Postfix

Domain and Records

Before you start anything, you need a domain. If you don’t have one, purchase one.

Because it takes time to replicate the records, you need to start this processes first.

You will need to create A records for the domain, I created the following:

  • @
  • www
  • mail
  • smtp
  • imap
  • webmail

I have them all pointing to the same IP address but for the purpose of using different addresses for each service makes it

You will also need to point the MX record of the domain to the public facing IP address of the Linux box (and set up any natting if required).

Platform Set Up

I am assuming you already have a working Linux installation, for my set up I am using Linux Debian 7 (Wheezy) kernel version 2.6.32-042 Stable 64bit.

There are various ways you can set this up, for my set up I will be using a single server for handling the mail, presenting the webmail and holding the mySQL database. You can separate these functions out to different servers depending on the load requirements and underlying infrastructure.

Make sure your system is up-to-date by running the following command:

Design

This is how the whole solution hangs together. It makes sense to me, hopefully it will make sense to you at least by the time you finish reading this tutorial.Mail Hosting Design

 

MBox vs MailDir

The Unix world has two ways of storing mail messages, the traditional mbox format and the newer maildir format. Postfix and Dovecot supports the two mail storage format so you can use any format, but I highly recommend you use the maildir format.

For the purpose of this tutorial I will be setting it up with maildir, for me the main purpose of this was to allow subfolders to be created in the mailbox (mbox doesn’t allow this no matter how much I tried!)

I won’t explain how mbox works but I will explain how Maildir does:

Receiving and storing a mail

  1. Create a unique file in the tmp directory
  2. Write the mail into the newly created file
  3. Move the completely written mail into the new directory

Retrieving a mail

  1. Locate and read the mail
  2. Move the mail from new into the cur directory and append the mail status flag into the filename

Deleting a mail

  1. Delete the file containing the mail

Searching a mail

  1. Search each and every mail file

*Advantages

  • Locating, retrieving and deleting a specific mail is fast
  • Minimal to no file locking is needed
  • Can be used on a network file system
  • Immune to mailbox corruption assuming hardware will not fail

*Disadvantages

  • Some filesystems may not efficiently handle a large number of small files
  • Searching text is slow due to all mail files to be opened.

SSL Certificate

Don’t get mistaken, if you don’t have a SSL certificate from a certified certificate authority then you can still use a self signed one. For this tutorial we   are going to assume the certificate is saved in /etc/ssl/certs/mailcert.pem and the key is saved in /etc/ssl/private/mail.key. Make sure the key is only readable by the root user!

Create a self signed certificate

Fill in the details

Example only:

Note that this way you cannot create a certificate valid for more than one domain using the subjectAltName field without some additional work.

Check to see if the certs are created:

Postfix

Remove packages

If you are using Debian there is a default MTA on Debian called exim4, you need to remove this or it will conflict with the port mappings.

Install Postfix

Install Postfix

Stop Postfix

Postfix manages it’s own daemons so the following commands work to manage Postfix

  • postfix start
  • postfix stop
  • postfix reload

Configuring Postfix

Postfix has two configuration files

  1. /etc/postfix/master.cf = configuration of services Postfix should run on
  2. /etc/postfix/main.cf = configuration options
Configure master.cf

Add the following into the master.cf, this will take mail from trusted clients for delivery to broader internet, this restricts unauthorised users.

The “-o” options override the settings that are taken from defaults.

Configure main.cf

It is better to start with a clean slate so make a copy of the main.cf first

Delete main.cf

Create a new main.cf file

Copy the following into the file

Change the following lines to reflect your domain:

  • myhostname =
  • mydestination =

Check /etc/mailname file and ensure the correct FQDN is there eg: example.com

With mydestination, just change the first two.

Ensure the host name of the service is specified in /etc/mailname; if you have used the same A records then use the “mail” one unless you have specific requirements not to.

The purpose of “mydestination” sets the domains postfix accepts emails for.

Leaving “relayhost” empty disables Postfix from being used as a relaying server.

In the same file (main.cf) you need to specify alias maps, enter the following lines:

We need to also specify SSL settings, enter the following after alias maps in main.cf:

Furthermore to the main.cf file is to add a line to enable Postfix to reject email to users that cannot be found in the table which in this case, is the aliases table.

