I wanted a mail server that I could use freely That was all I wanted That would be something like this ...
I'm told what number the decoction is, I tried to build a mail server on EC2
There are many similar articles, As a record of what I did I will also create a new similar article
I hope some part will be useful somewhere
Launch an instance on AWS EC2 for the time being This time I built it with t2.micro of free frame OS uses AMAZON LINUX
Open the required inbound port in the security group of the built instance
POP3 TCP 110 0.0.0.0/0 -
POP3S TCP 995 0.0.0.0/0 -
IMAPS TCP 993 0.0.0.0/0 -
SSH TCP 22 0.0.0.0/0 -
SMTP TCP 25 0.0.0.0/0 -
IMAP TCP 143 0.0.0.0/0 -
SMTPS TCP 465 0.0.0.0/0 -
Custom TCP 587 0.0.0.0/0 -
This time I tried to name the mail server using the domain obtained by name
Name.com domain management DNS, Add A record and MX record of the instance created this time
A record Example) A smtp.example.com 11.22.33.44
MX record Example) MX example.com 10 smtp.example.com
You can use AWS route 53 instead of using your name
If you just send an email, you can send it without having to acquire a domain
I don't know the details because I haven't confirmed it yet.
Connect to the instance created above with SSH and Update for the time being
yum -y update
And postfix installation
yum -y install postfix
Edit the configuration file after successful installation
# vi /etc/postfix/main.cf
Find and edit the following part
myhostname = smtp.example.com
mydomain = exapmle.com
myorigin = $mydomain
inet_interfaces = all
inet_protocols = ipv4
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
smtpd_banner = $myhostname ESMTP unknown
home_mailbox = Maildir/
#Added at the end
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
message_size_limit = 10485760
# vi /etc/postfix/master.cf
submission inet n - n - - smtpd #Uncomment
-o smtpd_sasl_auth_enable=yes #Uncomment
Makes a directory for saving emails automatically created when a new email sending user is created
# mkdir -p /etc/skel/Maildir/{new,cur,tmp}
# chmod -R 700 /etc/skel/Maildir/
# yum -y install cyrus-sasl
# chkconfig saslauthd on
# service saslauthd start
# vi /etc/postfix/main.cf
#Added at the end
local_recipient_maps =
luser_relay = unknown_user@localhost
# echo unknown_user: /dev/null >> /etc/aliases
# newaliases 
Stop if there is sendmail
# chkconfig sendmail off
# service sendmail stop
# chkconfig postfix on
# service postfix start
# yum -y install dovecot
# vi /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir #Change the comment out part
# vi /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no #Change to no
auth_mechanisms = plain login #Add to existing one
# vi /etc/dovecot/conf.d/10-master.conf
#Edit existing one
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
# vi /etc/dovecot/conf.d/10-ssl.conf
ssl = no #Change to no
# chkconfig dovecot on
# service dovecot start
# useradd user
# passwd user
Set a new user password, but set it to "user" for the time being
# ls /home/user/Maildir/ #Make sure the directory is created
Try sending it to yourself in the email sending test
# sendmail [email protected]
To:[email protected]
From:[email protected]
Subject:test
myself test.
.
Make sure you have an email
#ls /home/user/Maildir/new/
Make sure you are listening on the required ports at this point.
# netstat -nl | grep tcp
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
Try to receive the email with a suitable email software such as thunderbird
User: user Email address: [email protected] Password: user
pop server: smtp.example.com 110 port smtp server: smtp.example.com 587 port
"Normal password authentication" with "no ssl protection"
At this stage, you can send mail to yourself, but you should not be able to send it to the outside.
So you can relay to google's smtp server to send emails
# vi /etc/postfix/main.cf
relayhost = [smtp.gmail.com]:587 #Edit existing part
#Add more to the end
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_sasl_mechanism_filter = plain
smtp_use_tls = yes
Use your own gmail account to authenticate gmail
# vi /etc/postfix/sasl_passwd
[smtp.gmail.com]:587 [email protected]:password
Create a hash file
# postmap /etc/postfix/sasl_passwd
Set to allow insecure apps with your google account
https://myaccount.google.com/lesssecureapps
Try sending a test email
# sendmail [email protected]
To:[email protected]
From:[email protected]
Subject:test
myself test.
.
Complete if transmission is successful
A policy was written to stop external communication (25,110,143, etc.) on the company router It took me a few hours to notice this, and I just made unnecessary adjustments.
There weren't enough open ports in the EC2 instance security group
Again, I wasted a few hours
I was trying to use outlook as the software for account synchronization this time, but it seems that authentication is possible, but I can not create an account. The message on outlook is that the account could not be created due to a problem with the smtp server. The server log at that time is as follows
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth: Debug: auth client connected (pid=22036)
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth: Debug: client in:AUTH#0111#011PLAIN#011service=pop3#011session=OZ2Cl9esN+lqmoDo#011lip=172.31.43.165#011rip=106.154.128.232#011lport=110#011rport=59703
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth: Debug: client passdb out: CONT#0111#011
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth: Debug: client in: CONT<hidden>
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth-worker(22037): Debug: Loading modules from directory: /usr/lib64/dovecot/auth
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth-worker(22037): Debug: Module loaded: /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth-worker(22037): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth-worker(22037): Debug: pam(user,106.154.128.232,<OZ2Cl9esN+lqmoDo>): lookup service=dovecot
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth-worker(22037): Debug: pam(user,106.154.128.232,<OZ2Cl9esN+lqmoDo>): #1/1 style=1 msg=Password:
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth: Debug: client passdb out: OK#0111#011user=user#011
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth: Debug: master in: REQUEST#0111203240961#01122036#0111#011f2ecb8ac5535457503d22d0e493b0733#011session_pid=22038
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth-worker(22037): Debug: passwd(user,106.154.128.232,<OZ2Cl9esN+lqmoDo>): lookup
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth: Debug: master userdb out: USER#0111203240961#011user#011system_groups_user=user#011uid=502#011gid=502#011home=/home/user
Aug 14 14:54:03 ip-172-31-43-165 dovecot: pop3-login: Login: user=<user>, method=PLAIN, rip=106.154.128.232, lip=172.31.43.165, mpid=22038, session=<OZ2Cl9esN+lqmoDo>
Aug 14 14:54:03 ip-172-31-43-165 dovecot: pop3(user): Debug: Effective uid=502, gid=502, home=/home/user
Aug 14 14:54:03 ip-172-31-43-165 dovecot: pop3(user): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir
Aug 14 14:54:03 ip-172-31-43-165 dovecot: pop3(user): Debug: maildir++: root=/home/user/Maildir, index=, indexpvt=, control=, inbox=/home/user/Maildir, alt=
Aug 14 14:54:03 ip-172-31-43-165 dovecot: pop3(user): Debug: INBOX: Mailbox opened because: POP3 INBOX
Aug 14 14:54:03 ip-172-31-43-165 dovecot: pop3(user): Disconnected: Logged out top=0/0, retr=0/0, del=0/13, size=15260
I wondered why it seemed to work, and googled Some people say that outlook doesn't work, but thunderbird works. When I put thunderbird in my PC and tried it, It worked
The settings for outlook seem to be different
Again (omitted)
[EC2] Mail server construction (Postfix + Dovecot) Mail server construction (Postfix + Dovecot) Detailed explanation with experiments on SMTP server and POP server Send mail to gmail with Postfix
Recommended Posts