Servidor de Email –; Part 1 –; Necessary facilities
I have my own mail server using Postfix, Dovecot, MariaDB, SpamAssassin, ClamAV, Amavisd-new, fail2ban, nginx, postfixadmin and RoundCube under CentOS 7.
Although it has several recipes for how to configure this package, It took me many hours to figure out how to keep the service running correctly, each setting in main.cf and master.cf and in order to achieve in reducing the flood of spam that arrives every minute.
And anti-spam is the focus of this publication. I have suffered and still suffer with the constant attempts to use my services as a zombie or shedding of viruses, fraud and everything else you can.
I lost count of how many times my DNS service stopped by excess of connection attempts to entupiam the memory and forced the s.. cutting processes to conserve resources and the named was chosen for being the weakest link.
So, This article has focus in the proper configuration for private mail services, a few users and few domains. Certainly a lot of what is in this short manual serves to world-class services, but I believe that for these cases the use of tools or dedicated and specialized services should always be taken into consideration.
So let us leave aside the talk to go straight to the hands-on.
Installation of packages
The first step is to install all the packages that will be used. The roundcube and postfixadmin running under a webserver with PHP support and whose e-mail accounts may be stored on a database server. How do I use Nginx Webserver and although I prefer PostgreSQL will use the MariaDB as DBMS due to the fact that most of the uses (due to WordPress probably).
So, at the end of the installation process, We must have installed some new repositories of packages for CentOs, Postfix, Dovecot, SpamAssassin, MariaDB, Nginx, PHP, PostfixAdmin, RoundCube e opcionalmente o Amavis e o ClamAV.
Activate the Extra repositories to your distribution Packages, If you haven't already. For CentOS 6 or 7 the command below will.
$ sudo yum install epel-release
$ sudo rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
Additionally, install the curl, htop, I came, yum-utils, wget, NET-tools, NTP and certbot that will be needed elsewhere in the document.
$ sudo yum install -y curl htop vim yum-utils wget telnet net-tools ntp python2-certbot-nginx
Postfix
Postfix is an MTA (mail transfer agent). An MTA bridges the gap between the computers for the exchange of electronic mail messages. For our case, is the main element. The version of Postfix that I'll use in this document is the 3 and to install it I used the repository GhettoForge.
To do this run the following commands:
# importando a chave
$ sudo rpm --import http://mirror.ghettoforge.org/distributions/gf/RPM-GPG-KEY-gf.el7
# instalando o repositorio GhettoForge
$ sudo rpm -Uvh http://mirror.ghettoforge.org/distributions/gf/gf-release-latest.gf.el7.noarch.rpm
To make sure that the repository this active check if the package postfix3 is available
$ sudo yum info postfix3 --enablerepo=gf-plus
Note: The repository gf-plus is installed disabled and it's best to keep it that way because it contains versions of packages that conflict with existing versions in the repositories of CentOS installation base.
The output should be something like:
(..)
Available Packages
Name : postfix3
Arch : x86_64
Epoch : 2
Version : 3.3.3
Release : 1.gf.el7
Size : 3.0 M
Repo : gf-plus/x86_64
Summary : Postfix Mail Transport Agent
URL : http://www.postfix.org
License : IBM
Description : Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),
: TLS
With the repository configured and ready to use, Let's remove the current postfix (It wont be installed by default in CentOS) for the most current version.
$ sudo yum remove -y postfix && sudo yum -y install postfix3 postfix3-ldap postfix3-mysql postfix3-pcre --enablerepo=gf-plus
Let's leave the service stopped for now but already set to open along with the operating system.
$ sudo systemctl enable postfix && sudo systemctl stop postfix
Dovecot
Dovecot is an Imap and Pop3 mail server. With it we can send and receive messages via Postfix and among other things control the access to the service via authentication.
To install Dovecot simply run the command:
$ sudo yum install -y dovecot dovecot-mysql
Once again, We will activate the service but leave it standing.
