History / Status

  • Updated 20130110
  • DONE


First things first. If you are a novice at linux I recommend that you should get help with setting this up. This is an advanced email server configuration. This configuration will allow you to serve multiple domains on one server. This howto will allow you to setup a server that is one of four mail server types:

  • Mail server with spam and virus checking (Most people. Do everything in the howto)
  • Mail server w/o spam and virus checking (Someone else is doing email filtering for you)
  • Backup MX / spam and virus filtering server (you want to divide things up)
  • Backup MX (You want to receive and hold mail while your main server is down)

You will get the following features:

  • Postfix: the workhorse behind the mail receiving and sending
  • smtp authentication
  • secure smtp using TLS
  • Dovecot: imap and pop3 mailbox service
  • secure imap and pop3
  • server side filtering of flagged spam to a spam folder
  • mysql: handle all the virtual domains and users
  • PostfixAdmin: GUI for domain administration
  • roundcube: web mail access
  • spam/virus filtering using amavisd-new, spamassassin and clamav

Books You May Find Helpful

The following books may be helpful for some people.

The Accidental Administrator: Linux Server Step-by-Step Configuration Guide
Learning the bash Shell: Unix Shell Programming (In a Nutshell (O'Reilly))

Installing CentOS

Start with my HOWTO: CentOS 6.x base server. That howto will get CentOS installed and ready for this howto.

WARNING: Not following the base server howto will cause you grief. Due to 6.4+ changes things will break.

Installing The Software

We'll start with the yum installs.
> yum install roundcubemail dovecot dovecot-mysql dovecot-pigeonhole cyrus-sasl-devel cyrus-sasl-sql subversion
> yum install perl-MailTools perl-MIME-EncWords perl-MIME-Charset perl-Email-Valid perl-Test-Pod perl-TimeDate
> yum install perl-Mail-Sender perl-Log-Log4perl imapsync offlineimap
> yum install amavisd-new clamav clamd razor-agents perl-Convert-BinHex

Postfix.Admin doesn't have an rpm so we need to download it and put it where we want it.
> wget http://sourceforge.net/projects/postfixadmin/files/latest/download
> tar -xzvf postfixadmin-2.3.5.tar.gz
> mv postfixadmin-2.3.5 /usr/share/postfixadmin

Configuring The Server

Setup SSL Certificate

Now generate an SSL certificate for postfix and dovecot to have TLS support. Replace mail.example.com with your server hostname.
> genkey --days 3650 mail.example.com

Setup the Virtual Mail User

Next we'll configure the mail store directory. We put it in the /home directory to make backups and other item easy. So type the following.
> mkdir /home/vmail
> chmod 770 /home/vmail
> useradd -r -u 101 -g mail -d /home/vmail -s /sbin/nologin -c "Virtual mailbox" vmail
> chown vmail:mail /home/vmail

Configuring Postfix Admin

Create the apache config file for postfixadmin and restart apache.

alias /mailadmin /usr/share/postfixadmin
<Directory "/usr/share/postfixadmin">
  AllowOverride AuthConfig

> service httpd restart

Now we need to setup the mysql database for postfixadmin. We only need to create the database and user. The setup file will create the rest.
> mysql -u root -p -e "CREATE DATABASE postfix;"
> mysql -u root -p -e "CREATE USER postfix@localhost IDENTIFIED BY 'choose_a_password';"
> mysql -u root -p -e "GRANT ALL PRIVILEGES ON postfix . * TO postfix@localhost;"

Now its time to setup the config file. Don't forget to set your password. Paste the following into the file.
> cd /usr/share/postfixadmin
> nano -w config.local.php

 * Contains configuration options that override the default config file

 *  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 
 * You have to set $CONF['configured'] = true; before the
 * application will run!
 * Doing this implies you have changed this file as required.
 * i.e. configuring database etc; specifying setup.php password etc.
$CONF['configured'] = true;

// In order to setup Postfixadmin, you MUST specify a hashed password here.
// To create the hash, visit setup.php in a browser and type a password into the field,
// on submission it will be echoed out to you as a hashed value.
$CONF['setup_password'] = 'changeme';
$CONF['postfix_admin_url'] = '/mailadmin';
$CONF['database_type'] = 'mysql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix';
$CONF['database_password'] = 'changeme';
$CONF['database_name'] = 'postfix';
$CONF['admin_email'] = 'postmaster@change-this-to-your.domain.tld';
$CONF['encrypt'] = 'md5crypt';
$CONF['dovecotpw'] = "/usr/sbin/dovecotpw";
$CONF['min_password_length'] = 6;
$CONF['page_size'] = '20';
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';
$CONF['aliases'] = '50';
$CONF['mailboxes'] = '50';
$CONF['maxquota'] = '100';
$CONF['quota'] = 'YES';
$CONF['quota_multiplier'] = '1024000';
$CONF['transport'] = 'YES';
$CONF['transport_options'] = array (
    'virtual',  // for virtual accounts
    'local',    // for system accounts
    'relay'     // for backup mx
$CONF['transport_default'] = 'virtual';
$CONF['vacation'] = 'YES';
$CONF['vacation_domain'] = 'autoreply.change-this-to-your.domain.tld';
$CONF['vacation_control'] ='YES';
$CONF['vacation_control_admin'] = 'YES';
$CONF['special_alias_control'] = 'YES';
$CONF['user_footer_link'] = "http://change-this-to-your.domain.tld/main";
$CONF['show_footer_text'] = 'YES';
$CONF['footer_text'] = 'Return to change-this-to-your.domain.tld';
$CONF['footer_link'] = 'http://change-this-to-your.domain.tld';
$CONF['used_quotas'] = 'YES';
$CONF['new_quota_table'] = 'YES';
// $CONF['create_mailbox_subdirs_hostoptions']=array('notls');


Next we need to run the setup.php script in a web browser. Enter the url in your browser. Ex.

If everything shows OK then create the admin user using the form displayed. Follow the instructions for setting the setup password.

Log into the web interface and follow the directions.

Configuring Postfix

Here we go with more config files. You'll have to be sure to change some settings to match your host. The config files will have sections commented out. Don't worry about it. These sections are for spam/virus/sympa configuration. Just copy and past to create the config files. What ever you see here replaces what already exists.

The main postfix config files.

# postfix config file

# uncomment for debugging if needed

# postfix main
mail_owner = postfix
setgid_group = postdrop
delay_warning_time = 4

# postfix paths
html_directory = no
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
queue_directory = /var/spool/postfix
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man

# network settings
inet_interfaces = all
mydomain = yourdomain.com
myhostname = host.yourdomain.com
mynetworks = $config_directory/mynetworks
mydestination = $myhostname, localhost.$mydomain, localhost 
relay_domains = proxy:mysql:/etc/postfix/mysql-relay_domains_maps.cf

# mail delivery
recipient_delimiter = + 

# mappings
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
transport_maps = hash:/etc/postfix/transport
#local_recipient_maps = 

# virtual setup
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf,
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_minimum_uid = 101
virtual_uid_maps = static:101
virtual_gid_maps = static:12
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

# debugging
debug_peer_level = 2
debugger_command =
         xxgdb $daemon_directory/$process_name $process_id & sleep 5

# authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

# tls config
smtp_use_tls = yes
smtpd_use_tls = yes 
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
# Change mail.example.com.* to your host name 
smtpd_tls_key_file = /etc/pki/tls/private/mail.example.com.key
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.example.com.crt
# smtpd_tls_CAfile = /etc/pki/tls/root.crt

# rules restrictions 
smtpd_client_restrictions = 
smtpd_helo_restrictions = 
smtpd_sender_restrictions = 
smtpd_recipient_restrictions = permit_sasl_authenticated, 
# uncomment for realtime black list checks
#	,reject_rbl_client zen.spamhaus.org
#	,reject_rbl_client bl.spamcop.net
#	,reject_rbl_client dnsbl.sorbs.net

smtpd_helo_required = yes
unknown_local_recipient_reject_code = 550
disable_vrfy_command = yes
smtpd_data_restrictions = reject_unauth_pipelining

# Other	options
# email	size limit ~20Meg
message_size_limit = 204800000


# Postfix master process configuration file.  For details on the format
# of the file, see the Postfix master(5) manual page.
# ***** Unused items removed *****
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd
#  -o content_filter=smtp-amavis:
#  -o receive_override_options=no_address_mappings
pickup    fifo  n       -       n       60      1       pickup
  -o content_filter= 
  -o receive_override_options=no_header_body_checks
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       n       -       -       smtp
        -o fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
# ====================================================================
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
# spam/virus section
smtp-amavis  unix  -    -       y       -       2       smtp
  -o smtp_data_done_timeout=1200
  -o disable_dns_lookups=yes
  -o smtp_send_xforward_command=yes inet n  -       y       -       -       smtpd
  -o content_filter=
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=
  -o smtpd_error_sleep_time=0
  -o smtpd_soft_error_limit=1001
  -o smtpd_hard_error_limit=1000
  -o receive_override_options=no_header_body_checks
  -o smtpd_bind_address=
  -o smtpd_helo_required=no
  -o smtpd_client_restrictions=
  -o smtpd_restriction_classes=
  -o disable_vrfy_command=no
  -o strict_rfc821_envelopes=yes
# Dovecot LDA
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d ${recipient}
# Vacation mail
vacation    unix  -       n       n       -       -       pipe
  flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}


# This specifies the list of subnets that Postfix considers as
# "trusted" SMTP clients that have more privileges than "strangers".
# In particular, "trusted" SMTP clients are allowed to relay mail
# through Postfix.
# Be sure to add your public ip address block if needed.

The postfix / mysql config files.

hosts = localhost
user = postfix
password = postfix
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'


hosts = localhost
user = postfix
password = postfix
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'


hosts = localhost
user = postfix
password = postfix
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1'


hosts = localhost
user = postfix
password = postfix
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'


hosts = localhost
user = postfix
password = postfix
dbname = postfix
query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'

We need to touch a file. So type the follwoing.
> touch /etc/postfix/virtual_regexp

Configure Vacation Email Functionallity

Lets finish the postfix configuration with vacation mail. Don't forget to fill in your domain name where needed. Type the following:
> useradd -r -d /var/spool/vacation -s /sbin/nologin -c "Virtual vacation" vacation
> mkdir /var/spool/vacation
> chmod 770 /var/spool/vacation
> cp /usr/share/postfixadmin/VIRTUAL_VACATION/vacation.pl /var/spool/vacation/
> echo "autoreply.yourdomain.com vacation:" > /etc/postfix/transport
> postmap /etc/postfix/transport
> chown -R vacation:vacation /var/spool/vacation
> echo " autoreply.yourdomain.com" >> /etc/hosts
> mkdir /etc/postfixadmin

Create /etc/postfixadmin/vacation.conf with the following:

# ========== begin configuration ==========
$db_type = 'mysql';
$db_username = 'user';
$db_password = 'password';    
$db_name     = 'postfix';    
$vacation_domain = 'autoreply.example.org';  

Configuring Dovecot

Now for the dovecot config file. Dovecot now uses multiple config files to break things up. We're going to only use a couple config files. So cut and paste the following files.
> mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.save
> nano -w /etc/dovecot/dovecot.conf

## Dovecot config file

protocols = imap pop3 lmtp sieve
auth_mechanisms = plain login
passdb {
  driver = sql
  args = /etc/dovecot/dovecot-mysql.conf
userdb {
  driver = prefetch
userdb {
  driver = sql
  args = /etc/dovecot/dovecot-mysql.conf
mail_location = maildir:/home/vmail/%d/%n
first_valid_uid = 101
#last_valid_uid = 0
first_valid_gid = 12
#last_valid_gid = 0
#mail_plugins =
mailbox_idle_check_interval = 30 secs
maildir_copy_with_hardlinks = yes
service imap-login {
  inet_listener imap {
    port = 143
  inet_listener imaps {
    port = 993
    ssl = yes
service pop3-login {
  inet_listener pop3 {
    port = 110
  inet_listener pop3s {
    port = 995
    ssl = yes
service lmtp {
  unix_listener lmtp {
    #mode = 0666
service imap {
  vsz_limit = 256M
service pop3 {
service auth {
  unix_listener auth-userdb {
    mode = 0666
    user = vmail
    group = mail

  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
service auth-worker {
service dict {
  unix_listener dict {
    mode = 0666
    user = vmail
    group = mail
service managesieve-login {
  inet_listener sieve {
    port = 4190
  service_count = 1
  process_min_avail = 0
  vsz_limit = 64M
service managesieve {
ssl = yes
ssl_cert = </etc/pki/tls/certs/your-server.your-domain.tld.crt 
ssl_key = </etc/pki/tls/private/your-server.your-domain.tld.key
ssl_verify_client_cert = no
#ssl_ca =
lda_mailbox_autocreate = yes         
lda_mailbox_autosubscribe = yes
protocol lda {
  mail_plugins = quota sieve
  postmaster_address = postmaster@your-domain.tld
protocol imap {
  mail_plugins = quota imap_quota trash
  imap_client_workarounds = delay-newmail
lmtp_save_to_detail_mailbox = yes
protocol lmtp {
  mail_plugins = sieve
protocol pop3 {
  mail_plugins = quota
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
protocol sieve {
  managesieve_max_line_length = 65536
  managesieve_implementation_string = Dovecot Pigeonhole
  managesieve_max_compile_errors = 5
dict {
  quotadict = mysql:/etc/dovecot/dovecot-dict-quota.conf
plugin {
  quota = dict:user::proxy::quotadict
  acl = vfile:/etc/dovecot/acls
  trash = /etc/dovecot/trash.conf
  sieve_global_path = /home/sieve/globalfilter.sieve
  sieve = ~/dovecot.sieve
  sieve_dir = ~/sieve
  sieve_global_dir = /home/sieve/
  #sieve_extensions = +notify +imapflags
  sieve_max_script_size = 1M
  #sieve_max_actions = 32
  #sieve_max_redirects = 4

Now for trash.conf
> nano -w /etc/dovecot/trash.conf

1 Spam
# Uncomment if you want trash as well
# 2 Trash

Next we configure Dovecot to access mysql. Create the following file.
NOTE: password_query and user_query were formatted to fit on the webpage. Each one should only be one line in the file.

driver = mysql
connect = host=localhost dbname=postfix user=postfix password=yourpassword
default_pass_scheme = MD5-CRYPT

# following should all be on one line.
password_query = SELECT username as user, password, concat('/home/vmail/', maildir) as userdb_home, 
concat('maildir:/home/vmail/', maildir) as userdb_mail, 101 as userdb_uid, 12 as userdb_gid FROM mailbox 
WHERE username = '%u' AND active = '1'

# following should all be on one line
user_query = SELECT concat('/home/vmail/', maildir) as home, concat('maildir:/home/vmail/', maildir) as mail, 
101 AS uid, 12 AS gid, CONCAT('*:messages=10000:bytes=', quota) as quota_rule FROM mailbox WHERE 
username = '%u' AND active = '1'

and /etc/dovecot/dovecot-dict-quota.conf

connect = host=localhost dbname=postfix user=postfix password=password
map {
  pattern = priv/quota/storage
  table = quota2
  username_field = username
  value_field = bytes
map {
  pattern = priv/quota/messages
  table = quota2
  username_field = username
  value_field = messages

Finally set Dovecot to boot at startup.

Now Create the sieve filter for SPAM filtering.
> mkdir /home/sieve
> nano -w /home/sieve/globalfilter.sieve
> chown -R vmail:mail /home/sieve

require "fileinto";
  if exists "X-Spam-Flag" {
          if header :contains "X-Spam-Flag" "NO" {
          } else {
          fileinto "Spam";      
  if header :contains "subject" ["***SPAM***"] {
    fileinto "Spam";      

Configuring Roundcube mail

Edit the roundcube apache config file to look like the following:
>nano -w /etc/httpd/conf.d/roundcubemail.conf

# Round Cube Webmail is a browser-based multilingual IMAP client

# Force https here instead of in Round Cube 
RewriteEngine On

# This checks to make sure the connection is not already HTTPS
RewriteCond %{HTTPS} !=on 

# These rules will redirect all users who are using any part of /secure/ to the same location but using HTTPS.
# i.e.  http://www.example.com/secure/ to https://www.example.com/secure/
RewriteRule ^/?roundcubemail/(.*) https://%{SERVER_NAME}/roundcubemail/$1 [R,L]
RewriteRule ^/?webmail/(.*) https://%{SERVER_NAME}/webmail/$1 [R,L]

Alias /roundcubemail /usr/share/roundcubemail
Alias /webmail /usr/share/roundcubemail

<Directory /usr/share/roundcubemail/>
        Order Deny,Allow
        Deny from all
        Allow from all
        php_value suhosin.session.encrypt Off 

Create the database for roundcube.
> mysql -u root -p -e "CREATE DATABASE roundcubemail;"
> mysql -u root -p -e "GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost IDENTIFIED BY 'password';"

Create the tables.
> mysql -u root -p roundcubemail < /usr/share/doc/roundcubemail-0.5.4/SQL/mysql.initial.sql

Edit /etc/roundcubemail/db.inc.php and find the line:

$rcmail_config['db_dsnw'] = 'mysql://roundcube:pass@localhost/roundcubemail';

Change 'pass' to your passowrd.

Edit /etc/roundcubemail/main.inc.php and find the lines and make the changes below:


$rcmail_config['default_host'] = '';

change to:

$rcmail_config['default_host'] = 'localhost';


$rcmail_config['smtp_server'] = '';

change to:

$rcmail_config['smtp_server'] = 'localhost';


$rcmail_config['force_https'] = false;

change to:

$rcmail_config['force_https'] = true;


$rcmail_config['plugins'] = array();

change to:

$rcmail_config['plugins'] = array('managesieve');


$rcmail_config['quota_zero_as_unlimited'] = false;

change to:

$rcmail_config['quota_zero_as_unlimited'] = true;

Now lets configure the manage sieve plugin.
> cd /usr/share/roundcubemail/plugins/managesieve/
> cp config.inc.php.dist config.inc.php

Edit config.inc.php and change the following:

$rcmail_config['managesieve_port'] = 2000;


$rcmail_config['managesieve_port'] = 4190;

Restart apache.
> service httpd restart

Configuring the Little Things That Drive You MAD

Be sure your /etc/hosts looks similar to the following.

# Do not remove the following line, or various programs
# that require network functionality will fail.       localhost   host.domain.com

Preparing and Testing the Postoffice

First things first. Reboot the system. If everything went well we all should be at the same point.

No errors? Lets keep going.

Setup a test domain and account. Setup your favorit mail client and send some test emails.

Setting up Spam and Virus Filtering (Optional)

Lets cover installing and configuring spam and virus filtering. Optional? Huh? Some people use a 3rd party or use a seperate server for filtering.

Here's the clamav config file. Replace /etc/clamd.conf with the following:

## Cconfig file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.

# Logfile
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 20M
LogTime yes
LogSyslog yes

# Pid
PidFile /var/run/clamav/clamd.pid

# Paths
TemporaryDirectory /var/tmp
DatabaseDirectory /var/clamav
LocalSocket /var/run/clamav/clamd

# Sets the group ownership on the unix socket.
# Default: disabled (the primary group of the user running clamd)
#LocalSocketGroup virusgroup

# Misc
FixStaleSocket yes
TCPSocket 3310
MaxConnectionQueueLength 50
MaxThreads 50
ReadTimeout 240
User clamav
AllowSupplementaryGroups yes

# Exe
ScanPE yes
ScanELF yes
DetectBrokenExecutables yes

# Docs
ScanOLE2 yes
ScanPDF yes

# Mail
ScanMail yes
PhishingSignatures yes
PhishingScanURLs yes

# Data Loss Prevention (DLP)

# Enable the DLP module
# Default: No
#StructuredDataDetection yes

# This option sets the lowest number of Credit Card numbers found in a file
# to generate a detect.
# Default: 3
#StructuredMinCreditCardCount 5

# This option sets the lowest number of Social Security Numbers found
# in a file to generate a detect.
# Default: 3
#StructuredMinSSNCount 5

# With this option enabled the DLP module will search for valid
# SSNs formatted as xxx-yy-zzzz
# Default: yes
#StructuredSSNFormatNormal yes

# With this option enabled the DLP module will search for valid
# SSNs formatted as xxxyyzzzz
# Default: no
#StructuredSSNFormatStripped yes

# Archives
ScanArchive yes
ArchiveBlockEncrypted no

Configure Razor. Type the following:
> razor-admin -register -user=some_user -pass=somepas

Update and restart clamav:
> freshclam
> service clamd restart

Configuring Amavisd-new

You need to edit /etc/amavisd.conf
Here is a list of items you should change. just scroll through the file to find each item.

  • $mydomain = 'example.com'; # set to your domain name
  • $log_level = 1; # set the log leve to one
  • $sa_tag_level_deflt = -99; # i want to see the headers so change to -99
  • $sa_tag2_level_deflt = 5.0; # start with 5
  • $sa_kill_level_deflt = 9; # change to 9
  • $sa_dsn_cutoff_level = 9; # change to 9
  • $sa_quarantine_cutoff_level = 50; # remove the starting # and change to 50
  • $myhostname = 'lightning.campworld.net'; # remove the starting # and enter your host name
  • $notify_method = 'smtp:[]:10025'; # uncomment the line
  • $forward_method = 'smtp:[]:10025'; # uncomment the line
  • $final_banned_destiny = D_DISCARD; # change to D_DISCARD

Now enable clamav:
Change the following:

# ### http://www.clamav.net/
# ['ClamAV-clamd',
#   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
#   qr/\bOK$/m, qr/\bFOUND$/m,
#   qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],


 ### http://www.clamav.net/
   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
   qr/\bOK$/m, qr/\bFOUND$/m,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],

Now update spamassassin and start amavisd-new.
> sa-update
> service amavisd-new start

Be sure to set amavisd-new to start at boot.

Telling Postfix to Start Filtering SPAM

To get postfix going we need to un-comment a couple lines in /etc/postfix/master.cf

smtp      inet  n       -       n       -       -       smtpd
#  -o content_filter=smtp-amavis:
#  -o receive_override_options=no_address_mappings

Change to:

smtp      inet  n       -       n       -       -       smtpd
  -o content_filter=smtp-amavis:
  -o receive_override_options=no_address_mappings

Restart postfix and you're done.

Using The Roundcubemail Password Plugin (Optional)

Let your users change their password using roundcubemail instead of postfixadmin.

Edit /etc/roundcubemail/main.inc.php and find the lines and make the changes below:


$rcmail_config['plugins'] = array('managesieve');

change to:

$rcmail_config['plugins'] = array('managesieve','password');

Now lets configure the password plugin.
> cd /usr/share/roundcubemail/plugins/password/
> cp config.inc.php.dist config.inc.php

Edit config.inc.php


$rcmail_config['password_db_dsn'] = '';

change to:

$rcmail_config['password_db_dsn'] = 'mysql://postfix:your-postfixadmin-password@localhost/postfix';


$rcmail_config['password_query'] = 'SELECT update_passwd(%c, %u)';

change to:

$rcmail_config['password_query'] = 'UPDATE mailbox SET password=%c WHERE username=%u limit 1;';

Restart apache.
> service httpd restart

Notes About Security And Clear Text Passwords From Mail Clients

My howto has been written to allow clear text passwords. This can and does cause security problem of sending of clear text passwords through the internet. This covers sending of the password from the client to the server. Passwords are stored in the database encrypted.

The configuration doesn't require clients to use SSL/TLS. If you use SSL/TLS then the passwords are encrypted in the SSL connection. POPS, IMAPS and SMTPS all use SSL/TLS connection. So as long as your client supports secure connections to the mail server your clear text passwords will be secure.


With a bit of work you come out with a robust server.


Add Comment 
Sign as Author 
Enter code 149

Jaysen Johnson Spokane?23 May 2015, 00:39

For those having trouble getting aliases to work. Here is what I did.

In the postfix main.cf I changed the following line from:

virtual_alias_maps = hash:/etc/postfix/virtual


virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf

Save the file and restart postfix then aliases should work.

your name?24 April 2015, 12:40

your amavisd-new configuration will never work clamav is not created when it is installed

Ivan?15 April 2015, 19:23

Got this working on Centos 6.6.

In order for Roundcube to display the quota properly, I removed the following lines from dovecot.conf:

userdb {

   driver = prefetch


Many thanks!

Steve?12 March 2015, 09:15

To people getting a config.inc.php CONFIGURATION ERROR, ensure that the roundcubemail config.inc.php has the correct permissions; mine was not initially in the apache group, a simple chgrp apache config.inc.php solved the problem

12 March 2015, 05:36

Very good

mpgjunky?20 February 2015, 04:17


It's a great article, job well done. However, I must confess it is rather out of date, especially if running on Centos 6.6 or 7.0.

Any chance for an update? Perhaps address some problem like with razor-agents not being available in epel, and the missing postfix + ssl section?

Just like Werner, I managed to get it working, finally, but it did take about a full day taking into account all sorts of errors I encountered on the way - permissions, paths (I changed to /var/vmail, instead of /home), etc.

I didn't manage to get razor to register, got an error about user already exists, but at that point I simply had enough of it (razor) and skipped it.

Also, if you could add two new sections: DomainKeys and SPF, that would make it just about complete.

Once again, thanks for the effort, and keep up the good work. And ignore all the idiots that complain, they are not the effort it takes to reply.

Cheers, Mike.

29 January 2015, 14:42

Excellent WORK !!! CONGRATULIATION!! i've see you guide, but when restarted server .. ROundcube mail said me that can you help ?


config.inc.php was not found. Please read the INSTALL instructions!

werner?28 January 2015, 06:01

THX - Working with few optimizations on CentOS 6.6 like charm.

rcamp?27 January 2015, 10:28

An updated howto is coming shortly. Items from the comments are being tested and added.

On security: This is not a how to secure your server howto. The goal is to get you a working configuration. Once your server works then you turn on all the security features you want. There are many of you that due to where your server is you have to do security first.

My security: My servers are setup in an isolated test environment. When complete they are secured and then deployed into productions. All my servers sit behind hardware firewalls.

Remember, before you expose the server to the internet be sure to secure it.

DennyV?20 December 2014, 18:40

Hello, Excellent work!

Note that if spamassassin doesn't doesn't consider the message as spam, then the "X-Spam-Flag" is not added to the header.

So, "X-Spam-Flag" "NO" will never match in the sieve.

Grant Pasley?08 December 2014, 17:16

hi there - wonder if anyone can assist me please? everything is working like a bomb, i import my imap account from another server using imapsync and thereafter i get error "failed to store into mailbox 'INBOX': Quota exceeded (mailbox for user is full)"

I have all quotas set to 0 in postfixadmin and the mysql db shows quota 0 as well, so does rondcubemail web interface????


Robert Moskowitz?21 November 2014, 11:22

Well did that come across messed up...

@lookup_sql_dsn = ( ['DBI:mysql:database=postfix;host=;port=3306', 'postfix', 'mailserv'] );

$sql_select_white_black_list = undef;

$sql_select_policy = 'SELECT "Y" as local, 1 as id FROM domain WHERE CONCAT("@",domain) IN (%k)';

Robert Moskowitz?21 November 2014, 11:19

Your amavis-new setup is missing the mysql support for virtual domains that are not subdomains.

You need the following lines in amavis.conf:

@lookup_sql_dsn =

   ( ['DBI:mysql:database=postfix;host=;port=3306', 'postfix', 'password'] );

$sql_select_white_black_list = undef; $sql_select_policy = 'SELECT "Y" as local, 1 as id FROM domain WHERE CONCAT("@",domain) IN (%k)';

Alex?13 October 2014, 07:14

It's possible to add quota support for this configuration? Thanks

hari?08 October 2014, 20:26

work great on centos 7. eoundcube quota not shown corectly, though.

JJ?18 September 2014, 14:09

This is a pretty good guide. Everything works on CentOS 6.5 for the most part minus a few things I am trying to work out. (ie: roundcube quotas not showing correctly, had to add an exclusion for perl-Razor-Agent in the epel.repo since razor-agents demands the older version provided by RPMForge.) Those who couldn't get it working need to learn how to read and those who get pissed and blame the author for "fucking up their servers" are just plain IDIOTS and should NEVER touch a Linux system.

If anyone has found a solution to the quota display issue in roundcube, please do post it.


zenek?03 August 2014, 16:04

Works perfect in centos 6.5, with changes: in repos and main.cf:

virtual_minimum_uid = 1

Somebody?28 July 2014, 07:16

Works perfect in centos 6.5

sIiiS?12 July 2014, 23:41

not work in CentOS 6.5 !

aGenius?19 June 2014, 06:33

@Author 16 May 2014, 22:18.... where does it say to disable selinux or iptables? Guess you must have read a different tutorial than I did....

@Mousepad 09 April 2014, 17:43.... Funny, because I'm running basically this on TWO centos6.5 machines. Maybe you missed the memo, but a general writeup is not for you to straight up duplicate. Learn what the author did and WHY he did it, then duplicate it with *adjustments* for your specific needs and system variation. If you just blindly copy and paste, then how do you know that you aren't creating a new spam zombie for china?

Author?16 May 2014, 22:18

This installation is EXTREMELY INSECURE!!!

By disabling SELinux and IPtables you've turned off two of the better security features of your server just to get this to work. Bad, very bad.

There are better guides on the Internet that actually focus on securing your server versus "getting it to work".

Mousepad?09 April 2014, 17:43

Nice tutorial, but I will state this: Thanks for fucking up my server. This does NOT work on CentOS 6.5 AT ALL!!! I did everything you stated, and here I am, an hour later, still fixing dependencies.

Securityconsultants?15 March 2014, 17:57

Regarding "Next we'll configure the mail store directory. We put it in the /home directory to make backups and other item easy." --- not a helpful idea. On most internet servers, the "/home" directory is not even used. Server operational data is always in the /var partition, both by convention, and for convenience.

Gxipsiga?14 March 2014, 20:22

Is it just embarrassment over sharing such details, it has all been eliminated for you.,

Qsoieovt?14 March 2014, 17:17

Unless and until there is any Help2013 wonderful.,

Ouaevtbv?14 March 2014, 13:10

Additionally there a number of specific forms helpful deals and it would certainly let you get rid of your problems without any delay.,

Hqcosijs?14 March 2014, 09:55

There are more people than you might think Simply Faster 1 Minutes.,

Prcbgjce?14 March 2014, 06:48

The repayment period being 5 to no doc house loan to look at longer than a regular loan.,

Zomqfmrz?13 March 2014, 21:49

You should not be house, this has been their home.,

Mkryedjw?13 March 2014, 18:35

No Faxing No laws and rules and rules and rules and authentication.,

Bsqedxav?13 March 2014, 15:29

Approximately 11% of California households, including 25% of Latino and of ten reasons why consumers actually chose to take out a pay day online loan.,

Nqmajisx?13 March 2014, 12:08

You also can contact creditors to operate out do that these financial arrangements necessary to make an online application form.,

Evrlunht?13 March 2014, 09:00

Student loans are often defined as a credit of attending the regular bills.,

agenius?11 March 2014, 19:31

Also, I didn't like how it would vaporize entire messages with infected attachments. If somebody deliberately sends a message without knowing that it is infected, they wouldn't know that the message wasn't delivered, and neither would the recipient. In amavisd.conf, setting $final_virus_destiny = D_PASS; allows it to go through a 'defang' instead of a delete. It is stripped of infected attachments, headers added identifying what was done and why, and the subject is modified to include ***INFECTED***. This is a much better policy than just deleting it, because you can (a) inform the sender of their infection, and (b) make alternative arrangements to obtain the data if it is important.

agenius?11 March 2014, 15:53

Couple of small glitches... 1: SMTP over SSL... add to postfix master.cf: smtps inet n - n - - smtpd

  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

2: Having a user-defined sieve script will cancel out the global script for redirecting spam. In the dovecot.conf, get rid of the sieve_global_path and sieve_global_dir, and instead use: sieve_before = /path/to/global.sieve -- what this will do is make sure that the global script runs before any user scripts, which allows the spam redirecting to actually work.

Leonardo?08 March 2014, 21:28

Im Getting this:

Mar 9 00:25:53 mailmartins dovecot: auth: Error: Error in configuration file /etc/dovecot/dovecot-mysql.conf line 7: Expecting '=' Mar 9 00:25:53 mailmartins dovecot: master: Error: service(auth): command startup failed, throttling Mar 9 00:25:53 mailmartins dovecot: log: Error: service(auth): child 1647 returned error 89 (Fatal failure) Mar 9 00:25:53 mailmartins postfix/smtpd[1644]: fatal: no SASL authentication mechanisms Mar 9 00:25:54 mailmartins postfix/master[1048]: warning: process /usr/libexec/postfix/smtpd pid 1644 exit status 1 Mar 9 00:25:54 mailmartins postfix/master[1048]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling

Can someone Help me please?

Leonardo?08 March 2014, 21:28

Im Getting this:

Mar 9 00:25:53 mailmartins dovecot: auth: Error: Error in configuration file /etc/dovecot/dovecot-mysql.conf line 7: Expecting '=' Mar 9 00:25:53 mailmartins dovecot: master: Error: service(auth): command startup failed, throttling Mar 9 00:25:53 mailmartins dovecot: log: Error: service(auth): child 1647 returned error 89 (Fatal failure) Mar 9 00:25:53 mailmartins postfix/smtpd[1644]: fatal: no SASL authentication mechanisms Mar 9 00:25:54 mailmartins postfix/master[1048]: warning: process /usr/libexec/postfix/smtpd pid 1644 exit status 1 Mar 9 00:25:54 mailmartins postfix/master[1048]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling

Can someone Help me please?

Richard?06 March 2014, 09:14

Help, Did the install. Did config up to postfix. Went to postfix setup. All is fine, created superadmin account. Log into "Mail admins login here" enter email and pass for superadmin

Does not state user or pass is wrong just goes back to a fresh login page.

User (email) and pass are in the postfix database.

Any Idea?

Ray?23 February 2014, 07:50

I followed the instructions and everything works great :). Only problem is that I cannot connect from iPhone mail client to the mail server with SSL/TLS. Any idea why? I might have missed something.

Jorge?20 February 2014, 05:51

Complete settings to Rouncube and it works, thanks. The problem is that roundcube does not show the date. Any idea?

Ikdsrsae?14 February 2014, 12:52

He's been writing textbooks for about half the housing market are pretty cheap., <a href="http://paydayloansuk1.com/">Payday Loans</a>, >:D,

Oxlrmxgy?12 February 2014, 20:53

, <a href="http://stargatelegacy.net/">Online casino</a>, 710,

Ckzmkuec?07 February 2014, 01:09

Everyone is under such enormous levels of termination of deposit insurance., <a href="http://monkey-payday3.co.uk/">short term loan</a>, 369391,

Dgrvedado?03 February 2014, 12:23

How can comunicate whit the autor of this manual?

wotjek?31 January 2014, 04:02

thanks, you saved my day :)

Nick?20 January 2014, 09:26

I'm not sure if it gets installed as a default, or as part of your base server setup, but the https part of apache won't work until you 'yum install mod_ssl' and add the key and crt lines in there.

Coco?04 January 2014, 01:09

On CentOS 6.5 yum install dovecot 2.0.9 witch have in /etc/dovecot/conf/ 24 config files. Can yu update yout tut. Tnx a lot

zzman?29 December 2013, 19:29

Just wanted to update... I found the issue for future reference. I simply forgot to add the semi-colon (;) after the plugins.

Everything is working now. Sometimes you just need fresh eyes to read a config.

zzman?18 December 2013, 01:01

I am getting a blank page when I go to the rouncube website (site.com/webmail). I had to disable all plugins in order for roundcube to display.

Found this error by reading the /var/log/httpd/ssl_error_log

To disable them I commented out this line #$rcmail_config['plugins'] = array('managesieve','password') in this file: /etc/roundcubemail/main.inc.php

Am I missing something?

juangcqwvr?23 November 2013, 07:58

ipangsan?13 November 2013, 22:40

HI BigBin.. Thank for advice, i think dovecot is run very well, but how to started certificate services.? FYI, i create cert self with openssl, when i create with genkey its error..

biggbin?07 November 2013, 15:36

@Ivanova - Certs can be created using genkey or openssl. Where as for roundcube, check the roundcube logs to findout any errors on db level.

biggbin?07 November 2013, 15:34

@ipangsan - Check the dovecot service. May be because of certificate it might have not started. This solution worked like a charm for me!!!

ipangsan?01 November 2013, 09:54

Awsome tutz.. i`ve create 1 and successfully untill create domain on mailadmin, but when i try to open the user domain has been created, into webmail, here is error message, "Connection to storage server failed.".. Please Help

aa?31 October 2013, 10:47


Ivanova?24 October 2013, 02:48

I know how to create files. I created mailbox in postfixadmin panel, and goto the roundcubemail, but i can not login, on screen error: Invalid request! No data was saved. What do i need? Thank!

Ivanova?24 October 2013, 02:14

Hello, thank for your post. But i don't know how to create files: /etc/pki/tls/private/mail.example.com.key, /etc/pki/tls/certs/mail.example.com.crt in file config main.cf and files: /etc/pki/tls/certs/your-server.your-domain.tld.crt, </etc/pki/tls/private/your-server.your-domain.tld.key in dovecot.conf. Thank!

Ashok Pancharya?15 October 2013, 05:24

I am back with the next set of issues that I faced and how I resolved them. The issues surfaced when I was setting up the spam and virus filtering. Setting up of spam and virus filtering optional of course.

1. When I ran the "freshclam" command the system told me that my Clam Anti Virus is outdated. I did "yum update clamav"

2. After I updated and tried to start clamd service, the system said this: Starting Clam AntiVirus Daemon: LibClamAV Warning: Detected duplicate databases /var/clamav/main.cvd and /var/clamav/main.cld, please manually remove one of them

By looking at the date I had main.cvd (older) and I manually removed it.

3. Now the the service clamd start tells me this:

Starting Clam AntiVirus Daemon: ERROR: Can't get information about user clamav.

I checked the passwd and group files and I see that there is no user or group called clamav - however I did see the clam user and clam group.

I modified the /etc/clamd.conf file by changing the line

user clamav to user clam

4. The next "service clamd start" attempt give me the following error:

Starting Clam AntiVirus Daemon: LibClamAV Error: cl_load(): Can't get status of /var/clamav ERROR: Can't get file status


To get past the above error I changed the /etc/clamd.conf file as follows:

change line DatabaseDirectory /var/clamav to DatabaseDirectory /var/lib/clamav

(This is how it was in the originally installed file).

Now clamd is successfully started.

Ashok Pancharya?15 October 2013, 02:42

This is a truly great tutorial. Thanks a lot to the author. I know it is a lot of hard work to produce a tutorial this extensive. I followed it and I also followed the comments by others and I implemented all of their suggestions.

I am here to add my experience. I got this error in postfix (as seen in the /var/log/maillog file):

Oct 15 15:01:02 as1 postfix/local[2544]: fatal: main.cf configuration error: mailbox_size_limit is smaller than message_size_limit

I get past this by adding this line to the /etc/postfix/main.cf file

mailbox_size_limit = 5120000000

The above mailbox size configuration was not defined so added the line making sure that the size (I chose 500 MB) is bigger than the message size (which was 20 MB).

Tim?08 October 2013, 17:06

Just another thing that seems to be missing. The vacation.pl file must have it's execute bit set.

chmod +x /var/spool/vacation/vacation.pl

Tim?08 October 2013, 16:55

This is a great tutorial, the most complete one that I could find. Thanks!

I just have a problem getting the quota to display in Roundcube, it shows unlimited no matter what the quota is set to. Quota shows correctly in Postfix admin.

Any ideas?

Achadi?05 October 2013, 18:17

hello, how if create new user for this ?

Brian?03 October 2013, 19:32

Found that genkey uses nss library that stopped supporting MD5 for a period of time. Make sure you do an "yum update" to ensure you get the nss library updates. After that the certificates worked just fine.

Andrei?08 September 2013, 00:30

First of all, thank you for the tutorial. everything works with small adjustments in Centos 6.4, except the fact that we can not send mail with outlook 2007 through smtp (with the firewall turned off on the server) and we have no errors in any of the usual logs (/var/logs/maillog, etc..). Any help would be appreciated. Thank you

UNUL?04 September 2013, 00:33

Very good tutorial I've use this 2 times and I configured successfully 2 mail servers one on centos 6.4-i386 machine other on centos 6.4-x64. Thank you very much for this. Im wondering if there are problems if I replace Mysql with Mariadb. I'll try this days and if works I'll leave a message. Thank you again.

TimOoi?24 August 2013, 04:41

Great help! it's allowed us to create a secure private server for our company! But I still have two questions: A) Could you please cover the IpTables rules? - I don't like having it turned off. B) How do I set up a Secondary / Backup / Relay server?

Roland?23 August 2013, 01:26

Why this tutorial? worst I ever seen. Installing The Software ... you missed the additional repos for this packages and most of them are not found. On postfixadmin config, you skipped the language and theme lines and it won't work. And so on.

Dgrvedado?13 August 2013, 12:36

This howto is very good. But i have some dudes!! I follow step by step, but i decline the razor confgiuration and install. I used the EPEL repositories but in this repo, razor is not present. Have the package razorqt* but i think this razor packages is not same to razor-agent. Is soo possible use some other packages?? What is the function of razor??

dk?25 July 2013, 11:42

Great HowTo!!!! I only have one issue...any thoughts?

Initialization failed: Initializing mail storage from mail_location setting failed: mkdir(/home/vmail/xxxxxxxx.com/someuser) failed: Permission denied (euid=101(vmail) egid=12(mail) missing +w perm: /home/vmail, euid is not dir owner)

Mac?30 June 2013, 14:51

I continue to get a SERVICE CURRENTLY NOT AVAILABLE Error 500 when trying to log into roundcubemail. Of course, roundcubemail has been updated to 0.8-something instead of the 5 here... any ideas?

StevenA?26 June 2013, 13:00

get, check the end of your log file /var/log/maillog and see if it shows any errors sending the mail outside of your server, if you have an error saying "No route to host", look at my previous post below (13 June). That was a problem I was having.

Gerard?25 June 2013, 02:59

no matter what I do I get the following error.

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virtual_mailbox_limit_maps=proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf

Does anyone have any ideas about this one?

get?21 June 2013, 08:49

hi, i followed your setup and now the email server works great, but it cant sent mails outside his own virtualdomains...

StevenA?17 June 2013, 14:52

Gerard, check your etc/postfix/main.cf, the transport shouldn't be pointing to private/dovecot, but just dovecot. that's just my guess from the errors given.

Gerard?17 June 2013, 09:07

I keep getting the following error...

Jun 17 17:06:22 mail postfix/qmgr[12063]: warning: connect to transport private/dovecot: No such file or directory

Jun 17 17:06:22 mail postfix/error[18590]: 2F127460075: to=<name@example.com>, relay=none, delay=0.23, delays=0.18/0/0/0.05, dsn=4.3.0, status=deferred (mail transport unavailable)

Any idea why?

Gerard?17 June 2013, 09:05

genkey issue? Here is a bug report on it https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=921108

and here is hwo I got it working...

export NSS_HASH_ALG_SUPPORT=+MD5 yes | /usr/bin/keyutil -c makecert -g 2048 -k /etc/pki/tls/private/mail.example.com.key -s "CN=mail.example.com, O=Example" -v 36 -a -o /etc/pki/tls/certs/mail.example.com.crt 2>&1 | tail -n 7

StevenA?13 June 2013, 12:42

Great howto, just wanted to chime in and point out if anyone is using a dedicated host, and having trouble with outgoing mail, i.e. getting "No route to host" notifications in their maillog, they may need to check with their provider on whether they have to use a dedicated relay host. If so just add a line to their /etc/postfix/main.cf like: relayhost = [relayhost.provider.net] Hope that helps

FrankA?09 June 2013, 03:33

Hi, genkey is not working in centos 6.4 would it be possible to provide a workaround?

Seba?03 June 2013, 12:15

If you have multiple domains on the server, you'll have some errors and script output as text when you want to access yourotherdomain.tld/mailadmin/ or /roundcubemail/

MR?01 June 2013, 14:44

Great website. I'm mostly through but I'm getting a looping URL for webmail so I have to track that down.

I had to yum install -y php-suhosin since it was not installed on a fresh box.

rcamp?07 April 2013, 09:45

Important for CentOS 6.4

There is a problem with roundcubemail and mcrypt. Well there is a configuration file that needs to be changed. The issue is with php.

nano -w /etc/php.d/mcrypt.ini

Change: extension=module.so

to: extension=mcrypt.so

Hector?21 March 2013, 18:10

Hi, I only use EPEL and Works but i install MailScanner. Thanks for the Howto.

