how to build a mail system with dovecot and postfix on Centos 7

I will use my instance at vultr Tokyo to show you how to do that.
There are some tags of this how to:
LMTP
virtual users
mysql
reW

With this, you will need a server from Vultr.

1. prepare work
First, vultr would block the port 25 by default, you need to open a issue to let staff open it for you, it is not the problem of your system’s firewall.

first of all, you need to install below:


mariadb-server, dovecot-mysql, postfix


They would install the depends for you using:
yum install mariadb-server dovecot-mysql postfix
then create a user for virtual mail:
useradd -s /sbin/nologin -m vmail

2. database
Now I will create database and user for mail at mariadb(mysql), login the
mysql with:

mysql -u root -p

attention here, the mysql doesn’t have root password orignally, so you could
using this way to make a password for the root of mysql(not the system’s root):

mysqladmin -u root password

(enter here, then type the password)
at mariadb, you need could create a database in this way:
create database mail;
then create a user in this way

create user 'mail'@'localhost' IDENTIFIED BY 'mypass';

then grant the access for that user to database, as the user only need readonly to database:

grant select on mail.* to 'mail'@'localhost';

then exit from mysql shell, in system shell, save the scheme below to a place:

create table `virtual_users` (
        `id` int(11) not null auto_increment,
        `email` varchar(32) not null,
        `password` varchar(128) not null,
        `realname` varchar(32),
        `quota_limit_mbytes` int(8),
        primary key(`id`),
        unique key `email` (`email`)
);

CREATE TABLE `virtual_aliases` (
        `id` int(11) NOT NULL auto_increment,
        `source` varchar(100) NOT NULL,
        `destination` varchar(100) NOT NULL,
        PRIMARY KEY (`id`)
);

then import it to mysql by
mysql -u root -p mail < scheme.sql
then you could insert a user like this:
insert into virtual_users (`email`,`password`) values(‘test@example.org’,’hashedpassword’);

3. dovecot
actually the dovecot will do auth work at mail system,so I would to configure it first.


3.1 enable lmtp
modify /etc/dovecot/dovecot.conf:

protocols = pop3 lmtp

modify /etc/dovecot/conf.d/10-master.conf:
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    user = postfix
    group = postfix
    mode = 0600
  }
}

enable enable the virtual user,
modify the /etc/dovecot/conf.d/10-auth.conf to enable sql auth

!include auth-sql.conf.ext
then the auth-sql.conf.ext
passdb {
  driver = sql 
  args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
  driver = static
  args = args = uid=vmail gid=vmail home=/var/spool/mail/%d/%n
}

then the /etc/dovecot/dovecot-sql.conf.ext

driver=mysql
connect = host=localhost dbname=mail user=mail password=password

default_pass_scheme = SHA512-CRYPT

password_query = SELECT email AS user, password AS password \
        FROM virtual_users WHERE email = '%u'

finally, /etc/dovecot/conf.d/10-mail.conf

mail_location = mdbox:/var/spool/mail/%d/%n/mail

4.postfix
postfix will send mail and receive mail then delived it to dovecot
modify /etc/postfix/main.cf to

smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain = exmaple.info
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_helo_restrictions =
        permit_sasl_authenticated,
        reject_unknown_helo_hostname
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_relay_restrictions =
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination,
        reject_rbl_client zen.spamhaus.org,
        reject_rhsbl_helo dbl.spamhaus.org,
        reject_rhsbl_sender dbl.spamhaus.org
        permit

smtpd_data_restrictions =
        reject_unauth_pipelining,
        permit

the query/maps-mailboxes.query

host = 127.0.0.1
user = mail
password = password
dbname = mail
query = SELECT 1 FROM virtual_users WHERE email='%s'

5. firewall
the centos7 will block most of ports by default

firecmd-cmd --permanent --add-service=stmp
#for pop3
firecmd-cmd --permanent --add-port=110/tcp

the firewall-cmd –reload to apply

Leave a Comment

Keith Rainz

Contact me

Along Kafue Road, Chilanga, Lusaka Zambia.

Contact me

Connect with me