Differences

This shows you the differences between two versions of the page.

--- email:install_a_full_mail_server [2016/11/11 16:41] – peter
+++ email:install_a_full_mail_server [2019/11/27 21:53] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== Email - Install a full mail server ======
-===== Requirements =====
-  * Multiple domains using this for email (e.g. @company.com, @othercompany.com, @company-other-spelling.org).
-  * Webmail on your server (for anyone in the org to access email).
-  * Aliases / redirects for some email addresses (e.g. so you can redirect "support@" to a particular person).
-  * DO NOT create "linux users" for every email user – it’s a huge security hole, and a massive pain in the ass for the sysadmin.
-  * DO NOT do mail-relaying.
-===== What is needed =====
-  * Web server [Nginx]
-  * Database server (MySQL)
-  * Email server (MTA) (Exim4)
-  * IMAP server (Dovecot)
-  * Webmail server (Roundcube)
-The database server will be used to manage ALL logins and usernames/passwords.
-===== Installation =====
-You need to install ALL of:
-  * apt-get install apache2-mpm-prefork\\ (Some of these email servers require PHP; PHP is crappy and requires mpm-prefork (the 'slow' version of Apache))
-  * apt-get install mysql-client\\ (should auto-install something like: mysql-common + mysql-client-5.5)
-  * apt-get install mysql-server\\ (should auto-install something like: mysql-server-5.5 + mysql-server-core-5.5)
-  * apt-get install exim4
-  * apt-get install exim4-base
-  * apt-get install exim4-config
-  * apt-get install exim4-daemon-heavy\\ (there's an "exim4-mysql" that might be sufficient to replace this, but I gave up: there are way too many exim4 packages, and no help for installing the "correct" set, so … just pick this and get the lot!)
-  * apt-get install dovecot-core
-  * apt-get install dovecot-imapd
-  * apt-get install dovecot-mysql
-  * apt-get install roundcube
-  * apt-get install roundcube-core
-  * apt-get install roundcube-mysql
-===== Setup: DNS =====
-You need an "MX" record on your DNS server, and it needs to point to your main server where you’ll run your email, web, etc.
-===== Setup: Web server =====
-Roundcube sets up an over-the-top config: it creates an email server on every single website hosted on your server, and makes them all available at once.
-Following the idea of http://www.cpierce.org/2012/04/roundcube-for-your-debian-squeeze-mail-server/, I used a much simpler, easier-to-maintain, and easier-to-secure setup. This is documented in the Debian package docs too.
-==== Create a web address for your webmail ====
-If you have multiple websites hosted on your server, you SHOULD have a separate file for each inside /etc/apache2/sites-available. e.g.:
-  * /etc/apache2/sites-available/domain1.com
-  * /etc/apache2/sites-available/other-domain.com
-  * /etc/apache2/sites-available/my-friends-domain.org
-For each domain that you want to give webmail to, edit the file and ADD the following:
-<file apache>
-<VirtualHost *:80>
-  ServerName webmail.[the domain name]
-  DocumentRoot /var/lib/roundcube
-</VirtualHost>
-</file>
-Note: replace “[the domain name]” with the domain name, e.g. "domain1.com"
-===== Setup: create databases =====
-Create your databases. From the command-line, you can do something like:
-<code bash>
-mysql -u root -p
-</code>
-…or use your preferred softare (e.g. phpMyAdmin).
-==== Create the database ====
-<code mysql>
-CREATE DATABASE email_accounts;
-</code>
-==== Create the tables for email-accounts and config ====
-<code mysql>
-USE email_accounts;
-CREATE TABLE mailboxes (
-    id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
-    domain_id INT(10) NOT NULL,
-    local_part VARCHAR(250) NOT NULL,
-    password VARCHAR(100) NULL,
-    description VARCHAR(250) NULL,
-    active TINYINT(1) NOT NULL DEFAULT 0,
-    created TIMESTAMP NOT NULL DEFAULT NOW(),
-    modified TIMESTAMP NULL
-);
-CREATE TABLE aliases (
-    id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
-    domain_id INT(10) NOT NULL,
-    local_part VARCHAR(250) NOT NULL,
-    goto VARCHAR(250) NOT NULL,
-    description VARCHAR(250) NULL,
-    active TINYINT(1) NOT NULL DEFAULT 0,
-    created TIMESTAMP NOT NULL DEFAULT NOW(),
-    modified TIMESTAMP NULL
-);
-CREATE TABLE vacations (
-    id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
-    mailbox_id INT(10) NOT NULL,
-    subject VARCHAR(250) NOT NULL,
-    body TEXT NOT NULL,
-    description VARCHAR(250) NULL,
-    active TINYINT(1) NOT NULL DEFAULT 0,
-    created TIMESTAMP NOT NULL DEFAULT NOW(),
-    modified TIMESTAMP NULL
-);
-CREATE TABLE domains (
-    id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
-    fqdn VARCHAR(250) NOT NULL,
-    type ENUM('local','relay') NOT NULL DEFAULT 'local',
-    description VARCHAR(250) NULL,
-    active TINYINT(1) NOT NULL DEFAULT 0,
-    created TIMESTAMP NOT NULL DEFAULT NOW(),
-    modified TIMESTAMP NULL
-);
-</code>
-==== Create a database-account to access the database ====
-<code mysql>
-grant ALL on email_accounts.* to 'email'@'localhost' identified by 'password';
-flush privileges;
-</code>
-Note: that is not an email address, it’s a MySQL user account.
-Note: this account will ONLY be accessible by our software running on the server; you cannot access this account remotely (over the internet).
-==== Create your first email account and domain ====
-<code mysql>
-INSERT INTO domains VALUES(NULL,'mydomain.com','local','My nice domain for local delivery',1,NOW(),NOW());
-INSERT INTO mailboxes VALUES(NULL,1,'joe',MD5('password - choose a good one'),'My account for joe@mydomain.com',1,NOW(),NOW());
-</code>
-Note: this password is used over the internet when you login to webmail – so pick a good one! This has to be secure!
-==== Create a redirector for an email address ====
-<code mysql>
-INSERT INTO aliases VALUES (NULL, 1, 'support', 'ceo@mydomain.com', 'Redirecting support@ to the CEO. It will be a good experience', 1, NOW(), NOW() );
-</code>
-Note: only set this up if you actually want a redirect.
-===== Setup: Configure Exim4 =====
-When you install Exim4, make sure you chose the “split” packages. If not, you can fix that now by running:
-<code bash>
-dpkg-reconfigure exim4-config
-</code>
-==== Debian: set the global / initial Exim config ====
-NB: these are the settings filled out by “dpkg-reconfigure exim4-config”. Here’s what your file should look like:
-Edit: /etc/exim4/update-exim4.conf.conf
-<file bash /etc/exim4/update-exim4.conf.conf>
-# /etc/exim4/update-exim4.conf.conf
-#
-# Edit this file and /etc/mailname by hand and execute update-exim4.conf
-# yourself or use 'dpkg-reconfigure exim4-config'
-#
-# Please note that this is _not_ a dpkg-conffile and that automatic changes
-# to this file might happen. The code handling this will honor your local
-# changes, so this is usually fine, but will break local schemes that mess
-# around with multiple versions of the file.
-#
-# update-exim4.conf uses this file to determine variable values to generate
-# exim configuration macros for the configuration file.
-#
-# Most settings found in here do have corresponding questions in the
-# Debconf configuration, but not all of them.
-#
-# This is a Debian specific file
-dc_eximconfig_configtype='internet'
-dc_other_hostnames='[YOUR DOMAIN 1];[YOUR DOMAIN 2]'
-dc_local_interfaces='127.0.0.1;[PUT YOUR SERVER's IP ADDRESS HERE]'
-dc_readhost=''
-dc_relay_domains=''
-dc_minimaldns='false'
-dc_relay_nets=''
-dc_smarthost=''
-CFILEMODE='644'
-dc_use_split_config='false'
-dc_hide_mailname=''
-dc_mailname_in_oh='true'
-dc_localdelivery='maildir_home'
-</file>
-Note: replace “[YOUR DOMAIN 1]” with e.g. “my-company.com”, or “mail.company.com” – you must have one of these for EACH of your domains which has email accounts.
-Note: replace “[PUT YOUR SERVER’s IP ADDRESS HERE]” with e.g. “10.0.0.1” (whatever your public internet address is)
-==== Setup Exim: Macros ====
-ADD the following to /etc/exim4/conf.d/main/000_localmacros:
-<file bash>
-MAIN_LOCAL_DOMAINS = @:localhost:dsearch;/etc/exim4/virtual:${lookup mysql{SELECT fqdn AS domain FROM domains WHERE fqdn='${quote_mysql:$domain}' AND type='local' AND active=1}}
-</file>
-ADD the following to /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs:
-<file bash>
-# List of domains considered local for exim. Domains not listed here
-# need to be deliverable remotely.
-domainlist local_domains = MAIN_LOCAL_DOMAINS
-# MySQL because exim4 on Debian doesn't always add this:
-MYSQL_SERVER=127.0.0.1
-MYSQL_DB=email_accounts
-MYSQL_USER=email
-MYSQL_PASSWORD=password
-hide mysql_servers = MYSQL_SERVER/MYSQL_DB/MYSQL_USER/MYSQL_PASSWORD
-</file>
-===== References =====
-http://t-machine.org/index.php/2014/06/27/webmail-on-your-debian-server-exim4-dovecot-roundcube/
-https://weijl.org/virtual-domains-with-exim4-dovecot-dspam-and-mysql/
-http://www1.alx.pl/w/linux/exim-sql.conf
-http://alex.mamchenkov.net/2010/06/24/exim-dovecot-and-mysql/