how to Install and configure a mail server to PostFix and Dovecot domains using Maildir, SASL and PAM (System users) (CentOS, RedHat)

Decided how I configure a mail server to send mail to domains, the primary task was to secure authorization via SASL, using file storage method of mail messages (using MySQL for small number of addresses meaning did not have, and do not see the point), use the identify users/mailboxes via PAM (paswd + shadow) Linux service. Delae all through the console or SSH as root.

Install Dovecot and Postfix

Stop sendmail MTA Base:

#service sendmail stop

Remove the base of the sendmail MTA:

remove sendmail #yum

Will instruct all the required components:

#yum install dovecot postfix system-switch-mail openssl openssl-devel mod_ssl cyrus *

Run system-switch-mail to assign the default MTA on your system, select Postfix.

Start by setting the Postfix configuration files located in the path/etc/postfix and

the MTA configuration file file settings transport routes in my configuration does not need to be modified.

Adding to the startup and startup services:

#chkconfig postfix on

#chkconfig dovecot on

#service postfix start

#service dovecot start

I have tried all the comments in the configuration file, remember that Postfix is very susceptible to gaps.

These settings are in the file/etc/host mydomain-domain myhostname-local alternative, they have to beat the same

myhostname =
mydomain =

————-Beginning of————-

# Name, domain and mail aliases node
myhostname =
mydomain =
myorigin = $mydomain

# The list of networks that are allowed to relay. listen on all interfaces, add your external IP address
mynetworks =
inet_interfaces = all

# Banner, issued when you connect
smtpd_banner = SMTP $mail _name $myhostname
Biff = no

# Remove comment, if we want to remove the limit on the size of the mailbox (default 51200000 bytes)
# mailbox_size_limit = 0
recipient_delimiter = +

# The format of a mailbox, the Mailbox is
home_mailbox = Maildir/

# Directories to store mail and Postfix queue
mail_spool_directory =/var/mail
queue_directory =/var/spool/postfix
command_directory =/usr/sbin
daemon_directory =/usr/libexec/postfix
sendmail_path =/usr/sbin/sendmail.postfix
newaliases_path =/usr/bin/newaliases.postfix
mailq_path =/usr/bin/mailq.postfix

# Generate reports about mail delay
delay_warning_time = 4 h

# The list of domains that will be implemented by local delivery
mydestination = localhost, localhost, $mydomain., $mydomain,
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

# Log Settings
debug_peer_level = 2
debugger_command =
Path =/bin:/usr/bin:/:/X11R6
xxgdb $daemon _directory/$process _name $process _id & sleep 5

# Disable messages
unknown_local_recipient_reject_code = 550
# Send Sendmail from
setgid_group = postdrop
mail_owner = postfix

# TLS settings
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
# allows SMTP authorization only mode TLS.
#smtpd_tls_auth_only = yes
smtpd_tls_cert_file =/etc/pki/tls/certs/smtpd.pem
smtpd_tls_key_file =/etc/pki/tls/private/smtpd.pem
smtpd_tls_CAfile =/etc/pki/tls/certs/smtpd.pem

smtpd_tls_session_cache_database = Btrees: $ {queue_directory}/smtpd_scache
smtp_tls_session_cache_database = Btrees: $ {queue_directory}/smtp_scache

# Configure SASL
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
#broken_sasl_auth_clients = yes

# path is relative queue_directory
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous

relay_domains = $mydestination

# Use dovecot type
smtpd_sasl_type = dovecot

# Set the validation rules messages
# restrict scanned during the RCPT TO:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
# prohibit issuing letters to the stream, as do
# impatient spammers
# see comment under smtpd_sender_restrictions
# prohibit the reception and transmission of emails not related to us
# without this line of server becomes open-relay
# If all of the above come, go ahead

# do not allow verification of the existence of the recipient address, sender
# during transmission header
disable_vrfy_command = yes
smtpd_helo_required = yes

# Set aliases-rules address changes for virtual users
virtual_alias_maps = hash:/etc/postfix/virtual
# Set virtual domains that are allowed
virtual_alias_domains =/etc/postfix/vdomain


Next, create/change files of virtual users and domains that are in the folder/etc/postfix/

————-Beginning vdomain————-

————-End vdomain————-

————-Beginning of virtual————- domain1_ru domain2_ru

————-End virtual————- external user’s postal address on the virtual domain

domain1_ru-internal mail address of the local user/user name

How to create/update the files, run the command to convert the file into an index database, run this command only for virtual, virtual file you should see a .DB. This command must be run each time a change is virtual.


After you configure check for errors and restart the service:

#service postfix check

#service postfix restart

Configuring Dovecot

The configuration file is in the path/etc/dovecot.conf

————-Beginning of dovecot. conf————-

# Directory for temporary files
base_dir =/var/run/dovecot/

# The protocols that will be used; I have included all but the extra can be removed;
# If the dovecot is used for authentication, not for mail delivery, set to none
protocols = imap imaps pop3s (pop3)

# Disable LOGIN command, connections are accepted only via SSL/TLS
#disable_plaintext_auth = yes

# Before shutting down the master process stop all the Dovecot IMAP and POP3-processes
#shutdown_clients = yes

# Time in magazine format strftime (3)
log_timestamp = “% Y-% m-% d% H:%M:% S”
login_log_format_elements = user = <%u > method =% m% r = rip lip =% l% c
syslog_facility = mail
log_path =/var/log/dovecot.log
mail_debug = no
auth_verbose = no
auth_debug = no
auth_debug_passwords = no

# The IP address from which you want to be an SSL connection (default is all)
#ssl_listen =

# Disable support for SSL/TLS
#ssl_disable = no

# Keys and certificates
#ssl_cert_file =/etc/pki/dovecot/certs/dovecot.pem
#ssl_key_file =/etc/pki/dovecot/private/dovecot.pem
ssl_cert_file =/etc/pki/tls/certs/smtpd.pem
ssl_key_file =/etc/pki/tls/private/smtpd.pem
#ssl_cipher_list = ALL:!LOW:!Sslv2

# Password for access to the file and the file the certificate with the CA SSL (if required)
#ssl_key_password =
#ssl_ca_file =/etc/pki/tls/root.crt

# The account used when registering
login_user = dovecot

# Group to get

# options: digest-md5 login plain cram-md5 ntlm rpa apop anonymous gssapi
mechanisms = plain login
# This line is specific to Postfix
Socket listen {
client {
path =/var/spool/postfix/private/auth
mode = 0660
user = postfix
Group = postfix
# password authentication mechanism we use the system
passdb pam {
# verification mechanism of the user through the file/etc/paswd
UserDB passwd {

————-The end of dovecot. conf————-

#service dovecot restart

Configuring SASL and PAM and certificate generation

Edit the files as described below:

In the files,/etc/pam.d/pop/etc/pam.d/pop3,/etc/pam.d/imap,/etc/pam.d/smtp (5 can be reference) should be spelled out:

————- Начало ————-

# PAM-1.0%
auth include system-auth
account include system-auth

————- Конец ————-

Change the settings smtpd, files in two folders,/usr/lib/sasl2 and/usr/lib/sasl2, check that they were these lines:

————- Начало ————-

pwcheck_method: saslauthd
mech_list: plain login md5

————- Конец ————-
Change the Setup saslauthd, they are here/etc/sysconfig/saslauthd

————- Начало ————-

SOCKETDIR =/var/run/saslauthd
MECH = pam
Flags = “-n 2”

————- Конец ————-

reload the SASL

#service saslauthd restart

Check the syslog logging, find the file/etc/syslog.conf in it will find/add/change the mail. *-/var/log/maillog

reload the syslog service

#service syslog restart
Key generation

Generation of SSL keys for the server

#openssl req-new-x 509-nodes-out smtpd.pem-keyout smtpd.pem-days 3650

Keys put here:


Folder where will be mail

/home/domen1_ru/is a home user folder domen1_ru


domen_1: domen_1-user domen_1 and his band domen_1
#chown domen_1: domen_1/home/john/Maildir

assign rights
#chmod-R/home/domen_1 700/Maildir

That’s all, I doubt that you all turn out for the first time, will necessarily errors, how to solve them you can find out in another article.


Just open the right firewall IPTABLES, I just described what ports to open.

PS: in a personal writing about rejoicing under this heading is not necessary-all the help I won’t be able to read, and the smoke has below the official documentation that can be read

Official documentation for Postfix

Official documentation for Dovecot

Interesting site with an example and description, it helped me a lot (not CentOS)

http://www.volmed.′ba_so_spamom, _sredstvami_samogo_Postfix

And another nice step-by-step description (not CentOS)–postfix-