Basic Linux email server with SSL

This tutorial will show you how to configure an email server with SSL on EC2. Once setup, you can use your EC2 server as a Email relay.

SASL Configuration

# yum install cyrus-sasl-plain

Dovecot ConfigurationCopy the dovecot configuration files :
# cp /usr/share/doc/dovecot/example-config/* /etc/dovecot/

 

Modify /etc/dovecot/dovecot.conf:
protocols = imap

 

Modify: /etc/dovecot/conf.d/10-auth.conf :
disable_plaintext_auth = no

Modify: /etc/dovecot/conf.d/10-mail.conf :mail_location = maildir:~/Maildir

Create or Modify: /etc/pam.d/dovecot

auth required pam_unix.so nullok
account required pam_unix.so

Postfix Configuration

Modify /etc/postfix/main.cf:

myhostname =tokyo
mydomain = vpn.linux-toys.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost

mynetworks = 127.0.0.0/8, 192.168.1.0/32
relayhost = [smtp.gmail.com]:587
home_mailbox = Maildir/

smtp_use_tls=yes
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_use_tls=yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/password
smtp_sasl_security_options =
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtp_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_key_file = /etc/ssl/certs/mail.domain.tld.key
smtpd_tls_cert_file = /etc/ssl/certs/mail.domain.tld.crt

Create /etc/postfix/password:

[ec2server.com]:587 username:password

#postmap /etc/postfix/password
Generate the SSL keys:
openssl genrsa -des3 -rand /etc/hosts -out mail.domain.tld.key 2048
openssl req -new -key mail.domain.tld.key -out mail.domain.tld.csr
openssl x509 -req -days 365 -in mail.domain.tld.csr -signkey mail.domain.tld.key -out mail.domain.tld.crt

openssl rsa -in mail.domain.tld.key -out mail.domain.tld.key.nopass

mv mail.domain.tld.key.nopass mail.domain.tld.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
# systemctl start postfix