=============
mail.libre.is
=============
Documentation for Libre mail server.
Setting up Internet mail servers is a pain.
It's nothing like just setting up a web server...
Main Components
===============
This install is based on this guide:
``_
For more information and details about what is what,
refer to that site.
Dovecot
``_
MariaDB
OpenDKIM
``_
OpenDMARC
``_
``_
Postfix
``_
Apache
======
The Apache webserver is used out of laziness as it allows easy
certificate updates with certbot. A webmail server won't be
running on the main mail server.
.. code-block:: sh
sudo apt install apache2
echo "mail.libre.is" | sudo tee /var/www/html/index.html
Open up firewall ports 80 and 443.
MariaDB
=======
The main database server.
.. code-block:: sh
sudo apt install mariadb-server
sudo mariadb-admin password
mariadb -uroot -p
Add databases.
Change password to something secure.
.. code-block:: sql
CREATE DATABASE mailserver;
GRANT ALL ON mailserver.* TO 'mailadmin'@'localhost' IDENTIFIED BY 'password';
GRANT SELECT ON mailserver.* TO 'mailserver'@'127.0.0.1' IDENTIFIED BY 'password';
USE mailserver;
CREATE TABLE IF NOT EXISTS `virtual_domains` (
`id` int(11) NOT NULL auto_increment,
`name` varchar(50) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `virtual_users` (
`id` int(11) NOT NULL auto_increment,
`domain_id` int(11) NOT NULL,
`email` varchar(100) NOT NULL,
`password` varchar(150) NOT NULL,
`quota` bigint(11) NOT NULL DEFAULT 0,
PRIMARY KEY (`id`),
UNIQUE KEY `email` (`email`),
FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `virtual_aliases` (
`id` int(11) NOT NULL auto_increment,
`domain_id` int(11) NOT NULL,
`source` varchar(100) NOT NULL,
`destination` varchar(100) NOT NULL,
PRIMARY KEY (`id`),
FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
EXIT
Postfix
=======
The main SMTP mail server.
.. code-block:: sh
sudo apt install postfix
sudo apt install postfix-mysql
Set up postfix to use MariaDB.
Edit /etc/postfix/mysql-virtual-mailbox-domains.cf
and add below, using the mailserver password used in MariaDB.
.. code-block:: cfg
user = mailserver
password = password
hosts = 127.0.0.1
dbname = mailserver
query = SELECT 1 FROM virtual_domains WHERE name='%s'
Edit /etc/postfix/mysql-virtual-mailbox-maps.cf and add below contents:
.. code-block:: cfg
user = mailserver
password = password
hosts = 127.0.0.1
dbname = mailserver
query = SELECT 1 FROM virtual_users WHERE email='%s'
Edit /etc/postfix/mysql-virtual-alias-maps.cf and add below:
.. code-block:: cfg
user = mailserver
password = password
hosts = 127.0.0.1
dbname = mailserver
query = SELECT destination FROM virtual_aliases WHERE source='%s'
Edit /etc/postfix/mysql-email2email.cf and add:
.. code-block:: cfg
user = mailserver
password = password
hosts = 127.0.0.1
dbname = mailserver
query = SELECT email FROM virtual_users WHERE email='%s'
Then run these commands:
.. code-block:: sh
sudo postconf \
virtual_mailbox_domains=mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
sudo postconf \
virtual_mailbox_maps=mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
sudo postconf \
virtual_alias_maps=mysql:/etc/postfix/mysql-virtual-alias-maps.cf
sudo postconf \
virtual_alias_maps=mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-email2email.cf
sudo chgrp postfix /etc/postfix/mysql-*.cf
sudo chmod 640 /etc/postfix/mysql-*.cf
Redis
=====
Note, the licensing of Redis has gone bad. The version in Debian
is OK. But in the future, probably replace with a fork.
.. code-block:: sh
sudo apt install redis-server
rspamd
======
Spam control.
.. code-block:: sh
sudo apt install rspamd
Certbot
=======
Encryption certificates with Let's Encrypt.
Not using an Apache webserver on the mail server makes getting
new certificates a bit more complex.
.. code-block:: sh
sudo apt install certbot ca-certificates python3-certbot-apache
sudo certbot -d mail.libre.is
sudo systemctl restart apache2
echo "post-hook = systemctl restart postfix dovecot apache2" | \
sudo tee /etc/letsencrypt/cli.ini
Dovecot
=======
Just using encrypted IMAPS, not POP.
.. code-block:: sh
sudo apt install dovecot-mysql dovecot-pop3d dovecot-imapd \
dovecot-managesieved dovecot-lmtpd
Note, since IPv6 isn't being used, the dovecot install barfs.
Edit /etc/dovecot/dovecot.conf and add this line, where appropriate:
.. code-block:: sh
listen = *
Note, this is removing the "::" from listen, which using IPv6.
Then re-run the install so the packages are happy. Note, the re-install
won't overwrite the "listen" change.
.. code-block:: sh
sudo apt install --reinstall dovecot-mysql dovecot-pop3d dovecot-imapd \
dovecot-managesieved dovecot-lmtpd
Add user and set up configs
.. code-block:: sh
sudo groupadd -g 5000 vmail
sudo useradd -g vmail -u 5000 vmail -d /var/vmail -m
sudo chown -R vmail:vmail /var/vmail
sudo sed -i -e \
's/auth_mechanisms = plain/auth_mechanisms = plain login/g' \
/etc/dovecot/conf.d/10-auth.conf
sudo sed -i -e \
's/!include auth-system.conf.ext/#!include auth-system.conf.ext/g' \
/etc/dovecot/conf.d/10-auth.conf
sudo sed -i -e \
's/#!include auth-sql.conf.ext/!include auth-sql.conf.ext/g' \
/etc/dovecot/conf.d/10-auth.conf
OpenDKIM
========
.. code-block:: sh
sudo apt install opendkim
OpenDMARC
=========
Requires database setup.
.. code-block:: sh
sudo apt install opendmarc
SPF
===
Set up SPF.
DNS
===
Set up DNS.
Other
=====
Perhaps these too.
.. code-block:: sh
apt install postfix-policyd-spf-python rspamd
apt install fail2ban spamassassin sqlgrey opendkim-tools make