Setting up an email system is quite a complicated job. The standard programs include:
I have a tiny VPS which has only 256MB memory, 10GB disk. Also I have a free domain. So I decided to run a small mailserver on this VPS.
My VPS has Ubuntu 18.04 x64 OS installed. First I log into it and run the following commands for system update.
sudo apt update
sudo apt upgrade
For running a mailserver, you need a valid domain. For example, my domain name is: myvps.com. Then you need to setup DNS entries (A records) in your DNS system:
myvps.com. 300 IN A 12.34.5.6
mail.myvps.com. 300 IN A 12.34.5.6
Here both myvps.com and mail.myvps.com point to your VPS's IP address, giving a sample IP 12.34.5.6. Their usage:
Additional steps for mail.myvps.com are follows, they are important too!
On DNS system we continue to setup MX record and SPF record for this mailserver.
myvps.com. 300 IN MX 5 mail.myvps.com.
myvps.com. 300 IN TXT "v=spf1 a mx ?all"
As the records above, the first is MX, which tells other mailservers where to send email to you. The second is SPF, which tells other MTAs my messages sent from those addresses are leginal.
For email system DNS entries are very important. In above settings, all A, MX, SPF and PTR (reverse DNS) are needed. If you didn't make them done well, you won't have a functional mailserver.
Disable all iptables in your OS, otherwise you may have network issues.
To fetch SSL certificate more smartly, we will install Apache webserver. This webserver will be used as Squirrel webmail as well.
Issue the commands below to install Apache, PHP and its expansions:
sudo apt install apache2
sudo apt install php libapache2-mod-php
sudo apt install php-gd php-curl php-dom php-mbstring php-imagick php-zip php-xml php-json php-gnupg php-intl php-uuid php-mysql
After installation you will see HTTP port 80 is listening on the server.
Create configuration files for Apache, in which myvps.com and mail.myvps.com should be used as server names. For example, the configuration files in /etc/apache2/sites-enabled/ have the following contents.
$ cat myvps.com.conf:
<VirtualHost *:80>
ServerName myvps.com
ServerAdmin [email protected]
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
$ cat mail.myvps.com.conf:
<VirtualHost *:80>
ServerName mail.myvps.com
ServerAdmin [email protected]
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Restart Apache webserver by issuing 'sudo service apache2 restart'.
The next, we install snapd from which letsencrypt certificates management tool will be installed automatically.
sudo apt install snapd
sudo snap install core
sudo snap refresh core
Please notice: if you were using Ubuntu 20.04 and above, snapd will be default installed in the OS.
After snapd is installed, issue these commands to obtain the certificates from letsencrypt:
sudo snap install --classic certbot
sudo certbot --apache
During the progress it will remind you to choose the domain. You should install certificates for both myvps.com and mail.myvps.com domains.
After installing the certificates, you will see Apache webserver is listening on HTTP port 443 as well.
tcp6 0 0 :::80 :::* LISTEN 14566/apache2
tcp6 0 0 :::443 :::* LISTEN 14566/apache2
And the certificates dir should be located in:
/etc/letsencrypt/live/myvps.com/
/etc/letsencrypt/live/mail.myvps.com/
Postfix is the most welcome MTA software, here we use it as our MTA server to send/receive messages.
Issue this command to install Postfix:
sudo apt install -y postfix
Back up /etc/postfix/main.cf file, and create a new one.
sudo mv /etc/postfix/main.cf /etc/postfix/main.cf.bk
sudo vi /etc/postfix/main.cf
Put the following content entirely into main.cf:
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no
# TLS parameters
smtp_use_tls = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.myvps.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.myvps.com/privkey.pem
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains
myhostname = mail.myvps.com
myorigin = /etc/mailname
mydestination = localhost.$mydomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
In the above configuration, you should replace myvps.com to your own domain.
Create this file for virtual domains:
sudo vi /etc/postfix/virtual_mailbox_domains
The content is:
myvps.com
Here myvps.com is your email domain. You can put multiple domains here, each one in each line.
The last, edit /etc/postfix/master.cf and modify one line to enable SMTPd service.
This line should be uncommented out:
submission inet n - y - - smtpd
Restart Postfix to see if there is any error happens:
sudo service postfix restart
Dovecot is the most popular MDA software on internet, here we install and setup it to delivery messages.
First install it:
sudo apt install -y dovecot-core dovecot-imapd dovecot-lmtpd
Edit the file /etc/dovecot/conf.d/10-mail.conf to change one line to instruct Dovecot from the directory to look for mails.
Change this line:
mail_location = mbox:~/mail:INBOX=/var/mail/%u
to this new one:
mail_location = maildir:/var/mail/vhosts/%d/%n
This changes the mail storage format from mbox to maildir, which is easier for management of domains and users.
Create the above maildir by manual:
sudo mkdir -p /var/mail/vhosts/myvps.com
If you have setup multi-domains, just repeat this command.
Then we want to create a vmail user and group for Dovecot service.
Create the vmail group:
sudo groupadd -g 5000 vmail
Create a vmail user and add the user to the vmail group:
sudo useradd -r -g vmail -u 5000 vmail -d /var/mail/vhosts -c "virtual mail user"
Assign the ownership of /var/mail/vhosts/ to vmail user and group:
sudo chown -R vmail:vmail /var/mail/vhosts/
Edit the file /etc/dovecot/conf.d/10-master.conf to enable IMAPs for Dovecot.
The secure imap port and ssl options should be uncommented out as follows:
inet_listener imaps {
port = 993
ssl = yes
}
We continue to edit the file /etc/dovecot/conf.d/10-master.conf, to enable lmtp service.
service lmtp section should be changed to:
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
And, Dovecot authentication section should be changed to:
#Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
Next step, we will update the file /etc/dovecot/conf.d/10-auth.conf to use secure authentication.
Uncomment out this line to disable plain auth:
disable_plaintext_auth = yes
Change the authentication mechanisms from plain to 'plain login':
auth_mechanisms = plain login
Disable Dovecot default authentication behavior that requires user to have a valid system account. Just comment this line out:
#!include auth-system.conf.ext
Uncomment out this line to enable Dovecot to use a password file:
!include auth-passwdfile.conf.ext
Now we want to create the password database, by edition this file /etc/dovecot/conf.d/auth-passwdfile.conf.ext
The content in this file looks as:
passdb {
driver = passwd-file
args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
}
Create /etc/dovecot/dovecot-users file. This file is a plain text database that holds email users and passwords on your server.
sudo vi /etc/dovecot/dovecot-users
Add email users to the file by following the format below. Replace EXAMPLE_PASSWORD with a strong password. Also, replace myvps.com with your domain name.
[email protected]:{plain}EXAMPLE_PASSWORD
[email protected]:{plain}EXAMPLE_PASSWORD
Configure Dovecot to use SSL Certificate. Open /etc/dovecot/conf.d/10-ssl.conf file.
Change this line:
ssl = yes
to this one:
ssl = required
Locate the following two entries:
#ssl_cert = </etc/dovecot/dovecot.pem
#ssl_key = </etc/dovecot/private/dovecot.pem
Change them to the new values:
ssl_cert = </etc/letsencrypt/live/mail.myvps.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.myvps.com/privkey.pem
Here myvps.com should be replaced with your own domain.
If you want to setup mailbox quota, then edit the following three files.
# edit the following file and add a new line
$ sudo vi /etc/dovecot/conf.d/10-mail.conf
mail_plugins = $mail_plugins quota
# edit the following file too, add a new line
$ sudo vi /etc/dovecot/conf.d/20-imap.conf
mail_plugins = $mail_plugins imap_quota
# edit the following file by adding new lines
$ sudo vi /etc/dovecot/conf.d/90-quota.conf
quota = maildir:User quota
quota_rule = *:storage=200M
quota_rule2 = Trash:storage=+20M
quota_grace = 10%%
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
Here I specify mailbox quota to 200M b/c I am having a small VPS. You can increase it if you have large storage.
Finally, restart both postfix and dovecot services to use the new settings.
sudo service postfix restart
sudo service dovecot restart
Squirrelmail is a simple webmail which doesn't require database to work. You can download the software from here:
Plese download the snapshots version, for instance, Stable version snapshots (1.4.23-svn).
After downloading, untar it and copy the entire dir to /usr/share/squirrelmail.
As shown below the dir should exist in system:
ls /usr/share/squirrelmail/
Go to this dir and run the command for configuration:
cd /usr/share/squirrelmail/
sudo ./configure
This is the setting interface:
Main Menu --
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages
We focus on setting up the second part: Server Settings.
Choose this section, then update IMAP and SMTP settings.
This is the IMAP setup:
IMAP Settings
--------------
4. IMAP Server : mail.myvps.com
5. IMAP Port : 993
6. Authentication type : login
7. Secure IMAP (TLS) : TLS
8. Server software : other
9. Delimiter : detect
This is the SMTP setup:
SMTP Settings
-------------
4. SMTP Server : localhost
5. SMTP Port : 25
6. POP before SMTP : false
7. SMTP Authentication : none
8. Secure SMTP (TLS) : disabled
9. Header encryption key :
For the settings above, please notice:
After configuration, press "s" then "q" to save and exit the session.
Create the dir for squirrelmail mail storage and setup the permissions:
sudo mkdir -p /var/local/squirrelmail/attach/
sudo mkdir -p /var/local/squirrelmail/data/
sudo chown -R www-data:www-data /var/local/squirrelmail
Now we copy these configuration:
DocumentRoot /usr/share/squirrelmail
<Directory /usr/share/squirrelmail>
Options FollowSymLinks
<IfModule mod_php.c>
php_flag register_globals off
</IfModule>
<IfModule mod_dir.c>
DirectoryIndex index.php
</IfModule>
<Files configtest.php>
order deny,allow
deny from all
allow from 127.0.0.1
</Files>
</Directory>
To put them in these two files:
/etc/apache2/sites-enabled/myvps.com.conf
/etc/apache2/sites-enabled/myvps.com-le-ssl.conf
The first file was created by us before. The second was created by certbot automatically. Both them are config files for Apache.
Please notice:
The last, restart Apache webserver:
sudo service apache2 restart
All done now.
If you prefer webmail, just open browser and access this URL:
https://myvps.com/
Squirrelmail login interface will appear here. Input the username and password you setup before to login.
If you want to access email from clients such as thunderbird, just use these settings:
IMAP server: mail.myvps.com
IMAP port: 143
Secure Protocol: StartTLS
SMTP server: mail.myvps.com
SMTP port: 587
Secure Protocol: StartTLS
You should replace myvps.com with your own domain name in settings above.
Following this guide, I hope you are doing well on setting up a new email server.
Return to home | Generated on 04/28/23