complete email centos postfix dkim spamassassin

-
Remove sendmail

yum remove sendmail

Postfix

yum install postfix

yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain

/etc/postfix/main.cf

myhostname = mail.example.com
mydomain = example.com
myorigin = $mydomain
home_mailbox = Maildir/
mailbox_command =
mynetworks = 127.0.0.0/8
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
relay_domains =
local_recipient_maps =

smtpd_sasl_local_domain =

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = cyrus
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

/etc/postfix/master.cf

smtps inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_sender=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o broken_sasl_auth_clients=yes

/usr/lib/sasl2/smtpd.conf

pwcheck_method: saslauthd
mech_list: plain login

create the certificates for TLS

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

main.cf file

smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

DOVECOT

yum install dovecot

/etc/dovecot.conf

protocols = imaps pop3s

CREATE LOCAL USERS/MAILBOXES

adduser jeff

passwd jeff

mkdir /home/jeff/Maildir
chown jeff:jeff /home/jeff/Maildir
chmod -R 700 /home/jeff/Maildir



chkconfig postfix on
chkconfig saslauthd on
chkconfig dovecot on



/etc/init.d/saslauthd start
/etc/init.d/postfix start
/etc/init.d/dovecot start

This took me a while to realize that I dont need to use the jeff@domain as login
ADD ALIAS TO aliases jeff Address jeff@freak.com
in outlook just use jeff as username for both

Step 2

Install Development Tools

Install Webmin add check users using Outlook to connect on mail





###########################

Install CPAN Modules for CSF

perl -MCPAN -eshell

install Bundle::LWP

###########################

Install CSF

wget http://www.configserver.com/free/csf.tgz

tar -xzf csf.tgz

cd csf

sh install.sh

chkconfig csf on

###########################

Install Phyton needed by DenyHosts

yum install python

Get DenyHosts

wget http://sourceforge.net/projects/denyhosts/files/denyhosts/2.6/DenyHosts-2.6.tar.gz/download

tar -xvf DenyHosts-2.6.tar.gz

cd DenyHosts-2.6

python setup.py install

cd /usr/share/denyhosts/

cp denyhosts.cfg-dist denyhosts.cfg

cp daemon-control-dist daemon-control

chown root daemon-control

chmod 700 daemon-control

./daemon-control start

cd /etc/init.d

ln -s /usr/share/denyhosts/daemon-control denyhosts

chkconfig --add denyhosts

############################

Dkim/Domain Keys



wget http://www.topdog-software.com/oss/dkim-milter/dkim-milter-2.8.3-1.i386.rpm

rpm -ivh dkim-milter-2.8.3-1.i386.rpm

/usr/bin/dkim-genkey -r -d freak.com

mv default.txt freak.com.txt

mv default.private default

mkdir /etc/mail/dkim/keys/freak.com

mv default /etc/mail/dkim/keys/freak.com

chmod 600 /etc/mail/dkim/keys/freak.com/default

chown dkim-milt.dkim-milt /etc/mail/dkim/keys/freak.com/default

nano /etc/dkim-filter.conf





ADSPDiscard yes

ADSPNoSuchDomain yes

AllowSHA1Only no

AlwaysAddARHeader no

AutoRestart yes

AutoRestartRate 10/1h

BaseDirectory /var/run/dkim-milter

Canonicalization simple/simple

Domain freak.com

ExternalIgnoreList /etc/mail/dkim/trusted-hosts

InternalHosts /etc/mail/dkim/trusted-hosts

KeyList /etc/mail/dkim/keylist

LocalADSP /etc/mail/dkim/local-adsp-rules

Mode sv

MTA MSA

On-Default reject

On-BadSignature reject

On-DNSError tempfail

On-InternalError accept

On-NoSignature accept

On-Security discard

PidFile /var/run/dkim-milter/dkim-milter.pid

QueryCache yes

RemoveOldSignatures yes

Selector default

SignatureAlgorithm rsa-sha1

Socket inet:20209@localhost

Syslog yes

SyslogSuccess yes

TemporaryDirectory /var/tmp

UMask 022

UserID dkim-milt:dkim-milt

X-Header yes



nano /etc/mail/dkim/keylist



*@freak.com:freak.com:/etc/mail/dkim/keys/freak.com/default



NOTE IN YOUR WORKING DIRECTORY THERE IS THE TEXT FILE FOR THE DNS!



ADD THE KEY and this one below



_ssp._domainkey IN TXT "t=y; dkim=unknown"





EDIT /etc/postfix/main.cf



smtpd_milters = inet:localhost:20209

non_smtpd_milters = inet:localhost:20209

milter_protocol = 2

milter_default_action = accept



restart postfix and dkim

service dkim-milter start

service postfix restart



Test using Outlook

Check in logs of postfix







###########################################

Install Mail Graph

Add EPEL

yum install mailgraph

edit /etc/httpd/conf.d

Allow the ip to access

Comments

Post a Comment

Popular posts from this blog

Black screen after logging in on Windows 2012 R2 using domain credentials on remote desktop connection

-
https://support.microsoft.com/en-us/kb/970879 Blank Desktop on Windows Vista or Windows Server 2008  Email  Print Source:  Microsoft Support RAPID PUBLISHING RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION. Symptom After logging on to a Windows Vista or Windows Server 2008 computer, you are presented with a blank screen with no Start Menu, shortcuts, or icons. If you reboot and use F8 to boot to Safe Mode with Networking, you will see your normal desktop.  You may see the following events in the Application log:  Log Name: Application  Source: Microsoft-Windows-Winlogon  Event ID: 4006  Level: Warning  User: N/A  Computer: M1.Contoso.com  Description:  The Windows logon process has failed to spawn a user application. Application name: . Command line parameters:
Read more

Client denied by server configuration error

-
Client denied by server configuration error in Apache. Wed, 01/23/2008 - 00:33 — artur Just in case if somebody else has a similar problem and can't get the Apache server working as expected. I have tried to setup proxy_mod under apache to forward HTTP traffic from AJAX Jabber client to the Bosh component running on Tigase server. It was working fine for a long time on my Gentoo server. I have recently wanted to run more tests on a separate machine and had this problem. It was a system based on the Debian distribution and the proxy_mod didn't want to work at all displaying the error message in a log file: [error] [client ::1] client denied by server configuration: proxy:http://127.0.0.1:5280/xmpp/ , referer: http://localhost/F5A379CEC35AEBCC5FFA11BA8A33CD02.cache.html All you need to do is to modify proxy.conf file for your Apache2 installation and setup proper permissions. By default the proxy is disabled for all. In my case I had to enable it just f
Read more

Can't use proxy because no authentication schemes are fully configured.

-
So you are having problems on webmin + squid authentication ? My current setup is below. I was eating my finger nails asking why before it was working and now it doesnt. System hostname localhost.localdomain (127.0.0.1) Operating system CentOS Linux 6.3 Webmin version 1.620 Virtualmin version 3.98.gpl GPL Earn  money  register free! [root@122 ~]# service squid start Starting squid:                                            [FAILED] 2013/02/23 00:17:00| Processing Configuration File: /etc/squid/squid.conf (depth 0) 2013/02/23 00:17:00| ERROR: '0.0.0.0/0.0.0.0' needs to be replaced by the term 'all'. 2013/02/23 00:17:00| SECURITY NOTICE: Overriding config setting. Using 'all' instead. 2013/02/23 00:17:00| WARNING: (B) '::/0' is a subnetwork of (A) '::/0' 2013/02/23 00:17:00| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable 2013/02/23 00:17:00| WARNING: You should probably remov
Read more