Mail (DKIM) provides an organization to take responsibility for a message that is in transit. The sending server reputation is responsible for successful email delivery. DKIM provides the message is not being altered in the transmission of message till delivery of it. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication. In some cases, we have generate 1024 bit DKIM key due to old Zimbra version or lack of support 2048 bit key in DNS servers. The below steps should be performed to achieve the goal of publishing 1024 bit DKIM key. Generate DKIM Key: DKIM signing is done at the domain level, including alias domains. Setting up signing consists of two p...
Read more

Recipient Limit of a Message in Zimbra

Image
We received some complaints from one of our customers regarding problem of sending email, especially rate limit, to Gmail. After some diagnosis, we found that the users keep 70-80 email addresses in TO/CC/BCC. In order to restrict users to send emails on such accounts at a time, we implemented a policy. After executing this policy, users shall not be able to add more than 10 email addresses in a message. root@mail:~# su – zimbra Check the current limit: zimbra@mail:~$ postconf | grep smtpd_recipient_limit  smtpd_recipient_limit = 1000     ##This is the default recipient limit zimbra@mail:~$ postconf -e 'smtpd_recipient_limit = 10'   It will restrict the recipient limit to 10. You may adjust the number based on your scenario. To apply settings. zimbra@mail:~$ postfix reload After applying this settings, you will get an error while sending a message greater than the threshold value (in this case: 10). It is also t...
Read more