I wanted to quickly create a mail server that can be used freely with postfix + dovecot on EC2

Introduction

I wanted a mail server that I could use freely That was all I wanted That would be something like this ...

I'm told what number the decoction is, I tried to build a mail server on EC2

There are many similar articles, As a record of what I did I will also create a new similar article

I hope some part will be useful somewhere

Preparation 1

Launch an instance on AWS EC2 for the time being This time I built it with t2.micro of free frame OS uses AMAZON LINUX

Open the required inbound port in the security group of the built instance

POP3	TCP 110	0.0.0.0/0	-
POP3S	TCP 995	0.0.0.0/0	-
IMAPS	TCP 993	0.0.0.0/0	-
SSH     TCP 22  0.0.0.0/0	-
SMTP	TCP 25	0.0.0.0/0	-
IMAP	TCP 143	0.0.0.0/0	-
SMTPS	TCP 465	0.0.0.0/0	-
Custom TCP 587 0.0.0.0/0	-

• This setting is too loose, so please adjust the IP of the connection source by yourself. GIP confirmation page

Preparation 2

This time I tried to name the mail server using the domain obtained by name

Name.com domain management DNS, Add A record and MX record of the instance created this time

A record Example) A smtp.example.com 11.22.33.44

MX record Example) MX example.com 10 smtp.example.com

You can use AWS route 53 instead of using your name

If you just send an email, you can send it without having to acquire a domain

I don't know the details because I haven't confirmed it yet.

postfix installation

Connect to the instance created above with SSH and Update for the time being

yum -y update

And postfix installation

yum -y install postfix

Edit the configuration file after successful installation

# vi /etc/postfix/main.cf
Find and edit the following part

myhostname = smtp.example.com

mydomain = exapmle.com

myorigin = $mydomain

inet_interfaces = all

inet_protocols = ipv4

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

smtpd_banner = $myhostname ESMTP unknown

home_mailbox = Maildir/

#Added at the end
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

message_size_limit = 10485760

# vi /etc/postfix/master.cf
submission inet n       -       n       -       -       smtpd #Uncomment
-o smtpd_sasl_auth_enable=yes #Uncomment

Makes a directory for saving emails automatically created when a new email sending user is created
# mkdir -p /etc/skel/Maildir/{new,cur,tmp}

# chmod -R 700 /etc/skel/Maildir/

smtp authentication settings

# yum -y install cyrus-sasl

# chkconfig saslauthd on

# service saslauthd start

Countermeasures for emails addressed to unknown users

# vi /etc/postfix/main.cf

#Added at the end
local_recipient_maps =
luser_relay = unknown_user@localhost

# echo unknown_user: /dev/null >> /etc/aliases
# newaliases　

SMTP activation

Stop if there is sendmail
# chkconfig sendmail off

# service sendmail stop


# chkconfig postfix on

# service postfix start

dovecot install

# yum -y install dovecot
# vi /etc/dovecot/conf.d/10-mail.conf

mail_location = maildir:~/Maildir #Change the comment out part

# vi /etc/dovecot/conf.d/10-auth.conf

disable_plaintext_auth = no #Change to no
auth_mechanisms = plain login #Add to existing one

# vi /etc/dovecot/conf.d/10-master.conf

#Edit existing one
  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }

# vi /etc/dovecot/conf.d/10-ssl.conf

ssl = no #Change to no

# chkconfig dovecot on

# service dovecot start

Add mail user

# useradd user
# passwd user
Set a new user password, but set it to "user" for the time being

# ls /home/user/Maildir/ #Make sure the directory is created


Try sending it to yourself in the email sending test
# sendmail [email protected]
To:[email protected]
From:[email protected]
Subject:test

myself test.

.

Make sure you have an email
#ls /home/user/Maildir/new/

Make sure you are listening on the required ports at this point.

# netstat -nl | grep tcp
tcp        0      0 0.0.0.0:587                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:110                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:143                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN

Try to receive with mail client software

Try to receive the email with a suitable email software such as thunderbird

User: user Email address: [email protected] Password: user

pop server: smtp.example.com 110 port smtp server: smtp.example.com 587 port

"Normal password authentication" with "no ssl protection"

• Thunderbird may ask "Cannot connect to the server. Do you want to create only a user account?", But if you try to create only an account for the time being, you may receive an email.

Make it possible to send emails to Gmail etc.

At this stage, you can send mail to yourself, but you should not be able to send it to the outside.

So you can relay to google's smtp server to send emails

# vi /etc/postfix/main.cf

relayhost = [smtp.gmail.com]:587 #Edit existing part

#Add more to the end
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_sasl_mechanism_filter = plain
smtp_use_tls = yes

Use your own gmail account to authenticate gmail

# vi /etc/postfix/sasl_passwd
[smtp.gmail.com]:587 [email protected]:password

Create a hash file
# postmap /etc/postfix/sasl_passwd

Set to allow insecure apps with your google account

• It seems that it is useless to perform two-step authentication for account authentication, so remove those security once.

https://myaccount.google.com/lesssecureapps

Try sending a test email

# sendmail [email protected]
To:[email protected]
From:[email protected]
Subject:test

myself test.

.

Complete if transmission is successful

Where I got stuck

Account cannot be synced

Cause 1 It was stopped by the FW of the router

A policy was written to stop external communication (25,110,143, etc.) on the company router It took me a few hours to notice this, and I just made unnecessary adjustments.

Cause 2 Stopped by security group

There weren't enough open ports in the EC2 instance security group

Again, I wasted a few hours

Cause 2 Compatibility of client software?

I was trying to use outlook as the software for account synchronization this time, but it seems that authentication is possible, but I can not create an account. The message on outlook is that the account could not be created due to a problem with the smtp server. The server log at that time is as follows

Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth: Debug: auth client connected (pid=22036)
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth: Debug: client in:AUTH#0111#011PLAIN#011service=pop3#011session=OZ2Cl9esN+lqmoDo#011lip=172.31.43.165#011rip=106.154.128.232#011lport=110#011rport=59703
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth: Debug: client passdb out: CONT#0111#011
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth: Debug: client in: CONT<hidden>
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth-worker(22037): Debug: Loading modules from directory: /usr/lib64/dovecot/auth
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth-worker(22037): Debug: Module loaded: /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth-worker(22037): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth-worker(22037): Debug: pam(user,106.154.128.232,<OZ2Cl9esN+lqmoDo>): lookup service=dovecot
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth-worker(22037): Debug: pam(user,106.154.128.232,<OZ2Cl9esN+lqmoDo>): #1/1 style=1 msg=Password:
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth: Debug: client passdb out: OK#0111#011user=user#011
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth: Debug: master in: REQUEST#0111203240961#01122036#0111#011f2ecb8ac5535457503d22d0e493b0733#011session_pid=22038
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth-worker(22037): Debug: passwd(user,106.154.128.232,<OZ2Cl9esN+lqmoDo>): lookup
Aug 14 14:54:03 ip-172-31-43-165 dovecot: auth: Debug: master userdb out: USER#0111203240961#011user#011system_groups_user=user#011uid=502#011gid=502#011home=/home/user
Aug 14 14:54:03 ip-172-31-43-165 dovecot: pop3-login: Login: user=<user>, method=PLAIN, rip=106.154.128.232, lip=172.31.43.165, mpid=22038, session=<OZ2Cl9esN+lqmoDo>
Aug 14 14:54:03 ip-172-31-43-165 dovecot: pop3(user): Debug: Effective uid=502, gid=502, home=/home/user
Aug 14 14:54:03 ip-172-31-43-165 dovecot: pop3(user): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir
Aug 14 14:54:03 ip-172-31-43-165 dovecot: pop3(user): Debug: maildir++: root=/home/user/Maildir, index=, indexpvt=, control=, inbox=/home/user/Maildir, alt=
Aug 14 14:54:03 ip-172-31-43-165 dovecot: pop3(user): Debug: INBOX: Mailbox opened because: POP3 INBOX
Aug 14 14:54:03 ip-172-31-43-165 dovecot: pop3(user): Disconnected: Logged out top=0/0, retr=0/0, del=0/13, size=15260

I wondered why it seemed to work, and googled Some people say that outlook doesn't work, but thunderbird works. When I put thunderbird in my PC and tried it, It worked

The settings for outlook seem to be different

Again (omitted)

Reference page

[EC2] Mail server construction (Postfix + Dovecot) Mail server construction (Postfix + Dovecot) Detailed explanation with experiments on SMTP server and POP server Send mail to gmail with Postfix