diff --git a/docs/guides/email/02-basic-email-system.md b/docs/guides/email/02-basic-email-system.md index 61c8ef8a5d..c94d2e9885 100644 --- a/docs/guides/email/02-basic-email-system.md +++ b/docs/guides/email/02-basic-email-system.md @@ -1,12 +1,12 @@ --- title: Basic e-mail system auther: tianci li -contributors: Ganna Zhyrnova, Neel Chauhan +contributors: Ganna Zhyrnova --- # Overview -This document aims to provide the reader with a detailed understanding of the various components of an email system, including the installation and basic configuration of one. +This document aims to provide the reader with a detailed understanding of the various components of an email system, including installation, basic configuration, and association. The recommendation is that you use an open source email server(s) in a production environment. All commands in this document are executed using **root(uid=0)**. @@ -20,19 +20,17 @@ All commands in this document are executed using **root(uid=0)**. !!! info - Without a database, Postfix and Dovecot can still work for a small installation. + Without a database, combining postfix+ dovecot will create a working email system. ### Install and configure `bind` -First, install BIND: - ```bash Shell(192.168.100.7) > dnf -y install bind bind-utils ``` -Next, edit `/etc/named.conf`: - ```bash +# Modify the main configuration file +Shell(192.168.100.7) > vim /etc/named.conf options { listen-on port 53 { 192.168.100.7; }; ... @@ -42,18 +40,14 @@ options { ... include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; -``` -Check if the BIND configuration is correct. - -```bash Shell(192.168.100.7) > named-checkconf /etc/named.conf ``` -Now, edit `/etc/named.rfc1912.zones`: - ```bash +# Modify the zone file ## In practice, you can replace rockylinux.me with your domain name, such as rockylinux.org +Shell(192.168.100.7) > vim /etc/named.rfc1912.zones zone "rockylinux.me" IN { type master; file "rockylinux.localhost"; @@ -63,11 +57,10 @@ zone "rockylinux.me" IN { !!! question - **What is a DNS zone?** A DNS zone is aportion of the DNS namespace that's hosted on a DNS server. A DNS zone contains resource records, and a DNS server responds to queries for records in that namespace. A DNS server can have multiple DNS zones. Simply put, a DNS zone is analogous to a book catalog. - -First, initalize BIND: + **What is DNS zone?** A DNS zone is the specific portion of a DNS namespace that's hosted on a DNS server. A DNS zone contains resource records, and the DNS server responds to queries for records in that namespace. A DNS server can have multiple DNS zones. Simply put, a DNS zone is the equivalent of a book catalog. ```bash +# Modify data file Shell(192.168.100.7) > cp -p /var/named/named.localhost /var/named/rockylinux.localhost Shell(192.168.100.7) > vim /var/named/rockylinux.localhost $TTL 1D @@ -87,18 +80,14 @@ zone rockylinux.me/IN: loaded serial 0 OK ``` -Now, start BIND: - -```bash -Shell(192.168.100.7) > systemctl start named.service -``` +Start your bind service - `systemctl start named.service` -We can test if our server's DNS resolution is working: +We can test whether the hosts under the domain name can resolve properly. ```bash Shell(192.168.100.7) > systemctl start named.service Shell(192.168.100.7) > nmcli connection modify ens160 ipv4.dns "192.168.100.7,8.8.8.8" -Shell(192.168.100.7) # systemctl restart NetworkManager.service +Shell(192.168.100.7) > systemctl restart NetworkManager.service Shell(192.168.100.7) > dig mail.rockylinux.me ... @@ -117,25 +106,42 @@ dns.rockylinux.me. 86400 IN A 192.168.100.7 !!! info - Our domain name cannot be our server's hostname. - -### Install and configure MariaDB + one domain name cannot represent a specific host. -Lets now install MariaDB: +### Install and configure `Mysql` ```bash -Shell(192.168.100.7) > sudo dnf install mariadb-server -``` +Shell(192.168.100.5) > groupadd mysql && useradd -r -g mysql -s /sbin/nologin mysql +Shell(192.168.100.5) > id mysql +uid=995(mysql) gid=1000(mysql) groups=1000(mysql) +Shell(192.168.100.5) > dnf config-manager --enable powertools +Shell(192.168.100.5) > dnf -y install libaio ncurses-compat-libs ncurses-devel make cmake gcc bison git libtirpc-devel openssl openssl-devel rpcgen wget tar gzip bzip2 zip unzip gcc-toolset-12-gcc gcc-toolset-12-gcc-c++ gcc-toolset-12-binutils gcc-toolset-12-annobin-annocheck gcc-toolset-12-annobin-plugin-gcc +Shell(192.168.100.5) > wget https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-boost-8.0.33.tar.gz && tar -zvxf mysql-boost-8.0.33.tar.gz -C /usr/local/src/ -Then, initialize the MySQL database: +Shell(192.168.100.5) > cd /usr/local/src/mysql-8.0.33 && mkdir build && cd build && cmake .. \ +-DDEFAULT_CHARSET=utf8mb4 \ +-DDEFAULT_COLLATION=utf8mb4_0900_ai_ci \ +-DCMAKE_INSTALL_PREFIX=/usr/local/mysql \ +-DCMAKE_BUILD_TYPE=RelWithDebInfo \ +-DENABLED_LOCAL_INFILE=1 \ +-DMYSQL_TCP_PORT=3306 \ +-DWITH_BOOST=/usr/local/src/mysql-8.0.33/boost/ \ +-DMYSQL_DATADIR=/usr/local/mysql/data \ +&& make && make install +``` ```bash -Shell(192.168.100.7) > mysql_secure_installation +Shell(192.168.100.5) > chown -R mysql:mysql /usr/local/mysql +Shell(192.168.100.5) > chmod -R 755 /usr/local/mysql +Shell(192.168.100.5) > /usr/local/mysql/bin/mysqld --initialize --user=mysql --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data +2023-07-14T14:46:49.474684Z 0 [System] [MY-013169] [Server] /usr/local/mysql/bin/mysqld (mysqld 8.0.33) initializing of server in progress as process 42038 +2023-07-14T14:46:49.496908Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started. +2023-07-14T14:46:50.210118Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended. +2023-07-14T14:46:51.305307Z 6 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: pkqaXRuTn1/N ``` -Next, edit the `/etc/my.cnf` configuration as follows: - ```bash +Shell(192.168.100.5) > vim /etc/my.cnf [client] port=3306 socket=/tmp/mysql.sock @@ -148,13 +154,9 @@ basedir=/usr/local/mysql datadir=/usr/local/mysql/data user=mysql log-error=/usr/local/mysql/data/mysql_log.error -``` - -Now, enable and log into MySQL: -```bash -Shell(192.168.100.7) > systemctl enable --now mariadb -Shell(192.168.100.7) > mysql -u root -p +Shell(192.168.100.5) > /usr/local/mysql/bin/mysqld_safe --user=mysql & +Shell(192.168.100.5) > /usr/local/mysql/bin/mysql -u root --password="pkqaXRuTn1/N" ``` ```sql @@ -165,10 +167,14 @@ Mysql > create user 'mailrl'@'%' identified by 'mail.rockylinux.me'; Mysql > grant all privileges on *.* to 'mailrl'@'%' with grant option; ``` +!!! info + + You don't have to use the same method as the author. Installing Mysql from a repository or docker is also possible. + #### Create tables and insert data ```sql -Shell(192.168.100.7) > mysql -u mailrl --password="mail.rockylinux.me" +Shell(192.168.100.5) > /usr/local/mysql/bin/mysql -u mailrl --password="mail.rockylinux.me" Mysql > create database mailserver; @@ -204,30 +210,32 @@ Mysql > insert into virtual_aliases(id,domain_id,source,destination) values(1,1, Mysql > insert into virtual_aliases(id,domain_id,source,destination) values(2,1,'all@mail.rockylinux.me','leeo@mail.rockylinux.me'); ``` -The password entris for the relevant email users are not shown here, as it requires the use of `doveadm pw -s SHA512-crypt -p twotestandtwo` command. See [here](#ap1) +Here I have not inserted the ciphertext password for the relevant email users, which requires the use of `doveadm pw -s SHA512-crypt -p twotestandtwo` command. See [here](#ap1) #### Knowledge of SHA512 (SHA-2) -The main password hashing algorithms are: +SHA-2 (Secure Hash Algorithm 2): A Cryptographic Hash function algorithm Standard. It is the successor to SHA-1. + +Main standards: * SHA-0 * SHA-1 * SHA-2: Contains these -- SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256 * SHA-3 -In the SHA-2 hashing standard, the number in the algorithm refers to the digest length in bits. +In the SHA-2 encryption standard, the number in the algorithm refers to the digest length in bits. -It is well known that in Rocky Linux 8 and other RHEL 8 variants, the algorithm used to encrypt user passwords is SHA-512. +It is well known that in RockyLinux 8 and other RHEL 8 variants, the algorithm used to encrypt user passwords is SHA-512. ```bash -Shell(192.168.100.7) > grep -i method /etc/login.defs +Shell(192.168.100.5) > grep -i method /etc/login.defs ENCRYPT_METHOD SHA512 ``` We can see its structure in the /etc/shadow file: ```bash -Shell(192.168.100.7) > grep -i root /etc/shadow | cut -f 2 -d ":" +Shell(192.168.100.5) > grep -i root /etc/shadow | cut -f 2 -d ":" $6$8jpmvCw8RqNfHYW4$pOlsEZG066eJuTmNHoidtvfWHe/6HORrKkQPwv4eyFxqGXKEXhep6aIRxAtv7FDDIq/ojIY1SfWAQkk7XACeZ0 ``` @@ -240,22 +248,22 @@ Use the $ sign to separate the output text information. ### Install and configure `postfix` ```bash -dnf -y install postfix postfix-mysql +Shell(192.168.100.6) > dnf -y install postfix postfix-mysql ``` After installing Postfix, the following files need to be know: -* `/etc/postfix/main.cf`: The main and most important configuration file -* `/etc/postfix/master.cf`: Used to set runtime parameters for each component. In general, no changes are required, except when performance optimization is required. -* `/etc/postfix/access`: Access control file for SMTP. -* `/etc/postfix/transport`: Maps email addresses to relay hosts. +* **/etc/postfix/main.cf**. The main and most important configuration file +* **/etc/postfix/master.cf**. Used to set runtime parameters for each component. In general, no changes are required, except when performance optimization is required. +* **/etc/postfix/access**. Access control file for SMTP. +* **/etc/postfix/transport**. Maps email addresses to relay hosts. -These are the Postfix binaries: +You need to know these binary executable files: -* `/usr/sbin/postalias`: this program generates the alias database in `/etc/aliases.db` based on the /etc/aliases file. -* `/usr/sbin/postcat` views the mail content in the mail queue. -* `/usr/sbin/postconf` queries the Postfix configuration. -* `/usr/sbin/postfix` is the main daemon. It can be used as follows: +* /**usr/sbin/postalias**. Alias database generation instruction. After this command is executed, /etc/aliases.db is generated based on the /etc/aliases file +* **/usr/sbin/postcat**. This command is used to view the mail content in the mail queue. +* **/usr/sbin/postconf**. Querying Configuration Information. +* **/usr/sbin/postfix**. The main daemon commands. It can be used as follows: * `postfix check` * `postfix start` @@ -270,7 +278,7 @@ These are the Postfix binaries: #### Explanation of the /etc/postfix/main.cf file ```bash -Shell(192.168.100.7) > egrep -v "^#|^$" /etc/postfix/main.cf +Shell(192.168.100.6) > egrep -v "^#|^$" /etc/postfix/main.cf compatibility_level = 2 queue_directory = /var/spool/postfix command_directory = /usr/sbin @@ -305,40 +313,38 @@ meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix ``` -The explanation of these parameters are: - -* `compatibility_level = 2`: Enable compatibility with Postfix 2.x configurations. -* `data_directory = /var/lib/postfix`. The Postfix cache directory. -* `myhostname = host.domain.tld`: **Important:** You need to change it to the hostname under your domain name. -* `mydomain = domain.tld`: **Important:** You need to change it to your domain name. -* `myorigin = $myhostname` and `myorigin = $mydomain`: **Important:** parameters that have been commented out. The main function is to complement the sender's mail suffix. `$` represents a reference parameter variable. -* `inet_interfaces = localhost`: The interfaces to listen to. This value is usually changed to "all". -* `inet_protocols = all`: Enable IPv4, and IPv6 if an address is found. -* `mydestination = \$myhostname, localhost.