Detailed steps to build an independent mail server on Centos7.9

Preface

Due to the excessive volume of zabbix monitoring alarm emails sent by the company, the Tencent corporate mailbox used may miss or refuse to send due to excessive sending frequency, so now we use a self-built intranet mail server to send zabbix alarm emails.

The intranet's alarm mail server can only send mails to other mailboxes (Tencent corporate mailbox, NetEase mailbox, etc.), but cannot receive replies from other mailboxes. If you want to receive replies, you need to purchase a domain name and configure A records and MX records. This document will not explain this.

1. Configure intranet DNS A record and MX record

The domain name host I use in my intranet is dnsmasq proxy software, which is simple, convenient and diverse to use. For detailed configuration, please refer to other documents.

[root@dns_proxy ~]# grep liqing /etc/dnsmasq.conf
address=/mail.liqing-test.top/192.168.2.100
mx-host=liqing-test.top,mail.liqing-test.top,10

2. Initialization configuration of mail server

1. Change the host name

[root@localhost /]# hostnamectl --static set-hostname mail.liqing-test.top|bash

2. Turn off firewall and selinux

[root@mail /]# systemctl stop iptables && systemctl disable iptables
[root@mail /]# systemctl stop firewalld && systemctl disable firewalld
[root@mail /]# setenforce 0

3. Enable time synchronization

[root@mail /]# yum -y install ntpdate && ntpdate ntp.aliyun.com

4. Install the software

[root@mail /]# yum -y install postfix dovecot cyrus-sasl-* mailx

3. Modify the configuration file

Note: The configuration file backup operation is performed by yourself in this document

1 Configure postfix

[root@mail /]# cat /etc/postfix/main.cf
mail_owner = postfix
myhostname = mail.liqing-test.top
mydomain = liqing-test.top
myorigin = $mydomain
inet_interfaces = all
inet_protocols = ipv4
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain, www.$mydomain, ftp.$mydomain
local_recipient_maps =
mynetworks = 0.0.0.0/0
relay_domains = $mydestination
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtpd_banner = $myhostname ESMTP

# Add smtpd_sasl_type = dovecot at the bottom
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_auth_destination,permit_sasl_authenticated
smtpd_client_restrictions = permit_sasl_authenticated

2 Configure dovecot

2.1 Configure the monitoring protocol:

[root@mail /]# cat /etc/dovecot/dovecot.conf
protocols = imap pop3 lmtp
listen = *
login_trusted_networks = 0.0.0.0/0
dict {
}
!include conf.d/*.conf
!include_try local.conf

2.2 Configure login method:

[root@mail /]# cat /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no
auth_mechanisms = plain login
!include auth-system.conf.ext

2.3 Configure the email storage location:

[root@mail /]# cat /etc/dovecot/conf.d/10-mail.conf
mail_location = mbox:~/mail:INBOX=/var/mail/%u
namespace inbox {
inbox = yes
}
first_valid_uid = 1000
mbox_write_locks = fcntl

[root@mail /]# cat /etc/dovecot/conf.d/10-master.conf 
service auth {
   unix_listener /var/spool/postfix/private/auth {
   mode = 0666
   user = postfix
   group = postfix
   }
}

2.4 Configure SSL (off):

[root@mail /]# cat /etc/dovecot/conf.d/10-ssl.conf 
ssl = no

3 Configure sasl2

3.1 Configure system authentication:

[root@mail /]# cat /etc/sysconfig/saslauthd 
SOCKETDIR=/run/saslauthd
MECH=shadow
FLAGS=

3.2 Configure login method:

[root@mail /]# cat /etc/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
log_level:3

4 Start the service:

systemctl restart dovecot
systemctl restart postfix
systemctl restart saslauthd
systemctl enable dovecot
systemctl enable postfix
systemctl enable saslauthd

5 Create a user and set a pass

[root@mail /]# useradd -m autumn && echo 123456 | passwd --stdin autumn
[root@mail /]# su - autumn 
[autumn@mail ~]$ mkdir -p ~/mail/.imap/INBOX
[autumn@mail ~]$ chmod -R 750 ~/mail #(If you do not do this, you will get an error {Error: Couldn't open INBOX: Permission denied} when logging in with foxmail)
[autumn@mail ~]$ exit

6 Configure mailx:

[root@mail /]# cat /etc/mail.rc
set [email protected]
set smtp=mail.liqing-test.top
set smtp-auth-user=autumn
set smtp-auth-password=123456
set smtp-auth=login

4. Send email test

1 Command line email sending test

[root@mail /]# echo "Mail server test" | mail -s "Mail server test" [email protected]

2 Use foxmail to log in and send email test

Five Error Reports

1 Permission denied

When using foxmail to log in to the mailbox, it prompts that permission is denied. This is because the mail file permission in the mailbox user's home directory is not 750. Set it to 750 to solve the problem.

[autumn@mail ~]$ chmod -R 750 ~/mail

Dec 3 10:15:35 Git-server dovecot: pop3-login: Login: user=<autumn>, method=PLAIN, rip=192.168.31.100, lip=192.168.2.100, mpid=24843, secured, session=<YnZ3ezTSjiLAqB9k>

Dec 3 10:15:35 Git-server dovecot: pop3(autumn): Error: fchown(/home/autumn/mail/.imap, group=12(mail)) failed: Operation not permitted (egid=1004(autumn), group based on /var/mail/autumn - see http://wiki2.dovecot.org/Errors/ChgrpNoPerm)

Dec 3 10:15:35 Git-server dovecot: pop3(autumn): Error: Couldn't open INBOX: Permission denied

Dec 3 10:15:35 Git-server dovecot: pop3(autumn): Couldn't open INBOX: Permission denied top=0/0, retr=0/0, del=0/0, size=0

Dec 3 10:16:26 Git-server dovecot: pop3-login: Login: user=<autumn>, method=PLAIN, rip=192.168.31.100, lip=192.168.2.100, mpid=24895, secured, session=<NkWHfjTS2CLAqB9k>

Dec 3 10:16:26 Git-server dovecot: pop3(autumn): Error: fchown(/home/autumn/mail/.imap, group=12(mail)) failed: Operation not permitted (egid=1004(autumn), group based on /var/mail/autumn - see http://wiki2.dovecot.org/Errors/ChgrpNoPerm)

2 Unable to find host:

When sending an email, the mx record will be searched based on the resolution record of the email address. Here, when I sent a test email to Tencent's corporate mailbox, I couldn't find Tencent's email address. I solved it by adding Tencent's mx record to the intranet dns proxy

[root@dns- ~]# grep qq /etc/dnsmasq.conf 
mx-host=***.com,mxbiz2.qq.com,10
mx-host=***.com,mxbiz1.qq.com,5

Dec 3 10:36:14 Git-server postfix/smtpd[26216]: connect from unknown[192.168.31.100]

Dec 3 10:36:15 Git-server postfix/smtpd[26216]: 05C682267F04: client=unknown[192.168.31.100], sasl_method=LOGIN, sasl_username=autumn

Dec 3 10:36:15 Git-server postfix/cleanup[26220]: 05C682267F04: message-id=<[email protected]>

Dec 3 10:36:15 Git-server postfix/qmgr[25430]: 05C682267F04: from=<[email protected]>, size=1561, nrcpt=1 (queue active)

Dec 3 10:36:15 Git-server postfix/smtpd[26216]: disconnect from unknown[192.168.31.100]

Dec 3 10:36:15 Git-server postfix/smtp[26221]: 05C682267F04: to=<***@***.com>, relay=none, delay=0.11, delays=0.08/0.02/0/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=***.com type=MX: Host not found, try again)

3 Email rejected

When I sent a test email to Tencent's corporate mailbox, the log showed 550 email connection rejected. This problem was solved after setting up a whitelist in the email.

Dec 3 10:11:57 Git-server postfix/smtpd[24617]: connect from mail.liqing-test.top[192.168.2.100]

Dec 3 10:11:57 Git-server postfix/smtpd[24617]: 4E2292267F04: client=mail.liqing-test.top[192.168.2.100], sasl_method=LOGIN, sasl_username=autumn

Dec 3 10:11:57 Git-server postfix/cleanup[24621]: 4E2292267F04: message-id=<61a97cec.xRtXn6hYj3NI3wI3%[email protected]>

Dec 3 10:11:57 Git-server postfix/qmgr[24504]: 4E2292267F04: from=<[email protected]>, size=541, nrcpt=1 (queue active)

Dec 3 10:11:57 Git-server postfix/smtpd[24617]: disconnect from mail.liqing-test.top[192.168.2.100]

Dec 3 10:11:58 Git-server postfix/smtp[24622]: 4E2292267F04: to=<***@***.com>, relay=mxbiz1.qq.com[183.57.48.34]:25, delay=1.6, delays=0.09/0.03/0.16/1.3, dsn=5.0.0, status=bounced (host mxbiz1.qq.com[183.57.48.34] said: 550 Mail content denied. http://service.exmail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000726 (in reply to end of DATA command))

This is the end of this article about the detailed steps of setting up an independent mail server on Centos7.9. For more information about setting up a mail server on Centos, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope you will support 123WORDPRESS.COM in the future!