UBUNTU SMTP: POSTFIX, DOVECOT, MYSQL

Standard

step-by-step SMTP server configuration

server OS: ubuntu 16.04
SMTP service: Postfix
IMAP service: Dovecot
external database: MySQL 5.7

server hostname: smtp.test.com

SSH login into the machine as root and install Postfix, Dovecot and MySQL integrations
# apt-get update
# apt­get install postfix postfix­mysql dovecot­core dovecot­imapd dovecot­lmtpd dovecot­mysql

the data inserted during the Postifix configuration wizard:
– Internet Site
– test.com
they can be modified in the file /etc/main.cfg

MYSQL SERVER CONFIGURATION
# apt-get install mysql-server-5.7

create a MySQL root user before starting using MySQL Server and login
# mysql -u root -p[here-the-password-without-blank]

create a new database, called ims (in-mail-server) to manage domains and e-mail users
mysql> CREATE DATABASE ims;

create a specific in-mail-user only for this database (don’t use root user for queries)
mysql> GRANT SELECT ON ims.* TO ‘imu’@’127.0.0.1’ IDENTIFIED BY ‘imp123’;

mysql> FLUSH PRIVILEGES;

select the inmailserver database and create two tables: for domains and for users
mysql> USE ims;

mysql> CREATE TABLE `virtual_domains` (`id` INT NOT NULL AUTO_INCREMENT,`name` VARCHAR(50) NOT NULL,PRIMARY KEY (`id`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;

mysql> CREATE TABLE `virtual_users` (`id` INT NOT NULL AUTO_INCREMENT,`domain_id` INT NOT NULL,`password` VARCHAR(106) NOT NULL,`email` VARCHAR(120) NOT NULL,PRIMARY KEY (`id`),UNIQUE KEY `email` (`email`),FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=utf8;

insert the domains in the virtual_domains table
mysql> INSERT INTO `ims`.`virtual_domains`(`id` ,`name`)VALUES(‘1’, ‘test.com’),(‘2’, ‘test2.com’),(‘3’, ‘test3.com’);

mysql> INSERT INTO `ims`.`virtual_users`(`id`, `domain_id`, `password` , `email`) VALUES (‘1’, ‘1’, ENCRYPT(‘NyreI0Y2WfTCUQqRvigPxWtmS’, CONCAT(‘$6$’, SUBSTRING(SHA(RAND()), -16))), ‘send@test.com’), (‘2’, ‘2’, ENCRYPT(‘hrZT#8[RF2{ruiGwu’, CONCAT(‘$6$’, SUBSTRING(SHA(RAND()), -16))), ‘send@test2.com’), (‘3’, ‘3’, ENCRYPT(‘tukrXZ19lDIWYITtACfgPZhnb’, CONCAT(‘$6$’, SUBSTRING(SHA(RAND()), -16))), ‘send@test3.com’);

POSTFIX CONFIGURATION
generate a free Dovecot SSL certificate (self signed )
# openssl req ­new ­x509 ­days 1000 ­nodes ­out “/etc/ssl/certs/dovecot.pem” ­keyout “/etc/ssl/private/dovecot.key”

open the main.cf file and modify it like this
# nano /etc/postfix/main.cf

modify this section from:
#smtpd_tls_cert_file=/etc/ssl/certs/ssl­cert­snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl­cert­snakeoil.key
#smtpd_use_tls=yes
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

to:
smtpd_tls_cert_file=/etc/ssl/certs/dovecot.pem
smtpd_tls_key_file=/etc/ssl/private/dovecot.key
smtpd_use_tls = yessmtpd_tls_auth_only = yes

change these parameters:
mydestination = localhost
myhostname = smtp.test.com

add these lines:
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination

modify the method to save email to local mailboxes from LDA to LMTP:
virtual_transport = lmtp:unix:private/dovecot­lmtp

enable local mail delivery for all the domains listed in the MySQL database (tell Postfix that is used an external database to manage the domains and users):
virtual_mailbox_domains = mysql:/etc/postfix/mysql­virtual­mailbox­domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql­virtual­mailbox­maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql­virtual­alias­maps.cf

create these 3 configuration files that will contain the informations to query the database
# cd /etc/postfix/

