Академический Документы
Профессиональный Документы
Культура Документы
Following this tutorial you'll be able to add virtual domains, users, and aliases. Moreover, your
virtual server will be secure from spam hub.
Prerequisites
Before setting up your mail server, it's necessary your VPS has the following:
Installing packages as the root user is useful because you have all privileges.
sudo -i
Introduce your user's password. Once it's successful, you will see that $ symbol changes to #.
Postfix configuration will ask about System mail name you could use your FDQN or main
domain.
Step 2: Create a MySQL Database, Virtual Domains,
Users and Aliases
After the installation finishes, we are going to create a MySQL database to configure three
different tables: one for domains, one for users and the last one for aliases.
We are going to name the database servermail, but you can use whatever name you want.
mysql -u root -p
Enter your MySQL root's password; if it's successful you will see:
mysql >
First we need to create a new user, specific for mail authentication, and we are going to give
SELECT permission.
After that, we need to reload MySQL privileges to ensure it applies those permissions
successfully:
Virtual Domains
Here we are going to introduce your domains inside the virtual_domains table. You can add all
the domains you want, but in this tutorial we are going to introduce just the primary domain
(example.com) and your FQDN (hostname.example.com).
Virtual Emails
We are going to introduce the email address and passwords associated for each domain. Make
sure you change all the info with your specific information.
Virtual Aliases
We are going to introduce the email address (source) that we are going to forward to the other
email address (destination).
First we need to create a copy of the default file, in case you want to revert to the default
configuration.
cp /etc/postfix/main.cf /etc/postfix/main.cf.orig
Open the main.cf file to modify it:
nano /etc/postfix/main.cf
First we need to comment the TLS Parameters and append other parameters. In this tutorial, we
are using the Free SSL certificates and the paths that are suggested in the tutorial (link), but you
could modify depending your personal configurations.
# TLS parameters
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_use_tls=yes
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_cert_file=/etc/ssl/certs/dovecot.pem
smtpd_tls_key_file=/etc/ssl/private/dovecot.pem
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
Then we are going to append the following parameters below the TLS settings that we have
changed in the previous step:
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
We need to comment the mydestination default settings and replace it with localhost.
This change allows your VPS to use the virtual domains inside the MySQL table.
virtual_transport = lmtp:unix:private/dovecot-lmtp
Finally, we need to add these three parameters to tell Postfix to configure the virtual domains,
users and aliases.
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-
domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
Note: Compare these changes with this file to detect mistakes or errors:
https://www.dropbox.com/s/x9fpm9v1dr86gkw/etc-postfix-main.cf.txt
We are going to create the final three files that we append in the main.cf file to tell Postfix how
to connect with MySQL.
nano /etc/postfix/mysql-virtual-mailbox-domains.cf
user = usermail
password = mailpassword
hosts = 127.0.0.1
dbname = servermail
query = SELECT 1 FROM virtual_domains WHERE name='%s'
Then we need to restart Postfix.
nano /etc/postfix/mysql-virtual-mailbox-maps.cf
user = usermail
password = mailpassword
hosts = 127.0.0.1
dbname = servermail
query = SELECT 1 FROM virtual_users WHERE email='%s'
We need to restart Postfix again.
nano /etc/postfix/mysql-virtual-alias-maps.cf
user = usermail
password = mailpassword
hosts = 127.0.0.1
dbname = servermail
query = SELECT destination FROM virtual_aliases WHERE source='%s'
Restart Postfix
nano /etc/postfix/master.cf
We need to uncomment these lines and append other parameters:
cp /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.orig
cp /etc/dovecot/conf.d/10-mail.conf /etc/dovecot/conf.d/10-mail.conf.orig
cp /etc/dovecot/conf.d/10-auth.conf /etc/dovecot/conf.d/10-auth.conf.orig
cp /etc/dovecot/dovecot-sql.conf.ext /etc/dovecot/dovecot-
sql.conf.ext.orig
cp /etc/dovecot/conf.d/10-master.conf /etc/dovecot/conf.d/10-
master.conf.orig
cp /etc/dovecot/conf.d/10-ssl.conf /etc/dovecot/conf.d/10-ssl.conf.orig
Edit configuration file from Dovecot.
nano /etc/dovecot/dovecot.conf
Verify this option is uncommented.
!include conf.d/*.conf
We are going to enable protocols (add pop3 if you want to) below the !include_try
/usr/share/dovecot/protocols.d/*.protocol line .