$ sudo systemctl enable dovecot && sudo systemctl stop dovecot
Amavis
Amavis is a content filter for e-mail. With it is possible to filter harmful messages using settings against spam, viruses and other malware. In our case we will use the version amavisd-new. Below the commands that install. It requires many government offices that will be updated and/or installed with. One of these dependencies is the SpamAssassin that will be configured later, along with all the other packages we're installing.
$ sudo yum install -y amavisd-new
Complementing the installation of malicious content filter elements, We will install also the ClamAV It's a simple and very efficient antivirus for the most common types of threats and completely free.
$ sudo yum install -y clamav
Again, Let's turn to services that always start automatically, but for now leaving them standing.
$ sudo systemctl enable spamassassin && sudo systemctl stop spamassassin
$ sudo systemctl enable amavisd && sudo systemctl stop amavisd
MariaDB (or MySQL)
Normally, who uses WordPress already have installed and configured the MariaDB or MySQL. I prefer PostgreSQL, but as the intent of this document is to allow can have its own services DevOps and can not always have multiple instances I decided to use the MariaDB. In this way, If you need to add the WordPress, no need to add an additional DBMS or even use wrappers to have PostgreSQL support.
As the intention is to install the most current version will use the official repository. Below all the commands needed.
$ curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
$ sudo yum install -y MariaDB-server MariaDB-client
$ sudo systemctl enable mariadb && sudo systemctl stop mariadb
Webserver (Nginx and PHP)
The last elements to be installed are part of the Webserver. It is possible that you already have a running as Apache then this point can be skipped. If you are starting a new server, I recommend following the tips of this installation.
I really like the Nginx and I'm going to use in conjunction with the PHP-FPM. Again I'll use repositories that allow installing latest versions possible.
$ sudo rpm --import https://nginx.org/keys/nginx_signing.key
$ sudo yum -y install http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
$ sudo yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
$ sudo yum-config-manager --enable remi-php73
$ sudo yum install -y nginx php php-fpm php-imap php-gd php-intl php-mcrypt php-mysql php-mysqlnd php-pdo php-xml php-xmlrpc php-tidy php-pecl-zip
$ sudo systemctl enable nginx && sudo systemctl stop nginx
$ sudo systemctl enable php-fpm && sudo systemctl stop php-fpm
RoundCube and Postfixadmin
The last items to be installed are the Roundcube and Postfixadmin. The RoundCube is a Web mail client to be used with PHP and the Web Manager Postfixadmin accounts and domains for Postfix also used with PHP. How are PHP applications to be used within the Webserver, If you are using Apache or other Webserver, you will need to adpatar some information. Here I will use directories default.
$ cd /var/www/html
$ sudo wget https://github.com/roundcube/roundcubemail/releases/download/1.3.9/roundcubemail-1.3.9-complete.tar.gz
$ sudo tar -xzvf roundcubemail-1.3.9-complete.tar.gz
$ sudo wget -O postfixadmin-3.2.gz https://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-3.2/postfixadmin-3.2.tar.gz?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fpostfixadmin%2Ffiles%2Flatest%2Fdownload
$ sudo tar -xzvf postfixadmin-3.2.gz
At this point we have all the necessary files to start the configuration of the mail server.
I'm too lazy
Don't like typing or is not concerned in the details of each item installed. Your problems are over!
You can run any command of this document with the following lines:
$ sudo yum install -y curl htop vim yum-utils wget epel-release
$ curl -sS https://www.marcosregis.com/download/regis-mailserver-centos7-script | sudo bash
ATTENTION! This script is just a file with command lines. Eventually may not work properly depending on your system settings.
With everything installed we can start the settings. Let's start with the MariaDB.
One Response
[…] Já publiquei um tempo atrás um artigo mostrando como montei um servidor e e-mail utilizando as ferramentas mais comuns para ambiente OpenSource em Linux. Usei Postfix, Dovecot, Postfixadmin, Roundcube e Spamassassin. […]