Set up a Postfix mail server with Dovecot and RoundCube on CentOS 7
Learn how to set up a email server on a Cloud Server running CentOS 7. This tutorial features Postfix as an SMTP server, Dovecot for POP/IMAP functionality, and RoundCube as a webmail program for users to check and receive email from a web browser.
The tutorial will also walk you through the process of creating and using a self-signed SSL certificate for use in securing incoming and outgoing email connections.
Set up your own professional email server in the blink of an eye. You benefit from large and expandable storage space, your own domain, automatic encryption as well as calendar and office functions or email archiving. IONOS also offers the highest security standards in ISO-certified data centers.
Requirements
- A Cloud Server running CentOS 7.
- Postfix installed and running.
To check the status of Postfix on the server, use the command:
sudo postfix status
If Postfix is installed and running, you will see the output:
[user@localhost ~]# sudo postfix status
postfix/postfix-script: the Postfix mail system is running: PID: 1681
Firewall access
If you have a firewall, you will need to allow access to the following ports:
- SMTP: 25
- POP3: 110
- IMAP: 143
- SMTP Secure: 465
- MSA: 587
- IMAP Secure: 993
- POP3 Secure: 995
Create an SSL certificate
We will create a self-signed SSL certificate to secure incoming and outgoing email connections:
sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout mailserver.key -out mailserver.crt -nodes -days 365
Answer the questions at the prompts, or just hit [Enter] to leave an answer blank. This command will create two files: mailserver.key and mailserver.crt.
Create a folder for the SSL certificate files:
sudo mkdir /etc/postfix/ssl
Then move the files into this folder:
sudo mv mailserver.key /etc/postfix/ssl
sudo mv mailserver.crt /etc/postfix/ssl
- Secures data transfers
- Avoids browser warnings
- Improves your Google ranking
Configure Postfix
The following steps will enable a basic Postfix set-up, allowing you to send and receive mail. For more information on these configurations, consult the official documentation.
Before you begin the configuration changes, be sure that you have the most recent version of Postfix by running the command:
sudo yum update postfix
Edit master.cf
First we will edit the /etc/postfix/master.cf file to enable the submission daemon to send and accept mail securely:
sudo nano /etc/postfix/master.cf
Delete the hash mark (#) to un-comment the following lines:
#submission inet n - n - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
Save and exit the file.
Edit main.cf
The /etc/postfix/main.cf file contains the configuration options for your Postfix installation. Edit this file:
sudo nano /etc/postfix/main.cf
Make the following changes:
Set Hostname
Edit the line which reads:
#myhostname = host.domain.tld
Delete the hash mark (#) to un-comment the line, and replace host.domain.tld with the hostname of the server:
myhostname = example.com
Set Domain
Edit the line which reads:
#mydomain = domain.tld
Delete the hash mark (#) to un-comment the line, and replace domain.tld with the domain you want to receive mail for:
mydomain = example.com
Enable Other Settings
Delete the hash mark (#) to un-comment the following lines:
#myorigin = $myhostname
#inet_interfaces = all
#inet_interfaces = localhost
#inet_protocols = all
#mydestination = $myhostname, localhost.$mydomain, localhost
#home_mailbox = Maildir/
Add Configurations
Finally, add the following lines to the end of the file:
smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key
smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level=may
Save and exit the file, then restart Postfix to load the new configurations:
sudo systemctl restart postfix
Test Postfix with Telnet
To test Postfix we will telnet to the server and perform a basic "handshake protocol," just as an email program would.
First, install Telnet:
sudo yum install telnet
Once Telnet is installed, use it to connect to the server's SMTP port:
telnet localhost 25
The server will respond with:
[user@localhost ~]$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Start by telling the server who the mail is being sent from:
mail from: some-person@some-other-server.com
Then tell the server who you are sending mail to, replacing user@example.com with your own username and domain name:
rcpt to: user@example.com
Now add a simple message. Tell the server your message body starts here:
data
Type the message, then follow it with [Enter], a period ., and [Enter]:
hello world
.
Close the session by typing quit and hitting Enter.
