Setting up a Linux mail server from scratch is a real headache. In this tutorial you will learn how to quickly set up your own mail server under CentOS 7 with Modoboa, which will save you a lot of time and headaches. Modoboa is a free, open-source email hosting and management platform designed to work with the Postfix SMTP server and the Dovecot IMAP/POP3 server.
Modoboa is written in Python and published under an ISC license. At the time of writing this article, the latest version v1.14.0, released on 5. July 2019. The most important features of Modoboa are the following:
- By default, Modoboa uses the Nginx web server to control its email client and web management panel.
- Compatible with Postfix and Dovecot.
- Supports MySQL/MariaDB and PostgreSQL databases.
- It is easy to create an unlimited number of mailboxes and e-mail domains in the web-based administration panel.
- It is easy to create e-mail aliases in the web management panel.
- The web-based email client provides an easy-to-use message filter that allows you to organize messages into different folders.
- This can help you protect your domain’s reputation by maintaining blacklists and generating DMARC reports so that your emails end up in a mailbox rather than a spam folder.
- Includes an Amavis frontend to block spam and detect viruses in your email.
- Calendar and address book.
- Integration with Let’s Encrypt application to obtain a valid SSL/TLS certificate
- Enables AutoMX and enables end users to easily set up an email account on their desktop or mobile email client.
Step 1: Select the appropriate hosting provider and purchase the.
To set up a complete mail server with Modoboa, you must have a server with at least 2 GB of RAM, as your server will need more than 1 GB of RAM after installation. This tutorial was done on the Hostwinds VPS (virtual private server) for $8.99/month. I recommend Hostwinds because it does not block port 25, allowing you to send an unlimited number of emails (transactional emails and newsletters) without spending money on SMTP relays. Hostwinds has no SMTP restrictions. You can send a million letters a day.
Other SPV providers such as DigitalOcean Port 25 blocks The DigitalOcean will not activate port 25, so you will need to configure the SMTP relay to bypass the lock, which may incur additional costs. If you use the Vultr VPS, port 25 is blocked by default. You can unlock it when you open your Support Ticket, but you can always unlock it again if you decide that your email activity is not allowed. In fact Vultr can overwrite them if you use their servers to send messages.
Go to the Hostwinds website to create an account. Choose an unattended 2GB Linux VPS plan.
After creating your account, Hostwinds will send you an e-mail with the details of the SSH server. You use an SSH client to connect to the server. If you are using Linux or MacOS on your computer, simply open a terminal window and run the following command to connect to your server Replace 18.104.22.168 with the IP address of your server.
A password will be requested. If you are using Windows, read the following article about using the SSH client
We strongly recommend that you follow these instructions for a clean installation of CentOS 7.
You also need a domain name. I registered my domain name with NameCheap because the price is low and they offer free Whois privacy for life.
Step 2: Creation of an MX record and an A record in the DNS
The MX-record determines which host(s) handle the e-mail for a certain domain name. For example, the host that handles e-mail for linuxbabe.com is mail.linuxbabe.com. When someone with a Gmail account sends an email to [secure email], the Gmail server requests an MX registration at linuxbabe.com. If he discovers that mail.linuxbabe.com is responsible for receiving the emails, he requests A mail.linuxbabe.com to write to obtain the IP address so that the emails can be delivered.
You can connect to the website of the domain registrar (e.g. NameCheap) to create DNS records.
Create an MX record for your domain name in the DNS manager. In the Name field, type @ to display the main domain name and in the Value field, type mail.your-domain.com.
Pay attention: The host name of an MX record cannot be an alias of another name. It is also highly recommended to use host names for MX records, not just IP addresses.
Your DNS manager can ask you to enter a preferred value (also called a priority value). It can be any number from 0 to 65,356. The few have more priority than the many. You can enter 0 for your mail server or accept the default value.
After creating an MX record, you must also create an A record for mail.your-domain.com so that it can be converted to an IP address. If your server has an IPv6 address, please also add an AAAA detail.
If you are using the Cloudflare DNS service, do not enable the CDN feature when creating an A record for your mail server. Cloudflare does not support SMTP proxies.
Step 3: Configuring the mail server on CentOS 7 with the Modoboainstaller
Connect to the server via SSH and then run the following command to update existing software.
Modernisation of the site
Download the Modoboa installer from Github.
Yam root installation kit
Guitar Clone https://github.com/modoboa/modoboa-installer
Modoboah was written in Python. To install the required Python software, execute the following command.
