CentOS

Mail server on CentOS | UNIX AND NOT ONLY

In addition to the article on configuring the mail server on FreeBSD, I decided to write how to configure the same, but on CentOS 6.

Connect the Remi and Epel repository

rpm --import https://fedoraproject.org/static/0608B895.txt rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm yum install yum-priorities rpm --import http://rpms.famillecollet.com/RPM-GPG-KEY-remi

rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

Let’s bring the file/etc/yum.repos.d/epel.repo to this type

[epel] name=Extra Packages for Enterprise Linux 6 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch failovermethod=priority enabled=1 priority=10 gpgcheck=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
and the file /etc/yum.repos.d/remi.repo to this type:

[remi] name=Les RPM de remi pour Enterprise Linux $releasever - $basearch #baseurl=http://rpms.famillecollet.com/enterprise/$releasever/remi/$basearch/ mirrorlist=http://rpms.famillecollet.com/enterprise/$releasever/remi/mirror enabled=1 priority=10 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

failovermethod=priority

[remi-test] name=Les RPM de remi en test pour Enterprise Linux $releasever – $basearch #baseurl=http://rpms.famillecollet.com/enterprise/$releasever/test/$basearch/ mirrorlist=http://rpms.famillecollet.com/enterprise/$releasever/test/mirror enabled=0 gpgcheck=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

Put MySQL, add it to the load and start:

yum install mysql mysql-server chkconfig --levels 235 mysqld on

/etc/init.d/mysqld start

Set the password for root in MySQL with the following command:

mysql_secure_installation

Install nginx (yes, as last time we will do without the heavy Apache and do everything on NGINX + PHP-FPM), add to startup and start
yum install nginx chkconfig --levels 235 nginx on

/etc/init.d/nginx start

We install PHP-FPM and the necessary PHP modules:

yum --enablerepo=remi,remi-test install php php-fpm php-common php-pear php-pdo php-mysql php-pgsql php-pecl-memcache php-gd php-mbstring php-mcrypt php-xml php-pear-DB php-posix

Let’s bring the /etc/php-fpm.conf file to this form:

[global] pid = /var/run/php-fpm/php-fpm.pid error_log = /var/log/php-fpm/error.log

include=/etc/php-fpm.d/*.conf

And the file /etc/php-fpm.d/www.conf to this:

[www] listen = /tmp/php-fpm.sock user = apache group = apache pm = dynamic pm.max_children = 50 pm.start_servers = 5 pm.min_spare_servers = 5 pm.max_spare_servers = 35 slowlog = /var/log/php-fpm/www-slow.log php_admin_value[error_log] = /var/log/php-fpm/www-error.log

php_admin_value[memory_limit] = 128M

Setting up nginx. To do this, bring the /etc/nginx/nginx.conf file to this form:

user apache;
worker_processes 2;

error_log /var/log/nginx/error.log;

pid /var/run/nginx.pid;

events { use epoll; worker_connections 8192;

}

http { include /etc/nginx/mime.types;

default_type application/octet-stream;

log_format main ‘$remote_addr – $remote_user [$time_local] “$request” ‘ ‘$status $body_bytes_sent “$http_referer” ‘

‘”$http_user_agent” “$http_x_forwarded_for”‘;

access_log /var/log/nginx/access.log main;

sendfile on; client_body_buffer_size 16K; client_header_buffer_size 1k; client_max_body_size 32M; large_client_header_buffers 2 1k; client_body_timeout 10; client_header_timeout 10; keepalive_timeout 5 5; send_timeout 10; reset_timedout_connection on; server_tokens off;

gzip on;

# PHP-FPM

upstream php-fpm { server unix:/tmp/php-fpm.sock;

}

# Virtual hosts

include /etc/nginx/conf.d/*.conf;

}

and create virtual host files:
1) For Vexim (/etc/nginx/conf.d/exim.lifestar.cf.conf), the file looks like this:

server { listen 80; server_name exim.lifestar.cf; access_log /var/log/nginx/exim-access.log; error_log /var/log/nginx/exim-error.log; root /usr/share/vexim2/vexim; index index.php;

charset utf-8;

location = /favicon.ico { log_not_found off; access_log off;

}

location = /robots.txt { allow all; log_not_found off; access_log off;

}

location ~ .php$ { fastcgi_pass php-fpm; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params;

}

location ~ /.ht { deny all; } }

2) For Roundcube file ( /etc/nginx/conf.d/mail.lifestar.cf.conf ) looks that:

server { listen 80; server_name mail.lifestar.cf; access_log /var/log/nginx/mail-access.log; error_log /var/log/nginx/mail-error.log; root /usr/share/roundcubemail; index index.php;

charset utf-8;

location = /favicon.ico { log_not_found off; access_log off;

}

location = /robots.txt { allow all; log_not_found off; access_log off;

}

location ~ .php$ { fastcgi_pass php-fpm; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params;

}

location ~ /.ht { deny all; } }

and restart nginx:

