This article covers:
- Multiple domains support e.g. example.com, rtcamp.com, apple.com, google.com, etc.
- Virtual users support e.g. rahul@apple.com, steve@rtcamp.com, etc. Virtual users cannot login to server using shell/ftp like real-users.
- Alias management e.g. mails for you@example.com should be forwarded to rahul@rtcamp.com)
- Web-based administration interface to add/remove domains, email users and aliases.
- Webmail Interface for mail users can simply login with email-id & password to send/check emails.
Installing packages for postfix, dovecot, mysql
apt-get install postfix postfix-mysql dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-mysql mysql-server dovecot-sieve dovecot-managesieved
If you are adding a mail server on existing system some packages might be present already. Depending on previously installed package list, you may or may not see prompts to configure mysql, postfix, etc. Choose defaults wherever possible.
Postfix Configuration
This guide is created using postfix 2.9.6. You can check postfix version installed using command: postconf mail_version
Postfix configuration has 2 important files: main.cf
and master.cf
. We will also add some more files for virtual domain/mail system.
Postfix master.cf
If you want to run smtp on port 465 (with SSL) and on port 587 (with TLS), you need to uncomment following lines in master.cf
:
It is highly recommend to do this as most ISP block port 25 to prevent spam.
vim /etc/postfix/master.cf
submission inet n - - - - smtpd smtps inet n - - - - smtpd
Postfix main.cf
Open main.cf
file: vim /etc/postfix/main.cf
Add following lines towards end of file:
# Change postfix TLS parameter to use dovecot #smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache #smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_tls_cert_file=/etc/ssl/certs/dovecot.pem smtpd_tls_key_file=/etc/ssl/private/dovecot.pem smtpd_use_tls=yes #smtpd_tls_auth_only = yes #Handle SMTP authentication using Dovecot smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination # other destination domains should be handled using virtual domains mydestination = localhost # using Dovecot's LMTP for mail delivery and giving it path to store mail virtual_transport = lmtp:unix:private/dovecot-lmtp # virtual mailbox setups virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 virtual_alias_maps = mysql:/etc/postfix/mysql/virtual_alias_maps.cf virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual_domains_maps.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
Postfix Virtual Mailbox Config
We will be using a mysql database for virtual domains, users and aliases.
Create a separate directory to store all postfix-mysql config:
mkdir /etc/postfix/mysql
Virtual Alias Mapping
Create a file: vim /etc/postfix/mysql/virtual_alias_maps.cf
Paste following in it:
user = vimbadmin password = password hosts = 127.0.0.1 dbname = vimbadmin query = SELECT goto FROM alias WHERE address = '%s' AND active = '1'
Virtual Domain Mapping
Create a file: vim /etc/postfix/mysql/virtual_domains_maps.cf
Paste following in it:
user = vimbadmin password = password hosts = 127.0.0.1 dbname = vimbadmin query = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = '0' AND active = '1'
Virtual Mailbox (user) Mapping
Create a file: vim /etc/postfix/mysql/virtual_mailbox_maps.cf
Paste following in it:
user = vimbadmin password = password hosts = 127.0.0.1 dbname = vimbadmin query = SELECT maildir FROM mailbox WHERE username = '%s' AND active = '1'
Dovecot Configuration
Dovecot is an IMAP and POP server. It also implements security/authentication for IMAP/POP as well as SMTP (via Postfix).
We are using dovecot version 2.0.19. You can check it using command: dovecot --version
A real linux user – vmail
Following commands create a user and a group named vmail. vmail is a linux user who will own everybody’s email! (There’s nothing to get panic about this fact…)
groupadd -g 5000 vmail useradd -g vmail -u 5000 vmail -d /var/vmail -m
Restart postfix
service postfix restart
Dovecot Configs
This is most annoying part I found with dovecot. Configuration is literally scattered among too many files:
Enable required protocols
vim /etc/dovecot/dovecot.conf
# Enable installed protocols !include_try /usr/share/dovecot/protocols.d/*.protocol protocols = imap pop3 lmtp sieve
Configure mail storage location
vim /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:/var/vmail/%d/%n
Configure authentication
vim /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no auth_mechanisms = plain login
Also comment out line: #!include auth-system.conf.ext
to disable system user authentication.
Finally add support for mysql based authentication at the bottom:
passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf.ext } userdb { driver = static args = uid=5000 gid=5000 home=/var/vmail/%d/%n allow_all_users=yes }
Configure mysql parameters in dovecot
vim /etc/dovecot/dovecot-sql.conf.ext
Paste following to the bottom:
driver = mysql connect = host=127.0.0.1 dbname=vimbadmin user=vimbadmin password=password password_query = \ SELECT username AS user, password, \ homedir AS userdb_home, uid AS userdb_uid, gid AS userdb_gid \ FROM mailbox WHERE username = '%u' iterate_query = SELECT username AS user FROM mailbox
Change master config file
vim /etc/dovecot/conf.d/10-master.conf
Make sure it looks like following:
service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { mode = 0600 user = postfix group = postfix } } service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } user = dovecot } service auth-worker { user = vmail }
Configure Logging
vim /etc/dovecot/conf.d/10-logging.conf
log_path = /var/log/dovecot.log
Debug logging
If you want to enable debug logs, use following:
#debuggign authentication requests auth_debug = yes #debugging other mail related stuff mail_debug = yes
For more details about debug logging, check available parameters in dovecot docs.
Doveconf
As we are changing many files, we may lose track. You can run doveconf -n
at those times.
doveconf -n
displays list of changes made across entire dovecot.
Similarly, doveconf -a
displays entire dovecot config (including defaults).
Restart dovecot
service dovecot restart
ViMbAdmin – Virtual Mail Server Administration
There are many postfix web interfaces available but we choose to go with ViMbAdmin. It “looks” nice and it uses PHP.
If you prefer ruby/rails, there is a promising alternative – posty.
ViMbAdmin v3 Installation
Vimbadmin requires composer so install it first.
curl -sS https://getcomposer.org/installer | php
Then…
cd /usr/local apt-get install subversion git-core git clone git://github.com/opensolutions/ViMbAdmin.git vimbadmin cd /usr/local/vimbadmin php composer.phar install chown -R www-data: /usr/local/vimbadmin
When composer will prompt you:
Do you want to remove the existing VCS (.git, .svn..) history? [Y,n]?
Answer no n
.
Create a mysql database and user for vimbadmin
Run following from mysql shell
CREATE DATABASE `vimbadmin`; GRANT ALL ON `vimbadmin`.* TO `vimbadmin`@`127.0.0.1` IDENTIFIED BY 'password'; FLUSH PRIVILEGES;
vimbadmin config file
cp application/configs/application.ini.dist application/configs/application.ini vim application/configs/application.ini
securitysalt = "superadmin-password" defaults.mailbox.uid = 5000 defaults.mailbox.gid = 5000 defaults.mailbox.homedir = "/var/vmail/" resources.doctrine2.connection.options.driver = 'pdo_mysql' resources.doctrine2.connection.options.dbname = 'vimbadmin' resources.doctrine2.connection.options.user = 'vimbadmin' resources.doctrine2.connection.options.password = 'password' resources.doctrine2.connection.options.host = 'localhost'
Make sure mysql setting are correct in above config.
Memcache glitch
If you are using memcache, comment out
;resources.session.save_path = APPLICATION_PATH "/../var/session"
Create mysql tables
Following will create mysql tables for which we already tweaked postfix and dovecot.
./bin/doctrine2-cli.php orm:schema-tool:create
Chnage Ownership
chown -R www-data:www-data /usr/local/vimbadmin
set timezone in php
Open /etc/php5/fpm/php.ini
Add/update
date.timezone = "UTC"
Restart PHP-FPM using service php5-fpm restart
Open VimbAdmin interface and follow instructions from there.
ViMbAdmin v2 Installation
Following commands are for Vimbadmin V2. I am sorry to say I did not get time to try V3. But I hope to add v3 instructions soon.
cd /usr/local git clone -b v2 git://github.com/opensolutions/ViMbAdmin.git vimbadmin apt-get install subversion cd /usr/local/vimbadmin ./bin/library-init.sh
Run following from mysql shell
CREATE DATABASE `vimbadmin`; GRANT ALL ON `vimbadmin`.* TO `vimbadmin`@`127.0.0.1` IDENTIFIED BY 'password'; FLUSH PRIVILEGES;
vimbadmin config file
cp application/configs/application.ini.dist application/configs/application.ini vim application/configs/application.ini
securitysalt = "superadmin-password" defaults.mailbox.uid = 5000 defaults.mailbox.gid = 5000 defaults.mailbox.homedir = "/var/vmail/" resources.doctrine.connection_string = "mysql://vimbadmin:password@127.0.0.1/vimbadmin"
Memcache glitch
If you are using memcache, comment out
;resources.session.save_path = APPLICATION_PATH "/../var/session"
Create mysql tables
Following will create mysql tables for which we already tweaked postfix and dovecot.
bin/doctrine-cli.php create-tables
Chnage Ownership
chown -R www-data:www-data /usr/local/vimbadmin
Nginx config
server { server_name vma.example.com; access_log /var/log/nginx/vma.example.com.access.log; error_log /var/log/nginx/vma.example.com.error.log; root /usr/local/vimbadmin/public; index index.php; location / { try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { try_files $uri =404; include fastcgi_params; fastcgi_pass 127.0.0.1:9000; } }
At this point you can open vma.example.com and create an ViMbAdmin admin account. Please note that ViMbAdmin account is not virtual email account.
You can add domain, virtual mail-users after logging into vma.example.com using ViMbAdmin account.
Roundcube for Webmail Interface
You can literally use email client which supports smtp and pop/imap. So webmail part is completely optional.
apt-get install roundcube roundcube-plugins roundcube-plugins-extra
Above install roundcube inside /usr/share/roundcube
Roundcube config files are present in: /etc/roundcube
Open vim /etc/roundcube/main.inc.php
Add/change following:
$rcmail_config['default_host'] = 'localhost'; $rcmail_config['imap_cache'] = memcache; $rcmail_config['messages_cache'] = db
Nginx config
server { server_name mail.example.com; access_log /var/log/nginx/mail.example.com.access.log; error_log /var/log/nginx/mail.example.com.error.log; root /usr/share/roundcube; index index.php; location / { try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { try_files $uri =404; include fastcgi_params; fastcgi_pass 127.0.0.1:9000; } }
You can open mail.example.com in browser and login using a virtual user-email and password.
Testing
At this point, we have SMTP (via Postfix), POP/IMAP (via dovecot) and a web-interface (via Vimbadmin) to manage virtual domains and users.
Before we proceed with remaining goals lets test if we have a working setup (so far).
Testing SMTP, IMAP and POP is covered here in detail.