Basic mailserver configuration on RHEL10
Very basic configuration of mailserver with postfix, dovecot and mysql/mariadb
change your SSHd config (suggested)
semanage port -l | grep ssh semanage port -a -t ssh_port_t -p tcp 1997 semanage port -l | grep ssh
vi /etc/ssh/sshd_config
Edit SSHD port and restart service
systemctl restart sshd
SSL certs
dnf install epel-release dnf install certbot
Create cert with your FQN server name
certbot certonly -d server08.vettore.org
install Mariadb and set up tables
timedatectl set-timezone Europe/Rome dnf install mariadb dnf install mariadb-server systemctl enable mariadb --now
Enter nariadb console and:
create database mailserver; use mailserver;
USERS
CREATE TABLE `users` ( `email` varchar(200) NOT NULL, `password` varchar(128) NOT NULL, `enabled` int(11) NOT NULL DEFAULT '1', `username` varchar(45) DEFAULT NULL, PRIMARY KEY (`email`)) ENGINE=MyISAM DEFAULT CHARSET=utf8;
DOMAINS:
CREATE TABLE `domains` ( `domain` varchar(200) NOT NULL, `enabled` int(11) NOT NULL DEFAULT '1', PRIMARY KEY (`domain`)) ENGINE=MyISAM DEFAULT CHARSET=utf8
ALIAS:
CREATE TABLE `aliases` ( `email` varchar(128) NOT NULL, `alias` varchar(255) NOT NULL, `enabled` int(11) DEFAULT '1', PRIMARY KEY (`email`)) ENGINE=MyISAM DEFAULT CHARSET=utf8;
ADD a test user (enter in mariadb console):
insert into users set email='paperino@274512.xyz', password='segretina412', username='paperino'; insert into domains set domain='274512.xyz';
Grant privileges:
grant select on mailserver.* to postfix@localhost identified by 'yoursecretpassword'
POSTFIX
dnf install postfix postfix-mysql groupadd -g150 vmail useradd -r -u150 -d /var/vmail -s /sbin/nologin -g vmail vmail mkdir /var/vmail chown vmail:vmail /var/vmail
Edit /etc/postfix/main.cf and change/add the following line accordingly
inet_protocols = all virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-users.cf virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-aliases.cf virtual_transport = dovecot smtpd_tls_cert_file = /etc/letsencrypt/live/server08.vettore.org/cert.pem smtpd_tls_key_file = /etc/letsencrypt/live/server08.vettore.org/privkey.pem smtp_tls_CApath = /etc/letsencrypt/live/ smtp_tls_CAfile = /etc/letsencrypt/live/server08.vettore.org/fullchain.pem
Setup the connectors configured above
/etc/postfix/mysql-virtual-domains.cf:
user = postfix password = yuorsecretpassword hosts = 127.0.0.1 dbname = mailserver query = SELECT 1 FROM domains WHERE domain='%s' AND enabled=1
/etc/postfix/mysql-virtual-users.cf :
user = postfix password = yoursecretpassword hosts = 127.0.0.1 dbname = mailserver query = SELECT 1 FROM users where email='%s' and enabled=1
/etc/postfix/mysql-virtual-aliases.cf
user = postfix password = yoursecretpassword hosts = 127.0.0.1 dbname = mailserver query = SELECT alias FROM aliases WHERE email='%s' AND enabled=1
You can check your configuration with postmap (1 returned in case of success)
postmap q 274512.xyz mysql:/etc/postfix/mysql-virtual-domains.cf postmap -q paperino@274512.xyz mysql:/etc/postfix/mysql-virtual-users.cf
Add this to your /etc/postfix/master.cf
dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}
Start service
systemctl enable postfix --now
DOVECOT
dnf install dovecot dovecot-mysql
edit conf.d/10-mail.conf and add/uncomment this
mail_location = maildir:/var/vmail/%d/%n/Maildir
edit /etc/dovecot/conf.d/auth-sql.conf.ext
comment out the first userdb section
remove comment from the last userdb section end edit as follows:
userdb {
driver = static
args = uid=150 gid=150 home=/var/vmail/%d/%n allow_all_users=yes
}
Rename the above file removing .ext extension
Verify path in the passdb section ofg the above file. Should be /etc/dovecot/dovecot-sql.conf.ext<br You must create this file:
driver=mysql default_pass_scheme = PLAIN connect= host=127.0.0.1 port=3306 dbname=mailserver user=postfix password=yoursecretpassword password_query = SELECT password, email as user FROM users where email='%u' AND enabled=1
in conf.d/10-ssl.conf add the certifcate and key replacing with the path of the certificate created above
mettere certificati (no CA)
in dovecot.conf remove comment from protocole (remove pop3 if not needed)
protocols = imap lmtp submission
Add to the bottom:
mail_uid=vmail
mail_gid=vmail
first_valid_uid = 150
last_valid_uid = 150
service stats {
unix_listener stats-reader {
group = vmail
mode = 0666
}
unix_listener stats-writer {
group = vmail
mode = 0666
}
}
Start end enable service
systemctl enable dovecot --now
