Installing and configuring SSL on Postfix/Dovecot Mail Server on centos 7
Postfix is a free and open-source mail transfer agent (MTA) that routes and delivers electronic mail, intended as an alternative to Sendmail MTA. Postfix is released under the IBM Public License 1.0 which is a free software license.
Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems, written primarily with security in mind. Developed by Timo Sirainen, Dovecot was first released in July 2002. Dovecot primarily aims to be a lightweight, fast and easy to set up open source mailserver
yum -y install postfix dovecot
gedit /etc/postfix/main.cf
myhostname = mail.yourdomain.com
mydomain = yourdomain.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 127.0.0.0/8
home_mailbox = Maildir/
574 -smtpd_banner = $myhostname ESMTP
message_size_limit = 10485760
mailbox_size_limit = 1073741824
# for SMTP-Auth
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks,permit_auth_destination,permit_sasl_authenticated,reject
firewall-cmd –add-service=smtp –permanent && firewall-cmd –reload
systemctl restart postfix && systemctl enable postfix
gedit /etc/dovecot/dovecot.conf
protocols = imap pop3 lmtp
listen = *
gedit /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no
auth_mechanisms = plain login
gedit /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir
gedit /etc/dovecot/conf.d/10-master.conf
unix_listener /var/spool/postfix/private/auth
mode = 0666
user = postfix
group = postfix
nano /etc/dovecot/conf.d/10-ssl.conf
ssl = yes
ssl_cert = /etc/pki/tls/certs/server.crt
ssl_key = /etc/pki/tls/certs/server.key
firewall-cmd –add-service={pop3,imap} –permanent && firewall-cmd –reload
systemctl start dovecot && systemctl enable dovecot
cd /etc/pki/tls/certs && make server.key
openssl rsa -in server.key -out server.key
make server.csr && openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
gedit /etc/postfix/main.cf
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt
smtpd_tls_key_file = /etc/pki/tls/certs/server.key
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
gedit /etc/postfix/master.cf
smtps inet n – n – – smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
firewall-cmd –add-service={pop3s,imaps} –permanent && firewall-cmd –add-port=465/tcp –permanent && firewall-cmd –reload
systemctl restart postfix dovecot
centos 7