\$mydomain, localhost`: Indicates the mail server's destination hosts. -* `unknown_local_recipient_reject_code = 550`: The error code returned when receiving an email to an unknown destination or rejecting an email. -* `mynetworks =`: Set which networks we should accept emails from. -* `relay_domains = $mydestination`: Set which domains we should relay emails from. -* `alias_maps = hash:/etc/aliases`: List of our email server's aliases. -* `alias_database = hash:/etc/aliases`: The database to be used by aliases. -* `home_mailbox = Maildir/`: **Important**: Out local mailbox location. -* `debug_peer_level = 2`: Level of log records. -* `setgid_group = postdrop`: The Unix group for managing Postfix queues. - -Except for the parameter items mentioned or displayed above, some parameters are hidden and can be viewed through the `postconf` command. The most notable parameters are: - -* `message_size_limit = 10240000`. Maximum size for a single message in bytes. -* `mailbox_size_limit = 1073741824`: Maximum size of a user's mailbox. -* `smtpd_sasl_type = cyrus`: The IMAP server software used for SASL authentication. You can use `postconf -a` to view. -* `smtpd_sasl_auth_enable = no`: Whether to enable SASL authentication. -* `smtpd_sasl_security_options = noanonymous`. Security options for SASL. Anonymous authentication is off by default. -* `smtpd_sasl_local_domain =`. The local domain name. -* `smtpd_recipient_restrictions`. Recipient filtering options. The default value is empty. +* **compatibility_level = 2**. A new mechanism introduced in Postfix 3 is designed to be compatible with previous versions. +* **data_directory = /var/lib/postfix**. The directory where the cached data is stored. +* **myhostname = host.domain.tld**. Important parameters that have been commented out. You need to change it to the hostname under your domain name. +* **mydomain = domain.tld**. Important parameters that have been commented out. You need to change it to your domain name. +* **myorigin = \$myhostname** and **myorigin = $mydomain**. Important parameters that have been commented out. The main function is to complement the sender's mail suffix. **\$** represents a reference parameter variable. +* **inet_interfaces = localhost**. When receiving mails, this parameter indicates the address to be listened. The value is usually modified to "all". +* **inet_protocols = all**. Enable IPv4, and IPv6 if supported +* **mydestination = \$myhostname, localhost.\$mydomain, localhost**. Indicates the reception of mail from the stated destination. +* **unknown_local_recipient_reject_code = 550**. The error code returned when sending to an account that does not exist local domain or rejecting an email. +* **mynetworks =**. Set which hosts' emails can be forwarded. +* **relay_domains = $mydestination**. Set which domains' emails can be forwarded. +* **alias_maps = hash:/etc/aliases**. It is used to define user aliases and requires database support. +* **alias_database = hash:/etc/aliases**. The database to be used by aliases. +* **home_mailbox = Maildir/**. Important parameters that have been commented out. This indicates where the local mailbox is stored. +* **debug_peer_level = 2**. Level of log records. +* **setgid_group = postdrop**. The group identifier used to submit emails or manage queues. + +Except for the parameter items mentioned or displayed above, some parameters are hidden and can be viewed through the `postconf` command. The most important parameters are: + +* **message_size_limit = 10240000**. Set the size of a single email (including the body and attachments). The unit of value is B (Bytes). +* **mailbox_size_limit = 1073741824**. Set the capacity limit for a single mailbox user. +* **smtpd_sasl_type = cyrus**. The type of SASL (Simple Authentication and Security Layer) authentication. You can use `postconf -a` to view. +* **smtpd_sasl_auth_enable = no**. Whether to enable SASL authentication. +* **smtpd_sasl_security_options = noanonymous**. Security options for SASL. Anonymous authentication is off by default. +* **smtpd_sasl_local_domain =**. The name of the local domain. +* **smtpd_recipient_restrictions =**. Filtering of recipients. The default value is empty. #### Modify /etc/postfix/main.cf -With the packages installed, you need to configure Postfix. Make the following changes in `/etc/postfix/main.cf`: - ```bash +Shell(192.168.100.6) > vim /etc/postfix/main.cf +... myhostname = mail.rockylinux.me mydomain = rockylinux.me myorigin = $myhostname @@ -355,9 +361,10 @@ virtual_transport = lmtp:unix:private/dovecot-lmtp virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-virtual-email2email.cf +... ``` -The final configuration should look like this: +The final file content looks like this: ```text compatibility_level = 2 @@ -407,41 +414,31 @@ meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix ``` -Create and edit the following files: - -In `/etc/postfix/mysql-virtual-mailbox-domains.cf`: +Create a file and write the relevant content: ```bash +Shell(192.168.100.6) > vim /etc/postfix/mysql-virtual-mailbox-domains.cf user = mailrl password = mail.rockylinux.me hosts = 192.168.100.5 dbname = mailserver query = SELECT 1 FROM virtual_domains WHERE name='%s' -``` - -In `/etc/postfix/mysql-virtual-mailbox-maps.cf`: -```bash +Shell(192.168.100.6) > vim /etc/postfix/mysql-virtual-mailbox-maps.cf user = mailrl password = mail.rockylinux.me hosts = 192.168.100.5 dbname = mailserver query = SELECT 1 FROM virtual_users WHERE email='%s' -``` - -In `/etc/postfix/mysql-virtual-alias-maps.cf`: -```bash +Shell(192.168.100.6) > vim /etc/postfix/mysql-virtual-alias-maps.cf user = mailrl password = mail.rockylinux.me hosts = 192.168.100.5 dbname = mailserver query = SELECT destination FROM virtual_aliases WHERE source='%s' -``` - -In `/etc/postfix/mysql-virtual-email2email.cf`: -```bash +Shell(192.168.100.6) > vim /etc/postfix/mysql-virtual-email2email.cf user = mailrl password = mail.rockylinux.me hosts = 192.168.100.5 @@ -451,30 +448,34 @@ query = SELECT email FROM virtual_users WHERE email='%s' !!! warning - If you encounter this kind of error after running `systemctl start postfix.service`: `fatal: open lock file /var/lib/postfix/master.lock: unable to set exclusive lock: Resource temporarily unavailable.` Please delete the existing `/var/lib/postfix/master.lock` file + If you encounter this kind of error after running `systemctl start postfix.service` -- "fatal: open lock file /var/lib/postfix/master.lock: unable to set exclusive lock: Resource temporarily unavailable." Please delete the existing **/var/lib/postfix/master.lock** file Testing Postfix configure: ```bash -Shell(192.168.100.7) > systemctl start postfix.service -Shell(192.168.100.7) > postfix check -Shell(192.168.100.7) > postfix status +Shell(192.168.100.6) > systemctl start postfix.service +Shell(192.168.100.6) > postfix check +Shell(192.168.100.6) > postfix status -Shell(192.168.100.7) > postmap -q mail.rockylinux.me mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf -Shell(192.168.100.7) > echo $? +# If the command return 1, it is successful. +Shell(192.168.100.6) > postmap -q mail.rockylinux.me mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf +Shell(192.168.100.6) > echo $? 1 -Shell(192.168.100.7) > postmap -q frank@mail.rockylinux.me mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf -Shell(192.168.100.7) > echo $? + +Shell(192.168.100.6) > postmap -q frank@mail.rockylinux.me mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf +Shell(192.168.100.6) > echo $? 1 -Shell(192.168.100.7) > postmap -q all@mail.rockylinux.me mysql:/etc/postfix/mysql-virtual-alias-maps.cf + +Shell(192.168.100.6) > postmap -q all@mail.rockylinux.me mysql:/etc/postfix/mysql-virtual-alias-maps.cf frank@mail.rockylinux.me,leeo@mail.rockylinux.me ``` #### Modify /etc/postfix/master.cf -The modified `/etc/postfix/master.cf` file looks like this: +The modified file looks like this: ```bash +Shell(192.168.100.6) > egrep -v "^#|^$" /etc/postfix/master.cf smtp inet n - n - - smtpd submission inet n - n - - smtpd -o syslog_name=postfix/submission @@ -499,21 +500,21 @@ smtps inet n - n - - smtpd -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING +... ``` -Finally execute the `systemctl restart postfix.service` command. At this point, the configuration of Postfix is over. +Finally execute the `systemctl restart postfix.service` command. At this point, the configuration of postfix is over. ### Install and configure `dovecot` ```bash -dnf config-manager --enable devel -dnf -y install dovecot dovecot-devel dovecot-mysql +Shell(192.168.100.6) > dnf config-manager --enable devel && dnf -y install dovecot dovecot-devel dovecot-mysql ``` -Without changing any files, the default Dovecot directory structure is as follows: +Without changing any files, the original directory structure is as follows: ```bash -Shell(192.168.100.7) > tree /etc/dovecot/ +Shell(192.168.100.6) > tree /etc/dovecot/ /etc/dovecot/ ├── conf.d │   ├── 10-auth.conf @@ -544,86 +545,64 @@ Shell(192.168.100.7) > tree /etc/dovecot/ └── dovecot.conf ``` -As with Postfix, enter the `doveconf` command to view the complete configuration. +Yes, both Postfix and Dovecot have very complex configurations, so it is recommended that most GNU/Linux system administrators use open source email servers. + +As with postfix, enter the `doveconf` command to view the complete configuration. The file description is as follows: -* `dovecot.conf` is the main Dovecot configuration file +* **dovecot.conf**: The main configuration file of dovecot. - * Load other configuration files via `!include conf.d/*.conf`. - * The numeral prefix of the sub configuration file is to facilitate human understanding of its parsing order. + * Load sub configuration files through the method of `!include conf.d/*.conf`. Dovecot doesn’t care which settings are in which files. + * The Numeral prefix of the sub configuration file is to facilitate human understanding of its parsing order. * Due to historical reasons there are still some config files that are external to the main `dovecot.conf`, which are typically named `*.conf.ext`. * In the configuration file, you can use variables, which are divided into **Global variables** and **User variables**, starting with `%`. See [here](https://doc.dovecot.org/configuration_manual/config_file/config_variables/#config-variables). -* `10-auth.conf`: Authentication configuration. -* `10-logging.conf`. Logging configuration. -* `10-mail.conf`. Configuration of mailbox locations and namespaces. By default, the value of the user's mailbox location is empty, which means that Dovecot automatically looks for the mailbox location. When the user does not have any mail, you must explicitly tell Dovecot the location of all mailboxes. -* `10-metrics.conf`. Statistics configuration. -* `15-mailboxes.conf`. Configuration of mailboxes. -* `auth-sql.conf.ext`. SQL user configuration. +* **10-auth.conf**. Configuration related to identity authentication. +* **10-logging.conf**. Log related configuration. It can be very useful in performance analysis, software debugging, etc. +* **10-mail.conf**. Configuration of mailbox locations and namespaces. By default, the value of the user's mailbox location is empty, which means that Dovecot automatically looks for the mailbox location. When the user does not have any mail, you must explicitly tell Dovecot the location of all mailboxes. +* **10-metrics.conf**. Configuration related to statistical information. +* **15-mailboxes.conf**. Configuration of mailbox definition. +* **auth-sql.conf.ext**. Authentication for SQL users. #### Some important configuration file parameters -* `protocols = imap pop3 lmtp submission`: List of protocols to be used. -* `listen = *, ::`: A comma separated list of IPs or hosts where to listen in for connections. `*` listens in all IPv4 interfaces, `::` listens in all IPv6 interfaces. -* `disable_plaintext_auth = yes`: Whether to turn off plaintext authentication. -* `auth_mechanisms = `: The type of authentication mechanism to be used. Multiple values can be specified and separated by spaces. Values: plain, login, digest-md5, cram-md5, ntlm, rpa, apop, anonymous, gssapi, otp, skey, gss-spnego. -* `login_trusted_networks= `: Which IP networks are allowed to use Dovecot. It can be a single IP address, a network segment, or both. As an