Joe?17 March 2013, 19:17

Ok, so I finally solved it by running:

yum install amavisd-new clamav clamd --disablerepo=rpmforge --disablerepo=rpmforge-extras

Joe?17 March 2013, 19:12

Hi, I am trying this guide but I am getting the following error when I try to install the amavisd-new:

Error: Package: amavisd-new-2.8.0-4.el6.noarch (epel)

           Requires: /etc/clamd.d
           Available: clamd-0.97.6-1.el6.x86_64 (epel)
               Not found
           Available: clamd-0.96.4-1.el6.rf.x86_64 (rpmforge)
               Not found
           Available: clamd-0.96.5-1.el6.rf.x86_64 (rpmforge)
               Not found
           Available: clamd-0.97-1.el6.rf.x86_64 (rpmforge)
               Not found
           Available: clamd-0.97.1-1.el6.rf.x86_64 (rpmforge)
               Not found
           Available: clamd-0.97.2-1.el6.rf.x86_64 (rpmforge)
               Not found
           Available: clamd-0.97.3-1.el6.rf.x86_64 (rpmforge)
               Not found
           Available: clamd-0.97.4-1.el6.rf.x86_64 (rpmforge)
               Not found
           Available: clamd-0.97.5-1.el6.rf.x86_64 (rpmforge)
               Not found
           Available: clamd-0.97.5-2.el6.rf.x86_64 (rpmforge)
               Not found
           Installing: clamd-0.97.6-1.el6.rf.x86_64 (rpmforge)
               Not found
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

I tryied to google for help but nothing came up. Do somebody has an idea?


Erik?28 February 2013, 12:55

Really great HowTo, followed to the letter and works like a charm! Many, many thanks.

rcamp?01 February 2013, 18:27


Change your MX record from mail.example.com to server1.example.com. If mail.example.com is a CNAME to server1.example.com then you'll be having problems.

rcamp?01 February 2013, 18:18

Many errors have been corrected. Please note that TLS/SSL does work. But the alt smtps port is needed in some situations. The entry in postfixadmin for dovecot is not needed. I don't use the dovecot password encryption.

This howto doesn't work with selinux. In my base server howto I disable selinux. Se comment below.

Please start with my CentOS 6 base server howto. Things break if you don't. Due to the length of this howto I didn't want to include setting up a basic linux server. The base server howto gets all the common items setup and configured for this howto and the virtual web hosting howto.

This is a cut and past howto. I'm working to make some things a little more clear. Of coarse there are some passwords and other items you need to set. I will be working on pointing out these items better.

My testing of this howto is very in depth. I do a new install using this howto. If I find an error or change to be made I fix it and test the configuration. If I changed something during the install process then I start over with a fresh new install. I will keep re-installing until everything works.

Hope the above info helps everyone out.

Tom?27 January 2013, 10:01

My network setting is

  1. network settings

inet_interfaces = all mydomain = example.com myhostname = server1.example.com mynetworks = $config_directory/mynetworks mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain relay_domains = proxy:mysql:/etc/postfix/mysql-relay_domains_maps.cf myorigin = $mydomain

Tom?27 January 2013, 09:44

I have a problem my hostname is server1.example.com my domain is example.com my mx record is mail.example.com what should be the network setting for postfix?

Joe S?24 January 2013, 14:06

When configuring Roundcubemail /etc/httpd/conf.d/roundcubemail should be /etc/httpd/conf.d/roundcubemail.conf otherwise HTTPD will not read the config file when starting.

Brad?19 January 2013, 00:08

One more thing -- I couldn't get SSL connections to work without having postfix listening on the smtps port (465).... I added to /etc/postfix/master.cf

smtps inet n - n - - smtpd

Please note that's not a repeat -- it's the smtpS port (465).

Brad?18 January 2013, 20:17

Works great once I realized that I had to add email addresses via postfixadmin -- that would be nice to note in the instructions. A couple of other minor tweeks here or there, but A++

atodorovic?11 January 2013, 11:20

First off a big thank you for a great guide!

I'm having a bit of trouble with aliases not working on my system, checked the main config as well as the mysql file, and things look good. The aliases are also properly created via postfixadmin, and the result is correct via a manual query of the database...

However when I try a commandline check via, I get the following back:

postmap -qvvv abuse@domain.com mysql:/etc/postfix/mysql-virtual_alias_maps.cf postmap: fatal: open database abuse@domain.com.db: No such file or directory

The mailer gives a Undeliverable 500 5.1.1 error "Recipient address rejected: User unknown in virtual mailbox table".

Hasan Madni?17 December 2012, 00:08

Thanks & Great Tutorial Helping me so much iam new in iinux and now iam able to configure my mail server in linux its all up to you many many thanks and my wishes up to u

drgholland?03 December 2012, 19:18

Hats off to a fine Howto

Macaco?26 October 2012, 07:19

not working with Centos 6.3 with selinux enabled: http://bugs.centos.org/view.php?id=5831

Dijae?17 October 2012, 19:46

Hello This is great! But if someone would post the errors on the HowTo will would be perfect! Thanks

GlitchCowboy?13 October 2012, 03:34

Fabulous! Thanks for posting your work. Like others said there are a few minor tweaks here and there, but this is the particular setup I was looking for and it helps get some help going in the right direction

doncipo?12 October 2012, 14:03

Good guide, thanks. When configuring postfixadmin just make sure you put "/usr/bin/doveadm pw" instead of "/usr/sbin/dovecotpw". This is the trickiest change of all. Also clamd user should be amavis and clamd listening socket should have the same path in both clamd.conf and amavisd.conf .

slb?03 October 2012, 21:25

Currently SMTP server is listening port 25 only. How to configure the server for listening port 587?

Drakeman?13 September 2012, 09:07

Good guide, has some errors but all of them are fixable. Thanks

Greg?03 September 2012, 10:50

With basic installation I have "No package roundcubemail available. "

mobaer?25 August 2012, 10:48

I changed the SQL-statements in dovecot-mysql.conf a bit to allow login with an alias:

  1. the following alternate allows login with alias:

password_query = SELECT mb.username as user, mb.password as password, concat('/home/vmail/', mb.maildir) as userdb_home, concat('maildir:/home/vmail/', mb.maildir) as userdb_mail, 101 as userdb_uid, 12 as userdb_gid FROM postfix.mailbox mb, postfix.alias al WHERE al.address = '%u' AND al.goto=mb.username AND mb.active = '1' user_query = SELECT concat('/home/vmail/', mb.maildir) as home, concat('maildir:/home/vmail/', mb.maildir) as mail, 101 AS uid, 12 AS gid, CONCAT('*:messages=10000:bytes=', mb.quota) as quota_rule FROM postfix.mailbox mb, postfix.alias al WHERE al.address = '%u' AND al.goto=mb.username AND mb.active = '1' By the way: a good howto, helped me a lot

drakontos?10 August 2012, 07:58

performs a tail-f / var / log / maillog while doing the configuration, I served much the manual but I found several errors, but I could solve watching the maillog. Not a manual copy and paste, has the details.

Artanin?31 July 2012, 13:47

Add the commands:

chkconfig postfix on chkconfig dovecot on chkconfig saslauthd on before the reboot

deepak?23 July 2012, 07:20

i hv done so many time that conf, but its not working properly like telnet not working on 25,110,145,993 etc & user name & password not authorising with roundcube & squrrilmail

Custom Search