User:Paul/sandbox/Fully-functional mail server with Postfix, Dovecot and MySQL

WARNING: This article is in a user sandbox, indicating it is a rough draft, and as such, is likely incomplete, contains buggy and insecure configurations, and is subject to substantial and frequent changes.

This article series covers setting up a full mail server on a UNPM server. The mail server will support SMTP, POP3 and IMAP, secure connection for clients, secure connection available for other mail servers, serving mail for multiple domains, and spam control.

For a primer on mail servers, please see the

The configurations used are largely an amalgam of two mail server configuration guides, a comprehensive Ex Ratione blog post, A Mailserver on Ubuntu 12.04: Postfix, Dovecot, MySQL, and the Ars Technica Taking e-mail back series of articles written by Lee Hutchinson. In addition to the packages installed in those articles, this configuration will also include installation of SPF and DMARC record testing in the server.

Packages used
Postgrey will provide greylisting, a Python SPF script will be used for evaluating SPF records, OpenDKIM will be used for evaluating DKIM records, OpenDMARC will be used to evaluate DMARC records, SpamAssassin will evaluate the results of the previous record checks as well as other factors and assign a spam rating to the email, Postfix is used as the MTA, Dovecot as the MDA, and Postfix Admin will be used for managing the MySQL database that Postfix and Dovecot get user and domain information from. Roundcube will be used as a webmail interface.

The order of configuring the packages in the server is based more on gaining an understanding of each package installed, so the biggest piece of the mail server, Postfix, is configured last, since it will incorporate all of the packages installed before it.

Prerequisites
Peform the following steps before beginning the configuration.

Nearly all of the commands in this article require :

username@servername:~$ sudo /bin/bash

Hostname
The hostname of the server must be.

root@servername:~# nano /etc/hostname

The contents of the file must be:

mail.example.com

root@servername:~# nano /etc/hosts

The first line must contain the hostname:

127.0.0.1 mail.example.com localhost

Note that if the server is a VPS or cloud server, if the hypervisor is rebooted, these settings may be reverted to the original settings the server was configured with, which will cause the mail functions of the server to stop working without any notification. The best way to circumvent this issue is to create the server such that these settings are already in place, which may be possible by naming the server  when creating it in the ISP's dashboard, or renaming it, if the option to do so is available.

SSL/TLS certificates
One thing to note is that to avoid SSL/TLS warnings from email clients, the certificate for the domain used will have to include the mail subdomain (e.g. mail.example.com). In the world of mail clients, the warnings tend to be much softer and less obtrusive than browser warnings. However, if even this is to be avoided, the solutions are to either pay for a certificate ($59.90/year from StartSSL) to add additional subdomains or use a domain exclusively for the mail domain (e.g., StartSSL certificate for example.com and mail.example.com).

DNS entries
The mail server can manage many domains, even multiple domains using mail as the subdomain, but is generally easiest to use one domain as the mail server (e.g. mail.example.com manages mail for mail.example2.com) domain that will be used in all MX records. This is a common practice among many ISPs and it is very rare that anyone ever notices since the only way to discover this information is to run a DNS query.

For the mail server domain, create A/AAAA records pointing to mail.example.com.

Install packages
The following packages will be required for this setup (note the  which is used to install meta-packages):

root@servername:~# aptitude install php-xml-parser root@servername:~# apt-get install mail-server^

During the mail-server set up, select 'Internet site'. When asked for the hostname, use, although this setting will not really apply to the final setup since the mail server will be using a MySQL database for domain management.

root@servername:~# aptitude install postfix-mysql dovecot-mysql dovecot-imapd postgrey root@servername:~# aptitude install amavis clamav clamav-daemon spamassassin root@servername:~# aptitude install php5-imap root@servername:~# aptitude install libnet-dns-perl pyzor razor root@servername:~# aptitude install arj cabextract nomarch pax

Set up the database
This database will be used to store all of the information for user accounts and mail domains.

root@servername:~# create database mail; root@servername:~# grant all on mail.* to 'mail'@'localhost' identified by 'mailpassword';

Install Postfix Admin and the database schema
Postfix Admin is a PHP based application that handles Postfix style virtual domains and users that are stored in the database. The application has a user-friendly web-based GUI.

root@servername:~# wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.3.7/postfixadmin-2.3.7.tar.gz root@servername:~# tar -xvf postfixadmin-2.3.7.tar.gz

root@servername:~#

Configure nginx
It is important to understand that nginx and other mail server configuration settings are separate, except for the components that may be served by nginx, such as Postfix Admin and Roundcube.

Depending on the subdomain being used for the mail server, the web packages may be served from mail.example.com</tt> or www.example.com/mail</tt>