Wiki

User Tools

Site Tools

Trace:
email:install_a_full_secure_mail_server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
email:install_a_full_secure_mail_server [2020/07/25 16:26] – old revision restored (2016/11/28 16:19) 92.220.10.100email:install_a_full_secure_mail_server [2020/07/26 11:22] (current) – old revision restored (2016/11/28 17:09) 158.69.243.115
Line 12: Line 12:
 ===== My example users and domain used in this tutorial ===== ===== My example users and domain used in this tutorial =====
  
-This tutorial will be using "example.com" as the domain.  Please change all instances of example.com to your own domain when following these steps.  We assume example.com has a public IP of 123.123.123.123, so again adjust accordingly.+This tutorial will be using "example.com" as the domain with a public IP of 123.123.123.123.
  
 An example email account of demouser@example.com will be used. An example email account of demouser@example.com will be used.
Line 20: Line 20:
   * An email system with email in the form of xxxx@example.com.   * An email system with email in the form of xxxx@example.com.
   * IMAP secured with SSL for access to your emails.   * IMAP secured with SSL for access to your emails.
-  * All standard protection mechanisms on the emails so that other email systems do not classify our emails as SPAM.  This includes SPF, DKIM, rDNS and SpamAssassin headers.+  * All standard protection mechanisms on the emails so that other email systems do not classify the emails as SPAM.  This includes SPF, DKIM, rDNS and SpamAssassin headers.
  
  
Line 27: Line 27:
 This uses "example.com" as the domain, and "exampleserver" as the hostname.   This uses "example.com" as the domain, and "exampleserver" as the hostname.  
  
-The DNS server will be 8.8.8.8 (**NOTE**: This is gmail DNS system, but adjust to any other DNS server as required).+The DNS server will be 8.8.8.8 (which is the gmail DNS system, but adjust to any other DNS server as required).
  
 <code bash> <code bash>
Line 57: Line 57:
  
   - **Exim4** – the SMTP daemon.   - **Exim4** – the SMTP daemon.
-  - **Courier** – communication extension for Exim4 to have IMAP and POP access to emails.+  - **Courier** – communication extension for Exim4 to have IMAP and POP access to emails; or 
 +  - **Dovecot** - communication extension for Exim4 to have IMAP and POP access to emails.
   - **Swaks** – Swiss army knife for SMTP troubleshooting.   - **Swaks** – Swiss army knife for SMTP troubleshooting.
   - **SSL-cert packages** – for easy work with generating certificates in later parts of the tutorial.   - **SSL-cert packages** – for easy work with generating certificates in later parts of the tutorial.
  
-If you are using Debian or Ubuntuthen you can simply follow these commands :+<WRAP todo> 
 +**TODO**: Update to use alternatives to Couriersuch as Dovecot. 
 +</WRAP> 
 + 
 +Issue these commands:
  
 <code bash> <code bash>
 apt-get update  apt-get update 
-apt-get install exim4-daemon-heavy courier-authdaemon courier-imap courier-imap-ssl courier-pop courier-pop-ssl swaks libnet-ssleay-perl ssl-cert+apt-get install exim4-daemon-heavy swaks libnet-ssleay-perl ssl-cert 
 +</code> 
 + 
 +Decide on using Courier or Dovecot.  Recommendation is to use Dovecot. 
 + 
 +==== For Courier ==== 
 + 
 +<code bash> 
 +apt-get install courier-authdaemon courier-imap courier-imap-ssl courier-pop courier-pop-ssl 
 </code> </code>
  
Line 86: Line 99:
 </WRAP> </WRAP>
  
-Verification of the installation can be done afterwards by checking the running ports with a netstat command.  Check that all the pop3, imap, smtp, pop3s and imaps ports are present:+ 
 +==== For Dovecot ==== 
 + 
 +<code bash> 
 +apt-get install dovecot-imapd dovecot-pop3d 
 +</code> 
 + 
 +Edit the file /etc/dovecot/dovecot.conf and amend the following line in the file /etc/dovecot/dovecot.conf: 
 + 
 +<code> 
 +protocols = pop3 pop3s imap imaps 
 +</code> 
 + 
 +In addition, add the following line in the "protocol pop3" section in the /etc/dovecot/dovecot.conf: 
 + 
 +<code> 
 +pop3_uidl_format = %08Xu%08Xv 
 +</code> 
 + 
 +Configure Dovecot to use the maildir mailbox format.  Edit /etc/dovecot/dovecot.conf: 
 + 
 +<code> 
 +mail_location = maildir:~/Maildir 
 +</code> 
 + 
 +<WRAP info> 
 +**NOTE**:  Maildir mails are almost always stored in ~/Maildir/ directory, which contains cur/, new/ and tmp/ subdirectories.  In maildir each mail is stored in a separate file. 
 +</WRAP> 
 + 
 +or alternatively change to: 
 + 
 +<code> 
 +mail_location = maildir:/home/%u/Maildir 
 +</code> 
 + 
 +<WRAP note> 
 +If !include conf.d/*.conf is uncommented in /etc/dovecot/dovecot.conf, it is necessary to set mail_location in /etc/dovecot/conf.d/10-mail.conf or comment the line out.  10-mail.conf will override the mail_location in dovecot.conf. If you choose to set the mail_location in 10-mail.conf, you have to change it to: 
 +</WRAP> 
 + 
 +<code> 
 +mail_location = maildir:~/Maildir 
 +</code> 
 + 
 +For SSL add or amend the following to the /etc/dovecot/dovecot.conf file. 
 + 
 +<code> 
 +disable_plaintext_auth = no 
 +ssl = yes 
 +ssl_cert_file = </etc/ssl/certs/ssl-cert-snakeoil.pem 
 +ssl_key_file = </etc/ssl/private/ssl-cert-snakeoil.key 
 +</code> 
 + 
 +Uncomment following line in /etc/dovecot/dovecot.conf: 
 + 
 +<code> 
 +listen = * 
 +</code> 
 + 
 +However, this method may cause conflicts with other servers already listening on other ports. The alternative (and probably more desirable) method, then, is to enable the specific listening ports for the protocols that are intended to be used. For example, for IMAP/IMAPS and POP3/POP3S, add to the correct protocol imap and protocol pop3 sections: 
 + 
 +<code> 
 +protocol imap { 
 +     listen = *:143 
 +     ssl_listen = *:993 
 +     ... 
 +     } 
 + 
 +protocol pop3 { 
 +     listen = *:110 
 +     ssl_listen = *:995 
 +     ... 
 +     } 
 +</code> 
 + 
 +If you want to see the config Dovecot is currently using (including the mail_location), use 
 + 
 +<code bash> 
 +dovecot -n 
 +</code> 
 + 
 +Start dovecot: 
 + 
 +<code bash> 
 +/etc/init.d/dovecot start 
 +</code> 
 + 
 +See https://help.ubuntu.com/community/Dovecot 
 + 
 + 
 +==== Verify the setup ==== 
 + 
 +Verification of the installation can be done by checking the running ports with a netstat command.  Ensure that all the pop3, imap, smtp, pop3s and imaps ports are present as required:
  
 <code bash> <code bash>
Line 98: Line 202:
 tcp6            0 [::]:pop3s              [::]:                 LISTEN      tcp6            0 [::]:pop3s              [::]:                 LISTEN     
 </code> </code>
 +
  
 ===== Step 3: Preparing local users for mail system (Maildir) ===== ===== Step 3: Preparing local users for mail system (Maildir) =====
  
-In this example, each user will have their email inside their own home directory under ~/Maildir.  To have this as a standard setting for new users, simpy add this directory to the skeleton so that it is automatically created for new users like this:+In this example, each user will have their email inside their own home directory under ~/Maildir.  To have this as a standard setting for new users, simply add this directory to the skeleton so that it is automatically created for new users like this
 + 
 +It's a good idea to pre-create the Maildir for future users: 
 + 
 +<code bash> 
 +sudo maildirmake.dovecot /etc/skel/Maildir 
 +sudo maildirmake.dovecot /etc/skel/Maildir/.Drafts 
 +sudo maildirmake.dovecot /etc/skel/Maildir/.Sent 
 +sudo maildirmake.dovecot /etc/skel/Maildir/.Trash 
 +sudo maildirmake.dovecot /etc/skel/Maildir/.Templates 
 +</code> 
 + 
 +Then, for an existing user:
  
 <code bash> <code bash>
-maildirmake /etc/skel/Maildir+sudo cp -r /etc/skel/Maildir /home/myuser/ 
 +sudo chown -R myuser:usergroup /home/myuser/Maildir 
 +sudo chmod -R 700 /home/myuser/Maildir
 </code> </code>
  
-For existing users, you have to do this manually (or have a script for this).  For example for the test user "demouser":+or for the example test user "demouser":
  
 <code bash> <code bash>
Line 132: Line 251:
 </code> </code>
  
-It will give you several options in a wizard.  This is how I configured my answers for a small and independent server:+It will give you several options in a wizard.  Here are suggested answers for a small and independent server:
  
   * General type of mail configuration: **internet site**; mail is sent and received directly using SMTP.   * General type of mail configuration: **internet site**; mail is sent and received directly using SMTP.
Line 219: Line 338:
 ===== Step 7: Verification of emails delivery ===== ===== Step 7: Verification of emails delivery =====
  
-Ok, so the basic email system should now be running, lets test it with the most basic test and that is sending an email locally (either between two users of the local system or to yourself).+The basic email system should now be running.  Test this with basic test of sending an email locally (either between two users of the local system or to yourself).
  
 This test will send email to testuser from testuser. This test will send email to testuser from testuser.
Line 236: Line 355:
 </code> </code>
  
-Ok, all looks good, now lets try sending to external source like gmail (replace the xxxx with your real email).+All looks good.  Now try sending an external email.
  
 <code bash> <code bash>
Line 242: Line 361:
 </code> </code>
  
-Now the good and the bad part, the email arrived, but it ended most probably in spam folder because technically this is a "rogue" system with unknown domain and no basic signatures in the email headers.+Now the good and the bad part, the email arrived, but it ended most probably in the spam folder because technically this is a "rogue" system with unknown domain and no basic signatures in the email headers.
  
  
 ===== Step 8-9: First problem with PAM not enabled in courier ===== ===== Step 8-9: First problem with PAM not enabled in courier =====
  
-As immediate step after my emails got working was that Thunderbird was unable to connect to the courier with IMAPS (with TLS enabled) despite the basic certificates existed from the installation (during apt-get install a default set was generated).+An immediate step after my emails got working was that Thunderbird was unable to connect to the courier with IMAPS (with TLS enabled) despite the basic certificates existed from the installation (during apt-get install a default set was generated).
  
-To verify what is going onethis is the best test to see the problem, we will use SWAKS to troubleshoot like this:+To verify what is going onrun a simple test using SWAKS to troubleshoot:
  
 <code bash> <code bash>
Line 290: Line 409:
 </code> </code>
  
-Install SASLAUTH daemon that will do the authentication for us against local unix usernames.+Install the SASLAUTH daemon that will do the authentication against local UNIX usernames.
  
-**NOTE**: If you want some other method of authentication, check the exim4 wiki.+**NOTE**: If you want some other method of authentication, check the [[https://wiki.debian.org/Exim|Exim4 wiki]].
  
 <code bash> <code bash>
Line 378: Line 497:
 ===== Step 10: Configure courier for IMAP ===== ===== Step 10: Configure courier for IMAP =====
  
-You want this because it is most useful for your smartphone access that is definitely supporting mainly IMAP.  Just follow these basic commands:+Ensure that the email client is definitely supporting IMAP.  Just follow these basic commands:
  
 <code bash> <code bash>
Line 746: Line 865:
  
 The next step is to check how well SPF/DKIM and other functions are filtering out incoming spam! The next step is to check how well SPF/DKIM and other functions are filtering out incoming spam!
 +
 +
 +===== References =====
 +
 +https://help.ubuntu.com/community/Dovecot
 +
 +http://wiki.dovecot.org/
 +
  
email/install_a_full_secure_mail_server.1595694395.txt.gz · Last modified: 2020/07/25 16:26 by 92.220.10.100
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki