[LINUX] Create an account from CentOS mail server construction

I send an email from Postfix, but the email does not reach Outlook.com in Office 365, Because it was an error Send to Cancellation Request Form Necessary in the process of delaying mail, I will write the method from building a mail server to creating an account so that you can receive mail.

List of sites that I referred to Build a mail server in the CentOS 7 environment Mail server construction procedure (Postfix / Dovecot) A memo that even beginners can do [Mail server construction (Postfix + Dovecot)] (https://centossrv.com/postfix.shtml) [Mail user account registration # 2] (https://www.server-world.info/query?os=CentOS_7&p=mail&f=10)

Version CentOS Linux release 7.3.1611 (Core)

■ Postfix installation

[[email protected] ~]# yum -y install postfix ← Postfix installation

■ Postfix settings (1) Postfix settings

[[email protected] ~]# vi /etc/postfix/main.cf ← Postfix configuration file editing
# INTERNET HOST AND DOMAIN NAMES
#
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
myhostname = mail.centossrv.com ← added(Specify your own FQDN name)

# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
#mydomain = domain.tld
mydomain = centossrv.com ← added(Specify your domain name)

# SENDING MAIL
#
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites.  If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# [email protected]
#
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#
#myorigin = $myhostname
#myorigin = $mydomain
myorigin = $mydomain ← added(Sender's email address when sending a local [email protected] domain name after)

# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on.  By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to [email protected][ip.address].
#
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
#
# Note: you need to stop/start Postfix when this parameter changes.
#
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
inet_interfaces = localhost
↓
inet_interfaces =all ← change(Allow emails from outside)

# The mydestination parameter specifies the list of domains that this# machine considers itself the final destination for.
#
# These domains are routed to the delivery agent specified with the
# local_transport parameter setting. By default, that is the UNIX
# compatible delivery agent that lookups all recipients in /etc/passwd
# and /etc/aliases or their equivalent.
#
# The default is $myhostname + localhost.$mydomain.  On a mail domain
# gateway, you should also include $mydomain.
#
# Do not specify the names of virtual domains - those domains are
# specified elsewhere (see VIRTUAL_README).
#
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# STANDARD_CONFIGURATION_README).
#
# The local machine is always the final destination for mail addressed
# to [email protected][the.net.work.address] of an interface that the mail system
# receives mail on (see the inet_interfaces parameter).
#
# Specify a list of host or domain names, /file/name or type:table
# patterns, separated by commas and/or whitespace. A /file/name
# pattern is replaced by its contents; a type:table is matched when
# a name matches a lookup key (the right-hand side is ignored).
# Continue long lines by starting the next line with whitespace.
#
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#
mydestination = $myhostname, localhost.$mydomain, localhost
↓
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain ← change(Make it possible to receive emails addressed to your domain)
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
#       mail.$mydomain, www.$mydomain, ftp.$mydomain

# DELIVERY TO MAILBOX
#
# The home_mailbox parameter specifies the optional pathname of a
# mailbox file relative to a user's home directory. The default
# mailbox file is /var/spool/mail/user or /var/mail/user.  Specify
# "Maildir/" for qmail-style delivery (the / is required).
#
#home_mailbox = Mailbox
#home_mailbox = Maildir/
home_mailbox = Maildir/← Addition(Change the mail storage format to Maildir format)

# SHOW SOFTWARE VERSION OR NOT
#
# The smtpd_banner parameter specifies the text that follows the 220
# code in the SMTP server's greeting banner. Some people like to see
# the mail version advertised. By default, Postfix shows no version.
#
# You MUST specify $myhostname at the start of the text. That is an
# RFC requirement. Postfix itself does not care.
#
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_banner = $myhostname ESMTP unknown ← added(Concealment of mail server software name)

Add the following to the last line(SMTP authentication settings)
smtpd_sasl_auth_enable = yes

smtpd_recipient_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_destination

Add the following to the last line(Incoming mail size limit)
message_size_limit =10485760 ← added(Received mail size 10MB=10*1024*Limited to 1024)

[[email protected] ~]# vi /etc/postfix/master.cf ← master.cf edit
submission inet n       -       n       -       -smtpd ← at the beginning of the line#Delete and uncomment(SUBMISSION port enabled)
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes ← at the beginning of the line#Delete and uncomment(Enable SMTP authentication on the SUBMISSION port)

(2) SMTP authentication settings When using the system user name and password for SMTP authentication

[[email protected] ~]# yum -y install cyrus-sasl ← cyrus-sasl installation
[[email protected] ~]#systemctl start saslauthd ← start saslauthd
[[email protected] ~]#systemctl enable saslauthd ← saslauthd automatic start setting

# vim /etc/sasl2/smtpd.conf
Changed from saslauthd to auxprop
pwcheck_method: auxprop
mech_list: plain login

(3) Create Maildir format mailbox Postfix's mail storage format is a shared directory format (a format in which all mail is stored in a file called "/ var / spool / mail / user name"), but it will be moved to the Maildir format from the viewpoint of improving access performance and security. ..

[New user handling] Maildir format mailbox is automatically created in the home directory when a new user is added

[[email protected] ~]# mkdir -p /etc/skel/Maildir/{new,cur,tmp}← Automatically creates a Maildir format mailbox when a new user is added
[[email protected] ~]# chmod -R 700 /etc/skel/Maildir/← Mailbox permission setting
  1. Discard mail addressed to non-existent users When the mail server receives a mail addressed to a non-existent user, it tries to return the undelivered mail due to unknown address to the sender, but it may be intentionally sent to the user who does not have the junk mail disguised as the sender. , In this case, since the sender is spoofed, the undelivered mail itself will be undelivered and the mail will stay in the queue (can be confirmed with the mailq command). Eventually, the transmission of undelivered mail is repeatedly discarded for a certain period of time, but when a large amount of such unsolicited mail is sent, a large amount of mail accumulates in the queue, and the accumulated large amount of undelivered mail is resent. , Since the server itself may become overloaded and stop functioning, mails addressed to non-existent users should be discarded. In addition, if a legitimate user sends an e-mail with the wrong address, there is a concern that the undelivered e-mail will not be returned and you will not notice that you made a mistake in the address, but under the current security situation, the address has no delivery record. This concern should be ignored, as it is common to confirm delivery of emails to.
[[email protected] ~]# vi /etc/postfix/main.cf ← Postfix configuration file editing
Add the following to the last line(Emails addressed to non-existent users are unknown_Delivery to user)
local_recipient_maps =
luser_relay = [email protected]

[[email protected] ~]# echo unknown_user: /dev/null >> /etc/aliases ← unknown_Discard user mail
[[email protected] ~]# newaliases ← /etc/aliases change reflection

■ Start Postfix (1) Start Postfix

[[email protected] ~]#systemctl restart postfix ← Postfix restart * In case of CentOS7
[[email protected] ~]#systemctl enable postfix ← Postfix automatic startup setting * For CentOS 7

■ Dovecot installation

[[email protected] ~]# yum -y install dovecot ← Dovecot installation

■ Dovecot settings

[[email protected] ~]# vi /etc/dovecot/conf.d/10-mail.conf ← 10-mail.conf edit
# Location for users' mailboxes. The default is empty, which means that Dovecot
# tries to find the mailboxes automatically. This won't work if the user
# doesn't yet have any mail, so you should explicitly tell Dovecot the full
# location.
#
# If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u)
# isn't enough. You'll also need to tell Dovecot where the other mailboxes are
# kept. This is called the "root mail directory", and it must be the first
# path given in the mail_location setting.
#
# There are a few special variables you can use, eg.:
#
#   %u - username
#   %n - user part in [email protected], same as %u if there's no domain
#   %d - domain part in [email protected], empty if there's no domain
#   %h - home directory
#
# See doc/wiki/Variables.txt for full list. Some examples:
#
#   mail_location = maildir:~/Maildir
#   mail_location = mbox:~/mail:INBOX=/var/mail/%u
#   mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n
#
# 
#
#mail_location =
mail_location = maildir:~/Maildir ← added(Change the mail storage format to Maildir format)

# ':' separated list of directories under which chrooting is allowed for mail
# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too).
# This setting doesn't affect login_chroot, mail_chroot or auth chroot
# settings. If this setting is empty, "/./" in home dirs are ignored.
# WARNING: Never add directories here which local users can modify, that
# may lead to root exploit. Usually this should be done only if you don't
# allow shell access for users. 
#valid_chroot_dirs =
valid_chroot_dirs = /home ← added * OpenSSH+Only if you have Chroot installed

[[email protected] ~]# vi /etc/dovecot/conf.d/10-auth.conf ← 10-auth.conf edit
# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
#disable_plaintext_auth = yes
disable_plaintext_auth =no ← added(Allow plain text authentication)
* Recommended to introduce encryption of communication content between mail servers

[[email protected] ~]# vi /etc/dovecot/conf.d/10-ssl.conf ← 10-ssl.conf edit
# SSL/TLS support: yes, no, required. 
# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
# plain imap and pop3 are still allowed for local connections
ssl =no ← SSL connection disabled
* Recommended to introduce encryption of communication content between mail servers

■ Start Dovecot (1) Start Dovecot

[[email protected] ~]#systemctl start dovecot ← Dovecot start * For CentOS 7
[[email protected] ~]#systemctl enable dovecot ← Dovecot automatic start setting * For CentOS 7

(2) Open TCP 110 (for POP) or TCP 143 (for IMAP) port 【router】 Set the router to forward access to TCP 110 (for POP) or TCP 143 (for IMAP) port to the server.

[Firewall] * Only when a firewall is installed Allow access to TCP 110 (for POP) or TCP 143 (for IMAP) port in the server-side firewall settings.

■ Add mail user Add the email user centos (email address: [email protected]) as an example.

[[email protected] ~]#useradd centos ← Add user * When enabling remote connection by SSH
[[email protected] ~]# useradd -s /sbin/nologin centos ← Add user * When enabling remote connection by SSH
[[email protected] ~]#passwd centos ← password setting
Changing password for user centos.
New UNIX password:← Password response
Retype new UNIX password:← Password response(Verification)
passwd: all authentication tokens updated successfully.
The following is only when using individual user name and password for SMTP authentication
[[email protected] ~]# echo "password" | saslpasswd2 -p -u centos.centossrv.com -c centos ← SMTP認証用ユーザー/password登録
[[email protected] ~]#sasldblistusers2 ← SMTP authentication user / password confirmation
[email protected]: userPassword
[[email protected] ~]# chgrp postfix /etc/sasldb2 ← /etc/Change sasldb2 owned group to postfix * Only the first time
* When deleting the user / password for SMTP authentication
[[email protected] ~]# saslpasswd2 -d centos -u centos.centossrv.com ← Delete user / password for SMTP authentication

■ Mail server operation check (when doing with CUI)

Sender

$ telnet localhost 25  #Access by SMTP
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail.bobo.com ESMTP unknown

HELO bobo.com              #Successful access
502 5.5.2 Error: command not recognized

MAIL FROM: [email protected]         #Sender email address
250 2.1.0 Ok

RCPT TO: [email protected]          #RCPT TO verification
250 2.1.5 Ok

DATA                   #Describe the content of the email from here
354 End data with .
From: [email protected]            #Destination email address
Subject: test               #subject
Hello wrold.               #Contents of the email from here ↓
test
test
test
test
.                     #End (period)

250 2.0.0 Ok: queued as 576F6245A
QUIT                   #End of mail (send)
221 2.0.0 Bye
Connection closed by foreign host.
$

Confirm that the email was sent normally in the log.

$ less /var/log/maillog
Jan 10 17:51:19 t-bobo011 postfix/smtpd[24686]: connect from localhost[::1]
Jan 10 17:51:55 t-bobo011 postfix/smtpd[24686]: 576F6245A: client=localhost[::1]
Jan 10 17:52:50 t-bobo011 postfix/cleanup[24691]: 576F6245A: message-id=<[email protected]>
Jan 10 17:52:50 t-bobo011 postfix/qmgr[12693]: 576F6245A: from=<[email protected]>, size=369, nrcpt=1 (queue active)
Jan 10 17:52:50 t-bobo011 postfix/local[24694]: 576F6245A: to=<[email protected]>, relay=local, delay=69, delays=69/0.01/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
Jan 10 17:52:50 t-bobo011 postfix/qmgr[12693]: 576F6245A: removed

Receiver

$ telnet localhost 110    #Access with POP3
Trying ::1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot ready.
USER bobo       #User input
+OK
PASS cocobat5555    #Enter user password
+OK Logged in.
LIST          #Message list confirmation
+OK 5 messages:
1 422
2 455
3 429
4 322
5 458
.
RETR 5         #Check the 5th message
+OK 458 octets
Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]bo.com
Received: from localhost (localhost [IPv6:::1])
        by mail.bobo.com (Postfix) with SMTP id 576F6245A
        for <[email protected]>; Fri, 10 Jan 2014 17:51:41 +0900 (JST)
From: [email protected]
Subject: test
Message-Id: <[email protected]>
Date: Fri, 10 Jan 2014 17:51:41 +0900 (JST)
To: undisclosed-recipients:;
 
Hello wrold.
test
test
test
test
 
.
QUIT         #End
+OK Logging out.
Connection closed by foreign host.
$

Confirm that the email was received normally in the log.

