User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
email:hosting [2025/03/02 19:39] – [Installation: postfixadmin web gui] willyemail:hosting [2025/03/03 06:57] (current) – removed willy
Line 1: Line 1:
-====== E-Mail server hosting ====== 
- 
-Everything in the following page is directly taken (and adjusted to my liking) from [[https://wiki.gentoo.org/wiki/Complete_Virtual_Mail_Server|The Gentoo Virtual Mail Server guide]] which is a deep and very detailed read on the topic. I will stray a little bit from that guide. 
- 
- 
-===== Architecture ===== 
- 
-I will show you how to install and interconnect: 
-  * [[https://www.postfix.org/|Postfix]], the MTA (Mail Transfer Agent) 
-  * [[https://www.dovecot.org/|Dovecot]], the IMAP server 
-  * NGINX + PHP-FPM for web access (admin console + webmail) 
-  * [[https://github.com/postfixadmin/postfixadmin|PostfixAdmin]], the email configuration WEB gui 
-  * Roundcube 
-  * OpenDKIM 
-  * OpenDMARC 
-  * Spamassassin 
- 
- 
-===== Installation: servers ===== 
- 
-Install Postfix and Dovecot 
- 
-USE flags: 
-<code bash> 
-echo "*/* maildir dovecot sasl" >> /etc/portage/package.use/mailserver 
-echo "net-mail/dovecot managesieve sqlite lz4" >> /etc/portage/package.use/mailserver 
-echo "mail-mta/postfix dovecot-sasl sqlite -sasl" >> /etc/portage/package.use/mailserver  
-echo "dev-lang/php imap" >> /etc/portage/package.use/mailserver  
-</code> 
- 
-Emerge the servers: 
-<code bash> 
-emerge -vp postfix dovecot 
-</code> 
- 
- 
-===== Installation: user, permissions & storage ===== 
- 
-Since different pieces of the email infrastructure will need to interoperate, it is a good idea to create a specific user to store all the emails on the filesystem. This user will own the email storage folders which i assume will be located under **/home/vmail**. I choose UID and GID 5000 since the ones <1000 are reserved for system users: 
- 
-<code bash> 
-groupadd -g 5000 vmail 
-useradd -m -d /home/vmail -s /bin/false -u 5000 -g vmail vmail 
-chmod 2770 /home/vmail/ 
-</code> 
- 
-The resulting permissions should look like: 
-<code bash> 
-ls -ld /home/vmail 
-drwxrws--- 3 vmail vmail 4096 Aug 2 07:24 /home/vmail 
-</code> 
- 
-FIX QUI I PERMESSI DEL DB 
- 
-Now create the database: 
-<code bash> 
-su - vmail 
-mkdir db 
-sqlite3 db/vmail.sqlite3 
-sqlite> .databases 
-main: /home/vmail/db/vmail.sqlite3 r/w 
-sqlite> .tables 
-sqlite> .exit 
-</code> 
- 
- 
-===== Installation: postfixadmin web gui ===== 
- 
-postfixadmin and roundcube will be installed manually and not via Gentoo portage, to avoid upgrade issues. 
- 
-Download latest release of **postfixadmin** from [[https://github.com/postfixadmin/postfixadmin/releases|here]] and decompress in a folder accessible to the **web** user, since i use the **web** user to run all PHP based software on the external webserver: 
-<code bash> 
-su # do this as root! You don't need to make postfixadmin writable by the web user 
-cd /home/web 
-mkdir postfixadmin 
-cd postfixadmin 
-wget https://github.com/postfixadmin/postfixadmin/archive/refs/tags/postfixadmin-3.3.15.tar.gz 
-tar xvf postfixadmin-3.3.15.tar.gz 
-mv postfixadmin-postfixadmin-3.3.15 postfixadmin 
-#The following folder must be writeable by web user: 
-mkdir -p postfixadmin/templates_c 
-chown -R web postfixadmin/templates_c 
-</code> 
- 
-Now, configure it by creating a file called **postfixadmin/config.local.php** with the following content (see postfixadmin/config.inc.php for all available stuff to configure): 
-<file - config.local.php> 
-<?php 
-$CONF['database_type'] = 'sqlite'; 
-$CONF['database_name'] = '/home/vmail/db/vmail.sqlite3'; 
-$CONF['encrypt'] = 'dovecot:SHA512'; 
-$CONF['postfix_admin_url'] = 'https://mail.mydomain.com'; 
-$CONF['admin_email'] = 'postmaster@mydomain.com'; 
-$CONF['default_aliases'] = array ( 
-    'abuse' => 'abuse@mydomain.com', 
-    'hostmaster' => 'hostmaster@mydomain.com', 
-    'postmaster' => 'postmaster@mydomain.com', 
-    'webmaster' => 'webmaster@mydomain.com' 
-); 
-$CONF['transport'] = 'YES'; 
-$CONF['configured'] = true; 
-/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */ 
-</file> 
- 
-Now setup NGINX to point to it. You need of course to setup a certbot certificate, then (see [[selfhost:nginx|this page]]) configure your NGINX to use PHP-FPM. See the following **postfixadmin.conf** file as reference: 
-<file postfixadmin.conf> 
-server { 
-        server_name mail.mydomain.com; 
-        listen 443 ssl; 
- 
-        access_log /var/log/nginx/mail.mydomain.com_access_log main; 
-        error_log /var/log/nginx/mail.mydomain.com_error_log info; 
-         
-        index index.php; 
-         
-        root /home/web/postfixadmin/postfixadmin/public;      
-  
-# Uncomment the following lines only AFTER setup is complete!          