example: `login_trusted_networks = 10.1.1.0/24 192.168.100.2` -* `mail_location = `: For an empty value, Dovecot attempts to find the mailboxes automatically (looking at `~/Maildir`, `/var/mail/username`, `~/mail`, and `~/Mail`, in that order). However, auto-detection commonly fails for users whose mail directory hasn’t yet been created, so you should explicitly state the full location here, if possible. -* `mail_privileged_group = `: This group is enabled temporarily for privileged operations. Currently, this is used only with the INBOX when either its initial creation or dotlocking fails. Typically, this is set to `mail` to access `/var/mail`. +* `protocols = imap pop3 lmtp submission`. Dovecot supported protocols. +* `listen = *, ::`. A comma separated list of IPs or hosts where to listen in for connections. "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces. +* `disable_plaintext_auth = yes`. Whether to turn off the plaintext password for authentication. +* `auth_mechanisms = `. The type of authentication mechanism whose values can be multiple and separated by Spaces. Values: plain, login, digest-md5, cram-md5, ntlm, rpa, apop, anonymous, gssapi, otp, skey, gss-spnego. +* `login_trusted_networks= `. Which clients (MUA) are allowed to use Dovecot. It can be a separate IP address, it can be a network segment, or it can be mixed and separated by spaces. Like this-- `login_trusted_networks = 10.1.1.0/24 192.168.100.2` +* `mail_location = `. For an empty value, Dovecot attempts to find the mailboxes automatically (looking at ~/Maildir, /var/mail/username, ~/mail, and ~/Mail, in that order). However, auto-detection commonly fails for users whose mail directory hasn’t yet been created, so you should explicitly state the full location here, if possible. +* `mail_privileged_group = `. This group is enabled temporarily for privileged operations. Currently, this is used only with the INBOX when either its initial creation or dotlocking fails. Typically, this is set to "mail" to access /var/mail. #### Modify multiple files -First, edit the Dovecot configuration: - -```bash -Shell(192.168.100.7) > vim /etc/dovecot/dovecot.conf -``` - -Include the following: - ```bash +Shell(192.168.100.6) > vim /etc/dovecot/dovecot.conf +... protocols = imap pop3 lmtp listen = 192.168.100.6 +... ``` -Next, edit the mail storage configuration: - -```bash -Shell(192.168.100.7) > vim /etc/dovecot/conf.d/10-mail.conf -``` - -Include the following: - ```bash +Shell(192.168.100.6) > vim /etc/dovecot/conf.d/10-mail.conf +... # %u - username # %n - user part in user@domain, same as %u if there's no domain # %d - domain part in user@domain, empty if there's no domain # %h - home directory mail_location = maildir:/var/mail/vhosts/%d/%n +... mail_privileged_group = mail +... ``` -Create the mail directory: - -```bash -Shell(192.168.100.7) > mkdir -p /var/mail/vhosts/rockylinux.me -``` - -`rockylinx.me` refers to the domain name you are hosting. - -Add the Dovecot user and home directory: +Create related directories -- `mkdir -p /var/mail/vhosts/rockylinux.me`. `rockylinx.me` refers to the domain name you applied for (called domain or local domain in email). -```bash -Shell(192.168.100.7) > groupadd -g 2000 vmail -Shell(192.168.100.7) > useradd -g vmail -u 2000 -d /var/mail/ vmail -``` +Add related users and specify home directory -- `groupadd -g 2000 vmail && useradd -g vmail -u 2000 -d /var/mail/ vmail` -Change owner and group: - -```bash -Shell(192.168.100.7) > chown -R vmail:vmail /var/mail/ -``` +Change owner and group -- `chown -R vmail:vmail /var/mail/` Cancel the relevant comments on the file: @@ -642,55 +621,35 @@ userdb { !!! warning - Don't write the above grammar on one line, such as this: `userdb {driver = sql args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n}`. Otherwise, it won't work. - -Edit the `/etc/dovecot/dovecot-sql.conf.ext` file: - -```bash -Shell(192.168.100.7) > vim /etc/dovecot/dovecot-sql.conf.ext -``` + Don't write the above grammar on one line, such as