diff --git a/docs/guides/email/02-basic-email-system.md b/docs/guides/email/02-basic-email-system.md index c94d2e9885..b4ee8f4dfa 100644 --- a/docs/guides/email/02-basic-email-system.md +++ b/docs/guides/email/02-basic-email-system.md @@ -1,12 +1,12 @@ --- title: Basic e-mail system auther: tianci li -contributors: Ganna Zhyrnova +contributors: Ganna Zhyrnova, Neel Chauhan --- # Overview -This document aims to provide the reader with a detailed understanding of the various components of an email system, including installation, basic configuration, and association. The recommendation is that you use an open source email server(s) in a production environment. +This document aims to provide the reader with a detailed understanding of the various components of an email system, including the installation and basic configuration of one. All commands in this document are executed using **root(uid=0)**. @@ -20,17 +20,19 @@ All commands in this document are executed using **root(uid=0)**. !!! info - Without a database, combining postfix+ dovecot will create a working email system. + Without a database, Postfix and Dovecot can still work for a small installation. ### Install and configure `bind` +First, install BIND: + ```bash Shell(192.168.100.7) > dnf -y install bind bind-utils ``` +Next, edit `/etc/named.conf`: + ```bash -# Modify the main configuration file -Shell(192.168.100.7) > vim /etc/named.conf options { listen-on port 53 { 192.168.100.7; }; ... @@ -40,14 +42,18 @@ options { ... include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; +``` +Check if the BIND configuration is correct. + +```bash Shell(192.168.100.7) > named-checkconf /etc/named.conf ``` +Now, edit `/etc/named.rfc1912.zones`: + ```bash -# Modify the zone file ## In practice, you can replace rockylinux.me with your domain name, such as rockylinux.org -Shell(192.168.100.7) > vim /etc/named.rfc1912.zones zone "rockylinux.me" IN { type master; file "rockylinux.localhost"; @@ -57,10 +63,11 @@ zone "rockylinux.me" IN { !!! question - **What is DNS zone?** A DNS zone is the specific portion of a DNS namespace that's hosted on a DNS server. A DNS zone contains resource records, and the DNS server responds to queries for records in that namespace. A DNS server can have multiple DNS zones. Simply put, a DNS zone is the equivalent of a book catalog. + **What is a DNS zone?** A DNS zone is aportion of the DNS namespace that's hosted on a DNS server. A DNS zone contains resource records, and a DNS server responds to queries for records in that namespace. A DNS server can have multiple DNS zones. Simply put, a DNS zone is analogous to a book catalog. + +First, initialize BIND: ```bash -# Modify data file Shell(192.168.100.7) > cp -p /var/named/named.localhost /var/named/rockylinux.localhost Shell(192.168.100.7) > vim /var/named/rockylinux.localhost $TTL 1D @@ -80,14 +87,18 @@ zone rockylinux.me/IN: loaded serial 0 OK ``` -Start your bind service - `systemctl start named.service` +Now, start BIND: + +```bash +Shell(192.168.100.7) > systemctl start named.service +``` -We can test whether the hosts under the domain name can resolve properly. +We can test if our server's DNS resolution is working: ```bash Shell(192.168.100.7) > systemctl start named.service Shell(192.168.100.7) > nmcli connection modify ens160 ipv4.dns "192.168.100.7,8.8.8.8" -Shell(192.168.100.7) > systemctl restart NetworkManager.service +Shell(192.168.100.7) # systemctl restart NetworkManager.service Shell(192.168.100.7) > dig mail.rockylinux.me ... @@ -106,9 +117,11 @@ dns.rockylinux.me. 86400 IN A 192.168.100.7 !!! info - one domain name cannot represent a specific host. + Our domain name cannot be our server's hostname. -### Install and configure `Mysql` +### Install and configure MySQL + +First, lets now install MySQL: ```bash Shell(192.168.100.5) > groupadd mysql && useradd -r -g mysql -s /sbin/nologin mysql @@ -127,9 +140,11 @@ Shell(192.168.100.5) > cd /usr/local/src/mysql-8.0.33 && mkdir build && cd build -DMYSQL_TCP_PORT=3306 \ -DWITH_BOOST=/usr/local/src/mysql-8.0.33/boost/ \ -DMYSQL_DATADIR=/usr/local/mysql/data \ -&& make && make install +&& make && make install ``` +Next, lets initialize MySQL: + ```bash Shell(192.168.100.5) > chown -R mysql:mysql /usr/local/mysql Shell(192.168.100.5) > chmod -R 755 /usr/local/mysql @@ -140,8 +155,9 @@ Shell(192.168.100.5) > /usr/local/mysql/bin/mysqld --initialize --user=mysql 2023-07-14T14:46:51.305307Z 6 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: pkqaXRuTn1/N ``` +Then, edit the `/etc/my.cnf` configuration as follows: + ```bash -Shell(192.168.100.5) > vim /etc/my.cnf [client] port=3306 socket=/tmp/mysql.sock @@ -154,9 +170,13 @@ basedir=/usr/local/mysql datadir=/usr/local/mysql/data user=mysql log-error=/usr/local/mysql/data/mysql_log.error +``` + +Now, enable and log into MySQL: -Shell(192.168.100.5) > /usr/local/mysql/bin/mysqld_safe --user=mysql & -Shell(192.168.100.5) > /usr/local/mysql/bin/mysql -u root --password="pkqaXRuTn1/N" +```bash +Shell(192.168.100.7) > systemctl enable --now mariadb +Shell(192.168.100.7) > mysql -u root -p ``` ```sql @@ -169,12 +189,14 @@ Mysql > grant all privileges on *.* to 'mailrl'@'%' with grant option; !!! info - You don't have to use the same method as the author. Installing Mysql from a repository or docker is also possible. + You can also install MySQL from a `dnf` repository or container. #### Create tables and insert data +Lets now create the tables required for Dovecot: + ```sql -Shell(192.168.100.5) > /usr/local/mysql/bin/mysql -u mailrl --password="mail.rockylinux.me" +Shell(192.168.100.5) > mysql -u mailrl --password="mail.rockylinux.me" Mysql > create database mailserver; @@ -210,32 +232,30 @@ Mysql > insert into virtual_aliases(id,domain_id,source,destination) values(1,1, Mysql > insert into virtual_aliases(id,domain_id,source,destination) values(2,1,'all@mail.rockylinux.me','leeo@mail.rockylinux.me'); ``` -Here I have not inserted the ciphertext password for the relevant email users, which requires the use of `doveadm pw -s SHA512-crypt -p twotestandtwo` command. See [here](#ap1) +The password entries for the relevant email users are not shown here, as it requires the use of `doveadm pw -s SHA512-crypt -p twotestandtwo` command. See [here](#ap1) #### Knowledge of SHA512 (SHA-2) -SHA-2 (Secure Hash Algorithm 2): A Cryptographic Hash function algorithm Standard. It is the successor to SHA-1. - -Main standards: +The main password hashing algorithms are: * SHA-0 * SHA-1 * SHA-2: Contains these -- SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256 * SHA-3 -In the SHA-2 encryption standard, the number in the algorithm refers to the digest length in bits. +In the SHA-2 hashing standard, the number in the algorithm refers to the digest length in bits. -It is well known that in RockyLinux 8 and other RHEL 8 variants, the algorithm used to encrypt user passwords is SHA-512. +It is well known that in Rocky Linux 8 and other RHEL 8 variants, the algorithm used to encrypt user passwords is SHA-512. ```bash -Shell(192.168.100.5) > grep -i method /etc/login.defs +Shell(192.168.100.7) > grep -i method /etc/login.defs ENCRYPT_METHOD SHA512 ``` We can see its structure in the /etc/shadow file: ```bash -Shell(192.168.100.5) > grep -i root /etc/shadow | cut -f 2 -d ":" +Shell(192.168.100.7) > grep -i root /etc/shadow | cut -f 2 -d ":" $6$8jpmvCw8RqNfHYW4$pOlsEZG066eJuTmNHoidtvfWHe/6HORrKkQPwv4eyFxqGXKEXhep6aIRxAtv7FDDIq/ojIY1SfWAQkk7XACeZ0 ``` @@ -248,22 +268,22 @@ Use the $ sign to separate the output text information. ### Install and configure `postfix` ```bash -Shell(192.168.100.6) > dnf -y install postfix postfix-mysql +dnf -y install postfix postfix-mysql ``` -After installing Postfix, the following files need to be know: +After