Linux - Setup Rocky 9 SMTP Server
System Configuration
Upgrade Current System
dnf install epel-release -y
dnf upgrade -y
Configure SELinux
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
Disable Firewall
systemctl disable firewalld.service
Install Core Tools
dnf install bind-utils bzip2 cups cifs-utils enscript ftp gdb ghostscript java-1.8.0-openjdk-headless java-11-openjdk-headless krb5-workstation ksh lftp lrzsz lsof libnsl lzop mariadb-server mlocate mutt ncompress net-tools net-snmp net-snmp-utils net-tools nfs-utils nmap nvme-cli openldap-clients openssh-clients psmisc realmd rsync samba-client strace sysstat tcpdump telnet telnet-server tmux unix2dos vim vim-enhanced vsftpd wget xfsdump vsftpd htop mc rsyslog rsyslog-doc postfix dbus-daemon s-nail dovecot -y
Configure Virtual Tool
dnf install open-vm-tools -y
sysctl vm.swappiness=10
Time Sync
systemctl enable --now chronyd
Configure Postfix
Postfix Settings
We now have to configure Postfix. One thing to keep in mind is that we're configuring Postfix to only send email, not receive it (as that is a far more complicated topic that requires considerable setup time and understanding to prevent the server from becoming an open relay, which could lead to a serious spam issue). Because of this, we can skip setting up Postfix to listen and instead go right to the hostname.
The Postfix hostname must be set to match the system hostname. We'll use the mail.example.com address (so make sure to change this to match your hostname). Set that hostname with the command:
sudo postconf -e "myhostname = mail.yourdomain.com"
Make sure to check that the apex domain (aka root domain) is correct with the command:
postconf mydomain
The apex domain for our example should be listed as http://example.com . If not, set it with:
sudo postconf -e "mydomain = example.com"
Set the myorigin parameter with:
sudo postconf -e "myorigin = $mydomain"
Set to allow all IP to access the server with:
sudo postconf -e "inet_interfaces = all"
Set to only allow IPv4 to use this server with:
sudo postconf -e "inet_protocols = ipv4"
Set the mydestination parameter with:
sudo postconf -e "mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain"
Set the allowed IP address to relay on this server with:
sudo postconf -e "mynetworks = 127.0.0.0/8, 10.0.0.0/24, 192.168.0.0/16"
Set the mail folder with:
sudo postconf -e "home_mailbox = Maildir/"
sudo postconf -e "smtpd_banner = $myhostname ESMTP"
Set to disable verify with:
sudo postconf -e "disable_vrfy_command = yes"
Set to require the HELO for senders with:
sudo postconf -e "smtpd_helo_required = yes"
Set the message limit for example 10MB with:
sudo postconf -e "message_size_limit = 10240000"
Set SMTP Authentication with:
sudo postconf -e "smtpd_sasl_type = dovecot"
sudo postconf -e "smtpd_sasl_path = private/auth"
sudo postconf -e "smtpd_sasl_auth_enable = yes"
sudo postconf -e "smtpd_sasl_security_options = noanonymous"
sudo postconf -e "smtpd_sasl_local_domain = $myhostname"
sudo postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, reject"
With these taken care of, restart Postfix with:
sudo systemctl restart postfix
Extra Authentications
Configure additional settings for Postfix if you need.
It's possible to reject many spam emails with the settings below.
However, you should consider to apply the settings, because sometimes normal emails are also rejected with them. Especially, there are SMTP servers that forward lookup and reverse lookup of their hostnames on DNS do not match even if they are not spammers.
sudo postconf -e "smtpd_client_restrictions = permit_mynetworks, reject_unknown_client_hostname, permit"
sudo postconf -e "smtpd_sender_restrictions = permit_mynetworks, reject_unknown_sender_domain,reject_non_fqdn_sender"
sudo postconf -e "smtpd_helo_restrictions = permit_mynetworks, reject_unknown_hostname,reject_non_fqdn_hostname, reject_invalid_hostname, permit"
Enable Postfix
sudo systemctl enable --now postfix
Configure Dovecot
Dovecot Settings
This example shows to configure to provide SASL function to Postfix.
vi /etc/dovecot/dovecot.conf and uncomment and if not use IPv6, remove [::]
listen = *, ::
vi /etc/dovecot/conf.d/10-auth.conf and uncomment and change for the case you allow plain text auth
disable_plaintext_auth = no
and then add login to
auth_mechanisms = plain login
vi /etc/dovecot/conf.d/10-mail.conf and uncomment and add
mail_location = maildir:~/Maildir
vi /etc/dovecot/conf.d/10-master.conf and uncomment and add like follows Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
vi /etc/dovecot/conf.d/10-ssl.conf and change to use SSL if available but not require SSL
ssl = yes
Enable Dovecot
sudo systemctl enable --now dovecot
Test the setup
Now that everything is set up, test Postfix by sending an email from the command line like so:
echo "Rocky Linux Rocks" | sendmail EMAIL
Where EMAIL is a valid email address.
If you receive the email, congratulate yourself on a job well done. If the email fails to arrive, you might need to verify if your DNS records are correct and the changes have taken effect (they can take up to 24 hours). You can also check the maillog with a command like:
tail -f /var/log/maillog
With the tail running, open another terminal window and attempt to send another email to see what kind of logs are written. From that information, you can start troubleshooting any issues that are causing problems.
Used ref from
https://www.server-world.info/en/note?os=Rocky_Linux_8&p=mail&f=1
https://www.server-world.info/en/note?os=Rocky_Linux_8&p=mail&f=2