Why have your own mail server? You may have a website where you need to send emails to users, or you may want to store your emails on your own server to protect your privacy. However, creating your own mail server from scratch can be a real headache because there are so many software components that need to be properly installed and configured. For your convenience, I am creating a series of training courses for building your own mail server on CentOS.
I’m sure this will be the best tutorial for building an Internet mail server from scratch. Not only will you get a working mail server, but you will also have a much better understanding of how email works. This training series is divided into 9 parts:
- Basic Postfix SMTP Server Configuration
- Configuration of the loft IMAP server and TLS encryption
- Create virtual mailboxes with PostfixAdmin
- Create an SPF and DKIM entry to go through the spam filters.
- Configure DMARC to protect your domain’s reputation
- How can you prevent your emails from being marked as spam?
- How do you place multiple email domains in PostfixAdmin?
- Blocking email spam with Postfix
- SpamAssassin Spam Blocker
I know this seems like a very difficult task. But depending on the goals you want to achieve, you may not have to follow them all. My articles are easy to understand, so if you spend some time on them, you have a working mail server.
This material is the first part of this course series. In this article I will show you how to set up a simple Postfix SMTP server, also known as MTA (Message Transport Agent). Once you have completed this article, you can send and receive email using your own email domain on your own mail server. This training manual has been tested on CentOS 8/RHEL 8.
Postfix is a modern message transport agent (MTA), also known as an SMTP server, which serves two purposes.
- It is responsible for transporting email messages from the user’s email client or email agent (MUA) to a remote SMTP server.
- It is also used to receive e-mail from other SMTP servers.
Postfix was created by Vitze Venema, an expert in the field of Unix and safety. It is easy to use, designed with safety and modularity in mind, with each module working with the minimum rights necessary to perform its task. Postfix integrates tightly with Unix/Linux and does not offer the functions that Unix/Linux already offers. It is reliable under simple and stressful conditions.
Postfix was originally developed to replace Sendmail, the traditional SMTP server, with Unix. In comparison, Postfix is safer and easier to configure. It is compatible with Sendmail. So if you remove Sendmail and replace it with Postfix, your existing scripts and programs will continue to work without any problems.
In this lesson you will learn how to configure Postfix for a domain.
To send e-mails from your server, port 25 (outgoing) must be open. Many ISPs and hosting providers, such as DigitalOcean, block port 25, check spam and do not broadcast it. I recommend the use of a hostwind VPS (Virtual Private Server), because this does not block port 25 (outgoing), so you can send an unlimited number of emails at no extra cost. Before you buy a VPS, you can ask them if port 25 is blocked. Here is a transcript of a live chat with the moderators.
Once you have a hostwind server, install CentOS/RHEL on it and follow the instructions below.
Pay attention: If your VPS provider does not offer a one-click installation of CentOS 8, please read the following article about installing CentOS 8 on a VPS in VNC mode.
You also need a domain name. I registered my domain name with NameCheap because the price is low and they give you free Whois privacy for life.
Things to do to install postfix
To make Postfix work better and get the most out of Postfix, you need to configure the CentOS/RHEL server correctly.
Set the correct host name for the CentOS/RHEL server
By default, Postfix uses the host name of your server to identify itself when communicating with other ATMs. The host name can have two forms: a word and FQDN.
The one-word form is mainly used on personal computers. Your personal computer with Linux can be described as linux, debian, ubuntu, etc. The FQDN (Fully Qualified Domain Name) is normally used on servers that have access to the Internet and we must use the FQDN on our mail servers. It consists of two parts: the node name and the domain name. For example:
It’s the FQDN. Mail is a node name, linuxbabe.com a domain name. The FQDN will appear in the smtpd banner. Some MTAs reject messages if Postfix does not contain FQDN in the smtpd banner. Some MTAs even ask the DNS to see if the FQDN in the smtpd banner resolves the IP of your mail server.
Type the following command to see the FQDN form of your hostname.
Host name -f
If your CentOS/RHEL server doesn’t have FQDN yet, you can use hostnamectl to install it.
sudo hostnamectl set-hostname mail.yourdomain.com
The common FQDN for the mail server is mail.yourdomain.com. You need to log out and log in again to see this change on the command line. Also note that the FQDN can be replaced by Postfix using the myhostname parameter in the Postfix configuration file. I’ll show you how to do it later.
Creating DNS records for your mail server
To create DNS records, you must contact a DNS hosting service (usually your domain registrar).
An MX record informs other MTAs that your mailserver mail.yourdomain.com is responsible for delivering mail for your domain name.
MX record @ mail.linuxbabe.com
The general name of the MX-host is mail.yourdomain.com. You can specify multiple MX records and set the priority of your mail servers. A smaller number means a higher priority. Here we use only one MX record and set 0 as the priority value. (0 – 65355)
Note that when creating the MX record @ or the name of the main domain, you must enter it in the name field, as shown below. A top level domain name is a domain name without subdomains.
Record A assigns the FQDN to the IP address.
If your server uses an IPv6 address, it is also a good idea to add an AAAA record for mail.yourdomain.com.
A pointer record or PTR assigns the IP address to the FQDN. It is analogous to the A-record and is used for reverse DNS (rDNS) queries.
Reverse IP address resolution on PTR records can help block spammers. Many MTAs only accept e-mail if the server is actually responsible for a certain domain. You absolutely must configure a PTR entry for your mail server so that your mail has a better chance of reaching the recipient’s mailbox than the junk mail folder.
Use the following command to check the PTR record for an IP address.
Since you get the IP address from your hosting provider and not from your domain registrar, you must set the PTR entry for your IP address in your hosting provider’s Control Panel. If your server uses an IPv6 address, add a PTR entry for your IPv6 address.
After all this, let’s play with Postfix.
Installation of Postfix
Execute the following two commands on your CentOS/RHEL server.
sudo dnf update
install sudo dnf Postfix -y
Once it is installed, start the Postfix SMTP server.
sudo systemctl start postfix
And activate the automatic start during charging.
sudo systemctl Recording of Postfix
You can now check its status:
Status of the postfix system
As you can see, Postfix is now active (started) and autorun is enabled at startup. With this command you can check the version of postfix:
postal version of Postconf
CentOS 8/RHEL 8 comes with Postfix v3.3.1.
mail_version = 3.3.1
Postfix comes with many executable files in /usr/sbin/, as you can see in the following command
rpm -ql postfix | grep /usr/sbin/
A way out:
The netstat program tells us that the master postfix process on TCP port 25 is listening on the local host. (If your CentOS/RHEL server does not have the netstat command, you can run sudo dnf install net-tools to install it).
sudo netstat -lnpt | grep master
Zip code parameter
Listening to the public IP address
We can also use the following command to see which Postfix interface is being listened to. Postconf is a postfix configuration program that can display parameter values in the main postfix configuration file (/etc/postfix/main.cf).
A way out:
inet_interfaces = localhost
We need to run the following command to configure postfix to listen at a public IP address and receive messages from other SMTP servers The -e option allows postconf to change the main postfix configuration file.
sudo postconf -e inet_interfaces = all
Give the host name postfix to
By default, the Postfix SMTP server uses the host name of the operating system. You can display the current postfix hostname with the following command.
Name of the person concerned
Postfix uses this host name to identify itself when communicating with another SMTP server. However, the host name of the operating system may change, so it is recommended to define it directly in the postfix configuration file with the following command.
sudo postconf -e myhostname = mail.yourdomain.com
Setting the domain parameter $
The $mydomain parameter specifies the local Internet domain name. By default, $myhostname minus the first component is used. You can display the current value of $mydomain s:
Postal contact intermediaries
For example, it must be your primary domain name.
If the domain name of your node is not displayed, use the $mydomain option to set it:
sudo postconf -e mondomain = yourdomain.com
Adjust parameterof $myorigin
The $myorigin parameter defines the default domain name to which the addresses of senders and recipients that do not have an @-domain part are added. The default value is $myhostname, as you can see in the name :
A way out:
myorigin = $myhostname
You can change its value on yourdomain.com.
sudo postconf -e myorigin = yourdomain.com
Setting the target parameter $
The $mydestination setting indicates a list of domains for which your server considers itself to be the final destination. You can display the current value of $mydestination s
spoofing = $my hostname, localhost.$mydomain, localhost
The default value allows your Postfix SMTP server to receive messages for [Protected Email], [Protected Email] and [Protected Email], but does not allow your Postfix SMTP server to receive messages for [Protected Email]. To do this, add yourdomain.com to the list of domains.
sudo postconf -e mydestination = yourdomain.com, $myhostname, localhost.$mydomain, localhost
Finally, we need to restart Postfix to make the changes take effect.
sudo systemctl Restart Postfix
Open port 25 (incoming) in the firewall
To open port 25 (incoming), select the following commands to allow Postfix to receive e-mail from other SMTP servers.
sudo firewall-cmd –permanent –zone=public –add-port=25/tcp
Restart sudo systemctl firewall
Then we can use nmap to scan the open ports on our server. Run the following command on a separate computer, e.g. your personal computer. (I assume you are reading this tutorial on a computer running Linux). Replace the IP of your server with a real IP
sudo nmap your-server-ip
On the screenshot above you can see that TCP port 25 is open on my server.
Depending on your Linux distribution, nmap can be installed on Linux with one of the following commands.
Installing sudo apt nmap
install sudo dnf nmap
nmap sudo zypper installation
sudo pacman -S nmap
Check that port 25 (outgoing) is blocked
Install the Telnet utility.
telnet to install sudo dnf
Run the following command on your mail server to check if port 25 (outgoing) is blocked.
telnet gmail-smtp-in.l.google.com 25
If it is not blocked, you will see messages indicating that the connection was successful, as shown below. (Tip: enter the output and press the Enter key to close the connection).
Connected to gmail-smtp-in.l.google.com.
The character of Escape is ‘^’].
220 mx.google.com ESMTP y22si1641751pll.208 – gsmtp
If gate 25 (outgoing) had been blocked, you would have seen something like this:
Telnet: Connection to an external host is not possible: Timer connections
In this case, your zip code cannot send messages to other SMTP servers. Ask your ISP/hosting provider to open it for you. If they reject your request, you must configure the SMTP relay to bypass the block of port 25.
Send a test e-mail
We can now even send and receive e-mails via the command line. If you have a user account named user1 on your CentOS/RHEL server, this user’s email address is [Protected Email]. You can send an E-mail to the root user [Protected E-mail]. You can also send an e-mail to Gmail, Yahoo or any other e-mail service.
When installing Postfix, the Sendmail binary is placed in /usr/sbin/sendmail, which is compatible with the traditional Sendmail SMTP server. You can use binary sendmail Postfix to send a testmail to your Gmail account:
Echo test e-mail [secure e-mail]
With this simple command, sendmail reads a message from your default login, creates a test email message as the content of the message, and then sends it to your Gmail account.
You should be able to receive this test mail in your Gmail (or spam) folder. You see, although we don’t have any. That’s because we set the $myorigin parameter.
You can also try answering this test email to see if Postfix can receive email messages. Chances are that emails sent from your domain will be marked as spam. Don’t worry, we’ll cover this topic in the third part of this training series.
Each user’s connection is made in /var/spool/mail/ or /var/mail/. If you don’t know where to look for the inbox, use this command.
Postfix’s tights are stored in /var/log/maillog.
Using an email program to send and read emails on command line
Now let’s install the MUA (Mail User Agent) from the command line.
install sudo dnf mailx
To send an e-mail, enter
mail [e-mail is safe]
[e-mail is safe]:~$ mail [e-mail is safe]
Subject: 2nd test E-mail
I send this e-mail with a message program.
Enter the object and the main text. To indicate to the mail that you have finished writing, press Ctrl+D and the mail will send for you.
To read incoming emails, just type them in.
Here you will learn how to use an e-mail program to manage a mailbox.
- To read the first e-mail, type 1. You will see the titles and the main part of the letter. If only part of the message is displayed, press the Enter key to display the rest of the message.
- To display the message headers beginning with message 1, enter h.
- To display the last message screen, enter h$ or z.
- To read the next e-mail message, type n.
- To delete message 1, enter d 1.
- To delete messages 1, 2 and 3, enter d 1 2 3.
- To delete messages from 1 to 10, enter d 1-10.
- To play the message 1, enter the answer 1.
- To leave the post, enter q.
Open messages are moved from /var/mail/ to the /home//mbox file. This means that other email clients cannot read these messages. To avoid this, enter x instead of q to end the message.
How to enlarge the installation
By default, the size of the attachment should not exceed 10 MB, which is specified by the parameter message_size_limit.
postconf message_size restriction
A way out:
message_size_limit = 10240000
This setting sets a limit for the size of messages from your own mail server and for messages to your mail server. To authorize a 50 MB attachment, follow the command below.
sudo postconf -e message_size_limit=52428800
Note that message_size_limit should not be larger than mailbox_size_limit, whose default value is 51200000 bytes (about 48 MB), as you can see in the example
A way out:
Maximum mailbox size = 51200000
If you do not want to limit the size of the mailbox, set it to 0.
sudo postconf -e mailbox_size_limit=0
Restart the postfix to make the changes take effect.
sudo systemctl Restart Postfix
If you are sending an e-mail with large attachments from a mail server, you should also be aware of the limits of the size of the attachments on the receiving server. For example, you cannot send an attachment larger than 25 MB to Gmail.
Creation of an electronic nickname
Some mandatory aliases must be configured when working with the mail server in a production environment. You can add an email alias to your /etc/aliases file, which is a special file in the postfix lookup table that uses a Sendmail-compatible format.
ship-nano / etc. / alias
By default, the postfix package defines many aliases under CentOS, such as
Head of the post: Carrot
The left side is an alias. The right side is the final recipient of the e-mail message. This way e-mails for [Protected Email] are delivered to [Protected Email]. The e-mail address of the Postmaster is required by RFC 2142.
Normally we don’t use a root email address. Instead, the postmaster can use the normal username to access the email. You can therefore add the following line. Replace the username with your real name.
This way e-mails for [Protected Email] are delivered to [Protected Email]. You can now save and close the file. Then restore the aliases database with the newaliases command.
Congratulations! You now have a simple Postfix mail server. You can send normal text messages and read incoming messages from the command line. In the next part of this series of exercises, we will learn how to install the IMAP server in the loft and how to enable TLS encryption, allowing us to use a desktop email client such as Mozilla Thunderbird to send and receive email. Stay with us!
Evaluate this training manual.
On second thought: 2 On average: 5]centos mail server with web interface,best mail server for centos 7,exim mail server configuration in centos 7,postfix mail server configuration in linux step by step,centos 8 postfix dovecot,centos 7 mail server digitalocean,mail service in linux,centos 8 mail server