CentOS 8: Not Ready for Prime Time Mail Server for Us!

Kabir Mohammed
Dec 12, 2019 · 3 min read

We are an extreme fan of open-source Linux since the time that Linux came out! I have personally written half a dozen books on the Linux server platform. Linux server is our primary tool for all our software development and deployment efforts. We favor Red Hat for a few reasons, but for all our in-house projects, we use the next best thing — CentOS. Recently, CentOS 8 was released on September 24th, 2019. CentOS has always been thought of as the unofficial open-source version of Red Hat Enterprise Linux (RHEL) since it is still derived from the former. We had high hopes to set up a custom mail server on it, but we got stuck on a critical step, which requires that we abandon our plans with CentOS 8 for the time being. Bummer!

Setting up a custom mail server on a Linux server on a cloud environment is one of the most challenging server administration tasks.

I equate mail server setup with as much pain as getting one’s wisdom teeth removal or a root canal operation at the local dentist.

“Why?” you ask.

A typical Linux mail server set up for us means the following:

  1. Install a mail transfer agent (MTA) — postfix
  2. Install IMAP/POP server — dovecot
  3. Install user database — MySQL
  4. Install Webmail client — Rainloop (alt. RoundCubeMail)

It is relatively easy to install packages. However, getting Postfix and Dovecot to use SSL/TLS for authentication of SMTP/IMAP/POP is a bit of work. Still not too hard.

However, once the software is configured, there are many steps involved in getting a mail server to stand a chance to be trusted and functional in the Internet ecosystem. Here are some of the significant steps:

  1. Set up reverse DNS (PTR) record for the new mail server — easy
  2. Set up SFP record — easy
  3. Set up DomainKeys Identified Mail (DKIM) DNS record and support
  4. Set up Domain-Based Message Authentication, Reporting, and Conformance (DMARC) — which allows us to publish policies in DNS, telling remote mailers what to do with messages that do not align with these policies. DMARC is built on top of two existing technologies: SPF, and DKIM

When we attempted to build a new mail server using Postfix, Dovecot, and MySQL, everything went pretty smooth until we needed to build support for DKIM.

It turns out that CentOS 8 has no package for DKIM. So we decided to go with the Extra Packages for Enterprise Linux (or EPEL) repositories and noticed that there was none there either.

So we decided to build DKIM support using OpenDKIM. But it turned out that CentOS 8 has no longer supports many required source code such as Sendmail Development code (sendmail-devel). The missing source code is needed to build support for the milter filtering used by OpenDKIM. So this was an epic fail as without DKIM support mail delivery rate goes out the window. DKIM allows an outbound email to be signed so that the receiving servers can check if the email is authentic by using the DKIM record in the domain’s DNS information. If the DKIM checks pass, it lowers the spam score for the mail in most cases, which increases its chances to hit the inbox in the whole spam filtering phase.

Hmm, is there another workaround?

Yes, we figured out an ugly workaround. It involves tricking the system into using an old version of OpenDKIM. Here is how:

  1. Remove the latest EPEL from your system (at least temporarily) by running yum remove epel-<version>
  2. Install the EPEL 7.2 using rpm -Uvh https://download-ib01.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
  3. Install opendkim using yum install opendkim and accept the warning(s)

This is less than ideal in a production mail system, so we are keeping ours as a test server until this issue is resolved by a new build of OpenDKIM on the latest version of CentOS.

About CentOS 8

CentOS 8 is derived from RHEL 8. It ships with Linux kernel version 4.18. You can learn more about CentOS at https://www.centos.org

EVOKNOW is a multinational e-commerce service provider and developer of the LoneTree Commerce platform.

Kabir Mohammed

Written by

A published tech author and founder from Rocklin, California. https://mjkabir.com/bio

EVOKNOW

EVOKNOW is a multinational e-commerce service provider and developer of the LoneTree Commerce platform.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade