399 lines
8.3 KiB
ReStructuredText
399 lines
8.3 KiB
ReStructuredText
=============
|
|
mail.libre.is
|
|
=============
|
|
Documentation for Libre mail server.
|
|
|
|
Setting up Internet mail servers is a pain.
|
|
It's nothing like just setting up a web server...
|
|
|
|
|
|
Main Components
|
|
===============
|
|
|
|
This install is based on this guide:
|
|
|
|
`<https://workaround.org/ispmail-bookworm/>`_
|
|
|
|
For more information and details about what is what,
|
|
refer to that site.
|
|
|
|
Dovecot
|
|
|
|
`<https://dovecot.org/>`_
|
|
|
|
|
|
MariaDB
|
|
|
|
|
|
OpenDKIM
|
|
|
|
`<http://www.opendkim.org/>`_
|
|
|
|
OpenDMARC
|
|
|
|
`<http://www.trusteddomain.org/opendmarc/>`_
|
|
|
|
`<https://github.com/trusteddomainproject/OpenDMARC>`_
|
|
|
|
Postfix
|
|
|
|
`<https://www.postfix.org/>`_
|
|
|
|
|
|
Debian
|
|
======
|
|
Install Debian stable (bookworm).
|
|
Install rsyslog for old school convenience:
|
|
|
|
.. code-block:: sh
|
|
|
|
sudo apt install rsyslog
|
|
|
|
|
|
Apache
|
|
======
|
|
The Apache webserver is used out of laziness as it allows easy
|
|
certificate updates with certbot. A webmail server won't be
|
|
running on the main mail server.
|
|
|
|
.. code-block:: sh
|
|
|
|
sudo apt install apache2
|
|
echo "mail.libre.is" | sudo tee /var/www/html/index.html
|
|
|
|
Open up firewall ports 80 and 443.
|
|
|
|
|
|
MariaDB
|
|
=======
|
|
The main database server.
|
|
|
|
.. code-block:: sh
|
|
|
|
sudo apt install mariadb-server
|
|
sudo mariadb-admin password
|
|
mariadb -uroot -p
|
|
|
|
Add databases.
|
|
Change password to something secure.
|
|
|
|
.. code-block:: sql
|
|
|
|
CREATE DATABASE mailserver;
|
|
|
|
GRANT ALL ON mailserver.* TO 'mailadmin'@'localhost' IDENTIFIED BY 'password';
|
|
|
|
GRANT SELECT ON mailserver.* TO 'mailserver'@'127.0.0.1' IDENTIFIED BY 'password';
|
|
|
|
USE mailserver;
|
|
|
|
CREATE TABLE IF NOT EXISTS `virtual_domains` (
|
|
`id` int(11) NOT NULL auto_increment,
|
|
`name` varchar(50) NOT NULL,
|
|
PRIMARY KEY (`id`)
|
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
|
|
|
CREATE TABLE IF NOT EXISTS `virtual_users` (
|
|
`id` int(11) NOT NULL auto_increment,
|
|
`domain_id` int(11) NOT NULL,
|
|
`email` varchar(100) NOT NULL,
|
|
`password` varchar(150) NOT NULL,
|
|
`quota` bigint(11) NOT NULL DEFAULT 0,
|
|
PRIMARY KEY (`id`),
|
|
UNIQUE KEY `email` (`email`),
|
|
FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
|
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
|
|
|
CREATE TABLE IF NOT EXISTS `virtual_aliases` (
|
|
`id` int(11) NOT NULL auto_increment,
|
|
`domain_id` int(11) NOT NULL,
|
|
`source` varchar(100) NOT NULL,
|
|
`destination` varchar(100) NOT NULL,
|
|
PRIMARY KEY (`id`),
|
|
FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
|
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
|
|
|
EXIT
|
|
|
|
|
|
Postfix
|
|
=======
|
|
The main SMTP mail server.
|
|
|
|
.. code-block:: sh
|
|
|
|
sudo apt install postfix
|
|
sudo apt install postfix-mysql
|
|
|
|
Set up postfix to use MariaDB.
|
|
Edit /etc/postfix/mysql-virtual-mailbox-domains.cf
|
|
and add below, using the mailserver password used in MariaDB.
|
|
|
|
.. code-block:: cfg
|
|
|
|
user = mailserver
|
|
password = password
|
|
hosts = 127.0.0.1
|
|
dbname = mailserver
|
|
query = SELECT 1 FROM virtual_domains WHERE name='%s'
|
|
|
|
|
|
Edit /etc/postfix/mysql-virtual-mailbox-maps.cf and add below contents:
|
|
|
|
.. code-block:: cfg
|
|
|
|
user = mailserver
|
|
password = password
|
|
hosts = 127.0.0.1
|
|
dbname = mailserver
|
|
query = SELECT 1 FROM virtual_users WHERE email='%s'
|
|
|
|
Edit /etc/postfix/mysql-virtual-alias-maps.cf and add below:
|
|
|
|
.. code-block:: cfg
|
|
|
|
user = mailserver
|
|
password = password
|
|
hosts = 127.0.0.1
|
|
dbname = mailserver
|
|
query = SELECT destination FROM virtual_aliases WHERE source='%s'
|
|
|
|
Edit /etc/postfix/mysql-email2email.cf and add:
|
|
|
|
.. code-block:: cfg
|
|
|
|
user = mailserver
|
|
password = password
|
|
hosts = 127.0.0.1
|
|
dbname = mailserver
|
|
query = SELECT email FROM virtual_users WHERE email='%s'
|
|
|
|
Then run these commands:
|
|
|
|
.. code-block:: sh
|
|
|
|
sudo postconf \
|
|
virtual_mailbox_domains=mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
|
|
sudo postconf \
|
|
virtual_mailbox_maps=mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
|
|
sudo postconf \
|
|
virtual_alias_maps=mysql:/etc/postfix/mysql-virtual-alias-maps.cf
|
|
sudo postconf \
|
|
virtual_alias_maps=mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-email2email.cf
|
|
sudo chgrp postfix /etc/postfix/mysql-*.cf
|
|
sudo chmod 640 /etc/postfix/mysql-*.cf
|
|
|
|
|
|
Redis
|
|
=====
|
|
Note, the licensing of Redis has gone bad. The version in Debian
|
|
is OK. But in the future, probably replace with a fork.
|
|
|
|
.. code-block:: sh
|
|
|
|
sudo apt install redis-server
|
|
|
|
|
|
rspamd
|
|
======
|
|
Spam control.
|
|
|
|
.. code-block:: sh
|
|
|
|
sudo apt install rspamd
|
|
|
|
|
|
Certbot
|
|
=======
|
|
Encryption certificates with Let's Encrypt.
|
|
Not using an Apache webserver on the mail server makes getting
|
|
new certificates a bit more complex.
|
|
|
|
.. code-block:: sh
|
|
|
|
sudo apt install certbot ca-certificates python3-certbot-apache
|
|
sudo certbot -d mail.libre.is
|
|
sudo systemctl restart apache2
|
|
echo "post-hook = systemctl restart postfix dovecot apache2" | \
|
|
sudo tee /etc/letsencrypt/cli.ini
|
|
|
|
|
|
Dovecot
|
|
=======
|
|
Just using encrypted IMAPS, not POP.
|
|
|
|
.. code-block:: sh
|
|
|
|
sudo apt install dovecot-mysql dovecot-pop3d dovecot-imapd \
|
|
dovecot-managesieved dovecot-lmtpd
|
|
|
|
Note, since IPv6 isn't being used, the dovecot install barfs.
|
|
Edit /etc/dovecot/dovecot.conf and add this line, where appropriate:
|
|
|
|
.. code-block:: sh
|
|
|
|
listen = *
|
|
|
|
Note, this is removing the "::" from listen, which using IPv6.
|
|
Then re-run the install so the packages are happy. Note, the re-install
|
|
won't overwrite the "listen" change.