Piton virtual peat moss plant
Then go to the modoboa installation directory and create a configuration file. Replace example.com with your own domain name.
sudo ./run.py -stop-na-configuration-check example.com
Edit the installer.cfg configuration file with a command line text editor such as nano.
sudo nano.cfg installer
To obtain a valid Let’s Encrypt SSL/TLS certificate for your mail server, change the value of the type in the [certificate] section from self-signed to letencrypt.
Type = Scripting language
And change the [Protected Email] email address to your real email address, which is used to restore your account and send important notifications. You will not be able to obtain and install a Let’s Encrypt certificate if you use the default email address.
By default, the Modoboa installer installs the PostgreSQL database server as shown in the following lines of the configuration file
motor = postgres
host = 127.0.0.1
install = real
If you want to use the MariaDB database server, change the postgres engine to mysql. (Modoboa will install MariaDB instead of MySQL)
To save the file in the NANO editor, press Ctrl+O and then press Enter to confirm. Press Ctrl+X to exit. Then run the following command to open ports 80 and 443 in the firewall so that we can access the web management panel later.
sudo firewall-cmd –permanent –zone=public –add-service=http
sudo firewall-cmd –permanent –zone=public –add-service=https
Restart the firewall to allow the changes to take effect.
Restart sudo systemctl firewall
The Fully Qualified Domain Name (FQDN), such as mail.example.com, should be used as the host name for your mail server. To set the host name, issue the following command.
sudo hostnamectl set-hostname mail.example.com
We also need to check whether the DNS data is transferred over the Internet. Depending on the domain registrar you use, your DNS record may spread immediately or it may take up to 24 hours to spread. You can go to https://dnsmap.io and enter the host name of your mail server (mail.example.com) to check DNS propagation.
If your DNS record is spreading, run the following command to start the installation
sudo ./run.py – an interactive example
The installation process may take some time. On my hostwind server it took 10 minutes. If you find an error during installation, you can use –debug to get a more detailed result.
sudo ./run.py – interactive –debug example.com
Once the installation of Modoboa is complete, you can connect to the administration panel with your username and password for the administrator.
After logging in you need to go to Admin -> Settings -> Profile to change your password.
Step 4: Add mailboxes in the Modoboa control panel
Note that the administrator account is not a default email account. It can only be used to manage mail servers. To send emails, you need to add mailboxes with an administrator account.
Go to the Domains tab and click on Add to add a new domain.
Then enter your main domain name in the Name field. It is highly recommended to activate the DKIM signature, which can be beneficial for the reputation of your domain. In the Key switch field, you can enter any word as Modoboa. Select 2048 as key length.
On the next screen you can choose to create an administrator account for this specific domain name. The SMTP protocol requires the E-mail server to have a [secure E-mail] address.
Click the Submit button and your domain name will be added to Modoboa.
To add email addresses, go to the Domains tab and click on your domain name.
Then click on the mailboxes.
Click on the Add button and select Account.
Then select Single User as the role. Enter your e-mail address in the Username and Password fields.
On the next screen you can also create an alias for this email address.
The email address is created when you press the Send button.
Step 5: Transmission of test messages
Before sending the test mail, we need to execute the following commands to open the ports connected to SMTP and IMAP in the firewall
sudo-firewall-cmd –permanent –add-service=smtp
sudo-firewall-cmd –permanent –add-service=smp submission
sudo-firewall-cmd –permanent –add-service=smtps
sudo-firewall-cmd –permanent –add-service=imap
sudo-firewall-cmd –permanent –add-service=imaps.
Restart the firewall to allow the changes to take effect.
Restart sudo systemctl firewall
To login to Modoboa Webmail you must first sign out of your administrator account and then enter your email address.
After registering for Modoboa Webmail you can send a test email from your personal email server to another email address and vice versa.
Incoming messages are delayed by a few minutes because Modoboa by default contains grey lists that ask another SMTP server to send a new message after a few minutes. This is useful for blocking spam. The following message in /var/log/maillog indicates that the grey list is enabled
Postfix/Postscreen  : Denial: CPR of [22.214.171.124]:36980 : 450 4.3.2 The service is currently not available ;
Shadows, however, can be quite annoying. You can disable it by changing the main Postfix configuration file.
sudo nano /etc/postfix/main.cf
Find the following lines at the end of the file and comment. (Add a # at the beginning of each line).
postscreen_pipelining_enable = yes
postscreen_pipelining_action = forced execution
postscreen_non_smtp_command_enable = yes
postscreen_non_smtp_command_action = execute
postscreen_bare_new_enable = yes
postscreen_bare_newline_action = application
Save the file and close it. Then restart Postfix to make the changes take effect.
sudo systemctl Restart Postfix
You can now receive e-mails without having to wait a few minutes.
Step 6: Check that port 25 (outgoing) is blocked
Your ISP or hosting provider will not block the incoming connection to port 25 on your server, i.e. you can receive email from other mail servers. However, many Internet access and hosting providers block outgoing connections to port 25 of other mail servers, meaning you cannot send email.
If your email has not reached another address, such as Gmail, run the following command on your mail server to see if port 25 (outgoing) is blocked.
telnet gmail-smtp-in.l.google.com 25
If it is not blocked, you will see messages indicating that the connection was successful, as shown below. (Tip: enter the output and press the Enter key to close the connection).
Connected to gmail-smtp-in.l.google.com.
The character of Escape is ‘^’].
220 mx.google.com ESMTP y22si1641751pll.208 – gsmtp
If gate 25 (outgoing) had been blocked, you would have seen something like this:
Telnet: Connection to an external host is not possible: Timer connections
In this case, your zip code cannot send messages to other SMTP servers. Ask your ISP/hosting provider to open it for you. If they reject your request, you must configure the SMTP relay to bypass the block of port 25.
Step 7: Use of e-mail clients on a computer or mobile device
Launch a desktop email client, such as Mozilla Thunderbird, and add an email account.
- In the Incoming Server section, select the IMAP protocol, enter mail.your-domain.com as the server name, select port 143 and STARTTLS. Choose a regular password as authentication method.
- In the outgoing section, select the SMTP protocol, enter mail.your-domain.com as server name, select port 587 and STARTTLS. Choose a regular password as authentication method.
You can also use IMAP on port 993 with SSL/TLS encryption.
Step 8: Improved email routing
To prevent your e-mail from being marked as spam, you must install the items PTR, SPF, DKIM and DMARC.
A pointer record or PTR assigns the IP address to the FQDN (full domain name). It is similar to input A and is used for reverse DNS lookups that can help block spammers. Many SMTP servers reject emails if no PTR input for the sending server is found.
To check a PTR data for an IP address, follow this command :
dig -x IP address + short
Host IP address
Since you get the IP address from your hosting provider or ISP, not from your domain registrar, you must set the PTR entry for your IP in the Control Panel of your hosting provider or contact your ISP. Its value should be the hostname of your mail server: mail.yourdomain.com. If your server uses an IPv6 address, make sure you add a PTR entry for your IPv6 address.
To change the Reverse DNS entry for your hostwinds VPS, log into the Hostwinds Client Area, select Domains -> Manage RDNS, and then you can change the Reverse DNS entry for the IPv4 and IPv6 addresses.
The Sender Policy Framework (SPF) defines which hosts or IP addresses may send email on behalf of a domain. You can only allow your own mail server or the server of your ISP to send e-mail for your domain. Create a new TXT record in the DNS management interface as shown below.
- TXT indicates that it is a TXT data record.
- Type @ in the name field to display the main domain name.
- v=spf1 indicates that this is an SPF record and version SPF1.
- mx means that all hosts listed in MX records are allowed to send mail for your domain, and all other hosts are not allowed to send mail.
- ~All indicates that mail from your domain should only come from the hosts specified in the SPF record. Letters from other hosts are marked as fake.
To check if your SPF mail is distributed on the public internet, you can use the dig program on your Linux machine, as shown below:
dig your-domain.com txt
The txt option tells Dig that we only want to retrieve TXT records.
DKIM (DomainKeys Identified Mail) uses a private key to digitally sign e-mails sent from your domain. The SMTP reception servers verify the signature with a public key published in the DNS-DKIM record.
When we added a domain name to the Moboboa control panel earlier, we enabled the DKIM signature, so the signature was ready. Only one DKIM entry needs to be created in the DNS manager. First, go to the Modoboa control panel as administrator and select your domain name. In the DNS section, click on the Show button.
The public key is unlocked. There are two sizes. All we need is the binding format/name.
Go to your DNS manager, create a TXT record, type modoboa._ domain name in the Name field. (Don’t forget that we used Modoboa as selector when we added the domain name in the administration section) Copy everything in brackets and paste it into the value field. Remove all double quotes. Your DNS manager may ask you to delete other invalid characters, such as B. line break.
For interested parties : Modoboa uses OpenDKIM to generate a private key for your domain key and to verify the signatures of incoming emails.
DMARC stands for Domain-based Message Authentication, Reporting and Conformance. DMARC can help email receiving servers identify legitimate emails and prevent the use of your domain name by forgers.
To create a DMARC record, go to your DNS manager and add a TXT record. Enter _mark in the name field. Enter the following data in the value field:
v=DMARC1; p=not; pct=100; rua=mailto: [email protected].
The above DMARC assessment is a safe starting point. For a full explanation of DMARC you can read the following article.
Step 9: E-mail Evaluation and post testing
After creating the PTR, SPF and DKIM entries, go to https://www.mail-tester.com. You will see a unique e-mail address. Send an e-mail from your domain to this address and check your score. As you can see, I have an excellent result.
Mail-tester.com can only show you the sender’s note. There is another service called GlockApps that allows you to check if your email is in the recipient’s inbox or junk folder or if it is rejected altogether. It supports many popular email providers such as Gmail, Outlook, Hotmail, YahooMail, iCloud Mail and more.
What should you do if your email is still marked as spam?
In this article I have a few more tips for you: How can you prevent your letters from being marked as spam? Although it takes time and effort to apply these tips, your emails will eventually be delivered to your inbox.
What should I do if my mail is uploaded from a Microsoft mailbox?
It seems that Microsoft uses an internal blacklist that blocks many legitimate IP addresses. If your email is rejected by Outlook or Hotmail, you will need to send a form with the sender’s details. Then your email will be accepted by Outlook/Hotmail.
Automatic update TLS certificate Encryption
Modoboa has installed the latest version of the Let’s Encrypt (certbot) client under the name /opt/certbot-auto. The TLS encryption certificate is valid for 90 days Change the root user’s crontab file to update the certificate automatically.
The centre of the ship’s crown
Add the following line at the end of this file.
@daily /opt/certbot-car renewal -q && systemctl reloads nginx postfix pigeon loft
Save the file and close it. He tells Crohn that he has to lead the renewal team of the church every day. If there are 30 days left before the certificate expires, the certbot will extend it. The Nginx web server, the Postfix SMTP server and the Dovecot IMAP server need to be restarted to retrieve the new certificate.
Switching on the SMTPS 465 connector
To use the Microsoft Outlook client, you must enable SMTPS port 465 on the Postfix SMTP server.
First use a VPS with at least 2 GB of RAM. Running Modoboa on a VPS with 1 GB of RAM will destroy the database, SpamAssassin or ClamAV due to a memory problem. If you really want to use a VPS with 1 GB of RAM, you will lose incoming email and get other unwanted results.
If the Modoboa web interface is not available, such as gateway error 502, check the Nginx logs in /var/log/nginx/ to find the directions. You can also view the /var/log/maillog.
Make sure the different shifts are working.
Status of the postfix system
Pigeon loft system
nginx systemctl status
Status of the Mariada system
status of the clamav daemon system
Amavis system status
I have noticed that the service of the Clamav devil tends to stop for no apparent reason, even if there is enough RAM. It slows down the e-mail by a minute. We can set it to restart automatically when it is cut off by the system’s power supply. Copy the source file from the service device to the /etc/system/ directory.
sudo cp /lib/system/system/clamav-daemon.service /etc/system/system/clamav-daemon.service
Then edit the service module file.
sudo nano /etc/system/clamav-daemon.service
Add the following two lines in the [Service] section.
Here we go:
# Restart Database
ExecReload=/bin/kill -USR2 $MAINPID
Save the file and close it. Then reboot the system and restart the clamav-daemon.service.
sudo systemctl demon-load
sudo systemctl clamav-daemon reload
(optional) Automatic detection and setting for automatic configuration of thee-mail client
AutoDiscovery and AutoConfig make it easy to configure a desktop or mobile email client. The end user only needs to enter his name, email address and password to set up his email account without having to enter any SMTP or IMAP server data. Autodiscover is supported by the Microsoft Outlook email client and AutoConfig by the Mozilla Thunderbird email client.
Modoboa uses AutoMX to implement this feature on your mail server. Now all we have to do is add the CNAME records to the DNS. Create two CNAME items in your DNS manager.
autoconfig.yourdomain.com CNAME mail.yourdomain.com
autodiscover.yourdomain.com CNAME mail.yourdomain.com
Click on the Domains tab in the Modoboa control panel. If the automatic configuration option is marked in green, this means that your CNAME entry is correct. (Modoboa checks the DNS data of your mail server every 30 minutes, so you may have to wait a while for the car configuration to turn green).
Once CNAME records are transferred over the Internet, you do not need to enter SMTP or IMAP server information when creating an email account in Microsoft Outlook and Mozilla Thunderbird.
Hosting of different domains in Modoboa
See the next article:
I hope this guide has helped you configure the mail server under CentOS 7 with Modoboa. As always, if you find this message useful, subscribe to our free newsletter for more tips and tricks. Take care of yourself.
Evaluate this training manual.
On second thought: 3 On average: 5]centos mail server with web interface,best mail server for centos 7,modoboa install,setting up a mail server centos 7,centos 7 mail server digitalocean,mail-in a box centos,centos 7 configure mail client,how to install outlook in centos 7