Setup Postfix + Dovecot + Roundcube (almost a mailserver)

T

his tutorial works for CentOS 6 only. For your specific OS tutorial use the tags or serach function in the sidebar area.

 

Outgoing Port 25 blocked!!!

Since Hostinger is blocking outgoing port 25 there's no use of full mail-server running on our VPS.

But if we want - we can still install install Dovecot (IMAP client) and Roundcube (Webmail).

You will still be able to create user accounts on your box and send emails to them <<<< from outside (Dovecot) BUT sending mails out >>>> of your box will be managed through your gmail account (Postfix + gmail relay). And you will grant web access to your box email accounts (Roundcube).

Previously I installed and configured Postfix to use gmail as a smarthost.

IMPORTANT!!! If you're new here - do this job first

So, lets see if postfix is set as main MTA and sendmail is removed:

[root@vps][~]$ alternatives --config mta

There is 1 program that provides 'mta'.

Selection Command
-----------------------------------------------
* 1 /usr/sbin/sendmail.postfix
 

Edit /etc/postfix/main.cf and ADD at the bottom, after what we did previously (after #### GMail END)

 
myhostname = mail.yourdomain.com
mydomain = yourdomain.com
*mail.yourdomain.com should have valid A record in domain DNS

and add theese:

 
inet_protocols = ipv4
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 127.0.0.0/8
home_mailbox = Maildir/
myorigin = $mydomain
mynetworks_style = host
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
smtpd_tls_auth_only = no
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_hard_error_limit = 20
smtpd_tls_mandatory_ciphers = high
broken_sasl_auth_clients = yes
tls_random_source = dev:/dev/urandom
default_destination_concurrency_limit = 5
disable_vrfy_command = yes
queue_directory = /var/spool/postfix
mail_owner = postfix
data_directory = /var/lib/postfix
smtpd_banner = $myhostname ESMTP Hostinger $mail_name
header_checks = regexp:/etc/postfix/header_checks
body_checks = regexp:/etc/postfix/body_checks
virtual_alias_maps = hash:/etc/postfix/virtual
 

Save and exit.

Create/edit three files:

nano /etc/postfix/body_checks

############
# reject if includes 'example.com' in mail body
/^(|[^>].*)example.com/ REJECT
############
 

nano /etc/postfix/header_checks

############
/^From:.*<#.*@.*>/ REJECT
/^Return-Path:.*<#.*@.*>/ REJECT
############
 

and final file have example data (I will create an example user for testing purposes):

nano /etc/postfix/virtual

############
jtkirk@yourdomain.com jtkirk
root@yourdomain.com root
############
 

after that:

postmap /etc/postfix/virtual
(will generate a virtual.db file)

service postfix restart

After successfully restarting  service create a test user:

useradd -m jtkirk -s /sbin/nologin
passwd jtkirk
 

for this user we create his mail directory:

mkdir /home/jtkirk/Maildir
chown jtkirk:jtkirk /home/john/Maildir
chmod -R 700 /home/jtkirk/Maildir
 

Dovecot

yum install dovecot

$ yum install dovecot
Loaded plugins: fastestmirror, priorities
Determining fastest mirrors
* base: centos.aol.com
* extras: centos.mirror.netriplex.com
* rpmforge: mirror.teklinks.com
* updates: centos.mirror.netriplex.com
base | 3.7 kB 00:00
extras | 3.5 kB 00:00
rpmforge | 1.9 kB 00:00
updates | 3.4 kB 00:00
updates/imary_db | 3.5 MB 00:09
vz-base | 951 B 00:00
vz-updates | 951 B 00:00
15 packages excluded due to repository priority protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package dovecot.i686 1:2.0.9-5.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================
Package Arch Version Repository Size
====================================================================================
Installing:
dovecot i686 1:2.0.9-5.el6 base 1.9 M

Transaction Summary
====================================================================================
Install 1 Package(s)

Total download size: 1.9 M
Installed size: 5.4 M
Is this ok [y/N]: y
Downloading Packages:
dovecot-2.0.9-5.el6.i686. | 1.9 MB 00:06
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : 1:dovecot-2.0.9-5.el6.i686 1/1
Verifying : 1:dovecot-2.0.9-5.el6.i686 1/1

Installed:
dovecot.i686 1:2.0.9-5.el6

Complete!
 

and:

chkconfig --level 345 dovecot on
service dovecot start
 

after that make sure to enter those settings in:

nano /etc/dovecot/dovecot.conf

# Protocols we want to be serving.
protocols = imap pop3 lmtp
 

nano /etc/dovecot/conf.d/10-auth.conf

disable_plaintext_auth = no
auth_mechanisms = plain login
 

nano /etc/dovecot/conf.d/10-mail.conf

mail_location = maildir:~/Maildir
 

nano /etc/dovecot/conf.d/10-master.conf

find that section and make it look like:

#Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
 

nano /etc/dovecot/conf.d/20-pop3.conf

pop3_uidl_format = %08Xu%08Xv
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
 

now restart dovecot:

service dovecot restart
 

Warning!!! If you're using our firewall script (previous tutorials) your iptables are already pre-configured to work with mail-server and you do not have to enter following rules, BUT if you're usign own rules  remeber to open the ports, just like this:

 
iptables -I INPUT 2 -p tcp --dport 587 -j ACCEPT
iptables -I INPUT 3 -p tcp --dport 110 -j ACCEPT
iptables -I INPUT 4 -p tcp --dport 143 -j ACCEPT
iptables -I INPUT 5 -p tcp --dport 993 -j ACCEPT
iptables -I INPUT 6 -p tcp --dport 995 -j ACCEPT
service iptables save
service iptables restart
 

Now, we can make some tests.

Type: telnet localhost 25

 
$ telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.localhost ESMTP Hostinger Postfix
 

- now enter commands:

ehlo localhost

ehlo localhost
250-mail.vpsik.p.ht
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
 

mail from:root@localhost

mail from:root@localhost
250 2.1.0 Ok
 

rcpt to:jtkirk@localhost

rcpt to:jtkirk@localhost
250 2.1.5 Ok
 

data
(the . will end mail body)

data
354 End data with .
testing-testing
.
250 2.0.0 Ok: queued as C6CFAE057C
 

quit

quit
221 2.0.0 Bye
Connection closed by foreign host.
 

Now lets see if we have a mail.

$ telnet localhost pop3

now enter commands like:
user jtkirk, pass jtkirk, list, retr 1, quit

$ telnet localhost pop3
Trying ::1...
Connected to localhost.
Escape character is '^]'.
OK Dovecot ready.
user jtkirk
OK
pass jtkirk
OK Logged in.
list
OK 1 messages:
1 484
.
retr 1
OK 484 octets
Return-Path:
X-Original-To: jtkirk@localhost
Delivered-To: jtkirk@localhost
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.localhost (Postfix) with ESMTP id C6CFAE057C
for ; Fri, 2 Aug 2013 13:11:59 -0400 (EDT)
Message-Id: <20130802171219.C6CFAE057C@mail.localhost>
Date: Fri, 2 Aug 2013 13:11:59 -0400 (EDT)
From: root@localhost
To: undisclosed-recipients:;

testing-testing
.
quit
OK Logging out.
Connection closed by foreign host.
 

It's our 'testing-testing' message. So, internally it WORKS! Now using the same method try to send a mail to an external mail account (i.e gmail) and from external to this box.

If everything works and all the mails arrives with no problem - let's check if our box isn't a open relay server, which would be very bad. http://www.mailradar.com/openrelay/

 

Roundcube

Now, it's time to install Roundcube - our webmail.

In case somebody isn't with those tutorials from begining OR isn't a Hostinger VPS owner - first have to install Apache and MySQL

 
yum install httpd php php-common php-json php-xml php-mbstring php-imap php-pear-DB php-mysql mysql mysql-server
 

Download the latest tarball of roundcubemail, unpack and move it to the document root of the web server.

cd ~
wget http://sourceforge.net/projects/roundcubemail/files/roundcubemail/0.8.6/roundcubemail-0.8.6.tar.gz/download
tar zxvf roundcubemail-0.8.6.tar.gz
mv roundcubemail-0.8.6 /var/www/html/roundcubemail
chown -R apache:apache /var/www/html/roundcubemail
 

Create database and user for roundcubemail

/etc/init.d/mysqld start
mysql -uroot -p
CREATE DATABASE roundcubemail /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;
GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost IDENTIFIED BY 'password';
 

Open the link in the web browser

http://yourdomain.com/roundcubemail/installer

and pass the setup process which will generate two files (db.inc.php and main.inc.php) that you have to copy to /roundcubemail/config directory

before that, check that main.inc.php have those values set:

$rcmail_config['default_host'] = 'localhost';
$rcmail_config['imap_auth_type'] = NULL;

$rcmail_config['smtp_server'] = 'ssl://imap.gmail.com';
$rcmail_config['smtp_port'] = 465;
$rcmail_config['smtp_user'] = 'youraccount@gmail.com';
$rcmail_config['smtp_pass'] = 'yourgmailpassword';
 

Save and login as jtkirk using roundcube. Confirm that the emails exist.

At the end: Remove the installer directory

 
rm -rf /var/www/html/roundcubemail/installer
 

If everything went OK you should now have the ability to:

  1. receive e-mails to various users you create, on your VPS
  2. access e-mail accounts via webgui (Roundcube)
  3. send OUT e-mails disregarding blocked port 25 (using Gmail relay)