Configure mail server on Centos 7 with Postfix, Dovecot, Apache, postfixadmin and Roundcube.

We starting from Centos 7 Infrastructure Server with Mail Server from Installer.
We have now:

1 – We have public IP
2 – Revers DNS for this IP
3 – Domain already bought.

Step 0. Preparing with minimal aplication to install:

yum -y install wget whois nc vim gpm ppp rp-pppoe dialog logwatch telnet nmap mutt
yum -y install epel-release
yum -y update
yum -y install perl-MailTools perl-MIME-EncWords perl-Email-Valid perl-Test-Pod dovecot dovecot-mysql  dovecot-pigeonhole  perl-Mail-Sender perl-Log-Log4perl imapsync offlineimap amavisd-new clamav perl-Razor-Agent mariadb-server opendkim vim wget crypto-utils mod_ssl.x86_64 php php-mysql php-fpm  clamav-update php-imap.x86_64 NetworkManager-tui mailx lrzip lzop lz4 arj  unzoo cabextract p7zip fail2ban php-mcrypt.x86_64
systemctl stop rpcbind
systemctl disable rpcbind

Step 1.  Setup your hostname server.
hostnamectl set-hostname
Edit you /etc/hosts to look like this
[root@mail ~]# cat /etc/hosts localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 mail

Step 2.  Test postfix local delivery
We create 2 users for local delivery test.
useradd -d /home/john -M -N -s /sbin/nologin john
useradd -d /home/mark -M -N -s /sbin/nologin mark

Now we will send a local mail.
echo Hello | mail -s test john@localhost
and will check if mail has been delivered
tail -f /var/log/maillog
Oct 21 14:55:58 localhost postfix/local[2916]: 770201440486: to=<>, orig_to=<john@localhost>, relay=local, delay=0.19, delays=0.13/0.02/0/0.04, dsn=2.0.0, status=sent (delivered to mailbox)

if works go to next step

Step 3. Setup MariaDB.
Config next /etc/my.cnf.d/server.cnf file like this:
# this is read by the standalone daemon and embedded servers
innodb_file_format = Barracuda
# this is only for the mysqld standalone daemon

Enable mariadb service
systemctl enable mariadb.service
Start mariadb database server
systemctl start mariadb.service
Secure mariadb installation

Step 4. Configure Clam Antivirus

We need to configure how clam refreshes his database
vim /etc/sysconfig/freshclam

comment or remove last line
#  FRESHCLAM_DELAY=disabled-warn    # REMOVE ME

we will make a edit clamav config file
vim /etc/freshclam.conf

comment or remove line with words   “example”.

and finally update your viruses database.

Step 5. Configure basic settings in spamassasin

Enable spamassasin service

systemctl start spamassassin.service
systemctl status spamassassin.service
systemctl enable spamassassin.service
update spamassasin definitions
 Step 6. Integrate spamassasin and clamav with amavisd.
First install some app:
yum -y install clamav clamav-devel clamav-server clamd
We need to provide some config files.
cp /usr/share/doc/clamav-server-0.99.2/clamd.sysconfig /etc/sysconfig/clamd.amavisd
We need to adapt config file to our actual configuration.
vim /etc/sysconfig/clamd.amavisd

and add to last line

We will create a couple of new files
vim /etc/tmpfiles.d/clamd.amavisd.conf
add this content
d /var/run/clamd.amavisd 0755 amavis amavis -
Edit next file
vim /usr/lib/systemd/system/clamd@.service
with this content
Description = clamd scanner (%i) daemon
After =
Type = simple
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf --foreground=yes
Restart = on-failure
PrivateTmp = true
Now we can enable clamd@amavisd service
systemctl start clamd@amavisd
systemctl enable clamd@amavisd
systemctl status clamd@amavisd
Configure amavisd service
vim /etc/amavisd/amavisd.conf
At line 16 set number of amavisd childrens.
More childres uses more ram but delivers more mail at once, one amavisd children consumes near 30% of cpu in a low end server, be careful if you receive a lot of mails at once can be a big punch in your cpu have too many childrens.
$max_servers = <number>
line 20 set $mydomain
$mydomain = ‘’;
line 152 aprox set your hostname
$myhostname= ‘’;
Start service Amavisd
systemctl start amavisd.service
Enable service
systemctl enable amavisd.service
Step 7. Enable Apache and minim config.
yum -y install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel spamassassin unzip bzip2 unrar perl-DBD-mysql
systemctl start httpd.service
systemctl enable httpd.service
Edit config file
vim /etc/httpd/conf/httpd.conf
at line 86 edit with your admin email
# ServerAdmin root@localhost
at line 152 should be
## AllowOverride None
AllowOverride All
Config php
vim /etc/php.ini
at line 763 edit like this
at line 877 edit like this
;date.timezone =
date.timezone = Europe/Berlin
And now restart apache
systemctl restart httpd.service
Step 8. Setup Postfixadmin
Download Postxiadmin
 Move file to tar.gz file
mv postfixadmin-3.0.tar.gz\?r\=https\ postfixadmin-3.0.tar.gz
Extract folder
tar -zxvf postfixadmin-3.0.tar.gz -C /var/www/html/
cd /var/www/html/
chown -R root.apache postfixadmin-3.0/
 ln -s postfixadmin-3.0/ postfixadmin
We need to create postfix user database:
mysql -u root -p
MariaDB [(none)]> create database postfix;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT all on postfix.* to 'postfix'@'localhost' identified by 'yourPASSword';
Query OK, 0 rows affected (0.00 sec)
Now we have database, edit config file:
vim /var/www/html/postfixadmin/
$CONF[‘configured’] = true;
$CONF[‘setup_password’] = ‘YOUR-STRONG-PASSWORD’;
$CONF[‘database_type’] = ‘mysqli’;
$CONF[‘database_host’] = ‘localhost’;
$CONF[‘database_user’] = ‘postfix’;
$CONF[‘database_password’] = ‘yourPASSword’;
$CONF[‘database_name’] = ‘postfix’;
$CONF[‘show_password’] = ‘YES’;
$CONF[‘page_size’] = ’30’;
$CONF[‘default_aliases’] = array (
‘abuse’ => ‘’,
‘hostmaster’ => ‘’,
‘postmaster’ => ‘’,
‘webmaster’ => ‘’
$CONF[‘domain_path’] = ‘NO’;
$CONF[‘domain_in_mailbox’] = ‘YES’;
$CONF[‘maildir_name_hook’] = ‘NO’;
$CONF[‘transport’] = ‘YES’;
$CONF[‘vacation’] = ‘YES’;
$CONF[‘vacation_domain’] = ‘’;
$CONF[‘vacation_control’] =’YES’;
If your domain do not exist, activate this
Now got to browser and type http://your-ip/postfixadmin/setup.php and setup your admin password.
Setup Postfixadmin Now login and create new domain and email http://YOUR-IP-server/postfixadmin/login.php
Step 10   Setup Dovecot.
Now we enable IMAP and POP3 service.
vim /etc/dovecot/dovecot-sql.conf.ext
# The mysqld.sock socket may be in different locations in different systems
driver = mysql
connect = host=localhost dbname=postfix user=postfix password=yourpassword
# Default password scheme.
# depends on your $CONF['encrypt'] setting:
# md5crypt  -> MD5-CRYPT
# md5       -> PLAIN-MD5
# cleartext -> PLAIN
default_pass_scheme = MD5-CRYPT
# Query to retrieve password. user can be used to retrieve username in other
# # formats also.
password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND active='1'
# Query to retrieve user information.
## user_query = SELECT maildir, 1001 AS uid, 1001 AS gid FROM mailbox WHERE username = '%u' AND active='1'
user_query = SELECT CONCAT('/var/spool/vmail/', domain,'/', maildir) AS home, CONCAT('maildir:/var/spool/vmail/',domain,'/', maildir) AS mail, 5000 AS uid, 12 AS gid, concat('dict:storage=',CAST(ROUND(quota / 1024) AS CHAR), '::proxy::quota') AS quota, CONCAT('*:storage=',CAST(quota AS CHAR), 'B') AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'
Now we edit next file:
vim /etc/dovecot/conf.d/dovecot-mysql-quota.conf.ext
connect = host=localhost dbname=postfix user=postfix password=yourpassword
map {
  pattern = priv/quota/storage
  table = quota2
  username_field = username
  value_field = bytes
map {
  pattern = priv/quota/messages
  table = quota2
  username_field = username
  value_field = messages
vim /etc/dovecot/dovecot.conf
line 24 tells dovecot what protocols  should serve
protocols = imap pop3
line 31 is what interfaces where dovecot will be listening
listen = *, ::
line 44 welcome message,
#login_greeting = Dovecot ready.
login_greeting = Server OK.
line 69 defines behavior when reboot dovecot service
shutdown_clients = yes
Edit custom logging
vim /etc/dovecot/conf.d/10-logging.conf
line 8 log file
log_path = /var/log/dovecot.log
line 32 logging verbose password for debuging
#auth_verbose_passwords = no
auth_verbose_passwords = plain
line 41 enable debug password
#auth_debug_passwords = no
auth_debug_passwords = yes
Restart dovecot
systemctl restart dovecot.service
Create user for delivery internal and log.
useradd -r -u 5000 -g mail -d /var/spool/vmail -s /sbin/nologin -c "Virtual mailbox" vmail
Create folder vmail
mkdir /var/spool/vmail
change owner of log file
chown vmail /var/log/dovecot.log
Create logrotate for dovecot
vim /etc/logrotate.d/dovecot
/var/log/dovecot.log {
/bin/kill -USR1 `cat /var/run/dovecot/ 2>/dev/null` 2> /dev/null || true
Config authenticated user
vim /etc/dovecot/conf.d/10-auth.conf
line 10 disable plain test on
disable_plaintext_auth = yes
Auth mecanism
auth_mechanisms = plain login cram-md5
and databate type user setup
#!include auth-system.conf.ext
!include auth-sql.conf.ext
Setup SSL
SSL protocols
ssl_protocols = !SSLv2 !SSLv3
SSL ciphers to use
Prefer the server’s order of ciphers over client’s.
ssl_prefer_server_ciphers = yes
 Now dovecot needs to know what protocols will  serve and how
vim /etc/dovecot/conf.d/10-master.conf
service imap-login {
  inet_listener imap {
    port = 143
  inet_listener imaps {
    port = 993
    ssl = yes
service pop3-login {
  inet_listener pop3 {
    port = 110
  inet_listener pop3s {
    port = 995
    ssl = yes
service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = vmail
    group = mail
Enable sieve in dovecot
vim /etc/dovecot/conf.d/15-lda.conf
protocol lda {
# Space separated list of plugins to load (default is global mail_plugins).
#mail_plugins = $mail_plugins
mail_plugins = $mail_plugins sieve
end for today

File underconstruction ……  please return back in few days.

How to setup mx record for subdomain?

Questions of the day ?

How to setup a MX domain for ?

We just now edit zone file /var/named/master/db.domeniuro

$TTL 300

@ 1d IN SOA (
2016090701 ;Serial
10800 ;Refresh after 3 hours
3600 ;Retry after 1 hour
1209600 ;Expire after 1 week
86400 ) ;Minimum TTL of 1 day

;———————–___ Name Servers ____—————————-

1d IN NS
1d IN NS
1d IN MX 5
1d IN MX 10
1d IN TXT “v=spf1 a mx ptr -all”

;———————–___ Aliases___________—————————-

mail IN A
mail2 IN A

subdomeniu  IN  A

;———- MX Subdomeni —————-
subdomeniu IN MX 5
subdomeniu IN MX 20


How we test if we setup right MX ?

[root@mail7 ~]# host -t mx mail is handled by 20 mail is handled by 5

How to fix auto-read-only mdadm.

This guide shows you a simple way to fix your mdadm raid based drives which are not syncing or in the auto-read-only mode.

To find the names of your drives which are under auto-read-only mode or not syncing

cat /proc/mdstat

Force the drives to sync.

mdadm --readwrite /dev/md9

Replace md9 with the name of the drive like md127 etc.
server ~ # cat /proc/mdstat
Personalities : [raid0] [raid1] [raid6] [raid5] [raid4] [raid10] [linear] [multipath]
md125 : active (auto-read-only) raid1 sda1[0] sdb1[1]
      192640 blocks [2/2] [UU]

md126 : active raid1 sda5[0] sdb5[1]
      97650944 blocks [2/2] [UU]

md127 : active raid1 sdb2[1] sda2[0]
      97659008 blocks [2/2] [UU]
      [=>...................]  resync =  8.8% (8686848/97659008) finish=64.0min speed=23148K/sec

md128 : active (auto-read-only) raid1 sdb6[1] sda6[0]
      288875200 blocks [2/2] [UU]

Source Info:

CP: max source files number arguments for copy utility


Today we have a problem: We get this error when we try to copy over 32356 file in other folder.
[root@mail]# cp -p office_23\* office\
-bash: /bin/cp: Argument list too long

Solutions: run your command in a loop.

[root@mail]# for file in office_23\*; do cp -p “$file” office\; done

And works very well.

Could not reliably determine the server’s fully qualified domain name Ubuntu?

If you get next error:

Restarting web server apache2
apache2: Could not reliably determine the server's fully qualified domain name, using for ServerName
... waiting apache2:
Could not reliably determine the server's fully qualified domain name, using for ServerName

vi  /etc/apache2/conf.d/fqdn
or vi  /etc/apache2/conf-available/fqdn.conf  ( for Ubuntu 14.04 )
 a2enconf fqdn

Ubuntu server 12.04 LTS with GUI and xRDP.

Some people like GUI interface and some steps show here.

First step is to go comand line interface:

sudo apt-get update
sudo apt-get install ubuntu-desktop

install Gnome 
apt-get install gnome-shell

and reboot

After reboot we need to install xRDP

apt-get install xrdp

root@server-ubuntu-12:~# sysv-rc-conf --list | grep xrdp
xrdp 0:off 1:off 2:on 3:on 4:on 5:on 6:off

How to set locale in Ubuntu / Debian

After a clean Debian/Ubuntu install, I get the following error “LC_ALL to default locale: No such file or directory”.

Answer:  Type the following in terminal to get rid of that error,

sudo apt-get install language-pack-en-base

sudo dpkg-reconfigure locales

Other options it is to run:

 # locale-gen 

You will get

 Generating locales (this might take a while)...
   en_US.UTF-8... done
Generation complete.