Share, , Google Plus, Pinterest,

Print

Posted in:

Install and Configure Postfix with Dovecot on CentOS 6

Want to install and configure Postfix with Dovecot on CentOS 6? Or are you wondering whatPostfix orDovecot is?

In case you are wondering (i hope not, since you stumbled on this page), Postfix is a mail server or a bit more fancy word for it – Mail Transfer Agent (MTA). Actually MTA tells you what this application does. It transfers the mail around, from local users (same domain) to other domain users and transfers incoming mail from other users to local users. Actually for the emails to be transfered to and from your domain, Postfix is all you need, but these emails will only be stored on the server and also will only be able to sent from the server where Postfix is running.

This is why we need an additional application called Dovecot. Dovecot is a Message Store Access application. It enables us to get to the email messages in a more “human friendly” way.

Dovecot supports IMAP(s) and POP(s) messaging protocols (also secure versions of both protocol of course). By running IMAP or POP, we can configure a client to retrieve and send messages via our Postfix/Dovecot mail server. A client can be a mobile device with an email mobile application or some other desktop client as Microsoft Outlook or Thunderbird. With Postfix and Dovecot we can read our emails on our mobile device or desktop computer and this is as friendly as it gets, don’t you think? 🙂

We will configure Postfix with Dovecot:

  • virtual domains (serving multiple domain mail server)

  • virtual users (no need for Postfix users to have OS accounts)

Install and Configure Postfix with Dovecot
Install and Configure Postfix with Dovecot

Are you now sure, you want to install and configure Postfix with Dovecot? If so, keep reading…

Let’s Install and Configure Postfix with Dovecot!

1. Install Postfix

Install and Configure Postfix with Dovecot
Install and Configure Postfix with Dovecot

Postfix in the default MTA in CentOS 6, so you probably already have Postfix installed, but you can issue this command anyway – if it is already installed it will say so.

[root@geekpeek ~]# yum install postfix

If postfix is already installed it is probably also started at boot, but run this command anyway, just to make sure.

[root@geekpeek ~]# chkconfig postfix on

2. Create User to Access Mailboxes

We need to create an OS user that will access the mailboxes and we will disable logon for this user.

[root@geekpeek ~]# useradd -s /sbin/nologin mboxuser

Check the user UID and GID number and remember it, we will need it in the following steps:

[root@geekpeek ~]# grep mboxuser /etc/passwd
mboxuser:x:500:500::/home/mboxuser:/sbin/nologin

3. Edit Postfix Configuration

First move into “/etc/postfix” folder and make a backup copy of the original “main.cf” configuration file.

[root@geekpeek ~]# cd /etc/postfix/
[root@geekpeek postfix]# cp main.cf main.cf.ORIG

Next edit“main.cf” file – the following lines should be uncommented and edited to fit your environment. Note that some lines are already configured on default Postfix install:

# Leave as it is
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
# Edit and change to your hostname and domain
myhostname = server.geekpeek.net
mydomain = geekpeek.net
# Uncomment
myorigin = $mydomain
# Change to all or just the one you want
inet_interfaces = all
# Change to the protocols you use
inet_protocols = ipv4
# Leave as it is
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
# Uncomment and add or remove your local network if needed
mynetworks = 127.0.0.0/8
# Leave as it is
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
# Uncomment
home_mailbox = Maildir/
# Leave as it is
debug_peer_level = 2
debugger_command =
 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
 ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.6.6/samples
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
# Add the following lines at the bottom
# Virtual domain config
virtual_mailbox_domains = /etc/postfix/virtual_domains
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
# Replace UID:GID numbers with ones from Step 2
virtual_minimum_uid = 500
virtual_maximum_uid = 500
virtual_uid_maps = static:500
virtual_gid_maps = static:500
virtual_alias_maps = hash:/etc/postfix/virtual

4. Create Virtual Domains File

We will now create a file which holds all of the domains our mail server will serve. The virtual domains file location is defined by “virtual_mailbox_domains” parameter in“main.cf” configuration file, so in our case this is “/etc/postfix/virtual_domains”.

