Yesterday I was configuring the mail server on my hosting. Because I'm mostly doing programming, not administration, I'm writing this notes which are serving as a simple how to, if I must do it once more in a couple of years.
In spite of the fact I've done all on Debian, all the described things schould work on some other Linux distribution as well. First install
Postfix and
Dovecot
The configuration will fulfill the following points:
- IMAP over SSL
- SMTP over SSL (Postfix using Dovecot SASL)
- Multiple domains with virtual users
- Mailing possibility for the local users
- Mailboxes in the Maildir format
A thing you should keep in the mind before you start- if something goes wrong, always check /var/log/mail* files as well as /var/log/syslog. Normally it helps to know what exactly goes wrong and to figure the way out.
Configuring Dovecot
Create the user vmail and group vmail. This user needs neither home dir nor shell.
Create the /srv/mail directory with subdirs for the virtual domains and give the the appropriate rights:
BASH:
user@host~# ls -l /srv/mail
Total 16
drwx------ 6 vmail vmail 4096 2008-01-20 13:56 .
drwx------ 5 vmail vmail 4096 2008-01-18 21:07 ..
drwx------ 4 vmail vmail 4096 2008-01-19 19:55 vdomain1
drwx------ 4 vmail vmail 4096 2008-01-19 20:32 vdomain2
In each vdomain dir create etc dir where the virtual host data will be saved:
BASH:
user@host~# mkdir /srv/mail/vdomain1/etc/
You don't need to take care about the virtual users folders, they'll be created automatically by the server once some event related to the user is recieved.
Now we can create the mailboxes records (the passwd file must be in the hash format of the normal passwd file). Use the following to do it:
BASH:
user@host~# echo "testuser:`dovecotpw`:`id -u vmail`:`id -g vmail`::::" >> /srv/mail/vdomain1/etc/passwd
The config file I've created is quite simple and only corresponds minimalistic needs:
BASH:
protocols = imaps
ssl_disable = no
listen = *
ssl_listen = [::]
ssl_disable = no
disable_plaintext_auth = yes
mail_location = maildir:/srv/mail/%d/%n/Maildir
log_timestamp = "%Y-%m-%d %H:%M:%S "
first_valid_uid = 1000
#only for debug purposes
auth_verbose = yes
auth_debug = yes
mail_debug = yes
auth default {
user = root
mechanisms = plain login
passdb passwd-file {
args = /srv/mail/%d/etc/passwd
}
userdb passwd-file {
args = /srv/mail/%d/etc/passwd
}
socket listen {
client {
# Assuming the default Postfix $queue_directory setting
path = /var/spool/postfix/private/auth
mode = 0660
# Assuming the default Postfix user and group
user = postfix
group = postfix
}
}
}
The maildir:/srv/mail/%d/%n/Maildir string sets the mailboxes format to the maildir. %d and %n are the parts of the user@vdomain (username and the domain accordingly) and are being replaced at the request time, to dynamically build the path to the virtual user mail dir (the same principle is used to set the path to the passw file). That's why we must always use the user@vdomain login format.
Let us assume, you've created the user testuser. Restart the dovecot and try to telnet to your server:
BASH:
user@host~# openssl s_client -connect 911aquarium.de:993
If all is ok, you should see some exchange info and as the last line something like:
BASH:
Try to login:
BASH:
1 login testuser@domain1 password
and you should see
BASH:
check if we can see the inbox
BASH:
The server should output something like this:
BASH:
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
* 90 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1200773447] UIDs valid
* OK [UIDNEXT 809] Predicted next UID
2 OK [READ-WRITE] Select completed.
At this point we could check if the normal email client works with our imap server. To do it, send an email from some local user
BASH:
user@domain~# echo "test mail" | mail -s test1 testuser@vdomain1
And now the mail client should receive the message from the testuser@vdomain1's mailbox.
Configuring Postfix
Configuring the Postfix is quite simple. As mentioned above, it will use Dovecot's SASL for the SMTP and will deliver mails for the virtual as well as for the local users.
Create the /etc/postfix/vdomains with the following content:
vdomain1
vdomain2
Create /etc/postfix/vmailbox with the following content
testuser@vdomain1 vdomain1/testuser/Maildir/
and and invoke the postmap:
BASH:
user@host~# postmap /etc/postfix/vmailbox
Note that the '/' at the end of the relative path indicates, that the testuser has the maildir format mailbox.
Time to edit the /etc/postfix/main.cf adding a couple of lines:
virtual_mailbox_domains = /etc/postfix/vdomains
virtual_mailbox_base = /srv/mail
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_uid_maps = static:1005
virtual_gid_maps = static:1005
virtual_minimum_uid = 1000
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_security_options=noanonymous
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_delay_reject = yes
broken_sasl_auth_clients = yes
1005 there is the gid of the vmail user. Check the mydestination config variable to be shure it contains your hostname, which is needed to deliver mails for the local users. After saving the config file we can telnet our smtp server. Note that Postfix uses port 25 for the SSL connections.
BASH:
user@host~# telnet host 25
Trying 192.168.0.3 ...
Connected to host.
Escape character is '^]'.
220 host ESMTP Postfix
type further:
BASH:
ehlo host
250-host
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
So as you see it works. Time to use some mail client to send a mail. I think in a couple of weeks I'll make it working with Postgres instead of passwd files and install Clamav+SpamAssassin
Some usefull links
http://wiki.dovecot.org/
http://www.cyberciti.biz/tips/postfix-smtp-ssl-certificate-csr-installation-guide.html
http://www.postfix.org/docs.html
http://www.postfix.org/VIRTUAL_README.html
http://www.iana.org/assignments/port-numbers