Slideshow2.png
Cambodia Computer Advertisement

Cent OS 7 Server Mail Postfix - Evolution & Round Cube

Recommended configuration : Intel Dual Core or better / 1GB Memory / 10GB Hard disk
For Operating System Installation check Centos 7 Server Installation
For Postfix Mail Server Installation check Cent OS 7 Server Mail Postfix Installation & Configuration


"Evolution" is the official mail client for "Cent OS 7.X Desktop".
Check that your client computer access to the network where the "Postfix Server" is located.
I put for this computer client these information :
Static IP Address : 192.168.255.120 / Netmask : 255.255.255.0 / Gateway & DNS : 192.168.255.170
Do this directly in graphic mode on the top right menu "Wired Connection" "Wired Settings".

After on the top left menu select "Applications" and type "evolution" and "Enter".

Click on "Next" twice.

Put your "Full Name" "client" and your "Email Address" "This email address is being protected from spambots. You need JavaScript enabled to view it.".
Then click "Next". For "Server Type" choose "IMAP+", put for the "Server"
"imap.cambodia-computer.com"
with the "Port" "143" and the "Username" "client".
Then click on "Next". "postfix-srv" instead "imap" if you have not done the "DNS" part of my course.

Click on "Next" one more time. For "Sending" select the "Server Type" "SMTP".
For "Server" type "smtp.cambodia-computer.com" with the "Port" "25". Then click on "Next".
"postfix-srv" instead "smtp" if you have not done the "DNS" part of my course.

Click on "Next" one more time and "Apply" to finish.

The product request your "Password" to identify you. Put it.

As you see in your "Inbox" you have received the last mail made in the previous course.
Do the last configuration a second time for the user "management" in the same way.
In the menu "Edit" and sub menu "Preference" select "Mail Account" and "Add".
As you see in your "Inbox" you have received here also the last mail made in the previous course.

In the "client" account, select on the top left "New - Mail Message" and put these information :
To : This email address is being protected from spambots. You need JavaScript enabled to view it.
Subject : Evolution Test
Evolution Test
Then click on "send".
As you can see on the picture above the "management" account well received after few seconds the mail.

This means that your mail is well passed through your "Postfix" server.

Go back to your "Postfix" server. Now we are going to prepare the "Round Cube" web mail
software
installation. Before you can install it, you have to install and configure some other
products as "php", "mysql", "mariadb".
A part of these products requires the installation of
the "epel-release"
. Install it first "yum install epel-release".

Then type this command to install all products required before "roundcube" installation.
yum install httpd php php-common php-json php-xml php-mbstring php-imap php-pear-DB php-mysql mysql mariadb-server

Edit the "php" config file to put on it your local "Time Zone" and avoid any future
time problem "nano /etc/php.ini".

Remove the ";" before "date.timezone" and after "=" put your local "Time Zone" as "Asia/Phnom_Penh".

"Start" and "Enable" your SQL Server "Mariadb" "systemctl  start mariadb" "systemctl enable mariadb"
Then make the first "SQL Secure Installation / configuration".
"mysql_secure_installation". "Set root password ?" "Y" and type a "Password" twice to confirm it.
Then type "Y" four times for "Remove anonymous users" "Disallow root login remotely"
"Remove test database and access to it" and "Reload privilege tables now".

Connect you to your "SQL Server" "mysql -u root -p" and type your "Password".
Create the "roundcube" database with this command
"create database roundcube /*!40101 character set utf8 collate utf8_general_ci */;"
The parameter "/*!40101 character set utf8 collate utf8_general_ci */" avoids future character problems)
Then update the user privileges
"grant all privileges on roundcube.* to roundcube@'localhost' identified by 'cambodia';".
"cambodia" is the password. To finish type "flush privileges;" and "Exit".

At this time, he is possible to install the "Roundcube" package with "Yum" because you
have the "Epel-release" package.
After many tests the installation generates configuration problems in this case.
To do this correctly we will manually download the required package. First If you don't have it install the
"Wget" package "yum install wget".

Then download the "Roundcube" package. To check the last version link go to this page
"https://roundcube.net/download/". Do a right click on the download file and copy the link to your server.
Use only the so-called "complete" version.
"wget https://github.com/roundcube/roundcubemail/releases/download/1.3.4/roundcubemail-1.3.4-complete.tar.gz"

Type "ls -l" to see your file details.
Then type
"tar -xvzf roundcubemail-1.3.4-complete.tar.gz" to unzip the file.

Type "ls -l" to see the created folder. Remove the compressed file
"rm -rf roundcubemail-1.3.4-complete.tar.gz"
and rename the new folder "mv roundcubemail-1.3.4 roundcube". Then move this folder to "/var/www/html"
"mv roundcube /var/www/html", go to this folder "cd /var/www/html" and type "ls -l"
to see the folder content.
Change the folder and sub folder/file permissions to "Httpd / Apache" "chown apache:apache roundcube/*".
Then start and enable your "Apache / Httpd" server "systemctl start httpd" "systemctl enable httpd".

Go back to your "Cent OS 7 Desktop" and type this address in your browser
http://www.cambodia-computer.com/roundcube/installer.
You are on the "Round Cube Webmail installer". Normally if you have followed the previous steps,
no error should appear.
Only some options are not available.
Click on "Next".

In "General configuration" put the product name of your choice as "Roundcube".

In "Database setup" put these parameters :
"MySQL" for database type. "localhost" for database server. "Roundcube" for database name and user.
"Cambodia" for database password or yours.

In "IMAP Settings" put these parameters :
"postfix-srv.cambodia-computer.com" or "imap.cambodia-computer.com" for default host
and "143" for default port.

