User:Paul/sandbox/Fully-functional mail server with Postfix, Dovecot and MySQL

WARNING: This article is in a user sandbox, indicating it is a rough draft, and as such, is likely incomplete, contains buggy and insecure configurations, and is subject to substantial and frequent changes.

This article series covers setting up a full mail server on a UNPM server. The mail server will support SMTP, POP3 and IMAP, secure connection for clients, secure connection available for other mail servers, serving mail for multiple domains, and spam control.

For a primer on mail servers, please see the Mail servers article.

The configurations used are largely an amalgam of two mail server configuration guides, a comprehensive Ex Ratione blog post, A Mailserver on Ubuntu 12.04: Postfix, Dovecot, MySQL, and the Ars Technica Taking e-mail back series of articles written by Lee Hutchinson. In addition to the packages installed in those articles, this configuration will also include installation of SPF and DMARC record testing in the server.

Packages used
Postgrey will provide greylisting, a Python SPF script will be used for evaluating SPF records, OpenDKIM will be used for evaluating DKIM records, OpenDMARC will be used to evaluate DMARC records, SpamAssassin will evaluate the results of the previous record checks as well as other factors and assign a spam rating to the email, Postfix is used as the MTA, Dovecot as the MDA, and Postfix Admin will be used for managing the MySQL database that Postfix and Dovecot get user and domain information from. Roundcube will be used as a webmail interface.

The order of configuring the packages in the server is based more on gaining an understanding of each package installed, so the biggest piece of the mail server, Postfix, is configured last, since it will incorporate all of the packages installed before it.

Prerequisites
Peform the following steps before beginning the configuration.

Nearly all of the commands in this article require :

username@servername:~$ sudo -i

Hostname
The hostname of the server must be.

root@servername:~# nano /etc/hostname

The contents of the file must be:

mail.example.com

root@servername:~# nano /etc/hosts

The first line must contain the hostname:

127.0.0.1 mail.example.com localhost

Note that if the server is a VPS or cloud server, if the hypervisor is rebooted, these settings may be reverted to the original settings the server was configured with, which will cause the mail functions of the server to stop working without any notification. The best way to circumvent this issue is to create the server such that these settings are already in place, which may be possible by naming the server  when creating it in the ISP's dashboard, or renaming it, if the option to do so is available.

SSL/TLS certificates
To avoid SSL/TLS warnings from email clients, the certificate for the domain used will have to include the mail subdomain (e.g. mail.example.com). In the world of mail clients, the warnings tend to be much softer and less obtrusive than browser warnings. However, if even this is to be avoided, the solutions are to either pay for a certificate ($59.90/year from StartSSL) to add additional subdomains or use a domain exclusively for the mail domain (e.g., StartSSL certificate for example.com and mail.example.com).

DNS entries
The mail server can manage many domains, even multiple domains using mail as the subdomain, but it is generally easiest to use one domain as the mail server domain that will be used in all MX records (e.g. mail.example.com manages mail for mail.example2.com). This is a common practice among many ISPs and it is very rare that anyone ever notices since the only way to discover this information is to run a DNS query or view an email header (BlackBerry, for example, always sends email from its own server for BIS customers, but nobody every notices).

For the mail server domain, create A/AAAA records pointing mail.example.com to the IP address of the server (in addition to standard  and   A/AAAA records), and create MX records for , and any other domain that the server will serve mail for, and point them to   with a priority of.

Install base packages
The following packages will be required for this setup (note the  which is used to install meta-packages):

root@servername:~# apt-get install mail-server^

During the installation of Postfix, select 'Internet site'. When asked for the system mail name, use, although this setting will not really apply to the final setup since the mail server will be using a MySQL database for domain management.

Updated versions of Dovecot and Postfix are available through PPAs instead of the rather dated (though still relatively secure) versions in the official Ubuntu repositories. This is also a good time to install several of the supporting packages. Note that the PPAs should not be added before installing the  meta-package.

root@servername:~# add-apt-repository ppa:malte.swart/dovecot-2.2 root@servername:~# add-apt-repository ppa:ondrej/postfix+dane root@servername:~# aptitude update && aptitude upgrade root@servername:~# aptitude install postfix-mysql dovecot-mysql dovecot-imapd bcrypt php5-imap php-xml-parser

Although the PPA for Postfix states "with DANE support", there is nothing particularly special about the package, as DANE support is simply a new feature in Postfix 2.11.0 and the optional DANE support is only applicable to servers using DNSSEC.

Set up the database
This database will be used to store all of the information for user accounts and mail domains, but is not used for storing actual emails.

root@servername:~# mysql -uroot -p MariaDB [(none)]> create database mail; MariaDB [(none)]> grant all on mail.* to 'mail'@'localhost' identified by 'mailpassword'; MariaDB [(none)]> exit

nginx configuration
Mail server configuration settings are separate and do not affect or involve nginx, except for the components that may be served by nginx, such as Postfix Admin and Roundcube.

Nest step
Install Postgrey.