Step-by-Step Guide: Setting Up Postfix/Dovecot Mail Server on CentOS/RHEL for Domain Email Receiving


9 views

Make sure you have:

  • A VPS with CentOS/RHEL 7+ (tested on CentOS 8)
  • Root access or sudo privileges
  • Domain name (e.g., mydomain.com) with valid DNS records
  • Ports 25, 143, 465, 587, and 993 open in firewall

Create these DNS records before proceeding:

mydomain.com.    IN  MX  10 mail.mydomain.com.
mail.mydomain.com. IN A  192.0.2.1
mydomain.com.    IN  TXT "v=spf1 mx ~all"
_dmarc.mydomain.com. IN TXT "v=DMARC1; p=none; rua=mailto:postmaster@mydomain.com"

Wait 24-48 hours for DNS propagation before testing.

Run these commands as root:

yum install -y postfix dovecot cyrus-sasl cyrus-sasl-plain mailx
systemctl enable postfix dovecot
systemctl start postfix dovecot

Edit /etc/postfix/main.cf:

myhostname = mail.mydomain.com
mydomain = mydomain.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 127.0.0.0/8
home_mailbox = Maildir/
mailbox_command = 
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

Edit /etc/dovecot/dovecot.conf:

protocols = imap pop3 lmtp
mail_location = maildir:~/Maildir

Edit /etc/dovecot/conf.d/10-auth.conf:

disable_plaintext_auth = no
auth_mechanisms = plain login

For each email account (e.g., info):

useradd -m -s /sbin/nologin info
passwd info
mkdir -p /home/info/Maildir/{new,cur,tmp}
chown -R info:info /home/info/Maildir

firewall-cmd --permanent --add-port={25,143,465,587,993}/tcp
firewall-cmd --reload
setsebool -P httpd_can_network_connect 1

From your server terminal:

telnet localhost 25
EHLO localhost
MAIL FROM: test@mydomain.com
RCPT TO: info@mydomain.com
DATA
Subject: Test Email
This is a test message.
.
QUIT

For Thunderbird/Microsoft Outlook:

  • Incoming: IMAP mail.mydomain.com port 143 (STARTTLS) or 993 (SSL)
  • Outgoing: SMTP mail.mydomain.com port 587 (STARTTLS) or 465 (SSL)
  • Authentication: Normal password
  • Username: info@mydomain.com (full email address)
  • Mail queue stuck: postqueue -p and postsuper -d ALL
  • Connection refused: Check firewalls and netstat -tulnp
  • Authentication failures: Verify in /var/log/maillog

After initial setup works:

# Enable TLS in Postfix
postconf -e 'smtpd_tls_security_level = may'
postconf -e 'smtpd_tls_cert_file = /etc/pki/tls/certs/mail.mydomain.com.crt'
postconf -e 'smtpd_tls_key_file = /etc/pki/tls/private/mail.mydomain.com.key'

# Restrictive permissions
chmod 600 /etc/postfix/sasl_passwd
chown root:root /etc/postfix/sasl_passwd

Before setting up your mail server, ensure your VPS meets these requirements:

  • CentOS/RHEL 7/8 with root access
  • Valid domain name (e.g., mydomain.com) with MX records configured
  • Ports 25 (SMTP), 143 (IMAP), 587 (Submission), and 993 (IMAPS) open
  • Basic familiarity with Linux command line

SSH into your server and run:

yum install postfix dovecot cyrus-sasl cyrus-sasl-plain mailx
systemctl enable postfix dovecot
systemctl start postfix dovecot

Edit /etc/postfix/main.cf:

myhostname = mail.mydomain.com
mydomain = mydomain.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 127.0.0.0/8
home_mailbox = Maildir/
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

Edit /etc/dovecot/dovecot.conf:

protocols = imap
mail_location = maildir:~/Maildir
ssl_cert =

For each email account (e.g., info):

useradd -s /sbin/nologin info
passwd info
mkdir -p /home/info/Maildir/{cur,new,tmp}
chown -R info:info /home/info/Maildir

Verify local mail delivery:

echo "Test email body" | mail -s "Test Subject" info@mydomain.com
tail /var/log/maillog

Configure your mail client with these settings:

  • Incoming: IMAP - mail.mydomain.com (port 143 STARTTLS or 993 SSL)
  • Outgoing: SMTP - mail.mydomain.com (port 587 STARTTLS)
  • Authentication: Normal password
  • Username: Full email address (info@mydomain.com)

Consider implementing these additional measures:

# SPF record in DNS
"v=spf1 a mx ~all"

# DKIM setup (install opendkim)
yum install opendkim
systemctl enable opendkim
systemctl start opendkim

Check these logs when debugging:

tail -f /var/log/maillog
journalctl -u postfix
journalctl -u dovecot