Howto/Setup Postfix + dovecot sasl + dovecot imaps + maildir + virtual accounts + mysql + postfixadmin + PositiveSSL certificate + Roundcube on Ubuntu 10.04: Difference between revisions

From Interpause
Jump to navigationJump to search
Line 18: Line 18:
* mail group with gid 8 (should be already created)
* mail group with gid 8 (should be already created)
* maildir at /mnt/Remote1/Other/maildir (chown -R vmail:mail)
* maildir at /mnt/Remote1/Other/maildir (chown -R vmail:mail)
* mysql on default port with two databases: postfix and roundcubemail
* mysql server on default port
* smtp(s) and imaps servers all on the same server: interpause.com
* smtp(s) and imaps servers all on the same server: interpause.com
* PositiveSSL certificate for interpause.com in /etc/ssl/curr/ssl.crt
* PositiveSSL certificate for interpause.com in /etc/ssl/curr/ssl.crt

Revision as of 13:20, 16 January 2012

This howto attemps to document the steps I took to get my email server up and running using, as the title suggests, the Postfix SMTP server with authentication provided by dovecot SASL, the dovecot imaps (imap over SSL) server for client access, maildir storage of virtual accounts, the mysql database for storing account information, postfixadmin for managing virtual accounts, domains and aliases via a web interface, a PostiveSSL certificate for trusted encryption and Roundcube for a pretty webmail user interface.

The motivations for this guide

Setting up an email server on a fresh install of Ubuntu is THE step I dread the most, by far. The first time I did it was in 2009, a good 5+ years after having been introduced to Linux and setting up my first server. In my mind, I remember it taking me the better part of a week and even then I never got it fully working the way I wanted.

For one, I was authenticating SMTP connections using Cyrus-SASL which necessitated periodic restarts (/etc/init.d/saslauthd restart) via cron otherwise it would suddenly refuse authentication requests (the process would still be running but would simply refuse valid requests). Second, my valid Postive SSL certificates were being detected as untrusted requiring clients to force an exception when using imaps and stmps. Lastly, stmps refused to connect via SSL (like Google, Yahoo and my university's imap servers), accepting only TLS connections.

These last two points, it turns out, are quite easy to fix, following the yesterday's experience. The first point, however, I still do not know the solution to and do not care anymore because, as I will describe shortly, I have switched to Dovecot-SASL and do not intend on looking back.

The second and most recent time setting up the email server on a fresh Ubuntu install, as documented next, took me a full day and a half to resolve all issues in order to achieve my near perfect email setup. Near perfect because I am still missing a backup MX server where mail could pool whenever the main server goes offline. I hope to address this last point when I have more time.

My setup

  • smtp on port 25
  • smtps on port 465
  • dovecot imaps server on port 993
  • no pop3, no pop3s, no imap
  • vmail user with uid 5000 (may need to be created with useradd)
  • mail group with gid 8 (should be already created)
  • maildir at /mnt/Remote1/Other/maildir (chown -R vmail:mail)
  • mysql server on default port
  • smtp(s) and imaps servers all on the same server: interpause.com
  • PositiveSSL certificate for interpause.com in /etc/ssl/curr/ssl.crt
  • PositiveSSL key for interpause.com in /etc/ssl/curr/ssl.key
  • username includes domain ie. andrew.phan@interpause.com as opposed to just andrew.phan

The steps, from memory

Note 1: The following steps have been written from my memory, therefore some parts are vague, missing or wrong. The purpose of the following is for me to be able to easily recreate the server on a fresh install of Ubuntu. I regret if I cannot help you but you may always write me an email suggesting improvements or corrections that I may or may not add below.

Note 2: It is likely that some files or config settings are either extra, redundant or contradictory. The are several reasons for this. First, I tried many things to get the server working the way I wanted so it is likely that some useless stuff are left over from previous failed attempts. Second, I switched from Cyrus SASL to Dovecot SASL so, again, possible duplicates there as well.

Install the necessary packages

This list is most likely incomplete but should help get started.

sudo apt-get install dovecot-postfix postfix postfix-mysql dovecot-common dovecot-imapd php5-mysql

Prepare SSL certificate

  • Place bundled SSL certificates in PEM format in /etc/ssl/curr/ssl.crt/dovecot.pem and key in /etc/ssl/curr/ssl.key/dovecot.pem
  • bundled or chanined SSL certificates should follow the order specified by http://wiki.dovecot.org/SSL/DovecotConfiguration
  • FYI, the first time I installed the email server I only placed the interpause.com certificate as opposed to the BUNDLED certificate which is why I would get untrusted encryption errors.

Prepare database

  • Create a database user
  • Create the two databases listed above,
  • Check that the database user has sufficient privileges to modify the two databases.

Configure Postfix and Postfixadmin

  • You may or may not find the info at the following link helpful: http://postfixmail.com/blog/index.php/postfixadmin-on-ubuntu-9-10/
  • Use postfixadmin to populate the necessary tables in the postfix database
  • Edit postfix config files in /etc/postfix/. I have configured Postfix to access the Mysql server as well the dovecot sasl socket via the chroot private/auth file. Attached below are files that I have modified in some way.
  • FYI, the line in master.cf that says wrappermode=yes is to allow smtps connections over SSL instead of TLS (I didn't know this the first time I installed the email server).
  • In addition, create the following files for postfix to access the data in the database. NOTE: I am not sure if this is still necessary with Dovecot SASL which uses a file socket (?), but I know it was necessary with Cyrus SASL. So this might be one of the aforementioned relics from the previous setup. If any case, go to https://wiki.frugalware.org/index.php/Virtual_Users_and_Domains_with_Postfix_and_MySQL for more details on each. Note that the info at the link places all files in the /etc/postfix folder whereas I have placed 6 of mine in /etc/postfix/sql. It does not matter as long as it is properly specificed in main.cf. Note also that the user and password fields must be the user that has access to the postfix database.
    • /etc/postfix/mysql_virtual_mailbox_limit_maps.cf
    • /etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
    • /etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
    • /etc/postfix/sql/mysql_virtual_alias_domain_maps.cf
    • /etc/postfix/sql/mysql_virtual_alias_maps.cf
    • /etc/postfix/sql/mysql_virtual_domains_maps.cf
    • /etc/postfix/sql/mysql_virtual_mailbox_maps.cf

Configure dovecot