Setting up an email system is quite a complicated job. The standard programs include:
I have a tiny VPS which has only 256MB memory, 10GB disk. And I have a free domain. So I decided to install a small mailserver on this VPS.
My VPS has Ubuntu 18.04 x64 OS installed. After installation I need to login into it and upgrade the needed software as follows.
sudo apt update
sudo apt upgrade
For running a mailserver, you first need a domain name. For example, here the domain name is: myvps.com. Then you setup these DNS entries (A records) in your DNS platform:
myvps.com. 300 IN A 12.34.5.6
box.myvps.com. 300 IN A 12.34.5.6
Here both myvps.com and box.myvps.com point to your VPS's IP address, giving a sample IP 12.34.5.6. Their usage:
Additional steps for box.myvps.com are follows, they are important too!
On DNS platform continue to setup MX record and SPF record for this mailserver.
myvps.com. 300 IN MX 5 box.myvps.com.
myvps.com. 300 IN TXT "v=spf1 a mx ?all"
As the records above, the first is MX, which tells other mailservers where to send email to you. The second is SPF, which tells other MTAs my messages from these locations are leginal.
Simple to say, in the above settings, all A, MX, SPF and the PTR (reverse DNS) are the must. If you didn't make these done well, you won't have a functional mailserver.
Disable all iptables in your OS, otherwise you may have many network issues.
To fetch the SSL certificate more smartly, we will install Apache webserver. This webserver will be used as Squirrel webmail as well.
Issue the commands below to install Apache and PHP:
sudo apt install apache2
sudo apt install php
After installation you will see HTTP port 80 is listening on the server.
Create a configuration file for Apache, in which myvps.com should be used as the server name. This is quite simple, for example, the configuration file is /etc/apache2/sites-enabled/myvps.conf, with the content:
<VirtualHost *:80>
ServerName myvps.com
ServerAdmin [email protected]
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Restart Apache webserver.
Then we install snapd from which letsencrypt certificates management tool will be installed automatically.
sudo apt install snapd
sudo snap install core
sudo snap refresh core
After snapd is installed, issue these commands to obtain the certificates from letsencrypt:
sudo snap install --classic certbot
sudo certbot --apache
During the progress it will remind you to choose the domain, you should choose myvps.com since this is your email domain.
After installing the certificates, you will see Apache webserver is listening on HTTP port 443 as well.
tcp6 0 0 :::80 :::* LISTEN 14566/apache2
tcp6 0 0 :::443 :::* LISTEN 14566/apache2
And the certificates dir should be located in:
/etc/letsencrypt/live/myvps.com/
Postfix is the most welcome MTA software, here we use it as our MTA server to send/receive messages.
Run this to install Postfix:
sudo apt install -y postfix
Back up the the /etc/postfix/main.cf file, and create a new one.
sudo mv /etc/postfix/main.cf /etc/postfix/main.cf.bk
sudo vi /etc/postfix/main.cf
Put these new content into main.cf:
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no
# TLS parameters
smtp_use_tls = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_cert_file = /etc/letsencrypt/live/myvps.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/myvps.com/privkey.pem
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains
myhostname = box.myvps.com
myorigin = /etc/mailname
mydestination = localhost.$mydomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
In the above configuration, you should replace all myvps.com to your own domain name.
Create this file for virtual domains:
sudo vi /etc/postfix/virtual_mailbox_domains
The content is as:
myvps.com #domain
Please notice:
Use the postmap command to change /etc/postfix/virtual_mailbox_domains to a format recognizable by Postfix. Run this command every time you edit the file, for instance, after adding more domains to the file.
sudo postmap /etc/postfix/virtual_mailbox_domains
The last step is to edit /etc/postfix/master.cf and modify one line to enable SMTP service.
This line should be uncommented out:
submission inet n - y - - smtpd
Restart Postfix to see if there is any error happens:
sudo service postfix restart
Dovecot is the most popular MDA software on internet, here we install and setup it to delivery messages.
First install it:
sudo apt install -y dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd
Edit the file /etc/dovecot/conf.d/10-mail.conf to change one line to instruct Dovecot on the directory to look for mails.
Change this line:
mail_location = mbox:~/mail:INBOX=/var/mail/%u
to this new one:
mail_location = maildir:/var/mail/vhosts/%d/%n
This changes the mail storage format from mbox to maildir, which is easier for management of domains and users.
Create the above maildir by hand:
sudo mkdir -p /var/mail/vhosts/myvps.com
If you have setup multi-domains, just repeat this command.
Then we want to create a vmail user and group for the Dovecot service.
Create the vmail group:
sudo groupadd -g 5000 vmail
Create a vmail user and add the user to the vmail group:
sudo useradd -r -g vmail -u 5000 vmail -d /var/mail/vhosts -c "virtual mail user"
Assign the ownership of the /var/mail/vhosts/ to the vmail user and group:
sudo chown -R vmail:vmail /var/mail/vhosts/
Edit the file /etc/dovecot/conf.d/10-master.conf to enable IMAPs for Dovecot.