|
|
|
|
.. code-block:: sh
|
|
|
|
sudo apt install --reinstall dovecot-mysql dovecot-pop3d dovecot-imapd \
|
|
dovecot-managesieved dovecot-lmtpd
|
|
|
|
Add user and set up configs
|
|
|
|
.. code-block:: sh
|
|
|
|
sudo groupadd -g 5000 vmail
|
|
sudo useradd -g vmail -u 5000 vmail -d /var/vmail -m
|
|
sudo chown -R vmail:vmail /var/vmail
|
|
|
|
sudo sed -i -e \
|
|
's/auth_mechanisms = plain/auth_mechanisms = plain login/g' \
|
|
/etc/dovecot/conf.d/10-auth.conf
|
|
|
|
sudo sed -i -e \
|
|
's/!include auth-system.conf.ext/#!include auth-system.conf.ext/g' \
|
|
/etc/dovecot/conf.d/10-auth.conf
|
|
|
|
sudo sed -i -e \
|
|
's/#!include auth-sql.conf.ext/!include auth-sql.conf.ext/g' \
|
|
/etc/dovecot/conf.d/10-auth.conf
|
|
|
|
sudo sed -i -e \
|
|
's/^mail_location.*/mail_location = maildir:~\/Maildir/g' \
|
|
/etc/dovecot/conf.d/10-mail.conf
|
|
|
|
sudo sed -i -e \
|
|
's/#mail_plugins =/mail_plugins = quota/g' \
|
|
/etc/dovecot/conf.d/10-mail.conf
|
|
|
|
Edit /etc/dovecot/conf.d/10-master.conf and add:
|
|
|
|
.. code-block:: cfg
|
|
|
|
# Postfix smtp-auth
|
|
unix_listener /var/spool/postfix/private/auth {
|
|
mode = 0660
|
|
user = postfix
|
|
group = postfix
|
|
}
|
|
|
|
Edit /etc/dovecot/conf.d/10-ssl.conf, set key locations, and make it
|
|
required.
|
|
|
|
.. code-block:: cfg
|
|
|
|
ssl = required
|
|
ssl_cert = </etc/letsencrypt/live/mail.libre.is/fullchain.pem
|
|
ssl_key = </etc/letsencrypt/live/mail.libre.is/privkey.pem
|
|
|
|
Edit /etc/dovecot/dovecot-sql.conf.ext file and add these lines at
|
|
the bottom, changing the password to the mailserver database password.
|
|
|
|
.. code-block:: cfg
|
|
|
|
driver = mysql
|
|
|
|
connect = \
|
|
host=127.0.0.1 \
|
|
dbname=mailserver \
|
|
user=mailserver \
|
|
password=password
|
|
|
|
user_query = SELECT email as user, \
|
|
concat('*:bytes=', quota) AS quota_rule, \
|
|
'/var/vmail/%d/%n' AS home, \
|
|
5000 AS uid, 5000 AS gid \
|
|
FROM virtual_users WHERE email='%u'
|
|
|
|
password_query = SELECT password FROM virtual_users WHERE email='%u'
|
|
|
|
iterate_query = SELECT email AS user FROM virtual_users
|
|
|
|
Set file permissions.
|
|
|
|
.. code-block:: sh
|
|
|
|
sudo chown root:root /etc/dovecot/dovecot-sql.conf.ext
|
|
sudo chmod 600 /etc/dovecot/dovecot-sql.conf.ext
|
|
|
|
Edit /etc/dovecot/conf.d/10-master.conf and change to:
|
|
|
|
.. code-block:: cfg
|
|
|
|
service lmtp {
|
|
unix_listener /var/spool/postfix/private/dovecot-lmtp {
|
|
group = postfix
|
|
mode = 0600
|
|
user = postfix
|
|
}
|
|
}
|
|
|
|
|
|
Restart dovecot server.
|
|
|
|
.. code-block:: sh
|
|
|
|
sudo systemctl restart dovecot
|
|
|
|
Run this to tell postfix to deliver to dovecot:
|
|
|
|
.. code-block:: sh
|
|
|
|
sudo postconf virtual_transport=lmtp:unix:private/dovecot-lmtp
|
|
|
|
Edit /etc/dovecot/conf.d/20-lmtp.conf and change line like this:
|
|
|
|
.. code-block:: cfg
|
|
|
|
mail_plugins = $mail_plugins sieve
|
|
|
|
|
|
Restart dovecot again....
|
|
|
|
.. code-block:: sh
|
|
|
|
sudo systemctl restart dovecot
|
|
|
|
OpenDKIM
|
|
========
|
|
|
|
.. code-block:: sh
|
|
|
|
sudo apt install opendkim
|
|
|
|
|
|
OpenDMARC
|
|
=========
|
|
Requires database setup.
|
|
|
|
|
|
.. code-block:: sh
|
|
|
|
sudo apt install opendmarc
|
|
|
|
|
|
SPF
|
|
===
|
|
Set up SPF.
|
|
|
|
|
|
DNS
|
|
===
|
|
Set up DNS.
|
|
|
|
|
|
Other
|
|
=====
|
|
Perhaps these too.
|
|
|
|
.. code-block:: sh
|
|
|
|
apt install postfix-policyd-spf-python rspamd
|
|
apt install fail2ban spamassassin sqlgrey opendkim-tools make
|
|
|