System environment (Hostname, DNS etc)

Setting up an email system is quite a complicated job. The standard programs include:

I have a tiny VPS which has only 256MB memory, 10GB disk. And I have a free domain. So I decided to install a small mailserver on this VPS.

My VPS has Ubuntu 18.04 x64 OS installed. After installation I need to login into it and upgrade the needed software as follows.

 sudo apt update
sudo apt upgrade

For running a mailserver, you first need a domain name. For example, here the domain name is: myvps.com. Then you setup these DNS entries (A records) in your DNS platform:

 myvps.com.		300	IN	A	12.34.5.6
box.myvps.com. 300 IN A 12.34.5.6

Here both myvps.com and box.myvps.com point to your VPS's IP address, giving a sample IP 12.34.5.6. Their usage:

Additional steps for box.myvps.com are follows, they are important too!

On DNS platform continue to setup MX record and SPF record for this mailserver.

 myvps.com.		300	IN	MX	5 box.myvps.com.
myvps.com. 300 IN TXT "v=spf1 a mx ?all"

As the records above, the first is MX, which tells other mailservers where to send email to you. The second is SPF, which tells other MTAs my messages from these locations are leginal.

Simple to say, in the above settings, all A, MX, SPF and the PTR (reverse DNS) are the must. If you didn't make these done well, you won't have a functional mailserver.

Disable all iptables in your OS, otherwise you may have many network issues.

Setup letsencrypt certificates

To fetch the SSL certificate more smartly, we will install Apache webserver. This webserver will be used as Squirrel webmail as well.

Issue the commands below to install Apache and PHP:

 sudo apt install apache2
sudo apt install php

After installation you will see HTTP port 80 is listening on the server.

Create a configuration file for Apache, in which myvps.com should be used as the server name. This is quite simple, for example, the configuration file is /etc/apache2/sites-enabled/myvps.conf, with the content:

 <VirtualHost *:80>
ServerName myvps.com
ServerAdmin [email protected]
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Restart Apache webserver.

Then we install snapd from which letsencrypt certificates management tool will be installed automatically.

 sudo apt install snapd
sudo snap install core
sudo snap refresh core

After snapd is installed, issue these commands to obtain the certificates from letsencrypt:

 sudo snap install --classic certbot
sudo certbot --apache

During the progress it will remind you to choose the domain, you should choose myvps.com since this is your email domain.

After installing the certificates, you will see Apache webserver is listening on HTTP port 443 as well.

 tcp6       0      0 :::80                   :::*                    LISTEN      14566/apache2       
tcp6 0 0 :::443 :::* LISTEN 14566/apache2

And the certificates dir should be located in:

 /etc/letsencrypt/live/myvps.com/

Setup Postfix as MTA server

Postfix is the most welcome MTA software, here we use it as our MTA server to send/receive messages.

Run this to install Postfix:

 sudo apt install -y postfix

Back up the the /etc/postfix/main.cf file, and create a new one.

 sudo mv /etc/postfix/main.cf /etc/postfix/main.cf.bk
sudo vi /etc/postfix/main.cf

Put these new content into main.cf:

 smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no
# TLS parameters
smtp_use_tls = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_cert_file = /etc/letsencrypt/live/myvps.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/myvps.com/privkey.pem
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains
myhostname = box.myvps.com
myorigin = /etc/mailname
mydestination = localhost.$mydomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

In the above configuration, you should replace all myvps.com to your own domain name.

Create this file for virtual domains:

 sudo vi /etc/postfix/virtual_mailbox_domains

The content is as:

 myvps.com #domain

Please notice:

Use the postmap command to change /etc/postfix/virtual_mailbox_domains to a format recognizable by Postfix. Run this command every time you edit the file, for instance, after adding more domains to the file.

 sudo postmap /etc/postfix/virtual_mailbox_domains

The last step is to edit /etc/postfix/master.cf and modify one line to enable SMTP service.

This line should be uncommented out:

 submission inet n       -       y       -       -       smtpd

Restart Postfix to see if there is any error happens:

 sudo service postfix restart

Setup Dovecot as MDA server

Dovecot is the most popular MDA software on internet, here we install and setup it to delivery messages.

First install it:

 sudo apt install -y dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd

Edit the file /etc/dovecot/conf.d/10-mail.conf to change one line to instruct Dovecot on the directory to look for mails.

Change this line:

 mail_location = mbox:~/mail:INBOX=/var/mail/%u   

to this new one:

 mail_location = maildir:/var/mail/vhosts/%d/%n

This changes the mail storage format from mbox to maildir, which is easier for management of domains and users.

Create the above maildir by hand:

 sudo mkdir -p /var/mail/vhosts/myvps.com

If you have setup multi-domains, just repeat this command.

Then we want to create a vmail user and group for the Dovecot service.

Create the vmail group:

 sudo groupadd -g 5000 vmail

Create a vmail user and add the user to the vmail group:

 sudo useradd -r -g vmail -u 5000 vmail -d /var/mail/vhosts -c "virtual mail user"

Assign the ownership of the /var/mail/vhosts/ to the vmail user and group:

 sudo chown -R vmail:vmail /var/mail/vhosts/

Edit the file /etc/dovecot/conf.d/10-master.conf to enable IMAPs for Dovecot.

