Setup Postfix + Dovecot + Roundcube (almost a mailserver)


his tutorial works for CentOS 6 only. For your specific OS tutorial use the tags or serach function in the sidebar area.


Outgoing Port 25 blocked!!!

Since Hostinger is blocking outgoing port 25 there's no use of full mail-server running on our VPS.

But if we want - we can still install install Dovecot (IMAP client) and Roundcube (Webmail).

You will still be able to create user accounts on your box and send emails to them <<<< from outside (Dovecot) BUT sending mails out >>>> of your box will be managed through your gmail account (Postfix + gmail relay). And you will grant web access to your box email accounts (Roundcube).

Previously I installed and configured Postfix to use gmail as a smarthost.

IMPORTANT!!! If you're new here - do this job first

So, lets see if postfix is set as main MTA and sendmail is removed:

[root@vps][~]$ alternatives --config mta

There is 1 program that provides 'mta'.

Selection Command
* 1 /usr/sbin/sendmail.postfix

Edit /etc/postfix/ and ADD at the bottom, after what we did previously (after #### GMail END)

myhostname =
mydomain =
* should have valid A record in domain DNS

and add theese:

inet_protocols = ipv4
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks =
home_mailbox = Maildir/
myorigin = $mydomain
mynetworks_style = host
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
smtpd_tls_auth_only = no
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_hard_error_limit = 20
smtpd_tls_mandatory_ciphers = high
broken_sasl_auth_clients = yes
tls_random_source = dev:/dev/urandom
default_destination_concurrency_limit = 5
disable_vrfy_command = yes
queue_directory = /var/spool/postfix
mail_owner = postfix
data_directory = /var/lib/postfix
smtpd_banner = $myhostname ESMTP Hostinger $mail_name
header_checks = regexp:/etc/postfix/header_checks
body_checks = regexp:/etc/postfix/body_checks
virtual_alias_maps = hash:/etc/postfix/virtual

Save and exit.

Create/edit three files:

nano /etc/postfix/body_checks

# reject if includes '' in mail body
/^(|[^>].*) REJECT

nano /etc/postfix/header_checks

/^From:.*<#.*@.*>/ REJECT
/^Return-Path:.*<#.*@.*>/ REJECT

and final file have example data (I will create an example user for testing purposes):

nano /etc/postfix/virtual

############ jtkirk root

after that:

postmap /etc/postfix/virtual
(will generate a virtual.db file)

service postfix restart

After successfully restarting  service create a test user:

useradd -m jtkirk -s /sbin/nologin
passwd jtkirk

for this user we create his mail directory:

mkdir /home/jtkirk/Maildir
chown jtkirk:jtkirk /home/john/Maildir
chmod -R 700 /home/jtkirk/Maildir


yum install dovecot

$ yum install dovecot
Loaded plugins: fastestmirror, priorities
Determining fastest mirrors
* base:
* extras:
* rpmforge:
* updates:
base | 3.7 kB 00:00
extras | 3.5 kB 00:00
rpmforge | 1.9 kB 00:00
updates | 3.4 kB 00:00
updates/imary_db | 3.5 MB 00:09
vz-base | 951 B 00:00
vz-updates | 951 B 00:00
15 packages excluded due to repository priority protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package dovecot.i686 1:2.0.9-5.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

Package Arch Version Repository Size
dovecot i686 1:2.0.9-5.el6 base 1.9 M

Transaction Summary
Install 1 Package(s)

Total download size: 1.9 M
Installed size: 5.4 M
Is this ok [y/N]: y
Downloading Packages:
dovecot-2.0.9-5.el6.i686. | 1.9 MB 00:06
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : 1:dovecot-2.0.9-5.el6.i686 1/1
Verifying : 1:dovecot-2.0.9-5.el6.i686 1/1

dovecot.i686 1:2.0.9-5.el6



chkconfig --level 345 dovecot on
service dovecot start

after that make sure to enter those settings in:

nano /etc/dovecot/dovecot.conf

# Protocols we want to be serving.
protocols = imap pop3 lmtp

nano /etc/dovecot/conf.d/10-auth.conf

disable_plaintext_auth = no
auth_mechanisms = plain login

nano /etc/dovecot/conf.d/10-mail.conf

mail_location = maildir:~/Maildir

nano /etc/dovecot/conf.d/10-master.conf

find that section and make it look like:

#Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix

nano /etc/dovecot/conf.d/20-pop3.conf

pop3_uidl_format = %08Xu%08Xv
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh

now restart dovecot:

service dovecot restart

Warning!!! If you're using our firewall script (previous tutorials) your iptables are already pre-configured to work with mail-server and you do not have to enter following rules, BUT if you're usign own rules  remeber to open the ports, just like this:

iptables -I INPUT 2 -p tcp --dport 587 -j ACCEPT
iptables -I INPUT 3 -p tcp --dport 110 -j ACCEPT
iptables -I INPUT 4 -p tcp --dport 143 -j ACCEPT
iptables -I INPUT 5 -p tcp --dport 993 -j ACCEPT
iptables -I INPUT 6 -p tcp --dport 995 -j ACCEPT
service iptables save
service iptables restart

Now, we can make some tests.

Type: telnet localhost 25

$ telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Connected to localhost.
Escape character is '^]'.
220 mail.localhost ESMTP Hostinger Postfix

- now enter commands:

ehlo localhost

ehlo localhost
250-SIZE 10240000
250 DSN

mail from:root@localhost

mail from:root@localhost
250 2.1.0 Ok

rcpt to:jtkirk@localhost

rcpt to:jtkirk@localhost
250 2.1.5 Ok

(the . will end mail body)

354 End data with .
250 2.0.0 Ok: queued as C6CFAE057C


221 2.0.0 Bye
Connection closed by foreign host.

Now lets see if we have a mail.

$ telnet localhost pop3

now enter commands like:
user jtkirk, pass jtkirk, list, retr 1, quit

$ telnet localhost pop3
Trying ::1...
Connected to localhost.
Escape character is '^]'.
OK Dovecot ready.
user jtkirk
pass jtkirk
OK Logged in.
OK 1 messages:
1 484
retr 1
OK 484 octets
X-Original-To: jtkirk@localhost
Delivered-To: jtkirk@localhost
Received: from localhost (localhost.localdomain [])
by mail.localhost (Postfix) with ESMTP id C6CFAE057C
for ; Fri, 2 Aug 2013 13:11:59 -0400 (EDT)
Message-Id: <20130802171219.C6CFAE057C@mail.localhost>
Date: Fri, 2 Aug 2013 13:11:59 -0400 (EDT)
From: root@localhost
To: undisclosed-recipients:;

OK Logging out.
Connection closed by foreign host.

It's our 'testing-testing' message. So, internally it WORKS! Now using the same method try to send a mail to an external mail account (i.e gmail) and from external to this box.

If everything works and all the mails arrives with no problem - let's check if our box isn't a open relay server, which would be very bad.



Now, it's time to install Roundcube - our webmail.

In case somebody isn't with those tutorials from begining OR isn't a Hostinger VPS owner - first have to install Apache and MySQL

yum install httpd php php-common php-json php-xml php-mbstring php-imap php-pear-DB php-mysql mysql mysql-server

Download the latest tarball of roundcubemail, unpack and move it to the document root of the web server.

cd ~
tar zxvf roundcubemail-0.8.6.tar.gz
mv roundcubemail-0.8.6 /var/www/html/roundcubemail
chown -R apache:apache /var/www/html/roundcubemail

Create database and user for roundcubemail

/etc/init.d/mysqld start
mysql -uroot -p
CREATE DATABASE roundcubemail /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;
GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost IDENTIFIED BY 'password';

Open the link in the web browser

and pass the setup process which will generate two files ( and that you have to copy to /roundcubemail/config directory

before that, check that have those values set:

$rcmail_config['default_host'] = 'localhost';
$rcmail_config['imap_auth_type'] = NULL;

$rcmail_config['smtp_server'] = 'ssl://';
$rcmail_config['smtp_port'] = 465;
$rcmail_config['smtp_user'] = '';
$rcmail_config['smtp_pass'] = 'yourgmailpassword';

Save and login as jtkirk using roundcube. Confirm that the emails exist.

At the end: Remove the installer directory

rm -rf /var/www/html/roundcubemail/installer

If everything went OK you should now have the ability to:

  1. receive e-mails to various users you create, on your VPS
  2. access e-mail accounts via webgui (Roundcube)
  3. send OUT e-mails disregarding blocked port 25 (using Gmail relay)