I wanted to quickly create a mail server that can be used freely with postfix + dovecot on EC2

Introduction

I wanted a mail server that I could use freely That was all I wanted That would be something like this ...

I'm told what number the decoction is, I tried to build a mail server on EC2

There are many similar articles, As a record of what I did I will also create a new similar article

I hope some part will be useful somewhere

Preparation 1

Launch an instance on AWS EC2 for the time being This time I built it with t2.micro of free frame OS uses AMAZON LINUX

Open the required inbound port in the security group of the built instance

POP3	TCP 110	0.0.0.0/0	-
POP3S	TCP 995	0.0.0.0/0	-
IMAPS	TCP 993	0.0.0.0/0	-
SSH     TCP 22  0.0.0.0/0	-
SMTP	TCP 25	0.0.0.0/0	-
IMAP	TCP 143	0.0.0.0/0	-
SMTPS	TCP 465	0.0.0.0/0	-
Custom TCP 587 0.0.0.0/0	-

Preparation 2

This time I tried to name the mail server using the domain obtained by name

Name.com domain management DNS, Add A record and MX record of the instance created this time

A record Example) A smtp.example.com 11.22.33.44

MX record Example) MX example.com 10 smtp.example.com

You can use AWS route 53 instead of using your name

If you just send an email, you can send it without having to acquire a domain

I don't know the details because I haven't confirmed it yet.

postfix installation

Connect to the instance created above with SSH and Update for the time being

yum -y update

And postfix installation

yum -y install postfix

Edit the configuration file after successful installation

# vi /etc/postfix/main.cf
Find and edit the following part

myhostname = smtp.example.com

mydomain = exapmle.com

myorigin = $mydomain

inet_interfaces = all

inet_protocols = ipv4

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

smtpd_banner = $myhostname ESMTP unknown

home_mailbox = Maildir/

#Added at the end
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

message_size_limit = 10485760

# vi /etc/postfix/master.cf
submission inet n       -       n       -       -       smtpd #Uncomment
-o smtpd_sasl_auth_enable=yes #Uncomment

Makes a directory for saving emails automatically created when a new email sending user is created
# mkdir -p /etc/skel/Maildir/{new,cur,tmp}

# chmod -R 700 /etc/skel/Maildir/

smtp authentication settings

# yum -y install cyrus-sasl

# chkconfig saslauthd on

# service saslauthd start

Countermeasures for emails addressed to unknown users

# vi /etc/postfix/main.cf

#Added at the end
local_recipient_maps =
luser_relay = unknown_user@localhost

# echo unknown_user: /dev/null >> /etc/aliases
# newaliases 

SMTP activation

Stop if there is sendmail
# chkconfig sendmail off

# service sendmail stop


# chkconfig postfix on

# service postfix start

dovecot install

# yum -y install dovecot
# vi /etc/dovecot/conf.d/10-mail.conf

mail_location = maildir:~/Maildir #Change the comment out part

# vi /etc/dovecot/conf.d/10-auth.conf

disable_plaintext_auth = no #Change to no
auth_mechanisms = plain login #Add to existing one

# vi /etc/dovecot/conf.d/10-master.conf

#Edit existing one
  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }

# vi /etc/dovecot/conf.d/10-ssl.conf

ssl = no #Change to no

# chkconfig dovecot on

# service dovecot start

Add mail user

# useradd user
# passwd user
Set a new user password, but set it to "user" for the time being

# ls /home/user/Maildir/ #Make sure the directory is created


Try sending it to yourself in the email sending test
# sendmail [email protected]
To:[email protected]
From:[email protected]
Subject:test

myself test.

.

Make sure you have an email
#ls /home/user/Maildir/new/

Make sure you are listening on the required ports at this point.

# netstat -nl | grep tcp
tcp        0      0 0.0.0.0:587                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:110                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:143                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN

Try to receive with mail client software

Try to receive the email with a suitable email software such as thunderbird

User: user Email address: [email protected] Password: user

pop server: smtp.example.com 110 port smtp server: smtp.example.com 587 port

"Normal password authentication" with "no ssl protection"

Make it possible to send emails to Gmail etc.