/etc/init.d/nginx restart

Install Exim,Dovecot and other software:

yum install -y exim exim-mysql dovecot dovecot-mysql clamd clamav spamassassin

Downloading and extract Vexim
cd /usr/share/ wget http://silverwraith.com/vexim/vexim2.2.1.tar.gz tar zxvf vexim2.2.1.tar.gz

chown -R root:root vexim2/

Copy configs from Vexim to the directory with Exim

mv /etc/exim/exim.conf /etc/exim/exim.conf.bak cp /usr/share/vexim2/docs/configure /etc/exim/exim.conf

cp /usr/share/vexim2/docs/vexim-* /etc/exim/

Adding a Vexim user

useradd vexim -u 90 -d /usr/local/mail -s /sbin/nologin -m

Installing the database for Vexim

perl /usr/share/vexim2/setup/create_db.pl --act=newdb --dbtype=mysql --uid=93 –gid=93 --mailstore=/usr/local/mail

Edit file

/usr/share/vexim2/vexim/config/variables.php

and edit access to the database

$sqldb = "vexim"; имя БД $sqluser = "vexim"; login

$sqlpass = "PASSWORD"; password set early

Disable and remove Postfix, which is already on CentOS 6 by default.

alternatives --config mta chkconfig --level 123456 postfix off service postfix stop

yum remove postfix -y

Disable SELINUX:
echo 'SELNIUX=disabled' >> /etc/selinux/config

Adding services to autostart
chkconfig --level 35 clamav on chkconfig --level 35 spamassasin on chkconfig --level 35 exim on

chkconfig --level 35 dovecot on

Set permissions:

usermod -a -G exim clamav chmod -Rf g+w /var/spool/exim chmod -Rf g+s /var/spool/exim chown exim:exim -R /usr/local/mail

chown exim:exim -R /var/spool/exim

Editing paths in config Exim:

cd /etc/exim/ sed -i.bak -e ‘s//usr/local/etc//etc/g’ exim.conf

sed -i.bak -e ‘s/MAILMAN_USER=mailnull/MAILMAN_USER=exim/g’ -e ‘s/MAILMAN_GROUP=mail/MAILMAN_GROUP=exim/g’ exim.conf

We find a string in the config exim: MY_IP = CHANGE and our your IP

MY_IP = 46.38.63.5

Find: trusted_users = avleen:www

d change on apache . Remains:

trusted_users = apache
Change the user from which the exim will be launched, change the lines

exim_user = mailnull
exim_group = mail

on
exim_user = exim
exim_group = exim

We find a timed string responsible for connecting to the MySQL server, decompose it and put our password there:
hide mysql_servers = localhost::(/tmp/mysql.sock)/vexim/vexim/PASSWORD

Find the system _ aliases: section and change the lines in it

user = mailnull
group = mail on

user = exim
group = exim

And run:
service exim start

Setting up Dovecot:
Let’s bring the config /etc/dovecot/dovecot.conf to this type:

base_dir = /var/run/dovecot/ disable_plaintext_auth = no first_valid_uid = 93 listen = * login_greeting = Dovecot ready man. login_log_format_elements = user=< %u> method=%m rip=%r lip=%l %c mail_location = maildir:~/Maildir

log_path =/var/log/dovecot

# Log file to use for informational and debug messages. # Default is the same as log_path.

#info_log_path =

# Prefix for each line written to log file. % codes are in strftime(3) # format.

log_timestamp = “%b %d %H:%M:%S ”

passdb { driver = pam } passdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } protocols = imap pop3 service auth { unix_listener auth-master { group = exim mode = 0660 user = exim } user = root } service imap-login { chroot = client_limit = 256 process_limit = 128 process_min_avail = 3 service_count = 1 vsz_limit = 64 M } service pop3-login { chroot = client_limit = 256 process_limit = 128 process_min_avail = 3 service_count = 1 vsz_limit = 64 M } ssl = no userdb { driver = passwd } userdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } protocol imap { imap_client_workarounds = tb-extra-mailbox-sep mail_plugins = quota imap_quota } protocol pop3 { pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv }

We configure the connection to MySQL in the file /etc/dovecot/dovecot-mysql.conf
driver = mysql connect = host=/var/lib/mysql/mysql.sock user=vexim password=PASSWORD dbname=vexim default_pass_scheme = MD5-CRYPT password_query = SELECT crypt as `password` FROM users,domains WHERE users.username = '%u' AND users.enabled = '1' AND users.type = 'local' and domains.enabled = '1' and domains.domain_id = users.domain_id

user_query = SELECT pop as home, uid, gid FROM users WHERE username = '%u'

And we run everything:

/etc/init.d/dovecot start /etc/init.d/clamav start

/etc/init.d/spamassassin start

Install roundcube

cd /usr/share wget http://sourceforge.net/projects/roundcubemail/files/roundcubemail/0.8.1/roundcubemail-0.8.1.tar.gz

tar zxvf roundcubemail-0.8.1.tar.gz

mv roundcubemail-0.8.1 roundcubemail chown -R apache:apache roundcubemail/

chmod -R 777 roundcubemail/temp/ roundcubemail/logs/

Create database

mysql -p Enter password: ( enter password for root MySQL )

Welcome to the MySQL monitor. Commands end with ; or g.

February 17, 2016 by Blog