This is an old revision of the document!
- mailserver
- Jonathan Haack
- Haack's Networking
- webmaster@haacksnetworking.org
mailserver
This tutorial is for users of Debian GNU/Linux who want to set up a proper email server. By proper, I mean both incoming and outgoing, and not merely a send-only MTA and/or relay. If you only need to send or relay email, please check out exim4. This tutorial assumes you know how to set up A, AAAA, SPF, DKIM, DMARC, MX, and PTR records. Set an A record for example.org and mail.example.org. If you don't know how, then learn up, and do not proceed. If you know how to do that, and also know how to setup nginx and/or apache virtual hosts, you are in good shape!
sudo nano /etc/hosts
Edit the second line and add a line to the bottom similar to:
<127.0.1.1 example.org example> <127.0.0.1 mail.example.org localhost>
Install postfix and mailutils
sudo apt-get install mailutils postfix -y <Internet Site> <example.org>
Install firewall, open common ports for front facing website, and for imap/smtp:
sudo apt install ufw sudo ufw allow 22/tcp sudo ufw allow 53/tcp sudo ufw allow 25/tcp sudo ufw allow 587/tcp sudo ufw allow 143/tcp sudo ufw allow 993/tcp sudo ufw allow 80 sudo ufw allow 443
Increase quota / message size:
sudo postconf -e message_size_limit=52428800
Set hostname and aliases
sudo nano /etc/postfix/main.cf <myhostname = mail.example.com> sudo systemctl restart postfix sudo nano /etc/aliases <root: username> sudo newaliases
In my case, being at Brown Rice Internet, I can only support ipv4, so:
sudo postconf -e "inet_protocols = ipv4"
Or, alternately …
sudo nano /etc/postfix/main.cf <inet protocols; ipv4>
Now that ipv4 and the and the hostname are established, restart the service and carry on:
sudo systemctl restart postfix
If/when you upgrade postfix, please select “No configuration” as otherwise it will overwrite out configurations specified above (including anything we do later, which is even more extensive). Now, let's install a proper cert (TLS):
sudo apt install certbot sudo apt install python3-certbot-nginx
Now, set up the server block for your mail server's website:
sudo nano /etc/apache2/sites-available/mail.example.com.conf
The contents looking something like:
server {>
listen 80;
#listen [::]:80;
server_name mail.example.com;
root /usr/share/nginx/html/;
location ~ /.well-known/acme-challenge {
allow all;
}
}
Make sure that the directory specified above exists and restart the service:
sudo mkdir -p /usr/share/nginx/html/ sudo systemctl reload nginx
— oemb1905 2022/12/05 21:03
