Basic mailserver configuration on RHEL10

  semanage port -l | grep ssh
  semanage port -a -t ssh_port_t -p tcp 1997
  semanage port -l | grep ssh

vi /etc/ssh/sshd_config

Edit SSHD port and restart service

systemctl restart sshd

timedatectl set-timezone Europe/Rome
dnf install mariadb
dnf install mariadb-server
systemctl enable mariadb --now

Enter nariadb console and:

create database mailserver;
use mailserver;

USERS

CREATE TABLE `users` ( `email` varchar(200) NOT NULL,
`password` varchar(128) NOT NULL,
`enabled` int(11) NOT NULL DEFAULT '1', 
`username` varchar(45) DEFAULT NULL, 
 PRIMARY KEY (`email`)) ENGINE=MyISAM DEFAULT CHARSET=utf8;

DOMAINS:

CREATE TABLE
`domains` ( `domain` varchar(200) NOT NULL,
`enabled` int(11) NOT NULL DEFAULT '1', PRIMARY KEY (`domain`))
 ENGINE=MyISAM DEFAULT CHARSET=utf8 

ALIAS:

CREATE TABLE `aliases` ( `email` varchar(128) NOT NULL,
`alias` varchar(255) NOT NULL,
`enabled` int(11) DEFAULT '1',
 PRIMARY KEY (`email`)) ENGINE=MyISAM DEFAULT CHARSET=utf8;

ADD a test user (enter in mariadb console):

insert into users set email='paperino@274512.xyz', password='segretina412', username='paperino';
insert into domains set domain='274512.xyz';

Grant privileges:

grant select on mailserver.* to postfix@localhost identified by 'yoursecretpassword'

dnf install epel-release
dnf install certbot

Create cert with your FQN server name

certbot certonly -d server08.vettore.org

dnf install postfix postfix-mysql
groupadd -g150 vmail
useradd -r  -u150 -d /var/vmail -s /sbin/nologin -g vmail vmail
mkdir /var/vmail
chown vmail:vmail /var/vmail

Edit /etc/postfix/main.cf and change/add the following line accordingly

inet_protocols = all
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-users.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-aliases.cf
virtual_transport = dovecot
smtpd_tls_cert_file = /etc/letsencrypt/live/server08.vettore.org/cert.pem
smtpd_tls_key_file = /etc/letsencrypt/live/server08.vettore.org/privkey.pem
smtp_tls_CApath = /etc/letsencrypt/live/ 
smtp_tls_CAfile = /etc/letsencrypt/live/server08.vettore.org/fullchain.pem

Setup the connectors configured above

/etc/postfix/mysql-virtual-domains.cf:

user = postfix
password = yuorsecretpassword
hosts = 127.0.0.1
dbname = mailserver
query = SELECT 1 FROM domains WHERE domain='%s' AND enabled=1 

/etc/postfix/mysql-virtual-users.cf :

user = postfix
password = yoursecretpassword
hosts = 127.0.0.1
dbname = mailserver
query = SELECT 1 FROM users where email='%s' and enabled=1 

/etc/postfix/mysql-virtual-aliases.cf

user = postfix
password = yoursecretpassword
hosts = 127.0.0.1
dbname = mailserver
query = SELECT alias FROM aliases WHERE email='%s' AND enabled=1 

You can check your configuration with postmap (1 returned in case of success)

postmap q 274512.xyz mysql:/etc/postfix/mysql-virtual-domains.cf
postmap -q paperino@274512.xyz mysql:/etc/postfix/mysql-virtual-users.cf

Add this to your /etc/postfix/master.cf

dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}

Start service

systemctl enable postfix --now

edit conf.d/10-mail.conf and add/uncomment this

mail_location = maildir:/var/vmail/%d/%n/Maildir

edit /etc/dovecot/conf.d/auth-sql.conf.ext

comment out the first userdb section

remove comment from the last userdb section end edit as follows:

userdb {
 driver = static
 args = uid=150 gid=150 home=/var/vmail/%d/%n allow_all_users=yes
}

Rename the above file removing .ext extension

Verify path in the passdb section ofg the above file. Should be /etc/dovecot/dovecot-sql.conf.ext<br You must create this file:

driver=mysql
default_pass_scheme = PLAIN
connect= host=127.0.0.1 port=3306 dbname=mailserver user=postfix password=yoursecretpassword
password_query = SELECT password, email as user  FROM users where email='%u' AND enabled=1

in conf.d/10-ssl.conf

mettere certificati (no CA)

in dovecot.conf

decommentare e togliere pop3

protocols = imap lmtp submission

In fondo:

mail_uid=vmail
mail_gid=vmail

first_valid_uid = 150
last_valid_uid = 150

service stats {
 unix_listener stats-reader {
   group = vmail
   mode = 0666
 }
  unix_listener stats-writer {
    group = vmail
    mode = 0666
  }
}