-#        location ~ /(setup.php) { 
-#                deny all; 
-#                alias /home/web/postfixadmin/postfixadmin/public; 
-#        } 
-       
-        location ~ /.*\.php$ { 
-                try_files $uri =404; 
-                fastcgi_split_path_info ^(.+\.php)(/.+)$; 
-                include fastcgi_params; 
-                fastcgi_param SCRIPT_FILENAME $request_filename; 
-                fastcgi_pass 127.0.0.1:9000; 
-        } 
-} 
-</file> 
- 
-restart NGINX and go to the URL **https://mail.mydomain.com/setup.php** and follow the on-screen instructions to create a password hash that you need to add to the above config.local.php file, then reload the page itself. 
- 
-Also don't forget to create a superadmin-account. I suggest you call it **user@mydomain.com** and set a password you will not forget. 
- 
-Go back, uncomment the lines in the NGINX config file to disable the setup.php, and restart NGINX. 
- 
-__note:__ when adding new domains, choose "virtual" as transport, and 0 as password expiry. 
- 
-At this point, you can already create all the mail domains and user accounts you want. 
- 
- 
-===== Configuration: postfix ===== 
- 
-Link to SQL. 
- 
-File: **/etc/postfix/sql/virtual_mailbox_domains.cf**: 
-<file - virtual_mailbox_domains.cf> 
-dbpath = /home/vmail/db/vmail.sqlite3 
-query  = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = '0' AND active = '1'; 
-</file> 
- 
-File: **/etc/postfix/sql/virtual_mailbox_maps.cf**: 
-<file - virtual_mailbox_maps.cf> 
-dbpath = /home/vmail/db/vmail.sqlite3 
-query  = SELECT maildir FROM mailbox WHERE local_part='%u' AND domain='%d' AND active='1'; 
-</file> 
- 
-File: **/etc/postfix/sql/virtual_alias_maps.cf**: 
-<file - virtual_alias_maps.cf> 
-dbpath = /home/vmail/db/vmail.sqlite3 
-query  = SELECT goto FROM alias WHERE address='%s' AND active='1'; 
-</file> 
- 
-Now, link it all in **/etc/postfix/main.cf**: 
-<code> 
-# A list of all virtual domains serviced by this instance of postfix. 
-virtual_mailbox_domains = sqlite:/etc/postfix/sql/virtual_mailbox_domains.cf 
-# Look up the mailbox location based on the email address received. 
-virtual_mailbox_maps = sqlite:/etc/postfix/sql/virtual_mailbox_maps.cf 
-# Any aliases that are supported by this system 
-virtual_alias_maps = sqlite:/etc/postfix/sql/virtual_alias_maps.cf 
-</code> 
- 
-===== Installation: DKIM, SPF and DKIM ===== 
- 
-This step is **mandatory** and critical for proper email delivery. 
- 
- 
-===== Installation: Antispam ===== 
- 
-Install spamassassin & amavisd-new 
- 
- 
-FILE /etc/postfix/main.cf Binding UID and GID's to postfix 
-<code> 
-# Link the mailbox uid and gid to postfix. 
-virtual_uid_maps = static:5000 
-virtual_gid_maps = static:5000 
-  
-# Set the base address for all virtual mailboxes 
-virtual_mailbox_base = /var/vmail 
-</code>