If you are successful, your test message will appear in /home/username/Maildir/new. You can view this message with the command:
ll /home/username/Maildir/new
To read the message, copy and paste the name of the file (it will be a long name like 1481229255.Vfd01I402b66aM546595.example.com) and read it with more:
more 1481229255.Vfd01I402b66aM546595.example.com
You will see the email message, along with all of the header information:
From some-person@some-other-server.com Thu Dec 8 19:43:10 2016
Return-Path: <some-person@some-other-server.com>
X-Original-To: user@example.com
Delivered-To: user@example.com
Received: from localhost (localhost [127.0.0.1])
by mail.example.com (Postfix) with SMTP id 6CFD589184
for <user@example.com>; Thu, 8 Dec 2016 19:42:33 +0000 (UTC)
Message-Id: <20161208194238.6CFD589184@mail.oxnardindustries.com>
Date: Thu, 8 Dec 2016 19:42:33 +0000 (UTC)
From: some-person@some-other-server.com
hello world
Install and configure Dovecot
We will be using Dovecot as a POP3/IMAP server, so that users can receive and check their email. You can find more information about Dovecot on the Dovecot website.
Install Dovecot with the command:
sudo yum install dovecot
You can check on the status of Dovecot with the command:
sudo systemctl status dovecot
If Dovecot is running, you will see output similar to:
[user@mail dovecot]$ sudo systemctl status dovecot -l
● dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/usr/lib/systemd/system/dovecot.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2016-12-08 21:04:48 UTC; 3s ago
Process: 8985 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS)
Main PID: 8989 (dovecot)
CGroup: /system.slice/dovecot.service
├─8989 /usr/sbin/dovecot -F
├─8992 dovecot/anvil
├─8993 dovecot/log
└─8995 dovecot/config
Dec 08 21:04:48 example.com systemd[1]: Starting Dovecot IMAP/POP3 email server...
Dec 08 21:04:48 example.com systemd[1]: Started Dovecot IMAP/POP3 email server.
Dec 08 21:04:48 example.com dovecot[8989]: master: Dovecot v2.2.10 starting up for imap (core dumps disabled)
Active: active (running) since Thu 2016-12-08 21:04:48 UTC; 3s ago
This means that Dovecot is installed and running.
- Professional, automatic email backup tool
- Powerful enterprise-wide search and eDiscovery
- Easy data recovery via one-click restore, download and migrate
Install Roundcube
Roundcube is a free, open source webmail program with robust built-in multilingual capabilities, and many convenient features for your users. You can read more about Roundcube on the Roundcube website.
Roundcube requires several PHP and MariaDB packages as a prerequisite. Install and/or update these first with the command:
sudo yum install mysql mariadb-server php php-common php-json php-xml php-mbstring
Next, create a MariaDB username and database for the Roundcube installation. Log into the MariaDB client with the command:
mysql -u root -p
Log in with the root password, then create a Roundcube database:
create database roundcube_db;
Create a user for this database. Note: Be sure to give the user a strong password.
grant all on roundcube_db.* to roundcube_user@localhost identified by 'roundcube_db_password';
Replace:
- roundcube_user with the username you want to create for your database.
- roundcube_db_password with a strong password for this user.
Then exit MariaDB:
quit;
Go to your website's document root. Download the current release from the Roundcube website by using the command:
sudo wget [download URL]
To find the download URL, visit the current release page on the Roundcube website. Copy the URL for the green "Download" link. You can paste it into the command line by clicking Shift + Insert.
For example, to download the current stable release as of this article's publication the command is:
sudo wget https://github.com/roundcube/roundcubemail/releases/download/1.2.3/roundcubemail-1.2.3-complete.tar.gz
Uncompress this file using the command:
sudo tar -xvf [filename]
You can use tab completion to make this process easier. Type sudo tar -xvf roundcube then hit Tab. The shell will automatically fill out the rest of the file name on the command line.
To unzip the file downloaded above, the command is:
sudo tar -xvf roundcubemail-1.2.3-complete.tar.gz
Rename the extracted directory roundcube:
sudo mv roundcubemail-1.2.3 roundcube
Set the ownership of the files to the Apache user:
sudo chown -R apache:apache roundcube
To complete the installation, switch to a browser and go to the URL http://example.com/roundcube/installer/.
Scroll down to the bottom of the page and click NEXT.
In the next section, you will need to fill out the database information.
Fill out the MariaDB database name, username, and password which you created above. Then scroll down and click CREATE CONFIG.
Note: There are many potential configurations. You can change or set them at any time in the future.
After the config file is created, click CONTINUE to continue.
Click the Initialize database button to set up the database.
Test the mail server configuration by sending a test SMTP email.
- Sender: Your new email address on this server. (For example, jdoe@example.com)
- Recipient: An external email address. (For example, jdoe@gmail.com)
Then click Send test mail. After a few moments, check the external email account to see if your email was sent.
Test the IMAP configurations by logging in with your username and password.
Note that your username is NOT your full email address. For example, log in with the username jdoe, not jdoe@example.com.
Now that the configuration is complete, you can log in at http://example.com/webmail to check and send email.
Reach out in your name every time you hit send — includes domain, 2 GB+ storage, and more.