Skip to content

Instantly share code, notes, and snippets.

@alkavan

alkavan/rocky-linux-9_mail-server.md

Last active June 8, 2024 20:38
Show Gist options
  • Save alkavan/05186854298aee5ea886f9662403921c to your computer and use it in GitHub Desktop.
Save alkavan/05186854298aee5ea886f9662403921c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
rocky-linux-9_mail-server.md

Rocky Linux 9 - Mail Server Installation

This is a tutorial how to install your own mail server on a Rocky Linux 9 machine.

Initial System Setup

Update system.

dnf update -y

Set your timezone.

timedatectl set-timezone UTC
date

Set the machine hostname.

hostnamectl set-hostname my.domain

Enable EPEL Repository

dnf install epel-release
dnf update

Install nano text editor, a nice monitor, and terminal multiplexer.

dnf install nano htop tmux

Reboot system, login back to server (as root).

reboot

Install Postfix SMTP Server

dnf -y install postfix

Edit the server configuration file nano /etc/postfix/main.cf and change the following:

# uncomment and specify hostname
myhostname = mail.srv.world

# uncomment and specify domain name
mydomain = srv.world

# uncomment
myorigin = $mydomain

# listen on all network interfaces
inet_interfaces = all

# change it for ipv4 only
inet_protocols = ipv4

# uncomment and add more domains
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

# uncomment and specify your local network
mynetworks = 127.0.0.0/8, 10.0.0.0/24

# or, set to only trust local host
mynetworks_style = host

# uncomment home mailbox location (use Maildir)
home_mailbox = Maildir/

# uncomment this line (without version)
smtpd_banner = $myhostname ESMTP $mail_name

# add next setting in the end of the file

# disable SMTP VRFY command
disable_vrfy_command = yes

# require HELO command to sender hosts
smtpd_helo_required = yes

# limit an email size
# example below means 10M bytes limit
message_size_limit = 10240000

# SMTP-Auth settings
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, reject

Enable and start postfix server.

systemctl enable --now postfix

Check postfix server status.

Extra Security and Anti-Spam Settings

Edit the postfix configuarion file:

nano /etc/postfix/main.cf

Consider carfually before adding the following settings, they might reject messages that you do not intened.

Add the following settings:

# reject unknown clients that forward lookup and reverse lookup of their hostnames on DNS do not match
smtpd_client_restrictions = permit_mynetworks, reject_unknown_client_hostname, permit

# rejects senders that domain name set in FROM are not registered in DNS or 
# not registered with FQDN
smtpd_sender_restrictions = permit_mynetworks, reject_unknown_sender_domain,reject_non_fqdn_sender

# reject hosts that domain name set in FROM are not registered in DNS or 
# not registered with FQDN when your SMTP server receives HELO command
smtpd_helo_restrictions = permit_mynetworks, reject_unknown_hostname,reject_non_fqdn_hostname, reject_invalid_hostname, permit

Restart postfix server:

systemctl restart postfix

Firewall Settings

Install firewalld:

dnf install -y firewalld

Run firewall service:

systemctl start firewalld.service

Add SMTP (port 25) to firewall:

firewall-cmd --add-service=smtp
firewall-cmd --runtime-to-permanent

Check firewall status:

firewall-cmd --list-all
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment