complete email centos postfix dkim spamassassin

-
Remove sendmail

yum remove sendmail

Postfix

yum install postfix

yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain

/etc/postfix/main.cf

myhostname = mail.example.com
mydomain = example.com
myorigin = $mydomain
home_mailbox = Maildir/
mailbox_command =
mynetworks = 127.0.0.0/8
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
relay_domains =
local_recipient_maps =

smtpd_sasl_local_domain =

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = cyrus
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

/etc/postfix/master.cf

smtps inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_sender=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o broken_sasl_auth_clients=yes

/usr/lib/sasl2/smtpd.conf

pwcheck_method: saslauthd
mech_list: plain login

create the certificates for TLS

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

main.cf file

smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

DOVECOT

yum install dovecot

/etc/dovecot.conf

protocols = imaps pop3s

CREATE LOCAL USERS/MAILBOXES

adduser jeff

passwd jeff

mkdir /home/jeff/Maildir
chown jeff:jeff /home/jeff/Maildir
chmod -R 700 /home/jeff/Maildir



chkconfig postfix on
chkconfig saslauthd on
chkconfig dovecot on



/etc/init.d/saslauthd start
/etc/init.d/postfix start
/etc/init.d/dovecot start

This took me a while to realize that I dont need to use the jeff@domain as login
ADD ALIAS TO aliases jeff Address jeff@freak.com
in outlook just use jeff as username for both

Step 2

Install Development Tools

Install Webmin add check users using Outlook to connect on mail





###########################

Install CPAN Modules for CSF

perl -MCPAN -eshell

install Bundle::LWP

###########################

Install CSF

wget http://www.configserver.com/free/csf.tgz

tar -xzf csf.tgz

cd csf

sh install.sh

chkconfig csf on

###########################

Install Phyton needed by DenyHosts

yum install python

Get DenyHosts

wget http://sourceforge.net/projects/denyhosts/files/denyhosts/2.6/DenyHosts-2.6.tar.gz/download

tar -xvf DenyHosts-2.6.tar.gz

cd DenyHosts-2.6

python setup.py install

cd /usr/share/denyhosts/

cp denyhosts.cfg-dist denyhosts.cfg

cp daemon-control-dist daemon-control

chown root daemon-control

chmod 700 daemon-control

./daemon-control start

cd /etc/init.d

ln -s /usr/share/denyhosts/daemon-control denyhosts

chkconfig --add denyhosts

############################

Dkim/Domain Keys



wget http://www.topdog-software.com/oss/dkim-milter/dkim-milter-2.8.3-1.i386.rpm

rpm -ivh dkim-milter-2.8.3-1.i386.rpm

/usr/bin/dkim-genkey -r -d freak.com

mv default.txt freak.com.txt

mv default.private default

mkdir /etc/mail/dkim/keys/freak.com

mv default /etc/mail/dkim/keys/freak.com

chmod 600 /etc/mail/dkim/keys/freak.com/default

chown dkim-milt.dkim-milt /etc/mail/dkim/keys/freak.com/default

nano /etc/dkim-filter.conf





ADSPDiscard yes

ADSPNoSuchDomain yes

AllowSHA1Only no

AlwaysAddARHeader no

AutoRestart yes

AutoRestartRate 10/1h

BaseDirectory /var/run/dkim-milter

Canonicalization simple/simple

Domain freak.com

ExternalIgnoreList /etc/mail/dkim/trusted-hosts

InternalHosts /etc/mail/dkim/trusted-hosts

KeyList /etc/mail/dkim/keylist

LocalADSP /etc/mail/dkim/local-adsp-rules

Mode sv

MTA MSA

On-Default reject

On-BadSignature reject

On-DNSError tempfail

On-InternalError accept

On-NoSignature accept

On-Security discard

PidFile /var/run/dkim-milter/dkim-milter.pid

QueryCache yes

RemoveOldSignatures yes

Selector default

SignatureAlgorithm rsa-sha1

Socket inet:20209@localhost

Syslog yes

SyslogSuccess yes

TemporaryDirectory /var/tmp

UMask 022

UserID dkim-milt:dkim-milt

X-Header yes



nano /etc/mail/dkim/keylist



*@freak.com:freak.com:/etc/mail/dkim/keys/freak.com/default



NOTE IN YOUR WORKING DIRECTORY THERE IS THE TEXT FILE FOR THE DNS!



ADD THE KEY and this one below



_ssp._domainkey IN TXT "t=y; dkim=unknown"





EDIT /etc/postfix/main.cf



smtpd_milters = inet:localhost:20209

non_smtpd_milters = inet:localhost:20209

milter_protocol = 2

milter_default_action = accept



restart postfix and dkim

service dkim-milter start

service postfix restart



Test using Outlook

Check in logs of postfix







###########################################

Install Mail Graph

Add EPEL

yum install mailgraph

edit /etc/httpd/conf.d

Allow the ip to access

Comments

Post a Comment

Popular posts from this blog

Water Wonder Resort

-
Image
Water Wonder Resort Location: Inarawan Antipolo City To go here from Cubao Gateway Side - Ride Jeep or Fx going to Padilla ask the driver you are going to Water Wonder Resort. From there you can take a tricycle. Best days to go here are not April or May since there are many people going here from Antipolo Area Earn money register free!
Read more

Redirect apache request to another domain

-
if you have example portal.tenerife.com portal.mazaredo.com portal.antolines.com and you want to redirect it to www.mazaredo.com in httpd.conf put this line RewriteEngine on RewriteCond %{HTTP_HOST} !^portal\.!^\.com$ [NC] RewriteRule ^(.*)$ http://www.mazaredo.com/$1 [R=301,L] As you can see the the url has 3 parts    portal, domain, com  !^portal\.!^\.com$ first part is !^portal\     you can also remove portal so any .com request going to your site will be redirected. second part is !^\ where it is like * anything. last part is .com$
Read more

Can't use proxy because no authentication schemes are fully configured.

-
So you are having problems on webmin + squid authentication ? My current setup is below. I was eating my finger nails asking why before it was working and now it doesnt. System hostname localhost.localdomain (127.0.0.1) Operating system CentOS Linux 6.3 Webmin version 1.620 Virtualmin version 3.98.gpl GPL Earn  money  register free! [root@122 ~]# service squid start Starting squid:                                            [FAILED] 2013/02/23 00:17:00| Processing Configuration File: /etc/squid/squid.conf (depth 0) 2013/02/23 00:17:00| ERROR: '0.0.0.0/0.0.0.0' needs to be replaced by the term 'all'. 2013/02/23 00:17:00| SECURITY NOTICE: Overriding config setting. Using 'all' instead. 2013/02/23 00:17:00| WARNING: (B) '::/0' is a subnetwork ...
Read more