|
|
(85 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) |
Zeile 1: |
Zeile 1: |
| === Email Server (Debian, Postfix, Dovecot, MySQL) ===
| | '''E-Mail-Server-Setup''' mit Postfix, Dovecot und MySQL |
|
| |
|
| === How to Set Up an Email Server with Postfix, Dovecot and MySQL === | | === Beschreibung === |
| Configuring an email server using Postfix, Dovecot and MySQL involves the following steps:# Set up a Linode and implement proper security measures.
| | Konfiguration eines E-Mail-Servers mit Postfix, Dovecot und MySQL |
| # Configure DNS so that the server can receive email. | | # DNS konfigurieren |
| # Install and configure MySQL. | | # Datenbank einrichten |
| # Setup Postfix, including making any necessary configuration changes within the appropriate files (such as main.cf). | | # Postfix installieren und einrichten |
| # Install and configure Dovecot as the mail delivery agent. | | # Dovecot installieren und einrichten |
| # Test the email server using Mailutils. | | # Testen des E-Mail-Server |
| # Update MySQL to add additional domains and email addresses as needed. | | # Weitere Domänen und E-Mail-Adressen hinzuzufügen |
|
| |
|
| Next, we will go through each step and set up our email server with Postfix, Dovecot and MySQL.
| | === Voraussetzungen === |
| | # Linux-Server mit geeigneten Sicherheitsmaßnahmen |
|
| |
|
| === Setting Up Your Linode === | | === DNS konfigurieren === |
| # Set up the Linode as specified in the [https://www.linode.com/docs/guides/creating-a-compute-instance/ Creating a Compute Instance] and [https://www.linode.com/docs/guides/set-up-and-secure/ Setting Up and Securing a Compute Instance] guide.
| | Wenn Sie bereit sind, das DNS zu aktualisieren und mit dem Senden von E-Mails an den Server zu beginnen, bearbeiten Sie die DNS-Einträge der Domäne, um Ihren E-Mail-Server zu definieren: |
| # Verify that the iptables [https://www.linode.com/docs/guides/set-up-and-secure/#configure-a-firewall firewall] is not blocking any of the standard mail ports (<tt>25</tt>, <tt>465</tt>, <tt>587</tt>, <tt>110</tt>, <tt>995</tt>, <tt>143</tt>, and <tt>993</tt>). If using a different form of firewall, confirm that it is not blocking any of the needed ports.
| | * Fügen Sie einen DNS-Eintrag für Ihren E-Mail-Server hinzu |
| | * Dies kann entweder ein A-Eintrag sein, der auf die IP-Adresse Ihres Servers verweist, oder ein CNAME-Eintrag, der auf einen Domänennamen verweist. |
| | * Unabhängig davon, welcher Eintrag gewählt wird, setzen Sie den Hostnamen/Namen auf Mail. |
|
| |
|
| === Configure DNS for Your Email Server ===
| | ; MX-Record |
| When you’re ready to update the DNS and start sending mail to the server, edit the domain’s DNS records to define your mail server:* '''Add a DNS record for your email server.''' This can either be an <tt>A</tt> record pointing to your server’s IP address or a <tt>CNAME</tt> record pointing to a domain name. Whichever record is chosen, set the hostname/name to <tt>mail</tt>.
| | Setzen Sie den Hostnamen/Namen auf @, den Mailserver auf mail.example.com (ersetzen Sie ''example.com'' durch Ihren Domainnamen) und die Priorität auf 10. |
| * '''Add an MX record.''' Set the hostname/name to <tt>@</tt>, the mail server to <tt>mail.example.com</tt> (replacing ''example.com'' with your domain name), and the priority to <tt>10</tt>.
| |
|
| |
|
| Here’s the example output of a DNS zone file with those two records:
| | ; Beispielausgabe |
| | @ MX 10 mail.example.com. |
| | mail A 192.0.2.0 |
|
| |
|
| @ MX 10 mail.example.com.
| | * Vergewissern Sie sich, dass der MX-Eintrag für alle Domänen und Subdomänen geändert wird, die E-Mails empfangen könnten. |
| mail A 192.0.2.0
| | * Wenn Sie eine neue Domäne einrichten, können Sie diese Schritte vor der Konfiguration des Mailservers durchführen. |
|
| |
|
| Make sure that the MX record is changed for all domains and subdomains that might receive email. If setting up a brand new domain, these steps can be performed prior to configuring the mail server.
| | === Aktualisieren der Hosts-Datei === |
| | Stellen Sie sicher, dass |
| | * die Hosts-Datei eine Zeile für die öffentliche IP-Adresse enthält |
| | * mit dem '''Fully Qualified Domain Name''' (FQDN) verbunden ist |
|
| |
|
| === Update the Hosts File on Your Email Server ===
| | Im folgenden Beispiel ist 192.0.2.0 die öffentliche IP-Adresse, mail ist der lokale Hostname, und mail.example.com ist der FQDN |
| Verify that the <tt>hosts</tt> file contains a line for the Linode’s public IP address and is associated with the '''Fully Qualified Domain Name''' (FQDN). In the example below, <tt>192.0.2.0</tt> is the public IP address, <tt>mail</tt> is the local hostname, and <tt>mail.example.com</tt> is the FQDN.
| | ;/etc/hosts |
| | 127.0.0.1 localhost.localdomain localhost |
| | 192.0.2.0 mail.example.com mail |
|
| |
|
| <div style="margin-left:0cm;margin-right:0cm;">File: /etc/hosts</div>
| | === SSL-Zertifikat installieren === |
| | Sie müssen ein SSL-Zertifikat auf Ihrem Mailserver installieren, bevor Sie die [https://www.linode.com/docs/guides/email-with-postfix-dovecot-and-mysql/#dovecot Dovecot]-Konfigurationsschritte abschließen. |
| | * Das SSL-Zertifikat authentifiziert die Identität des Mailservers gegenüber den Benutzern und verschlüsselt die übertragenen Daten zwischen dem Mail-Client des Benutzers und dem Mailserver. |
|
| |
|
| {| style="border-spacing:0;width:9.327cm;"
| | Sie können zwar ein SSL-Zertifikat über eine beliebige Zertifizierungsstelle generieren, wir empfehlen jedoch die Verwendung von Certbot, um schnell und einfach ein kostenloses Zertifikat zu generieren. |
| |- style="border:none;padding:0.049cm;"
| | * Befolgen Sie diese [https://certbot.eff.org/instructions Certbot-Anleitung] und wählen Sie Ihre Linux-Distribution und Webserver-Software (oder "None", wenn dieser Server nur als Mailserver fungiert). |
| || 1
| | * Nach der Installation führen Sie Certbot mit der Option certonly aus und geben Sie den FQDN-Namen Ihres Mailservers ein (z. B. ''mail.example.com''): |
| 2
| |
| || 127.0.0.1 localhost.localdomain localhost
| |
| 192.0.2.0 mail.example.com mail
| |
|
| |
|
| |-
| | # certbot certonly --standalone |
| |}
| |
| === Install SSL Certificate ===
| |
| You will need to install an SSL certificate on your mail server prior to completing the [https://www.linode.com/docs/guides/email-with-postfix-dovecot-and-mysql/#dovecot Dovecot] configuration steps. The SSL certificate will authenticate the identity of the mail server to users and encrypt the transmitted data between the user’s mail client and the mail server.
| |
|
| |
|
| While you can generate an SSL certificate through any certificate authority, we recommend using Certbot to quickly and easily generate a free certificate. Follow these [https://certbot.eff.org/instructions Certbot instructions], selecting your Linux distribution and web server software (or “None” if this server is only functioning as a mail server). Once installed, run Certbot with the <tt>certonly</tt> option and type in the FQDN name of your mail server (such as ''mail.example.com''):
| | Sie können auch die Anleitung [https://www.linode.com/docs/guides/secure-http-traffic-certbot/ Install an SSL Certificate with Certbot] zu Rate ziehen. |
| | | * Notieren Sie sich die Dateipfade für das Zertifikat und den privaten Schlüssel. |
| sudo certbot certonly --standalone
| | * Sie benötigen die Pfade für die [https://www.linode.com/docs/guides/email-with-postfix-dovecot-and-mysql/#dovecot Dovecot] Konfigurationsschritte. |
| | |
| You can also reference the [https://www.linode.com/docs/guides/secure-http-traffic-certbot/ Install an SSL Certificate with Certbot] guide. Make a note of the file paths for the certificate and private key on the Linode. You will need the path to each during the [https://www.linode.com/docs/guides/email-with-postfix-dovecot-and-mysql/#dovecot Dovecot] configuration steps.
| |
|
| |
|
| === Install Packages === | | === Install Packages === |
| # Log in to your Linode via SSH. Replace <tt>192.0.2.0</tt> with your IP address:<br/>ssh username@192.0.2.0
| | ; Update your system |
| # Update your system and then install the packages needed in this guide:<br/>sudo apt-get update && sudo apt-get upgrade<br/>sudo apt-get install postfix postfix-mysql dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-mysql mysql-server<br/><div style="margin-left:1cm;margin-right:1cm;">'''Note'''</div><br/><div style="margin-left:1cm;margin-right:1cm;">This will install the '''mysql-server''' package, which isn’t available by default on some newer versions of Debian. If you receive a message stating that the package is not available, install '''mariadb-server''' instead. MariaDB is a drop-in MySQL replacement.</div><br/>You will not be prompted to enter a password for the root MySQL user for recent versions of MySQL. This is because on Debian and Ubuntu, MySQL now uses either the <tt>unix_socket</tt> or <tt>auth_socket</tt> authorization plugin by default. This authorization scheme allows you to log in to the database’s root user as long as you are connecting from the Linux root user on localhost.<br/>When prompted, select '''Internet Site''' as the type of mail server the Postfix installer should configure. In the next screen, the ''System Mail Name'' should be set to the domain you’d like to send and receive email through.<br/>[[Image:Bild2.png|top|alt="Choose “Internet Site” for Postfix."]]<br/>[[Image:Bild3.png|top|alt="Set the system mail name for Postfix."]] | | # apt-get update |
| | | # apt-get upgrade |
| ==== Versions ====
| |
| The following software versions are compatible with the instructions in this guide:* Postfix 3.3.x and 3.4.x
| |
| * Dovecot 2.2.x and 2.3.x
| |
| * MySQL 5.7 and 8.0 (or MariaDB 10.3)
| |
| | |
| While other versions are possibly fully compatible as well, they may require different commands or additional configuration.
| |
| | |
| === Setting Up MySQL to Send Email with Postfix and Dovecot ===
| |
| Data for the mail server’s users (email addresses), domains, and aliases are stored in a MySQL (or MariaDB) database. Both Dovecot and Postfix interact with this data.
| |
| | |
| ==== Create a MySQL Database for Your Postfix Email Server ====
| |
| Follow the steps below to create the database and add tables for virtual users, domains and aliases:# Use the [https://mariadb.com/kb/en/library/mysql_secure_installation/ mysql_secure_installation] tool to configure additional security options. This tool will ask if you want to set a new password for the MySQL root user, but you can skip that step:<br/>sudo mysql_secure_installation<br/>Answer '''Y''' at the following prompts:
| |
| #* Remove anonymous users?
| |
| #* Disallow root login remotely?
| |
| #* Remove test database and access to it?
| |
| #* Reload privilege tables now?
| |
| # Log in to MySQL as a root user:<br/>sudo mysql -u root -p
| |
| # Create a new database:<br/>CREATE DATABASE mailserver;
| |
| # Create the MySQL user and grant the new user permissions over the database. Replace <tt>password</tt> with a secure password for ''mailuser'':<br/>CREATE USER 'mailuser'@'127.0.0.1' IDENTIFIED BY 'password';<br/>GRANT SELECT ON mailserver.* TO 'mailuser'@'127.0.0.1';
| |
| # Run <tt>FLUSH</tt> to reload the MySQL database and apply the change:<br/>FLUSH PRIVILEGES;
| |
| # Switch to the new <tt>mailserver</tt> database:<br/>USE mailserver;
| |
| # Create a table for the domains that will receive mail on the Linode:<br/>CREATE TABLE `virtual_domains` (<br/> `id` int(11) NOT NULL auto_increment,<br/> `name` varchar(50) NOT NULL,<br/> PRIMARY KEY (`id`)<br/>) ENGINE=InnoDB DEFAULT CHARSET=utf8;
| |
| # Create a table for all of the email addresses and passwords:<br/>CREATE TABLE `virtual_users` (<br/> `id` int(11) NOT NULL auto_increment,<br/> `domain_id` int(11) NOT NULL,<br/> `password` varchar(106) NOT NULL,<br/> `email` varchar(100) NOT NULL,<br/> PRIMARY KEY (`id`),<br/> UNIQUE KEY `email` (`email`),<br/> FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE<br/>) ENGINE=InnoDB DEFAULT CHARSET=utf8;
| |
| # Create a table for the email aliases:<br/>CREATE TABLE `virtual_aliases` (<br/> `id` int(11) NOT NULL auto_increment,<br/> `domain_id` int(11) NOT NULL,<br/> `source` varchar(100) NOT NULL,<br/> `destination` varchar(100) NOT NULL,<br/> PRIMARY KEY (`id`),<br/> FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE<br/>) ENGINE=InnoDB DEFAULT CHARSET=utf8;
| |
| | |
| ==== Adding a Domain within MySQL ====
| |
| # Verify that you are still logged into the MySQL shell. If not, run <tt>sudo mysql -u root -p</tt> to access MySQL.
| |
| # Add the domains to the <tt>virtual_domains</tt> table. Replace the values for <tt>example.com</tt> and <tt>hostname</tt> with your own settings:<br/>INSERT INTO mailserver.virtual_domains (name) VALUES ('example.com');
| |
| # Verify the alias was added correctly by running a SELECT query on the <tt>virtual_domains</tt> table. Make a note of the corresponding <tt>id</tt> next to the domain as this will be used when adding emails and aliases.<br/> SELECT * FROM mailserver.virtual_domains;
| |
| # If needed, repeat this process to add another domain.
| |
| | |
| ==== Adding an Email Address within MySQL ====
| |
| # If you are still logged in to MySQL, return to your main Linux shell by typing <tt>exit</tt> and hitting enter.
| |
| # Generate a hash using the SHA512-CRYPT encryption scheme by running the command below, replacing <tt>password</tt> with the password you’d like to use for the email user.<br/> sudo doveadm pw -s SHA512-CRYPT -p "password" -r 5000<br/>The output will look similar to <tt>{SHA512-CRYPT}$6$hvEwQ...</tt>. Copy this output, ignoring the first 14 characters of ''{SHA512-CRYPT}''. Since the SHA512-CRYPT scheme was used, the password should start with ''$6$''.
| |
| # Log back into MySQL as the root user:<br/> sudo mysql -u root -p
| |
| # Add the email address and password hash to the <tt>virtual_users</tt> table. The <tt>domain_id</tt> value (currently set to <tt>'1'</tt>) references the <tt>virtual_domain</tt> table’s <tt>id</tt> value. If you added more than one domain, replace this value to correspond with the desired domain. Replace <tt>user@example.com</tt> with the email address that you wish to configure on the mail server. Replace <tt>hash</tt> with password hash generated in a previous step.<br/> INSERT INTO mailserver.virtual_users (domain_id, password , email) VALUES ('1', 'hash', 'user@example.com');
| |
| # Verify the email was added correctly by running a SELECT query on the <tt>virtual_users</tt> table.<br/> SELECT * FROM mailserver.virtual_users;
| |
| # If needed, repeat this process to add another email address.
