이 글은 Postfix, Dovecot을 이용하여 Mail서버를 구성하는 과정이다.
Setup mail server on centos 7
4. IMAP & POP Server configuration
6. Installing RoundCube Web-Mail
구축 환경: CentOS7-x64bit
Installing packages
Step 1 >> postfix와 dovecot 페키지 설치
[root@localhost ~]# yum -y install postfix dovecot
Create SSL certificate
Step 2 >> OpenSSL을 이용하여 SSL 인증서 만들기
[root@localhost ~]# cd /etc/postfix/ssl
[root@localhost ssl]# openssl genrsa -des3 -out server.key 2048
[root@localhost ssl]# openssl rsa -in server.key -out server.key.insecure
[root@localhost ssl]# mv server.key server.key.secure
[root@localhost ssl]# mv server.key.insecure server.key
[root@localhost ssl]# openssl req -new -key server.key -out server.csr
[root@localhost ssl]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
SMTP Server configuration
Postfix configuration
Step 3 >> main.cf 설정
[root@localhost ssl]# vi /etc/postfix/main.cf
#inet_interfaces = localhost #mydestination = $myhostname, localhost.$mydomain, localhost mydomain = localhost myorigin = $mydomain home_mailbox = mail/ mynetworks = 127.0.0.0/8 inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtp_tls_security_level = may smtpd_tls_security_level = may smtp_tls_note_starttls_offer = yes smtpd_tls_loglevel = 1 smtpd_tls_key_file = /etc/postfix/ssl/server.key smtpd_tls_cert_file = /etc/postfix/ssl/server.crt smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom
Step 4 >> master.cf 설정
[root@localhost ssl]# vi /etc/postfix/master.cf
smtp inet n - n - - smtpd #smtp inet n - n - 1 postscreen #smtpd pass - - n - - smtpd #dnsblog unix - - n - 0 dnsblog #tlsproxy unix - - n - 0 tlsproxy submission inet n - n - - smtpd -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
Dovecot configuration
Step 5 >> 10-master.conf 설정
[root@localhost ssl]# vi /etc/dovecot/conf.d/10-master.conf
# Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix }
Step 6 >> 10-auth.conf 설정
[root@localhost ssl]# vi /etc/dovecot/conf.d/10-auth.conf
# Space separated list of wanted authentication mechanisms: # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey # gss-spnego # NOTE: See also disable_plaintext_auth setting. auth_mechanisms = plain login
Step 7 >> postfix와 dovecot 재시작 / 자동시작 등록
[root@localhost ssl]# systemctl restart postfix
[root@localhost ssl]# systemctl enable postfix
[root@localhost ssl]# systemctl restart dovecot
[root@localhost ssl]# systemctl enable dovecot
Step 8 >> smtp 서버 방화벽 설정
[root@localhost ssl]# firewall-cmd --permanent --add-service=smtp
[root@localhost ssl]# firewall-cmd --permanent --add-port=587/tcp
[root@localhost ssl]# firewall-cmd --permanent --add-port=465/tcp
[root@localhost ssl]# vi /etc/firewalld/zones/public.xml
<service name="smtp"/> <port protocol="tcp" port="465"/> <port protocol="tcp" port="587"/>
[root@localhost ssl]# systemctl restart firewalld.service
SMTP Server Test
Step 9 >> telnet 접속
[root@localhost ssl]# telnet localhost 465
Trying localhost...
Connected to localhost.
Escape character is '^]'.
220 localhost ESMTP Postfix
ehlo localhost
250-localhost
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
IMAP POP Server configuration
Dovecot configuration
Step 10 >> 10-mail.conf 설정
[root@localhost ssl]# vi /etc/dovecot/conf.d/10-mail.conf
# mail_location = maildir:~/Maildir # mail_location = mbox:~/mail:INBOX=/var/mail/%u # mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n # # <doc/wiki/MailLocation.txt> # mail_location = maildir:~/Maildir
Step 11 >> 20-pop3.conf 설정
[root@localhost ssl]# vi /etc/dovecot/conf.d/10-mail.conf
# Note that Outlook 2003 seems to have problems with %v.%u format which was # Dovecot's default, so if you're building a new server it would be a good # idea to change this. %08Xu%08Xv should be pretty fail-safe. # pop3_uidl_format = %08Xu%08Xv
Step 12 >> dovecot 재시작
[root@localhost ssl]# systemctl restart dovecot
Step 13 >> imap pop 서버 방화벽 설정
[root@localhost ssl]# firewall-cmd --permanent --add-port=110/tcp
[root@localhost ssl]# firewall-cmd --permanent --add-service=pop3s
[root@localhost ssl]# firewall-cmd --permanent --add-port=143/tcp
[root@localhost ssl]# firewall-cmd --permanent --add-service=imaps
[root@localhost ssl]# vi /etc/firewalld/zones/public.xml
<service name="pop3s"/> <service name="imaps"/> <port protocol="tcp" port="110"/> <port protocol="tcp" port="143"/>
[root@localhost ssl]# systemctl restart firewalld.service
IMAP POP3 Server Test
Step 14 >> telnet 접속 - pop3
[root@localhost ssl]# telnet localhost 110
Trying localhost...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot ready.
quit
+OK Logging out
Connection closed by foreign host.
Step 15 >> telnet 접속 - imap4
[root@localhost ssl]# telnet localhost 143
Trying localhost...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
Step 16 >> dovecot.conf 설정
[root@localhost ssl]# vi /etc/dovecot/dovecot.conf
# Protocols we want to be serving. protocols = imap imaps pop3 pop3s lmtp # A comma separated list of IPs or hosts where to listen in for connections. # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces. # If you want to specify non-default ports or anything more complex, # edit conf.d/master.conf. listen = *, ::
Step 17 >> 10-auth.conf 설정
[root@localhost ssl]# vi /etc/dovecot/conf.d/10-auth.conf
# Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP # matches the local IP (ie. you're connecting from the same computer), the # connection is considered secure and plaintext authentication is allowed. # See also ssl=required setting. disable_plaintext_auth = no # Space separated list of wanted authentication mechanisms: # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey # gss-spnego # NOTE: See also disable_plaintext_auth setting. auth_mechanisms = plain login
Step 18 >> 10-mail.conf 설정
[root@localhost ssl]# vi /etc/dovecot/conf.d/10-mail.conf
# mail_location = maildir:~/Maildir # mail_location = mbox:~/mail:INBOX=/var/mail/%u # mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n # # <doc/wiki/MailLocation.txt> # mail_location = maildir:~/Maildir
Step 19 >> 10-master.conf 설정
[root@localhost ssl]# vi /etc/dovecot/conf.d/10-master.conf
# Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix }
Step 20 >> 10-ssl.conf 설정
[root@localhost ssl]# vi /etc/dovecot/conf.d/10-ssl.conf
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> # disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps # plain imap and pop3 are still allowed for local connections ssl = yes # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed # certificate, just make sure to update the domains in dovecot-openssl.cnf ssl_cert = </etc/postfix/ssl/server.crt ssl_key = </etc/postfix/ssl/server.key
Step 21 >> dovecot 재시작
[root@localhost ssl]# systemctl restart dovecot
Installing RoundCube Web-Mail
Downloading RoundCube Web-Mail
Step 22 >> Downloading RoundCube Web-Mail
개발자 사이트 : roundcube.net
개발자 사이트에 접속하면 아래와 같은 메인 페이지에 접속된다.
상단의 'Download' 메뉴를 클릭한다.
다운로드 항목중 Complete 버전의 'DOWNLOAD' 버튼을 클릭한다.
SourceForge 사이트로 연결되며 5초의 시간이 지나면 다운로드 창이 나타나며, 다운로드 창에서 '저장' 버튼을 클릭하여 다운로드를 받는다.
다운로드가 완료되면 '다운로드 보기' 버튼을 클릭한다.
다운로드 보기창의 리스트에서 다운로드 받은 항목이 보일것이다.
해당 리스트에서 우클릭을 한다.
'다운로드 링크 복사' 메뉴를 클릭한다.
서버에 ftp server가 있다면 다운로드 받은 파일을 올려도 되고 ssh를 통한 콘솔 접속 상황이면 wget명령을 이용하여 복사한 주소로 파일을 다운로드 받는다.
[root@localhost ssl]# cd /usr/src
[root@localhost src]# wget http://jaist.dl.sourceforge.net/project/roundcubemail/roundcubemail/1.1.2/roundcubemail-1.1.2-complete.tar.gz
Step 23 >> Installing RoundCube Web-Mail
[root@localhost src]# tar zxvf roundcubemail-1.1.2-complete.tar.gz
[root@localhost src]# cp -R roundcubemail-1.1.2 /apm/apps/docs/
Step 24 >> RoundCube Web-Mail configuration
RoundCube 환경설정 전에 MySQL에 mail서버를 서포트 할 수 있는 DB와 DB를 관리할 계정을 생성한다.
[root@localhost src]# cd /apm/apps/docs
[root@localhost docs]# mv roundcubemail-1.1.2 mail
[root@localhost docs]# cd mail/config
[root@localhost config]# cp config.inc.php.sample config.inc.php
[root@localhost config]# vi config.inc.php
$config['db_dsnw'] = 'mysql://DB계정:비밀번호@localhost/DB이름'; $config['default_host'] = '본인도메인'; $config['smtp_server'] = '본인도메인'; $config['smtp_port'] = 465; $config['smtp_user'] = '%u'; $config['smtp_pass'] = '%p'; $config['product_name'] = 'My WebMail';
Step 25 >> RoundCube Web-Mail 접속
http://본인도메인/mail