installing Postfix, the following files need to be known: -* **/etc/postfix/main.cf**. The main and most important configuration file -* **/etc/postfix/master.cf**. Used to set runtime parameters for each component. In general, no changes are required, except when performance optimization is required. -* **/etc/postfix/access**. Access control file for SMTP. -* **/etc/postfix/transport**. Maps email addresses to relay hosts. +* `/etc/postfix/main.cf`: The main and most important configuration file +* `/etc/postfix/master.cf`: Used to set runtime parameters for each component. In general, no changes are required, except when performance optimization is required. +* `/etc/postfix/access`: Access control file for SMTP. +* `/etc/postfix/transport`: Maps email addresses to relay hosts. -You need to know these binary executable files: +These are the Postfix binaries: -* /**usr/sbin/postalias**. Alias database generation instruction. After this command is executed, /etc/aliases.db is generated based on the /etc/aliases file -* **/usr/sbin/postcat**. This command is used to view the mail content in the mail queue. -* **/usr/sbin/postconf**. Querying Configuration Information. -* **/usr/sbin/postfix**. The main daemon commands. It can be used as follows: +* `/usr/sbin/postalias`: this program generates the alias database in `/etc/aliases.db` based on the /etc/aliases file. +* `/usr/sbin/postcat` views the mail content in the mail queue. +* `/usr/sbin/postconf` queries the Postfix configuration. +* `/usr/sbin/postfix` is the main daemon. It can be used as follows: * `postfix check` * `postfix start` @@ -278,7 +298,7 @@ You need to know these binary executable files: #### Explanation of the /etc/postfix/main.cf file ```bash -Shell(192.168.100.6) > egrep -v "^#|^$" /etc/postfix/main.cf +Shell(192.168.100.7) > egrep -v "^#|^$" /etc/postfix/main.cf compatibility_level = 2 queue_directory = /var/spool/postfix command_directory = /usr/sbin @@ -313,38 +333,40 @@ meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix ``` -* **compatibility_level = 2**. A new mechanism introduced in Postfix 3 is designed to be compatible with previous versions. -* **data_directory = /var/lib/postfix**. The directory where the cached data is stored. -* **myhostname = host.domain.tld**. Important parameters that have been commented out. You need to change it to the hostname under your domain name. -* **mydomain = domain.tld**. Important parameters that have been commented out. You need to change it to your domain name. -* **myorigin = \$myhostname** and **myorigin = $mydomain**. Important parameters that have been commented out. The main function is to complement the sender's mail suffix. **\$** represents a reference parameter variable. -* **inet_interfaces = localhost**. When receiving mails, this parameter indicates the address to be listened. The value is usually modified to "all". -* **inet_protocols = all**. Enable IPv4, and IPv6 if supported -* **mydestination = \$myhostname, localhost.\$mydomain, localhost**. Indicates the reception of mail from the stated destination. -* **unknown_local_recipient_reject_code = 550**. The error code returned when sending to an account that does not exist local domain or rejecting an email. -* **mynetworks =**. Set which hosts' emails can be forwarded. -* **relay_domains = $mydestination**. Set which domains' emails can be forwarded. -* **alias_maps = hash:/etc/aliases**. It is used to define user aliases and requires database support. -* **alias_database = hash:/etc/aliases**. The database to be used by aliases. -* **home_mailbox = Maildir/**. Important parameters that have been commented out. This indicates where the local mailbox is stored. -* **debug_peer_level = 2**. Level of log records. -* **setgid_group = postdrop**. The group identifier used to submit emails or manage queues. - -Except for the parameter items