In "SMTP Settings" put these parameters :
"postfix-srv.cambodia-computer.com" or "smtp.cambodia-computer.com" for smtp server
and "25" for smtp port.

Go at the end of the page and click on "Create config".

Normally if you have previously set the proper permissions on the folder "/var/www/html/roundcube"
you can click on "Continue".
If this is not the case, copy the text present in your configuration file on the server.
In this case,
select only the lines with functions. Not the documentation.

In your server, go to "Roundcube" configuration folder "cd roundcube/config/" and
type "ls" to see the content.
Edit the configuration file "nano config.inc.php". Don't forget to do a file backup before.

Put these parameters inside the configuration file
<?php
$config['db_dsnw'] = 'mysql://roundcube:cambodia@localhost/roundcube' ;
$config['default_host'] = 'postfix-srv.cambodia-computer.com' ;

$config['smtp_server'] = 'postfix-srv.cambodia-computer.com' ;
$config['support_url'] = '';
$config['des_key'] = '0m2J7qsisDW2oYmkHUGpppIr' ; (don't change the key given on this line)
$config['product_name'] = 'Roundcube' ;
$config['plugins'] = array();

In your "Cent OS 7 Desktop" browser you are on the "Config Test" page.
Click on "Initialize database".

 

Then go to the end of the page to do a "SMTP" and "IMAP" configuration test.
"SMTP" "Sender" : This email address is being protected from spambots. You need JavaScript enabled to view it.
"SMTP" "Recipient" : This email address is being protected from spambots. You need JavaScript enabled to view it.
Click on "Send test mail". Normally the test should work.
"IMAP" "Server" : postfix-srv.cambodia-computer.com / imap.cambodia-computer.com
"IMAP" "Username & Password " : management / cambodia
Click on "Check Login". Normally the test should work also.
Normally everything is correctly configured but before connecting to your email account return to your
server to finalize some other parts.

To finish this configuration you have to create the user account link between your SQL database
and your Web Server
"useradd roundcube" "htpasswd -c /home/roundcube/.htpasswd roundcube"
Put the same password at your SQL server to avoid any future problems.
Then remove the "Round Cube" installer folder "cd /var/www/html/roundcube" "rm -rf installer"
A problem regularly encountered at this step is the users password management.
It is very likely that if you connect to your email account now that the connection will be refused.
To fix this type of problem, reset the passwords of your two users.
"passwd management" and "passwd client". No problem you can give the same password.


Go back to your "Cent OS 7 Desktop" browser and type one of these three address
"www.cambodia-computer.com/roundcube" "192.168.255.170/roundcube" or
"postfix-srv.cambodia-computer.com/roundcube".
You should arrive on your "Round Cube" login page.
Then login to "Round Cube" with your "Username" "management" and your "Password".

Select the "Icon" "Compose" and send an email to "Client".
To : This email address is being protected from spambots. You need JavaScript enabled to view it.
Subject : Round Cube Final Test
Round Cube Final Test
In the "sent" menu you can see your mail.

Logout of the "Management" account with the "Logout" menu at the top right and login again to
"Round Cube" with your "client" account. The email of "Manager" is well arrived in the "Inbox" of "Client".
As you can see the folders "Drafts", "Sent", "Junk" and "Trash" do not appears automatically.

Go back to your server and open the "Round Cube" config file "nano /etc/roundcube/config.inc.php".

At the end of the file, type these five lines :
$config['drafts_mbox'] = 'Drafts';
$config['junk_mbox'] = 'Junk';
$config['sent_mbox'] = 'Sent';
$config['trash_mbox'] = 'Trash';
$config['create_default_folders'] = true;
Save and Exit.

Go back to your "Cent OS 7 Desktop". Log out and log in again from your "Round Cube" user account.
The folders "Draft" "Sent" "Junk" "Trash" are now presents.


Your Cent OS 7 Server Postfix Mail Server - Evolution & Round Cube is installed and configured.

Next step : Cent OS 7 Server Mail Postfix - Clamav, Spamassassin & Mail integration

Cent OS 7 Server Mail Postfix
Clamav, Spamassassin & Mail integration

Recommended configuration : Intel Dual Core or better / 1GB Memory / 10GB Hard disk
For Operating System Installation check Centos 7 Server Installation
For Postfix Mail Server Installation check Cent OS 7 Server Mail Postfix Installation & Configuration
For Postfix Evolution & Round Cube check Cent OS 7 Server Mail Postfix - Evolution & Round Cube

First install the packages for scanning compressed files.
You have to do this before installing the antivirus or you will have
to manually configure it afterwards. The "Rar" package must be downloaded manually.
To get the last "Rar" package go to this address in your browser
"https://www.rarlab.com/download.htm" right click on the "rarlinux" file and copy the link.
Then download the package in your server "wget https://www.rarlab.com/rar/rarlinux-x64-5.5.0.tar.gz"
Type "ls" to see the file and unzip it with this command "tar -xvzf rarlinux-x64-5.5.0.tar.gz".
Remove the compressed file "rm -rf rarlinux-x64-5.5.0.tar.gz" and copy the unzip file
in the good directory "mv rar/unrar /usr/local/bin/".
Then install normally the other compressed packages "yum install zip unzip bzip2 lzop"

Now we can install the server antivirus named "Clamav"
"yum install clamav clamav-scanner clamav-server clamav-update"

Then we install the antivirus package for your mail system named "Amavis" "yum install amavisd-new".

Unlike "Debian" some security needs to be unlocked to allow the antivirus to work.
Type these three commands "setsebool -P antivirus_can_scan_system on" "setsebool -P clamd_use_jit 1"
and "getsebool -a | grep antivirus" to check your new configuration.
Then update the antivirus with this command "freshclam".
Unlike "Debian" you don't have to stop "clamav" first.

Do a basic scan of your "Home" folder where are the mail users with this command "clamscan /home/*"

Go to the "Clamav" folder to update the configuration "cd /etc/clamd.d". Type "ls" to see the content.
Do a backup of the file if you wish "cp scan.conf scan.conf.original".
Then edit the configuration file "nano scan.conf".

Update the configuration file for these three lines :
Put a "#" before "Example" (at the top of the file)
Put "User clamscan" for user privileges
Remove the "#" before "LocalSocket /var/run/clamd.scan/clamd.sock".

Check the antivirus update if you don't do this before with the command "freshclam".
To know the "Antivirus" daemon name to "enable" and "start" it type this
"ls /usr/lib/systemd/system/clam*". Then enable, start and check the antivirus status.
"systemctl enable clamd@scan" "systemctl start clamd@scan" "systemctl status clamd@scan"

Now we will create an automatic scan for each day at 06:00 AM. For this we will use "cron" extension file
for the "crontab" product. Go to your "root" folder "cd /root" and type "nano clamav.cron".

Type this inside "06 00 * * * /usr/bin/fresclam --quiet"
(* = Minute / Hour / Day / Month / Day of Week - in this order).
Save and Exit. To insert this in the "crontab" type "crontab clamav.cron" then type
"crontab -i" to check that the line is present in the configuration file.

To check fully your last configuration type "clamconf".

Edit now the "Amavis" configuration file "nano /etc/amavisd/amavisd.conf"
Remove the "#" before "@bypass_virus_checks_map" and update these two line
"$mydomain = 'cambodia-computer.com';"
"$myhostname = 'postfix-srv.cambodia-computer.com';"
Towards the end of the file check that theses lines don't have any "#" before
"['ClamAV-clamd' ... to ... FOUND$/m ]
".
Then save and exit.

Inform "Postfix" of the presence of "Amavis" with the insertion of this line in the configuration file.
"postconf -e "content_filter = smtp-amavis:[127.0.0.1]:10024"
To check this, edit the file "nano /etc/postfix/main.cf". The line is inserted at then end.
Then edit the "master.cf" file of "Postfix" to complete the configuration "nano /etc/postfix/master.cf".

Insert these lines after "pickup" :
  -o content_filter=
  -o receive_override_options=no_header_body_checks
Then at then end of the file add these lines :
smtp-amavis unix     -     -     -      -     2     smtp
  -o smtp_data_done_timeout=1200
  -o smtp_send_xforward_command=yes
  -o disable_dns_lookups=yes
  -o max_use=20

127.0.0.1:10025 inet     n     -     -     -     -     smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o smtpd_restriction_classes=
  -o smtpd_delay_reject=no
  -o smtpd_client_restrictions=permit_mynetworks,reject
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o smtpd_data_restrictions=reject_unauth_pipelining
  -o smtpd_end_of_data_restrictions=
  -o mynetworks=127.0.0.0/8
  -o smtpd_error_sleep_time=0
  -o smtpd_soft_error_limit=1001
  -o smtpd_hard_error_limit=1000
  -o smtpd_client_connection_count_limit=0
  -o smtpd_client_connection_rate_limit=0
  -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
Save and Exit

Restart and check the status of "Postfix" with these two commands
"systemctl restart postfix" "systemctl status postfix".

Then do the same with "Amavis" with these three commands
"systemctl enable amavisd" "systemctl start amavisd" "systemctl status amavisd"

To check "Amavis" listened ports you have to install "lsof" "yum install lsof"

To test the "Amavis" connection type first "telnet 127.0.0.1 10024" and type "quit" to exit.
Then type "lsof -i:10024" and check that the "Amavis" port "10024" is well listened by the system.
Type "tail -f /var/log/messages | grep amavis" to see the "dameon" activity.

If you try to download one of the two files below on this website the antivirus should block them
"Error 499: Request has been forbidden by antivirus"
wget http://securite-informatique.info/virus/eicar/download/eicar_niveau13.zip
wget http://securite-informatique.info/virus/eicar/download/eicar.zip
These are not real viruses. The website offers just scripts making the antivirus believe
that a virus is downloaded.

Go to your "Cent OS 7 Desktop" and try to download the "fake virus" in the "Terminal" "Downloads" folder.
wget http://securite-informatique.info/virus/eicar/download/eicar_niveau13.zip
Normally if you have not installed antivirus on your client, the download will be done correctly.
Be careful, if you do this in a virtualization product and your computer has an antivirus it may block it.

Go to your "Web Browser" and type this address "www.cambodia-computer.com/roundcube".
Put your "Username" "client" and "Password". Click on "Login".
Click on the icon "Compose". Send an email with the virus as an attachment to yourself.
From : This email address is being protected from spambots. You need JavaScript enabled to view it.
To : This email address is being protected from spambots. You need JavaScript enabled to view it.
Subject : Anti-virus Test
Anti-virus Test
Attached file : eicar_niveau13.zip

After sending the mail, it arrive in your "Inbox". Open it.
As you can see the "Eicar" fake virus was detected by the server and it was deleted from the mail.
"Banned Contents Alert" message.

Go back to your server and type "cat /var/log/maillog | grep 36176" or "cat /var/log/maillog | grep BANNED"
You should see the banned virus information.
"36176"
is indicated on your email at the end of "Received trace".
If you have a problem with the mail configuration check your log "nano /var/log/maillog".

