How to Setup a Complete Mail Server (Postfix) using ‘SquirrelMail’ (Webmail) on Ubuntu/Debian

How to Setup a Complete Mail Server (Postfix) using ‘SquirrelMail’ (Webmail) on Ubuntu/Debian

The following article is intended to use Postfix, Dovecot and SASL to install and configure a basic POP3/IMAP / SMTP mail server in your Debian VPS.

What does Postfix mean?

It’s a reduction in the old and mature Sendmail replacement. Postfix also tries to be very fast, easy to manage and stable.

What’s Downcot?

For* NIX-like applications, it is an open source IMAP and POP3 software, written primarily for security purposes.

What does SASL mean?

SASL, the Simple Authentication and Security Layer, is a standardized authentication framework for protocols.

1.) Pre-Requirements
– You may want to check if your hostname/domainname is a valid FQDN (fully qualified domain name) and it has a valid MX DNS record.

# dig +short MX ashokkuikel.com
10 ashokkuikel.com.

ok the hostname ‘ashokkuikel.com’ has an MX record and:

# dig +short A

$(dig +short MX ashokkuikel.com | head -1 | cut -d’ ‘ -f2)
12.34.56.78

 

the MX record set resolves back to our Debian Server’s IP (12.34.56.78)

2.) Update the system and install the required packages

– Before we proceed any further we need to make sure we have a fully up-to-date system.

# apt-get update
# apt-get upgrade
# apt-get dist-upgrade

2.a) Install postfix

# apt-get install postfix

(when prompted, choose ‘Internet Site’ and then set ‘ashokkuikel.com’ as a system mail name.)

2.b) Install dovecot
# apt-get install dovecot-common dovecot-imapd dovecot-pop3d

2.c) Install sasl for authentication of users
# apt-get install libsasl2-2 libsasl2-modules sasl2-bin

(enable the sasl daemon by setting START=yes in /etc/default/saslauthd. you may also want to reduce the number of threads by setting THREADS=3 for example)
or if you’re feeling brave:

# sed -i -e 's/START=no/START=yes/' -e 's/THREADS=5/THREADS=3/' /etc/default/saslauthd
setup /etc/postfix/sasl/smtpd.conf

# echo -e “pwcheck_method: saslauthd\nmech_list: plain login cram-md5 digest-md5” > /etc/postfix/sasl/smtpd.conf
restart SASL

# /etc/init.d/saslauthd restart

3.) Create system user For handling incoming mails and has access to the mailboxes only.

– create group used for virtual mailboxes

# groupadd vmail -g 2222

– create user used for virtual mailboxes

# useradd vmail -r -g 2222 -u 2222 -d /var/vmail -m -c "mail user"

4.) Prepare SSL certificate for using SSL transport
– copy/move your ssl to some directory for example /etc/sample-ssl/

# mkdir /etc/sample-ssl
# rsync -Waq /path/to/certs/ /etc/sample-ssl/

5.) Postfix configuration
– before doing anything else make sure you have backup of original configuration file

# cp /etc/postfix/main.cf{,.orig}

5.a) setup main postfix configuration file (/etc/postfix/main.cf)
– make sure you change ‘ashokkuikel.com’ with your domainname and also set the ssl paths appropriately

# vim /etc/postfix/main.cf
myhostname=ashokkuikel.com
mydomain=ashokkuikel.com
myorigin=$mydomain
mydestination = localhost
mynetworks = 127.0.0.0/8
inet_interfaces = all
mailbox_size_limit = 0
recipient_delimiter = +
debug_peer_level=2
smtpd_banner=$myhostname ESMTP $mail_name
biff=no
relayhost=
show_user_unknown_table_name=no
append_dot_mydomain = no
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
virtual_mailbox_base=/var/vmail
virtual_mailbox_domains=hash:/etc/postfix/vmail_domains
virtual_mailbox_maps=hash:/etc/postfix/vmail_mailbox
virtual_alias_maps=hash:/etc/postfix/vmail_aliases
virtual_minimum_uid=100
virtual_uid_maps=static:2222
virtual_gid_maps=static:2222
virtual_transport=dovecot
smtpd_tls_cert_file=/etc/sample-ssl/ssl.crt
smtpd_tls_key_file=/etc/sample-ssl/ssl.key
smtpd_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
smtp_use_tls=yes
smtpd_use_tls=yes
smtpd_tls_loglevel=1
smtpd_tls_received_header=yes
tls_random_source=dev:/dev/urandom
smtp_tls_note_starttls_offer=yes
smtpd_tls_session_cache_timeout=3600s
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
queue_directory=/var/spool/postfix
smtpd_sasl_type=dovecot
smtpd_sasl_path=private/auth
smtpd_sasl_auth_enable=yes
broken_sasl_auth_clients=yes
smtpd_sasl_security_options=noanonymous
smtpd_sasl_tls_security_options=$smtpd_sasl_security_options
smtpd_sasl_local_domain=$myhostname
smtpd_sasl_application_name=smtpd
smtpd_helo_required=yes
smtpd_helo_restrictions=reject_invalid_helo_hostname
smtpd_recipient_restrictions=reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

5.b) create /etc/postfix/vmail_domains containing the domains for which postfix will accept emails
– the format is 2 columns. domain left, status right. if there is nothing on the right side, the domain is disabled.

# vim /etc/postfix/vmail_domains
ashokkuikel.com OK
my-otherdomain.com OK

5.c) create /etc/postfix/vmail_mailbox containing the accepted mailboxes
# vim /etc/postfix/vmail_mailbox
info@ashokkuikel.com ashokkuikel.com/info
admin@ashokkuikel.com ashokkuikel.com/admin
webmaster@my-otherdomain.com my-otherdomain.com/webmaster

5.d) create /etc/postfix/vmail_aliases containing the virtual aliases
# vim /etc/postfix/vmail_aliases
info@ashokkuikel.com info@ashokkuikel.com
admin@ashokkuikel.com admin@ashokkuikel.com
webmaster@my-otherdomain.com admin@ashokkuikel.com
hash the configuration files
# postmap /etc/postfix/vmail_domains
# postmap /etc/postfix/vmail_mailbox
# postmap /etc/postfix/vmail_aliases

6.) Dovecot configuration
– before doing anything else make sure you have backup of original configuration file

# cp /etc/dovecot/dovecot.conf{,.orig}

– create main dovecot configuration file

# vim /etc/dovecot/dovecot.conf
protocols = imap imaps pop3 pop3s
log_timestamp = "%Y-%m-%d %H:%M:%S "
first_valid_uid=2222
last_valid_uid=2222
first_valid_gid=2222
last_valid_gid=2222
mail_privileged_group = vmail
disable_plaintext_auth=yes
auth_executable = /usr/lib/dovecot/dovecot-auth
auth_verbose = yes
mail_location = maildir:/var/vmail/%d/%n/Maildir
ssl_cert_file = /etc/sample-ssl/sample-chained.crt
ssl_key_file = /etc/sample-ssl/sample.key
protocol lda {
auth_socket_path = /var/run/dovecot/auth-master
postmaster_address = postmaster@yourdomain.com
mail_plugins = sieve
log_path =
}
auth default {
mechanisms = plain login
passdb passwd-file {
args = scheme=SHA1 /etc/dovecot/users.conf
}
userdb static {
#args = /etc/dovecot/users.conf
args = uid=2222 gid=2222 home=/var/vmail/%d/%n allow_all_users=yes
}
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
user = vmail
group = vmail
}
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}

make sure you set the configuration to match your paths and needs

– create our user’s file:

# touch /etc/dovecot/users.conf

– next, use the following command in order to generate password hash for a particular user:

# dovecotpw -s SHA1
(generated password add to users.conf without the {SHA1} part, for example:)

# cat /etc/dovecot/users.conf
admin@ashokkuikel.com:7mh/MbZGZf7pc2pV6To7WuHJY8E=

7.) Setting up permissions and completing installation

# chgrp vmail /etc/dovecot/dovecot.conf
# chmod g+r /etc/dovecot/dovecot.conf
# chown root:root /etc/dovecot/users.conf
# chmod 600 /etc/dovecot/users.conf

– deliver incoming mails to dovecot

# vim /etc/postfix/master.cf
(append the following)

dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}

– while at it, you may also want to enable the submission port by uncommenting the following line:

submission inet n - - - - smtpd

– reload the services

# /etc/init.d/dovecot restart
# /etc/init.d/postfix restart

Ashok kuikel

Hi, I am Ashok Kuikel, WordPress Developer for WordPress Community. While Cloud Computing Associate and Alibaba MVP and ACA for Cloud Professional. You can follow me on Social Media, GitHub, and via my Blog Channels.

Leave a Reply

Your email address will not be published. Required fields are marked *