• Multiple domains using this for email (e.g. @company.com, @othercompany.com, @company-other-spelling.org).
• Webmail on your server (for anyone in the org to access email).
• Aliases / redirects for some email addresses (e.g. so you can redirect “support@” to a particular person).
• DO NOT create “linux users” for every email user – it’s a huge security hole, and a massive pain in the ass for the sysadmin.
• DO NOT do mail-relaying.

• Web server [Nginx]
• Database server (MySQL)
• Email server (MTA) (Exim4)
• IMAP server (Dovecot)
• Webmail server (Roundcube)

The database server will be used to manage ALL logins and usernames/passwords.

You need to install ALL of:

• apt-get install apache2-mpm-prefork
  (Some of these email servers require PHP; PHP is crappy and requires mpm-prefork (the 'slow' version of Apache))
• apt-get install mysql-client
  (should auto-install something like: mysql-common + mysql-client-5.5)
• apt-get install mysql-server
  (should auto-install something like: mysql-server-5.5 + mysql-server-core-5.5)
• apt-get install exim4
• apt-get install exim4-base
• apt-get install exim4-config
• apt-get install exim4-daemon-heavy
  (there's an “exim4-mysql” that might be sufficient to replace this, but I gave up: there are way too many exim4 packages, and no help for installing the “correct” set, so … just pick this and get the lot!)
• apt-get install dovecot-core
• apt-get install dovecot-imapd
• apt-get install dovecot-mysql
• apt-get install roundcube
• apt-get install roundcube-core
• apt-get install roundcube-mysql

You need an “MX” record on your DNS server, and it needs to point to your main server where you’ll run your email, web, etc.

Roundcube sets up an over-the-top config: it creates an email server on every single website hosted on your server, and makes them all available at once.

Following the idea of http://www.cpierce.org/2012/04/roundcube-for-your-debian-squeeze-mail-server/, I used a much simpler, easier-to-maintain, and easier-to-secure setup. This is documented in the Debian package docs too.

If you have multiple websites hosted on your server, you SHOULD have a separate file for each inside /etc/apache2/sites-available. e.g.:

• /etc/apache2/sites-available/domain1.com
• /etc/apache2/sites-available/other-domain.com
• /etc/apache2/sites-available/my-friends-domain.org

For each domain that you want to give webmail to, edit the file and ADD the following:

<VirtualHost *:80>
  ServerName webmail.[the domain name]
  DocumentRoot /var/lib/roundcube
</VirtualHost>

Note: replace “[the domain name]” with the domain name, e.g. “domain1.com”

Create your databases. From the command-line, you can do something like:

mysql -u root -p

…or use your preferred softare (e.g. phpMyAdmin).

CREATE DATABASE email_accounts;

USE email_accounts;
 
CREATE TABLE mailboxes (
    id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
    domain_id INT(10) NOT NULL,
    local_part VARCHAR(250) NOT NULL,
    password VARCHAR(100) NULL,
    description VARCHAR(250) NULL,
    active TINYINT(1) NOT NULL DEFAULT 0,
    created TIMESTAMP NOT NULL DEFAULT NOW(),
    modified TIMESTAMP NULL
);
CREATE TABLE aliases (
    id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
    domain_id INT(10) NOT NULL,
    local_part VARCHAR(250) NOT NULL,
    goto VARCHAR(250) NOT NULL,
    description VARCHAR(250) NULL,
    active TINYINT(1) NOT NULL DEFAULT 0,
    created TIMESTAMP NOT NULL DEFAULT NOW(),
    modified TIMESTAMP NULL
);
CREATE TABLE vacations (
    id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
    mailbox_id INT(10) NOT NULL,
    subject VARCHAR(250) NOT NULL,
    body TEXT NOT NULL,
    description VARCHAR(250) NULL,
    active TINYINT(1) NOT NULL DEFAULT 0,
    created TIMESTAMP NOT NULL DEFAULT NOW(),
    modified TIMESTAMP NULL
);
 
CREATE TABLE domains (
    id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
    fqdn VARCHAR(250) NOT NULL,
    type ENUM('local','relay') NOT NULL DEFAULT 'local',
    description VARCHAR(250) NULL,
    active TINYINT(1) NOT NULL DEFAULT 0,
    created TIMESTAMP NOT NULL DEFAULT NOW(),
    modified TIMESTAMP NULL
);

grant ALL on email_accounts.* to 'email'@'localhost' identified by 'password';
flush privileges;

Note: that is not an email address, it’s a MySQL user account. Note: this account will ONLY be accessible by our software running on the server; you cannot access this account remotely (over the internet).

INSERT INTO domains VALUES(NULL,'mydomain.com','local','My nice domain for local delivery',1,NOW(),NOW());
INSERT INTO mailboxes VALUES(NULL,1,'joe',MD5('password - choose a good one'),'My account for joe@mydomain.com',1,NOW(),NOW());

Note: this password is used over the internet when you login to webmail – so pick a good one! This has to be secure!

INSERT INTO aliases VALUES (NULL, 1, 'support', 'ceo@mydomain.com', 'Redirecting support@ to the CEO. It will be a good experience', 1, NOW(), NOW() );

Note: only set this up if you actually want a redirect.

When you install Exim4, make sure you chose the “split” packages. If not, you can fix that now by running:

dpkg-reconfigure exim4-config

NB: these are the settings filled out by “dpkg-reconfigure exim4-config”. Here’s what your file should look like:

Edit: /etc/exim4/update-exim4.conf.conf

/etc/exim4/update-exim4.conf.conf

# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file
 
dc_eximconfig_configtype='internet'
dc_other_hostnames='[YOUR DOMAIN 1];[YOUR DOMAIN 2]'
dc_local_interfaces='127.0.0.1;[PUT YOUR SERVER's IP ADDRESS HERE]'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='maildir_home'

Note: replace “[YOUR DOMAIN 1]” with e.g. “my-company.com”, or “mail.company.com” – you must have one of these for EACH of your domains which has email accounts. Note: replace “[PUT YOUR SERVER’s IP ADDRESS HERE]” with e.g. “10.0.0.1” (whatever your public internet address is)

ADD the following to /etc/exim4/conf.d/main/000_localmacros:

MAIN_LOCAL_DOMAINS = @:localhost:dsearch;/etc/exim4/virtual:${lookup mysql{SELECT fqdn AS domain FROM domains WHERE fqdn='${quote_mysql:$domain}' AND type='local' AND active=1}}

ADD the following to /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs:

# List of domains considered local for exim. Domains not listed here
# need to be deliverable remotely.
domainlist local_domains = MAIN_LOCAL_DOMAINS
 
# MySQL because exim4 on Debian doesn't always add this:
 
MYSQL_SERVER=127.0.0.1
MYSQL_DB=email_accounts
MYSQL_USER=email
MYSQL_PASSWORD=password
hide mysql_servers = MYSQL_SERVER/MYSQL_DB/MYSQL_USER/MYSQL_PASSWORD

http://t-machine.org/index.php/2014/06/27/webmail-on-your-debian-server-exim4-dovecot-roundcube/

https://weijl.org/virtual-domains-with-exim4-dovecot-dspam-and-mysql/

http://www1.alx.pl/w/linux/exim-sql.conf

http://alex.mamchenkov.net/2010/06/24/exim-dovecot-and-mysql/