Domain: example.com
Server Name: elaninwe
Server FQDN: elaninwe.example.com
Our user: aria
To keep it simple, we will define a list of domains (example.com, example.net).
For the local part, the default configuration will accept mail for our system users,
and a list aliases for the local part.
They will be redirected to our system users, here aria.
It will support SMTP to send and receive mail, and IMAP to let a client fetch them, both with TLS.
# Set the hostname
echo elaninwe.example.com > /etc/hostname
apt-get update
apt-get upgrade
export DEBIAN_FRONTEND=noninteractive
apt-get install postfix dovecot-imapd
# Allow aria to receive mail, do the same for any user you want
gpasswd -a aria mail
dpkg-reconfigure postfix
You'll be asked for a default configuration, select "Internet Site".
System mail name:
You can use your domain or FQDN here.
Root and postmaster mail recipient
Explicit enough, i will use "aria".
Other destinations to accept mail for:
A list including your domain(s), your FQDN, hostname and localhost.
Mine will be: example.com, example.net, elaninwe.example.com, elaninwe, localhost.
Force synchronous updates on mail queue?
We do not need that.
Local networks:
The default value will be good enough.
Use procmail for local delivery?
Yes.
Mailbox size limit (bytes):
1000000000 for 1GB, just to never fill the disk.
Local address extension character:
+ is fine.
Internet protocols to use:
all, because we love IPv6 too.
You can now receive mail to aria@example.net, aria@example.com, aria@localhost.
But we also wanted awesome@example.com, so we need to add it at the end of /etc/aliases:
awesome: aria
Each time you edit /etc/aliases, you need to run newaliases:
newaliases
Dovecot is the IMAP server, but it will also store mail received by postfix and manage authentication.
The default configuration is mostly good enough.
First, enable Dovecot SASL, that postfix will use:
In /etc/dovecot/conf.d/10-master.conf find and uncomment this block:
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
In /etc/postfix/main.cf append:
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
In /etc/postfix/master.cf append:
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=$myhostname
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
Now we also want TLS with IMAP:
CN=$(</etc/hostname)
openssl req -new -x509 -nodes -subj "/CN=$CN/OU=$CN/" -out /etc/dovecot/dovecot.pem -keyout /etc/dovecot/private/dovecot.pem -days 3650
chmod 0600 /etc/dovecot/private/dovecot.pem
Edit /etc/dovecot/conf.d/10-ssl.conf, uncomment and change thses lines:
ssl = yes
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
You can restart both servers:
service dovecot restart
service postfix restart
and use these settings in your favorite mail client:
SMTP: port 587 with TLS, 25 without
IMAP: port 993 with TLS, 143 without
Username: aria