!include_try /usr/share/dovecot/protocols.d/*.protocol
protocols = imap lmtp
Note: Compare these changes with this file to detect mistakes or errors:
https://www.dropbox.com/s/wmbe3bwy0vcficj/etc-dovecot-dovecot.conf.txt
Then we are going to edit the mail configuration file:
nano /etc/dovecot/conf.d/10-mail.conf
Find the mail_location line, uncomment it, and put the following parameter:
mail_location = maildir:/var/mail/vhosts/%d/%n
Find the mail_privileged_group line, uncomment it, and add the mail parameter like so:
mail_privileged_group = mail
Note: Compare these changes with this file to detect mistakes or errors:
https://www.dropbox.com/s/hnfeieuy77m5b0a/etc.dovecot.conf.d-10-
mail.conf.txt
Verify permissions
Enter this command:
ls -ld /var/mail
Ensure permissions are like this:
mkdir -p /var/mail/vhosts/example.com
Create a vmail user and group with an id of 5000
nano /etc/dovecot/conf.d/10-auth.conf
Uncomment plain text authentication and add this line:
disable_plaintext_auth = yes
Modify auth_mechanisms parameter:
#!include auth-system.conf.ext
Enable MySQL authorization by uncommenting this line:
!include auth-sql.conf.ext
Note: Compare these changes with this file to detect mistakes or errors:
https://www.dropbox.com/s/4h472nqrj700pqk/etc.dovecot.conf.d.10-
auth.conf.txt
We need to create the /etc/dovecot/dovecot-sql.conf.ext file with your information for
authentication:
nano /etc/dovecot/conf.d/auth-sql.conf.ext
Enter the following code in the file:
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
}
We need to modify the /etc/dovecot/dovecot-sql.conf.ext file with our custom
MySQL information:
nano /etc/dovecot/dovecot-sql.conf.ext
Uncomment the driver parameter and set mysql as parameter:
driver = mysql
Uncomment the connect line and introduce your MySQL specific information:
default_pass_scheme = SHA512-CRYPT
Uncomment the password_query line and add this information:
https://www.dropbox.com/s/48a5r0mtgdz25cz/etc.dovecot.dovecot-
sql.conf.ext.txt
Change the owner and the group of the dovecot folder to vmail user:
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
#group =
}
#unix_listener /var/spool/postfix/private/auth {
# mode = 0666
#}
user = dovecot
}
Modify service auth-worker like this:
service auth-worker {
# Auth worker process is run as root by default, so that it can access
# /etc/shadow. If this isn't necessary, the user should be changed to
# $default_internal_user.
user = vmail
}
Note: Compare these changes with this file to detect mistakes or errors:
https://www.dropbox.com/s/g0vnt233obh6v2h/etc.dovecot.conf.d.10-
master.conf.txt
Finally, we are going to modify the SSL configuration file from Dovecot (skip this step if you
are going to use default configuration).
# nano /etc/dovecot/conf.d/10-ssl.conf
Change the ssl parameter to required:
ssl = required
And modify the path for ssl_cert and ssl_key:
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
Restart Dovecot
- Username: email1@example.com
- IMAP: example.com
- SMTP: example.com
Note: use port 993 for secure IMAP and port 587 or 25 for SMTP.
nano /etc/default/spamassassin
We need to change the ENABLED parameter to enable SpamAssassin daemon.
ENABLED=1
We need to configure the home and options parameters.
SPAMD_HOME="/home/spamd/"
OPTIONS="--create-prefs --max-children 5 --username spamd --helper-home-
dir ${SPAMD_HOME} -s ${SPAMD_HOME}spamd.log"
Then we need to specify the PID_File parameter like this:
PIDFILE="${SPAMD_HOME}spamd.pid"
Finally, we need to specify that SpamAssassin's rules will be updated automatically.
CRON=1
Note: Compare these changes with this file to detect mistakes or errors:
https://www.dropbox.com/s/ndvpgc2jipdd4bk/etc.default.spamassassin.txt
We need to open /etc/spamassassin/local.cf to set up the anti-spam rules.
nano /etc/spamassassin/local.cf
SpamAssassin will score each mail and if it determines this email is greater than 5.0 on its spam
check, then it automatically will be considered spam. You could use the following parameters to
configure the anti-spam rules:
nano /etc/postfix/master.cf
Then we need to find the following line and add the spamassassin filter: