Installing and configuring postfix
Step 1 » Assign static IP and hostname and add a host entry for the host name .
Assign hostname in /etc/hostname
mail.itkylin.com
Add a hostentry in /etc/hosts
192.168.30.8 mail.itkylin.com
Step 2 » Update the repositories.
itkylin.com@mail:~$ sudo apt-get update
Step 3 » Install postfix and dependencies . Press enter for all prompted questions during installation. we will do that in the next step.
itkylin.com@mail:~$ sudo apt-get install postfix
Step 4 » After installation issue the below command to configure postfix.
itkylin.com@mail:~$ sudo dpkg-reconfigure postfix
Now you will be prompted for set of details . choose the following values and replace itkylin.com.com with your domain name.
1. Internet Site
2. itkylin.com
3. itkylin
4. itkylin.com, localhost.localdomain, localhost
5. No
6. 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24
7. 0
8. +
9. all
Step 5 » Now configure Postfix for SMTP-AUTH using Dovecot SASL by adding the below lines to postfix config file /etc/postfix/main.cf .
home_mailbox = Maildir/
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
Step 6 » Now generate a digital certificate for tls. Issue the commands one by one and provide details as per your domain.
itkylin.com@mail:~$ openssl genrsa -des3 -out server.key 2048
itkylin.com@mail:~$ openssl rsa -in server.key -out server.key.insecure
itkylin.com@mail:~$ mv server.key server.key.secure
itkylin.com@mail:~$ mv server.key.insecure server.key
itkylin.com@mail:~$ openssl req -new -key server.key -out server.csr
itkylin.com@mail:~$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
itkylin.com@mail:~$ sudo cp server.crt /etc/ssl/certs
itkylin.com@mail:~$ sudo cp server.key /etc/ssl/private
Step 7 » Now configure certificate path
itkylin.com@mail:~$ sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'
itkylin.com@mail:~$ sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'
Step 8 » Open /etc/postfix/master.cf file and uncomment below lines to enable smtps ( 465 ) and submission ( 587 ) .
|
1
2
3
4
5
6
7
8
9
10
11
12
|
submission inet n – – – – smtpd
–o syslog_name=postfix/submission
–o smtpd_tls_security_level=encrypt
–o smtpd_sasl_auth_enable=yes
–o smtpd_relay_restrictions=permit_sasl_authenticated,reject
–o milter_macro_daemon_name=ORIGINATING
smtps inet n – n – – smtpd
–o syslog_name=postfix/smtps
–o smtpd_tls_wrappermode=yes
–o smtpd_sasl_auth_enable=yes
–o smtpd_relay_restrictions=permit_sasl_authenticated,reject
–o milter_macro_daemon_name=ORIGINATING
|
Step 9 » Now install Dovecot SASL by typing the below command.
itkylin.com@mail:~$ sudo apt-get install dovecot-common
Issue the following values for the prompts during installation.
1. yes
2. mail.itkylin.com
Step 10 » Make changes to the files as follows.
Open /etc/dovecot/conf.d/10-master.conf file and find # Postfix smtp-auth line ( line no:95 ) and add the below lines .
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
Open /etc/dovecot/conf.d/10-auth.conf file and find (line no:100)
auth_mechanisms = plain
and replace
auth_mechanisms = plain login
Step 11 » Restart postfix and dovecot services
itkylin.com@mail:~$ sudo service postfix restart
itkylin.com@mail:~$ sudo service dovecot restart
Step 12 » Now test SMTP-AUTH and smtp/pop3 port access .
Type the below command and should get below response.
itkylin.com@mail:~$ telnet mail.itkylin.com 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.itkylin.coma.com ESMTP Postfix (Ubuntu)
now type ehlo mail.itkylin.com and should get below response , please make sure you get those bolded lines .
ehlo mail.itkylin.com
250-mail.itkylin.com
--------
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
---------
250 DSN
and try the same with port 587 (telnet mail.itkylin.com.com 587).
Postfix configuration is over, continue for dovecot installation.
» Installing and configuring dovecot
Step 12 » Install dovecot using the below command
itkylin.com@mail:~$ sudo apt-get install dovecot-imapd dovecot-pop3d
Step 13 » Now configure mailbox. Open /etc/dovecot/conf.d/10-mail.conf file and find (Line no:30 )
mail_location = mbox:~/mail:INBOX=/var/mail/%u
Replace with
mail_location = maildir:~/Maildir
Step 14 » Now change pop3_uidl_format . Open /etc/dovecot/conf.d/20-pop3.conf file and find and uncomment the below line ( Line no : 50 )
pop3_uidl_format = %08Xu%08Xv
Step 15 » Now enable SSL . Open /etc/dovecot/conf.d/10-ssl.conf file and find and uncomment the below line ( Line no : 6 )
ssl = yes
Step 16 »Restart dovecot service.
itkylin.com@mail:~$ sudo service dovecot restart
Step 17 » Now test pop3 and imap port access using the telnet command.
itkylin.com@mail:~$ telnet mail.itkylin.com.com 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot (Ubuntu) ready.
Repeat the same for 995,993,143 ports.
OR check for listening ports using netstat command .
Step 18 » Create some users and check using mail clients like thunderbird or outlook
itkylin.com@mail:~$ sudo useradd -m andy -s /sbin/nologin
itkylin.com@mail:~$ sudo passwd andy
Now mail server is ready, you can send and receive mail using the server. Continue for squirrelmail ..
The client(e.g:outlook express) only supports receiving emails using tls(995).
» Installing and configuring squirrelmail
Step 19 » Install squirrelmail using the below command. This will install apache and PHP packages.
itkylin.com@mail:~$ sudo apt-get install squirrelmail
Step 20 » Configure squirrelmail
itkylin.com@mail:~$ sudo squirrelmail-configure
Everything is pre-configured , we just need to change Organization name .
» Press 1 (Organization Preferences) » again press 1 (Organization Name) » Organization Name » Press S » Press Q to quit
Step 19 » Now configure apache to enable squirrelmail .
itkylin.com@mail:~$ sudo cp /etc/squirrelmail/apache.conf /etc/apache2/sites-available/squirrelmail.conf
itkylin.com@mail:~$ sudo a2ensite squirrelmail
Step 20 » Restart Apache service
itkylin.com@mail:~$ sudo service apache2 restart
Step 21 » Now open http://serverIP/squirrelmail in your browser and login using username (andy) . you can send and receive mail using squirrelmail.
Okay .. its over now ..
Test mail:
mail -s “here is subject” [email protected] < here_is_text_content.text
PS: nginx.conf configure:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | location /squirrelmail {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/squirrelmail/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
#fastcgi_pass 127.0.0.1:9000;
#fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#include /etc/nginx/fastcgi_params;
#fastcgi_param HTTPS $fastcgi_https;
#fastcgi_param HTTPS on;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~* ^/squirrelmail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /webmail {
rewrite ^/* /squirrelmail last;
} |
Please note when you decide to move server to the production, it is very important to implement Spam filter and antivirus . please check this post for more detail Postfix spamfilter and antivirus implementation