mentioned or displayed above, some parameters are hidden and can be viewed through the `postconf` command. The most important parameters are: - -* **message_size_limit = 10240000**. Set the size of a single email (including the body and attachments). The unit of value is B (Bytes). -* **mailbox_size_limit = 1073741824**. Set the capacity limit for a single mailbox user. -* **smtpd_sasl_type = cyrus**. The type of SASL (Simple Authentication and Security Layer) authentication. You can use `postconf -a` to view. -* **smtpd_sasl_auth_enable = no**. Whether to enable SASL authentication. -* **smtpd_sasl_security_options = noanonymous**. Security options for SASL. Anonymous authentication is off by default. -* **smtpd_sasl_local_domain =**. The name of the local domain. -* **smtpd_recipient_restrictions =**. Filtering of recipients. The default value is empty. +The explanation of these parameters are: + +* `compatibility_level = 2`: Enable compatibility with Postfix 2.x configurations. +* `data_directory = /var/lib/postfix`. The Postfix cache directory. +* `myhostname = host.domain.tld`: **Important:** You need to change it to the hostname under your domain name. +* `mydomain = domain.tld`: **Important:** You need to change it to your domain name. +* `myorigin = $myhostname` and `myorigin = $mydomain`: **Important:** parameters that have been commented out. The main function is to complement the sender's mail suffix. `$` represents a reference parameter variable. +* `inet_interfaces = localhost`: The interfaces to listen to. This value is usually changed to "all". +* `inet_protocols = all`: Enable IPv4, and IPv6 if an address is found. +* `mydestination = \$myhostname, localhost.\$mydomain, localhost`: Indicates the mail server's destination hosts. +* `unknown_local_recipient_reject_code = 550`: The error code returned when receiving an email to an unknown destination or rejecting an email. +* `mynetworks =`: Set which networks we should accept emails from. +* `relay_domains = $mydestination`: Set which domains we should relay emails from. +* `alias_maps = hash:/etc/aliases`: List of our email server's aliases. +* `alias_database = hash:/etc/aliases`: The database to be used by aliases. +* `home_mailbox = Maildir/`: **Important**: Out local mailbox location. +* `debug_peer_level = 2`: Level of log records. +* `setgid_group = postdrop`: The Unix group for managing Postfix queues. + +Except for the parameter items mentioned or displayed above, some parameters are hidden and can be viewed through the `postconf` command. The most notable parameters are: + +* `message_size_limit = 10240000`. Maximum size for a single message in bytes. +* `mailbox_size_limit = 1073741824`: Maximum size of a user's mailbox. +* `smtpd_sasl_type = cyrus`: The IMAP server software used for SASL authentication. You can use `postconf -a` to view. +* `smtpd_sasl_auth_enable = no`: Whether to enable SASL authentication. +* `smtpd_sasl_security_options = noanonymous`. Security options for SASL. Anonymous authentication is off by default. +* `smtpd_sasl_local_domain =`. The local domain name. +* `smtpd_recipient_restrictions`. Recipient filtering options. The default value is empty. #### Modify /etc/postfix/main.cf +With the packages installed, you need to configure Postfix. Make the following changes in `/etc/postfix/main.cf`: + ```bash -Shell(192.168.100.6) > vim /etc/postfix/main.cf -... myhostname = mail.rockylinux.me mydomain = rockylinux.me myorigin = $myhostname @@ -361,10 +383,9 @@ virtual_transport = lmtp:unix:private/dovecot-lmtp virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-virtual-email2email.cf -... ``` -The final file content looks like this: +The final configuration should look like this: ```text compatibility_level = 2 @@ -414,31 +435,41 @@ meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix ``` -Create a file and write the relevant