Oracle Linux/Simple IMAP Server
From r00tedvw.com wiki
(Difference between revisions)
(Created page with "==Overview== Dovecot for POP/IMAP<br> Postfix for SMTP ==Setup SSL== Just going to use a simple self-signed cert. <nowiki> sudo openssl req -x509 -nodes -days 365 -newkey rs...") |
|||
| (9 intermediate revisions by one user not shown) | |||
| Line 4: | Line 4: | ||
==Setup SSL== | ==Setup SSL== | ||
| − | Just going to use a simple self-signed cert. | + | Just going to use a simple self-signed cert. However, before we can, we need to create a symlink so that we utilize the existing private directory and create a link from the standard location for private keys to the actual location. |
<nowiki> | <nowiki> | ||
| − | sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/mail.key -out /etc/ssl/certs/mailcert.pem | + | ~$ cd /etc/ssl/ |
| + | ~$ sudo ln -s ../pki/tls/private/ private | ||
| + | ~$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/mail.key -out /etc/ssl/certs/mailcert.pem | ||
</nowiki> | </nowiki> | ||
| + | |||
| + | ==Postfix== | ||
| + | Make sure <code>exim4</code> is '''not''' installed and verify that postfix is installed and at the latest version | ||
| + | <nowiki> | ||
| + | ~$ sudo rpm -qa | grep exim | ||
| + | ~$ sudo yum install postfix | ||
| + | </nowiki> | ||
| + | Edit the following: <code>/etc/postfix/master.cf</code> | ||
| + | <nowiki> | ||
| + | uncomment: | ||
| + | submission inet n - n - - smtpd | ||
| + | -o smtpd_tls_security_level=encrypt | ||
| + | -o smtpd_sasl_auth_enable=yes | ||
| + | -o smtpd_client_restrictions=permit_sasl_authenticated,reject | ||
| + | -o milter_macro_daemon_name=ORIGINATING | ||
| + | add: | ||
| + | -o syslog_name=postfix/submission | ||
| + | -o smtpd_tls_wrappermode=no | ||
| + | -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject | ||
| + | -o smtpd_sasl_type=dovecot | ||
| + | -o smtpd_sasl_path=private/auth | ||
| + | </nowiki> | ||
| + | Let's back up the next file we'll be modifying: | ||
| + | <nowiki> | ||
| + | ~$ sudo cp /etc/postfix/main.cf /etc/postfix/main.cf.original | ||
| + | </nowiki> | ||
| + | Edit the following: <code>/etc/postfix.main.cf</code> | ||
| + | <nowiki> | ||
| + | uncomment and edit: | ||
| + | myhostname = mail.domain.com | ||
| + | myorigin = /etc/mailname | ||
| + | inet_interfaces = all | ||
| + | mydestination = mail.domain.com, domain.com, localhost, localhost,localdomain | ||
| + | mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 | ||
| + | relayhost = | ||
| + | |||
| + | uncomment: | ||
| + | recipient_delimiter = + | ||
| + | local_recipient_maps = proxy:unix:passwd.byname $alias_maps | ||
| + | |||
| + | comment out: | ||
| + | inet_interfaces = localhost | ||
| + | |||
| + | add: | ||
| + | # Adding mailbox size limit of 0 to remove restrictions on size | ||
| + | mailbox_size_limit = 0 | ||
| + | |||
| + | # Adding SSL | ||
| + | smtpd_tls_cert_file=/etc/ssl/certs/mailcert.pem | ||
| + | smtpd_tls_key_file=/etc/ssl/private/mail.key | ||
| + | smtpd_use_tls=yes | ||
| + | smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache | ||
| + | smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache | ||
| + | smtpd_tls_security_level=may | ||
| + | smtpd_tls_protocols = !SSLv2, !SSLv3 | ||
| + | |||
| + | verify: | ||
| + | alias_maps = hash:/etc/aliases | ||
| + | alias_database = hash:/etc/aliases | ||
| + | </nowiki> | ||
| + | |||
| + | ==Dovecot== | ||
| + | <nowiki> | ||
| + | ~$ sudo yum install dovecot.x86_64 | ||
| + | </nowiki> | ||
| + | Backup <code>/etc/dovecot/dovecot.conf</code> | ||
| + | <nowiki> | ||
| + | ~$ sudo cp /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.original | ||
| + | </nowiki> | ||
| + | Remove the old <code>dovecot.conf</code> file and create a new one | ||
| + | <nowiki> | ||
| + | ~$ sudo rm /etc/dovecot/dovecot.conf | ||
| + | ~$ sudo vi /etc/dovecot/dovecot.conf | ||
| + | </nowiki> | ||
| + | You'll want to add the following to your new <code>dovecot.conf</code> file: | ||
| + | <nowiki> | ||
| + | log_timestamp = "%Y-%m-%d %H:%M:%S " | ||
| + | disable_plaintext_auth = no | ||
| + | mail_privileged_group = mail | ||
| + | mail_location = mbox:~/mail:INBOX=/var/mail/%u | ||
| + | userdb { | ||
| + | driver = passwd | ||
| + | } | ||
| + | passdb { | ||
| + | args = %s | ||
| + | driver = pam | ||
| + | } | ||
| + | protocols = "imap pop3" | ||
| + | |||
| + | service auth { | ||
| + | unix_listener /var/spool/postfix/private/auth { | ||
| + | group = postfix | ||
| + | mode = 0660 | ||
| + | user = postfix | ||
| + | } | ||
| + | } | ||
| + | |||
| + | ssl=required | ||
| + | ssl_cert = </etc/ssl/certs/mailcert.pem | ||
| + | ssl_key = </etc/ssl/private/mail.key | ||
| + | </nowiki> | ||
| + | |||
| + | Lastly, make a couple of symlinks so authentication via pop/imap works. | ||
| + | <nowiki> | ||
| + | ~$ sudo ln -s /etc/pam.d/dovecot /etc/pam.d/imap | ||
| + | ~$ sudo ln -s /etc/pam.d/dovecot /etc/pam.d/pop3 | ||
| + | </nowiki> | ||
| + | |||
| + | ==Wrap Up== | ||
| + | <nowiki> | ||
| + | ~$ sudo newaliases | ||
| + | ~$ sudo postfix stop | ||
| + | ~$ sudo postfix start | ||
| + | ~$ sudo dovecot restart | ||
| + | </nowiki> | ||
| + | Also, with every new user that you create, you'll need to do the following: | ||
| + | <nowiki> | ||
| + | ~$ sudo chmod -R 777 /var/spool/mail | ||
| + | </nowiki> | ||
| + | Without doing this, the users wont have access to create new folders or an Inbox and possibly messages. | ||
Latest revision as of 18:07, 28 November 2016
Contents |
[edit] Overview
Dovecot for POP/IMAP
Postfix for SMTP
[edit] Setup SSL
Just going to use a simple self-signed cert. However, before we can, we need to create a symlink so that we utilize the existing private directory and create a link from the standard location for private keys to the actual location.
~$ cd /etc/ssl/ ~$ sudo ln -s ../pki/tls/private/ private ~$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/mail.key -out /etc/ssl/certs/mailcert.pem
[edit] Postfix
Make sure exim4 is not installed and verify that postfix is installed and at the latest version
~$ sudo rpm -qa | grep exim ~$ sudo yum install postfix
Edit the following: /etc/postfix/master.cf
uncomment: submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING add: -o syslog_name=postfix/submission -o smtpd_tls_wrappermode=no -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth
Let's back up the next file we'll be modifying:
~$ sudo cp /etc/postfix/main.cf /etc/postfix/main.cf.original
Edit the following: /etc/postfix.main.cf
uncomment and edit:
myhostname = mail.domain.com
myorigin = /etc/mailname
inet_interfaces = all
mydestination = mail.domain.com, domain.com, localhost, localhost,localdomain
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
relayhost =
uncomment:
recipient_delimiter = +
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
comment out:
inet_interfaces = localhost
add:
# Adding mailbox size limit of 0 to remove restrictions on size
mailbox_size_limit = 0
# Adding SSL
smtpd_tls_cert_file=/etc/ssl/certs/mailcert.pem
smtpd_tls_key_file=/etc/ssl/private/mail.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level=may
smtpd_tls_protocols = !SSLv2, !SSLv3
verify:
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
[edit] Dovecot
~$ sudo yum install dovecot.x86_64
Backup /etc/dovecot/dovecot.conf
~$ sudo cp /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.original
Remove the old dovecot.conf file and create a new one
~$ sudo rm /etc/dovecot/dovecot.conf ~$ sudo vi /etc/dovecot/dovecot.conf
You'll want to add the following to your new dovecot.conf file:
log_timestamp = "%Y-%m-%d %H:%M:%S "
disable_plaintext_auth = no
mail_privileged_group = mail
mail_location = mbox:~/mail:INBOX=/var/mail/%u
userdb {
driver = passwd
}
passdb {
args = %s
driver = pam
}
protocols = "imap pop3"
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
ssl=required
ssl_cert = </etc/ssl/certs/mailcert.pem
ssl_key = </etc/ssl/private/mail.key
Lastly, make a couple of symlinks so authentication via pop/imap works.
~$ sudo ln -s /etc/pam.d/dovecot /etc/pam.d/imap ~$ sudo ln -s /etc/pam.d/dovecot /etc/pam.d/pop3
[edit] Wrap Up
~$ sudo newaliases ~$ sudo postfix stop ~$ sudo postfix start ~$ sudo dovecot restart
Also, with every new user that you create, you'll need to do the following:
~$ sudo chmod -R 777 /var/spool/mail
Without doing this, the users wont have access to create new folders or an Inbox and possibly messages.
