Postfix Email Server with Dovecot


References used in this post:

Domain Name: winsrv.com | Hostname: mail.winsrv.com | IP : 10.10.30.3

Preparation:

1. Ubuntu Server 14.04 – Clean installation

2. Static IP

nano /etc/network/interfaces

auto eth0

allow-hotplug eth0

iface eth0 inet static

address 10.10.30.5

netmask 255.255.255.0

gateway 10.10.30.1

dns-nameservers 8.8.8.8 4.4.4.4

3. Hostname

nano /etc/hostname

mail.winsvr.com

4. Hosts entry

127.0.0.1 localhost

10.10.30.5 mail.winsrv.com

5. Update repository

sudo apt-get update

Postfix Installation

sudo apt-get install postfix

Sellect/Fill the required details

Mail Server Configuration Type: Internet Site

Mail Name: winsrv.com

Root & Postmaster mail recipient: admin

Other destinations to accept mail for: winsrv.com, mail.winsrv.com, localhost.winsrv.com, localhost

Force synchronous update on mail queue? : No

Local Network: leave default or change according to your setup

Mailbox size limit (bytes): 0

Local address extension character: +

Internet Protocol to use: all

Basic installation complete and you will get below lines on your terminal

Now configure Postfix for SMTP-AUTH using Dovecot SASL

Add below lines to /etc/postfix/main.cf

home_mailbox = Maildir/

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/auth

smtpd_sasl_local_domain =

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_sasl_auth_enable = yes

smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

smtp_tls_security_level = may

smtpd_tls_security_level = may

smtp_tls_note_starttls_offer = yes

smtpd_tls_loglevel = 1

smtpd_tls_received_header = yes

Generate a Digital Certificate

root@mail:~$ openssl genrsa -des3 -out server.key 2048

root@mail:~$ openssl rsa -in server.key -out server.key.insecure

root@mail:~$ mv server.key server.key.secure

root@mail:~$ mv server.key.insecure server.key

root@mail:~$ openssl req -new -key server.key -out server.csr

root@mail:~$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

root@mail:~$ sudo cp server.crt /etc/ssl/certs

root@mail:~$ sudo cp server.key /etc/ssl/privateficate for TLS

Configure Certificate Path

root@mail:~$ sudo postconf -e ‘smtpd_tls_key_file = /etc/ssl/private/server.key’

root@mail:~$ sudo postconf -e ‘smtpd_tls_cert_file = /etc/ssl/certs/server.crt’

Enable smtp – 465 and submission – 587

Uncomment below lines in /etc/postfix/master.cf

submission inet n – – – – smtpd

-o syslog_name=postfix/submission

-o smtpd_tls_security_level=encrypt

-o smtpd_sasl_auth_enable=yes

-o smtpd_relay_restrictions=permit_sasl_authenticated,reject

-o milter_macro_daemon_name=ORIGINATING

smtps inet n – n – – smtpd

-o syslog_name=postfix/smtps

-o smtpd_tls_wrappermode=yes

-o smtpd_sasl_auth_enable=yes

-o smtpd_relay_restrictions=permit_sasl_authenticated,reject

-o milter_macro_daemon_name=ORIGINATING

Install Dovecot SASL

sudo apt-get install dovecot-common

input Yes & mail.winsrv.com

Edit /etc/dovecot/conf.d/10-master.conf

Go to # Postfix smtp-auth on line no 95 and add below line

# Postfix smtp-auth

unix_listener /var/spool/postfix/private/auth {

mode = 0660

user = postfix

group = postfix

}

Edit /etc/dovecot/conf.d/10-auth.conf

Go to line no 100 replace auth_mechanisms = plain to auth_mechanisms = plain login

Restart Postfix and Dovecot service

service postfix restart

service dovecot restart

Install Dovecot

apt-get install dovecot-imapd dovecot-pop3d

Configure Mailbox

Edit /etc/dovecot/conf.d/10-mail.conf

Go to line no 30 & replace mail_location = mbox:~/mail:INBOX=/var/mail/%u with mail_location = maildir:~/Maildir

change pop3_uidl_format

Edit /etc/dovecot/conf.d/20-pop3.conf

Go to line no 50 and uncomment pop3_uidl_format = %08Xu%08Xv

Enable SSL

Edit /etc/dovecot/conf.d/10-ssl.conf & uncomment ssl = yes

Restart dovecot service

service dovecot restart

Testing your installation

telnet on ports 25, 587, 110, 995, 143

netstat -nl4