Please make sure, that the MX records from all of your domains point to this server. Virtual_domains file should hold all your domains, each in new line.

my-domain1.com
my-domain2.net
my-domain3.org

5. Create Mailbox File

This is the file “/etc/postfix/vmailbox” defined in our“main.cf” and in here where we must enter all of the users with their domains, that will recieve their mails on this server.

Every line must end with “/” otherwise the users will not recieve their emails into their mailboxes.

info@my-domain1.com my-domain1.com/info/
test1@my-domain1.com my-domain1.com/test1/
info@my-domain2.net my-domain2.net/info/
user1@my-domain2.net my-domain2.net/user1/
name.surname@my-domain3.org my-domain3.org/name.surname/

We can also implement a “catch-all” account, to catch all emails for recipients not listed in “virtual_domains” file:

@my-domain3.org my-domain.org/all

6. Create Mail Folders and Fix Permissions

Next we need to create the virtual domain folders where user emails will be delivered to and add rights to access this folder and files to the user defined with UID and GID in“main.cf”.

You can rename this folder to anything you like and also relocate it but be sure to fix the path to it in main.cf also. Do not worry about creating additional directories inside vhosts/domain/ folder since Postfix will create this automatically.

[root@geekpeek ~]# mkdir /var/mail/vhosts
[root@geekpeek ~]# chown -R root:mboxuser /var/mail/
[root@geekpeek ~]# mkdir /var/mail/vhosts/my-domain1.com
[root@geekpeek ~]# mkdir /var/mail/vhosts/my-domain1.net
[root@geekpeek ~]# mkdir /var/mail/vhosts/my-domain1.org
[root@geekpeek ~]# chown mboxuser:mboxuser -R /var/mail/vhosts/

7. Update Postfix Lookup Table

Next we should run “postmap” to update the Postfix lookup table. We should run this everytime we make a change to these files. This creates a hashed .db instances of these files.

[root@geekpeek ~]# postmap /etc/postfix/virtual
[root@geekpeek ~]# postmap /etc/postfix/vmailbox

8. Restart Postfix

Let’s restart Postfix for configuration changes to take effect:

[root@geekpeek ~]# /etc/init.d/postfix restart
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]

..and make sure Postfix is listening on port 25 and 465 (the last is secure SMTP port):

[root@geekpeek ~]# netstat -anp |grep 25
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1146/master
[root@geekpeek ~]# netstat -anp |grep 465
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 1515/master

9. Reconfigure IPTables

We must reconfigure IPTables to allow connections on port 25 (SMTP) and 465 (SMTPs). Read more on how to reconfigure IPTables HERE.

10. Testing Postfix

You can try testing our Postfix configuration by sending an email to existing recipient from Gmail.

Please make sure your DNS records are configured properly for this test to work. You should see something like this in “/var/log/maillog” – but with your email addresses of course:

Oct 28 09:20:28 geekpeek postfix/smtpd[1226]: connect from unknown[192.168.1.20]
Oct 28 09:20:52 geekpeek postfix/smtpd[1226]: 7A1B640AFD: client=unknown[192.168.1.20]
Oct 28 09:20:58 geekpeek postfix/cleanup[1244]: 7A1B640AFD: message-id=<>
Oct 28 09:20:58 geekpeek postfix/qmgr[1149]: 7A1B640AFD: from=<testing@123.com>, size=190, nrcpt=1 (queue active)
Oct 28 09:20:58 geekpeek postfix/virtual[1245]: 7A1B640AFD: to=<info@my-domain1.com>, relay=virtual, delay=19, delays=19/0.01/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
Oct 28 09:20:58 geekpeek postfix/qmgr[1149]: 7A1B640AFD: removed
Oct 28 09:21:00 geekpeek postfix/smtpd[1226]: disconnect from unknown[192.168.1.20]

The “delivered to maildir” line means, the message was successfully delivered to “/var/mail/vhosts/my-domain1.com/info/new” folder.

