Postfix - Dovecot HOWTO - CentOS

1. Introduction

Postfix is the default mail transport agent (MTA) for CentOS. Dovecot is used to allow users to access their email by either imap or pop protocols.

2. Installation

The first thing we need to do is install the requisite software. The easiest way to do this is with yum from the command line:

#yum install postfix dovecot system-switch-mail

Yum should automatically resolve any dependencies. Dovecot is dependent on mysql and perl so these will likely be installed too if they are not already installed on the system.

2.1. Post Install

Remove the sendmail program if it is already installed and switch the postfix to the default MTA.

#rpm -qa |grep sendmail

The above command will show the sendmail package if it s installed. Please run the following command to remove it.

#rpm -e <packagename>

Now we need to tell our system to use postfix as the MTA rather than the default sendmail. To do this run the system-switch-mail command and select postfix as the MTA. This will install the postfix service and set it to start automatically at runlevels 3 4 and 5.


Select Postfix from the list that pop-ups.

Next we need to set the dovecot service to also automatically start at runlevels 3 4 and 5 and start both services:

#chkconfig -level 345 dovecot on

Add a virtual mail user to control the postfix files.

#useradd vmailusr -u 5000 -s /sbin/nologin

3. Configuration

Next we need to configure the various parts of our email server.

3.1. Postfix

Postfix configuration files are stored in /etc/postfix. The two main postfix configuration files are and although we will only be dealing with here. First we are going to make some additions or changes to the configuration file. The following lines should be added edited or uncommented:

myhostname =

mydomain =

myorigin = $mydomain

inet_interfaces = all

mydestination = $myhostname localhost.$mydomain localhost $mydomain

mynetworks =

relay_domains =

home_mailbox = Maildir/


virtual_mailbox_base = /var/spool/mail

virtual_mailbox_maps = hash:/etc/postfix/virtual_mailbox

virtual_uid_maps = static:5000

virtual_gid_maps = static:5000

Note: Each line should start at the beginning of a new line and should not be preceded by white space or tabs. White space or tabs at the beginning of a line are treated as a continuation of the previous line and if the previous line is a comment (#) line then the subsequent line is also treated as such. Further inline comments should be avoided.

Now lets take a look at each setting it turn to understand what we ve just done:

myhostname: is the host name of the system (i.e the system is called mail or

mydomain: is the domain name for the email server (it can be a real or fake domain name).

myorigin: is the domain name that locally-posted email appears to have come from and is delivered to.

inet_interfaces: sets the network interfaces that Postfix can receive mail on. These need to include at least localhost and the local domain.

mydestination: is the list of domains that will be delivered to (i.e this server is the final destination for email addressed to these domains).

mynetworks: is a list of trusted IP addresses that may send or relay mail through the server. Users attempting to send email through the server originating from IP addresses not listed here will be rejected. We can set this parameter to point to file or DB and specify the allowed hosts or network in this file.

Eg : mynetworks=/etc/postfix/mynetworks

relay_domains: is a list of destination domains this system will relay mail to. By setting it to be blank we ensure that our mail server isn t acting as an open relay for untrusted networks. You should make sure that the system isn t acting as an open relay other wise the server s IP will be blocked or the mail from this IP will be marked as SPAM in most of the other mail servers. By default Postfix relays mail from "trusted" clients (IP address matches $mynetworks) to any destination from "untrusted" clients to destinations that match $relay_domains or subdomains thereof except addresses with sender-specified routing. The default relay_domains value is $mydestination.

In addition to the above the Postfix SMTP server by default accepts mail that Postfix is final destination for:

destinations that match $inet_interfaces or $proxy_interfaces

destinations that match $mydestination

destinations that match $virtual_alias_domains

destinations that match $virtual_mailbox_domains.

home_mailbox: sets the path of the mailbox relative to the users home directory and also specifies the style of mailbox to be used. Postfix supports both Maildir and mbox formats and readers are encouraged to read up on the merits of each for themselves. However in this article we have chosen to use Maildir format (a trailing slash indicates Maildir format. To specify mbox format the reader would use home_mailbox = Mailbox).

virtual_mailbox_domains: defines a set of domains which are binded to the mail server. We can list those domains separated by coma or space. If you have more domains to add it is better to add them all to a file and give the complete path to the file name as value of this parameter.

Eg: virtual_mailbox_domains=


virtual_mailbox_base: path to the base directory of the virtual domains where the incoming mails should store. Here we defined the base path as "/var/spool/mail" .We can say this path is the base path for virtual_mailbox_maps.

virtual_mailbox_maps: is the parameter creates the virtual mail ids. We are usually specify the value of this parameter as path to a file or db which in terms defines the mail ids and mail dir path. The virtual delivery agent uses this table/file to look up the per-recipient mailbox or maildir pathname. If the lookup result ends in a slash ("/") maildir-style delivery is carried out otherwise the path is assumed to specify a UNIX-style mailbox file. Note that virtual_mailbox_base is unconditionally prepended to this path. Here we have specified it as

virtual_mailbox_maps = hash:/etc/postfix/virtual_mailbox which look for a hashed file "virtual_mailbox.db" for the settings. The advantage of the hashed file is more efficient in look up an email user thus will be fast.

For making this hashed file you should not forget to run the following command after editing the /etc/postfix/virtual_mailbox file

#postmap /etc/postfix/virtual_mailbox

Syntax of the /etc/postfix/virtual_mailbox should be as follows

Here left-hand side denotes the email-id and right-hand side specifies the relative path to the mail directory or mailbox.Here the base path is /var/spool/mail thus the ultimate directory where the mails gets stored is /var/spool/mail/domainname/user/. This is Maildir format and if you want to use the Mailbox format avoid using trailing slash and the above configuration becomes

In the case of Maildir format the each mails will be stored as separate files inside the folder(/var/spool/mail/domainname/user/) and if it s a Mailbox format the whole mail gets stored in a single file(/var/spool/mail/domainname/user) and the mail clients could interpret both formats.

virtual_uid_maps: Lookup tables with the per-recipient user ID that the virtual delivery agent uses while writing to the recipient s mailbox. We can set it as static user for all domains or a dynamic user for each domains binded to the server. Here we have set it as static and all the mailbox will have that static user ownership. Mail user here is "vmailusr" that we have created during the post install step.

3.2. Dovecot

The dovecot configuration file is located at /etc/dovecot.conf. The following lines should be added edited or uncommented:

protocols = imap imaps pop3 pop3s

mail_location = maildir:~/Maildir

pop3_uidl_format = %08Xu%08Xv

# Required on x86_64 kernels

#login_process_size = 64

mail_location =maildir:/var/spool/mail/%d/%n/

## POP3 specific settings

protocol pop3 {

# Login executable location.

login_executable = /usr/libexec/dovecot/pop3-login

mail_executable = /usr/libexec/dovecot/pop3

pop3_uidl_format = %08Xu%08Xv


## Authentication processes

# Executable location

auth_executable = /usr/libexec/dovecot/dovecot-auth

# More verbose logging. Useful for figuring out why authentication isn t working.

auth_verbose = yes

auth default {

# Space separated list of wanted authentication mechanisms:

# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi

mechanisms = plain


passdb passwd-file {

# Path for passwd-file

args =/etc/postfix/passwd


userdb static {

args = uid=5000 gid=5000 home=/var/spool/mail/%d/%u/


Again looking at each option:

protocols: specifies the protocols available to users to access their email. Dovecot supports imap(s) and pop3(s) and any or all may be used.

mail_location: specifies the format and location of each users mailbox. Here we see we are using maildir format and each user has their mailbox located at ~/Maildir. Examples for mbox format are provided in the configuration file.

pop3_uidl_format: is required to fix a problem with Outlook 2003 accessing mailboxes via pop3 so it makes sense to set this (see the notes in the configuration file for more details).

