This is an old revision of the document!
- mailserver
- Jonathan Haack
- Haack's Networking
- webmaster@haacksnetworking.org
mailserver
This tutorial is for users of Debian GNU/Linux who want to set up a proper email server. By proper, I mean both incoming and outgoing, and not merely a send-only MTA and/or relay. If you only need to send or relay email, please check out exim4. This tutorial assumes you know how to set up A, AAAA, SPF, DKIM, DMARC, MX, and PTR records. Set an A record for exmaple.org and mail.example.org. If you don't know how, then learn up, and do not proceed. If you know how to do that, and also know how to setup nginx and/or apache virtual hosts, you are in good shape!
sudo nano /etc/hosts
Edit the second line and add a line to the bottom similar to:
127.0.1.1 example.org example 127.0.0.1 mail.example.org localhost
Install postfix
sudo apt-get install postfix -y <Internet Site> <example.org>
Install firewall
sudo apt install ufw sudo ufw allow 22/tcp sudo ufw allow 25/tcp
Install legacy mailutils for testing and/or scripts:
sudo apt-get install mailutils
Increase quota / message size:
sudo postconf -e message_size_limit=52428800
Set hostname and aliases
sudo nano /etc/postfix/main.cf <myhostname = mail.example.com> sudo systemctl restart postfix sudo nano /etc/aliases <root: username> sudo newaliases
In my case, being at Brown Rice Internet, I can only support ipv4, so:
sudo postconf -e "inet_protocols = ipv4"
Or, …
sudo dpkg-reconfigure postfix <inet protocols; select ipv4>
Now that ipv4 and the and the hostname are established, restart the service and carry on:
sudo systemctl restart postfix
If/when you upgrade postfix, please select “No configuration” as otherwise it will overwrite out configurations specified above. It is now time to install dovecot. First, make sure the firewall allows the port traffic:
sudo ufw allow 80,443,587,465,143,993/tcp [imap] sudo ufw allow 110,995/tcp [add if also using pop3 - but don't]
Now, let's install a cert (TLS):
sudo apt install certbot sudo apt install python3-certbot-nginx
Now, set up the server block for your mail server's website:
sudo nano /etc/apache2/sites-available/mail.example.com.conf
<server {
< listen 80;
< listen [::]:80;
< server_name mail.example.com;
< root /usr/share/nginx/html/;
< location ~ /.well-known/acme-challenge {
< allow all;
< }
<}
Make sure that directory exists and restart the service
sudo mkdir -p /usr/share/nginx/html/ sudo systemctl reload nginx
— oemb1905 2022/12/05 21:03
