Skip to content

Instantly share code, notes, and snippets.

@solusipse
Last active August 29, 2024 20:43
Show Gist options
  • Save solusipse/7ed8e1da104baaee3f05 to your computer and use it in GitHub Desktop.
Save solusipse/7ed8e1da104baaee3f05 to your computer and use it in GitHub Desktop.
Postfix + Dovecot + Postgresql + Postfixadmin + Roundcube

Postfix Installer

Following script may be used for configuring complete and secure email server on fresh install of Debian 7. It will probably work on other distributions using apt-get. After minor changes you'll be able to use it on other Linux distros.

Usage

  1. Run postfix.sh script.
  2. Configure postgres to allow connections.
  3. Configure postfix admin. Remember to set these:
$CONF['configured'] = true;
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'YES';
$CONF['database_type'] = 'pgsql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix_user';
$CONF['database_password'] = 'PASSWORD FROM INSTALLER SCRIPT';
$CONF['database_name'] = 'postfix_db';
  1. Create domain and at least one user.
  2. Configure roundcube. Set imap to port 993, host to: ssl://localhost. Set smtp to port 587, host to tls://localhost.

This is just a draft right now, it will be updated.

#!/bin/bash
ESC_SEQ="\x1b["
COL_RESET=$ESC_SEQ"39;49;00m"
COL_RED=$ESC_SEQ"31;01m"
COL_GREEN=$ESC_SEQ"32;01m"
COL_YELLOW=$ESC_SEQ"33;01m"
if [ "$UID" -ne 0 ]
then echo "Please run as root"
exit
fi
function error_check {
if [ "$?" = "0" ]; then
echo -e "$COL_GREEN OK. $COL_RESET"
else
echo -e "$COL_RED An error has occured. $COL_RESET"
read -p "Press enter or space to ignore it. Press any other key to abort." -n 1 key
if [[ $key != "" ]]; then
exit
fi
fi
}
echo "You are about to install and configure Postfix virtual system with imap support (via Dovecot)."
echo "This script was made for Debian 7, but will probably also work for other distributions after minor changes."
echo "Updating system"
apt-get update
apt-get upgrade
echo "Adding group:"
groupadd -g 5000 vmail
error_check
echo "Adding group:"
useradd -u 5000 -g vmail -s /usr/bin/nologin -d /home/vmail -m vmail
error_check
echo "Installing programs:"
apt-get install postfix dovecot-core dovecot-imapd postgresql postfix-pgsql dovecot-lmtpd dovecot-pgsql php5-fpm php5-imap php5-pgsql php5-mcrypt php5-intl
error_check
echo "Preparing database:"
DBPASS=$(date | md5sum | head -c 32)
CREATEUSER="CREATE USER postfix_user WITH PASSWORD '${DBPASS}';"
CREATEDB="CREATE DATABASE postfix_db;"
PERMISSDB="GRANT ALL PRIVILEGES ON DATABASE postfix_db TO postfix_user;"
sudo -u postgres psql -c "${CREATEUSER}"
error_check
sudo -u postgres psql -c "${CREATEDB}"
error_check
sudo -u postgres psql -c "${PERMISSDB}"
error_check
echo "Creating postfix config files (/etc/postfix/main.cf):"
echo "relay_domains =
virtual_alias_maps = proxy:pgsql:/etc/postfix/virtual_alias_maps.cf
virtual_mailbox_domains = proxy:pgsql:/etc/postfix/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:pgsql:/etc/postfix/virtual_mailbox_maps.cf
virtual_mailbox_base = /home/vmail
virtual_mailbox_limit = 512000000
virtual_minimum_uid = 5000
virtual_transport = virtual
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
local_transport = virtual
local_recipient_maps = $virtual_mailbox_maps
transport_maps = hash:/etc/postfix/transport
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/private/server.crt
smtpd_tls_key_file = /etc/ssl/private/server.key
smtpd_sasl_local_domain = $mydomain
broken_sasl_auth_clients = yes
smtpd_tls_loglevel = 1
html_directory = /usr/share/doc/postfix/html
queue_directory = /var/spool/postfix
mydestination = localhost" > /etc/postfix/main.cf
error_check
echo "Creating postfix config files (/etc/postfix/master.cf):"
echo "#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
#smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd
#dnsblog unix - - - - 0 dnsblog
#tlsproxy unix - - - - 0 tlsproxy
submission inet n - - - - smtpd
# -o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
# -o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing \"lmtp\" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd=\"lmtpd -a\" listen=\"localhost:lmtp\" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
cleanup unix n - - - 0 cleanup
subcleanup unix n - - - 0 cleanup
-o header_checks=regexp:/etc/postfix/submission_header_checks
" > /etc/postfix/master.cf
error_check
echo "Creating postfix config files (/etc/postfix/submission_header_checks):"
echo "/^Received:/ IGNORE
/^User-Agent:/ IGNORE" > /etc/postfix/submission_header_checks
error_check
echo "Creating postfix config files (/etc/postfix/virtual_alias_maps.cf):"
echo "user = postfix_user
password = ${DBPASS}
hosts = localhost
dbname = postfix_db
query = SELECT goto FROM alias WHERE address='%s' AND active = true
" > /etc/postfix/virtual_alias_maps.cf
error_check
echo "Creating postfix config files (/etc/postfix/virtual_mailbox_domains.cf):"
echo "user = postfix_user
password = ${DBPASS}
hosts = localhost
dbname = postfix_db
query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = false AND active = true
" > /etc/postfix/virtual_mailbox_domains.cf
error_check
echo "Creating postfix config files (/etc/postfix/virtual_mailbox_maps.cf):"
echo "user = postfix_user
password = ${DBPASS}
hosts = localhost
dbname = postfix_db
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = true
" > /etc/postfix/virtual_mailbox_maps.cf
error_check
echo "Creating dovecot config files (/etc/dovecot/dovecot.conf):"
echo "protocols = imap
auth_mechanisms = plain
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
user = root
}
mail_home = /home/vmail/%d/%u
mail_location = maildir:~
ssl_cert = </etc/ssl/private/server.crt
ssl_key = </etc/ssl/private/server.key" > /etc/dovecot/dovecot.conf
error_check
echo "Creating dovecot config files (/etc/dovecot/dovecot-sql.conf):"
echo "driver = pgsql
connect = host=localhost dbname=postfix_db user=postfix_user password=${DBPASS}
default_pass_scheme = MD5-CRYPT
user_query = SELECT '/home/vmail/%d/%u' as home, 'maildir:/home/vmail/%d/%u' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
password_query = SELECT username as user, password, '/home/vmail/%d/%u' as userdb_home, 'maildir:/home/vmail/%d/%u' as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
" > /etc/dovecot/dovecot-sql.conf
error_check
echo "Creating postmap:"
touch /etc/postfix/transport
postmap /etc/postfix/transport
error_check
read -p "Enter Postfix Admin and Roundcube installation path: " DOWNPATH
echo "Checking if path is correct:"
cd ${DOWNPATH}
error_check
echo "Downloading postfixadmin:"
wget -O postfixadmin.tar.gz http://sourceforge.net/projects/postfixadmin/files/latest/download
error_check
echo "Unpacking postfixadmin:"
tar xvf postfixadmin.tar.gz -C ${DOWNPATH}
error_check
rm -rf postfixadmin.tar.gz
mv postfixadmin-* postfixadmin
echo "Setting permissions:"
chmod -R 777 postfixadmin/templates_c
error_check
echo "Downloading roundcube:"
wget -O roundcube.tar.gz http://sourceforge.net/projects/roundcubemail/files/latest/download
error_check
echo "Unpacking roundcube:"
tar xvf roundcube.tar.gz -C ${DOWNPATH}
error_check
rm -rf roundcube.tar.gz
mv roundcubemail-* mail
echo "Checking if php5-fpm is working:"
service php5-fpm restart
error_check
echo "Creating SSL certificate:"
cd /etc/ssl/private/
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out server.key
chmod 400 server.key
error_check
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
chmod 444 server.crt
error_check
echo "Starting postfix daemon:"
/etc/init.d/postfix restart
error_check
echo "Starting dovecot daemon:"
/etc/init.d/dovecot restart
error_check
echo "Enabling services:"
update-rc.d postfix defaults
update-rc.d dovecot defaults
error_check
echo -e "$COL_GREEN Setup complete. $COL_RESET"
echo "Now you should configure postfixadmin and roundcube."
echo "Use these settings:"
echo "database type: pgsql"
echo "database host: localhost"
echo "database user: postfix_user"
echo "database pass: ${DBPASS}"
echo "database name: postfix_db"
#!/bin/bash
# I use it on blank Debian installation to setup nginx with php support for simple tasks.
ESC_SEQ="\x1b["
COL_RESET=$ESC_SEQ"39;49;00m"
COL_RED=$ESC_SEQ"31;01m"
COL_GREEN=$ESC_SEQ"32;01m"
COL_YELLOW=$ESC_SEQ"33;01m"
if [ "$UID" -ne 0 ]
then echo "Please run as root"
exit
fi
function error_check {
if [ "$?" = "0" ]; then
echo -e "$COL_GREEN OK. $COL_RESET"
else
echo -e "$COL_RED An error has occured. $COL_RESET"
read -p "Press enter or space to ignore it. Press any other key to abort." -n 1 key
if [[ $key != "" ]]; then
exit
fi
fi
}
echo "Updating system"
apt-get update
apt-get upgrade
apt-get install nginx php5-fpm
error_check
useradd -m -G users -s /bin/bash www
error_check
echo "server {
root /home/www;
index index.php index.html index.htm;
location / {
index index.php index.html index.htm;
autoindex on;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}" > /etc/nginx/sites-available/default
error_check
/etc/init.d/nginx start
/etc/init.d/php5-fpm start
@kirkelifson
Copy link