login_process_size:The release notes for CentOS 5.1 state that "the Dovecot package on x86_64 kernels requires the parameter "login_process_size = 64" to be added to /etc/dovecot.conf after an upgrade to CentOS 5.1". 32-Bit installations are unaffected and do not require this setting.

mail_location: is the location for users mailboxes. This is the same as the old default_mail_env

setting. The default is empty which means that Dovecot tries to find the mailboxes automatically. This won t work if the user doesn t have any mail yet so you should explicitly tell Dovecot the full location. If you re using mbox giving a path to the INBOX file (eg. /var/spool/mail/%d/%u) do the trick.

There are a few special variables you can use eg.:

%u - username

%n - user part in user@domain same as %u if there s no domain

%d - domain part in user@domain empty if there s no domain

%h - home directory

login_executable : specifies the path to the pop3 login program.

mail_executable : specifies the path to the pop3 program which interprets the mails.



auth_verbose : set/unset verbose logging for authorization process . Useful for figuring out why authentication isn t working.

auth default {


} : Space separated list of wanted authentication mechanisms. Supported mechanisms by dovecot are plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi

passdb passwd-file {

args =/etc/postfix/passwd

} : file which stores user password in any of the dovecot supported mechanisms. Syntax of the password file is as follows




Here the encryption mechanism used is HMAC- MD5


Here the encryption mechanism used is PLAIN.

We can get the encrypted output of a password with the command "dovecotpw". So if you need an encrypted password type the command.

#dovecotpw -u user@domainname

Now this will ask for the password enter the password you need and the output will be the default encryption form HMAC-MD5. If you need another encryption mechanisms use the command

#dovecotpw -s scheme -u user@domainname

Here the scheme can be plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi

userdb static {

args = uid=5000 gid=5000 home=/var/spool/mail/%d/%u/

} : Set the user id to static user id 5000 which is the user id of the user "vmailusr". With this user ownership the mails are stored in the Maildir/Mailbox of the server.

3.3. Create users mailboxes

Next we need to create a mailbox for the virtual user as specified in /etc/postfix/virtual_mailbox file and set the appropriate permissions

mkdir -p /var/spool/mail/domainname/user

chown vmailusr.vmailusr /var/spool/mail/domainname/user

chmod -R 700 /var/spool/mail/domainname/user

3.4. Aliases

We are nearly finished. We have an email account set up for John Smith whose email address would be . However John may like to receive email as (or any other alias). We can achieve this by setting an alias for John using the /etc/postfix/virtual_alias file. We can also add aliases for other users so for example we could redirect to by adding the following to /etc/postfix/virtual_alias:

If you edit the virtual_alias file to set up new aliases for users once postfix is running you must rebuild the virtual_alias database by running the command

#postmap /etc/postfix/virtual_alias

4. Starting the server

We are now ready to fire up our new email server.

/etc/init.d/dovecot start

/etc/init.d/postfix start

Your email server should have no trouble sending and receiving email internally and sending external email. To receive external email on your domain you will also need to configure MX records in DNS for your domain (ideally a PTR rDNS entry should also be configured through your ISP mapping your IP address to your domain). Don t forget to open any required ports on your Linux firewall depending what services you are running (SMTP 25; POP3 110; IMAP 143; IMAPS 993; POP3S 995) and enable port forwarding for those ports on any routers.

If you make any changes to the postfix configuration file you can either restart the postfix service or run the postfix reload command to update the changes.

5. Summary

Postfix is an extremely powerful and versatile mail transport agent. Now we have seen how to implement a basic email server using postfix and dovecot for a single/multiple domain based on virtual user accounts. We can simply configure postifix to work with the system users and receive mails to their home directory. But using system user accounts brings more security risks than the virtual user setup as we discussed.

6. Links

Readers are encouraged to read the extensive postfix documentation available at the postfix website including the many example configurations: