Archive

Posts Tagged ‘Fedora’

How to setup a personal mail server with Postfix and Dovecot

May 21st, 2013 Comments off

The instructions were tested on Fedora 17, most RedHat distributions should be very similar and it should at least give you an idea for other distros.

Install the required software:

# yum install postfix dovecot

Check that Postfix supports Dovecot SASL:

# postconf -a
cyrus
dovecot

Edit /etc/postfix/main.cf, add at the top of the file:

inet_interfaces = all
# list of domains receiving mails on this server, remember to set the MX record in their DNS
virtual_alias_domains = domain1.com, domain2.com
virtual_alias_maps = hash:/etc/postfix/virtual
mynetworks_style = host
# add the ips that are always allowed to relay to mynetworks list
mynetworks = 127.0.0.0/8
# use reject_rbl_client to specify RBLs (simple anti-spam measure)
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
reject_rbl_client sbl-xbl.spamhaus.org
reject_rbl_client bl.spamcop.net

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes

Create/edit /etc/postfix/virtual and add a couple of email aliases:

john@domain1.com myaccount
office@domain1.com myaccount

Compile the aliases table:

# postmap /etc/postfix/virtual

Restart the postfix service, for minor changes in the configuration file you can also use:

# postfix reload

Uncomment the postfix smtp-auth settings in /etc/dovecot/conf.d/10-master.conf

# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}

Edit /etc/dovecot/conf.d/10-mail.conf and set mail_location:

mail_location = mbox:~/mail:INBOX=/var/mail/%u

Restart dovecot.

This should be enough for a couple of email accounts for your domains, accessible by POP3 and IMAP.

Categories: Linux Tags: , , ,

Quick Fix for the Fedora DNSSEC Issue

June 26th, 2010 3 comments

After a routing update, Fedora 12 has some problems with the DNS service. The named service fails to start with with the following error:

Error in named configuration:
/etc/pki/dnssec-keys//named.dnssec.keys:1: open: /etc/pki/dnssec-keys//production/bg.conf: file not found

The update was not a fortunate one and an official fix will probably be issued soon. A quick way is to disable the DNSSEC options in named. Edit /etc/named.conf and comment the following lines:

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside . trust-anchor dlv.isc.org.;

and at the bottom:

include "/etc/pki/dnssec-keys//named.dnssec.keys";
include "/etc/pki/dnssec-keys//dlv/dlv.isc.org.conf";

The DNSSEC features ads digital signatures to your DNS queries. If you need this, keep searching for other solutions.

Categories: Linux Tags: , , ,