Oracle Linux/Simple IMAP Server
From r00tedvw.com wiki
(Difference between revisions)
| Line 10: | Line 10: | ||
~$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/mail.key -out /etc/ssl/certs/mailcert.pem | ~$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/mail.key -out /etc/ssl/certs/mailcert.pem | ||
</nowiki> | </nowiki> | ||
| + | |||
| + | ==Postfix== | ||
| + | Make sure <code>exim4</code> is '''not''' installed and verify that postfix is installed and at the latest version | ||
| + | <nowiki> | ||
| + | ~$ sudo rpm -qa | grep exim | ||
| + | ~$ sudo yum install postfix | ||
| + | </nowiki> | ||
| + | Edit the following: <code>/etc/postfix/master.cf</code> | ||
| + | <nowiki> | ||
| + | uncomment: | ||
| + | submission inet n - n - - smtpd | ||
| + | -o smtpd_tls_security_level=encrypt | ||
| + | -o smtpd_sasl_auth_enable=yes | ||
| + | -o smtpd_client_restrictions=permit_sasl_authenticated,reject | ||
| + | -o milter_macro_daemon_name=ORIGINATING | ||
| + | add: | ||
| + | -o syslog_name=postfix/submission | ||
| + | -o smtpd_tls_wrappermode=no | ||
| + | -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject | ||
| + | -o smtpd_sasl_type=dovecot | ||
| + | -o smtpd_sasl_path=private/auth | ||
| + | </nowiki> | ||
| + | Let's back up the next file we'll be modifying: | ||
| + | <nowiki> | ||
| + | ~$ sudo cp /etc/postfix/main.cf /etc/postfix/main.cf.original | ||
| + | </nowiki> | ||
| + | Edit the following: <code>/etc/postfix.main.cf</code> | ||
| + | <nowiki> | ||
| + | uncomment and edit: | ||
| + | myhostname = mail.domain.com | ||
| + | myorigin = /etc/mailname | ||
| + | inet_interfaces = all | ||
| + | mydestination = mail.domain.com, domain.com, localhost, localhost,localdomain | ||
| + | mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 | ||
| + | relayhost = | ||
| + | |||
| + | uncomment: | ||
| + | recipient_delimiter = + | ||
| + | local_recipient_maps = proxy:unix:passwd.byname $alias_maps | ||
| + | |||
| + | comment out: | ||
| + | inet_interfaces = localhost | ||
| + | |||
| + | add: | ||
| + | # Adding mailbox size limit of 0 to remove restrictions on size | ||
| + | mailbox_size_limit = 0 | ||
| + | |||
| + | # Adding SSL | ||
| + | smtpd_tls_cert_file=/etc/ssl/certs/mailcert.pem | ||
| + | smtpd_tls_key_file=/etc/ssl/private/mail.key | ||
| + | smtpd_use_tls=yes | ||
| + | smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache | ||
| + | smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache | ||
| + | smtpd_tls_security_level=may | ||
| + | smtpd_tls_protocols = !SSLv2, !SSLv3 | ||
| + | |||
| + | verify: | ||
| + | alias_maps = hash:/etc/aliases | ||
| + | alias_database = hash:/etc/aliases | ||
Revision as of 12:52, 28 November 2016
Overview
Dovecot for POP/IMAP
Postfix for SMTP
Setup SSL
Just going to use a simple self-signed cert. However, before we can, we need to create a symlink so that we utilize the existing private directory and create a link from the standard location for private keys to the actual location.
~$ cd /etc/ssl/ ~$ sudo ln -s ../pki/tls/private/ private ~$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/mail.key -out /etc/ssl/certs/mailcert.pem
Postfix
Make sure exim4 is not installed and verify that postfix is installed and at the latest version
~$ sudo rpm -qa | grep exim ~$ sudo yum install postfix
Edit the following: /etc/postfix/master.cf
uncomment: submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING add: -o syslog_name=postfix/submission -o smtpd_tls_wrappermode=no -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth
Let's back up the next file we'll be modifying:
~$ sudo cp /etc/postfix/main.cf /etc/postfix/main.cf.original
Edit the following: /etc/postfix.main.cf
uncomment and edit:
myhostname = mail.domain.com
myorigin = /etc/mailname
inet_interfaces = all
mydestination = mail.domain.com, domain.com, localhost, localhost,localdomain
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
relayhost =
uncomment:
recipient_delimiter = +
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
comment out:
inet_interfaces = localhost
add:
# Adding mailbox size limit of 0 to remove restrictions on size
mailbox_size_limit = 0
# Adding SSL
smtpd_tls_cert_file=/etc/ssl/certs/mailcert.pem
smtpd_tls_key_file=/etc/ssl/private/mail.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level=may
smtpd_tls_protocols = !SSLv2, !SSLv3
verify:
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