Shouldn't default to MD5-CRYPT; it should be SHA256+ or Blowfish.

@MarcelFox
Copy link

MarcelFox commented Jul 20, 2017

I have noticed that the following line isn't necessary (line 299):
echo "Setting permissions:"
chmod -R 777 postfixadmin/templates_c
error_check

the directory or file isn't present, so it throws a 'not found' error.
Best thing to do is:
mkdir templates_c
chown www-data: postfixadmin/templates_c

then ran postfix's setup.

@qnmlgdsb
Copy link

postfixadmin.tar.gz 100%[===================>] 1.22M 366KB/s in 3.4s

2017-09-13 05:43:24 (366 KB/s) - ‘postfixadmin.tar.gz’ saved [1279224/1279224]

OK.
Unpacking postfixadmin:
tar: option requires an argument -- 'C'
Try 'tar --help' or 'tar --usage' for more information.
An error has occured.
Press enter or space to ignore it. Press any other key to abort.
mv: cannot stat 'postfixadmin-*': No such file or directory
Setting permissions:
chmod: cannot access 'postfixadmin/templates_c': No such file or directory
An error has occured.

tar this command is error

@nauseous
Copy link

nauseous commented Jun 4, 2018

Never and I mean never listen or change a live server to chmod 777, it's a n00b trick to fix and make the server hackable. You only need the ownership fixed. Anyone telling you to give full open rights you should never listen too.

chown -R www-data:www-data /var/www/postfixadmin

@feagle1991
Copy link

The postfix cannot accept connection from other applications...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment