# Setting up Postfix & Dovecot Mail Server

●

Published 2021-08-29

# Overview - Configuring a secure mail server

Improved Version of Scaleway Guide. I will be configuring a mail server that uses DKIM, Rspam and MariaDB to deliver mails securely. I will install a Roundcube webmail interface to be able to view mails from a web browser.

It's better to have a dedicated virtual or baremetal server for this, with dedicated ip address and rDNS setup.

Ports needed:

25 - needed to receive mail from the internet;
465 - secure SMTP port needed to connect to mail server
587 - port for receiving email

What are those port needed for:

25 - Used for connection between MTA-MTA (Mail Transfer Agent-Mail Transfer Agent). and also used for connection between a client and a server
465 - Used for smtps (Simple Mail Transfer Protocol Secure). SSL encryption starts automatically before any connection to SMTP
587 - Used for MSA (Mail Submission Agent). Almost a standart SMTP port

Info

Some hostings block this ports to prevent spam to be sent from servers

# Pre-work

Before continuing with this guide, some configuration is required to make sure your mail server will be working

To be sure that other servers will accept mails sent from my server, I need to have a valid rDNS configured for a domain (for example mx.ted.ge or mail.ted.ge)
Forwarded or Unlocked SMTP ports

1. Updating the system just because

sudo apt update -y && sudo apt upgrade

2. Making sure no other mail software is installed

service sendmail stop; update-rc.d -f sendmail remove

Ignore Failed to stop sendmail.service: Unit sendmail.service not loaded. message. It just tells you that sendmail has not been installed

3. You might need to install software-properties-common and after that add php repo manually:

Installing repository manager

apt install software-properties-common

Installing php repository

sudo add-apt-repository ppa:ondrej/php

# Installing PostfixAdmin

All mailboxes will belong to virtual users. To manage mailboxes, we need one system user which will be the owner of all mailboxes and will be used by all virtual users to access their emails on the server. The home directory of the user will be /var/mail/vmail and all mailboxes will be stored in that directory:

sudo groupadd -g 5000 vmail
sudo useradd -u 5000 -g vmail -s /usr/sbin/nologin -d /var/mail/vmail -m vmail

Because PostfixAdmin is a PHP application, we will setup an Nginx, PHP7.2 and MariaDB webserver:

sudo apt install nginx mariadb-server php7.2-fpm php7.2-cli php7.2-imap php7.2-json php7.2-mysql php7.2-opcache php7.2-mbstring php7.2-readline

Missing repo list

You might need to add php repo manually if you can't install anything below: sudo add-apt-repository ppa:ondrej/php

If you cant do even that, then install software-properties-common and try installing first repo again

1. Setting a root password for MariaDB:

mysql_secure_installation

The setup tool will ask you the following questions:

Enter current password for root (enter for none): Press Enter
Set root password? [Y/n] Type Y
New password: Enter the password for the root user
Remove anonymous users? [Y/n] Type Y
Disallow root login remotely? [Y/n] Type Y
Remove test database and access to it? [Y/n] Type Y
Reload privilege tables now? [Y/n] Type Y

2. Download and unpack PostfixAdmin at the moment of writing tis guide, current version is 3.3.8

wget wget https://altushost-swe.dl.sourceforge.net/project/postfixadmin/postfixadmin-3.3.8/PostfixAdmin%203.3.8.tar.gz
tar xzf PostfixAdmin\ 3.3.8.tar.gz

3. Moving PostfixAdmin into the var/www/postfixadmin directory:

sudo mv postfixadmin-postfixadmin-7d04685/ /var/www/postfixadmin
rm -f PostfixAdmin\ 3.3.8.tar.gz
mkdir /var/www/postfixadmin/templates_c

4. changing directory ownership to www-data user:

sudo chown -R www-data: /var/www/postfixadmin

5. Postfix uses MySQL database, so I will connect to MariaDB server to create a new database and user

mysql -u root -p

6. Create the database, remember to replace your_secret_password with a password for the postfixadmin user:

CREATE DATABASE postfixadmin;
GRANT ALL ON postfixadmin.* TO 'postfixadmin'@'localhost' IDENTIFIED BY 'your_secret_password';
FLUSH PRIVILEGES;
quit

7. Creating a /var/www/postfixadmin/config.local.php config file and opening in a text editor:

nano /var/www/postfixadmin/config.local.php
<?php
$CONF['configured'] = true;

$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfixadmin';
$CONF['database_password'] = 'your_secret_password';
$CONF['database_name'] = 'postfixadmin';

$CONF['default_aliases'] = array (
'abuse'      => 'abuse@example.com',
'hostmaster' => 'hostmaster@example.com',
'postmaster' => 'postmaster@example.com',
'webmaster'  => 'webmaster@example.com'
);

$CONF['fetchmail'] = 'NO';
$CONF['show_footer_text'] = 'NO';

$CONF['quota'] = 'YES';
$CONF['domain_quota'] = 'YES';
$CONF['quota_multiplier'] = '1024000';
$CONF['used_quotas'] = 'YES';
$CONF['new_quota_table'] = 'YES';

$CONF['aliases'] = '0';
$CONF['mailboxes'] = '0';
$CONF['maxquota'] = '0';
$CONF['domain_quota_default'] = '0';
?>

Don't forget to replace 'your_secret_password' with the actual password

The configuration defines the database type, login credentials, default aliases, disabled fetchmail and enabled quota.

8. Running following script to install the database schema:

sudo -u www-data php /var/www/postfixadmin/public/upgrade.php

creating db superadmin from CLI tools:

sudo bash /var/www/postfixadmin/scripts/postfixadmin-cli admin add

9. Enter the email address of the admin, and answer the questions of the CLI.

To secure the communication with the webserver, we use Let’s Encrypt to get a free SSL certificate:

notes guide mail mail server dkim rspamd mariadb linux ubuntu debian