User Tools

Site Tools


notes:mailserver

Mail server (for aliases only)

Initial cleaning

First of all, let's clean up our Debian 7 - 32 bit VPS

apt-get remove --purge cifs-utils samba samba-common sendmail apache2 apache2-doc apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common
apt-get update && apt-get upgrade
apt-get install sudo mc vim

and install ntp (time is important!)

apt-get install ntp

Database

Install mysql dbms

apt-get install mysql-server mysql-client

Getting mysql innodb error on your lowcost/cheap/crappy vps?

InnoDB: Error: io_setup() failed with EAGAIN after 5 attempts. 
InnoDB: You can disable Linux Native AIO by setting innodb_use_native_aio = 0 in my.cnf [...]

Then you can

  • Disable AIO by adding innodb_use_native_aio=0 in my.cnf ([mysqld] section)
  • Increase the global limit for the server in /proc/sys/fs/aio-max-nr (echo 65536 > /proc/sys/fs/aio-max-nr)
  • Disable innodb (it's ok for our mail server)

To disable innodb add

skip-innodb
default-storage-engine=MyISAM

under [mysqld] in /etc/my.cnf

WebServer

Now install a web server (needed for postfixadmin + webmail)

apt-get install php5-fpm php5-mysql php5-intl php5-imap nginx 

Create web directories

mkdir /var/www
mkdir /var/www/XYZ
mkdir /var/www/XYZ/tmp
mkdir /var/www/XYZ/www

edit site configuration file vim /etc/nginx/sites-available/mailing

server {
  server_name XYZ;
  root /var/www/XYZ/www;
  index index.php index.html index.htm;
  location ~ \.php$ {
      try_files $uri =404;
      #try_files $uri $uri/ /index.html;
      fastcgi_pass unix:/var/run/php5-fpm.sock;
      fastcgi_index index.php;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      include fastcgi_params;
  }
  location ~ /\. {
      deny all;
  }
  access_log /var/log/nginx/XYZ-access.log;
  error_log /var/log/nginx/XYZ-error.log;
}

disable default configuration and enable new one

rm /etc/nginx/sites-available/default
ln -s /etc/nginx/sites-available/mailing /etc/nginx/sites-enabled/mailing

and finally

service nginx restart

Btw, to make Nginx use your 404.html custom page instead of the default one, inside the nginx.conf server section, add 404

error_page  404              /404.html;
location  /404.html {
 internal;
}

Is a good idea, to block the access to that page, unless there is an error, so add also location directive as show above.

PostFixAdmin

Now login into mysql

mysql -u root -p

and create postfix/pfa users

CREATE DATABASE postfix;
GRANT ALL PRIVILEGES ON postfix.* TO 'postfix_admin'@'%' IDENTIFIED BY '<dbpassword1>';
GRANT SELECT ON postfix.* TO 'postfix'@'%' IDENTIFIED BY '<dbpassword2>';
FLUSH PRIVILEGES;

Download postfixadmin and untar in www directory

cd /var/www/XYZ/www
wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.3.7/postfixadmin-2.3.7.tar.gz\?use_mirror=garr -O pfa.tar.gz
tar -xzvf pfa.tar.gz
mv postfixadmin-2.3.7/ pfa/
chown -R www-data:www-data pfa
cd pfa
sed -i 's/change-this-to-your.domain.tld/XYZ/g' config.inc.php

Now edit configuration file config.inc.php and change these values:

$CONF['configured'] = true;
$CONF['postfix_admin_url'] = 'https://XYZ/pfa';
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix_admin';
$CONF['database_password'] = '<dbpassword1>';
$CONF['database_name'] = 'postfix';
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';
$CONF['fetchmail'] = 'NO';

Go to http://XYZ/pfa/setup.php

This setup script should create the necessary tables into postfix database.

At the bottom of setup.php enter your admin password and click ‘Gererate password hash’. Edit config.inc.php and add the hash:

$CONF['setup_password'] = '<hash>';

Now enter superadmin account info.

PostFix & Sasl

apt-get install postfix postfix-mysql libsasl2-modules libsasl2-modules-sql

When prompted, choose ‘Internet Site’.

Use yor domain name as ‘System mail name’: <abc.XYZ.foo>

Create virtual mail user and group:

groupadd -g 3000 vmail
useradd -d /var/vmail -m -u 3000 -g 3000 vmail

Check mydestination in /etc/postfix/main.cf; it should look like

mydestination = <abc.XYZ.foo>, localhost

and add the following lines:

virtual_uid_maps = static:3000
virtual_gid_maps = static:3000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_mailbox_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
relay_domains = mysql:/etc/postfix/mysql_relay_domains.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
smtpd_recipient_restrictions =
 permit_mynetworks,
 permit_sasl_authenticated,
 reject_non_fqdn_hostname,
 reject_non_fqdn_sender,
 reject_non_fqdn_recipient,
 reject_unauth_destination,
 reject_unauth_pipelining,
 reject_invalid_hostname
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
milter_default_action = accept

Create the cf file for interfacing postfix and mysql

cd /etc/postfix/
wget https://dl.dropboxusercontent.com/u/12576285/mysql_postfix_cf.tar.gz
tar -xzvf mysql_postfix_cf.tar.gz

(remember to set mysql password within config files!). Add postfix user to sasl group:

adduser postfix sasl

Enable secure smtp ports, edit /etc/postfix/master.cf and uncomment:

submission inet n - - - - smtpd 
 -o syslog_name=postfix/submission 
 -o smtpd_tls_security_level=encrypt 
 -o smtpd_sasl_auth_enable=yes 
 -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
 -o syslog_name=postfix/smtps
 -o smtpd_tls_wrappermode=yes
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 -o milter_macro_daemon_name=ORIGINATING

Restart service

service postfix restart

Dovecot

apt-get install dovecot-imapd dovecot-mysql dovecot-lmtpd

Edit /etc/dovecot/conf.d/10-master.conf

service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    mode = 0600
    user = postfix
    group = postfix
  }
}
service auth {
  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
  }
}

Restart services:

service dovecot restart
service postfix restart

You can now add a domain with PostfixAdmin: first of all, chooese “Create a new Domain” and add your domain XYZ; then create mailboxes/aliases. To test your e-mail server, install mail tool

apt-get install bsd-mailx

And send a test mail

mail -s "My first outgoing mail" info@sth.com < /var/log/dmesg
mail -s "My first local mail" info@XYZ.foo < /var/log/dmesg

Any errors are found in logfiles:

/var/log/auth.log
/var/log/mail.log
/var/log/syslog

Getting

warning: do not list domain XYZ.foo in BOTH mydestination and virtual_mailbox_domains
warning: do not list domain XYZ.foo in BOTH mydestination and virtual_alias_domains

in /var/log/mail.warn?

Remove domain XYZ.foo from /etc/postfix/main.cf and leave only hostname

mydestination = hostname.<del>XYZ.foo</del>, localhost

BTW, in /etc/hosts you should have something like

127.0.0.1 localhost.localdomain localhost
<server_ip> <hostname>.XYZ.foo <hostname>

Missing

  • HTTPS [php5-mcrypt openssl ssl-cert]
  • Dovecot pop3/imap + Mailboxes [dovecot-pop3d + sql .cf]
  • Spam / AV filters
  • Webmail

See [1] for what's missing

Source / More info

notes/mailserver.txt · Last modified: 2014/08/28 08:56 by admin