| |
| | |
| Alternatively, the password hash can be generated directly within the MySQL INSERT statement above by replacing <tt>'hash'</tt> (deleting the single quote characters as well) with one of the following:* Using the [https://dev.mysql.com/doc/refman/5.7/en/encryption-functions.html#function_encrypt ENCRYPT()] function: <tt>ENCRYPT('password', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16)))</tt>, replacing <tt>password</tt> with the plain text password desired for the email user. This function has been removed from MySQL 5.8 and above.
| |
| * Using the [https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha2 SHA2()] function: <tt>TO_BASE64(UNHEX(SHA2('password', 512)))</tt>, replacing <tt>password</tt> with the plain text password desired for the email user. This function generates the hash in a slightly different scheme. When configuring the Dovecot MYSQL settings (<tt>/etc/dovecot/dovecot-sql.conf.ext</tt>) in this guide, set <tt>default_pass_scheme</tt> to <tt>SHA512</tt> instead of <tt>SHA512-CRYPT</tt>.
| |
| | |
| ==== Adding an Alias within MySQL ====
| |
| An email alias forwards all emails it receives to another email address. While not required, you can follow the steps below to add an email alias.# Verify that you are still logged into the MySQL shell. If not, run <tt>sudo mysql -u root -p</tt> to access MySQL.
| |
| # Add the alias to the <tt>virtual_aliases</tt> table. The <tt>domain_id</tt> value (currently set to <tt>'1'</tt>) references the <tt>virtual_domain</tt> table’s <tt>id</tt> value. If you added more than one domain, replace this value to correspond with the desired domain. Replace <tt>alias@example.com</tt> with the desired alias. Replace <tt>user@example.com</tt> with the email address that you wish to forward email to.<br/> INSERT INTO mailserver.virtual_aliases (domain_id, source, destination) VALUES ('1', 'alias@example.com', 'user@example.com');
| |
| # Verify the alias was added correctly by running a SELECT query on the <tt>virtual_aliases</tt> table.<br/> SELECT * FROM mailserver.virtual_aliases;
| |
| # If needed, repeat this process to add another email alias.
| |
|
| |
|
| === Postfix MTA Email Server ===
| | ; Install the packages |
| Postfix is a ''Mail Transfer Agent'' (MTA) that relays mail between the Linode and the internet. It is highly configurable, allowing for great flexibility. This guide maintains many of Posfix’s default configuration values.
| | # apt-get install postfix postfix-mysql dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-mysql mysql-server |
|
| |
|
| ==== How Do Postfix And Dovecot Work Together? ====
| | Dadurch wird das Paket '''mysql-server''' installiert, das in einigen neueren Versionen von Debian nicht standardmäßig verfügbar ist. |
| Postfix and Dovecot work together to help make email servers function as intended (sending and receiving email) and accessible to whichever email client the end user wishes to use. While Postfix manages email delivery and receipt, Dovecot allows email clients to connect to these emails when we want to read them.
| | * Wenn Sie eine Meldung erhalten, dass das Paket nicht verfügbar ist, installieren Sie stattdessen '''mariadb-server'''. |
| | * MariaDB ist ein sofort einsetzbarer MySQL-Ersatz. |
|
| |
|
| ==== Configuration File Settings for Postfix Email Server ====
| | Bei neueren Versionen von MySQL werden Sie nicht aufgefordert, ein Passwort für den Root-MySQL-Benutzer einzugeben. |
| The <tt>main.cf</tt> file is the primary configuration file used by Postfix.# If you are still logged in to MySQL, return to your main Linux shell by typing <tt>exit</tt> and hitting enter.
| | * Das liegt daran, dass MySQL unter Debian und Ubuntu jetzt standardmäßig entweder das unix_socket- oder auth_socket-Autorisierungs-Plugin verwendet. |
| # Make a copy of the default Postfix configuration file in case you need to revert to the default configuration:<br/>sudo cp /etc/postfix/main.cf /etc/postfix/main.cf.orig
| | * Dieses Autorisierungsschema erlaubt es Ihnen, sich mit dem Root-Benutzer der Datenbank anzumelden, solange Sie sich mit dem Linux-Root-Benutzer auf localhost verbinden. |
| # Edit the <tt>/etc/postfix/main.cf</tt> file, replacing any occurrences of <tt>example.com</tt> with your domain name and verifying that the paths to the SSL certificate and private key are correct. Here is an example file that can be used:
| |
|
| |
|
| * <div style="margin-left:0cm;margin-right:0cm;">File: /etc/postfix/main.cf</div> | | Wenn Sie dazu aufgefordert werden, wählen Sie '''Internet Site''' als Typ des Mailservers, den das Postfix-Installationsprogramm konfigurieren soll. |
| | * Im nächsten Fenster sollte der ''System Mail Name'' auf die Domäne gesetzt werden, über die Sie E-Mails senden und empfangen möchten. |
|
| |
|
| {| style="border-spacing:0;margin:auto;width:17cm;"
| | [[Image:Bild2.png|top|alt="Choose “Internet Site” for Postfix."]] |
| |- style="border:none;padding:0.049cm;" | | [[Image:Bild3.png|top|alt="Set the system mail name for Postfix."]] |
| || 1
| |
| 2
| |
| 3
| |
| 4
| |
| 5
| |
| 6
| |
| 7
| |
| 8
| |
| 9
| |
| 10
| |
| 11
| |
| 12
| |
| 13
| |
| 14
| |
| 15
| |
| 16
| |
| 17
| |
| 18
| |
| 19
| |
| 20
| |
| 21
| |
| 22
| |
| 23
| |
| 24
| |
| 25
| |
| 26
| |
| 27
| |
| 28
| |
| 29
| |
| 30
| |
| 31
| |
| 32
| |
| 33
| |
| 34
| |
| 35
| |
| 36
| |
| 37
| |
| 38
| |
| 39
| |
| 40
| |
| 41
| |
| 42
| |
| 43
| |
| 44
| |
| 45
| |
| 46
| |
| 47
| |
| 48
| |
| 49
| |
| 50
| |
| 51
| |
| 52
| |
| 53
| |
| 54
| |
| 55
| |
| 56
| |
| 57
| |
| 58
| |
| 59
| |
| 60
| |
| 61
| |
| 62
| |
| 63
| |
| 64
| |
| 65
| |
| 66
| |
| 67
| |
| 68
| |
| 69
| |
| 70
| |
| 71
| |
| 72
| |
| 73
| |
| 74
| |
| 75
| |
| 76
| |
| 77
| |
| 78
| |
| 79
| |
| 80
| |
| 81
| |
| 82
| |
| 83
| |
| 84
| |
| 85
| |
| 86
| |
| 87
| |
| 88
| |
| 89
| |
| 90
| |
| 91
| |
| 92
| |
| 93
| |
| 94
| |
| 95
| |
| 96
| |
| 97
| |
| 98
| |
| 99
| |
| 100
| |
| 101
| |
| 102
| |
| 103
| |
| 104
| |
| 105
| |
| 106
| |
| 107
| |
| 108
| |
| 109
| |
| 110
| |
| 111
| |
| 112
| |
| 113
| |
| || <nowiki># See /usr/share/postfix/main.cf.dist for a commented, more complete version</nowiki>
| |
|
| |
|
| <nowiki># Debian specific: </nowiki> Specifying a file name will cause the first
| | === Datenbank === |
| <nowiki># line of that file to be used as the name. </nowiki> The Debian default
| | siehe [[E-Mail/Server/Setup:Datenbank]] |
| <nowiki># is /etc/mailname.</nowiki>
| |
| <nowiki>#myorigin = /etc/mailname</nowiki>
| |
|
| |
|
| smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
| | === Postfix === |
| biff = no
| | siehe [[E-Mail/Server/Setup:Postfix]] |
| | |
| <nowiki># appending .domain is the MUA's job.</nowiki>
| |
| append_dot_mydomain = no
| |
| | |
| <nowiki># Uncomment the next line to generate "delayed mail" warnings</nowiki>
| |
| <nowiki>#delay_warning_time = 4h</nowiki>
| |
| | |
| readme_directory = no
| |
| | |
| <nowiki># See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on</nowiki>
| |
| <nowiki># fresh installs.</nowiki>
| |
| compatibility_level = 2
| |
| | |
| <nowiki># TLS parameters</nowiki>
| |
| smtpd_tls_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem
| |
| smtpd_tls_key_file=/etc/letsencrypt/live/example.com/privkey.pem
| |
| smtpd_use_tls=yes
| |
| smtpd_tls_auth_only = yes
| |
| smtp_tls_security_level = may
| |
| smtpd_tls_security_level = may
| |
| smtpd_sasl_security_options = noanonymous, noplaintext
| |
| smtpd_sasl_tls_security_options = noanonymous
| |
| | |
| <nowiki># Authentication</nowiki>
| |
| smtpd_sasl_type = dovecot
| |
| smtpd_sasl_path = private/auth
| |
| smtpd_sasl_auth_enable = yes
| |
| | |
| <nowiki># See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for</nowiki>
| |
| <nowiki># information on enabling SSL in the smtp client.</nowiki>
| |
| | |
| <nowiki># Restrictions</nowiki>
| |
| smtpd_helo_restrictions ==
| |
| permit_mynetworks,
| |
| permit_sasl_authenticated,
| |
| reject_invalid_helo_hostname,
| |
| reject_non_fqdn_helo_hostname
| |
| smtpd_recipient_restrictions ==
| |
| permit_mynetworks,
| |
| permit_sasl_authenticated,
| |
| reject_non_fqdn_recipient,
| |
| reject_unknown_recipient_domain,
| |
| reject_unlisted_recipient,
| |
| reject_unauth_destination
| |
| smtpd_sender_restrictions ==
| |
| permit_mynetworks,
| |
| permit_sasl_authenticated,
| |
| reject_non_fqdn_sender,
| |
| reject_unknown_sender_domain
| |
| smtpd_relay_restrictions ==
| |
| permit_mynetworks,
| |
| permit_sasl_authenticated,
| |
| defer_unauth_destination
| |
| | |
| <nowiki># See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for</nowiki>
| |
| <nowiki># information on enabling SSL in the smtp client.</nowiki>
| |
| | |
| myhostname = example.com
| |
| alias_maps = hash:/etc/aliases
| |
| alias_database = hash:/etc/aliases
| |
| mydomain = example.com
| |
| myorigin = $mydomain
| |
| mydestination = localhost
| |
| relayhost ==
| |
| mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
| |
| mailbox_size_limit = 0
| |
| recipient_delimiter = +
| |
| inet_interfaces = all
| |
| inet_protocols = all
| |
| | |
| <nowiki># Handing off local delivery to Dovecot's LMTP, and telling it where to store mail</nowiki>
| |
| virtual_transport = lmtp:unix:private/dovecot-lmtp
| |
| | |
| <nowiki># Virtual domains, users, and aliases</nowiki>
| |
| virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
| |
| virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
| |
| virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,
| |
| mysql:/etc/postfix/mysql-virtual-email2email.cf
| |
| | |
| <nowiki># Even more Restrictions and MTA params</nowiki>
| |
| disable_vrfy_command = yes
| |
| strict_rfc821_envelopes = yes
| |
| <nowiki>#smtpd_etrn_restrictions = reject</nowiki>
| |
| <nowiki>#smtpd_reject_unlisted_sender = yes</nowiki>
| |
| <nowiki>#smtpd_reject_unlisted_recipient = yes</nowiki>
| |
| smtpd_delay_reject = yes
| |
| smtpd_helo_required = yes
| |
| smtp_always_send_ehlo = yes
| |
| <nowiki>#smtpd_hard_error_limit = 1</nowiki>
| |
| smtpd_timeout = 30s
| |
| smtp_helo_timeout = 15s
| |
| smtp_rcpt_timeout = 15s
| |
| smtpd_recipient_limit = 40
| |
| minimal_backoff_time = 180s
| |
| maximal_backoff_time = 3h
| |
| | |
| <nowiki># Reply Rejection Codes</nowiki>
| |
| invalid_hostname_reject_code = 550
| |
| non_fqdn_reject_code = 550
| |
| unknown_address_reject_code = 550
| |
| unknown_client_reject_code = 550
| |
| unknown_hostname_reject_code = 550
| |
| unverified_recipient_reject_code = 550
| |
| unverified_sender_reject_code = 550
| |
| |-
| |
| |}
| |
| * The <tt>main.cf</tt> file declares the location of <tt>virtual_mailbox_domains</tt>, <tt>virtual_mailbox_maps</tt>, and <tt>virtual_alias_maps</tt> files. These files contain the connection information for the MySQL lookup tables created in the [https://www.linode.com/docs/guides/email-with-postfix-dovecot-and-mysql/#mysql MySQL] section of this guide. Postfix will use this data to identify all domains, corresponding mailboxes, and valid users.
| |
| | |
| Create the file for <tt>virtual_mailbox_domains</tt>. Replace the value for <tt>password</tt> with your database user’s password. If you used a different name for your database <tt>user</tt> and <tt>dbname</tt> replace those with your own values:* <div style="margin-left:0cm;margin-right:0cm;">File: /etc/postfix/mysql-virtual-mailbox-domains.cf</div>
| |
| | |
| {| style="border-spacing:0;width:11.867cm;"
| |
| |- style="border:none;padding:0.049cm;"
| |
| || 1
| |
| 2
| |
| 3
| |
| 4
| |
| 5
| |
| || user = mailuser
| |
| password = mailuserpass
| |
| hosts = 127.0.0.1
| |
| dbname = mailserver
| |
| query = SELECT 1 FROM virtual_domains WHERE name='%s'
| |
| |-
| |
| |}
| |
| * Create the <tt>/etc/postfix/mysql-virtual-mailbox-maps.cf</tt> file, and enter the following values. Use the database user’s password and make any other changes as needed:
| |
| | |
| * <div style="margin-left:0cm;margin-right:0cm;">File: /etc/postfix/mysql-virtual-mailbox-maps.cf</div>
| |
| | |
| {| style="border-spacing:0;width:11.656cm;"
| |
| |- style="border:none;padding:0.049cm;"
| |
| || 1
| |
| 2
| |
| 3
| |
| 4
| |
| 5
| |
| || user = mailuser
| |
| password = mailuserpass
| |
| hosts = 127.0.0.1
| |
| dbname = mailserver
| |
| query = SELECT 1 FROM virtual_users WHERE email='%s'
| |
| |-
| |
| |}
| |
| * Create the <tt>/etc/postfix/mysql-virtual-alias-maps.cf</tt> file and enter the following values. Use the database user’s password and make any other changes as needed:
| |
| | |
| * <div style="margin-left:0cm;margin-right:0cm;">File: /etc/postfix/mysql-virtual-alias-maps.cf</div>
| |
| | |
| {| style="border-spacing:0;width:14.407cm;"
| |
| |- style="border:none;padding:0.049cm;"
| |
| || 1
| |
| 2
| |
| 3
| |
| 4
| |
| 5
| |
| || user = mailuser
| |
| password = mailuserpass
| |
| hosts = 127.0.0.1
| |
| dbname = mailserver
| |
| query = SELECT destination FROM virtual_aliases WHERE source='%s'
| |
| |-
| |
| |}
| |
| * Create the <tt>/etc/postfix/mysql-virtual-email2email.cf</tt> file and enter the following values. Use the database user’s password and make any other changes as needed:
| |
| | |
| # <div style="margin-left:0cm;margin-right:0cm;">File: /etc/postfix/mysql-virtual-email2email.cf</div>
| |
| | |
| {| style="border-spacing:0;width:12.502cm;"
| |
| |- style="border:none;padding:0.049cm;"
| |
| || 1
| |
| 2
| |
| 3
| |
| 4
| |
| 5
| |
| || user = mailuser
| |
| password = mailuserpass
| |
| hosts = 127.0.0.1
| |
| dbname = mailserver
| |
| query = SELECT email FROM virtual_users WHERE email='%s'
| |
| |-
| |
| |}
| |
| # Restart Postfix:<br/>sudo systemctl restart postfix
| |
| | |
| ==== Testing Postfix ====
| |
| We can test the Postfix configuration by using the <tt>postmap</tt> command, which can query Postfix’s lookup tables.# Enter the following command to ensure that Postfix can query the <tt>virtual_domains</tt> table. Replace <tt>example.com</tt> with the first <tt>name</tt> value. The command should return <tt>1</tt> if it is successful:<br/>sudo postmap -q example.com mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
| |
| # Test Postfix to verify that it can retrieve the first email address from the MySQL table <tt>virtual_users</tt>. Replace <tt>email1@example.com</tt> with the first email address added to the table. You should receive <tt>1</tt> as the output:<br/>sudo postmap -q email1@example.com mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
| |
| # Test Postfix to verify that it can query the <tt>virtual_aliases</tt> table. Replace <tt>alias@example.com</tt> with the first <tt>source</tt> value created in the table. The command should return the <tt>destination</tt> value for the row:<br/> sudo postmap -q alias@example.com mysql:/etc/postfix/mysql-virtual-alias-maps.cf
| |
| | |
| ==== Master Program Settings ====
| |
| Postfix’s master program starts and monitors all of Postfix’s processes. The configuration file <tt>master.cf</tt> lists all programs and information on how they should be started.# Make a copy of the <tt>/etc/postfix/master.cf</tt> file:<br/> sudo cp /etc/postfix/master.cf /etc/postfix/master.cf.orig
| |
| # Edit <tt>/etc/postfix/master.cf</tt> to contain the values in the excerpt below. The rest of the file can remain unchanged:
| |
| | |
| # <div style="margin-left:0cm;margin-right:0cm;">File: /etc/postfix/master.cf</div>
| |
| | |
| <div style="margin-left:1cm;margin-right:0cm;"></div>
| |
| | |
| {| style="border-spacing:0;margin:auto;width:17cm;"
| |
| |- style="border:none;padding:0.049cm;"
| |
| || 1
| |
| 2
| |
| 3
| |
| 4
| |
| 5
| |
| 6
| |
| 7
| |
| 8
| |
| 9
| |
| 10
| |
| 11
| |
| 12
| |
| 13
| |
| 14
| |
| 15
| |
| 16
| |
| 17
| |
| 18
| |
| 19
| |
| 20
| |
| 21
| |
| 22
| |
| 23
| |
| 24
| |
| 25
| |
| 26
| |
| 27
| |
| 28
| |
| 29
| |
| 30
| |
| 31
| |
| 32
| |
| 33
| |
| 34
| |
| || <nowiki>#</nowiki>
| |
| <nowiki># Postfix master process configuration file. </nowiki> For details on the format
| |
| <nowiki># of the file, see the master(5) manual page (command: "man 5 master" or</nowiki>
| |
| <nowiki># on-line: http://www.postfix.org/master.5.html).</nowiki>
| |
| <nowiki>#</nowiki>
| |
| <nowiki># Do not forget to execute "postfix reload" after editing this file.</nowiki>
| |
| <nowiki>#</nowiki>
| |
| <nowiki># ==========================================================================</nowiki>
| |
| <nowiki># service type </nowiki> private unpriv chroot wakeup maxproc command + args
| |
| <nowiki># </nowiki> (yes) (yes) (yes) (never) (100)
| |
| <nowiki># ==========================================================================</nowiki>
| |
| smtp inet n - n - - smtpd
| |
| <nowiki>#smtp </nowiki> inet n - - - 1 postscreen
| |
| <nowiki>#smtpd </nowiki> pass - - - - - smtpd
| |
| <nowiki>#dnsblog </nowiki> unix - - - - 0 dnsblog
| |
| <nowiki>#tlsproxy </nowiki> unix - - - - 0 tlsproxy
| |
| submission inet n - y - - smtpd
| |
| -o syslog_name=postfix/submission
| |
| -o smtpd_tls_security_level=encrypt
| |
| -o smtpd_sasl_auth_enable=yes
| |
| -o smtpd_sasl_type=dovecot
| |
| -o smtpd_sasl_path=private/auth
| |
| -o smtpd_reject_unlisted_recipient=no
| |
| -o smtpd_client_restrictions=permit_sasl_authenticated,reject
| |
| -o milter_macro_daemon_name=ORIGINATING
| |
| smtps inet n - - - - smtpd
| |
| -o syslog_name=postfix/smtps
| |
| -o smtpd_tls_wrappermode=yes
| |
| -o smtpd_sasl_auth_enable=yes
| |
| -o smtpd_sasl_type=dovecot
| |
| -o smtpd_sasl_path=private/auth
| |
| -o smtpd_client_restrictions=permit_sasl_authenticated,reject
| |
| -o milter_macro_daemon_name=ORIGINATING
| |
| ...
| |
| |-
| |
| |}
| |
| # Change the permissions of the <tt>/etc/postfix</tt> directory to restrict permissions to allow only its owner and the corresponding group:<br/> sudo chmod -R o-rwx /etc/postfix
| |
| # Restart Postfix:<br/> sudo systemctl restart postfix
| |
|
| |
|
| === Dovecot === | | === Dovecot === |
| Dovecot is a POP3 and IMAP server, which provides email clients with access to emails on the server. It also acts as the ''Local Delivery Agent'' (LDA), which takes email from Postfix (or other MTA / mail server software) and stores them. | | siehe [[Dovecot#Installation]] |
|
| |
|
| When Dovecot was installed in previous steps, additional Dovecot modules (including dovecot-antispam, dovecot-solr, dovecot-ldap, and dovecot-sieve) were also installed. These modules help Dovecot with a range of functions like spam filtering, user directory management, enabling a full text search, and mail filtering.
| | === Testing === |
| | siehe [[E-Mail/Server/Setup:Testing]] |
|
| |
|
| ==== Configuring Dovecot ====
| | === Configuring an Email Client === |
| In this section, we’ll edit Dovecot’s configuration files to use IMAP (and POP3), add our domain details, and configure user authentication. This will also cover configuring Dovecot to force users to use SSL when they connect so that their passwords are never sent to the server in plain text.# Copy all of the configuration files so you can easily revert back to them if needed:<br/>sudo cp /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.orig<br/>sudo cp /etc/dovecot/conf.d/10-mail.conf /etc/dovecot/conf.d/10-mail.conf.orig<br/>sudo cp /etc/dovecot/conf.d/10-auth.conf /etc/dovecot/conf.d/10-auth.conf.orig<br/>sudo cp /etc/dovecot/dovecot-sql.conf.ext /etc/dovecot/dovecot-sql.conf.ext.orig<br/>sudo cp /etc/dovecot/conf.d/10-master.conf /etc/dovecot/conf.d/10-master.conf.orig<br/>sudo cp /etc/dovecot/conf.d/10-ssl.conf /etc/dovecot/conf.d/10-ssl.conf.orig
| | You can set up an email client to connect to your mail server. |
| # Edit the <tt>/etc/dovecot/dovecot.conf</tt> file. Add <tt>protocols = imap pop3 lmtp</tt> to the <tt><nowiki># Enable installed protocols</nowiki></tt> section of the file. In addition, add the line <tt>post_master_address = postmaster at example.com</tt>, replacing ''example.com'' with your domain.
| | * Many clients detect server settings automatically. |
| | |
| * <div style="margin-left:0cm;margin-right:0cm;">File: /etc/dovecot/dovecot.conf</div>
| |
| | |
| {| style="border-spacing:0;width:12.079cm;"
| |
| |- style="border:none;padding:0.049cm;"
| |
| || 1
| |
| 2
| |
| 3
| |
| 4
| |
| 5
| |
| 6
| |
| 7
| |
| 8
| |
| || <nowiki>## Dovecot configuration file</nowiki>
| |
| ...
| |
| <nowiki># Enable installed protocols</nowiki>
| |
| !include_try /usr/share/dovecot/protocols.d/*.protocol
| |
| protocols = imap pop3 lmtp
| |
| | |
| postmaster_address = postmaster at example.com
| |
| ...
| |
| |-
| |
| |}
| |
| * Edit the <tt>/etc/dovecot/conf.d/10-mail.conf</tt> file. This file controls how Dovecot interacts with the server’s file system to store and retrieve messages. Modify the following variables within the configuration file:
| |
| | |
| * <div style="margin-left:0cm;margin-right:0cm;">File: /etc/dovecot/conf.d/10-mail.conf</div>
| |
| | |
| {| style="border-spacing:0;width:10.597cm;"
| |
| |- style="border:none;padding:0.049cm;"
| |
| || 1
| |
| 2
| |
| 3
| |
| 4
| |
| 5
| |
| || ...
| |
| mail_location = maildir:/var/mail/vhosts/%d/%n/
| |
| ...
| |
| mail_privileged_group = mail
| |
| ...
| |
| |-
| |
| |}
| |
| * Create the <tt>/var/mail/vhosts/</tt> directory and a subdirectory for your domain, replacing ''example.com'' with your domain name:
| |
| | |
| sudo mkdir -p /var/mail/vhosts/example.com
| |
| | |
| This directory will serve as storage for mail sent to your domain.* Create the <tt>vmail</tt> group with ID <tt>5000</tt>. Add a new user <tt>vmail</tt> to the <tt>vmail</tt> group. This system user will read mail from the server.
| |
| | |
| sudo groupadd -g 5000 vmail
| |
| sudo useradd -g vmail -u 5000 vmail -d /var/mail* Change the owner of the <tt>/var/mail/</tt> folder and its contents to belong to <tt>vmail</tt>:
| |
| | |
| sudo chown -R vmail:vmail /var/mail* Edit the user authentication file, located in <tt>/etc/dovecot/conf.d/10-auth.conf</tt>. Uncomment the following variables and replace with the file excerpt’s example values:
| |
| | |
| * <div style="margin-left:0cm;margin-right:0cm;">File: /etc/dovecot/conf.d/10-auth.conf</div>
| |
| | |
| {| style="border-spacing:0;width:6.787cm;"
| |
| |- style="border:none;padding:0.049cm;"
| |
| || 1
| |
| 2
| |
| 3
| |
| 4
| |
| 5
| |
| 6
| |
| 7
| |
| 8
| |
| 9
| |
| || ...
| |
| disable_plaintext_auth = yes
| |
| ...
| |
| auth_mechanisms = plain login
| |
| ...
| |
| !include auth-system.conf.ext
| |
| ...
| |
| !include auth-sql.conf.ext
| |
| ...
| |
| |-
| |
| |}
| |
| <div style="margin-left:1cm;margin-right:1cm;">'''Note'''</div>
| |
| | |
| <div style="margin-left:1cm;margin-right:1cm;">For reference, [https://www.linode.com/docs/assets/1238-dovecot_10-auth.conf.txt view a complete ][https://www.linode.com/docs/assets/1238-dovecot_10-auth.conf.txt 10-auth.conf][https://www.linode.com/docs/assets/1238-dovecot_10-auth.conf.txt file].</div>* Edit the <tt>/etc/dovecot/conf.d/auth-sql.conf.ext</tt> file with authentication and storage information. Ensure your file contains the following lines. Make sure the <tt>passdb</tt> section is uncommented, that the <tt>userdb</tt> section that uses the <tt>static</tt> driver is uncommented and updated with the right argument. Then comment out the <tt>userdb</tt> section that uses the <tt>sql</tt> driver:
| |
| | |
| * <div style="margin-left:0cm;margin-right:0cm;">File: /etc/dovecot/conf.d/auth-sql.conf.ext</div>
| |
| | |
| {| style="border-spacing:0;width:12.714cm;"
| |
| |- style="border:none;padding:0.049cm;"
| |
| || 1
| |
| 2
| |
| 3
| |
| 4
| |
| 5
| |
| 6
| |
| 7
| |
| 8
| |
| 9
| |
| 10
| |
| 11
| |
| 12
| |
| 13
| |
| 14
| |
| 15
| |
| 16
| |
| || ...
| |
| passdb {
| |
| driver = sql
| |
| args = /etc/dovecot/dovecot-sql.conf.ext
| |
| }
| |
| ...
| |
| <nowiki>#userdb {</nowiki>
| |
| <nowiki># </nowiki> driver = sql
| |
| <nowiki># </nowiki> args = /etc/dovecot/dovecot-sql.conf.ext
| |
| <nowiki>#}</nowiki>
| |
| ...
| |
| userdb {
| |
| driver = static
| |
| args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
| |
| }
| |
| ...
| |
| |-
| |
| |}
| |
| * Update the <tt>/etc/dovecot/dovecot-sql.conf.ext</tt> file with your MySQL connection information. Uncomment the following variables and replace the values with the excerpt example. Replace <tt>dbname</tt>, <tt>user</tt> and <tt>password</tt> with your own MySQL database values:
| |
| | |
| * <div style="margin-left:0cm;margin-right:0cm;">File: /etc/dovecot/dovecot-sql.conf.ext</div>
| |
| | |
| <div style="margin-left:1cm;margin-right:0cm;"></div>
| |
| | |
| {| style="border-spacing:0;margin:auto;width:17cm;"
| |
| |- style="border:none;padding:0.049cm;"
| |
| || 1
| |
| 2
| |
| 3
| |
| 4
| |
| 5
| |
| 6
| |
| 7
| |
| 8
| |
| 9
| |
| || ...
| |
| driver = mysql
| |
| ...
| |
| connect = host=127.0.0.1 dbname=mailserver user=mailuser password=mailuserpass
| |
| ...
| |
| default_pass_scheme = SHA512-CRYPT
| |
| ...
| |
| password_query = SELECT email as user, password FROM virtual_users WHERE email='%u';
| |
| ...
| |
| |-
| |
| |}
| |
| The <tt>password_query</tt> variable uses email addresses listed in the <tt>virtual_users</tt> table as the username credential for an email account.
| |
|
| |
|
| To use an alias as the username:# Add the alias as the <tt>source</tt> and <tt>destination</tt> email address to the <tt>virtual_aliases</tt> table.
| | Manual configuration requires the following parameters: |
| # Change the <tt>/etc/dovecot/dovecot-sql.conf.ext</tt> file’s <tt>password_query</tt> value to <tt>password_query = SELECT email as user, password FROM virtual_users WHERE email=(SELECT destination FROM virtual_aliases WHERE source = '%u');</tt>
| | * '''Username:''' An email address that was configured (ex: [mailto:user@example.com user@example.com]). |
| | |
| <div style="margin-left:1cm;margin-right:1cm;">'''Note'''</div>
| |
| | |
| <div style="margin-left:1cm;margin-right:1cm;">For reference, [https://www.linode.com/docs/assets/1284-dovecot__dovecot-sql.conf.ext.txt view] a complete <tt>dovecot-sql.conf.ext</tt>file.</div>* Change the owner and group of the <tt>/etc/dovecot/</tt> directory to <tt>vmail</tt> and <tt>dovecot</tt>:
| |
| | |
| sudo chown -R vmail:dovecot /etc/dovecot* Change the permissions on the <tt>/etc/dovecot/</tt> directory to be recursively read, write, and execute for the owner of the directory:
| |
| | |
| sudo chmod -R o-rwx /etc/dovecot* Edit the service settings file <tt>/etc/dovecot/conf.d/10-master.conf</tt>:
| |
| | |
| <div style="margin-left:1cm;margin-right:1cm;">'''Note'''</div>
| |
| | |
| <div style="margin-left:1cm;margin-right:1cm;">When editing the file, be careful not to remove any opening or closing curly braces. If there’s a syntax error, Dovecot will crash silently. You can check <tt>/var/log/upstart/dovecot.log</tt> to debug the error.</div>
| |
| | |
| <div style="margin-left:1cm;margin-right:1cm;">Here is [https://www.linode.com/docs/assets/1240-dovecot_10-master.conf.txt an example of a complete ][https://www.linode.com/docs/assets/1240-dovecot_10-master.conf.txt 10-master.conf] file.</div>
| |
| | |
| Disable unencrypted IMAP and POP3 by setting the protocols' ports to <tt>0</tt>. Uncomment the <tt>port</tt> and <tt>ssl</tt> variables:
| |
| | |
| <div style="margin-left:0cm;margin-right:0cm;">File: /etc/dovecot/conf.d/10-master.conf</div>
| |
| | |
| {| style="border-spacing:0;width:5.729cm;"
| |
| |- style="border:none;padding:0.049cm;"
| |
| || 1
| |
| 2
| |
| 3
| |
| 4
| |
| 5
| |
| 6
| |
| 7
| |
| 8
| |
| 9
| |
| 10
| |
| 11
| |
| 12
| |
| 13
| |
| 14
| |
| 15
| |
| 16
| |
| 17
| |
| 18
| |
| 19
| |
| 20
| |
| 21
| |
| 22
| |
| || ...
| |
| service imap-login {
| |
| inet_listener imap {
| |
| port = 0
| |
| }
| |
| inet_listener imaps {
| |
| port = 993
| |
| ssl = yes
| |
| }
| |
| ...
| |
| }
| |
| ...
| |
| service pop3-login {
| |
| inet_listener pop3 {
| |
| port = 0
| |
| }
| |
| inet_listener pop3s {
| |
| port = 995
| |
| ssl = yes
| |
| }
| |
| }
| |
| ...
| |
| |-
| |
| |}
| |
| Find the <tt>service lmtp</tt> section of the file and use the configuration shown below:
| |
| | |
| <div style="margin-left:0cm;margin-right:0cm;">File: /etc/dovecot/conf.d/10-master.conf</div>
| |
| | |
| {| style="border-spacing:0;width:12.926cm;"
| |
| |- style="border:none;padding:0.049cm;"
| |
| || 1
| |
| 2
| |
| 3
| |
| 4
| |
| 5
| |
| 6
| |
| 7
| |
| 8
| |
| 9
| |
| 10
| |
| || ...
| |
| service lmtp {
| |
| unix_listener /var/spool/postfix/private/dovecot-lmtp {
| |
| <nowiki>#mode = 0666i</nowiki>
| |
| mode = 0600
| |
| user = postfix
| |
| group = postfix
| |
| }
| |
| ...
| |
| }
| |
| |-
| |
| |}
| |
| Locate <tt>service auth</tt> and configure it as shown below:
| |
| | |
| <div style="margin-left:0cm;margin-right:0cm;">File: /etc/dovecot/conf.d/10-master.conf</div>
| |
| | |
| {| style="border-spacing:0;width:11.232cm;"
| |
| |- style="border:none;padding:0.049cm;"
| |
| || 1
| |
| 2
| |
| 3
| |
| 4
| |
| 5
| |
| 6
| |
| 7
| |
| 8
| |
| 9
| |
| 10
| |
| 11
| |
| 12
| |
| 13
| |
| 14
| |
| 15
| |
| 16
| |
| 17
| |
| || ...
| |
| service auth {
| |
| ...
| |
| unix_listener /var/spool/postfix/private/auth {
| |
| mode = 0660
| |
| user = postfix
| |
| group = postfix
| |
| }
| |
| | |
| unix_listener auth-userdb {
| |
| mode = 0600
| |
| user = vmail
| |
| }
| |
| ...
| |
| user = dovecot
| |
| }
| |
| ...
| |
| |-
| |
| |}
| |
| In the <tt>service auth-worker</tt> section, uncomment the <tt>user</tt> line and set it to <tt>vmail</tt>:* <div style="margin-left:0cm;margin-right:0cm;">File: /etc/dovecot/conf.d/10-master.conf</div>
| |
| | |
| {| style="border-spacing:0;width:5.094cm;"
| |
| |- style="border:none;padding:0.049cm;"
| |
| || 1
| |
| 2
| |
| 3
| |
| 4
| |
| 5
| |
| || ...
| |
| service auth-worker {
| |
| ...
| |
| user = vmail
| |
| }
| |
| |-
| |
| |}
| |
| Save the changes to the <tt>/etc/dovecot/conf.d/10-master.conf</tt> file.* Edit <tt>/etc/dovecot/conf.d/10-ssl.conf</tt> file to require SSL and to add the location of your domain’s SSL certificate and key. Replace <tt>example.com</tt> with your domain:
| |
| | |
| # <div style="margin-left:0cm;margin-right:0cm;">File: /etc/dovecot/conf.d/10-ssl.conf</div>
| |
| | |
| {| style="border-spacing:0;width:13.137cm;"
| |
| |- style="border:none;padding:0.049cm;"
| |
| || 1
| |
| 2
| |
| 3
| |
| 4
| |
| 5
| |
| 6
| |
| || ...
| |
| <nowiki># SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt></nowiki>
| |
| ssl = required
| |
| ...
| |
| ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem
| |
| ssl_key = </etc/letsencrypt/live/example.com/privkey.pem
| |
| |-
| |
| |}
| |
| # Restart Dovecot to enable all configurations:<br/> sudo systemctl restart dovecot
| |
| | |
| === Testing the Email Server with Mailutils ===
| |
| # To send and receive test emails to your Linode mail server, install the Mailutils package:<br/> sudo apt-get install mailutils
| |
| # Send a test email to an email address outside of your mail server, like a Gmail account. Replace <tt>email1@example.com</tt> with an email address from your mail server:<br/> echo "Email body text" | sudo mail -s "Email subject line" recipient@gmail.com -aFrom:email1@example.com
| |
| # Log in to the test email account and verify that you have received the email from the specified mail server email address.
| |
| # Send a test email to your Linode mail server from an outside email address. Log back in to your Linode and check that the email was received; substitute in the username and domain you sent the mail to:<br/> sudo mail -f /var/mail/vhosts/example.com/email1<br/>When prompted, enter the number corresponding to the email you would like to view:<br/>"/var/mail/vhosts/example.com/": 9 messages 5 new 4 unread<br/>U 1 John Doe Wed Jun 27 16:00 57/2788 Test email 1<br/>U 2 John Doe Wed Jun 27 16:02 56/2761 Test email 2<br/>U 3 John Doe Wed Jun 27 16:35 15/594 Test email 3<br/>U 4 John Doe Wed Jun 27 16:42 71/3535 Test email 4<br/>>N 5 John Doe Mon Jul 2 10:55 13/599 Subject of the Email<br/>?<br/>The email message header and body should display. Consider adding spam and virus filtering and a webmail client.<br/>See [https://www.linode.com/docs/guides/troubleshooting-problems-with-postfix-dovecot-and-mysql/ Troubleshooting problems with Postfix, Dovecot, and MySQL] for debugging steps.
| |
| | |
| === Configuring an Email Client ===
| |
| You can set up an email client to connect to your mail server. Many clients detect server settings automatically. Manual configuration requires the following parameters:* '''Username:''' An email address that was configured (ex: [mailto:user@example.com user@example.com]).
| |
| * '''Password:''' The password configured for that email. | | * '''Password:''' The password configured for that email. |
| * '''Server:''' (Both incoming and outgoing) A domain that resolves to the Linode (such as ''mail.example.com'') | | * '''Server:''' (Both incoming and outgoing) A domain that resolves to the Server (such as ''mail.example.com'') |
| * '''IMAP:''' Set the port to <tt>993</tt> and the SSL/Security settings to <tt>SSL/TLS</tt> or equivalent. | | * '''IMAP:''' Set the port to 993 and the SSL/Security settings to SSL/TLS or equivalent. |
| * '''POP3:''' If using POP3 instead of IMAP, set the port to <tt>995</tt> and require SSL. | | * '''POP3:''' If using POP3 instead of IMAP, set the port to 995 and require SSL. |
| * '''SMTP:''' Set the port to <tt>587</tt> and the SSL/Security settings to <tt>STARTTLS</tt> or equivalent. | | * '''SMTP:''' Set the port to 587 and the SSL/Security settings to STARTTLS or equivalent. |
| | |
| See [https://www.linode.com/docs/guides/install-squirrelmail-on-ubuntu-16-04-or-debian-8/ Install SquirrelMail on Ubuntu 16.04] for details on installing an email client.
| |
| | |
| <div style="margin-left:1cm;margin-right:1cm;">'''Note'''</div>
| |
| | |
| <div style="margin-left:1cm;margin-right:1cm;">The Thunderbird email client will sometimes have trouble automatically detecting account settings when using Dovecot. After it fails to detect the appropriate account settings, you can set up your email account manually. Add in the appropriate information for each setting, using the above values, leaving no setting on '''Auto''' or '''Autodetect'''. Once you have entered all the information about your mail server and account, press '''Done''' rather '''Re-Test''' and Thunderbird should accept the settings and retrieve your mail.</div>
| |
| | |
| === Managing Spam With SpamAssassin: Stop spam on Postfix, Dovecot, And MySQL ===
| |
| [https://spamassassin.apache.org/ Apache SpamAssassin] is a free and open source platform that allows us to find and filter out spam email. This software is commonly used in tandem with Postfix and Dovecot.# Install SpamAssassin:<br/> sudo apt-get install spamassassin spamc
| |
| # Next, create a user for SpamAssassin daemon(spamd):<br/> sudo adduser spamd --disabled-login
| |
| # Edit the <tt>/etc/default/spamassassin</tt> configuration file. Set the home directory, update the <tt>OPTIONS</tt> parameter with the user that was just created (as well as the home directory), and update the <tt>CRON</tt> parameter to <tt>1</tt>.
| |
| | |
| * <div style="margin-left:0cm;margin-right:0cm;">File: /etc/default/spamassassin</div>
| |
| | |
| {| style="border-spacing:0;margin:auto;width:17cm;"
| |
| |- style="border:none;padding:0.049cm;"
| |
| || 1
| |
| 2
| |
| 3
| |
| 4
| |
| 5
| |
| 6
| |
| 7
| |
| 8
| |
| 9
| |
| 10
| |
| 11
| |
| || ...
| |
| | |
| HOMEDIR="/home/spamd/"
| |
| | |
| OPTIONS="--create-prefs --max-children 5 --username spamd --helper-home-dir ${HOMEDIR} -s ${HOMEDIR}spamd.log"
| |
| | |
| PIDFILE="${HOMEDIR}spamd.pid"
| |
| | |
| ...
| |
| | |
| CRON=1
| |
| |-
| |
| |}
| |
| Here is a [https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html detailed documentation] of SpamAssassin’s configuration file that you can refer to while working through these next steps.* Configure the Postfix email server to check each email with a score > 5.0, mark it as '''''SPAM''''', and send it directly to the junk folder. Add or adjust the following lines inside <tt>/etc/spamassassin/local.cf</tt> to setup your anti-spam rules:
| |
| | |
| * <div style="margin-left:0cm;margin-right:0cm;">File: /etc/spamassassin/local.cf</div>
| |
| | |
| {| style="border-spacing:0;width:10.809cm;"
| |
| |- style="border:none;padding:0.049cm;"
| |
| || 1
| |
| 2
| |
| 3
| |
| 4
| |
| 5
| |
| 6
| |
| 7
| |
| 8
| |
| 9
| |
| 10
| |
| 11
| |
| 12
| |
| 13
| |
| 14
| |
| || ...
| |
| | |
| rewrite_header Subject ***** SPAM _SCORE_ *****
| |
| report_safe 0
| |
| required_score 5.0
| |
| use_bayes 1
| |
| use_bayes_rules 1
| |
| bayes_auto_learn 1
| |
| skip_rbl_checks 0
| |
| use_razor2 0
| |
| use_dcc 0
| |
| use_pyzor 0
| |
|
| |
|
| ...
| | '''Note''' |
| |-
| | The Thunderbird email client will sometimes have trouble automatically detecting account settings when using Dovecot. |
| |}
| |
| * Set up your Postfix email server to allow anti-spam configuration to check incoming emails. Edit <tt>/etc/postfix/master.cf</tt> and add a filter:
| |
|
| |
|
| # <div style="margin-left:0cm;margin-right:0cm;">File: /etc/postfix/master.cf</div>
| | * After it fails to detect the appropriate account settings, you can set up your email account manually. |
| | * Add in the appropriate information for each setting, using the above values, leaving no setting on '''Auto''' or '''Autodetect'''. |
| | * Once you have entered all the information about your mail server and account, press '''Done''' rather '''Re-Test''' and Thunderbird should accept the settings and retrieve your mail. |
|
| |
|
| {| style="border-spacing:0;width:13.772cm;"
| | === Spam === |
| |- style="border:none;padding:0.049cm;"
| | siehe [[E-Mail/Server/Setup:Spam]] |
| || 1
| |
| 2
| |
| 3
| |
| 4
| |
| 5
| |
| 6
| |
| 7
| |
| 8
| |
| 9
| |
| 10
| |
| || ...
| |
|
| |
|
| smtp inet n - - - - smtpd
| | == Konfiguration == |
| -o content_filter=spamassassin | | === Dateien === |
| | == Sicherheit == |
| | == Siehe auch == |
| | == Links == |
| | === Projekt === |
| | === Weblinks === |
| | # https://www.linode.com/docs/guides/email-with-postfix-dovecot-and-mysql/ |
| | # [https://www.linode.com/docs/guides/troubleshooting-problems-with-postfix-dovecot-and-mysql/ Troubleshooting Problems with Postfix, Dovecot, and MySQL] |
| | # [http://www.postfix.org/BASIC_CONFIGURATION_README.html Postfix Basic Configuration] |
| | # [http://www.postfix.org/SASL_README.html Postfix SASL Howto] |
| | # [https://wiki2.dovecot.org/ Dovecot Wiki] |
|
| |
|
| ...
| |
|
| |
|
| spamassassin unix - n n - - pipe
| |
| user=spamd argv=/usr/bin/spamc -f -e
| |
| /usr/sbin/sendmail -oi -f ${sender} ${recipient}
| |
| |-
| |
| |}
| |
| # Start Spamassassin and enable the service to start on boot:<br/> sudo systemctl start spamassassin<br/> sudo systemctl enable spamassassin<br/>If not using systemd (as is the case with Debian 7 and earlier), edit the <tt>/etc/default/spamassassin</tt> configuration file instead. Set the <tt>ENABLED</tt> parameter to <tt>1</tt>.
| |
| # Restart the Postfix email server to get your new anti-spam settings in place:<br/> sudo systemctl restart postfix
| |
|
| |
|
| === More Information ===
| |
| You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.* [https://www.linode.com/docs/guides/troubleshooting-problems-with-postfix-dovecot-and-mysql/ Troubleshooting Problems with Postfix, Dovecot, and MySQL]
| |
| * [http://www.postfix.org/BASIC_CONFIGURATION_README.html Postfix Basic Configuration]
| |
| * [http://www.postfix.org/SASL_README.html Postfix SASL Howto]
| |
| * [https://wiki2.dovecot.org/ Dovecot Wiki]
| |
|
| |
|
| === Quelle ===
| | [[Kategorie:E-Mail/Server]] |
| https://www.linode.com/docs/guides/email-with-postfix-dovecot-and-mysql/
| | [[Kategorie:Postfix]] |
| | [[Kategorie:Dovecot]] |