Centos 7 – Postfix, Devocot, RoundCube, PostfixAdmin, PhpMyadmin

First of all Set hostname in CentOS 7 with nmtui and DNS

Set your host with nmtui

Set dns name in /etc/hosts with nano /etc/hosts mail.domain.com mail


Install PHP 7.0

rpm -Uvh http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum -y install yum-utils
yum -y update
wget http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
rpm -Uvh remi-release-7*.rpm
yum-config-manager –enable remi-php70
yum install php php-opcache php-cli php-common php-gd php-ldap php-mysql php-odbc php-pdo php-pear php-pecl-apc php-pecl-memcache php-pgsql php-soap php-xml php-xmlrpc php-mbstring php-mcrypt  -y

yum install epel-release*
yum install php-imap*

Install MariaDB, HTTPD, MariaDB-Server, Mod_SSL

yum install httpd mariadb mariadb-server systemctl start httpd 
yum install mod_ssl
systemctl enable httpd
systemctl start mariadb
systemctl enable mariadb

Disable Selinux 

nano /etc/selinux/config

For disable:


If you prefer to let SELinux prints warnings instead of enforcing, you can set below value instead:


Disable it immediately without rebooting your server:

setenforce 0

Open FireWall Ports

firewall-cmd –zone=public –add-port=443/tcp –permanent
firewall-cmd –zone=public –add-port=143/tcp –permanent
firewall-cmd –zone=public –add-port=993/tcp –permanent
firewall-cmd –zone=public –add-port=465/tcp –permanent
firewall-cmd –zone=public –add-port=587/tcp –permanent
firewall-cmd –zone=public –add-port=25/tcp –permanent
firewall-cmd –zone=public –add-port=80/tcp –permanent
firewall-cmd –reload

Check the updated rules with
firewall-cmd --list-all

Secure mariaDB + Create root password


Create User in MySQL

*Note* MySQL user cann be authenticated by password or withot password on localhost!!!

——Create user With Password for specific DB ———-

mysql -uroot -p
CREATE USER ‘beckup’@’%’ IDENTIFIED BY ‘Your_pass’;
GRANT ALL ON wiki.* TO ‘beckup’@’localhost’;
GRANT ALL ON wiki.* TO ‘beckup’@’%’;
GRANT ALL ON wiki.* TO ‘beckup’@’hostname’;
GRANT ALL ON wiki.* TO ‘beckup’@’’;
GRANT ALL ON wiki.* TO ‘beckup’@’::1′;

——Create user Without Password for specific DB———-

mysql -uroot -p
CREATE USER ‘beckup’@’%’;
GRANT ALL ON wiki.* TO ‘beckup’@’localhost’;
GRANT ALL ON wiki.* TO ‘beckup’@’%’;
GRANT ALL ON wiki.* TO ‘beckup’@’hostname’;
GRANT ALL ON wiki.* TO ‘beckup’@’’;
GRANT ALL ON wiki.* TO ‘beckup’@’::1′;

This should be ran only if you need create User With High Privileges My SQL



Install And Config PHPMYADMIN


yum install -y phpmyadmin

****BackUp the original file****

cp /etc/httpd/conf.d/phpMyAdmin.conf /etc/httpd/conf.d/phpMyAdmin.conf.orig

By default access to phpmyadmin is allowed only from we will remove all from nano /etc/httpd/conf.d/phpMyAdmin.conf and insert below:

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
Require all granted

<Directory /usr/share/phpMyAdmin/setup/>
Require all granted

<Directory /usr/share/phpMyAdmin/libraries/>
Order Deny,Allow
Deny from All
Allow from None

<Directory /usr/share/phpMyAdmin/setup/lib/>
Order Deny,Allow
Deny from All
Allow from None

<Directory /usr/share/phpMyAdmin/setup/frames/>
Order Deny,Allow
Deny from All
Allow from None

systemctl restart httpd


Visit www address http://your_ip_address/phpmyadmin 

Login with MySQL root user and Password

Create database 

Install PostfixAdmin

Download from here: postfixadmin-3.1.tar

put a folder to /var/www/postfixadmin-3.1

chown -R apache. /var/www/postfixadmin

Change config file  nano /var/www/html/postfixadmin/config.inc.phpwith this:

Create new file in /var/www/html/postfixadmin/config.inc.php   same directory copy all data from this file to  /var/www/html/postfixadmin/config.local.php

$CONF['configured'] = true;
$CONF['default_language'] = 'en';
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix';
$CONF['database_password'] = 'your_pass';
$CONF['database_name'] = 'postfix';
$CONF['admin_email'] = '[email protected]_domain.com';
$CONF['encrypt'] = 'md5crypt';
$CONF['default_aliases'] = array (
'abuse' => 'root',
'hostmaster' => 'root',
'postmaster' => 'root',
'webmaster' => 'root'
$CONF['/mail/domain/your_domain.com'] = 'YES';
$CONF['/mail/mailboxes/your_domain.com''] = 'YES';



!!Important!!! If you have this ERROR:

ERROR: the templates_c directory doesn't exist or isn't writeable for the webserver

Just create folder in postfixadmin root directory with 777

Refresh your brouzer or run to finish instalation


Add hash $CONF['setup_password'] = 'd5b49f60b33c602582e1dcac4fd640f8:01568c3ba5abf83dc30dd45ad622f1229a63001c'; to your config file /var/www/postfixadmin/config.local.php

PostfixAdmin Hardening (Allow ip list)

Add to end of this file nano /etc/httpd/conf/httpd.conf:

Attached httpd.conf: httpd.conf

You can set this by ip or by subnets allow from

Secure Cookies

Secure Cookies with edit this line Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure to head of httpd.conf or download from hear: httpd.conf

<Directory "/var/www/postfixadmin/">
order deny,allow
deny from all
allow from
Options -Indexes

Postfix Configuration

Postfix coming built in Centos 7

First of all backup /etc/postfix/>main.cf file

Now we will change all content to this you must change the bold words:

soft_bounce = no
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix

# Change to your own domain mail.your_domain.com & mail.your_domain.com
myhostname = mail.your_domain.com
mydomain = your_domain.com
myorigin = $myhostname

inet_interfaces = all
inet_protocols = ipv4

mydestination = localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
#mynetworks =
mynetworks =

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

smtpd_banner = $myhostname ESMTP $mail_name

debug_peer_level = 2
# This PATH and ddd must be stay as is with tabulation 
debugger_command =
         ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES

relay_domains = mysql:/etc/postfix/mysql/relay_domains.cf
virtual_alias_maps = mysql:/etc/postfix/mysql/virtual_alias_maps.cf,
virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf

smtpd_discard_ehlo_keywords = etrn, silent-discard
smtpd_forbidden_commands = CONNECT GET POST
broken_sasl_auth_clients = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtp_always_send_ehlo = yes
disable_vrfy_command = yes

smtpd_helo_restrictions = permit_mynetworks,

smtpd_data_restrictions = permit_mynetworks,

smtpd_sender_restrictions = permit_mynetworks,

smtpd_recipient_restrictions = reject_non_fqdn_recipient,

smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_tls_key_file = /etc/postfix/certs/key.pem
smtpd_tls_cert_file = /etc/postfix/certs/cert.pem
tls_random_source = dev:/dev/urandom

# Massage size limit
message_size_limit = 20000000
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 15
smtpd_error_sleep_time = 20
anvil_rate_time_unit = 60s
smtpd_client_connection_count_limit = 20
smtpd_client_connection_rate_limit = 30
smtpd_client_message_rate_limit = 30
smtpd_client_event_limit_exceptions =
smtpd_client_connection_limit_exceptions =

maximal_queue_lifetime = 1d
bounce_queue_lifetime = 1d

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth

# Folder to store mailboxes
virtual_mailbox_base = /mail/domain/your_domain.com
virtual_minimum_uid = 1000
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

sender_bcc_maps = hash:/etc/postfix/sender_bcc_maps
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc_maps

Now we make dir /etc/postfix/mysql && cd /etc/postfix/mysql add all files below!!!

 mkdir /etc/postfix/mysql && cd /etc/postfix/mysql
# nano relay_domains.cf

hosts = localhost
user = postfix
password = 12345678
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1'
# nano  virtual_alias_domain_maps.cf

hosts = localhost
user = postfix
password = 12345678
dbname = postfix
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1
# nano virtual_alias_maps.cf

hosts = localhost
user = postfix
password = 12345678
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
# nano virtual_mailbox_domains.cf

hosts = localhost
user = postfix
password = 12345678
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'
# mcedit virtual_mailbox_maps.cf

hosts = localhost
user = postfix
password = 12345678
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'

Now Backup /etc/postfix/master.cf and change below lines:

submission inet n - n - - smtpd
 -o syslog_name=postfix/submission
 -o smtpd_tls_wrappermode=no
 -o smtpd_tls_security_level=encrypt
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
 -o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination
 -o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
 -o syslog_name=postfix/smtps
 -o smtpd_tls_wrappermode=yes
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
 -o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination
 -o milter_macro_daemon_name=ORIGINATING

In this file we will add below line for dovecot in the end of the file:

dovecot unix - n n - - pipe
 flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}

Create folder for Postfix sertificates

mkdir /etc/postfix/certs
openssl req -new -x509 -days 3650 -nodes -out /etc/postfix/certs/cert.pem -keyout /etc/postfix/certs/key.pem

This you need to run every time after  some changes!!!

postmap /etc/postfix/recipient_bcc_maps /etc/postfix/sender_bcc_maps


Now create two mailboxes [email protected]_domain.com and [email protected]_domain.com through postfixadmin.

I will explain a little about these boxes – what they are for. Initially, I did them when users used the pop3 protocol without saving messages on the server. This made it possible to organize a backup of all correspondence. These boxes are very quickly filled and occupy a huge volume, so they must be cleaned. I just scripts regularly collected all mail in archives with names in the form of dates. If you needed to find a letter, then you just unpacked the required archive.

In the case of imap, the backup role disappears, since all mail is stored on the server. But these boxes are still useful when the user, for example, deleted some important letter and then pretends that it was not. If this letter came only today and has not yet managed to fly to the backup, then in addition to logging about this letter, you will not see the content itself. And with such boxes all at once it will be clear, and questions will disappear. The last application is the security service. If you have someone who is supposed to read all the correspondence, then this functionality can be implemented in such a simple way.
All the basic settings for postfix we made. Some of them are tied to work with dovecot, which we have not yet configured. Therefore, we do not touch postfix anymore, we do not restart it. We are going to configure the dovecot – imap server of our mail system.


Dovecot Configuration

Let’s get busy setting up dovecot – the server for delivering mail to the user using the pop3 and imap protocols. I see no reason to use pop3. It is inconvenient compared to imap. Most often pop3 disable at all. But this is up to you. Let me give an example of setting up both protocols. In addition to the basic functionality for the delivery of mail, I will configure several useful plug-ins. I’ll tell you more about them:

Sieve – performs mail filtering according to the specified rules at the time of local delivery on the mail server. The convenience of this approach is that once you can set up a sorting rule, and it will work in all the clients that you will receive mail on imap. Rules are created, stored and executed on the server itself.
Acl – allows users to share folders in their mailbox and give access to these folders to other users. I did not often see this customized and used. I think it’s because of ignorance. For me, this is a very convenient and useful functional.
I often see that people configure the quota plugin, which allows you to limit the maximum size of the mailbox. I personally do not use it in my work. Perhaps, when you have hundreds and thousands of clients, it matters and you must set a limit. When there are less boxes, it makes no sense to strain people with constant cleaning. Now the drives are not so expensive. I think it’s easier and cheaper to increase the server space, rather than constantly worrying users about the need to clean the box. It is better to limit the maximum size of the message, say 20 megabytes. Then it is hard to hammer the box, even with a big desire, it will not happen quickly. And mail is still an important tool in the work. I think it’s better to keep it as long as possible.

There is another useful expire plugin that allows you to delete obsolete emails in specific folders. For example, delete all emails older than 30 days in the trash can and folder. But it is impossible to really use it for a simple reason. Different e-mail clients create different folders for the recycle bin and spam. Thunderbird creates folders with Latin names trash and spam, outlook with Russians, which on the mail server are converted to UTF7 encoding, mobile clients also use different folder names. As a result, there is no uniformity, the plug-in does not work fully.

I told about these plug-ins for aiming. I do not configure them myself, but if you want to implement the described functionality, you can understand and configure yourself.

I gave a small theory, now we turn to practice. We install packages necessary for dovecot.

*After mailbox creation you can find mailboxes in /mail/domain


yum install dovecot dovecot-mysql dovecot-pigeonhole

Edit this config with code below nano /etc/dovecot/dovecot.conf

listen = * [::]

mail_plugins = mailbox_alias acl

protocols = imap pop3 sieve lmtp

mail_uid = 1000
mail_gid = 1000

first_valid_uid = 1000
last_valid_uid = 1000

log_path = /var/log/dovecot/main.log
info_log_path = /var/log/dovecot/info.log
debug_log_path = /var/log/dovecot/debug.log

ssl_protocols = !SSLv2 !SSLv3
ssl = required
verbose_ssl = no
ssl_cert = </etc/postfix/certs/cert.pem
ssl_key = </etc/postfix/certs/key.pem

ssl_dh_parameters_length = 2048
ssl_prefer_server_ciphers = yes

disable_plaintext_auth = yes

mail_location = maildir:/mail/domain/your_domain.com/%d/%u/

auth_default_realm = your_domain.com

auth_mechanisms = PLAIN LOGIN

service auth {
 unix_listener /var/spool/postfix/private/dovecot-auth {
 user = postfix
 group = postfix
 mode = 0666
 unix_listener /var/spool/postfix/private/auth {
 mode = 0666
 user = postfix
 group = postfix
unix_listener auth-master {
 user = vmail
 group = vmail
 mode = 0666

unix_listener auth-userdb {
 user = vmail
 group = vmail
 mode = 0660

service lmtp {
 unix_listener /var/spool/postfix/private/dovecot-lmtp {
 user = postfix
 group = postfix
 mode = 0600

 inet_listener lmtp {
 address =
 port = 24

userdb {
 args = /etc/dovecot/dovecot-mysql.conf
 driver = sql

passdb {
 args = /etc/dovecot/dovecot-mysql.conf
 driver = sql

auth_master_user_separator = *
plugin {
 auth_socket_path = /var/run/dovecot/auth-master

 acl = vfile
 acl_shared_dict = file:/mail/domain/your_domain.com/shared-folders/shared-mailboxes.db
 sieve = /mail/domain/your_domain.com/sieve/%u.sieve
 mailbox_alias_old = Sent
 mailbox_alias_new = Sent Messages
 mailbox_alias_old2 = Sent
 mailbox_alias_new2 = Sent Items

protocol lda {
 mail_plugins = $mail_plugins sieve
 auth_socket_path = /var/run/dovecot/auth-master
 deliver_log_format = mail from %f: msgid=%m %$
 log_path = /var/log/dovecot/lda-errors.log
 info_log_path = /var/log/dovecot/lda-deliver.log
 lda_mailbox_autocreate = yes
 lda_mailbox_autosubscribe = yes
 postmaster_address = root

protocol lmtp {
 info_log_path = /var/log/dovecot/lmtp.log
 mail_plugins = quota sieve
 postmaster_address = postmaster
 lmtp_save_to_detail_mailbox = yes
 recipient_delimiter = +

protocol imap {
 mail_plugins = $mail_plugins imap_acl
 imap_client_workarounds = tb-extra-mailbox-sep
 mail_max_userip_connections = 30

protocol pop3 {
 mail_plugins = $mail_plugins
 pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
 pop3_uidl_format = %08Xu%08Xv
 mail_max_userip_connections = 30

service imap-login {
 service_count = 1
 process_limit = 500

service pop3-login {
 service_count = 1

service managesieve-login {
 inet_listener sieve {
 port = 4190

namespace {
 type = private
 separator = /
 prefix =
 inbox = yes

 mailbox Sent {
 auto = subscribe
 special_use = \Sent
 mailbox "Sent Messages" {
 auto = no
 special_use = \Sent
 mailbox "Sent Items" {
 auto = no
 special_use = \Sent
 mailbox Drafts {
 auto = subscribe
 special_use = \Drafts
 mailbox Trash {
 auto = subscribe
 special_use = \Trash
 mailbox "Deleted Messages" {
 auto = no
 special_use = \Trash
 mailbox Junk {
 auto = subscribe
 special_use = \Junk
 mailbox Spam {
 auto = no
 special_use = \Junk
 mailbox "Junk E-mail" {
 auto = no
 special_use = \Junk
 mailbox Archive {
 auto = no
 special_use = \Archive
 mailbox Archives {
 auto = no
 special_use = \Archive

namespace {
 type = shared
 separator = /
 prefix = Shared/%%u/
 location = maildir:%%h:INDEX=%h/shared/%%u
 subscriptions = yes
 list = children
# groupadd  -g 1000 vmail
# useradd -d /mail/domain/your_domain.com -g 1000 -u 1000 vmail
# chown vmail. /mail/domain/your_domain.com

Connection to MySQL

nano /etc/dovecot/dovecot-mysql.conf

Create folder for Logs

# mkdir /var/log/dovecot
# cd /var/log/dovecot && touch main.log info.log debug.log lda-errors.log lda-deliver.log lmtp.log
# chown -R vmail:dovecot /var/log/dovecot
# mkdir /mail/domain/your_domain.com/sieve && mkdir /mail/domain/your_domain.com/shared-folders
# chown -R vmail. /mail/domain/your_domain.com
# chown vmail. /var/run/dovecot/auth-master
# systemctl restart postfix
# systemctl start dovecot
# systemctl enable dovecot

Useful command to check configuration

tail -f /var/log/maillog
You can see successful sasl_method=PLAIN, [email protected]_domain.com
You can see who connected from where imap-login: Info: Login: user=<[email protected]_domain.com >, method=PLAIN, rip=, lip=, mpid=28790, TLS, session=<3tDeHGVKpQBNJeCL>
You can fine all mail trafic

systemctl restart postfix
systemctl restart dovecot
ls -l /var/spool/postfix/private

RoundCube Instalation

First of all download roundcube from https://roundcube.net/download/ full version or this attachment roundcubemail.tar and extract to /var/www/webmail

# tar -xzvf roundcubemail-*
# mv roundcubemail-1.2.3 /var/www/webmail
# chown -R apache. /var/www/webmail

Create Database and User for roundcube. I created DB: roundcube and User roundcube. Do this or from phpmyadmin or from cli

GRANT ALL PRIVILEGES ON roundcube.* TO [email protected] IDENTIFIED BY 'password';

Now access server on web http://Your_server_ip/webmail/installer/ and config the setup:
You must see many different options but you need only few of them:

    • smtp_server — nothing leave as is
    • language — en_EN
    • Checkbox Plugins must! — managesieve, userinfo, acl. Other plugins on your discretion

Config DB:

Now Access http://Your_server_ip/webmail

  • You can create custom binding in httpd.conf

Create Rulles with sieve

You can do this in “settings”


*After rule creation you can find mailboxes in /mail/domain/sieve/your_username


Config “Out Of Office”

# mcedit /var/www/html/webmail/plugins/managesieve/config.inc.php

Do Changes in:

$config['managesieve_vacation'] = 1;

Create Shared Folders in MailBox

First of all create folder in web interface and after then give permissions to aliases that you need.

Now we ca see in mailbox of [email protected]_domain.com new shared folder:

Configure DKIM and SPF


Domain Keys Identified Mail (DKIM) is an email authentication method designed to detect email spoofing. It allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain. It is intended to prevent forged sender addresses in emails, a technique often used in phishing and email spam.

yum install opendkim
mkdir -p /etc/postfix/dkim && cd /etc/postfix/dkim

Now we generate keys for domain

opendkim-genkey -D /etc/postfix/dkim/ -d your_domain.com -s mail
your_domain.com Your domain name
mail Name of your server


Ru- На выходе получаете пару файлов — закрытый (приватный) и открытый ключ. Закрытый останется на сервере, открытый будет опубликован в dns. Переименуем их сразу, чтобы не путаться, если у вас будет несколько доменов. Ключи нужно будет делать для каждого домена.

EN- On the output you get a couple of files – private (private) and public key. The private remains on the server, the public will be published in dns. Rename them immediately so that you do not get confused if you have multiple domains. Keys will need to be done for each domain.

mv mail.private mail.your_domain.com.private
mv mail.txt mail.your_domain.com.txt

Ru- Создаем файл с таблицей ключей, в которой будут описаны все домены. В данном случае только один

EN- Create a file with a table of keys, in which all domains will be described. In this case, only one

cd /etc/postfix/dkim
nano /keytable
mail._domainkey.your_domain.com your_domain.com:mail:/etc/postfix/dkim/mail.your_domain.com.private

Ru- Тут же создаем еще один файл, в котором будет описано, каким ключом подписывать письма каждого домена. У нас один домен, поэтому только одна запись.

EN- Immediately create another file, which will describe which key to sign the letters of each domain. We have one domain, so only one entry.

cd /etc/postfix/dkim
nano signingtable
*@your_domain.com mail._domainkey.your_domain.com

EN- We set access rights to all files

chown root:opendkim *
chmod u=rw,g=r,o= *

EN- Create Config file.

nano /etc/opendkim.conf
AutoRestart Yes
AutoRestartRate 10/1h
PidFile /var/run/opendkim/opendkim.pid
Mode sv
Syslog yes
SyslogSuccess yes
LogWhy yes
UserID opendkim:opendkim
Socket inet:[email protected]
Umask 022
Canonicalization relaxed/relaxed
Selector default
MinimumKeyBits 1024
KeyFile /etc/postfix/dkim/mail.your_domain.com.private
KeyTable /etc/postfix/dkim/keytable
SigningTable refile:/etc/postfix/dkim/signingtable

EN- Add the following parameters to the postfix configuration file at the very end:

nano /etc/postfix/main.cf
smtpd_milters = inet:
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
milter_protocol = 2

EN- Restart postfix & dkim and enable dkim after server reboot.

systemctl restart postfix
systemctl restart opendkim.service
systemctl enable opendkim.service

EN- Now we need to add the public key to dns. Go to the dns management console and add a new txt entry. We take its contents from the file /etc/postfix/dkim/mail.your_domain.com.txt

cat /etc/postfix/dkim/mail.your_domain.com.txt
mail._domainkey IN TXT ( "v=DKIM1; k=rsa; "
 "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClZX2xWRDISlVLF4b4pUiinY5N9WN7VXEHeyPw8smHTamXh35wJoh+j0+MIQD754T2WXBjz7O/uHL+vK58LhJsm4TGyhUN6ZBit+w22jG92zdeybSZeU/g7hQdkaAAi0I+0nIkUwIDAQAB" ) ; ----- DKIM key mail for your_domain.com

EN- We remove quotes, superfluous problems and we interpose. It should look like this:


EN- I check the work. I send the letter to gmail and look at the mail server’s log:

cat /var/log/maillog
tail -f /var/log/maillog

EN- Additionally, check the correctness of the dkim entry in dns by using the online service – http://dkimcore.org/c/keycheck.



EN- The spf record is added as a txt entry in the dns of your domain. With this record you specify which IP addresses have the right to send mail on your behalf. If one of the spammers uses your domain name when sending spam, it will not pass the spf check and will most likely be identified as spam.

You can specify the specific ip addresses in the record, but you can tell that the ip addresses are checked against the lists of A and MX records. At us a simple case and only 1 server with one ip, therefore we will specify this ip address. Go to the dns control panel and add a new txt entry.

your_domain.com. TXT v=spf1 ip4:your_ip_address ~all



NOQUEUE: reject: RCPT from []: 454 4.7.1: Relay access denied;

Add line below to /etc/pstfix/main.cf

mynetworks = [::1]/128