Aliases

Aliases are defined in the /etc/aliases file to tell Postfix what email addresses to accept; for example: name@example.com

SMTP RFC 5321 mandates that any publicly accessible mail server that accepts any mail at all must also accept mail to the following addresses:

  • postmaster
  • hostmaster
  • abuse
  • webmaster

You can set up redirects from those email accounts to a specific user by adding in the aliases file “root: user” (user being the email address of a user).

After updating aliases you must update the aliases database by issuing the following command:

Dovecot

Install Dovecot

Configuring Dovecot

Clearing out the configuration file is best for this too

Add the following:

This enables plaintext authentication (the plain text is tunnelled through TLS) and tells Dovecot to use the “mail” system group for accessing local mailboxes and uses Unix authentication system to autenticate users and enable imap only.

It’s probably best to have Dovecot automatically create the Draft, Junk, Trash, Sent folders so add the following to the dovecot.conf file:

We need to open a socket that Postfix can use to piggy-back on Dovecot’s authentication, add the following in dovecot.conf

Also configure SSL by adding the following into dovecot.conf

Start Processes

This should be it, execute the following to start Postfix and Dovecot

Testing

You don’t have to do this but it is good to see it all working, create two users:

Add the users into aliases

Recreate aliases database

Send an email to user1 and user2

Log into user1

Check mail for user1

You should be able to connect IMAP clients such as Outlook or Apple iPhone clients. If you created the same A records as mine then you should use the following settings:

incoming mail server: imap.example.com (SSL on port 993)
user: user1
password: what ever password you specified
outgoing mail server: smtp.example.com (SSL on port 587)

If this isn’t working out so far, re-read the instructions above, if that fails I have added a troubleshooting section at the end of this post.

Roundcube

Okay, if all is going well at this point, then lets install Roundcube.  If you prefer using a different webmail solution or if you wish not to use one then skip this step.

Roundcube is ajax driven webmail solution that runs on a typical LAMPP stack. There are customisable skins (two pre-installed) that use the latest web standards (XHTML and CSS 2)

If Apache, mySQL and PHP isn’t installed, follow the steps

Install Apache2

Install mySQL

You will need to specify a mysql root password, make this secure and save in a password manager – you will need this later

Install PHP 5

Restart Apache

An example only:

Change to root folder

Extract the archive out (install tar if not already installed)

Install additional packages

Configure time zone in Apache

Change the following line to a time zone specific to your location

Okay, so that is the base for Roundcube to be installed on, now you have to configure a vhost for Apache which can be followed using this process. I recommending using the A record webmail for your vhost and locating it in the /var/www/vhosts directory.

Create a folder for Roundcube to be installed

Copy the Roundcube files to the vhost location (my example is Roundcube version 1.0.2)

mySQL

You will need to create a new database and grant privileges to it for a local mySQL account using the steps below. If you require further mySQL commands.

Log into mySQL

Use the password you specified earlier when installing mySQL

Create a database

Grant privileges

Change the ‘password’ to something secure

Flush privileges

Exit mySQL command line interface

Launch Roundcube Installer

So, if that is all set up correctly you should have a Apache, PHP and mySQL installed with a database ready to be used.

Go to the following address to run the Roundcube installer

http://webmail.example.com/installer

Follow the prompts

If everything works out you should be able to go to your new webmail console at http://webmail.example.com

Roundcube Webmail

Roundcube Plugins

So if you are using the Roundcube webmail you will find a basic web mailing features. If you desire more than that then you can install a multitude of plugins to add certain functionality.

Roundcube Security

Change the encryption key in the config.inc.php file to a new 24 character string

Find the string:

Message Attachment Size Limit

Postfix

By default, Postfix limits the file attachment size to 10 megabytes. You can can this by executing the following:

This limits file sizes from 10M to 100M (This is not recommended if you don’t have a good internet connection on the server)

Roundcube

Once you have changed the attachment size in Postfix, you might want to change it in Roundcube

Make a backup of php.ini first

Search for the following two lines:

post_max_size =
upload_max_filesize =

Change the values to your desired size.

Restart Apache for settings to take effect

Troubleshooting

To see any problems with the setup

OR

To see the mail queue in Postfix

To clear the mail queue

Location mail is stored:

For root:

/root/Maildir

For users:

/home/%user%/Maildir

If you cannot see mail in the web mail client, browse to the Maildir directory for the user and see if you see any files in the cur folders

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.