注意:

The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.

Mail Server

From Funtoo
Revision as of 00:57, December 14, 2016 by Shamus397 (talk | contribs) (I guess not... :-P)
Jump to navigation Jump to search

How to set up a simple, secure, lightweight email server using Postfix and Dovecot

Running one's own email server doesn't have to be mystical and impenetrable; using a simple MTA like Postfix along with an LDA like Dovecot makes the task relatively easy. Regrettably, good information on how to do this is hard to come by. What this guide will help you do is install a mail server which uses a database backend to manage domains and users, and features mail delivery via POP3 and/or IMAP.


Prerequisites

If you intend to run your own email server, you will need to have DNS with at least one MX record on a DNS server that can be seen by the Internet at large. Setting up such a thing is beyond the scope of this document.

Preparation

The following packages need to be installed first, before we can do anything: mail-mta/postfix, net-mail/dovecot, and dev-db/mariadb. Before we emerge these, however, we must ensure some USE flags are properly set first:

   /etc/portage/package.use/mail-server - USE flags
mail-mta/postfix dovecot-sasl pam ssl
net-mail/dovecot bzip2 maildir pam ssl zlib

With USE flags properly set, we can emerge our packages:

root # emerge -avq postfix mariadb

Setting the dovecot-sasl USE flag should pull in net-mail/dovecot. If it does not, emerge this way:

root # emerge -avq postfix dovecot mariadb

Configuration

Now we come to the meat of the project. First we will have to set up the mail user/domain database, then we will have to configure Postfix, then finally, configure Dovecot. At the end of this procedure, we should have a fully functioning mail server.

Setting up the Database

First step is to set up the database for the virtual domain/user tracking. We need to set up the database's root user and get the database up and running (be sure to replace <strong-password> with a real, strong password):

root # mysqladmin -u root password '<strong-password>'
root # rc-update add mysql default
root # rc

Next, we need to login to MySQL (you will have to enter the <strong-password> you set above):

root # mysql -p

Now, we create the database and its tables (again, replace <mailuserpass> with a real password):

mysql> CREATE DATABASE mailserver;
mysql> USE mailserver;
mysql> GRANT SELECT ON mailserver.* TO 'mailuser'@'127.0.0.1' IDENTIFIED BY '<mailuserpass>';
mysql> FLUSH PRIVILEGES;
mysql> CREATE TABLE virtual_domains (id INT(11) NOT NULL AUTO_INCREMENT,
root ##i##       name VARCHAR(50) NOT NULL, PRIMARY KEY (id)) ENGINE=InnoDB DEFAULT CHARSET=utf8;
mysql> CREATE TABLE virtual_users (id INT(11) NOT NULL AUTO_INCREMENT,
root ##i##       domain_id INT(11) NOT NULL, password VARCHAR(106) NOT NULL, email VARCHAR(100) NOT NULL,
root ##i##       PRIMARY KEY (id), UNIQUE KEY email (email), FOREIGN KEY (domain_id) REFERENCES virtual_domains(id)
root ##i##       ON DELETE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=utf8;
mysql> CREATE TABLE virtual_aliases (id INT(11) NOT NULL AUTO_INCREMENT,
root ##i##       domain_id INT(11) NOT NULL, source VARCHAR(100) NOT NULL, destination VARCHAR(100) NOT NULL,
root ##i##       PRIMARY KEY (id), FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE)
root ##i##       ENGINE=InnoDB DEFAULT CHARSET=utf8;

Now that we've created our database and tables, we need to put our domain into it. Replace <my.fqdn.com> with the FQDN of that will go to the right of the '@' sign in email addresses on your mail domain:

mysql> INSERT INTO virtual_domains VALUES (DEFAULT, '<my.fqdn.com>');
   Note

If you're planning on receiving mail for more than one domain, you can add them by reusing the previous query and changing <my.fqdn.com> to the other domain(s); you will have to enter one query for each extra domain.

Next, we need to populate that database with users (the part that goes on the left side of the '@' sign). Again, these need to be added one at a time. For each entry in the database, we will need a username and a password; since we want these passwords to be strong, we will use doveadm to generate them:

root # doveadm pw -s SHA512-CRYPT
Enter new password: 
Retype new password: 
{SHA512-CRYPT}$6$dMNWSDK.CYzDfADO$LLSqttmYD/3WDBIEwxLjzae1s0G.eQw6EU8U7cjysPDK/z3Pntz8gxabfrYmLzpdc.L3gMyxaoI4V9ci4zruM.

You will be prompted to enter the password twice before it gives back the hash. The part that comes after {SHA512-CRYPT} is the password that will need to go into the database (it will always start with $6$).

   Note

The password you will distribute to your users is the one you typed into doveadm; the hash that it outputs is what will go into the virtual_users table.

Replace <pw_hash> with the output of doveadm (starting with $6$), and <user@my.fqdn.com> with the email address for the user you're creating:

mysql> INSERT INTO virtual_users VALUES (DEFAULT, 1, '<pw_hash>', '<user@my.fqdn.com>');
   Note

The second field in the query above (the '1') is the ID of the entry in the virtual_domains table. If you're only using one domain, you don't have to worry about changing it; otherwise, you will have to change it to correspond to the domain for that user. You can find out what IDs they have with the following query:

mysql> SELECT * FROM virtual_domains;

Once you are done entering users you can leave MySQL:

mysql> quit


Configuring Postfix

Configuring Dovecot

Success!