Installing a mail server in Oracle Linux on the base of Cyrus IMAP and Postfix with Active Directory integration


Incoming mail


install necessary packets

dnf install cyrus-sasl cyrus-sasl-plain cyrus-imapd postfix

edit the /etc/sysconfig/saslauthd file

MECH=ldap

create the /etc/saslauthd.conf file

ldap_servers: ldaps://dc.domain.local:636
ldap_tls_check_peer: yes
ldap_tls_cacert_file: /etc/ssl/certs/domain.local.crt
ldap_bind_dn: CN=cyrus,OU=Special Users,DC=domain,DC=local
ldap_bind_pw: some_pass
ldap_search_base: OU=Employees,DC=domain,DC=local
ldap_filter: mail=%U@%r

change permissions on the /etc/saslauthd.conf file

chmod 600 /etc/saslauthd.conf

edit the /etc/cyrus.conf file

SERVICES {
  #imaps  cmd="imapd -s" listen="imaps" prefork=1
  #pop3   cmd="pop3d" listen="pop3" prefork=3
  #pop3s  cmd="pop3d -s" listen="pop3s" prefork=1
  #sieve  cmd="timsieved" listen="sieve" prefork=0
  
  #nntp   cmd="nntpd" listen="nntp" prefork=3
  #nntps  cmd="nntpd -s" listen="nntps" prefork=1
  
  #http   cmd="httpd" listen="http" prefork=3
  #https  cmd="httpd -s" listen="https" prefork=1
  
  #notify cmd="notifyd" listen="/run/cyrus/socket/notify" proto="udp" prefork=1

  lmtpunix      cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
}

DAEMON {
  # this is only necessary if using idled for IMAP IDLE
  idled         cmd="idled"
}

edit the /etc/imapd.conf file

lmtpsocket: /var/lib/imap/socket/lmtp
#httpmodules: caldav carddav
virtdomains: userid
tls_required: yes
autocreate_quota: 0
autocreate_post: 1

edit the /etc/postfix/main.cf file

myhostname = mail.domain.local
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps =
relay_recipient_maps =
mailbox_transport = 
virtual_mailbox_domains = hash:/etc/postfix/domains
virtual_mailbox_maps = hash:/etc/postfix/recipients
virtual_transport = lmtp:unix:/var/lib/imap/socket/lmtp
smtpd_relay_restrictions=defer_unauth_destination

create the /etc/postfix/domains file

green.com			ok
yellow.com			ok

create the /etc/postfix/recipients file

create the /etc/postfix/domains.db and the /etc/postfix/recipients.db hash tables

postmap hash:/etc/postfix/domains
postmap hash:/etc/postfix/recipients

start all the services

systemctl --now enable saslauthd
systemctl --now enable cyrus-imapd
systemctl --now enable postfix

verify the work of the authentication

imtest -t "" -u [email protected] -a [email protected] localhost
imtest -t "" -u [email protected] -a [email protected] localhost

connect to the server using TCP/25 port and try to send a test message

HELO test
MAIL FROM: <src_mail_address>
RCPT TO: <dst_mail_address>
DATA
<test_message_body>
.
QUIT

note: for a non-encrypted connection use the "telnet 25" command and for a SSL-encrypted connection use the "openssl s_client -connect :25 -starttls smtp" command

verify that the message has been successfully received and saved in the /var/spool/imap folder


Outgoing mail


edit the /etc/postfix/master.cf file

587       inet  n       -       n       -       -       smtpd
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=cyrus
  -o smtpd_sasl_path=smtpd
  -o smtpd_tls_auth_only=yes
  -o smtpd_sasl_tls_security_options=noanonymous
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject

note: the "smtpd_sasl_path=smtpd" parameter means that SASL-authentication uses the /etc/sasl2/smtpd.conf configuration file

restart Postfix

systemctl restart postfix

connect to the server using TCP/587 port and try to send a test message

note: in order to authenticate enter the "AUTH PLAIN" SMTP command and provide a login and a password in Base64 encoding (you can convert your login and password into Base64 encodong with the "echo -ne '\[email protected]\0password' | base64" command)

Leave a Reply