Dovecot
Howto: Setup postfix bulk email server with sasl authentication
As per the project requirment I need to provide bulk email server and have to give valid records for avoid spamming, the DNS records like Reverse lookup, DKIM record , SPF record and Authentication.
I followed the below application for setup the server
1, Postfix – MTA
2, Opendkim – Key identifier
3, dovcot for – SASL authentication
4, Reverse lookup – have the setup from DataCenter where the server is located
Install the necessary package from the repository
yum install dovecot opendkim postfix openssl -y
1, Postfix Configuration
Verify the required given configurations are enabled in the configuration file /etc/postfix/main.cf
smtpd_banner = Welcom to $myhostname.$mydomain ESMTP $mail_name biff = no append_dot_mydomain = no readme_directory = no myhostname = smtp01-planetcure.in mydomain = planetcure.in myorigin = $mydomain alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydestination = localhost.localdomain, , localhost mynetworks = 0.0.0.0/0, 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all home_mailbox = Maildir/
2, Configure opendkim
Verify the required given configurations are enabled in the configuration file /etc/opendkim.conf
TemporaryDirectory /var/tmp PidFile /var/run/opendkim/opendkim.pid Mode sv Syslog yes SyslogSuccess yes LogWhy yes UserID opendkim:opendkim Socket inet:8891@localhost Umask 002 Canonicalization relaxed/relaxed Domain cloud.planetcure.in Selector cloud MinimumKeyBits 1024 KeyFile /etc/opendkim/keys/planetcure.in/cloud.private KeyTable /etc/opendkim/KeyTable SigningTable refile:/etc/opendkim/SigningTable ExternalIgnoreList refile:/etc/opendkim/TrustedHosts InternalHosts refile:/etc/opendkim/TrustedHosts SignatureAlgorithm rsa-sha256
Now append the DKIM configurtion with the existing postix setting in /etc/postfix/main.cf
smtpd_milters = inet:127.0.0.1:8891 non_smtpd_milters = $smtpd_milters milter_default_action = accept milter_protocol = 2
Generating DKIM keys
1, Create User for starting deamon
useradd -r -g opendkim -G mail -s /sbin/nologin -d /var/run/opendkim -c "OpenDKIM" opendkim
2, Create Key store directory and previleges
mkdir -p /etc/opendkim/keys/planetcure.in/ chown -Rv opendkim:opendkim /etc/opendkim chmod u=rw,go-rwx /etc/opendkim/* chmod -R u=rw,go-rwx /etc/opendkim/keys/*
3, Generate DKIM Keys
opendkim-genkey -D /etc/opendkim/keys/planetcure.in/ -d planetcure.in -s cloud
I generated the keys inside the specified directory, cloud.txt contains the Key which need to be update in the DNS
-rw-------. 1 opendkim opendkim 887 Aug 30 09:19 cloud.private -rw-------. 1 opendkim opendkim 315 Aug 30 09:19 cloud.txt
cat cloud.txt cloud._domainkey IN TXT ( "v=DKIM1; k=rsa; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA5K5BLNxFZIN43LWjmq7X2h3RW2md6o+Wn6F8lnMvWx/SUZ6FWf9kwkid/JRbEI0PBjgFo6/f6N0+c3j/7WAEH6R81S+X9fo+58eX1RafyNIAofU0PQKQcUKRBWgfNYA5En7DUoVWZpy2ZhbHutTI96U3A4HjDVksm45VWyoTIwIDAQAB" ) ; ----- DKIM key cloud for planetcure.in
4, Update the SigningTable,TrustedHosts KeyTable for the domain planetcure.in
Keys: /etc/opendkim/keys/planetcure.in/
KeyTables: /etc/opendkim/KeyTable
cloud._domainkey.planetcure.in planetcure.in:cloud:/etc/opendkim/keys/planetcure.in/cloud.private
SigningTable : /etc/opendkim/SigningTable
planetcure.in cloud._domainkey.planetcure.in *@planetcure.in cloud._domainkey.planetcure.in
TrustedHosts: /etc/opendkim/TrustedHosts
127.0.0.1 planetcure.in smtp01.planetcure.in 172.31.32.0/20
Thas all with the opendkim, now verify the keys use the below command
opendkim-testkey -vvv -d planetcure.in -k /etc/opendkim/keys/planetcure.in/cloud.private -s cloud
3, Configure Dovecot
Append existing entries for service auth with given entries in the file /etc/dovecot/conf.d/10-master.conf
service auth { unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix group = postfix } }
If all done from the steps, now time to restart the servers
#service dovecot restart #service opendkim restart #service postfix restart
Add new user for the authentication,
#useradd -M SMTPAUTH #passwd SMTPAUTH
verify the installation
echo $(date) | mailx -v -s "test_subject_1" -S smtp=smtp://smtp01.planetcure.in:25 -S smtp-auth-user=SMTPAUTH -S smtp-auth-password="yzBuffrtkqezfkwO6amcuhh6" -S smtp-auth=login -S from="no-reply@planetcure.in(Intra Domain)" anandbabu.tn@gmail.com/
tail -f /var/log/maillog Jan 9 14:33:40 mta-smtp01 postfix/smtpd[4126]: F246861F2A: client=ip-172-31-9-166.us-west-1.compute.internal[172.31.9.166], sasl_method=LOGIN, sasl_username=SMTPAUTH Jan 9 14:33:41 mta-smtp01 postfix/cleanup[4062]: F246861F2A: message-id=<54afe6c4.4kZNDOCtBpe5ROvd%no-reply@planetcure.in> Jan 9 14:33:41 mta-smtp01 opendkim[32439]: F246861F2A: DKIM-Signature field added (s=cloud, d=planetcure.in) Jan 9 14:33:41 mta-smtp01 postfix/qmgr[1119]: F246861F2A: from=<no-reply@planetcure.in>, size=631, nrcpt=1 (queue active) Jan 9 14:33:41 mta-smtp01 postfix/smtp[4063]: F246861F2A: to=<anandbabu.tn@gmail.com>, relay=mx3.hotmail.com[65.55.33.119]:25, delay=0.6, delays=0.09/0/0.08/0.43, dsn=2.0.0, status=sent (250 <54afe6c4.4kZNDOCtBpe5ROvd%no-reply@planetcure.in> Queued mail for delivery) Jan 9 14:33:41 mta-smtp01 postfix/qmgr[1119]: F246861F2A: removed Don't forget to request reverse DNS for the server IP, it should resolve like this. 444.333.222.11.in-addr.arpa domain name pointer smpt01.planetcure.in
4, Reverse DNS
Don’t forget to request reverse DNS for the server IP, it should resolve like this.
444.333.222.11.in-addr.arpa domain name pointer smpt01.planetcure.in
Build Your Own Website
100+ templates, customize and go live!