The secure imap port and ssl options should be uncommented out as follows:

 inet_listener imaps {
port = 993
ssl = yes
}

The secure pop3 port and ssl options should be uncommented out as well:

 inet_listener pop3s {
port = 995
ssl = yes
}

We continue to edit the file /etc/dovecot/conf.d/10-master.conf, to enable lmtp service.

service lmtp section should be changed to:

 service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}

And the Dovecot authentication section should be changed to:

 #Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}

Next step, we will change the file /etc/dovecot/conf.d/10-auth.conf to use secure authentication.

Uncomment out this line to disable plain auth:

 disable_plaintext_auth = yes

Change the authentication mechanisms from plain to plain login:

 auth_mechanisms = plain login

Disable the Dovecot default authentication behavior that requires users to have a valid system account. Just comment this line out:

 #!include auth-system.conf.ext

Uncomment out this line to enable Dovecot to use a password file:

 !include auth-passwdfile.conf.ext

Now we want to create the password database, by edition this file /etc/dovecot/conf.d/auth-passwdfile.conf.ext

The content in this file should look as:

 passdb {
driver = passwd-file
args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
}

Create the /etc/dovecot/dovecot-users password file. This file is a plain text database that holds email users on your server.

 sudo vi /etc/dovecot/dovecot-users

Add the users that you want to use the email service to the file by following the format below. Replace EXAMPLE_PASSWORD with a strong password. Also, replace myvps.com with your domain name.

 [email protected]:{plain}EXAMPLE_PASSWORD
[email protected]:{plain}EXAMPLE_PASSWORD

Configure Dovecot to Use the SSL Certificate. Open the /etc/dovecot/conf.d/10-ssl.conf file.

Change this line:

 ssl = yes

from yes to required:

 ssl = required

Locate the two entries below:

 #ssl_cert = </etc/dovecot/dovecot.pem
#ssl_key = </etc/dovecot/private/dovecot.pem

Change them to the new values:

 ssl_cert = </etc/letsencrypt/live/myvps.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/myvps.com/privkey.pem

Here myvps.com should be replaced by your own domain name.

Finally, restart the postfix and dovecot services to use the new settings.

 sudo service postfix restart 
sudo service dovecot restart

Setup Squirrelmail webmail

Squirrelmail is the lite webmail which doesn't require database to be installed. You can download the software from here:

Squirrelmail Download

Plese download the snapshots version, for instance, Stable version snapshots (1.4.23-svn).

After downloading, untar it and copy the entire dir to /usr/share/squirrelmail.

As shown below the dir should exist in system:

 ls /usr/share/squirrelmail/

Go to this dir and run the configure:

 cd /usr/share/squirrelmail/
sudo ./configure

This is the setting interface:

 Main Menu --
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages

We primarily setup the second part: Server Settings.

Choose this section, then update IMAP and SMTP settings.

This is the IMAP setup:

 IMAP Settings
--------------
4. IMAP Server : myvps.com
5. IMAP Port : 993
6. Authentication type : login
7. Secure IMAP (TLS) : TLS
8. Server software : other
9. Delimiter : detect

This is the SMTP setup:

 SMTP Settings
-------------
4. SMTP Server : localhost
5. SMTP Port : 25
6. POP before SMTP : false
7. SMTP Authentication : none
8. Secure SMTP (TLS) : disabled
9. Header encryption key :

For the settings above, please notice:

After configuration, press "s" then "q" to save and exit the session.

Create the dir for squirrelmail mail storage and setup the permissions:

 sudo mkdir -p /var/local/squirrelmail/attach/
sudo mkdir -p /var/local/squirrelmail/data/
sudo chown -R www-data:www-data /var/local/squirrelmail

Now we copy these configuration:

    DocumentRoot /usr/share/squirrelmail
<Directory /usr/share/squirrelmail>
Options FollowSymLinks
<IfModule mod_php.c>
php_flag register_globals off
</IfModule>
<IfModule mod_dir.c>
DirectoryIndex index.php
</IfModule>
<Files configtest.php>
order deny,allow
deny from all
allow from 127.0.0.1
</Files>
</Directory>

To put them in these two files:

 /etc/apache2/sites-enabled/myvps.conf 
/etc/apache2/sites-enabled/squirrel-le-ssl.conf

The first file was created by us before. The second was created by certbot automatically. Both them are config files for Apache.

Please notice:

Finally we restart Apache webserver:

 sudo service apache2 restart

All done.

How to use the new mailserver

If you prefer webmail, just open your browser and access this URL:

 https://myvps.com/

Squirrelmail login interface will appear here. Input the username and password you setup before to login.

If you want to access email from clients such as thunderbird, just use these settings:

 IMAP server: myvps.com
IMAP port: 143
Secure Protocol: StartTLS

SMTP server: myvps.com
SMTP port: 587
Secure Protocol: StartTLS

or the SSL settings:

 IMAP server: myvps.com
IMAP port: 993
Secure Protocol: SSL

SMTP server: myvps.com
SMTP port: 465
Secure Protocol: SSL

You should replace myvps.com to your own domain name in settings above.

Following this guide, I hope you are doing well. If you have found any issue, could inquiry me by email.

Return to home | Generated on 09/29/22