=============
mail.libre.is
=============
Documentation for Libre mail server.
Setting up Internet mail servers is a pain.
It's nothing like just setting up a web server...
This install is based on this guide:
``_
Main Components
===============
Dovecot
``_
MariaDB
OpenDKIM
``_
OpenDMARC
``_
``_
Postfix
``_
Apache
======
The Apache webserver is used out of laziness as it allows easy
certificate updates with certbot. A webmail server won't be
running on the main mail server.
.. code-block:: sh
sudo apt install apache2
echo "mail.libre.is" | sudo tee /var/www/html/index.html
Open up firewall ports 80 and 443.
MariaDB
=======
The main database server.
.. code-block:: sh
sudo apt install mariadb-server
sudo mariadb-admin password
mariadb -uroot -p
Add databases.
Change password to something secure.
.. code-block:: sql
CREATE DATABASE mailserver;
GRANT ALL ON mailserver.* TO 'mailadmin'@'localhost' IDENTIFIED BY 'password';
GRANT SELECT ON mailserver.* TO 'mailserver'@'127.0.0.1' IDENTIFIED BY 'password';
USE mailserver;
CREATE TABLE IF NOT EXISTS `virtual_domains` (
`id` int(11) NOT NULL auto_increment,
`name` varchar(50) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `virtual_users` (
`id` int(11) NOT NULL auto_increment,
`domain_id` int(11) NOT NULL,
`email` varchar(100) NOT NULL,
`password` varchar(150) NOT NULL,
`quota` bigint(11) NOT NULL DEFAULT 0,
PRIMARY KEY (`id`),
UNIQUE KEY `email` (`email`),
FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `virtual_aliases` (
`id` int(11) NOT NULL auto_increment,
`domain_id` int(11) NOT NULL,
`source` varchar(100) NOT NULL,
`destination` varchar(100) NOT NULL,
PRIMARY KEY (`id`),
FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
EXIT
Postfix
=======
The main SMTP mail server.
.. code-block:: sh
sudo apt install postfix
sudo apt install postfix-mysql
Redis
=====
Note, the licensing of Redis has gone bad. The version in Debian
is OK. But in the future, probably replace with a fork.
.. code-block:: sh
sudo apt install redis-server
rspamd
======
Spam control.
.. code-block:: sh
sudo apt install rspamd
Certbot
=======
Encryption certificates with Let's Encrypt.
Not using an Apache webserver on the mail server makes getting
new certificates a bit more complex.
.. code-block:: sh
sudo apt install certbot ca-certificates python3-certbot-apache
sudo certbot -d mail.libre.is
sudo systemctl restart apache2
echo "post-hook = systemctl restart postfix dovecot apache2" | \
sudo tee /etc/letsencrypt/cli.ini
Dovecot
=======
Just using encrypted IMAPS, not POP.
.. code-block:: sh
sudo apt install dovecot-mysql dovecot-pop3d dovecot-imapd \
dovecot-managesieved dovecot-lmtpd
Note, since IPv6 isn't being used, the dovecot install barfs.
Edit /etc/dovecot/dovecot.conf and add this line, where appropriate:
.. code-block:: sh
listen = *
Note, this is removing the "::" from listen, which using IPv6.
Then re-run the install so the packages are happy. Note, the re-install
won't overwrite the "listen" change.
.. code-block:: sh
sudo apt install --reinstall dovecot-mysql dovecot-pop3d dovecot-imapd \
dovecot-managesieved dovecot-lmtpd
OpenDKIM
========
.. code-block:: sh
sudo apt install opendkim
OpenDMARC
=========
Requires database setup.
.. code-block:: sh
sudo apt install opendmarc
SPF
===
Set up SPF.
DNS
===
Set up DNS.
Other
=====
Perhaps these too.
.. code-block:: sh
apt install postfix-policyd-spf-python rspamd
apt install fail2ban spamassassin sqlgrey opendkim-tools make