content: +Create and edit the following files: + +In `/etc/postfix/mysql-virtual-mailbox-domains.cf`: ```bash -Shell(192.168.100.6) > vim /etc/postfix/mysql-virtual-mailbox-domains.cf user = mailrl password = mail.rockylinux.me hosts = 192.168.100.5 dbname = mailserver query = SELECT 1 FROM virtual_domains WHERE name='%s' +``` + +In `/etc/postfix/mysql-virtual-mailbox-maps.cf`: -Shell(192.168.100.6) > vim /etc/postfix/mysql-virtual-mailbox-maps.cf +```bash user = mailrl password = mail.rockylinux.me hosts = 192.168.100.5 dbname = mailserver query = SELECT 1 FROM virtual_users WHERE email='%s' +``` + +In `/etc/postfix/mysql-virtual-alias-maps.cf`: -Shell(192.168.100.6) > vim /etc/postfix/mysql-virtual-alias-maps.cf +```bash user = mailrl password = mail.rockylinux.me hosts = 192.168.100.5 dbname = mailserver query = SELECT destination FROM virtual_aliases WHERE source='%s' +``` + +In `/etc/postfix/mysql-virtual-email2email.cf`: -Shell(192.168.100.6) > vim /etc/postfix/mysql-virtual-email2email.cf +```bash user = mailrl password = mail.rockylinux.me hosts = 192.168.100.5 @@ -448,34 +479,30 @@ query = SELECT email FROM virtual_users WHERE email='%s' !!! warning - If you encounter this kind of error after running `systemctl start postfix.service` -- "fatal: open lock file /var/lib/postfix/master.lock: unable to set exclusive lock: Resource temporarily unavailable." Please delete the existing **/var/lib/postfix/master.lock** file + If you encounter this kind of error after running `systemctl start postfix.service`: `fatal: open lock file /var/lib/postfix/master.lock: unable to set exclusive lock: Resource temporarily unavailable.` Please delete the existing `/var/lib/postfix/master.lock` file Testing Postfix configure: ```bash -Shell(192.168.100.6) > systemctl start postfix.service -Shell(192.168.100.6) > postfix check -Shell(192.168.100.6) > postfix status +Shell(192.168.100.7) > systemctl start postfix.service +Shell(192.168.100.7) > postfix check +Shell(192.168.100.7) > postfix status -# If the command return 1, it is successful. -Shell(192.168.100.6) > postmap -q mail.rockylinux.me mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf -Shell(192.168.100.6) > echo $? +Shell(192.168.100.7) > postmap -q mail.rockylinux.me mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf +Shell(192.168.100.7) > echo $? 1 - -Shell(192.168.100.6) > postmap -q frank@mail.rockylinux.me mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf -Shell(192.168.100.6) > echo $? +Shell(192.168.100.7) > postmap -q frank@mail.rockylinux.me mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf +Shell(192.168.100.7) > echo $? 1 - -Shell(192.168.100.6) > postmap -q all@mail.rockylinux.me mysql:/etc/postfix/mysql-virtual-alias-maps.cf +Shell(192.168.100.7) > postmap -q all@mail.rockylinux.me mysql:/etc/postfix/mysql-virtual-alias-maps.cf frank@mail.rockylinux.me,leeo@mail.rockylinux.me ``` #### Modify /etc/postfix/master.cf -The modified file looks like this: +The modified `/etc/postfix/master.cf` file looks like this: ```bash -Shell(192.168.100.6) > egrep -v "^#|^$" /etc/postfix/master.cf smtp inet n - n - - smtpd submission inet n - n - - smtpd -o syslog_name=postfix/submission @@ -500,21 +527,21 @@ smtps inet n - n - - smtpd -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING -... ``` -Finally execute the `systemctl restart postfix.service` command. At this point, the configuration of postfix is over. +Finally execute the `systemctl restart postfix.service` command. At this point, the configuration of Postfix is over. ### Install and configure `dovecot` ```bash -Shell(192.168.100.6) > dnf config-manager --enable devel && dnf -y install dovecot dovecot-devel dovecot-mysql +dnf config-manager --enable devel +dnf -y install dovecot dovecot-devel dovecot-mysql ``` -Without changing any files, the original directory structure is as follows: +Without changing any files, the default Dovecot directory structure is as follows: ```bash -Shell(192.168.100.6) > tree /etc/dovecot/ +Shell(192.168.100.7) > tree /etc/dovecot/ /etc/dovecot/ ├── conf.d │   ├── 10-auth.conf @@ -545,64 +572,86 @@ Shell(192.168.100.6) > tree /etc/dovecot/ └── dovecot.conf ``` -Yes, both Postfix and Dovecot have very complex configurations, so it is recommended that most GNU/Linux system administrators use open source email servers. - -As with postfix, enter the `doveconf` command to view the complete configuration. +As with Postfix, enter the `doveconf` command to view the complete configuration. The file description is as follows: -* **dovecot.conf**: The main configuration file of dovecot. +* `dovecot.conf` is the main Dovecot configuration file - * Load sub configuration files through the method of `!include conf.d/*.conf`. Dovecot doesn’t care which settings are in which files. - * The Numeral prefix of the sub configuration file is to facilitate human understanding of its parsing order. + * Load other configuration files via `!include conf.d/*.conf`. + * The numeral prefix of the sub configuration file is to facilitate human understanding of its parsing order. * Due to historical reasons there are still some config files that are external to the main `dovecot.conf`, which are typically named `*.conf.ext`. * In the configuration file, you can use variables, which are divided into **Global variables** and **User variables**, starting with `%`. See [here](https://doc.dovecot.org/configuration_manual/config_file/config_variables/#config-variables). -* **10-auth.conf**. Configuration related to identity authentication. -* **10-logging.conf**. Log related configuration. It can be very useful in performance analysis, software debugging, etc. -* **10-mail.conf**. Configuration of mailbox locations and namespaces. By default, the value of the user's mailbox location is empty, which means that Dovecot automatically looks for the mailbox location. When the user does not have any mail, you must explicitly tell Dovecot the location of all mailboxes. -* **10-metrics.conf**. Configuration related to statistical information. -* **15-mailboxes.conf**. Configuration of mailbox definition. -* **auth-sql.conf.ext**. Authentication for SQL users. +* `10-auth.conf`: Authentication configuration. +* `10-logging.conf`. Logging configuration. +* `10-mail.conf`. Configuration of mailbox locations and namespaces. By default, the value of the user's mailbox location is empty, which means that Dovecot automatically looks for the mailbox location. When the user does not have any mail, you must explicitly tell Dovecot the location of all mailboxes. +* `10-metrics.conf`. Statistics configuration. +* `15-mailboxes.conf`. Configuration of mailboxes. +* `auth-sql.conf.ext`. SQL user configuration. #### Some important configuration file parameters -* `protocols = imap pop3 lmtp submission`. Dovecot supported protocols. -* `listen = *, ::`. A comma separated list of IPs or hosts where to listen in for connections. "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces. -* `disable_plaintext_auth = yes`. Whether to turn off the plaintext password for authentication. -* `auth_mechanisms = `. The type of authentication mechanism whose values can be multiple and separated by Spaces. Values: plain, login, digest-md5, cram-md5, ntlm, rpa, apop, anonymous, gssapi, otp, skey, gss-spnego. -* `login_trusted_networks= `. Which clients (MUA) are allowed to use Dovecot. It can be a separate IP address, it can be a network segment, or it can be mixed and separated by spaces. Like this-- `login_trusted_networks = 10.1.1.0/24 192.168.100.2` -* `mail_location = `. For an empty value, Dovecot attempts to find the mailboxes automatically (looking at ~/Maildir, /var/mail/username, ~/mail, and ~/Mail, in that order). However, auto-detection commonly fails for users whose mail directory hasn’t yet been created, so you should explicitly state the full location here, if possible. -* `mail_privileged_group = `. This group is enabled temporarily for privileged operations. Currently, this is used only with the INBOX when either its initial creation or dotlocking fails. Typically, this is set to "mail" to access /var/mail. +* `protocols = imap pop3 lmtp submission`: List of protocols to be used. +* `listen = *, ::`: A comma separated list of IPs or hosts where to listen in for connections. `*` listens in all IPv4 interfaces, `::` listens in all IPv6 interfaces. +* `disable_plaintext_auth = yes`: Whether to turn off plaintext authentication. +* `auth_mechanisms = `: The type of authentication mechanism to be used. Multiple values can be specified and separated by spaces. Values: plain, login, digest-md5, cram-md5, ntlm, rpa, apop, anonymous, gssapi, otp, skey, gss-spnego. +* `login_trusted_networks= `: Which IP networks are allowed to use Dovecot. It can be a single IP address, a network segment, or both. As an example: `login_trusted_networks = 10.1.1.0/24 192.168.100.2` +* `mail_location = `: For an empty value, Dovecot attempts to find the mailboxes automatically (looking at `~/Maildir`, `/var/mail/username`, `~/mail`, and `~/Mail`, in that order). However, auto-detection commonly fails for users whose mail directory hasn’t yet been created, so you should explicitly state the full location here, if possible. +* `mail_privileged_group = `: This group is enabled temporarily for privileged operations. Currently, this is used only with the INBOX when either its initial creation or dotlocking fails. Typically, this is set to `mail` to access `/var/mail`. #### Modify multiple files +First, edit the Dovecot configuration: + +```bash +Shell(192.168.100.7) > vim /etc/dovecot/dovecot.conf +``` + +Include the following: + ```bash -Shell(192.168.100.6) > vim /etc/dovecot/dovecot.conf -... protocols = imap pop3 lmtp listen = 192.168.100.6 -... ``` +Next, edit the mail storage configuration: + +```bash +Shell(192.168.100.7) > vim /etc/dovecot/conf.d/10-mail.conf +``` + +Include the following: + ```bash -Shell(192.168.100.6) > vim /etc/dovecot/conf.d/10-mail.conf -... # %u - username # %n - user part in user@domain, same as %u if there's no domain # %d - domain part in user@domain, empty if there's no domain # %h - home directory mail_location = maildir:/var/mail/vhosts/%d/%n -... mail_privileged_group = mail -... ``` -Create related directories -- `mkdir -p /var/mail/vhosts/rockylinux.me`. `rockylinx.me` refers to the domain name you applied for (called domain or local domain in email). +Create the mail directory: + +```bash +Shell(192.168.100.7) > mkdir -p /var/mail/vhosts/rockylinux.me +``` + +`rockylinx.me` refers to the domain name you are hosting. + +Add the Dovecot user and home directory: -Add related users and specify home directory -- `groupadd -g 2000 vmail && useradd -g vmail -u 2000 -d /var/mail/ vmail` +```bash +Shell(192.168.100.7) > groupadd -g 2000 vmail +Shell(192.168.100.7) > useradd -g vmail -u 2000 -d /var/mail/ vmail +``` -Change owner and group -- `chown -R vmail:vmail /var/mail/` +Change owner and group: + +```bash +Shell(192.168.100.7) > chown -R vmail:vmail /var/mail/ +``` Cancel the relevant comments on the file: @@ -619,37 +668,57 @@ userdb { ... ``` -!!! warning +!!! warning "Warning" + + Don't write the above grammar on one line, such as this: `userdb {driver = sql args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n}`. Otherwise, it won't work. + +Edit the `/etc/dovecot/dovecot-sql.conf.ext` file: - Don't write the above grammar on one line, such as this--"userdb {driver = sql args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n}". Otherwise, it won't work. +```bash +Shell(192.168.100.7) > vim /etc/dovecot/dovecot-sql.conf.ext +``` -Create /etc/dovecot/dovecot-sql.conf.ext