Install and configure Postfix and Dovecot

On this article we are going to present you tips on how to set up and configure Postfix and Dovecot, the 2 major elements of our mail system.

Postfix is an open-source mail switch agent (MTA), a service used to ship and obtain emails. Dovecot is an IMAP/POP3 server and in our setup it’ll additionally deal with native supply and consumer authentication.

This tutorial was written for Ubuntu 16.04, nonetheless the identical steps with small modifications ought to work on any newer model of Ubuntu.

Earlier than persevering with with this tutorial, be sure to are logged in as a consumer with sudo privileges .

Set up Postfix and Dovecot

Dovecot packages within the Ubuntu default repositories are outdated. With a view to reap the benefits of the imap_sieve module we are going to set up Dovecot from the Dovecot neighborhood repository.

Add the repository GPG key to your apt sources keyring with the next wget command:

$ wget -O- https://repo.dovecot.org/DOVECOT-REPO-GPG | sudo apt-key add -

Allow the Dovecot neighborhood repository utilizing the next command:

$ echo "deb https://repo.dovecot.org/ce-2.3-latest/ubuntu/$(lsb_release -cs) $(lsb_release -cs) major" | sudo tee -a /and so on/apt/sources.checklist.d/dovecot.checklist
$ sudo apt replace
$ sudo debconf-set-selections <<< "postfix postfix/mailname string $(hostname -f)"
$ sudo debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Web Website'"
$ sudo apt set up postfix postfix-mysql dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql

Postfix Configuration

We’ll setup Postfix to make use of digital mailboxes and domains.

Begin by creating the sql configuration recordsdata which can instruct postfix tips on how to entry the MySQL database , created within the first a part of this collection.

$ sudo mkdir -p /and so on/postfix/sql

Open your textual content editor and create the next recordsdata:

/and so on/postfix/sql/mysql_virtual_domains_maps.cf
consumer = postfixadmin
password = P4ssvv0rD
hosts = 127.0.0.1
dbname = postfixadmin
question = SELECT area FROM area WHERE area='%s' AND lively = '1'
/and so on/postfix/sql/mysql_virtual_alias_maps.cf
consumer = postfixadmin
password = P4ssvv0rD
hosts = 127.0.0.1
dbname = postfixadmin
question = SELECT goto FROM alias WHERE handle='%s' AND lively = '1'
/and so on/postfix/sql/mysql_virtual_alias_domain_maps.cf
consumer = postfixadmin
password = P4ssvv0rD
hosts = 127.0.0.1
dbname = postfixadmin
question = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.handle = CONCAT('%u', '@', alias_domain.target_domain) AND alias.lively = 1 AND alias_domain.lively='1'
/and so on/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
consumer = postfixadmin
password = P4ssvv0rD
hosts = 127.0.0.1
dbname = postfixadmin
question  = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.handle = CONCAT('@', alias_domain.target_domain) AND alias.lively = 1 AND alias_domain.lively='1'
/and so on/postfix/sql/mysql_virtual_mailbox_maps.cf
consumer = postfixadmin
password = P4ssvv0rD
hosts = 127.0.0.1
dbname = postfixadmin
question = SELECT maildir FROM mailbox WHERE username='%s' AND lively = '1'
/and so on/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
consumer = postfixadmin
password = P4ssvv0rD
hosts = 127.0.0.1
dbname = postfixadmin
question = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.lively = 1 AND alias_domain.lively='1'

As soon as the SQL configuration recordsdata are created, replace the primary postfix configuration file to incorporate details about the digital domains, customers, and aliases that are saved within the MySQL database .

$ sudo postconf -e "virtual_mailbox_domains = mysql:/and so on/postfix/sql/mysql_virtual_domains_maps.cf"
$ sudo postconf -e "virtual_alias_maps = mysql:/and so on/postfix/sql/mysql_virtual_alias_maps.cf, mysql:/and so on/postfix/sql/mysql_virtual_alias_domain_maps.cf, mysql:/and so on/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf"
$ sudo postconf -e "virtual_mailbox_maps = mysql:/and so on/postfix/sql/mysql_virtual_mailbox_maps.cf, mysql:/and so on/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf"

The native supply agent will ship the incoming emails to the customers’ mailboxes. Run the next command to set Dovecot’s LMTP service as a default mail supply transport:

$ sudo postconf -e "virtual_transport = lmtp:unix:personal/dovecot-lmtp"

Set the TL parameters utilizing the beforehand generated Let’s encrypt SSL certificates:

$ sudo postconf -e 'smtp_tls_security_level = could'
$ sudo postconf -e 'smtpd_tls_security_level = could'
$ sudo postconf -e 'smtp_tls_note_starttls_offer = sure'
$ sudo postconf -e 'smtpd_tls_loglevel = 1'
$ sudo postconf -e 'smtpd_tls_received_header = sure'
$ sudo postconf -e 'smtpd_tls_cert_file = /and so on/letsencrypt/stay/mail.linuxconcept.com/fullchain.pem'
$ sudo postconf -e 'smtpd_tls_key_file = /and so on/letsencrypt/stay/mail.linuxconcept.com/privkey.pem'

Configure the authenticated SMTP settings and hand off authentication to Dovecot:

$ sudo postconf -e 'smtpd_sasl_type = dovecot'
$ sudo postconf -e 'smtpd_sasl_path = personal/auth'
$ sudo postconf -e 'smtpd_sasl_local_domain ='
$ sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
$ sudo postconf -e 'broken_sasl_auth_clients = sure'
$ sudo postconf -e 'smtpd_sasl_auth_enable = sure'
$ sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'

We’ll additionally have to edit the Postfix grasp configuration file grasp.cf and allow the submission port (587) and smtps port (465).

Open the file along with your textual content editor and uncomment/edit the next traces:

/and so on/postfix/grasp.cf
submission inet n       -       y       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=sure
#  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       y       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=sure
  -o smtpd_sasl_auth_enable=sure
#  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

Restart the postfix service for modifications to take impact.

$ sudo systemctl restart postfix

At this level you’ve efficiently configured the Postfix service.

Configure Dovecot

On this part, we’ll configure Dovecot to match our setup. Be sure you edit the traces highlighted in yellow.

Begin by configuring the dovecot-sql.conf.ext file that instructs Dovecot tips on how to entry the database and tips on how to discover the details about e mail accounts.

/and so on/dovecot/dovecot-sql.conf.ext
driver = mysql
join = host=127.0.0.1 dbname=postfixadmin consumer=postfixadmin password=P4ssvv0rD
default_pass_scheme = MD5-CRYPT
iterate_query = SELECT username AS consumer FROM mailbox
user_query = SELECT CONCAT('/var/mail/vmail/',maildir) AS residence, \
  CONCAT('maildir:/var/mail/vmail/',maildir) AS mail, \
  5000 AS uid, 5000 AS gid, CONCAT('*:bytes=',quota) AS quota_rule \
  FROM mailbox WHERE username = '%u' AND lively = 1
password_query = SELECT username AS consumer,password FROM mailbox \
  WHERE username = '%u' AND lively='1'

Don’t forget to make use of the proper MySQL credentials (dbname, consumer and password).

Subsequent, edit the conf.d/10-mail.conf file and edit the next variables:

/and so on/dovecot/conf.d/10-mail.conf
...
mail_location = maildir:/var/mail/vmail/%d/%n
...
mail_uid = vmail
mail_gid = vmail
...
first_valid_uid = 5000
last_valid_uid = 5000
...
mail_privileged_group = vmail
...
mail_plugins = quota
...

To make the authentication work, open the conf.d/10-auth.conf, edit the next traces and embody the auth-sql.conf.ext file:

/and so on/dovecot/conf.d/10-auth.conf
...
disable_plaintext_auth = sure
...
auth_mechanisms = plain login
...
#!embody auth-system.conf.ext
!embody auth-sql.conf.ext
...

Open the conf.d/10-master.conf file, and modify it as follows:

/and so on/dovecot/conf.d/10-master.conf
...
service lmtp {
  unix_listener /var/spool/postfix/personal/dovecot-lmtp
    mode = 0600
    consumer = postfix
    group = postfix
...
}
...
service auth {
  ...
  unix_listener auth-userdb
  ...
  unix_listener /var/spool/postfix/personal/auth
  ...
}
...
service auth-worker
...
service dict {
  unix_listener dict
    mode = 0660
    consumer = vmail
    group = vmail
}
...

Open the conf.d/10-ssl.conf and allow SSL/TLS.

/and so on/dovecot/conf.d/10-ssl.conf
...
ssl = sure
...
ssl_cert = </and so on/letsencrypt/stay/mail.linuxconcept.com/fullchain.pem
ssl_key = </and so on/letsencrypt/stay/mail.linuxconcept.com/privkey.pem
ssl_dh = </and so on/ssl/certs/dhparam.pem
...
ssl_cipher_list = EECDH+AES:EDH+AES+aRSA
...
ssl_prefer_server_ciphers = sure
...

Open the conf.d/20-imap.conf file and activate the imap_quota plugin:

/and so on/dovecot/conf.d/20-imap.conf
...
protocol imap {
  ...
  mail_plugins = $mail_plugins imap_quota
  ...
}
...

Open the conf.d/20-lmtp.conf file and edit it as follows:

/and so on/dovecot/conf.d/20-lmtp.conf
...
protocol lmtp {
  postmaster_address = postmaster@linuxconcept.com
  mail_plugins = $mail_plugins
}
...

Outline the default Mailboxes within the conf.d/20-lmtp.conf file:

/and so on/dovecot/conf.d/15-mailboxes.conf
...
mailbox Drafts {
  special_use = \Drafts
}
mailbox Spam {
  special_use = \Junk
  auto = subscribe
}
mailbox Junk {
  special_use = \Junk
}
...

There are two several types of quota sizes, one is about for all the area and the opposite per consumer mailbox. Within the earlier a part of this collection we’ve already enabled the quota assist in PostfixAdmin which implies the quota data can be saved within the PostfixAdmin database.

Now we have to configure Dovecot to connect with the database, to deal with quota limits and to run a script that sends a mail to the consumer when consumer’s quota exceeds a specified restrict. To take action open the conf.d/90-quota.conf file and modify it as follows:

/and so on/dovecot/conf.d/90-quota.conf
plugin
  quota = dict:Person quota::proxy::sqlquota
  quota_rule = *:storage=5GB
  quota_rule2 = Trash:storage=+100M
  quota_grace = 10%%
  quota_exceeded_message = Quota exceeded, please contact your system administrator.
  quota_warning = storage=100%% quota-warning 100 %u
  quota_warning2 = storage=95%% quota-warning 95 %u
  quota_warning3 = storage=90%% quota-warning 90 %u
  quota_warning4 = storage=85%% quota-warning 85 %u
service quota-warning {
  executable = script /usr/native/bin/quota-warning.sh
  consumer = vmail
  unix_listener quota-warning
    group = vmail
  	mode = 0660
  	consumer = vmail
}
dict
  sqlquota = mysql:/and so on/dovecot/dovecot-dict-sql.conf.ext

We additionally want to inform dovecot tips on how to entry the quota SQL dictionary. Open the dovecot-dict-sql.conf.ext file and edit the next traces:

/and so on/dovecot/dovecot-dict-sql.conf.ext
...
join = host=127.0.0.1 dbname=postfixadmin consumer=postfixadmin password=P4ssvv0rD
...
map
  sample = priv/quota/storage
  desk = quota2
  username_field = username
  value_field = bytes
map
...
# map {
#   sample = shared/expire/$consumer/$mailbox
#   desk = expires
#   value_field = expire_stamp
#
#   fields
# }
...

Create the next shell script which can ship an e mail to the consumer if its quota exceeds a specified restrict:

/usr/native/bin/quota-warning.sh
#!/bin/sh
PERCENT=$1
USER=$2
cat << EOF | /usr/lib/dovecot/dovecot-lda -d $USER -o "plugin/quota=dict:Person quota::noenforcing:proxy::sqlquota"
From: postmaster@linuxconcept.com
Topic: Quota warning
Your mailbox is now $PERCENT% full.
EOF

Make the script executable by operating the next chmod command:

$ sudo chmod +x /usr/native/bin/quota-warning.sh

Lastly restart the dovecot service for modifications to take impact.

$ sudo systemctl restart dovecot

Conclusion

By now you must have a totally useful mail system. Within the subsequent a part of this collection, we are going to present you tips on how to set up and combine Rspamd.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Related Articles