At this stage, you can send mail to yourself, but you should not be able to send it to the outside.

So you can relay to google's smtp server to send emails

# vi /etc/postfix/main.cf

relayhost = [smtp.gmail.com]:587 #Edit existing part

#Add more to the end
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_sasl_mechanism_filter = plain
smtp_use_tls = yes

Use your own gmail account to authenticate gmail

# vi /etc/postfix/sasl_passwd
[smtp.gmail.com]:587 [email protected]:password

Create a hash file
# postmap /etc/postfix/sasl_passwd

Set to allow insecure apps with your google account

https://myaccount.google.com/lesssecureapps

Try sending a test email

# sendmail [email protected]
To:[email protected]
From:[email protected]
Subject:test

myself test.

.

Complete if transmission is successful

Where I got stuck

Account cannot be synced

Cause 1 It was stopped by the FW of the router

A policy was written to stop external communication (25,110,143, etc.) on the company router It took me a few hours to notice this, and I just made unnecessary adjustments.

Cause 2 Stopped by security group

There weren't enough open ports in the EC2 instance security group

Again, I wasted a few hours

Cause 2 Compatibility of client software?

I was trying to use outlook as the software for account synchronization this time, but it seems that authentication is possible, but I can not create an account. The message on outlook is that the account could not be created due to a problem with the smtp server. The server log at that time is as follows

Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth: Debug: auth client connected (pid=22036)
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth: Debug: client in:AUTH#0111#011PLAIN#011service=pop3#011session=OZ2Cl9esN+lqmoDo#011lip=172.31.43.165#011rip=106.154.128.232#011lport=110#011rport=59703
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth: Debug: client passdb out: CONT#0111#011
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth: Debug: client in: CONT<hidden>
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth-worker(22037): Debug: Loading modules from directory: /usr/lib64/dovecot/auth
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth-worker(22037): Debug: Module loaded: /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth-worker(22037): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth-worker(22037): Debug: pam(user,106.154.128.232,<OZ2Cl9esN+lqmoDo>): lookup service=dovecot
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth-worker(22037): Debug: pam(user,106.154.128.232,<OZ2Cl9esN+lqmoDo>): #1/1 style=1 msg=Password:
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth: Debug: client passdb out: OK#0111#011user=user#011
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth: Debug: master in: REQUEST#0111203240961#01122036#0111#011f2ecb8ac5535457503d22d0e493b0733#011session_pid=22038
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth-worker(22037): Debug: passwd(user,106.154.128.232,<OZ2Cl9esN+lqmoDo>): lookup
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth: Debug: master userdb out: USER#0111203240961#011user#011system_groups_user=user#011uid=502#011gid=502#011home=/home/user
Aug 14 14:54:03 ip-172-31-43-165 dovecot: pop3-login: Login: user=<user>, method=PLAIN, rip=106.154.128.232, lip=172.31.43.165, mpid=22038, session=<OZ2Cl9esN+lqmoDo>
Aug 14 14:54:03 ip-172-31-43-165 dovecot: pop3(user): Debug: Effective uid=502, gid=502, home=/home/user
Aug 14 14:54:03 ip-172-31-43-165 dovecot: pop3(user): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir
Aug 14 14:54:03 ip-172-31-43-165 dovecot: pop3(user): Debug: maildir++: root=/home/user/Maildir, index=, indexpvt=, control=, inbox=/home/user/Maildir, alt=
Aug 14 14:54:03 ip-172-31-43-165 dovecot: pop3(user): Debug: INBOX: Mailbox opened because: POP3 INBOX
Aug 14 14:54:03 ip-172-31-43-165 dovecot: pop3(user): Disconnected: Logged out top=0/0, retr=0/0, del=0/13, size=15260

I wondered why it seemed to work, and googled Some people say that outlook doesn't work, but thunderbird works. When I put thunderbird in my PC and tried it, It worked

The settings for outlook seem to be different

Again (omitted)

Reference page

[EC2] Mail server construction (Postfix + Dovecot) Mail server construction (Postfix + Dovecot) Detailed explanation with experiments on SMTP server and POP server Send mail to gmail with Postfix

Recommended Posts

I wanted to quickly create a mail server that can be used freely with postfix + dovecot on EC2
I tried to create a server environment that runs on Windows 10
I want to create a priority queue that can be updated in Python (2.7)
I made a familiar function that can be used in statistics with Python
Convert images from FlyCapture SDK to a form that can be used with openCV
I wanted to create a smart presentation with Jupyter Notebook + nbpresent
I made a shuffle that can be reset (reverted) with Python
I tried to expand the database so that it can be used with PES analysis software
I created a template for a Python project that can be used universally
Create a web app that can be easily visualized with Plotly Dash
[Can be done in 10 minutes] Create a local website quickly with Django
I wanted to create a program in Reverse Polish Notation in Python (determining if a string can be converted to a number)
A memo for making a figure that can be posted to a journal with matplotlib
I tried to create a class that can easily serialize Json in Python
I tried to summarize the operations that are likely to be used with numpy-stl
How to install a Python library that can be used by pharmaceutical companies
File types that can be used with Go
Pretend to be a server with two PCs
I tried to make it on / off by setting "Create a plug-in that highlights double-byte space with Sublime Text 2".
I tried to easily create a high-precision 3D image with one photo [1]. (Depth can now be edited in PNG.)
[Mac] I want to make a simple HTTP server that runs CGI with Python
[Python] I tried to automatically create a daily report of YWT with Outlook mail
[Python] Introduction to web scraping | Summary of methods that can be used with webdriver
I tried to make a memo app that can be pomodoro, but a reflection record
Steps to quickly create a deep learning environment on Mac with TensorFlow and OpenCV
How to create a property of relations that can be prefetch_related by specific conditions
File sharing server made with Raspberry Pi that can be used for remote work
I tried to create a table only with Django
Python knowledge notes that can be used with AtCoder
I want to manually create a legend with matplotlib
[Django] About users that can be used on template
Simple statistics that can be used to analyze the effect of measures on EC sites and codes that can be used in jupyter notebook
I made a tool to automatically generate a state transition diagram that can be used for both web development and application development
A story that I wanted to do a function like before_action used in rails with django [Beginner learns python with a reference book]
How to set up a simple SMTP server that can be tested locally in Python
I made a program to collect images in tweets that I liked on twitter with Python
I wrote a miscellaneous Ansible module that enables Virtualenv to be used by installing Pythonz.
[Atcoder] [C ++] I made a test automation tool that can be used during the contest
I wrote a script to create a Twitter Bot development environment quickly with AWS Lambda + Python 2.7
SSH connection to a private server using a bastion server on EC2
I tried to automatically create a report with Markov chain
I wrote a program quickly to study DI with Python â‘ 
Listen to a novel that will be on Amazon Polly
Create a web API that can deliver images with Django
I investigated the pretreatment that can be done with PyCaret
I made a plug-in that can "Daruma-san fell" with Minecraft
Let's make a diagram that can be clicked with IPython
[Flask] I tried to summarize the "docker-compose configuration" that can be created quickly for web applications
[Python] Draw elevation data on a sphere with Plotly and draw a globe that can be rotated round and round
I made it because I want JSON data that can be used freely in demos and prototypes
Understand the probabilities and statistics that can be used for progress management with a python program
About the matter that torch summary can be really used when building a model with Pytorch
How to quickly create a machine learning environment using Jupyter Notebook on macOS Sierra with anaconda
I tried to build a SATA software RAID configuration that boots the OS on Ubuntu Server
Create a program that can generate your favorite images with Selenium
[Python] Make a graph that can be moved around with Plotly
I made a package that can compare morphological analyzers with Python
I want to use a wildcard that I want to shell with Python remove
I made a web server with Raspberry Pi to watch anime
[Python] A memo that I tried to get started with asyncio
Qiskit: I want to create a circuit that creates arbitrary states! !!