Basic mailserver configuration on RHEL10

From Fvettore-WIKI

Very basic configuration of mailserver with postfix, dovecot and mysql/mariadb.
It is the update of the previous basic_mailserver_configuration_on_RHEL_derivates

change your SSHd config (suggested)

  semanage port -l | grep ssh
  semanage port -a -t ssh_port_t -p tcp 1997
  semanage port -l | grep ssh

vi /etc/ssh/sshd_config

Edit SSHD port changing to the above 1997 and restart service 

systemctl restart sshd

SSL certs

dnf install epel-release
dnf install certbot

Create cert with your FQN server name 

certbot certonly -d server08.vettore.org


install Mariadb and set up tables

timedatectl set-timezone Europe/Rome
dnf install mariadb
dnf install mariadb-server
systemctl enable mariadb --now

Enter nariadb console and: 

create database mailserver;
use mailserver;

USERS 

CREATE TABLE `users` ( `email` varchar(200) NOT NULL,
`password` varchar(128) NOT NULL,
`enabled` int(11) NOT NULL DEFAULT '1', 
`username` varchar(45) DEFAULT NULL, 
 PRIMARY KEY (`email`)) ENGINE=MyISAM DEFAULT CHARSET=utf8;

DOMAINS: 

CREATE TABLE
`domains` ( `domain` varchar(200) NOT NULL,
`enabled` int(11) NOT NULL DEFAULT '1', PRIMARY KEY (`domain`))
 ENGINE=MyISAM DEFAULT CHARSET=utf8

ALIAS: 

CREATE TABLE `aliases` ( `email` varchar(128) NOT NULL,
`alias` varchar(255) NOT NULL,
`enabled` int(11) DEFAULT '1',
 PRIMARY KEY (`email`)) ENGINE=MyISAM DEFAULT CHARSET=utf8;

ADD a test user (enter in mariadb console): 

insert into users set email='paperino@274512.xyz', password='segretina412', username='paperino';
insert into domains set domain='274512.xyz';

Grant privileges: 

grant select on mailserver.* to postfix@localhost identified by 'yoursecretpassword'

POSTFIX

dnf install postfix postfix-mysql
groupadd -g150 vmail
useradd -r  -u150 -d /var/vmail -s /sbin/nologin -g vmail vmail
mkdir /var/vmail
chown vmail:vmail /var/vmail

Edit /etc/postfix/main.cf and change/add the following line accordingly 

inet_protocols = all
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-users.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-aliases.cf
virtual_transport = dovecot
smtpd_tls_cert_file = /etc/letsencrypt/live/server08.vettore.org/cert.pem
smtpd_tls_key_file = /etc/letsencrypt/live/server08.vettore.org/privkey.pem
smtp_tls_CApath = /etc/letsencrypt/live/ 
smtp_tls_CAfile = /etc/letsencrypt/live/server08.vettore.org/fullchain.pem

Setup the connectors configured above

/etc/postfix/mysql-virtual-domains.cf: 

user = postfix
password = yuorsecretpassword
hosts = 127.0.0.1
dbname = mailserver
query = SELECT 1 FROM domains WHERE domain='%s' AND enabled=1

/etc/postfix/mysql-virtual-users.cf : 

user = postfix
password = yoursecretpassword
hosts = 127.0.0.1
dbname = mailserver
query = SELECT 1 FROM users where email='%s' and enabled=1 

/etc/postfix/mysql-virtual-aliases.cf 

user = postfix
password = yoursecretpassword
hosts = 127.0.0.1
dbname = mailserver
query = SELECT alias FROM aliases WHERE email='%s' AND enabled=1 

You can check your configuration with postmap (1 returned in case of success) 

postmap q 274512.xyz mysql:/etc/postfix/mysql-virtual-domains.cf
postmap -q paperino@274512.xyz mysql:/etc/postfix/mysql-virtual-users.cf


Add this to your /etc/postfix/master.cf 

dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}

Start service 

systemctl enable postfix --now


DOVECOT

dnf install dovecot dovecot-mysql

edit conf.d/10-mail.conf and add/uncomment this 

mail_location = maildir:/var/vmail/%d/%n/Maildir

edit /etc/dovecot/conf.d/auth-sql.conf.ext

comment out the first userdb section

remove comment from the last userdb section end edit as follows: 

userdb {
 driver = static
 args = uid=150 gid=150 home=/var/vmail/%d/%n allow_all_users=yes
}

Rename the above file removing .ext extension

Verify path in the passdb section of the above file. Should be /etc/dovecot/dovecot-sql.conf.ext
You must create this file: 

driver=mysql
default_pass_scheme = PLAIN
connect= host=127.0.0.1 port=3306 dbname=mailserver user=postfix password=yoursecretpassword
password_query = SELECT password, email as user  FROM users where email='%u' AND enabled=1

in conf.d/10-ssl.conf add the certifcate and key replacing with the path of the certificate created above (but not the CA)

in dovecot.conf remove comment from protocol (remove pop3 if not needed) 

protocols = imap lmtp submission

Add to the bottom: 

mail_uid=vmail
mail_gid=vmail

first_valid_uid = 150
last_valid_uid = 150

service stats {
 unix_listener stats-reader {
   group = vmail
   mode = 0666
 }
  unix_listener stats-writer {
    group = vmail
    mode = 0666
  }
}

Start end enable service

systemctl enable dovecot --now

Retrieved from "http://10.99.0.100:8087/index.php?title=Basic_mailserver_configuration_on_RHEL10&oldid=187"