We will start now the installation of the "Anti Spam" product named "spamassassin".
Type this command "yum install spamassassin". Normally, the product is already installed.
The installation was made previously with the "Amavis" dependencies.
Enable, start and check the status of the software
"systemctl enable spamassassin" "systemctl start spamassassin" "systemctl status spamassassin"
Then
edit the "Amavis" configuration file to authorize the "Anti Spam" system
"nano /etc/amavisd/amavisd.conf"

Remove the "#" before "@bypass_spam_checks_maps = (1);" Save and Exit.

Restart and check the status of "Amavis"
"systemctl restart amavisd" "systemctl status amavisd"
Then edit the "Anti Spam" configuration file "nano /etc/mail/spamassassin/local.cf"

Put this line in the configuration file "required_score 5". (Spam detection level)
If you wish you can change here the header subject "[SPAM]" in the case of a spam detection.

Then create a "Spam" group "groupadd spamd" and a user for this group
"useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd"

Give him the permissions to create a log file in a specific folder
"chown spamd:spamd /var/log/spamassassin"
Edit the main "Postfix" configuration file "nano /etc/postfix/master.cf"

Update the configuration file with these two lines :
After "smtp inet n - n - - smtpd" put this "-o content_filter=spamassassin".
At the end of the file put this line
"spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}"
Be careful, I typed this twice to allow a better view of the line but only one line must be indicated.

Then do an update of "Spamassassin" "sa-update".
Restart "Postfix" and "Spamassassin" and check there status
"systemctl restart postfix" "systemctl restart spamassassin"
"systemctl status postfix" "systemctl status spamassassin"

Go back to your "Cent OS 7 Desktop" and "RoundCube" "client" account.
Click on the icon "Compose". Send an email with the special line included to yourself.
This line is automatically detected as a spam by the antivirus.
From : This email address is being protected from spambots. You need JavaScript enabled to view it.
To : This email address is being protected from spambots. You need JavaScript enabled to view it.
Subject : Anti Spam Test
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Go to your "Inbox" and open the new mail.
As you can see in the picture above the "Header" of the message include the text "[SPAM]".
Go back to your server and type "journalctl | grep spam" to see the information about that.

Your Cent OS 7 Server Postfix Mail Server - Clamav, Spamassin & Mail integration is done.

Next Step : Cent OS 7 Server Postfix - Advanced configurations

Cent OS 7.4 Server Samba Shares

Recommended configuration : Intel Dual Core or better / 1GB Memory / 10GB Hard disk
For Operating System Installation check Centos 7 Server Installation

"Login" to your Cent OS 7 Server with you "Administrator account" (root)
and "Password". Type "ifconfig" to check your IP Address.
If you don't have the package "net-tools" installed use "ip a" "ip addr" or "ip link".
Edit your "hostname" to change its name "nano /etc/hostname".

Put a new name as "samba-srv". "Ctrl + X" + "Y" to save and Exit.

Check the network interface folder "nano /etc/sysconfig/network-scripts/" and "Tab" to see the folder
content.
Edit your interface file "nano /etc/sysconfig/network-scripts/ifcfg-ens33".

Update / Change the configuration with theses parameters :
BOOTPROTO="static"

NAME="ens33"
DEVICE="ens33"
NM_CONTROLLED="NO"
ONBOOT="yes"
IPADDR=192.168.255.130
NETMASK=255.255.255.0
GATEWAY=192.168.255.2
"Ctrl + X + "Y" to save and Exit.
The new network card name is "ens33". On older Operating System version it was "eth0".
For me, my gateway IP address is my "VMware Workstation Software". If you install this OS directly in
your computer, your gateway IP is your router IP (Adsl / Optic Fiber Box - Generally 192.168.0.1).
Then edit the "Network" file "nano /etc/sysconfig/network".

Update the configuration with theses parameters :
networking=yes
hostname=samba-srv
Edit the "hosts" file to change its parameters "nano /etc/hosts"

Add this line "192.168.255.130 samba-srv samba-srv.cambodia-computer.com".
Type "init 6" to reboot your computer and apply the modification (computer name principally).

Login to your server with your "root account" and your "Password".
Type a new time "ifconfig" to be sure about your IP Address.
Edit the "Resolv.conf" file to update these parameters "nano /etc/resolv.conf".

Add these lines
domain cambodia-computer.com
search cambodia-computer.com
nameserver 192.168.255.2
nameserver 192.168.255.130
nameserver 127.0.0.1

Now install the "Samba Server" software "yum install samba samba-common samba-libs".

Go to your "Samba" folder "cd /etc/samba". "ls" to check the content.
Do a backup of the file we are going to modify "cp smb.conf smb.conf.original".
Then edit the file "nano smb.conf".

Do these modifications inside the configuration file :

[global] [homes]
workgroup = WORKGROUP create mask = 0755
security = user directory mask = 0755
bind interfaces only = yes netbios name = samba-srv
usershare max shares = 10 server string = samba-srv
unix password sync = no
security = user
dns proxy = no encrypt passwords = true
[Documents] [music]
comment = Documents comment = Music
browsable = yes browsable = yes
path = /srv/samba/documents path = /srv/samba/music
public = no public = no
writable = no writable = no
write list = @admin write list = admin
force group = users force group = users
[Share] [Private]
comment = Share comment = Private
browsable = yes path = /srv/samba/private
path = /srv/samba/share guest ok = no
public = yes read only = no
writable = yes create mode = 0644
force group = users directory mask = 0755

"Ctrl + X + "Y" to save and Exit.

After test the configuration with this command "testparm"
Check all lines to be sure to not have made mistakes and click on "Enter" to see your shares.

That's your four shares "Documents, Music, Share, Private".

Create the folders for your shares 
"mkdir -p /srv/samba/documents"
"mkdir -p /srv/samba/music"
"mkdir -p /srv/samba/private"
"mkdir -p /srv/samba/share"
Change the access rights to the "share folder"
"chmod 777 /srv/samba/share"

Create an "Account & Password" to access at your private folders
"smbpasswd -a root" (I use root but it's possible to put another account)
Restart the "Samba" service "systemctl restart smb.service"

Install the "samba client module" "smbclient" to access on your server shares "yum install samba-client".

Connect your server to your shares. First we access on all shares with no password to test.
"smbclient //192.168.255.130/share" (You have access to the folder)
"smbclient //192.168.255.130/documents" (You don't have access to the folder)
"smbclient //192.168.255.130/music" (You don't have access to the folder)
"smbclient //192.168.255.130/private" (You don't have access to the folder)
For "music & documents" it's normal because in the "smb.conf" file we put "Public = no"
and for "private" you have the obligation to indicate a "Name and a Password".

Connect a second time your server to your shares but this time with your "root" "password".
"smbclient //192.168.255.130/share" (You have access to the folder)
"smbclient //192.168.255.130/documents" (You have access to the folder)
"smbclient //192.168.255.130/music" (You have access to the folder)
"smbclient //192.168.255.130/private" (You have access to the folder)
You have access to all your folders. Inside this product the commands are the same at your
server. Type for example "ls" to see the contents inside your share.

Connect you to a "Cent OS 7 Desktop" who has access to your server by "ping".
Open your "File Explorer" select "Network - Connect to Server" and type one of these two commands
"smb://192.168.255.130/" or "smb://samba-srv". You have access to your shares.

Select the "Private folder" and type your "Username (root)" and "Password".
You have access to your folder. If you are inside a domain replace "SAMBA" per your domain name.
Generally we put for a normal usage "WORKGROUP".

Select the "Share folder" and you access on it with no "Name & Password".
Do the same for the two others shares.

At the final you see on your "Desktop" a link to your four shares.

Your Cent OS 7 Server Samba Shares is installed and configured.

Next step : Cent OS 7.4 Server FTP (Vsftpd)

Cent OS 7 Server Mail Postfix Installation & Configuration

Recommended configuration : Intel Dual Core or better / 1GB Memory / 10GB Hard disk
For Operating System Installation check Centos 7 Server Installation

MTA : Mail Transfer Agent - Postfix
MDA :
Mail Delivery Agent - Dovecot
MUA : Mail User Agent (Mail Software - Thunderbird, Outlook, Evolution, Round Cube ...)
SMTP : Simple Mail Transfer Protocol - To send message
POP : Post Office Protocol - To receive message
IMAP : Internet Message Access Protocol - For coordinating the status of emails
            (read, deleted, moved) across multiple email clients.

"Login"  to your Cent OS 7 Server with you "Administrator account" (root)
and "Password". Edit your "hostname" to change its name "nano /etc/hostname".

Put a new name "postfix-srv.cambodia-computer.com". "Ctrl + X" + "Y" to save and Exit.
Then edit the "Network" file "nano /etc/sysconfig/network".

Update the file with these parameters :
networking=yes
hostname=postfix-srv.cambodia-computer.com

Type "ifconfig" to check your IP Address.
If you don't have the package "net-tools" installed use "ip a" "ip addr" or "ip link".
Check the network interface folder "nano /etc/sysconfig/network-scripts/" and "Tab" to see the folder
content.
Edit your interface file "nano /etc/sysconfig/network-scripts/ifcfg-ens33".

It is strongly discouraged to manage a Mail Server with a dynamic IP.

Update the configuration with theses parameters :
BOOTPROTO="static"

NAME="ens33"
DEVICE="ens33"
NM_CONTROLLED="NO"
ONBOOT="yes"
IPADDR=192.168.255.170
NETMASK=255.255.255.0
GATEWAY=192.168.255.2
"Ctrl + X + "Y" to save and Exit.
The new network card name is "ens33". On older Operating System version it was "eth0".
For me, my gateway IP address is my "VMware Workstation Software". If you install this OS directly in
your computer, your gateway IP is your router IP (Adsl / Optic Fiber Box - Generally 192.168.0.1).
Type "init 6" to reboot your computer and apply the modification (computer name principally).

Login to your server with your "root account" and your "Password".
Edit the "hosts" file to change its parameters "nano /etc/hosts"

Add this line "192.168.255.170 postfix-srv postfix-srv.cambodia-computer.com".
Edit your "resolv.conf" file (Domain and DNS info) "nano /etc/resolv.conf".

Add these lines
domain cambodia-computer.com
search cambodia-computer.com
nameserver 192.168.255.2
nameserver 192.168.255.170
nameserver 127.0.0.1

Type a new time "ifconfig" to be sure about your IP Address.

Now install the DNS software "Bind" with the command "yum install bind bind-utils".

Go to the "etc" folder "cd /etc/"
Do a backup of the file that we are going to modify "cp named.conf named.conf.original"

Edit your bind configuration file to modify some lines and put your
"Forward Lookup Zone" and "Reverse Lookup Zone".
"nano /etc/named.conf"

Forward Lookup Zone : This is the zone that deals with the resolution of the name in IP address
Reverse Lookup Zone : This is the zone that deals with the resolution of the IP address in name

Here for the comments no "#" but "//". Put the configuration bellow with your own domain name.
To see clearly your text inside this file use the keyboard touch "Tab" for each lines.
listen-on port 53 { 127.0.0.1; 192.168.255.170; };
allow-query { localhost; 192.168.255.0/24; };
// FORWARD LOOKUP ZONE
                zone "cambodia-computer.com" IN {
                type master;
                file "/var/named/db.cambodia-computer.com";
                allow-update {none;};
                };
// REVERSE LOOKUP ZONE
                zone "255.168.192.in-addr.arpa" IN {
                type master;
                file "/var/named/db.255.168.192.in-addr.arpa";
                allow-update {none;};
                };
"Ctrl + X" + "Y" to save and Exit.
Arpa is the child of ArpaNet "Advanced Research Projects Agency Network"
The domain name "arpa" is a top-level domain (TLD) in the Domain Name System of the Internet.

To check this configuration type "named-checkconf".
Go to the database / cache folder "cd /var/named" and type "ls" to see the files.
Do a copy and rename the "named.empty" file "cp named.empty db.cambodia-computer.com".
Edit the file "nano db.cambodia-computer.com"

Do these modifications to configure your database for the Forward Lookup Zone.
$TTL   86400
@        IN         SOA     postfix-srv.cambodia-computer.com. root.cambodia-computer.com. (
                                     20012018         ; serial
                                                 1D         ; refresh
                                                 1H         ; retry
                                                1W         ; expire
                                               3H )        ; minimum
;
@        IN        NS          postfix-srv.cambodia-computer.com.
@        IN        MX 10    postfix-srv.cambodia-computer.com.
postfix-srv    IN       A             192.168.255.170

www    IN       CNAME   postfix-srv
pop      IN       CNAME   postfix-srv
smtp    IN       CNAME   postfix-srv
imap    IN       CNAME   postfix-srv
"Ctrl + X" + "Y" to save and Exit.
Copy the Forward Lookup Zone to the Reverse Lookup Zone
"cp db.cambodia-computer.com db.255.168.192.in-addr.arpa".


Edit the file "nano db.255.168.192.in-addr.arpa".

Do these modifications to configure your database for the Reverse Lookup Zone.
$TTL   86400
@        IN         SOA     cambodia-computer.com. root.cambodia-computer.com. (
                                     20012018         ; serial
                                                 1D         ; refresh
                                                 1H         ; retry
                                                1W         ; expire
                                               3H )        ; minimum

;
@        IN        NS          postfix-srv.cambodia-computer.com.
170     IN       PTR        postfix-srv.cambodia-computer.com.
"Ctrl + X" + "Y"
to save and Exit.

Restart your "DNS Bind" to apply the configuration.
"systemctl restart named" "/etc/init.d/bind9 restart" or "service bind9 restart"
Check the status of your product "systemctl status named -l". You see normally some red lines.
It's an error linked to the permissions of your two new files.

Type "ls -la" to see your files permissions and change it for your two "db.*" files.
"chown root:named db.255.168.192.in-addr.arpa"
"chown root:named db.cambodia-computer.com"
Type "ls -la" a new time to see your new permissions.

Restart your "DNS Bind" to apply the configuration
"systemctl restart named" "/etc/init.d/bind9 restart" or "service bind9 restart" 
Check a new time your product status "systemctl status named". No error in your status appears.
Check your "DNS Bind" configuration with these two commands :
"named-checkzone -d cambodia-computer.com db.cambodia-computer.com"
"named-checkzone -d 255.168.192.in-addr.arpa db.255.168.192.in-addr.arpa"
If "OK" appears at the end of the each command your configuration is good.

To finish we have to check if your full DNS configuration is operational.
Type these 2 commands
"nslookup postfix-srv" "nslookup www.cambodia-computer.com"
NSlookup : Name System Lookup

Another command to check your DNS configuration is "dig www.cambodia-computer.com".

Now we are starting the installation of the mail server "Postfix".
Type this command to install the software. This includes "Dovecot" (Mail Delivery Agent).
"yum install postfix dovecot"

If like me you are only in command line (no GUI - Graphic Interface) you must also install these products also
"yum  install telnet mailx procmail".With a graphic mode, "mailx" and "procmail" are not required.
"Telnet" to check the connectivity of your mail server.

Go to the "Postfix" folder "cd /etc/postfix" and type "ls" to see the content.
Do a backup of the file that we are going to modify "cp main.cf main.cf.original" and edit the file "nano main.cf".

Put or Update these lines :
myhostname = postfix-srv.cambodia-computer.com
mydomain = cambodia-computer.com
myorigin = $mydomain
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 192.168.255.0/24, 127.0.0.0/8
recipient_delimiter = +
home_maibox = Maildir/
smtp_banner = Welcome to Cambodia Mail Server
# SMTP Authentication Settings
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks,permit_auth_destination,permit_sasl_authenticated,reject_unauth_destination

"Ctrl + X" + "Y" to save and Exit.

Type "postconf -n" to check your configuration previously done.

After enable, restart and check the status of the "Postfix" service
"systemctl enable postfix" "systemctl restart postfix" "systemctl status postfix"
A recurring problem encountered by many users is the security level of Cent OS which in its initial version
included some blocking.
The Debian 9 users don't have this problem.
Type "sestatus" to see the actual security status. Type "getenforce". The level is "Enforcing".
Type "setenforce 0" and one more time "getenforce". The level is "Permissive".
That is the good level for "Postfix".
If you want to apply this modification after reboot edit the config file "nano /etc/selinux/config".


Replace "enforcing" by "permissive". Let's start now the dovecot configuration.
Go to the "Dovecot" folder "cd /etc/dovecot/" and type "ls" to see the folder content.
Do a backup of the file that we are going to modify "cp dovecot.conf dovecot.conf.original"
and edit the file "nano dovecot.conf".

Remove the "#" before "protocols = imap pop3 lmtp" and "listen = *, ::". Save and Exit.
Then go to the "conf.d" folder "cd conf.d".

Type "ls" to see the content. Do a file backup if you wish (this is advise) before file modification.
Edit the file "nano 10-auth.conf".

Update these two lines for the authentication
disable_plaintext_auth = no
auth_mechanisms = plain login
Save and Exit.

Edit the file "nano 10-mail.conf".

Put the "Mail Location" "mail_location = maildir:~/Maildir". Save and Exit.
Edit the file "nano 10-master.conf".

Modify these lines for the authentication
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
}
Save and Exit.
Edit the file "nano 10-ssl.conf".

Put "ssl = no". Save and Exit.

After the last configuration enable, restart and check the status of "Dovecot" service.
"systemctl enable dovecot" "systemctl start dovecot" "systemctl status dovecot".

Unlock the mail port of the "Iptables" (firewall) and check the new configuration.
iptables -I INPUT -p tcp --dport 25 -J ACCEPT
iptables -I INPUT -p tcp --dport 110 -J ACCEPT
iptables -I INPUT -p tcp --dport 143 -J ACCEPT
iptables -I INPUT -p tcp --dport 993 -J ACCEPT
iptables -I INPUT -p tcp --dport 995 -J ACCEPT
iptables -I INPUT -p tcp --dport 587 -J ACCEPT
iptables -L
If you have "Firewall-cmd" instead of "Iptables" type these commands
firewall-cmd –zone=public –add-port=25/tcp –permanent
firewall-cmd –zone=public –add-port=110/tcp –permanent
firewall-cmd –zone=public –add-port=143/tcp –permanent
firewall-cmd –zone=public –add-port=993/tcp –permanent
firewall-cmd –zone=public –add-port=995/tcp –permanent
firewall-cmd –zone=public –add-port=585/tcp –permanent

We will now create two email accounts in a group named "postfix" (management & client).
"useradd -m client --password cambodia2018"
"useradd -m management --password cambodia2018"
"usermod -a -G postfix client"
"usermod -a -G postfix management"
After send a mail to "client" "mail This email address is being protected from spambots. You need JavaScript enabled to view it.".
Type a "Subject" "Mail Test" and "Enter".
Type a basic text as "Mail Test" and "Enter".
At the end of the mail type "." and "Enter".
Then send another mail to "management" "mail management@cambodia-computer.com".
Type a "Subject" "Mail Test" and "Enter".
Type a basic text as "Mail Test" and "Enter".
At the end of the mail type "." and "Enter".
To check these mails previously sent type for "client"
"cat /home/client/Maildir/new/***.postfix-srv.cambodia-computer.com" (replace *** by the file name)

Then for "management"
"cat /home/management/Maildir/new/***.postfix-srv.cambodia-computer.com" (replace *** by the file name)

Check also the log file "cat /var/log/maillog".
At the end of this file you see that your mails have been sent and delivered to the "maildir".

Now test the configuration with "Telnet" "telnet localhost 25".
EHLO localhost
Mail From: This email address is being protected from spambots. You need JavaScript enabled to view it.
RCPT To: This email address is being protected from spambots. You need JavaScript enabled to view it.
DATA
Subject: Final Test
Final Test
.
quit
Then type "mail". You have received the new mail.

The final test allows to check the connectivity of each "Postfix" / "Dovecot" port.
"telnet localhost 25" "telnet localhost 110" "telnet localhost 143". At the end of each command type "quit" to exit.

Your Cent OS 7 Server Mail Postfix is installed and configured.

Next step : Cent OS 7 Server Mail Postfix - Evolution & Round Cube

Cent OS 7.4 Server FTP (Vsftpd)

Recommended configuration : Intel Dual Core or better / 1GB Memory / 10GB Hard disk
For Operating System Installation check Centos 7 Server Installation

"Login" to your Cent OS 7 Server with your "Administrator account" (root)
and "Password". Type "ifconfig" to check your IP Address.
If you don't have the package "net-tools" installed use "ip a" "ip addr" or "ip link".
Edit your "hostname" to change its name "nano /etc/hostname".

Put a new name as "ftp-server". "Ctrl + X" + "Y" to save and Exit.
Check the network interface folder "nano /etc/sysconfig/network-scripts/" and "Tab" to see the folder contents.
Edit your interface file "nano /etc/sysconfig/network-scripts/ifcfg-ens33".

Update / Change the configuration with theses parameters :
BOOTPROTO="static"

NAME="ens33"
DEVICE="ens33"
NM_CONTROLLED="NO"
ONBOOT="yes"
IPADDR=192.168.255.160
NETMASK=255.255.255.0
GATEWAY=192.168.255.2
"Ctrl + X + "Y" to save and Exit.
The new network card name is "ens33". On older Operating System version it was "eth0".
For me, my gateway IP address is my "VMware Workstation Software". If you install this OS directly in
your computer, your gateway IP is your router IP (Adsl / Optic Fiber Box - Generally 192.168.0.1).
Then edit the "Network" file "nano /etc/sysconfig/network".

Update the configuration with these parameters :
networking=yes
hostname=ftp-server
Edit the "hosts" file to change its parameters "nano /etc/hosts"

Add this line "192.168.255.160 ftp-server ftp-server.cambodia-computer.com".
Type "init 6" to reboot your computer and apply the modification (computer name principally).

Login to your server with your "root account" and your "Password".
Type a new time "ifconfig" to be sure about your IP Address.
Edit the "Resolv.conf" file to update these parameters "nano /etc/resolv.conf".

Add these lines
domain cambodia-computer.com
search cambodia-computer.com
nameserver 192.168.255.2
nameserver 192.168.255.160
nameserver 127.0.0.1


Now install the "FTP Server" software "yum install vsftpd".

Go to your "FTP Server" folder "cd /etc/vsftpd". "ls" to check the content.
Do a backup of the file we are going to edit "cp vsftpd.conf vsftpd.conf.original".
Then edit the file "nano vsftpd.conf".

