Mail System Install on Ubuntu

Phiber2000 edited this page Apr 20, 2016 · 2 revisions

This is a worked example of installing ViMbAdmin with Dovecot and Postfix on Ubuntu 13.10 (Saucy).

At the end of this process, you'll have:

  • ViMbAdmin installed and managing your virtual domains, mailboxes and aliases;
  • Postfix installed and configured for:
    • Email delivery / acceptance to your virtual mailboxes and aliases;
    • TLS available on port 25;
    • SSL on port 465;
    • Email relay to authenticated users only.
  • Dovecot installed and configured for:
    • IMAP over SSL;
    • POP3 over SSL;
    • ManageSieve with TLS support;
    • LMTP for local mail delivery to your virtual mailboxes.

Preparation

Install required packages and dependancies:

apt-get install --yes php5-cgi php5-mcrypt php5-memcache php5-mysql \
    php5-json libapache2-mod-php5 memcached git mysql-server subversion

PHP composer can be installed via:

php -r "readfile('https://getcomposer.org/installer');" | php
mv composer.phar /usr/local/bin/composer

Set the timezone in /etc/php5/apache2/php.ini and /etc/php5/cli/php.ini, such as:

date.timezone = "UTC"

Disclaimer

These instructions are to enable you to get Postfix and Dovecot configured to work with ViMdAdmin. I try to stick with the specific configuration options for this. I neither suggest nor assert that this configuration is secure. Nor do I delve into the many other possible configuration options available in Postfix and Dovecot. These are out of scope here.

ViMbAdmin

Follow the instructions from the Installation documentation and ensure you:

  • set up the database;
  • set the security salts;
  • create your administrative user.

Dovecot

Dovecot will provide support for:

  • IMAP mail access;
  • POP3 mail access;
  • the manage sieved service; and
  • the local delivery protocol (LMTP) - Postfix passes emails it accepts for local delivery off to this process to be stored on the filesystem.

Install the Dovecot related packages via:

apt-get install --yes dovecot-core dovecot-imapd dovecot-managesieved \
    dovecot-pop3d dovecot-postfix dovecot-sieve dovecot-mysql         \
    dovecot-lmtpd dovecot-common

We will store all emails under /srv/vmail and we need to create a user with the appropriate uid and gid used in this example:

groupadd -g 2000 vmail
useradd -c 'Virtual Mailboxes' -d /srv/vmail -g 2000 -u 2000 -s /usr/sbin/nologin -m vmail

Configuring Dovecot

Remove (clear) an unnecessary file which will interfere with our configuration:

echo "" >/etc/dovecot/conf.d/99-mail-stack-delivery.conf

Now, examine this Gist which provides a sample working configuration. If you have any issues, you can increase logging by setting any of the following in /etc/dovecot/conf.d/10-logging.conf to yes:

auth_verbose = no
auth_debug = no
auth_debug_passwords = no
mail_debug = no
verbose_ssl = no

and then:

tail -f /var/log/mail.log`

In our Gist above, we only set parameters that are different from the default. You can see the effect of these by running dovecot -n and comparing it to our version at FIXME.

Postfix

We will configure Postfix for the following purposes here:

  • accept mail for the domains / mailboxes / aliases configured in ViMbAdmin;
  • hand these messages off to Dovecot's deliver - a local delivery agent;
  • allow mailboxes configured in ViMbAdmin to log into Postfix to relay mail.

First, we need to install the following packages:

apt-get install postfix postfix-mysql

When you are asked to choose a general type of mail configuration, choose No configuration. This should hopefully make these instructions reasonably generic.

Configuring Postfix

See this Gist of a main.cf sample Postfix configuration file.

You need to edit master.conf to enable smtps (SMTP over SSL on port 465' TLS is supported over port 25 as part of our configuration):

smtps     inet  n       -       -       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

ViMbAdmin Integration

Postfix integrates with our ViMbAdmin database via settings in the above Gist and by creating the following files form the samples provided (all under /etc/postfix/mysql):

Postfix with SSL

The above referenced Gist includes support for TLS/SSL (encrypted) support with Postfix. We can create a self-signed certificate for testing as follows.

When asked to enter Common Name (eg, YOUR name) []:, ensure you enter the fully qualified name of your mail server. In our example main.cf, we use mail.example.com.

mkdir -p /etc/postfix/ssl
openssl req -new -x509 -days 3650 -nodes       \
    -out /etc/postfix/ssl/mail.example.com.pem \
    -keyout /etc/postfix/ssl/mail.example.com.pem
chmod 0600 /etc/postfix/ssl/mail.example.com.pem

We also need to create the Diffe Hellman parameters:

for len in 512 1024; do
    openssl genpkey -genparam -algorithm DH -out /etc/postfix/dh_${len}.pem \
        -pkeyopt dh_paramgen_prime_len:${len}
done

WARNING: while self-signed certificates are okay for testing, they will cause issues in production. In particular, you will have to train your end users to accept and import untrusted certificates. This is a very bad precedent to set!

Final Steps

Everything outlined in the opening section should now be working. I've followed these instructions and confirmed this via Thunderbird.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.