Skip to content

Instantly share code, notes, and snippets.

@0xa

0xa/debian-mail.md

Last active August 29, 2015 14:20
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save 0xa/b06dd253217bb995f8dc to your computer and use it in GitHub Desktop.
Save 0xa/b06dd253217bb995f8dc to your computer and use it in GitHub Desktop.
Download ZIP
Raw
debian-mail.md

Debian: Mail Server

Intro

Domain: example.com
Server Name: elaninwe
Server FQDN: elaninwe.example.com
Our user: aria

To keep it simple, we will define a list of domains (example.com, example.net).
For the local part, the default configuration will accept mail for our system users, and a list aliases for the local part.
They will be redirected to our system users, here aria.

It will support SMTP to send and receive mail, and IMAP to let a client fetch them, both with TLS.

# Set the hostname
echo elaninwe.example.com > /etc/hostname

apt-get update
apt-get upgrade
export DEBIAN_FRONTEND=noninteractive
apt-get install postfix dovecot-imapd

# Allow aria to receive mail, do the same for any user you want
gpasswd -a aria mail

Postfix

dpkg-reconfigure postfix

You'll be asked for a default configuration, select "Internet Site".

System mail name:
You can use your domain or FQDN here.

Root and postmaster mail recipient
Explicit enough, i will use "aria".

Other destinations to accept mail for:
A list including your domain(s), your FQDN, hostname and localhost.
Mine will be: example.com, example.net, elaninwe.example.com, elaninwe, localhost.

Force synchronous updates on mail queue?
We do not need that.

Local networks:
The default value will be good enough.

Use procmail for local delivery?
Yes.

Mailbox size limit (bytes):
1000000000 for 1GB, just to never fill the disk.

Local address extension character:
+ is fine.

Internet protocols to use:
all, because we love IPv6 too.

You can now receive mail to aria@example.net, aria@example.com, aria@localhost.
But we also wanted awesome@example.com, so we need to add it at the end of /etc/aliases:

awesome: aria

Each time you edit /etc/aliases, you need to run newaliases:

newaliases

Dovecot

Dovecot is the IMAP server, but it will also store mail received by postfix and manage authentication.
The default configuration is mostly good enough.

First, enable Dovecot SASL, that postfix will use:

In /etc/dovecot/conf.d/10-master.conf find and uncomment this block:

  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
  }

In /etc/postfix/main.cf append:

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes

In /etc/postfix/master.cf append:

submission inet n - n - - smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_sasl_security_options=noanonymous
  -o smtpd_sasl_local_domain=$myhostname
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject

Now we also want TLS with IMAP:

CN=$(</etc/hostname)
openssl req -new -x509 -nodes -subj "/CN=$CN/OU=$CN/" -out /etc/dovecot/dovecot.pem -keyout /etc/dovecot/private/dovecot.pem -days 3650
chmod 0600 /etc/dovecot/private/dovecot.pem

Edit /etc/dovecot/conf.d/10-ssl.conf, uncomment and change thses lines:

ssl = yes
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem

Done

You can restart both servers:

service dovecot restart
service postfix restart

and use these settings in your favorite mail client:

SMTP: port 587 with TLS, 25 without
IMAP: port 993 with TLS, 143 without
Username: aria

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment