LFCS – Set up an E-mail Server (CentOS)

Jarret B

Well-Known Member
Staff member
Joined
May 22, 2017
Messages
348
Reaction score
387
Credits
12,246
In this article, we will cover setting up a Simple Mail Transport Protocol (SMTP) Server, which sends and receives mail to and from the Internet. We will also set up the ability to forward email across our servers. We will set up Internet Message Access Protocol (IMAP) and Post Office Protocol 3 (POP3) services to allow for local mail to be sent and received from the SMTP server to our client.

All of this can be a little confusing, but let's try to get through this and get it understood.

Parts of the Mail Service

Let's look at the parts here first to make sure we understand everything before we set it up.

We will start at the client level. When someone wants to check their e-mails, they use a program that access the E-Mail Server. In our case, we will use a program call Mutt. Mutt is a terminal based e-mail client program. Most people check e-mails every day and usually use a Graphical User Interface (GUI) based program. To keep everything simple, we'll stick with a Command-Line Interface (CLI) program.

The e-mail program will access the mail server using IMAP and POP3. If we set up certificates and make the connection secure, the protocol would be IMAPS. The IMAP and POP3 service we'll use is called Dovecot.

Dovecot will access the email server (SMTP), which is controlled by the program Postfix.

We now need to start at the top by installing and configuring Postfix.

Install and Configure Postfix

Unless you started with a minimal installation, the Postfix service should be installed and running. To check that it is running, use the command 'sudo systemctl status postfix'. It should show that it is running.

If the Postfix service is not running, then you need to install Postfix with the command 'sudo yum install postfix -y'.

You can check the ports with the command 'netstat -lnt' and see that port 25 is open, but listening on the loopback (127.0.0.1). you can see the output of the 'netstat' command in Figure 1.

Figure 1.JPG

FIGURE 1

To make this work, we need to get the SMTP service to listen to a port that is open to the entire network. In my case, my IP Address of Server1, Server2 and Server3, I changed them from previous articles, are as follows:

server1.example.com192.168.32.101
server2.example.com192.168.32.102
server3.example.com192.168.32.103


All systems can ping one another, so I can verify that my name resolution works properly. Name resolution is very important at this stage.

NOTE: In the next section of this article, I'll go over tweaking the DNS service if you are having issues with it. If you are having DNS issues, then look at it before finishing this section.

Let's look at Server1 to see how things are configured. Use the command 'postconf' to see all the configuration details for Postfix.

If you want to see the default settings, use the command 'postconf -d'. If you want to see the values that have been set, not as default, use the command 'postfix -n'. One of the configuration entries shows 'config_directory'. To see this entry, type in 'postconf config_directory'. The result should be 'config_directory = /etc/postfix'. The folder at /etc/postfix' is the location of the configuration files for Postfix.

So, to edit the entries, we could edit the file '/etc/postfix/main.cf'. There is another way, though. We use the parameter '-e' for edit, specify the entry and new value. Let's set up Postfix to work on ports other than the loopback, so the command is:

postconf -e inet_interfaces=all

If you recall the output from 'netstat', you can see that it opened the port for both Ipv4 and Ipv6. We can specify to only use Ipv4 to prevent less network traffic. To do this, the command is:

postconf -e inet_protocols=ipv4

If you use either the command 'postconf inet_protocols' or 'postconf inet_interfaces', you'll see that it has changed the entry. It has not loaded the changes, so the Postfix service needs restarted:

sudo systemctl restart postfix

The entries a now changed and loaded, so the command 'netstat -lnt' will show that the address is now '0.0.0.0' for Port 25, which means all interface ports. The new 'netstat' output is shown in Figure 2.

Figure 2.JPG

FIGURE 2

You'll need to open Port 25 with the commands: 'sudo ufw allow 25/tcp' and 'sudo ufw allow 25/udp'.

To test that the service will receive on Port 25, we can email the Root user on Server1 with a command line mail program. To install the program, use the command 'sudo yum install mailx -y' on Server2.

Figure 3 shows the 'mail' program. Type 'mail' followed by the user and system to receive the email, in this case '[email protected]'. The next line asks for the 'Subject'. Type in a subject for the email and press Enter. The next line has no prompt, but you can type in sentences as you need. When done, just have the last line be a single period. After hitting Enter, it sends the email.

Figure 3.JPG

FIGURE 3

We can check the logs on Server2 with the command 'tail /var/log/maillog'.

NOTE: If you use the command 'mail' to check the mailbox for 'root' and it showed none when there should be mail, use the command 'mail -u root' instead.

In the 'mail' program, use 'd' to delete a message, 'n' for next message and 'q' to quit the program.

Mail Entry in DNS

There may be a few tweaks needed to get the DNS Server working properly. You'll need to install the 'ufw' program. Then perform the commands: 'sudo yum install epel-release -y' and then 'sudo yum install ufw -y'. Add the line 'OPTIONS=-4' to '/etc/sysconfig/named'. Restart the 'named' service.

If you look at the file '/etc/resolv.conf', the file shows the list of networks to use for resolving Host Names. The order of the networks is important. The file is only necessary if you have multiple Network Interface Cards. Let's look at an example from Server2 in Figure 4.

Figure 4.JPG

FIGURE 4

You can see that the address '10.0.0.243' is not on the network of the DNS Server. We need to remove this, which we can edit the file. The problem is that when the network service restarts, it overwrites the file when it re-generates it. To fix the address from being added to the file, change the 'peerdns=yes' to 'peerdns=no' for the network card. In my case, this is in the file '/etc/sysconfig/network-scripts/ifcfg-enp0s3'. Edit the file and restart the network service, 'sudo systemctl restart network', to see that the address does not reappear. Also, make sure the 'peerdns=yes' for the Network Card that is connected to the DNS network.

If you try the commands 'nslookup server1', 'nslookup server2' or 'nslookup server3', you should get a proper response with no errors.

Now, we need to set the IP Address of the mail server in DNS to allow for programs to query DNS for the Mail Server.

On Server1, edit the file '/var/named/db.example', or whatever you named your forward DNS zone file. Mine is shown in Figure 5.

Figure 5.JPG

FIGURE 5

The last line shows an 'MX' entry for the network named 'example.com'. List the mail server as 'server1.example.com'. The number '10' is a preference value. If you have multiple mail servers, you can set a preference of one over another. The lower the value, the higher the preference. Once you have made the change, you'll need to restart the 'named' service for the changes to take effect.

You can verify that the change is made by running the command 'dig -t mx example.com'. The command can be run from all systems on the network to verify that the mail server is known, as well as DNS is working fine.

Configure Postfix for Mail

Incoming mail needs to be accepted by the mail server. To check this, use the command 'postconf mydestination'. The output is missing the value for 'mydomain'.

We need to edit the entry with the command "postconf -e 'mydestination=$myhostname, localhost.$mydomain, localhost, $mydomain'". We are taking the existing value and adding the variable for '$mydomain'.

To check it, you can have it print the value for 'mydestination' with the command 'postconf mydestination'. You should see the new values that you set.

We can check the configuration file for errors with the command 'postfix check'. It lists any errors that are found. If it displays no output, then the configuration file is fine. The service needs to be restarted with the command 'systemctl restart postfix'.

Forward E-mail

On Server2 and Server3, we already have Postfix installed, which was done automatically. So, we will set up Server2 and Server3 to use Server1 as an e-mail relay. Any e-mail sent to any server will forward the e-mail to Server1. Server1 will manage all the e-mails. If you send an e-mail from Server2 to Server3, it is sent to Server1 which will send it to Server3.

To set this up, we need to do the following on Server2 and Server3:

postconf -e inet_interfaces=all
postconf -e inet_protocols=ipv4
postconf -e relayhost=server1.example.com


You can verify the changes with 'postfix check'. You'll then need to restart the service with 'sudo systemctl restart postfix'.

If you haven't done it, install 'mailx' on Server3.

From Server3, use the command 'mail [email protected]'. Send a message and then, on Server1, enter the command: 'tail /var/log/maillog'. It shows my output in Figure 6. You can see that Server1 received a message from Server3 and forwarded it to Server2. Once the process is done, it removes the message from the local queue.

Figure 6.JPG

FIGURE 6

If you go to Server2, you use the command 'mail -u root' to see the message has been delivered.

IMAP and POP3

Setting up an email service to allow access to the mailboxes from remote systems requires a program like Dovecot.

On Server1, we'll install Dovecot with the command 'sudo yum install dovecot -y'.

Switch to the folder '/etc/dovecot'. We will modify a few configuration files.

For the file, 'dovecot.conf', uncomment the lines 'protocols= imap pop3 lmtp' and 'listen = *, ::'. Change the second uncommented line to 'listen = *'. We needed to remove the listening for ipv6 from the line. Save the file.

Switch into the 'conf.d' folder for more editing.

Edit the file '10-auth.conf'. Change the line 'disable_plaintext_auth = yes' to 'disable_plaintext_auth = no'. This will allow plaintext login. We don't need security on our network. Find the line 'auth_mechanisms = plain' and change it to 'auth_mechanisms = plain login'. Save the file and exit the editor.

The next file to edit is '10-master.conf'. Find the line '#unix_listener /var/spool/postfix/private/auth {' and remove the comment. Also remove the comments on the next two lines. After the line 'mode = 0666', add the lines 'user = postfix' and 'group = postfix'. Save the file and exit the editor.

Next, edit the file '10-ssl.conf'. Change the line 'ssl = required' to 'ssl = no'. Save and exit the editor.

Finally, edit the file '10-mail.conf'. Find the line that is commented with 'mail_location = mbox:~/mail:INBOX=/var/mail/%u'. Uncomment the line. Also, uncomment the line 'mail_access_groups = ' and make it 'mail_access_groups = mail'.

We now need to set the Dovecot Service to auto-start and start it.

sudo systemctl enable dovecot
sudo systemctl start dovecot


If you run 'netstat', you'll see two open ports: 110 for POP3 and 143 for IMAP. We need to open these ports with the commands 'sudo ufw allow 110/tcp' and 'sudo ufw allow 143/tcp'.

To test the client, go to Server2 and install 'Mutt' with the command 'sudo yum install mutt -y'. Go to your home folder and create a file named '.muttrc' with the content 'set spoolfile = imap://[email protected]'. Change the username to match yours.

On Server1, I will send an e-mail to my username 'jarret' with the command 'mail jarret'. Enter a subject and body as normal.

On Server2, type the command 'mutt' and hit enter. It should notify you the first time that the file 'Mail' does not exist. Type 'yes' and press enter to create it. It will then ask for your password. Enter the password and Mutt should connect to the e-mail server and show your e-mails.

Troubleshooting Mutt

If you get an error about the mailbox, use the command 'mail' to send a message to the user on Server1.example.com as we did previously in the article. It doesn’t create the mailbox until there is a message in the mailbox.

You can resolve errors such as permission issues by changing the permissions on the 'mail' folder under '/etc'. The folder 'mail' should owned by the user and group called 'postfix'. You can change the ownership with the command 'sudo chown -R postfix:postfix mail'. There also need to be open privileges on the folder by using the next two commands: 'sudo chmod -R 777 mail' and 'chmod -R +x mail'.

Now, when you run Mutt, there hopefully shouldn't be errors.

If you run the command 'll' in the '/etc' folder, you should see that the 'mail' folder is linked to 'spool/mail'. There should also be a 'lock' file which is used to lock the mail folder.

Aliases

You can set up aliases for the e-mails in the file '/etc/aliases' on Server1. At the bottom of the file, when edited, you'll see names followed by a colon and then another name.

The first name, in the left column, is the alias name. The second name, on the right, is the name it maps the alias to on the system.

For example, we can add an alias as follows:

techsupport:jarret

Now, if an email is sent to the e-mail server for '[email protected]', it is sent to '[email protected]'.

There are some existing aliases at the end which can be removed or changed as you need.

Conclusion

Setting up an E-mail Server is not a minor task. The E-mail Server is dependent on the DNS Server and even somewhat on the DHCP Server.

Keep in mind that quite a few services depend on other services. You need to be proficient on all the services.

Just know how to set up an E-Mail Server since these are used in nearly all businesses.
 

Members online


Top