This is an old revision of the document!
- mailserver
- Jonathan Haack
- Haack's Networking
- webmaster@haacksnetworking.org
mailserver
This tutorial is for users of Debian GNU/Linux who want to set up a proper email server. By proper, I mean both incoming and outgoing, and not merely a send-only MTA and/or relay. If you only need to send or relay email, please check out exim4. This tutorial assumes you know how to set up A, AAAA, SPF, DKIM, DMARC, MX, and PTR records. Set an A record for example.org and mail.example.org. If you don't know how, then learn up, and do not proceed. If you know how to do that, and also know how to setup nginx and/or apache virtual hosts, you are in good shape!
sudo nano /etc/hosts
Edit the second line and add a line to the bottom similar to:
<127.0.1.1 example.org example> <127.0.0.1 mail.example.org localhost>
Install postfix and mailutils
sudo apt-get install mailutils postfix -y <Internet Site> <example.org>
Install firewall, open common ports for front facing website, and for imap/smtp:
sudo apt install ufw sudo ufw allow 22/tcp sudo ufw allow 53/tcp sudo ufw allow 25/tcp sudo ufw allow 587/tcp sudo ufw allow 143/tcp sudo ufw allow 993/tcp sudo ufw allow 80 sudo ufw allow 443
Increase quota / message size:
sudo postconf -e message_size_limit=52428800
Set hostname and aliases
sudo nano /etc/postfix/main.cf
Make sure that the hostname, origin, destination, mailbox size, and quota are set. Also, in my case, I only have ipv4 support, so I explicitly sett that as well.
myhostname = mail.example.com myorigin = /etc/mailname mydestination = example.com, $myhostname, localhost.$mydomain, localhost mailbox_size_limit = 0 inet_protocols = ipv4 message_size_limit = 52428800
Let's also make sure that system emails are sent to the user we created above instead of root by sudo nano /etc/aliases and then:
postmaster: root root: user
Now, set up the server block for your mail server's website:
sudo nano /etc/apache2/sites-available/mail.example.com.conf sudo mkdir -p /usr/share/nginx/html/
The contents looking something like:
server {
listen 80;
#listen [::]:80;
server_name mail.example.com;
root /usr/share/nginx/html/;
location ~ /.well-known/acme-challenge {
allow all;
}
}
Once that is done, restart the service sudo systemctl reload nginx and then let's generate a cert:
sudo apt install certbot sudo apt install python3-certbot-nginx sudo certbot certonly -a nginx --agree-tos --no-eff-email --staple-ocsp --email email@email.com -d mail.example.com
Now, let's configure Dovecot for submission on 587 and 465 by editing sudo nano /etc/postfix/master.cf and adding these blocks:
submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_tls_wrappermode=no -o smtpd_sasl_auth_enable=yes -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth
Note that when upgrading postfix, please select “No configuration” as otherwise it will overwrite out configurations.
— oemb1905 2022/12/05 21:03
