CentOS 8: Not Ready for Prime Time Mail Server for Us!

Kabir (ko-bir)
Dec 12, 2019 · 3 min read

We are an extreme fan of open-source Linux since the time that Linux came out! I have personally written half a dozen books on the Linux server platform. Linux server is our primary tool for all our software development and deployment efforts. We favor Red Hat for a few reasons, but for all our in-house projects, we use the next best thing — CentOS. Recently, CentOS 8 was released on September 24th, 2019. CentOS has always been thought of as the unofficial open-source version of Red Hat Enterprise Linux (RHEL) since it is still derived from the former. We had high hopes to set up a custom mail server on it, but we got stuck on a critical step, which requires that we abandon our plans with CentOS 8 for the time being. Bummer!

Setting up a custom mail server on a Linux server on a cloud environment is one of the most challenging server administration tasks.

I equate mail server setup with as much pain as getting one’s wisdom teeth removal or a root canal operation at the local dentist.

“Why?” you ask.

A typical Linux mail server set up for us means the following:

  1. Install a mail transfer agent (MTA) — postfix
  2. Install IMAP/POP server — dovecot
  3. Install user database — MySQL
  4. Install Webmail client — Rainloop (alt. RoundCubeMail)

It is relatively easy to install packages. However, getting Postfix and Dovecot to use SSL/TLS for authentication of SMTP/IMAP/POP is a bit of work. Still not too hard.

However, once the software is configured, there are many steps involved in getting a mail server to stand a chance to be trusted and functional in the Internet ecosystem. Here are some of the significant steps:

  1. Set up reverse DNS (PTR) record for the new mail server — easy
  2. Set up SFP record — easy
  3. Set up DomainKeys Identified Mail (DKIM) DNS record and support
  4. Set up Domain-Based Message Authentication, Reporting, and Conformance (DMARC) — which allows us to publish policies in DNS, telling remote mailers what to do with messages that do not align with these policies. DMARC is built on top of two existing technologies: SPF, and DKIM

When we attempted to build a new mail server using Postfix, Dovecot, and MySQL, everything went pretty smooth until we needed to build support for DKIM.

It turns out that CentOS 8 has no package for DKIM. So we decided to go with the Extra Packages for Enterprise Linux (or EPEL) repositories and noticed that there was none there either.

So we decided to build DKIM support using OpenDKIM. But it turned out that CentOS 8 has no longer supports many required source code such as Sendmail Development code (sendmail-devel). The missing source code is needed to build support for the milter filtering used by OpenDKIM. So this was an epic fail as without DKIM support mail delivery rate goes out the window. DKIM allows an outbound email to be signed so that the receiving servers can check if the email is authentic by using the DKIM record in the domain’s DNS information. If the DKIM checks pass, it lowers the spam score for the mail in most cases, which increases its chances to hit the inbox in the whole spam filtering phase.

Hmm, is there another workaround?

Yes, we figured out an ugly workaround. It involves tricking the system into using an old version of OpenDKIM. Here is how:

  1. Remove the latest EPEL from your system (at least temporarily) by running yum remove epel-<version>
  2. Install the EPEL 7.2 using rpm -Uvh https://download-ib01.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
  3. Install opendkim using yum install opendkim and accept the warning(s)

This is less than ideal in a production mail system, so we are keeping ours as a test server until this issue is resolved by a new build of OpenDKIM on the latest version of CentOS.

About CentOS 8

CentOS 8 is derived from RHEL 8. It ships with Linux kernel version 4.18. You can learn more about CentOS at https://www.centos.org

EVOKNOW

EVOKNOW is a multinational e-commerce service provider and…

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store