Onion Information

Page Clicks: 0

First Seen: 04/26/2024

Last Indexed: 10/23/2024

Domain Index Total: 54

In the article on SMTP and Postfix , we set up a simple Postfix server that we could use to programatically send mail with the mail command. In order to have a true and fully-functional mail server, users should be able to login to a mail client where they can read their inbox and send mail remotely. In order to achieve this we need Dovecot, which can store mails received by the server, authenticate user accounts and interact with mail. If we’re setting up an inbox we will also want spam detection software, such as spam assassin. Dovecot and Spamassassin apt install dovecot-imapd dovecot-sieve spamassassin spamc Unblock the imap port: ufw allow 993 Certificate We will want a SSL certificate for the mail. subdomain. We can get this with Certbot . Assuming we are using Nginx for our server otherwise, run: certbot --nginx certonly -d mail.example.org DNS We also need two little DNS records set on your domain registrar’s site/DNS server: An MX record. Just put your domain, example.org , in the “Points to” field. A CNAME record. Host field: mail.example.org . “Points to” field: example.org. Configuring Dovecot's configuration file is in /etc/dovecot/dovecot.conf . If you open that file, you will see this line: !include conf.d/*.conf which adds all the .conf files in /etc/dovecot/conf.d/ to the Dovecot configuration. One can edit each of these files individually to get the needed configuration, but to make things easy here, delete or backup the main configuration file and we will replace it with one single config file with all important settings in it. Make sure you change ssl_cert and ssl_key accordingly. # Note that in the dovecot conf, you can use: # %u for username # %n for the name in name@domain.tld # %d for the domain # %h the user's home directory # Connections between the mail client and Dovecot needs to be encrypted ssl = required ssl_cert = /var/lib/dovecot/sieve/default.sieve After that, we should create the vmail user and group, which will access the mails, and then update the sieve configuration: grep -q '^vmail:' /etc/passwd || useradd vmail chown -R vmail:vmail /var/lib/dovecot sievec /var/lib/dovecot/sieve/default.sieve Then, enable pam authentication for Dovecot: echo "auth required pam_unix.so nullok account required pam_unix.so" >> /etc/pam.d/dovecot Connecting Postfix and Dovecot We need to tell Postfix to look to Dovecot for authenticating users/passwords. Dovecot will be putting an authentication socket in /var/spool/postfix/private/auth . postconf -e 'smtpd_sasl_auth_enable = yes' postconf -e 'smtpd_sasl_type = dovecot' postconf -e 'smtpd_sasl_path = private/auth' postconf -e 'mailbox_command = /usr/lib/dovecot/deliver' Connecting Postfix and Spamassassin We will change /etc/postifx/master.cf so postfix can route mail through spamassassin. First we can cleanup the default configuration. Feel free to make a backup. sed -i '/^\s*-o/d;/^\s*submission/d;/^\s*smtp/d' /etc/postfix/master.cf Finally, run this command to finish the configuration for spamassassin. echo "smtp unix - - n - - smtp inet n - y - - smtpd -o content_filter=spamassassin submission inet n - y - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_tls_auth_only=yes smtps inet n - y - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes spamassassin unix - n - pipe user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient}" >> /etc/postfix/master.cf Make new mail accounts This is the easy part. Let’s say we want to add a user Billy and let him receive mail, run this: useradd -m -G mail billy passwd billy Any user added to the mail group will be able to receive mail. Suppose a user Cassie already exists and we want to let her receive mail too. Just run: usermod -a -G mail cassie Next: Harden your E-mail Server Or Previous: Validate Email with DNS Records