Garak: Created page with " Category:Bugweis {| align="right" | TOC |} '''How to set up an incoming email server'''

Here is a guide on gettin..."

2021-05-22T16:20:07Z

Created page with " Category:Bugweis  {| align="right" | __TOC__ |} '''How to set up an incoming email server'''<br><br> Here is a guide on gettin..."

New page

[[Category:Bugweis]]

{| align="right"
| __TOC__
|}
'''How to set up an incoming email server'''<br><br>
Here is a guide on getting incoming email services running on Ubuntu using Postfix. This tutorial has been tested on Ubuntu 12.04. Please keep in mind that you have to be logged as root during the whole process.

== Postfix ==

Let’s get core email functionality going with Postfix.

<pre>
aptitude install postfix
</pre>

You will be asked a few questions. Unfortunately, the graphical configuration interface that was automatically launched was a condensed version. Confirm the defaults and run the full graphical configuration utility.

<pre>
dpkg-reconfigure postfix
</pre>

Again, you will be asked some questions:

* General type of mail configuration: '''Internet Site'''
* System mail name: '''mail.hostname.tld''' ''(Use the identity domain and replace the prefix as necessary)''
* Root and postmaster mail recipient: ''Leave blank'' (... or use your account name if you want to receive error reports)
* Other destinations to accept mail for: '''hostname.tld, localhost''' ''(Use the identity domain)''
* Force synchronous updates on mail queue: '''No'''
* Local networks: ''leave default''
* Use procmail for local delivery: '''Yes'''
* Mailbox size limit (bytes): '''0'''
* Local address extension character? ''leave default''
* Internet protocols to use: '''all'''

One more tweak to finish Postfix configuration.

<pre>
postconf -e 'home_mailbox = Maildir/'
</pre>

== Dovecot ==

Dovecot can act both as an IMAP server and a POP3 server with or without SSL. We will use secured versions of both protocols only. Install the package.

<pre>
aptitude install dovecot-imapd dovecot-pop3d
</pre>

To use IMAP and POP3 over SSL we need to create an SSL certificate to use with Dovecot. We'll use a self-signed certificate since this is not a public server and we would probably have a hard time getting a proper certificate from a trusted source. First we generate a private key for the certificate and make it readable only by root, and then we create the certificate itself:

<pre>
openssl genrsa -out /etc/ssl/private/dovecot.key 2048
chmod 400 /etc/ssl/private/dovecot.key
openssl req -new -x509 -key /etc/ssl/private/dovecot.key -out /etc/ssl/certs/dovecot.pem -days 1095
</pre>

Example input:

<pre>
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:London
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Hostname
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:mail.hostname.tld
Email Address []:admin@hostname.tld
</pre>

Make sure to provide the actual domain name of your mail server, e.g. mail.hostname.tld, when asked about the “Common Name”. Otherwise email clients will complain every time they connect to the server. Since this is a self-signed certificate not backed by a Certification Authority clients will complain the first time anyway, but if you save the certificate subsequent connects will go through silently.

'''(For Ubuntu 11 and older)'''

Edit the configuration file <code>/etc/dovecot/dovecot.conf</code>:

<pre>
protocols = imaps pop3s
mail_location = maildir:~/Maildir
disable_plaintext_auth = yes
ssl_cert_file = /etc/ssl/certs/dovecot.pem
ssl_key_file = /etc/ssl/private/dovecot.key
</pre>

'''(For Ubuntu 12 and newer)'''

Edit the configuration file <code>/etc/dovecot/conf.d/10-mail.conf</code>:

<pre>
mail_location = maildir:~/Maildir
</pre>

Edit the configuration file <code>/etc/dovecot/conf.d/10-auth.conf</code>:

<pre>
disable_plaintext_auth = yes
</pre>

Edit the configuration file <code>/etc/dovecot/conf.d/10-ssl.conf</code>:

<pre>
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.key
</pre>

Restart Dovecot with the new config:

<pre>
sudo /etc/init.d/dovecot restart
</pre>

== Whitelist / Blacklist by sender ==

'''OPEN''' <code>/etc/postfix/main.cf</code> and add a rule (the rule must be somewhere top that it be processed first):

<pre>
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access
</pre>

Next '''CREATE''' <code>/etc/postfix/sender_access</code>
*There insert the domains which you want ban/allow.
*'''Example:'''
<pre>
user1@hostname.tld REJECT
user2@hostname.tld OK
</pre>

Now you must rehash file for create dtb.

<pre>
postmap /etc/postfix/sender_access
</pre>

Restart postfix:

<pre>
/etc/init.d/postfix restart
</pre>

=== Script for add a banned domain to sender_access ===

'''CREATE''' <code>/usr/local/bin/addtoblacklist</code> and insert this:
<pre>
#!/bin/sh
if grep -q "$1" /etc/postfix/sender_access; then
echo "$1 already on sender_access"
else
echo "$1\tREJECT" >> /etc/postfix/sender_access
postmap /etc/postfix/sender_access
fi

</pre>

Example for adding domain:
<pre>
addtoblacklist user1@hostname.tld
</pre>

=== Script for add an allowed domain to sender_access ===

'''CREATE''' <code>/usr/local/bin/addtowhitelist</code> and insert this:
<pre>
#!/bin/sh
if grep -q "$1" /etc/postfix/sender_access; then
echo "$1 already on sender_access"
else
echo "$1\tOK" >> /etc/postfix/sender_access
postmap /etc/postfix/sender_access
fi

</pre>

Example for adding domain:
<pre>
addtowhitelist user1@hostname.tld
</pre>

Done!

== Testing ==
Test is very simply. You can sent test-mail to <code>user@[IP address for mail-server]</code>.

After sending the mail you just check Maildir of the user. If there is a new email, mail-server is works well.

ZhoubaWiki:HowToSetupImapServer - Revision history

Garak: Created page with " Category:Bugweis {| align="right" | __TOC__ |} '''How to set up an incoming email server''' Here is a guide on gettin..."

Garak: Created page with " Category:Bugweis {| align="right" | TOC |} '''How to set up an incoming email server'''

Here is a guide on gettin..."