# vi mysql-virtual-mailbox-domains.cf
user = imu
password = imp123
hosts = 127.0.0.1
dbname = ims
serverquery = SELECT 1 FROM virtual_domains WHERE name='%s'

# vi mysql­virtual­mailbox­maps.cf
user = imu
password = imp123
hosts = 127.0.0.1
dbname = ims
serverquery = SELECT 1 FROM virtual_users WHERE email='%s'

to test if they work:
# service postfix restart

# postmap ­q test.com mysql:/etc/postfix/mysql­virtual­mailbox­domains.cf
have to output 1

# postmap ­q test2.com mysql:/etc/postfix/mysql­virtual­mailbox­domains.cf
have to output 1

# postmap ­q test3.com mysql:/etc/postfix/mysql­virtual­mailbox­domains.cf
have to output 1

modify master.conf
# nano /etc/posfix/master.conf
decomment these lines:
submission inet n - y - - smptpd
- o syslog_name=postfix/submission
- o smtpd_tls_security_level=encrypt
- o smtpd_sasl_auth_enable=yes
- o smtpd_client_restrictions=permit_sasl_authenticated,reject

# service postfix restart

DOVECOT CONFIGURATION
these configuration files will allow IMAP protocol to connect to the external database and to Postfix
/etc/dovecot/dovecot.conf
/etc/dovecot/dovecot-sql-conf.ext
/etc/dovecot/conf.d/10-mail.conf
/etc/dovecot/conf.d/10-auth.conf
/etc/dovecot/conf.d/auth-sql.conf.ext
/etc/dovecot/conf.d/10-master.conf
/etc/dovecot/conf.d/10-ssl.conf

/etc/dovecot/dovecot.conf
uncomment it:
!include conf.d/*.conf

enable imap and lmtp:
!include_try /usr/share/dovecot/protocols.d/*.protocol
protocols = imap lmtp

/etc/dovecot/conf.d/10-mail.conf
update the “mail_location” parameter in:
mail_location = maildir:/var/mail/vhosts/%d/%n

set “mail_privileged_group” parameter to “mail”:
mail_privileged_group = mail

***
for that to work, create set mail folders for each domains in the MySQL table inside this folder “/var/mail/vhosts” and set proper ownerships/permissions
# mkdir ­p /var/mail/vhosts/test.com
# mkdir ­p /var/mail/vhosts/test2.com
# mkdir ­p /var/mail/vhosts/test3.com

# groupadd -g 5000 vmail
# useradd -g vmail -u 5000 vmail -d /var/mail
# chown -R vmail:vmail /var/mail

***
/etc/dovecot/conf.d/10-auth.conf
to ensure security:
disable_plaintext_auth = yes
auth_mechanisms = plain login

comment:
#!include auth-system.conf.ext
decomment:
!include auth-sql.conf.ext

/etc/dovecot/dovecot-sql.conf.ext
uncomment and set to:
driver = mysql

set the connection parameters:
connect = host =127.0.0.1
dbname=ims
user=imu
password=imp123

modify password default scheme and the query for it:
default_pass_scheme = SHA512-CRYPT
password_query = SELECT email as user, password FROM virtual_users WHERE email='%u';

***
set permissions on the /etc/dovecot directory so the vmail user can use it
# chown -R vmail:dovecot /etc/dovecot
# chmod -R o-rwx /etc/dovecot

***
/etc/dovecot/conf.d/10-master.conf
change all these sections, so that they are the same as the screenshoots
dovecot-imapdovecot-lmtpdovecto_suthorkerservi_auth

/etc/dovecot/conf.d/10-ssl.conf
change this parameter to enable SSL for the incoming/outgoing connections:
ssl = required

specify the SSL cert and key file location:
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.key

# service dovecot restart

Advertisements

say something

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s