$ less /var/log/maillog
Jan 10 17:58:29 t-bobo011 dovecot: pop3-login: Login: user=, method=PLAIN, rip=::1, lip=::1, mpid=24714, secured
Jan 10 17:59:05 t-bobo011 dovecot: pop3(bobo): Disconnected: Logged out top=0/0, retr=1/474, del=0/5, size=2086

■ Mail client settings (when setting the incoming mail server to POP) If you use mail at multiple locations such as your home or office and you do not need to synchronize your mailboxes (eg, you do not need to be able to receive emails received at your office at home), POP to the incoming mail server. To use. Here, Thunderbird is used as the mail software.

Start Thunderbird and set up your email account in the menu "File" ⇒ "New" ⇒ "Existing Email Account" "Your name" ⇒ Display name (Example: [email protected]) "Email address" ⇒ Email address (Example: [email protected]) "Password" ⇒ Password "to continue" Select "Receiving server" ⇒ "POP3" "Incoming server"-"Server host name" ⇒ Mail server name (Example: mail.centossrv.com) Select "Incoming server"-"Port number" ⇒ "110" Select "Incoming server"-"SSL" ⇒ "No connection protection" Select "Incoming server"-"Authentication method" ⇒ "Normal password authentication" "Outgoing server"-"Server host name" ⇒ Mail server name (Example: mail.centossrv.com) Select "Outgoing server"-"Port number" ⇒ "587" Select "Outgoing server"-"SSL" ⇒ "No connection protection" Select "Outgoing server"-"Authentication method" ⇒ "Normal password authentication" "retest" Confirm that "The following account settings were found by examining the specified server" is displayed and click "Finish". Check "I understand the dangers of connecting" and "Done"

■ Mail client settings (when setting the incoming mail server to IMAP) If you use mail at multiple locations such as your home or office and want to synchronize your mailboxes (eg, if you want to receive emails received at your office at home), use IMAP as your incoming mail server. Here, Thunderbird is used as the mail software.

Start Thunderbird and set up your email account in the menu "File" ⇒ "New" ⇒ "Existing Email Account"

"Your name" ⇒ Display name (Example: [email protected]) "Email address" ⇒ Email address (Example: [email protected]) "Password" ⇒ Password "to continue" Select "Incoming Server" ⇒ "IMAP" "Incoming server"-"Server host name" ⇒ Mail server name (Example: mail.centossrv.com) Select "Incoming server"-"Port number" ⇒ "143" Select "Incoming server"-"SSL" ⇒ "No connection protection" Select "Incoming server"-"Authentication method" ⇒ "Normal password authentication" "Outgoing server"-"Server host name" ⇒ Mail server name (Example: mail.centossrv.com) Select "Outgoing server"-"Port number" ⇒ "587" Select "Outgoing server"-"SSL" ⇒ "No connection protection" Select "Outgoing server"-"Authentication method" ⇒ "Normal password authentication" "retest" Confirm that "The following account settings were found by examining the specified server" is displayed and click "Finish". Check "I understand the dangers of connecting" and "Done"

■ Mail server confirmation □ Sending and receiving emails between the same users internally □ Sending and receiving emails between other users internally □ Sending and receiving internally to and from the outside (provider's email address, etc.) □ Sending and receiving with mobile phones internally * □ Sending and receiving emails between the same users outside (company, etc.) □ Sending and receiving emails between other users outside (company, etc.) □ Sending and receiving from outside (company etc.) to outside (provider's email address etc.) □ Sending and receiving with mobile phones outside (company, etc.) *

■ E-mail unauthorized relay refusal test In the Open Relay Test, enter the host name of your home server (eg centossrv.com) in "Mail Server" and press the "Check for Open Relay" button. 18 types of tests are performed, and it is OK if Relay NOT Accepted is displayed for all tests.

Recommended Posts

Create an account from CentOS mail server construction
Linux server construction link summary (CentOS7)
Send an email from the VirtualBox CentOS 8 server using your Google account as the sending address and using the app password
[Python pandas] Create an empty DataFrame from an existing DataFrame
CentOS8 server construction (network opening and package update)
Create an API server quickly with Python + Falcon
Create a Word Cloud from an academic program
Linux (CentOS) construction
[CentOS 7.3] Build an FTP server on the ESXi host
Create an animated GIF local server with Python + Flask
How to create an article from the command line
Mailman delivers all mail posted from a particular mail server
Create a home music server with Centos8 + Universal Media Server