Howto: Setup postfix bulk email server with sasl authentication

Posted on Updated on

As per the project requirment I need to provide bulk email server and have to give valid records for avoid spamming, the DNS records like Reverse lookup, DKIM record , SPF record and Authentication.

I followed the below application for setup the server
1, Postfix – MTA
2, Opendkim – Key identifier
3, dovcot for – SASL authentication
4, Reverse lookup – have the setup from DataCenter where the server is located
Install the necessary package from the repository

yum install dovecot opendkim postfix openssl -y

1, Postfix Configuration

Verify the required given configurations are enabled in the configuration file /etc/postfix/

smtpd_banner = Welcom to $myhostname.$mydomain ESMTP $mail_name
 biff = no
 append_dot_mydomain = no
 readme_directory = no
 myhostname =
 mydomain =
 myorigin = $mydomain
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
 mydestination = localhost.localdomain, , localhost
 mynetworks =, [::ffff:]/104 [::1]/128
 mailbox_size_limit = 0
 recipient_delimiter = +
 inet_interfaces = all
 home_mailbox = Maildir/

2, Configure opendkim
Verify the required given configurations are enabled in the configuration file /etc/opendkim.conf

 TemporaryDirectory /var/tmp
 PidFile /var/run/opendkim/
 Mode sv
 Syslog yes
 SyslogSuccess yes
 LogWhy yes
 UserID opendkim:opendkim
 Socket inet:8891@localhost
 Umask 002
 Canonicalization relaxed/relaxed
 Selector cloud
 MinimumKeyBits 1024
 KeyFile /etc/opendkim/keys/
 KeyTable /etc/opendkim/KeyTable
 SigningTable refile:/etc/opendkim/SigningTable
 ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
 InternalHosts refile:/etc/opendkim/TrustedHosts
 SignatureAlgorithm rsa-sha256

Now append the DKIM configurtion with the existing postix setting in /etc/postfix/

smtpd_milters = inet:
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
milter_protocol = 2

Generating DKIM keys

1, Create User for starting deamon

useradd -r -g opendkim -G mail -s /sbin/nologin -d /var/run/opendkim -c "OpenDKIM" opendkim

2, Create Key store directory and previleges

mkdir -p /etc/opendkim/keys/
chown -Rv opendkim:opendkim /etc/opendkim
chmod u=rw,go-rwx /etc/opendkim/*
chmod -R u=rw,go-rwx /etc/opendkim/keys/*

3, Generate DKIM Keys

opendkim-genkey -D /etc/opendkim/keys/ -d -s cloud

I generated the keys inside the specified directory, cloud.txt contains the Key which need to be update in the DNS

-rw-------. 1 opendkim opendkim 887 Aug 30 09:19 cloud.private
-rw-------. 1 opendkim opendkim 315 Aug 30 09:19 cloud.txt
cat cloud.txt
cloud._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA5K5BLNxFZIN43LWjmq7X2h3RW2md6o+Wn6F8lnMvWx/SUZ6FWf9kwkid/JRbEI0PBjgFo6/f6N0+c3j/7WAEH6R81S+X9fo+58eX1RafyNIAofU0PQKQcUKRBWgfNYA5En7DUoVWZpy2ZhbHutTI96U3A4HjDVksm45VWyoTIwIDAQAB" ) ; ----- DKIM key cloud for

4, Update the SigningTable,TrustedHosts KeyTable for the domain

Keys: /etc/opendkim/keys/

KeyTables: /etc/opendkim/KeyTable

SigningTable : /etc/opendkim/SigningTable

TrustedHosts: /etc/opendkim/TrustedHosts

Thas all with the opendkim, now verify the keys use the below command

opendkim-testkey -vvv -d -k /etc/opendkim/keys/ -s cloud

3, Configure Dovecot

Append existing entries for service auth with given entries in the file /etc/dovecot/conf.d/10-master.conf

service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix

If all done from the steps, now time to restart the servers

#service dovecot restart
#service opendkim restart
#service postfix restart

Add new user for the authentication,

#useradd -M SMTPAUTH
#passwd SMTPAUTH

verify the installation

echo $(date) | mailx -v -s "test_subject_1" -S smtp=smtp:// -S smtp-auth-user=SMTPAUTH -S smtp-auth-password="yzBuffrtkqezfkwO6amcuhh6" -S smtp-auth=login -S from=" Domain)"
tail -f /var/log/maillog
Jan 9 14:33:40 mta-smtp01 postfix/smtpd[4126]: F246861F2A:[], sasl_method=LOGIN, sasl_username=SMTPAUTH
Jan 9 14:33:41 mta-smtp01 postfix/cleanup[4062]: F246861F2A: message-id=<>
Jan 9 14:33:41 mta-smtp01 opendkim[32439]: F246861F2A: DKIM-Signature field added (s=cloud,
Jan 9 14:33:41 mta-smtp01 postfix/qmgr[1119]: F246861F2A: from=<>, size=631, nrcpt=1 (queue active)
Jan 9 14:33:41 mta-smtp01 postfix/smtp[4063]: F246861F2A: to=<>,[]:25, delay=0.6, delays=0.09/0/0.08/0.43, dsn=2.0.0, status=sent (250 <> Queued mail for delivery)
Jan 9 14:33:41 mta-smtp01 postfix/qmgr[1119]: F246861F2A: removed
Don't forget to request reverse DNS for the server IP, it should resolve like this. domain name pointer

4, Reverse DNS

Don’t forget to request reverse DNS for the server IP, it should resolve like this. domain name pointer