Postfix + Dovecot mailserver on Ubuntu

From vpsget wiki
Revision as of 16:08, 23 June 2014 by Vq (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Tested on Ubuntu 12.10 VPS

We will create simple mailserver using postfix and dovecot. In current example we will use secure pop3 and smtp.

You should act as user so we are not adding this annoying "sudo" at the beginning of each command.

Postfix

Install postfix

apt-get remove sendmail
apt-get install postfix

NOTE: if you got the error: Package 'postfix' has no installation candidate. You should update the APT’s database:

apt-get update
apt-get upgrade

Usually postfix will show you the initial config "ui" . But you can check and reconfigure in case something wrong :

dpkg-reconfigure postfix

Check the next details and change in case it neccessary:

Mail server configuration type: “Internet Site”.
System mail name: mydomain.com
Root and postmaster mail recipient: leave blank
Other destinations to accept mail for: Add mydomain.com to the beginning of this comma-separated list.
Force synchronous updates?: No
Local networks: (All local subnets + Your Server IP Subnet)Usually you should add :  <YourIP>/32
Use procmail?: No
Mailbox size limit: “0″
Local address extension character: Leave as default.
Internet protocols to use: all

Create first user that will be used for mail. Let;s create user "test" with password "test1" . Change this password to more complex.

useradd test
passwd test

Create the place for user test mail.We will use Maildir format:

mkdir /home/test/Maildir 
postconf -e 'home_mailbox = Maildir/'
export MAIL=/home/test/Maildir
service postfix restart

Just to be sure that sendmail is stopped make the next:

service sendmail stop
service postfix restart

Lets test if transport system working properly:

#telnet localhost 25
 Trying 127.0.0.1...
 Connected to localhost.localdomain.
 Escape character is '^]'.
 220 mail.vpsget.us ESMTP Postfix (Ubuntu) 

Send yourself a test message:

 >ehlo localhost
 >mail from: root@localhost
      250 2.1.0 Ok
 >rcpt to: test@localhost
      250 2.1.5 Ok
 >data
 >Subject: testmail
 >test 123
 >.
      250 2.0.0 Ok: queued as 51A803C4B0AB
 >quit
      221 2.0.0 Bye
      Connection closed by foreign host.
      You have mail in /home/test/Maildir

You can view this message with "mail" command. To use mail command install if not installed:

apt-get install heirloom-mailx
apt-get install mailutils

Run mail.you should see the subject line of your message. Press 1 and Enter to read it.

mail 
 Heirloom mailx version 12.5 6/20/10.  Type ? for help.
 "/home/test/Maildir": 1 message 1 new
 >N  1 root@localhost     Mon Jun 16 10:32   13/403   testmail
 ? 1

On this step postfix is working properly.

Dovecot

Now we need to install dovecot ,We will use mail storage with dovecot

apt-get install dovecot-imapd
apt-get install dovecot-common                           

You also could install pop3d:

apt-get install dovecot-pop3d                              

Check dovecot dpkg:

 dpkg -l | grep dovecot
  dovecot-common                  1:2.1.7-1ubuntu2.1                     all          Transitional package for dovecot
  dovecot-core                    1:2.1.7-1ubuntu2.1                     i386         secure mail server that supports mbox, maildir, dbox and mdbox mailboxes
  dovecot-imapd                   1:2.1.7-1ubuntu2.1         

Config /etc/dovecot/dovecot.conf

protocols = imap
mail_location =  maildir:~/Maildir

Sure you can change imap to pop3 if you like.

Check auth parameters in configfile etc/dovecot/conf.d/10-auth.conf

auth_mechanisms = plain login

Set maillocation in /etc/dovecot/conf.d/10-mail.conf

mail_location = maildir:~/Maildir

Add/uncomment the next config lines in appropriate section /etc/dovecot/conf.d/10-master.conf

unix_listener /var/spool/postfix/private/auth {
  mode = 0666
  user = postfix #sometimes can be disabled
 }

Just for check you can list mailboxes:

doveadm mailbox list

Set prmissions on "test" mailbox (if Data source for users, homes and IDs set to Standard Unix user database)

chown test:test /home/test/Maildir
chmod -R 700 /home/test/Maildir

Set up the mail storage hierarchy

maildirmake.dovecot /etc/skel/Maildir
maildirmake.dovecot /etc/skel/Maildir/.Drafts
maildirmake.dovecot /etc/skel/Maildir/.Sent
maildirmake.dovecot /etc/skel/Maildir/.Trash
maildirmake.dovecot /etc/skel/Maildir/.Templates
cp -r /etc/skel/Maildir /home/test
chown -R test /home/test/Maildir
chmod -R 700 /home/test/Maildir 

Start dovecot:

service dovecot start

take a look on listened ports:

netstat -tulp
netstat -tulpn

Test dovecot with telnet:

telnet localhost imap
 Connected to localhost.localdomain.
 Escape character is '^]'.
 * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.

Security SASL Auth Install SASL modules:

apt-get install libsasl2-modules

Also be sure that next packages installed:

apt-get install libsasl2-2
apt-get install sasl2-bin

Edit /etc/default/saslauthd

START=yes
PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

Enable SASL in your postfix config:

postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'

Set the access restrictions for sending mail on the server:

postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'

This line tells Postfix that our server will automatically accept mail from authenticated users (like your mail client), OR on any device connected to our own network, because we know they can be trusted.

Start SASL:

dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd
service saslauthd start

Test SASL:

telnet localhost 25 
 ehlo localhost

you should receive 250-STARTTLS as one of the responses.

Dovecot: allow clients to connect to it in a secure way. Edit /etc/dovecot/conf.d/10-ssl.conf:

ssl = required
ssl_cert_file = </etc/ssl/certs/ssl-cert-snakeoil.pem
ssl_key_file = </etc/ssl/private/ssl-cert-snakeoil.key

Rrestart dovecot. You can test your mail client now. Set mail.mydomain.com as both your incoming (IMAP) and outgoing (SMTP) mail server. Make sure IMAP is using port 143, and SMTP is using port 25 or 587, whichever you chose in the Postfix configuration.