dev-libre-is/docs/_source/mail-libre-is.rst

=============
mail.libre.is
=============
Documentation for Libre mail server.

Setting up Internet mail servers is a pain.
It's nothing like just setting up a web server...
This install is based on this guide:

  `<https://workaround.org/ispmail-bookworm/>`_


Main Components
===============

Dovecot

  `<https://dovecot.org/>`_


MariaDB


OpenDKIM

  `<http://www.opendkim.org/>`_

OpenDMARC

  `<http://www.trusteddomain.org/opendmarc/>`_

  `<https://github.com/trusteddomainproject/OpenDMARC>`_

Postfix

  `<https://www.postfix.org/>`_


Apache
======
The Apache webserver is used out of laziness as it allows easy
certificate updates with certbot. A webmail server won't be
running on the main mail server.

.. code-block:: sh

  sudo apt install apache2
  echo "mail.libre.is" | sudo tee /var/www/html/index.html

Open up firewall ports 80 and 443.


MariaDB
=======
The main database server.

.. code-block:: sh

  sudo apt install mariadb-server
  sudo mariadb-admin password
  mariadb -uroot -p

Add databases.
Change password to something secure.

.. code-block:: sql

  CREATE DATABASE mailserver;

  GRANT ALL ON mailserver.* TO 'mailadmin'@'localhost' IDENTIFIED BY 'password';

  GRANT SELECT ON mailserver.* TO 'mailserver'@'127.0.0.1' IDENTIFIED BY 'password';

  USE mailserver;

  CREATE TABLE IF NOT EXISTS `virtual_domains` (
   `id` int(11) NOT NULL auto_increment,
   `name` varchar(50) NOT NULL,
   PRIMARY KEY (`id`)
   ) ENGINE=InnoDB DEFAULT CHARSET=utf8;

  CREATE TABLE IF NOT EXISTS `virtual_users` (
   `id` int(11) NOT NULL auto_increment,
   `domain_id` int(11) NOT NULL,
   `email` varchar(100) NOT NULL,
   `password` varchar(150) NOT NULL,
   `quota` bigint(11) NOT NULL DEFAULT 0,
   PRIMARY KEY (`id`),
   UNIQUE KEY `email` (`email`),
   FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
   ) ENGINE=InnoDB DEFAULT CHARSET=utf8;

  CREATE TABLE IF NOT EXISTS `virtual_aliases` (
   `id` int(11) NOT NULL auto_increment,
   `domain_id` int(11) NOT NULL,
   `source` varchar(100) NOT NULL,
   `destination` varchar(100) NOT NULL,
   PRIMARY KEY (`id`),
   FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
   ) ENGINE=InnoDB DEFAULT CHARSET=utf8;

  EXIT


Postfix
=======
The main SMTP mail server.

.. code-block:: sh

  sudo apt install postfix
  sudo apt install postfix-mysql


Redis
=====
Note, the licensing of Redis has gone bad. The version in Debian
is OK. But in the future, probably replace with a fork.

.. code-block:: sh

  sudo apt install redis-server


rspamd
======
Spam control.

.. code-block:: sh

  sudo apt install rspamd


Certbot
=======
Encryption certificates with Let's Encrypt.
Not using an Apache webserver on the mail server makes getting
new certificates a bit more complex.

.. code-block:: sh

  sudo apt install certbot ca-certificates python3-certbot-apache
  sudo certbot -d mail.libre.is
  sudo systemctl restart apache2
  echo "post-hook = systemctl restart postfix dovecot apache2" | \
    sudo tee /etc/letsencrypt/cli.ini


Dovecot
=======
Just using encrypted IMAPS, not POP.

.. code-block:: sh

  sudo apt install dovecot-mysql dovecot-pop3d dovecot-imapd \
    dovecot-managesieved dovecot-lmtpd

Note, since IPv6 isn't being used, the dovecot install barfs.
Edit /etc/dovecot/dovecot.conf and add this line, where appropriate:

.. code-block:: sh

  listen = *

Note, this is removing the "::" from listen, which using IPv6.
Then re-run the install so the packages are happy. Note, the re-install
won't overwrite the "listen" change.

.. code-block:: sh

  sudo apt install --reinstall dovecot-mysql dovecot-pop3d dovecot-imapd \
    dovecot-managesieved dovecot-lmtpd


OpenDKIM
========

.. code-block:: sh

  sudo apt install opendkim


OpenDMARC
=========
Requires database setup.


.. code-block:: sh

  sudo apt install opendmarc


SPF
===
Set up SPF.


DNS
===
Set up DNS.


Other
=====
Perhaps these too.

.. code-block:: sh

  apt install postfix-policyd-spf-python rspamd
  apt install fail2ban spamassassin sqlgrey opendkim-tools make
libre mail stub 2024-08-31 14:56:45 -06:00			`=============`
			`mail.libre.is`
			`=============`
			`Documentation for Libre mail server.`

Mail server, apache, sql 2024-09-01 10:31:25 -06:00			`Setting up Internet mail servers is a pain.`
			`It's nothing like just setting up a web server...`
			`This install is based on this guide:`

			`<https://workaround.org/ispmail-bookworm/>`_

mail bits 2024-09-01 08:39:07 -06:00
			`Main Components`
			`===============`

			`Dovecot`

			`<https://dovecot.org/>`_

Mail server, apache, sql 2024-09-01 10:31:25 -06:00
			`MariaDB`


mail bits 2024-09-01 08:39:07 -06:00			`OpenDKIM`

			`<http://www.opendkim.org/>`_

			`OpenDMARC`

			`<http://www.trusteddomain.org/opendmarc/>`_

			`<https://github.com/trusteddomainproject/OpenDMARC>`_

			`Postfix`

			`<https://www.postfix.org/>`_


Mail server, apache, sql 2024-09-01 10:31:25 -06:00			`Apache`
			`======`
			`The Apache webserver is used out of laziness as it allows easy`
			`certificate updates with certbot. A webmail server won't be`
			`running on the main mail server.`
mail bits 2024-09-01 08:39:07 -06:00
			`.. code-block:: sh`

Mail server, apache, sql 2024-09-01 10:31:25 -06:00			`sudo apt install apache2`
			`echo "mail.libre.is" \| sudo tee /var/www/html/index.html`

			`Open up firewall ports 80 and 443.`


			`MariaDB`
			`=======`
			`The main database server.`

			`.. code-block:: sh`

			`sudo apt install mariadb-server`
			`sudo mariadb-admin password`
			`mariadb -uroot -p`

			`Add databases.`
			`Change password to something secure.`

			`.. code-block:: sql`

			`CREATE DATABASE mailserver;`
More mail SQL 2024-09-01 10:34:12 -06:00
Mail server, apache, sql 2024-09-01 10:31:25 -06:00			`GRANT ALL ON mailserver.* TO 'mailadmin'@'localhost' IDENTIFIED BY 'password';`
More mail SQL 2024-09-01 10:34:12 -06:00
Mail server, apache, sql 2024-09-01 10:31:25 -06:00			`GRANT SELECT ON mailserver.* TO 'mailserver'@'127.0.0.1' IDENTIFIED BY 'password';`
More mail SQL 2024-09-01 10:34:12 -06:00
			`USE mailserver;`

Mail server, apache, sql 2024-09-01 10:31:25 -06:00			CREATE TABLE IF NOT EXISTS `virtual_domains` (
			`id` int(11) NOT NULL auto_increment,
			`name` varchar(50) NOT NULL,
			PRIMARY KEY (`id`)
			`) ENGINE=InnoDB DEFAULT CHARSET=utf8;`
More mail SQL 2024-09-01 10:34:12 -06:00
			CREATE TABLE IF NOT EXISTS `virtual_users` (
			`id` int(11) NOT NULL auto_increment,
			`domain_id` int(11) NOT NULL,
			`email` varchar(100) NOT NULL,
			`password` varchar(150) NOT NULL,
			`quota` bigint(11) NOT NULL DEFAULT 0,
			PRIMARY KEY (`id`),
			UNIQUE KEY `email` (`email`),
			`FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE`
			`) ENGINE=InnoDB DEFAULT CHARSET=utf8;`

			CREATE TABLE IF NOT EXISTS `virtual_aliases` (
			`id` int(11) NOT NULL auto_increment,
			`domain_id` int(11) NOT NULL,
			`source` varchar(100) NOT NULL,
			`destination` varchar(100) NOT NULL,
			PRIMARY KEY (`id`),
			`FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE`
			`) ENGINE=InnoDB DEFAULT CHARSET=utf8;`

Mail server, apache, sql 2024-09-01 10:31:25 -06:00			`EXIT`


			`Postfix`
			`=======`
			`The main SMTP mail server.`

			`.. code-block:: sh`

			`sudo apt install postfix`
			`sudo apt install postfix-mysql`


			`Redis`
			`=====`
			`Note, the licensing of Redis has gone bad. The version in Debian`
			`is OK. But in the future, probably replace with a fork.`

			`.. code-block:: sh`

			`sudo apt install redis-server`


			`rspamd`
			`======`
			`Spam control.`

			`.. code-block:: sh`

			`sudo apt install rspamd`


			`Certbot`
			`=======`
			`Encryption certificates with Let's Encrypt.`
			`Not using an Apache webserver on the mail server makes getting`
			`new certificates a bit more complex.`

			`.. code-block:: sh`

			`sudo apt install certbot ca-certificates python3-certbot-apache`
			`sudo certbot -d mail.libre.is`
			`sudo systemctl restart apache2`
			`echo "post-hook = systemctl restart postfix dovecot apache2" \| \`
			`sudo tee /etc/letsencrypt/cli.ini`
mail bits 2024-09-01 08:39:07 -06:00

Mail server, apache, sql 2024-09-01 10:31:25 -06:00			`Dovecot`
			`=======`
			`Just using encrypted IMAPS, not POP.`

			`.. code-block:: sh`

			`sudo apt install dovecot-mysql dovecot-pop3d dovecot-imapd \`
			`dovecot-managesieved dovecot-lmtpd`

			`Note, since IPv6 isn't being used, the dovecot install barfs.`
			`Edit /etc/dovecot/dovecot.conf and add this line, where appropriate:`

			`.. code-block:: sh`

			`listen = *`

			`Note, this is removing the "::" from listen, which using IPv6.`
			`Then re-run the install so the packages are happy. Note, the re-install`
			`won't overwrite the "listen" change.`

			`.. code-block:: sh`

			`sudo apt install --reinstall dovecot-mysql dovecot-pop3d dovecot-imapd \`
			`dovecot-managesieved dovecot-lmtpd`


			`OpenDKIM`
			`========`

			`.. code-block:: sh`

			`sudo apt install opendkim`


			`OpenDMARC`
			`=========`
			`Requires database setup.`


			`.. code-block:: sh`

			`sudo apt install opendmarc`


			`SPF`
			`===`
			`Set up SPF.`


			`DNS`
			`===`
			`Set up DNS.`


			`Other`
			`=====`
			`Perhaps these too.`

			`.. code-block:: sh`

			`apt install postfix-policyd-spf-python rspamd`
			`apt install fail2ban spamassassin sqlgrey opendkim-tools make`
mail bits 2024-09-01 08:39:07 -06:00