Global Open Versity, ICT Labs Build Secure Postfix with OpenLDAP on Linux CentOS5 v1.

Global Open Versity

IT Systems Integration Hands-on Linux Labs Training Manual

Build your own Secure Enterprise Postfix Mail Server

Powered by OpenLDAP Centralized Identity Management

Kefa Rabah
Global Open Versity, Vancouver Canada
krabah@globalopenversity.org
www.globalopenversity.org

Table of Contents Page No.

BUILD YOUR OWN SECURE ENTERPRISE POSTFIX MAIL SERVER POWERED BY

OPENLDAP CENTRALIZED IDENTITY MANAGEMENT 1
1.0 Introduction 1

Part 1: What you need to start CentOS5 Installation 5

Step 1: Install CentOS52 5

Part 2: Install & Configure DNS Server 6

Part 3: Install and Configure Postfix Server 7

Step 1: Verify that DNS is working correctly 7
Step 2: Verify if Postfix Server is installed 8
Step 3: Install & Configure Postfix with MySQL in RHEL/CentOS5 9
Step 4: Install Mail Transport Agent Switcher (MTAS) 10
Step 5: Switch to Postfix from Sendmail 10
Step 6: Configure Postfix Server 12
Step 7: Why Postfix Only Listens On the Loopback Interface by Default 13
Step 8: Test Postfix by sending mail through SMTP using Telnet 15

Part 4: Allowing Remote Access to your Mail Server using IMAP/POP 17

Step 1: Install & Configure Dovecot POP3/IMAP Server for RHEL/CentOS 5 17
Step 2: Configure Postfix with Dovecot 18
Step 3: Configure Dovecot – putting it all-together 19
Step 4: Test Dovecot POP3/IMAP 20
Step 5: Test Dovecot IMAP 21
Step 6: Configure Postfix SMTP Authentication with Dovecot 22
Step 7: Accessing your emails from Outside 22

Part 5: Configure Postfix SMTP Authentication and Dovecot SASL 23

Step 1: Configure Postfix with Dovecot SASL 23
Step 2: Test Postfix and Dovecot SASL 24

Part 6: Lock it Down with Clamd Antivirus solution 25

Step 1: Setting up Antivirus and Antispam Connectors 25

Part 7: Lock it Down with MailScanner Antivirus solution 26

1
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT106 – Postfix Mail Server Administration Training

Global Open Versity, ICT Labs Build Secure Postfix with OpenLDAP on Linux CentOS5 v1.1

Step 1: Install & Setup MailScanner on CentOS5/RHE5 26

Part 8: Install and Configure RoundCube Webmail Client 27

Step 1: Install MySQL Server 27
Step 2: Install Roundcube Webmail 27
Step 3: Create Roundcube Database 28
Step 4: Testing Roundcube Webmail 33

Part 9: Setup SquirrelMail Webmail on RHEL/CentOS 5 35

Step 1: Install SquirrelMail 35
Step 2: Testing SquirrelMail 39

Part 10: Configure Postfix to use Mail Clients 41

Step 1: Configure Postfix to use Thunderbird Mail client 41

Part 11: Install & Configure Thunderbird Mail Client 42

Step 1: Install Thunderbird Mail client 42
Step 2: Setup a new Thunderbird email account 43

Part 12: Install and Configure OpenLDAP for Identity Management 48

Step 1: Install OpnLDAP 48
Step 2: OpenLDAP Setup & Configure on Linux CentOS5 48
Step 3: Test Populate our LDAP server 50
Step 4: Configuring Directory Service (LDAP) on Thunderbird Mail client 52
Step 5: Check & Verify Directory Service (LDAP) 54

Part 13: Setup MS Outlook Mail Client 56

Step 1: Install and configure WinXP NIC 57
Step 2: Setup MS Outlook 58
Step 3: Configure the Address Book for LDAP on MS Outlook 2007 62
Step 4: Searching Contact list using LDAP powered Address Book 64

Part 14: Email Migration 66

Part 15: Summary 67

Part 16: Need More Training on Linux: 68

Postfix Server Administration Training 68

Part 17: Hands-on Lab Assignments 68

Linux Administration Training 69

A GOV Open Access Technical Academic Publications

Enhancing education & empowering people worldwide through eLearning in the 21st Century

2
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT106 – Postfix Mail Server Administration Training

Global Open Versity, ICT Labs Build Secure Postfix with OpenLDAP on Linux CentOS5 v1.1

Global Open Versity

Systems Integration Hands-on Linux Labs Training Manual

Build your own Secure Enterprise Postfix Mail Server

Powered by OpenLDAP Centralized Identity Management

By Kefa Rabah, krabah@globalopenversity.org July 10, 2010 GTS Institute

Project: This project will be run as a fully hands-on training: The main aim is to build and deploy a
secure enterprise grade Postfix mail server solution powered by OpenLDAP for centralized identity
management delivering full Addressbook & contacts search capability. The project begins with a clean
install Linux CentOS5 server. Next, students will learn to how setup Bind9 DNS server, setup and test
Postfix mail server and Dovecot (POP3/IMAP) server. Lockdown and secure mail server with Clam
AntiVirus (ClamAV) and MailScanner against malware. The next sequence of tasks involves deploying
mail clients: SquirrelMail and RoundCube for webmail access and Thunderbird mail client with LDAP
capable Addressbook. For centralized identity management and Addressbook functionality, you’ll learn
how to setup & configure OpenLDAP (LDAP) Service. For those in love with MS Outlook, you will learn
how to setup Outlook Addressbook powered by LDAP allowing for enterprise-wide email addresses
search, lookup names and other information from corporate-wide directory that are easily viewed in
Outlook. Upon completion of this hands-on training you would have gained enough skills & knowledge to
start your small business as email service provider, or become a consultant proving mail server
installation and support to small to medium business. (Note: MS Outlook is proprietary software from
Microsoft for which you must purchase and/or have legitimate license to use it, however, for the training
purposes you can download a trial copy) PREQ: Good Linux & MySQL knowledge.

1.0 Introduction
Over the last decade, the popularity of domain hosting has increased exponentially for many companies of
all sizes – and more the domain hosting solutions have come down to a level where most businesses of
all sizes can afford it. All these domains need to be hosted somewhere, but corporate-level hosting of
Web sites and mail domains can still be exorbitantly expensive for start-up and small to medium size
businesses.

Now, imagine a real world where you can use the pure raw power of Open Source Software to power your
entire messaging solutions – that is, have a fully functional suite of open source-driven services available
to your enterprise that gives, if not the full functionality of something like MS Exchange messaging, but
gives enough so that the users can interact and exchange information cleanly, without having to jump
through hoops to pay for it.

Today Open Source Software continues to open the door for companies that are looking to keep on
growing despite the current economic environment or in the very early days when there still of the days
that they will even reach the break-even point. It is a fact that many corporations are starting to consider
Open Source technologies as a way to reduce IT spending while taking advantage of existing
technologies. Just to mention a few: Starting from e.g., servers like RHEL5/CentOS, Ubuntu 10.04 LTS
(Lucid Lynx) for your base OS, then consider Bind9 to power your solid DNS server; Postfix or Sendmail

1
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT106 – Postfix Mail Server Administration Training

Global Open Versity, ICT Labs Build Secure Postfix with OpenLDAP on Linux CentOS5 v1.1

to power your messaging solutions; Alfresco ECM to power your web content management; Moodle LMS
for your eLearning, SugarCRM for your CRM solution; Joomla for CMS; ISPConfig for your ISP hosting
solution and the list goes on and on! No wonder, today, it is also a fact that more companies are widening
Open Source reach to projects that wouldn't have been considered before, opening more possibilities for
the community to spread – and we think its great opportunity that we play a major role in helping IT
professionals and small to medium businesses to harness the power of Open Source Technologies –
thereby allowing them to use the money saved in value added products thereby giving more ability to grow
faster without being bogged down with propitiatory software licensing that never stops growing.

Messaging solution isn’t good enough without a centralized identity management and authentication
solutions that would allowed for single-sign-on (SSO). The idea of a centralized general information
repository that could be used for authentication, contacts, and general configuration details is very
appealing – if you have cool dollars to spend then head straight for Windows Active Directory integrated
with Exchange server plus Outlook to power your messaging solutions. Alternatively, take a quick turn-
around and head to the Open Source Technology world and sample the world of technologies at your
finger tips – the world of freshness and pure freedom. For example, you can power your messaging
solutions with a fully functional integrated Postfix or Sendmail with Dovecot or Courier (POP3/IMAP)
servers with Mozilla Thunderbird mail client for Desktop and RoundCube or SquirrelMail for your webmail
client and; and your identity management grab OpenLDAP powered LDAP server. For a start, however,
be warned, setting up an open source powered LDAP server is not for the weak of heart! And of course,
don’t forget to install that cool DNS server powered by Bind9. And finally don’t security, disaster recovery
and business continuity aspect – for this consider IPCop Firewall, Astaro SG, or Vyatta for your security
and network protection, and the RESTORE backup for disaster recovery and you’re good to go. You’ll still
have to spend money for support and some of level of licensing – but it won’t leave a gapping crater in
your pocket!

Postfix is a free and open source mail transfer agent (MTA), a computer program for the routing and
delivery of email. It is intended as a fast, easy-to-administer, and secure alternative to the widely-used
Sendmail MTA. One of the biggest strengths of Postfix is its resilience against buffer overflows. Another
one is its handling of large amounts of e-mail Postfix is built as a cooperating network of different
daemons. Each daemon fulfills a single task using minimum privileges. In this way, if a daemon is
compromised, the impact remains limited to that daemon and cannot spread throughout the entire system.
There is only one process with root privileges (master), and a few (local, virtual, pipe) that actually write to
disk or invoke external programs. Most daemons can be easily chrooted and communicate through
named pipes.

With the current tremendous growth of the Internet, e-mail has also quickly become the main vehicle to
spread information through corporate users and the public at large. As the demand for fast, cheap and
reliable e-mail grows, more individuals and business large and small are turning to open source Linux to
provide a fast, cheap and reliable solution. And Postfix is at the forefront of this cool messaging
technology and it can be easily scaled-up. One of the best solutions is using virtual hosting, which allows
multiple domains to be housed on a single server or server cluster. This is a valuable strategy for both a
large company with the hardware and bandwidth to host hundreds of domains and a small business with a
mere two domains to control its hosting solution with ease. In this Hands-on Lab session, we’ll take a look
at how to configure Postfix to work on a single machine, but can also be scaled up to handle more than

2
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT106 – Postfix Mail Server Administration Training

Global Open Versity, ICT Labs Build Secure Postfix with OpenLDAP on Linux CentOS5 v1.1

one domain. There will be need to lock it down from security point of view. Also we’ll give our users’ ability
to access their email using SquirrelMail Webmail client via Dovecot POP/IMAP server.

Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems, written primarily with
security in mind. Apple Inc. includes Dovecot for email services in Mac OS X 10.6 Snow Leopard Server.
Developed by Timo Sirainen, Dovecot was first released in July 2002. Dovecot primarily aims to be a
lightweight, fast and easy to set up open source messaging server. It can work with standard mbox,
Maildir, and its own experimental native high-performance dbox formats. It is fully compatible with UW
IMAP and Courier IMAP servers’ implementation of them, as well as mail clients accessing the mailboxes
directly.

Dovecot also includes a Mail delivery agent (called Local delivery agent in Dovecot’s documentation), with
optional Sieve filtering support. It also supports a variety of authentication schemas for IMAP and POP
access including CRAM-MD5 and the more secure DIGEST-MD5. It’s a Mail Delivery Agent is simple and
easy to install. In this HowTo guide and lab session, we’ll explain how to set it up as an IMAP or POP3
server. For alternate IMAP/POP3 servers see Courier or Cyrus.

We also need to lockdown our Postfix server to secure our messaging server against cyber-criminals and
malwares. For this we’ll use Clamd. Clamd which comes integrated with ClamAV and Clamav-db fits the
bill for our task. It’s a multi-threaded daemon that uses libclamav to scan files for viruses. The daemon
listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand for
viruses. The daemon is fully configurable via the clamd.conf file. It reads the configuration from
/etc/clamd.conf.

Clam AntiVirus (ClamAV) is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-
mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-
threaded daemon, a command line scanner and advanced tool for automatic database updates. The core
of the package is an anti-virus engine available in a form of shared library.

MailScanner is an open source free anti-virus and anti-spam filter protecting over 5 billion e-mails every
week, for many millions of users. MailScanner is an email virus scanner, vulnerability protector, and spam
tagger. It supports the Postfix, Sendmail, Exim, Qmail, and ZMailer MTAs, and the Sophos, McAfee, F-
Prot, F-Secure, CommandAV, InoculateIT, Inoculan, eTrust, Kaspersky, Nod32, AntiVir, BitDefender,
RAV, Panda, DrWeb, ClamAV, and other anti-virus scanners.

SquirrelMail is a web-based email application started by Nathan and Luke Ehresman and written in the
PHP scripting language. It can be installed on almost all web servers as long as PHP is present and the
web server has access to an IMAP and SMTP server. SquirrelMail outputs valid HTML 4.0 for its
presentation, making it compatible with a majority of current web browsers. SquirrelMail uses a plug-in
architecture to accommodate additional features around the core application, and over 200 plug-ins are
available on the SquirrelMail website Licensed under the GNU General Public License, SquirrelMail is free
software. It is currently available in over 50 languages. SquirrelMail is included in many major GNU/Linux
distributions and is independently downloaded by tens of thousands of people every month.

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It
provides full functionality you expect from an e-mail client, including MIME support, address book, folder
3
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT106 – Postfix Mail Server Administration Training

Global Open Versity, ICT Labs Build Secure Postfix with OpenLDAP on Linux CentOS5 v1.1

manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires
a MySQL or Postgres database. The user interface is fully skinnable using XHTML and CSS 2.

Thunderbird is a free, open-source and cross-platform mail client for most operating systems including,
but not limited to, Windows, Linux and Macintosh. It is based on the Mozilla code base. It is a robust and
easy to use client, similar to competing products like Outlook Express, but with some major advantages
such as junk mail classification and security.

Mozilla Thunderbird is a fully featured, secure and very functional email client and RSS feed reader. It
also includes well functional address-book manager. It lets you handle mail efficiently and with style, and
Mozilla Thunderbird filters away junk mail too.

OpenLDAP Software is a free, open source implementation of the Lightweight Directory Access Protocol
(LDAP) developed by the OpenLDAP Project. It is released under its own BSD-style license called the
OpenLDAP Public License. LDAP is a platform-independent protocol, and is free to download and user for
your hands-Labs on projects. Today, LDAP directories and LDAP authentication have become one of the
enterprise user infrastructure cornerstones. As the enterprise has digitized and opened itself up to
customer, business partner, vendor and wide-spread employee access to pieces of most enterprise
applications, the need to know who the user is has significantly increased from a security perspective.
Who is the user trying to access an application? What is the strength of authentication by which the
application can trust the user trying to access the application? What are the user's authorization
privileges?

That is, an enterprise-wide LDAP implementation can enable almost any application, running on almost
any computer platform, to obtain information from your LDAP directory. And that directory can be used to
store a broad range of data: email address and mail routing information, HR data, public security keys,
contact lists, and much more. By making an LDAP directory a focal point in your systems integration,
you're providing one-stop shopping whenever people go looking for information within your company -
even if the primary source of the data lives elsewhere – i.e., they sign in once – via Single-Sign-On (SSO)
Identity Management – and thereafter they have access to all LDAP linked services and resources they
have permission to.

Hands-on Labs
In this Hands-on Lab session, you’ll learn how to setup virtual network on VMware (you may also use any
other virtual machines like MS VirtualPC, Linux Xen, or VirtualBox from Oracle). In this lab session, we’ll
concentrate on installing Postfix server with Dovecot server and SquirrelMail webmail client on a clean
install Linux CentOS5 Server. You will an opportunity to learn how to install and configure Webmin to help
with configuring DNS server and Dovecot. I’ll also show you how to set static IP address which is required
for successful deploying a DNS and messaging servers. Finally, we’ll go through a step-by-step process
to install and configure Postfix messaging server, Dovecot POP/IMAP server and SquirrelMail Webmail
client. You’ll also learn how to install RoundCube webmail as alternative to SquirrelMail. I’ll show how to
install and setup Thunderbird mail client as an alternative to webmail. Next we’ll implement security
measures to ensure that our messaging server is safe from cyber-criminals and malware. To give your
messaging solution some muscle, we’ll implement OpenLDAP to power our centralized identity
management. You’ll also have an opportunity to do some hands-on lab assignments at the end of the lab
session. Upon completion of the hands-on labs you’ll have gained a competency level and a capability to
4
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT106 – Postfix Mail Server Administration Training

Global Open Versity, ICT Labs Build Secure Postfix with OpenLDAP on Linux CentOS5 v1.1

be able to plan design implement and deploy an enterprise grade messaging solution using Postfix.
However, it’s important that only those who are sincere in carrying out the labs with due diligence can
reach competency level herein mentioned.

Assumptions
It’s assumed that you have a good understanding of Linux operating system and its working environment.
It’s also assumed that you know how to install and configure Linux CentOS5, if not go ahead and pop over
to Docstoc.com and check out a good Hands-on Labs training manual entitled “Install Configure and
Upgrade Linux CentOS5 Server v1.1” to get you started.

Other related articles that you may need for this Hands-on Lab session:

1. Using Webmin and Bind9 to Setup DNS Server on Linux

2. Step-by-Step Install Guide for Evolution Mail Client with Addressbook using LDAP on Linux v1.2
3. OpenLDAP for Enterprise Identity Management & SSO v1.0
4. Install Guide IPCop Firewall for Network Security with Spam and Virus Protection

Part 1: What you need to start CentOS5 Installation

1. Download the latest CentOS5 ISOs for DVD or CDs from: http://centos.org
2. A test x86 desktop computer, keyboard, monitor, mouse, and firewalled internet connection.
3. One hour of quite time and a good supply of coffee or tea – but definitely none alcoholic drink
(seriously!)

Step 1: Install CentOS52

1. Install Centos52 from DVD or CDROM configure the entire disk
2. Configure your Fully Qualified Hostname, IP address and Gateway, DNS details
3. Setup your root password
4. Setup the software. Select Server only and Customize Now
• Select only the following components:
Editors
Text base Internet
Development Libraries
Development Tools
Administration Tools
Base
System Tools

5. The system will now install and will required CDs 1-6.
6. Once the system reboots disable firewall and SElinux.
7. Make sure your /etc/hosts file has the line:

IP address and FQDN hostname (i.e. 192.168.83.21 linuxc.monstserv.com linuxc).

5
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT106 – Postfix Mail Server Administration Training

Global Open Versity, ICT Labs Build Secure Postfix with OpenLDAP on Linux CentOS5 v1.1

8. Reboot the system (for changes to take effect).

9. Then run yum update to my sure your system is fully up to date.
10. Reboot the system.
11. OS server installation complete and ready for DNS, Postfix and Dovecot servers’ installation and final
lockdown setup.

Part 2: Install & Configure DNS Server

1. For your new e-mail server to work, you must first get all the DNS issues straight as we have done in
Part 2. First, add the hostname and IP address for the new e-mail server to your DNS server and
confirm the address with nslookup and dig command as we’ll see later:

2. Webmin is the most powerful administration tool in its nature. We will use it to set up our DNS, but I
will not go over it in detail because we already know how to use other administrative tools. It is not
difficult to use because it is web based, in any event, you should know that you can use it remotely to
administrate the system. Checkout a great HowTo by the same author on Docstoc.com for the
detailed lab manual: “Using Webmin and Bind9 to Setup DNS Server on Linux”. In this Hands-on
manual you will learn how to use Webmin to setup DNS Server and mail, www and ftp aliases on
Linux CentOS5 server.

3. While here also note our hostname: linuxc.monstserv.com

4. Other servers are:

mail.monstserv.com
www.monstserv.com
ftp.monstserv.com

5. Check out /etc/hosts to ensure that you have a correct setup, in our case, it’s as follows:

# Do not remove the following line, or various programs

# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.83.21 linuxc.monstserv.com linuxc mail www ftp
::1 localhost6.localdomain6 localhost6

6. To ensure that your DNS server is installed and configured correctly, perform the following test via
dig and nslookup command:

[root@linuxc ~]# dig linuxc.monstserv.com

; <<>> DiG 9.3.4-P1 <<>> linuxc.monstserv.com

;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1096
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:

6
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT106 – Postfix Mail Server Administration Training

Global Open Versity, ICT Labs Build Secure Postfix with OpenLDAP on Linux CentOS5 v1.1

;linuxc.monstserv.com. IN A

;; ANSWER SECTION:
linuxc.monstserv.com. 38400 IN A 192.168.83.21

;; AUTHORITY SECTION:
monstserv.com. 38400 IN NS linuxc.monstserv.com.

;; Query time: 4 msec

;; SERVER: 192.168.83.21#53(192.168.83.21)
;; WHEN: Sun Oct 25 13:16:03 2009
;; MSG SIZE rcvd: 68

[root@linuxc ~]# nslookup linuxc.monstserv.com

Server: 192.168.83.21
Address: 192.168.83.21#53

Name: linuxc.monstserv.com
Address: 192.168.83.21

7. We’re good and ready to move on Part 3, Install and configure Postfix server

Part 3: Install and Configure Postfix Server

In this section, we present the steps necessary to successfully install and configure Postfix 2.6.5 on Linux
CentOS5. I have used these steps to install Postfix on several pilot testing and production servers and all
work perfectly. I hope this hands-on labs manual will save others the time of hunting around forums while
carrying out projects or for training session.

Step 1: Verify that DNS is working correctly

1. Now let’s do more tests to ensure that our DNS server is sound & solid:

[root@linuxc ~]# nslookup -sil linuxc.monstserv.com

Server: 192.168.83.21
Address: 192.168.83.21#53
Name: linuxc.monstserv.com
Address: 192.168.83.21

2. It is also important that your administrator put a reverse DNS entry to prevent delays in mail delivery.
Most modern e-mail servers use reverse lookup as a means of authentication for mail transfer. Again,
confirm this setting is correct using the nslookup command on your IP address.

[root@linuxc ~]# nslookup -sil 192.168.83.21

Server: 192.168.83.21
Address: 192.168.83.21#53
21.83.168.192.in-addr.arpa name = linuxc.monstserv.com

3. As you can see, the DNS entries are setup and working correctly, so let's move on to actually
configuring Postfix. By default, Postfix installations on CentOS5 will only allow SMTP traffic on the
localhost. The output of netstat -nl will show you all ports that have a dæmon listening; note

7
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT106 – Postfix Mail Server Administration Training

Global Open Versity, ICT Labs Build Secure Postfix with OpenLDAP on Linux CentOS5 v1.1

the line that says 127.0.0.1:25. This means the server is only listening on the loop back interface
for connections on port 25 (SMTP).

4. Finally, to test that our MX server is setup correctly, issue the following command:

[root@linuxc ~]# dig mx mail.monstserv.com

Fig. 1

5. We’re done with this section.

Step 2: Verify if Postfix Server is installed

1. You can first verify if the necessary Postfix packages are installed by running:

[root@linuxc ~]# rpm -qa | grep postfix*

2. In case you get blank result as is the case above, then Postfix is not installed. Alternatively, if you get
result then it was installed with CentOS. No worries go to Step 3.

8
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT106 – Postfix Mail Server Administration Training

Global Open Versity, ICT Labs Build Secure Postfix with OpenLDAP on Linux CentOS5 v1.1

Step 3: Install & Configure Postfix with MySQL in RHEL/CentOS5

The version of Postfix that comes with Red Hat Enterprise 5
lookups. You can build your own custom Postfix RPM or get
repository. You can also use the CentOS repository in RHEL
RHEL. This section of the hand-on labs describes how to install
from the CentOS Plus repository.
or CentOS 5 does not support MySQL
a pre-built RPM from the CentOS Plus
since CentOS is binary compatible with
Postfix with MySQL lookup table support

1. Use your favorite Text editor to edit the file /etc/yum.repos.d/CentOS-Base.repo or its
equivalent in RHEL and edit the lines below.

[base]
exclude=postfix

[update]
exclude=postfix

rpm[centosplus]
enabled=1
includepkgs=postfix

Note: If you’re using RHEL, add these lines under the centosplus section.

name=CentOS-$releasever - Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch
&repo=centosplus
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5

2. Before we proceed we need to remove the standard version of Postfix. Type:

[root@linuxc ~]# yum remove postfix

3. To install the version of Postfix found in the CentOS Plus repository, issue the command:

[root@linuxc ~]# yum install postfix -y

4. To verify MySQL support; check if mysql is found in the output; issue the command:

[root@linuxc ~]# postconf -m

btree
cidr
environ
hash
ldap
mysql

9
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT106 – Postfix Mail Server Administration Training

Global Open Versity, ICT Labs Build Secure Postfix with OpenLDAP on Linux CentOS5 v1.1

nis
pcre
pgsql
proxy
regexp
static
unix
[root@linuxc ~]#

5. You’re done with this section.

6. We’re good to go – MySQL support is included in our installed Postfix messaging server.

Step 4: Install Mail Transport Agent Switcher (MTAS)

By default, Sendmail is the active SMTP server on a Linux machine, so if you have it already installed on
your Linux box; then you need to install MTAS to switch between the messaging servers.

1. Installing and setting up Postfix SMTP Server in RHE5 or CentOS5 is easy. Postfix has secure default
settings so we just need to open it up a bit. However, in Linux distros Sendmail is the default active
SMTP server, and therefore, we need to be able to switch between Postfix and Sendmail using the
MTAS.

2. Install Mail Transport Agent Switcher (MTAS):

• If you did not add system-switch-mail and system-switch-mail-gnome during the initial CentOS
installation, you can add them now using Package Manager tool or yum command:

[root@linuxc ~]# yum install system-switch-mail* -y

Note: This should install the two required packages.

3. You’re done with this section.

Step 5: Switch to Postfix from Sendmail

Here’s how to switch between the two mail servers:

1. Click System > Administration, and click Mail Transport Agent Switcher, see Fig. 2

10
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT106 – Postfix Mail Server Administration Training

Global Open Versity, ICT Labs Build Secure Postfix with OpenLDAP on Linux CentOS5 v1.1

Fig. 2

2. This will launch the system-switch-mail window, as shown in Fig. 3. Check Postfix and then click OK.

Fig. 3

3. You should be prompted with an Alert window as shown in Fig. 4. Click OK, to switch to Postfix mail.

11
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT106 – Postfix Mail Server Administration Training

Global Open Versity, ICT Labs Build Secure Postfix with OpenLDAP on Linux CentOS5 v1.1

Fig. 4

4. You’re done with this section.

Step 6: Configure Postfix Server

Inn this section, we going configure our Postfix mail server. To do this, perform the following procedures:

1. Change to /etc/postfix directory. Use your favorite Text editor to open the file main.cf.

2. The two most basic steps in configuring a Postfix server are to modify this file to enable it to listen on
the network request and to accept mail from valid web domains bound to our domain. Also we need to
use the maildir which is a better mailbox format than mbox the default.

3. Follow the link to access the full document.

The full document has moved to Docstoc.com. You may download it from here:

http://www.docstoc.com/docs/46747838/Build-your-own-Secure-Enterprise-Postfix-Mail-Server-Powered-
by-OpenLDAP-Centralized-Id-Mgmt

-----------------------------------------------
Kefa Rabah is the Founder of Global Technology Solutions Institute. Kefa is knowledgeable in several
fields of Science & Technology, Information Security Compliance and Project Management, and
Renewable Energy Systems. He is also the founder of Global Open Versity, a place to enhance your
educating and career goals using the latest innovations and technologies.
12
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT106 – Postfix Mail Server Administration Training