10. Install Dovecot

Install and Configure Postfix with Dovecot
Install and Configure Postfix with Dovecot

Comming to the second part of tutorial on running Postfix with Dovecot. Let’s install Dovecot and make it start at boot.

[root@geekpeek ~]# yum install dovecot
[root@geekpeek ~]# chkconfig dovecot on

11. Edit Main Dovecot Configuration File

Before making any changes to Dovecot configuration file make a backup of it.

Main Dovecot configuration file is “/etc/dovecot/dovecot.conf”, additional config files are located in “/etc/dovecot/conf.d” directory. Main Dovecot configuration file should look like this:

# Uncomment and edit this line
protocols = imap pop3

# Uncomment and edit - make dovecot only listen on ipv4
listen = *
# Leave as it is
dict {
}
!include conf.d/*.conf

12. Edit Additional Dovecot Configuration Files

There are additional Dovecot configuration files located in “/etc/dovecot/conf.d” directory. We need to edit some of them as follows.

/etc/dovecot/10-auth.conf

# Uncomment
 disable_plaintext_auth = yes
# Leave as it is
 auth_mechanisms = plain login
# Comment this line
#!include auth-system.conf.ext
# Uncomment
 !include auth-passwdfile.conf.ext
 !include auth-checkpassword.conf.ext

/etc/dovecot/conf.d/10-logging.conf

# Uncomment and edit
 log_path = /var/log/dovecot.log
 auth_verbose = yes
 auth_verbose_passwords = no
 auth_debug = no
 auth_debug_passwords = no
 mail_debug = no
 verbose_ssl = no
# Leave as it is
 plugin {
 }

/etc/dovecot/conf.d/10-mail.conf

# Uncomment and edit to reflect previous configuration
 mail_location = maildir:/var/mail/vhosts/%d/%n
 mail_uid = 500
 mail_gid = 500
 mail_privileged_group = mboxuser
# Leave as it is
 mbox_write_locks = fcntl

/etc/dovecot/conf.d/10-master.conf

# Leave as it is
 service imap-login {
  inet_listener imap {
  }
  inet_listener imaps {
  }
 }
 service pop3-login {
  inet_listener pop3 {
  }
  inet_listener pop3s {
  }
 }
 # Comment this out
 #service lmtp {
 # unix_listener lmtp {
 # }
 #}
 # Leave as it is
 service imap {
 }
 service pop3 {
 }
 # Edit and change
 service auth {
 unix_listener auth-userdb {
 mode = 0600
 user = postfix
 group = postfix
 }
 unix_listener /var/spool/postfix/private/auth {
 mode = 0666
 user = postfix
 group = postfix
 }
 }
 service auth-worker {
 }
 service dict {
 unix_listener dict {
 }
 }

/etc/dovecot/conf.d/10-ssl.conf

# Uncomment
 ssl = yes
 # Leave this for now - we will change this in Step 16
 ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
 ssl_key = </etc/pki/dovecot/private/dovecot.pem

13. Generate Passwords for Dovecot Users

The Dovecot users password file location is defined in “/etc/dovecot/conf.d/auth-passwdfile.conf.ext”. By default this is “/etc/dovecot/users” file. We can generate a password for user using the following command:

[root@geekpeek ~]# doveadm pw -s SHA512-CRYPT
Enter new password: 
Retype new password: 
{SHA512-CRYPT}$6$7iU6C9qP.Ba2R3bz$3cw0qRM4Q0s1Nh15xaJYzj8qA7AR4KjqQuE4vbMup4Ncg8rIFsnGGNvjH1huYw3.6ijkNWibp51N6N1FTxbJ01

We chose to use the strongest SHA512 encryption and as we can see, this command only encrypts the string you entered as password.

Next we need to edit or create a “/etc/dovecot/users” file and enter the information about a user as follows:

info@my-domain1.com:{SHA512-CRYPT}$6$7iU6C9qP.Ba2R3bz$3cw0qRM4Q0s1Nh15xaJYzj8qA7AR4KjqQuE4vbMup4Ncg8rIFsnGGNvjH1huYw3.6ijkNWibp51N6N1FTxbJ01::::

We must not forget to add the “::::” at the end of the line to make this work!!

Repeat the process for every mail user on the server.

14. Start Dovecot

We are finally ready to start Dovecot for the first time.

[root@geekpeek ~]# /etc/init.d/dovecot start
Starting Dovecot Imap: [ OK ]

Check that Dovecot is listening on IMAP(s) and POP(s) ports:

[root@geekpeek ~]# netstat -anpt |grep dovecot
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 1397/dovecot 
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 1397/dovecot 
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 1397/dovecot 
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 1397/dovecot

15. Generate Postfix Self-Signed Certificate

We need to generate a self-signed SSL certificate to be used with Postfix and Dovecot.

Follow these steps to do this:

[root@geekpeek ~]# mkdir /etc/postfix/ssl
[root@geekpeek ~]# cd /etc/postfix/ssl/
[root@geekpeek ssl]# openssl genrsa -out postfix.key 2048
Generating RSA private key, 2048 bit long modulus
.....+++
.............+++
e is 65537 (0x10001)
[root@geekpeek ssl]# openssl req -new -key postfix.key -out postfix.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:SI
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:Ljubljana
Organization Name (eg, company) [Default Company Ltd]:GeekPeek.Net
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:server.geekpeek.net
Email Address []:info@geekpeek.net
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@geekpeek ssl]# openssl x509 -req -days 3650 -in postfix.csr -signkey postfix.key -out postfix.crt
Signature ok
subject=/C=SI/L=Ljubljana/O=GeekPeek.Net/CN=server.geekpeek.net/emailAddress=info@geekpeek.net
Getting Private key

16. Reconfigure Postfix

To wrap things up, we must reconfigure Postfix to work with Dovecot.

This requires some additional changes to Postfix main.cf and master.cf configuration files as follows.

Add the following lines to the bottom of the “/etc/postfix/main.cf” file:

# SSL/TLS
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/ssl/postfix.key
smtpd_tls_cert_file = /etc/postfix/ssl/postfix.crt
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
 
# SASL
smtpd_sasl_type = dovecot
broken_sasl_auth_clients = yes
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
# HELO restrictions:
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
 permit_mynetworks,
 permit_sasl_authenticated,
 reject_non_fqdn_helo_hostname,
 reject_invalid_helo_hostname,
 permit
# Sender restrictions:
smtpd_sender_restrictions =
 permit_mynetworks,
 permit_sasl_authenticated,
 reject_non_fqdn_sender,
 reject_unknown_sender_domain,
 permit
# Recipient restrictions:
smtpd_recipient_restrictions =
 reject_unauth_pipelining,
 reject_non_fqdn_recipient,
 reject_unknown_recipient_domain,
 permit_mynetworks,
 permit_sasl_authenticated,
 reject_unauth_destination,
 permit
# Relay restrictions
smtpd_relay_restrictions =
 permit_mynetworks
 permit_sasl_authenticated
 reject_unauth_destination
 permit
# Limit DOS
default_process_limit = 100
smtpd_client_connection_count_limit = 10
smtpd_client_connection_rate_limit = 30
queue_minfree = 20971520
header_size_limit = 51200
message_size_limit = 10485760
smtpd_recipient_limit = 100

These are mostly security checks and restrictions for our mail server. With these, we only allow authenticated users to send mail from our servers. Also we are checking if the senders and recipients are comming from a valid domain and more.