this--"userdb {driver = sql args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n}". Otherwise, it won't work. -Add the following contents: +Create /etc/dovecot/dovecot-sql.conf.ext file and write related content: ```bash +Shell(192.168.100.6) > vim /etc/dovecot/dovecot-sql.conf.ext driver = mysql connect = host=192.168.100.5 dbname=mailserver user=mailrl password=mail.rockylinux.me default_pass_scheme = SHA512-CRYPT password_query = SELECT password FROM virtual_users WHERE email='%u' ``` -Now change the owner and group: -```bash -Shell(192.168.100.7) > chown -R vmail:dovecot /etc/dovecot -``` - -Then change folder permissions: - -```bash -Shell(192.168.100.7) > chmod -R 770 /etc/dovecot -``` - -Now, edit the authorization configuration file: - -```bash -Shell(192.168.100.7) > vim /etc/dovecot/conf.d/10-auth.conf -``` +Change owner and group -- `chown -R vmail:dovecot /etc/dovecot` -In the configuration file, add the following: +Change folder permissions -- `chmod -R 770 /etc/dovecot` ```bash +Shell(192.168.100.6) > vim /etc/dovecot/conf.d/10-auth.conf disable_plaintext_auth = yes +... auth_mechanisms = plain login +... +#!include auth-system.conf.ext !include auth-sql.conf.ext ``` ```bash -Shell(192.168.100.7) > vim /etc/dovecot/conf.d/10-master.conf -``` - -In the configuration file, add the following: - -```bash +Shell(192.168.100.6) > vim /etc/dovecot/conf.d/10-master.conf +... service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { mode = 0600 @@ -719,20 +678,16 @@ service auth-worker { ... ``` -Next enable Dovecot: - -```bash -Shell(192.168.100.7) > systemctl enable --now dovecot -``` +OK, use the command to start your service-- `systemctl start dovecot.service` !!! info - During the Dovecot initialization, the **/usr/libexec/dovecot/mkcert.sh** file is executed to generate a self-signed certificate. + During dovecot initialization, the **/usr/libexec/dovecot/mkcert.sh** file is executed to generate a self-signed certificate. -You can check the listening ports using the following command: +You can check the port occupancy using the following command: ```bash -Shell(192.168.100.7) > ss -tulnp +Shell(192.168.100.6) > ss -tulnp Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:* users:(("chronyd",pid=715,fd=5)) udp UNCONN 0 0 [::1]:323 [::]:* users:(("chronyd",pid=715,fd=6)) @@ -748,12 +703,10 @@ tcp LISTEN 0 100 192.168.100.6:465 tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=732,fd=4)) ``` -In the above output, the ports being used are: - - * By Postfix: 25, 587, 465 - * By Dovecot: 993, 995, 110, 143 +Ports occupied by postfix -- 25, 587, 465 +Ports occupied by dovecot -- 993, 995, 110, 143 -You can use the `doveadm` command to generate the relevant ciphertext password and insert it into the virtual\_users table. +You can use the `doveadm` command to generate the relevant ciphertext password and insert it into the virtual_users table. @@ -765,7 +718,7 @@ Shell(192.168.100.6) > doveadm pw -s SHA512-crypt -p twotestandtwo {SHA512-CRYPT}$6$TF7w672arYUk.fGC$enDafylYnih4q140B2Bu4QfEvLCQAiQBHXpqDpHQPHruil4j4QbLXMvctWHdZ/MpuwvhmBGHTlNufVwc9hG34/ ``` -Insert the relevant data on the 192.168.100.5 host: +Insert relevant data on the 192.168.100.5 host. ```sql Mysql > use mailserver; @@ -779,7 +732,7 @@ Mysql > insert into virtual_users(id,email,password,domain_id) values(2,'leeo@ma #### User's authentication -Use a client machine and change its preferred DNS to 192.168.100.7. The author uses Foxmail on Windows 10 as the mail client here. +Use another Windows10 computer and change its preferred DNS to 192.168.100.7. The author uses foxmail as the mail client here. On the main screen, select "Other Mailbox" --> "Manual" --> Enter the relevant content to complete. --> "Create" @@ -789,7 +742,7 @@ On the main screen, select "Other Mailbox" --> "Manual" --> Enter the relevant c #### Send an email -Use the **frank** user to attempt to send an email to a **leeo** user. +Use this user to attempt to send an email to a leeo user. ![test3](./email-images/test3.jpg)