file and write related content: +Add the following contents: ```bash -Shell(192.168.100.6) > vim /etc/dovecot/dovecot-sql.conf.ext driver = mysql connect = host=192.168.100.5 dbname=mailserver user=mailrl password=mail.rockylinux.me default_pass_scheme = SHA512-CRYPT password_query = SELECT password FROM virtual_users WHERE email='%u' ``` -Change owner and group -- `chown -R vmail:dovecot /etc/dovecot` +Now change the owner and group: +```bash +Shell(192.168.100.7) > chown -R vmail:dovecot /etc/dovecot +``` + +Then change folder permissions: + +```bash +Shell(192.168.100.7) > chmod -R 770 /etc/dovecot +``` -Change folder permissions -- `chmod -R 770 /etc/dovecot` +Now, edit the authorization configuration file: + +```bash +Shell(192.168.100.7) > vim /etc/dovecot/conf.d/10-auth.conf +``` + +In the configuration file, add the following: ```bash -Shell(192.168.100.6) > vim /etc/dovecot/conf.d/10-auth.conf disable_plaintext_auth = yes -... auth_mechanisms = plain login -... -#!include auth-system.conf.ext !include auth-sql.conf.ext ``` ```bash -Shell(192.168.100.6) > vim /etc/dovecot/conf.d/10-master.conf -... +Shell(192.168.100.7) > vim /etc/dovecot/conf.d/10-master.conf +``` + +In the configuration file, add the following: + +```bash service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { mode = 0600 @@ -678,16 +747,20 @@ service auth-worker { ... ``` -OK, use the command to start your service-- `systemctl start dovecot.service` +Next enable Dovecot: + +```bash +Shell(192.168.100.7) > systemctl enable --now dovecot +``` !!! info - During dovecot initialization, the **/usr/libexec/dovecot/mkcert.sh** file is executed to generate a self-signed certificate. + During the Dovecot initialization, the **/usr/libexec/dovecot/mkcert.sh** file is executed to generate a self-signed certificate. -You can check the port occupancy using the following command: +You can check the listening ports using the following command: ```bash -Shell(192.168.100.6) > ss -tulnp +Shell(192.168.100.7) > ss -tulnp Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:* users:(("chronyd",pid=715,fd=5)) udp UNCONN 0 0 [::1]:323 [::]:* users:(("chronyd",pid=715,fd=6)) @@ -703,10 +776,12 @@ tcp LISTEN 0 100 192.168.100.6:465 tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=732,fd=4)) ``` -Ports occupied by postfix -- 25, 587, 465 -Ports occupied by dovecot -- 993, 995, 110, 143 +In the above output, the ports being used are: + + * By Postfix: 25, 587, 465 + * By Dovecot: 993, 995, 110, 143 -You can use the `doveadm` command to generate the relevant ciphertext password and insert it into the virtual_users table. +You can use the `doveadm` command to generate the relevant ciphertext password and insert it into the virtual\_users table. @@ -718,7 +793,7 @@ Shell(192.168.100.6) > doveadm pw -s SHA512-crypt -p twotestandtwo {SHA512-CRYPT}$6$TF7w672arYUk.fGC$enDafylYnih4q140B2Bu4QfEvLCQAiQBHXpqDpHQPHruil4j4QbLXMvctWHdZ/MpuwvhmBGHTlNufVwc9hG34/ ``` -Insert relevant data on the 192.168.100.5 host. +Insert the relevant data on the 192.168.100.5 host: ```sql Mysql > use mailserver; @@ -732,7 +807,7 @@ Mysql > insert into virtual_users(id,email,password,domain_id) values(2,'leeo@ma #### User's authentication -Use another Windows10 computer and change its preferred DNS to 192.168.100.7. The author uses foxmail as the mail client here. +Use a client machine and change its preferred DNS to 192.168.100.7. The author uses Foxmail on Windows 10 as the mail client here. On the main screen, select "Other Mailbox" --> "Manual" --> Enter the relevant content to complete. --> "Create" @@ -742,7 +817,7 @@ On the main screen, select "Other Mailbox" --> "Manual" --> Enter the relevant c #### Send an email -Use this user to attempt to send an email to a leeo user. +Use the **frank** user to attempt to send an email to a **leeo** user. ![test3](./email-images/test3.jpg)