Update the configuration file with these parameters :
listen=YES
listen_ipv6=NO
anonymous_enable=YES
local_enable=NO
write_enable=YES
local_unmask=022
connect_from_port_20=YES
pam_service_name=vsftpd
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_root=/srv/ftp/anonymous
no_anon_password=YES
ftpd_banner=Welcome to Cambodia Computer FTP Service.
userlist_enable=YES

Create the "Anonymous folder" with the right permissions for your "FTP Server"
"mkdir -pm 777 /srv/ftp/anonymous". Restart your "FTP Server" to apply the configuration
"systemctl restart vsftpd"
and enable the product
"systemctl enable vsftpd".

Install the "FTP client" software "yum install ftp" to test your "FTP Server".

Connect to your "FTP Server" with one of these three commands
"ftp 127.0.0.1", "ftp 192.168.255.160" or "ftp ftp-srv"
Your username is "anonymous" with "no password". You have access
to your "FTP Server" in anonymous. Inside this software the commands are the
same at your server. Type for example "ls" to see the contents inside your
share and "exit" to quit the FTP.

Connect you to a "CentOS 7 Desktop" and check the connectivity with your server.
To access on your server you have to put a "Static IP address" in the same range as your server.
Here for the example, I do this in graphic mode. Go to the top right corner select "Wired"
and "Wired Settings". For me I put :
IP Address : 192.168.255.200 / Netmask : 255.255.255.0
Gateway : 192.168.255.160 / DNS : 192.168.255.160
Switch "Off" / "On" the network card to apply the configuration.

Go to your "Terminal - Command Line" and in the "root" account (su root) install the
"epel-release" package to have access to the required sources "yum install epl-release".
Then install the "FTP"
client named "Filezilla" "yum install filezilla".

Open your "Web Browser" and type "ftp://192.168.255.160".
You have access to your "FTP Server" in anonymous.
Do the same test with "FileZilla". Put your IP Address "192.168.255.160"
and username "anonymous". You are connected to your "FTP Server" folder in anonymous.

Go back to your "FTP Server" and create a basic file inside
your "FTP Folder"
as "Hello_cambodia" "nano /srv/ftp/anonymous/Hello_cambodia".
Check that the file is present after it creation "ls -la /srv/ftp/anonymous".

Go back to your Desktop and connect again on your FTP with your browser "ftp://192.168.255.160".
You have access to your "FTP Server" in anonymous and the "Hello_Cambodia" file
is present inside the "FTP".

With your Server connect one more time to your "FTP Server" with one of these
three commands "ftp 127.0.0.1", "ftp 192.168.255.160" or "ftp ftp-srv".
Type your username "anonymous" and "no password". You have access
to your "FTP Server" in anonymous with your "Hello_Cambodia" file inside.
If you connect to your "FTP Server" "ftp 192.168.255.160" with your
"root account" the "FTP Server" do not accept the connection (Login Failed)
because, it allows only "Anonymous Connection".
We are going for the test to activate the account "root" and then deactivate it because
it is not recommended to use it for security reasons. Then we will replace it with a user account.
Edit your "vsftpd" configuration file to block "anonymous connection" and allow
"root connection". "nano vsftpd.conf"

Put / Update the configuration file with these parameters :
listen=YES
listen_ipv6=NO
anonymous_enable=NO
local_enable=YES
write_enable=YES
connect_from_port_20=YES
pam_service_name=vsftpd
#anon_upload_enable=YES
#anon_mkdir_write_enable=YES
#anon_root=/srv/ftp/anonymous
#no_anon_password=YES
anon_root=/srv/ftp/
userlist_enable=YES"
userlist_deny=YES
Then edit the "User list" "nano user_list".

Put a "#" before "root" to allow this user to connect to the "FTP Server". Save & Exit.
Open the "ftp Users" file "nano ftpusers" and put a "#" also before "root". Save & Exit.

Restart your "FTP Server" to apply the configuration "systemctl restart vsftpd".
Connect you to your "FTP Server" "ftp 192.168.255.160" with your "root" account and your "Password".
You have access to a secure "FTP Server".

Go back to your Cent OS 7 Desktop and connect again on your FTP with "FileZilla".
Put your IP Address
"192.168.255.160", your username "root" and "Password".
You have access to your  "FTP Server" with your "root" account.

Go back to your server and block the "root" account again
"nano user_list" & "nano /etc/ftpusers"
. Remove the "#" before "root" for the two files.

Create a group named "ftp-users" "groupadd ftp-users".
Then create a specific folder with the right permissions for the users
"mkdir /home/ftp-docs" "chmod 750 /home/ftp-docs" "chown root:ftp-users /home/ftp-docs"
Create a user as "cambodia" "useradd -g ftp-users -d /home/ftpdocs cambodia" and
put it a "Password" "passwd cambodia".

Connect to your "FTP Server"  "ftp 192.168.255.160".
Put your new user "cambodia" with his "Password". You have access to your "FTP Server". Type "exit".
Connect again to your "FTP Server" "ftp 192.168.255.160".
Put your user "root" with his "Password". You don't have access to your "FTP Server".

Go back to your Cent OS 7 Desktop and connect again on your FTP with your browser
"ftp://192.168.255.160"Put your username "cambodia" with him "Password".
You have access to your "FTP Server" with your user account.

Then connect again on your FTP with "FileZilla".
Put your IP Address
"192.168.255.160", your username "cambodia" and "Password".
You have access to your  "FTP Server" with your user account.

Your Cent OS 7 Server FTP (Vsftpd) is installed and configured.

Next step : Cent OS 7 Server Postfix Mail Server

Copyright 2017 - Cambodia-Computer.com