The secure imap port and ssl options should be uncommented out as follows:
inet_listener imaps {
port = 993
ssl = yes
}
The secure pop3 port and ssl options should be uncommented out as well:
inet_listener pop3s {
port = 995
ssl = yes
}
We continue to edit the file /etc/dovecot/conf.d/10-master.conf, to enable lmtp service.
service lmtp section should be changed to:
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
And the Dovecot authentication section should be changed to:
#Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
Next step, we will change the file /etc/dovecot/conf.d/10-auth.conf to use secure authentication.
Uncomment out this line to disable plain auth:
disable_plaintext_auth = yes
Change the authentication mechanisms from plain to plain login:
auth_mechanisms = plain login
Disable the Dovecot default authentication behavior that requires users to have a valid system account. Just comment this line out:
#!include auth-system.conf.ext
Uncomment out this line to enable Dovecot to use a password file:
!include auth-passwdfile.conf.ext
Now we want to create the password database, by edition this file /etc/dovecot/conf.d/auth-passwdfile.conf.ext
The content in this file should look as:
passdb {
driver = passwd-file
args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
}
Create the /etc/dovecot/dovecot-users password file. This file is a plain text database that holds email users on your server.
sudo vi /etc/dovecot/dovecot-users
Add the users that you want to use the email service to the file by following the format below. Replace EXAMPLE_PASSWORD with a strong password. Also, replace myvps.com with your domain name.
[email protected]:{plain}EXAMPLE_PASSWORD
[email protected]:{plain}EXAMPLE_PASSWORD
Configure Dovecot to Use the SSL Certificate. Open the /etc/dovecot/conf.d/10-ssl.conf file.
Change this line:
ssl = yes
from yes to required:
ssl = required
Locate the two entries below:
#ssl_cert = </etc/dovecot/dovecot.pem
#ssl_key = </etc/dovecot/private/dovecot.pem
Change them to the new values:
ssl_cert = </etc/letsencrypt/live/myvps.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/myvps.com/privkey.pem
Here myvps.com should be replaced by your own domain name.
Finally, restart the postfix and dovecot services to use the new settings.
sudo service postfix restart
sudo service dovecot restart
Squirrelmail is the lite webmail which doesn't require database to be installed. You can download the software from here:
Plese download the snapshots version, for instance, Stable version snapshots (1.4.23-svn).
After downloading, untar it and copy the entire dir to /usr/share/squirrelmail.
As shown below the dir should exist in system:
ls /usr/share/squirrelmail/
Go to this dir and run the configure:
cd /usr/share/squirrelmail/
sudo ./configure
This is the setting interface:
Main Menu --
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages
We primarily setup the second part: Server Settings.
Choose this section, then update IMAP and SMTP settings.
This is the IMAP setup:
IMAP Settings
--------------
4. IMAP Server : myvps.com
5. IMAP Port : 993
6. Authentication type : login
7. Secure IMAP (TLS) : TLS
8. Server software : other
9. Delimiter : detect
This is the SMTP setup:
SMTP Settings
-------------
4. SMTP Server : localhost
5. SMTP Port : 25
6. POP before SMTP : false
7. SMTP Authentication : none
8. Secure SMTP (TLS) : disabled
9. Header encryption key :
For the settings above, please notice:
After configuration, press "s" then "q" to save and exit the session.
Create the dir for squirrelmail mail storage and setup the permissions:
sudo mkdir -p /var/local/squirrelmail/attach/
sudo mkdir -p /var/local/squirrelmail/data/
sudo chown -R www-data:www-data /var/local/squirrelmail
Now we copy these configuration:
DocumentRoot /usr/share/squirrelmail
<Directory /usr/share/squirrelmail>
Options FollowSymLinks
<IfModule mod_php.c>
php_flag register_globals off
</IfModule>
<IfModule mod_dir.c>
DirectoryIndex index.php
</IfModule>
<Files configtest.php>
order deny,allow
deny from all
allow from 127.0.0.1
</Files>
</Directory>
To put them in these two files:
/etc/apache2/sites-enabled/myvps.conf
/etc/apache2/sites-enabled/squirrel-le-ssl.conf
The first file was created by us before. The second was created by certbot automatically. Both them are config files for Apache.
Please notice:
Finally we restart Apache webserver:
sudo service apache2 restart
All done.
If you prefer webmail, just open your browser and access this URL:
https://myvps.com/
Squirrelmail login interface will appear here. Input the username and password you setup before to login.
If you want to access email from clients such as thunderbird, just use these settings:
IMAP server: myvps.com
IMAP port: 143
Secure Protocol: StartTLS
SMTP server: myvps.com
SMTP port: 587
Secure Protocol: StartTLS
or the SSL settings:
IMAP server: myvps.com
IMAP port: 993
Secure Protocol: SSL
SMTP server: myvps.com
SMTP port: 465
Secure Protocol: SSL
You should replace myvps.com to your own domain name in settings above.
Following this guide, I hope you are doing well. If you have found any issue, could inquiry me by email.
Return to home | Generated on 09/29/22