We have also configured a basic DOS security just to bounce off any unwanted attacks.

Also we need to edit “/etc/postfix/master.cf” file and uncomment the following lines:

/etc/postfix/master.cf

submission inet n - n - - smtpd
 -o smtpd_tls_security_level=encrypt
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 -o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
 -o smtpd_tls_wrappermode=yes
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 -o milter_macro_daemon_name=ORIGINATING

17. Reconfigure Dovecot

Please change the SSL certificate used in Dovecot with the newly generated self-signed certificate as follows. If you leave

Dovecot pointing to default certificate you might encounter some SSL errors:

/etc/dovecot/conf.d/10-ssl.conf

# Uncomment
 ssl = yes
 # Change to point to SSL cert generated in Step 15
 ssl_cert = </etc/postfix/ssl/postfix.crt
 ssl_key = </etc/postfix/ssl/postfix.key

18. Reconfigure IPTables

We must reconfigure IPTables to allow connections on ports 110 (POP3), 993 (POP3s), 143 (IMAP) and 993 (IMAPs). Read more on how to reconfigure IPTables HERE.

19. Restart Postfix and Dovecot

As a final step before testing out our new mail server, we need to restart Postfix and Dovecot services for changes to take effect.

[root@geekpeek ~]# /etc/init.d/postfix restart
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
[root@geekpeek ~]# /etc/init.d/dovecot restart
Stopping Dovecot Imap: [ OK ]
Starting Dovecot Imap: [ OK ]

Voila! We have successfully installed and configured Postfix with Dovecot!

You can now configure your IMAP or POP clients to use your server as a mail server. You can do this on your mobile or desktop clients such as MS Outlook or Thunderbird.

BIG thanks to Kliment Andreev and his blog for useful information on this topic which i used in this turorial too!

  • Luís Correia

    Hey there. I sent this tutorial to a friend of mine trying to set this
    up in his VPS but we ran into some trouble. I’ve tested this myself and
    couldn’t get any mail delivered to any of the users’ inboxes. I’ve tried
    to troubleshoot it a bit and I believe the problem is in the
    discrepancy in steps 3 and 12.

    On step 3 we tell Postfix that
    “virtual_mailbox_base = /var/mail/vdomains” (/etc/postfix/main.cf) but
    then on step 12 we tell Dovecot that “mail_location =
    maildir:/var/mail/vhosts/%d/%n” (the directories we create on step 6).

    Because
    the mail is in fact being delivered by Postfix on
    “/var/mail/vdomains/domain.tld/user/new”, nothing unusual shows up on
    “/var/log/maillog”. But because Dovecot is trying to read what’s in
    “/var/mail/vhosts/domain.tld/user/new” and because there’s nothing being
    delivered there, email clients won’t ever pick up on any emails.

    Changing
    “virtual_mailbox_base = /var/mail/vdomains” to “virtual_mailbox_base =
    /var/mail/vhosts” (/etc/postfix/main.cf) should take care of it.

    • Mitch

      Hi Luis, Thanks to you and your friend for pointing this out. My bad for changing the dir names when writing this how to. Anyways, good catch and thanks again for the help. I fixed the issue and it should be ok now. Regards, Mitch

  • Florin Donald

    Thank you very much!

  • Pingback: Configure Postfix Mail Forward - GeekPeek.Net()

  • kevin

    I am not able to receive any email from outside or inside but can send emails as well. I can see the emails are stored in the mailbox directory but no email shows in thunderbird

    May 04 12:56:14 pop3-login: Info: Login: user=, method=PLAIN, rip=210.89.58.245, lip=23.xxx.xxx.140, mpid=9283, TLS

    May 04 12:56:15 pop3(support@support@xxxxxxxxxx.com.com): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0

    • Mitch

      Hi Kevin, did you try a different client?

      • kevin

        yes I have used different client. but still not working. Did you want me to post the postconf here. Also is home_mailbox = Maildir/ is correct.

        [root@www ~]# postconf -n

        alias_database = hash:/etc/aliases

        alias_maps = hash:/etc/aliases

        broken_sasl_auth_clients = yes

        command_directory = /usr/sbin

        config_directory = /etc/postfix

        daemon_directory = /usr/libexec/postfix

        data_directory = /var/lib/postfix

        debug_peer_level = 2

        default_process_limit = 100

        header_size_limit = 51200

        home_mailbox = Maildir/

        html_directory = no

        inet_interfaces = all

        inet_protocols = ipv4

        mail_owner = postfix

        mailq_path = /usr/bin/mailq.postfix

        manpage_directory = /usr/share/man

        message_size_limit = 10485760

        mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

        mydomain = xxxxxxxxxxxxxx.com

        myhostname = http://www.xxxxxxxxxxxxxx.com

        mynetworks_style = host

        myorigin = $mydomain

        newaliases_path = /usr/bin/newaliases.postfix

        queue_directory = /var/spool/postfix

        queue_minfree = 20971520

        readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES

        sample_directory = /usr/share/doc/postfix-2.6.6/samples

        sendmail_path = /usr/sbin/sendmail.postfix

        setgid_group = postdrop

        smtpd_client_connection_count_limit = 10

        smtpd_client_connection_rate_limit = 30

        smtpd_delay_reject = yes

        smtpd_helo_required = yes

        smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit

        smtpd_recipient_limit = 100

        smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, permit

        smtpd_sasl_auth_enable = yes

        smtpd_sasl_path = private/auth

        smtpd_sasl_security_options = noanonymous

        smtpd_sasl_type = dovecot

        smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, permit

        smtpd_tls_auth_only = yes

        smtpd_tls_cert_file = /etc/postfix/ssl/postfix.crt

        smtpd_tls_key_file = /etc/postfix/ssl/postfix.key

        smtpd_tls_loglevel = 0

        smtpd_tls_received_header = yes

        smtpd_tls_security_level = may

        smtpd_tls_session_cache_timeout = 3600s

        tls_random_source = dev:/dev/urandom

        unknown_local_recipient_reject_code = 550

        virtual_alias_maps = hash:/etc/postfix/virtual

        virtual_gid_maps = static:500

        virtual_mailbox_base = /var/mail/vhosts

        virtual_mailbox_domains = /etc/postfix/virtual_domains

        virtual_mailbox_maps = hash:/etc/postfix/vmailbox

        virtual_minimum_uid = 500

        virtual_uid_maps = static:500

        [root@www ~]#

  • kevin

    yes I have used different client. but still not working. Did you want me to post the postconf here.

    • Mitch

      Hi Kevin, you can send me the postconf on info[at]geekpeek.net. Thanks

      • kevin

        I have just sent the postfonf details to the email specified.

  • Aleksandr

    This is the best short tutorial i’ve ever seen about Postfix/Dovecot stack. Thank you Kevin!

  • Walter Mulder

    The tutorial is very good. What i’am missing is how to use the virtual created email adresses. What are the username and passwords?

    • Mitch

      Hi Walter. Check step 13, you generate passwords with “doveadm” command, enter the desired password and get an encrypted version of this password out – this is the {SHA512-CRYPT}….. part. You put the desired email with this encrypted password to /etc/dovecot/users to map it together and that’s it. Username is the email address.

      • Walter Mulder

        Thank you for your answer. However I don’t succeed to log-in with my mail program. I use the password which I entered in step 13, username email adres and for the the incomming mail server mail.virtual-domain.nl.
        My can connect to my older mail accounts from my real domain. However I don’t receive email anymore. Can you give me a clue?

  • Laszlo

    Hi Mitch,

    I am having trouble to get config this all-mail-server thing.
    I have a VPS (hosted by 1&1) what I had re-installed to get a clear OS.
    I did everything step by step through your tutorial but somehow it does not work out for me.

    Step 10.
    Testing Postfix.
    When I’m attempting to send an email to my newly created email address I got “Mail Delivery System” response immediately.

    I have checked;
    postfix is running,

    the firewall is opened on port 80, 443, 110, 995, 143, 993, 25, 465, 587
    and it’s listening on 25, 993, 995, 587, 110, 143, 80, 465 ports

    I have restarted the whole pc / postfix / dovecot…

    I would appreciate your help.
    If you have any question -> go ahead pls

    Best Regards,
    Laszlo

    • Mitch

      Hi Laszlo,
      There are many things to check first, to see where you might be stuck. The first and most important is the /var/log/maillog log file. From there you will see if the postfix config is ok or not and also if you get even close to connecting to your mail server. Please review it carefully and let me know your findings. Hopefully after that we will have more information to proceed investigation.
      Regards,
      Mitch

      • Laszlo

        Hi Mitch,

        Here you go:

        Feb 29 19:50:53 xxxxxxxxx postfix/postfix-script[2677]: starting the Postfix mail system
        Feb 29 19:50:53 xxxxxxxxx postfix/master[2678]: daemon started — version 2.6.6, configuration /etc/postfix
        Feb 29 19:50:56 xxxxxxxxx postfix/postfix-script[2705]: stopping the Postfix mail system
        Feb 29 19:50:56 xxxxxxxxx postfix/master[2678]: terminating on signal 15
        Feb 29 19:50:57 xxxxxxxxx postfix/postfix-script[2777]: starting the Postfix mail system
        Feb 29 19:50:57 xxxxxxxxx postfix/master[2778]: daemon started — version 2.6.6, configuration /etc/postfix
        Feb 29 20:16:19 xxxxxxxxx postfix/postfix-script[3014]: stopping the Postfix mail system
        Feb 29 20:16:19 xxxxxxxxx postfix/master[2778]: terminating on signal 15
        Feb 29 20:16:19 xxxxxxxxx postfix/postfix-script[3086]: starting the Postfix mail system
        Feb 29 20:16:19 xxxxxxxxx postfix/master[3087]: daemon started — version 2.6.6, configuration /etc/postfix

        I have tried to send an email from my existing gmail address to the newly created one. I could see nothing in the log file then I restarted postfix service…. twice….

        Then I tried to configure my mail client app on my phone:

        Feb 29 20:17:15 xxxxxxxxx postfix/smtpd[3121]: connect from xxxxx-xxxxx-2-0-custxxx.1-2.cable.xxxxxxx.xxx[12.34.567.890]
        Feb 29 20:17:15 xxxxxxxxx postfix/smtpd[3121]: SSL_accept error from xxxxx-xxxxx-2-0-custxxx.1-2.cable.xxxxxxx.xxx[12.34.567.890]: 0
        Feb 29 20:17:15 xxxxxxxxx postfix/smtpd[3121]: warning: TLS library problem: 3121:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1259:SSL alert number 46:
        Feb 29 20:17:15 xxxxxxxxx postfix/smtpd[3121]: lost connection after CONNECT from xxxxx-xxxxx-2-0-custxxx.1-2.cable.xxxxxxx.xxx[12.34.567.890]
        Feb 29 20:17:15 xxxxxxxxx postfix/smtpd[3121]: disconnect from xxxxx-xxxxx-2-0-custxxx.1-2.cable.xxxxxxx.xxx[12.34.567.890]
        Feb 29 20:17:28 xxxxxxxxx postfix/smtpd[3126]: connect from xxxxx-xxxxx-2-0-custxxx.1-2.cable.xxxxxxx.xxx[12.34.567.890]
        Feb 29 20:17:28 xxxxxxxxx postfix/smtpd[3126]: disconnect from xxxxx-xxxxx-2-0-custxxx.1-2.cable.xxxxxxx.xxx[12.34.567.890]

        • Laszlo

          then I tried with thunderbird mail client:

          Feb 29 20:20:48 xxxxxxxxx postfix/anvil[3124]: statistics: max connection rate 1/60s for (submission:12.34.567.890) at Feb 29 20:17:28
          Feb 29 20:20:48 xxxxxxxxx postfix/anvil[3124]: statistics: max connection count 1 for (submission:12.34.567.890) at Feb 29 20:17:28
          Feb 29 20:20:48 xxxxxxxxx postfix/anvil[3124]: statistics: max cache size 1 at Feb 29 20:17:28
          Feb 29 20:22:21 s18951804 postfix/smtpd[3141]: connect from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3140]: connect from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3147]: connect from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3148]: connect from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3156]: connect from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3157]: connect from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3159]: connect from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3141]: improper command pipelining after EHLO from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3141]: disconnect from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3141]: connect from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3160]: connect from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3161]: connect from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3140]: improper command pipelining after EHLO from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3140]: disconnect from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3140]: connect from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3147]: improper command pipelining after EHLO from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3147]: disconnect from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3148]: improper command pipelining after EHLO from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3148]: disconnect from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3162]: connect from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3156]: improper command pipelining after EHLO from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3156]: disconnect from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3157]: improper command pipelining after EHLO from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3157]: disconnect from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3159]: improper command pipelining after EHLO from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3159]: disconnect from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3160]: improper command pipelining after EHLO from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3140]: improper command pipelining after EHLO from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3141]: improper command pipelining after EHLO from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3141]: disconnect from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]
          Feb 29 20:22:21 s18951804 postfix/smtpd[3160]: disconnect from xxxxx-xxxxx-2-0-custxxx.1-2.ca…[12.34.567.890]

          i tested postfix with telnet:
          [root@xxxxxxxxx postfix]# telnet localhost 25
          Trying ::1…
          telnet: connect to address ::1: Connection refused
          Trying 127.0.0.1…
          Connected to localhost.
          Escape character is ‘^]’.
          220 server.mydomainname.com ESMTP Postfix
          ehlo localhost
          250-server.mydomainname.com
          250-PIPELINING
          250-SIZE 10485760
          250-VRFY
          250-ETRN
          250-STARTTLS
          250-ENHANCEDSTATUSCODES
          250-8BITMIME
          250 DSN
          quit
          221 2.0.0 Bye
          Connection closed by foreign host.

          my iptables:

          Chain INPUT (policy DROP)
          num target prot opt source destination
          1 ACCEPT all — 0.0.0.0/0 0.0.0.0/0
          2 ACCEPT all — 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
          3 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:ssh
          4 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
          5 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
          6 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
          7 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:587
          8 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
          9 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
          10 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:465
          11 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
          12 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
          13 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:443

          netstat:

          Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
          tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 820/sshd
          tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 3112/dovecot
          tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 3112/dovecot
          tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 3087/master
          tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 3112/dovecot
          tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 3112/dovecot
          tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 584/httpd
          tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 3087/master
          tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3087/master
          tcp 0 48 123.123.123.123:ssh 12.34.567.890:xxxxx ESTABLISHED 1919/sshd
          tcp 0 0 :::ssh :::* LISTEN 820/sshd

          I have no idea
          but I hope I could provide all information what you need… 🙂

          Best Regards,
          Laszlo

          • Laszlo

            what I can see is it has some problem with the ssl cert….. :S 🙁

          • Mitch

            I see you’ve tried with telnet, but did not go all the way. Try to send an email by connecting to localhost smtp following these instructions http://www.wikihow.com/Send-Email-Using-Telnet
            Regards,
            Mitch

  • kapil

    Awesome !! This article is the best article I’ve found over internet….Thanks alot ~_`

    After spending 20 hours. I found your article. Digital ocean are some how cheating SEO in google. I believe your article your come up in google 🙂