You are not logged in.

#1 2013-08-24 12:17:14

Butcher
Member
Registered: 2009-02-04
Posts: 158

Simple way of setting up a mail server?

i.e. not an outdated wiki page with millions of lines of commands like this that probably don't even work.

I just want to be able to send and receive mail and have IMAP. I can't understand how is it so easy to have a web or dns server but this is so infuriatingly hard to do.

Thanks

Offline

#2 2013-08-24 13:00:59

satanselbow
Member
Registered: 2011-06-15
Posts: 538

Re: Simple way of setting up a mail server?

Before you dismiss it entirely the Arch wiki page is actually quite well written... there are plenty of good (and very similar!) examples here

Offline

#3 2013-08-24 13:08:03

Butcher
Member
Registered: 2009-02-04
Posts: 158

Re: Simple way of setting up a mail server?

satanselbow wrote:

Before you dismiss it entirely the Arch wiki page is actually quite well written...

That's why it refers to rc.conf, rc.d and wants me to enable magic_quotes in php

satanselbow wrote:

there are plenty of good (and very similar!) examples here

Very easy http://flurdy.com/docs/postfix/

Offline

#4 2013-08-24 21:54:00

kermana
Member
Registered: 2009-04-13
Posts: 60

Re: Simple way of setting up a mail server?

Hi there,

This is going to be a long post with a how to attached underneath smile

The reason a mail system is so much harder to setup is because unlike httpd and dns, there are indipendant multiple components that needs to be working in perfect harmony. In a rolling release distro such as Arch I am not surprised the wiki pages are lagging behind. Specially those which are rarely used.

If you are looking to find a perfect wiki page for setting up a mail server I think you are out of luck, as for years I am yet to find one (not even for centos which is very widely used for mail servers). I have setup quite a few of them but it still takes me almost a full day to set one up correctly, secure and verify it is working. So be ready to spend at least a couple days.

IMHO the best strategy is to get down and dirty and understand every single line you are putting down. Say if dovecot 3.0 is realeased in a year from now, you update your server and realize nothing is working as it should. How are you planning to fix it if you do not understand what you are doing in the first place?

That being said, once you understand what is happening under the hood and see how multiple components interact with each other I am sure you will be feeling much more confident. So I say stop looking for a wiki and just go for it. If it doesn't work as you expected, start over. I know thats what I did with my first server.

So here is what you should do in general terms. You should refer to individual wikis instead of trying to find an all in one solution.

1- install base OS and secure with a firewall and whatnot ...
2- install mariadb (replacement for mysql) secure it. Use this wiki which is very up to date. Remember to run "mysql_secure_installation" as it is quite important.
3- install whatever web server you like and php on top of it. Use this wiki. Remember for your use case you don't need virtualhosts and whatnot. Read the wiki and skip over the parts you don't need.If you are not sure google is your friend or just ask here and I am sure many will answer if you ask nicely.

Stop here and check everything above is working nicely as it is the foundation for what is to come. Also, you might want to install phpmyadmin  at this stage for easy mysql/mariadb administration. Highly recommended.

4- Download and install the latest version of postfixmyadmin from here . Inside the tar.gz file there is a DOCUMENTS folder. This is probably the most important source of information for the later steps.

POSTFIX_CONF.txt --> tells you how to configure postfix (one of later steps) to play nice with postfixmyadmin. This is how postfix will know which users, domains, email addresses there are. These settings are stored in database. Whenever you add a user from postfixmyadmin, these changes are reflected to database which in return gets reflected on postfix. You should understand this. Will save a lot of headaches later on.

DOVECOT.txt --> tells you how to configure dovecot (which will be your IMAP server) to play nice with postfixdmin. Postfix only sends and receives emails. It does not let you access them. This is why you need dovecot. Smilarly to above, dovecot will connect to your database and use the user information stored in there.

Stop and think about what you did in step 4. At this stage, you should be able to login to postfixadmin and create domains/users. Which is 1/2 of the battle. Have a cup of java and congratulate yourself.

5- Install and setup postfix. You will need to refer to the information in POSTFIX_CONF.txt mentioned above. Refer to the "obsolete" wiki page you posted in your first message. You will see a lot smilarities. Read a couple of wiki pages. This configuration is OS INDEPENDANT. Since this is probably the most confusing and risky part I will post my own configuration when I get a chance so you can see it and adapt to yourself. 

6- Install dovecot and configure it. Refer to DOVECOT.txt mentioned above. If you need additional info dovecot project has a very nice wiki here. Use it

7- Verify your server is not an open relay here. This mxtoolbox webpage is a god sent. I am sure you will find it very useful.

And you are done!!!! Stop and verify everything is working. You can test postfix with telnet commands(just google on howto). Dovecot with MS outlook or thunderbird or what have you.


After this point the world is yours. You can install spam filters, virus filters, DKIM filters, a web based mail client like roundcube ...etc. I guess at this point you can appreciate why setting up a mail server is no walk in the park. Call your current admin and buy him a beer big_smile

Note: this post was written in a hurry so sorry for spelling mistakes ...

Last edited by kermana (2013-08-24 23:15:35)

Offline

#5 2013-08-24 22:16:26

kermana
Member
Registered: 2009-04-13
Posts: 60

Re: Simple way of setting up a mail server?

As promised here is my main.cf. I skipped over comments and unimportant default values.

mail_owner = postfix
myhostname = hostname.myDomain.com
mydomain = myDomain.com
inet_interfaces = all
inet_protocols = ipv4
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
relay_domains = proxy:mysql:/etc/postfix/mysql-relay_domains_maps.cf
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
recipient_delimiter = +
smtpd_banner = $myhostname ESMTP
# TLS&SSL config (YOU PROBABLY DON'T NEED THIS PART)
smtpd_use_tls = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_tls_key_file = /etc/pki/custom/hostname.myDomain.com.key
smtpd_tls_cert_file = /etc/pki/custom/certificate.crt
smtpd_tls_CAfile = /etc/pki/custom/hostname.myDomain.com.ca.crt
smtpd_tls_security_level = may
#smtpd_tls_auth_only = yes

# virtual setup (HOW POSTFIX TALKS TO POSTFIXMYADMIN ..etc)
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_minimum_uid = 101
virtual_uid_maps = static:101
virtual_gid_maps = static:12
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

# authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes

# rules restrictions 
smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =

smtpd_data_restrictions =
        reject_unauth_pipelining,
        reject_multi_recipient_bounce,
        permit

smtpd_recipient_restrictions =
        permit_mynetworks
        permit_sasl_authenticated
        reject_unauth_destination
        reject_invalid_helo_hostname
        reject_non_fqdn_sender
        reject_non_fqdn_recipient
        reject_unknown_sender_domain
        reject_unknown_recipient_domain
        reject_rbl_client zen.spamhaus.org
        check_recipient_access hash:/etc/postfix/allowedBackupAddresses
        reject_unverified_recipient
        permit

policy_time_limit = 3600
smtpd_helo_required = yes

maps_rbl_reject_code = 554
invalid_hostname_reject_code = 554
multi_recipient_bounce_reject_code = 554
non_fqdn_reject_code = 554
relay_domains_reject_code = 554
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_sender_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554

# DKIM and CLAM virus scan
milter_default_action = accept
smtpd_milters = unix:/var/run/clamav/clamav-milter.sock inet:localhost:8891
non_smtpd_milters = unix:/var/run/clamav/clamav-milter.sock inet:localhost:8891

# 25MB message limit
message_size_limit = 26214400

Also here is my master.cf. It listens on port 25 (smtp) and 587 (submission). Also sends inbound emails to spamassassin before actual delivery to dovecot.

smtp      inet  n       -       n       -       -       smtpd
submission inet n       -       n       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       n       -       -       smtp
        -o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}

dovecot   unix  -       n       n       -       -       pipe
   flags=DRhu user=vmail:mail argv=/usr/bin/spamc --socket=/var/run/spamd.sock -u ${recipient} -e /usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}

Last edited by kermana (2013-08-24 22:23:50)

Offline

#6 2013-08-25 14:06:52

Butcher
Member
Registered: 2009-02-04
Posts: 158

Re: Simple way of setting up a mail server?

Thanks. Will definitely check that.

Offline

Board footer

Powered by FluxBB