Email me maybeHere is the full command history, plus a few, that I used to create the email server live in front of a real live audience. Feel free to use it to create an email server yourself, but please notice the following caveats:
If you're in for a quick solution there are already a ton
of them online, namely Mail-in-a-Box
that have a lot more bells and whistles, including webmail
and advanced spam and virus protection through So although this makes up for a pretty sturdy single usage email server, use this script to learn, not necessarily to deploy a production grade service. |
#!/bin/bash
whoami
| |
Configuring postfixInstall |
apt install postfix
| |
Install |
apt install mailutils mutt
| |
Install |
apt install dovecot-common dovecot-imapd dovecot-pop3d
| |
Tell |
postconf -e "mydomain = sneakermail.net"
| |
Tell |
postconf -e 'home_mailbox = Maildir/'
| |
Install LetsEncrypt to provide us with certificates so that we can make communications coming in the server secure. This will make people that connect to the server to deliver us email more at ease by knowing that they're connecting to the right place, and make us less prone to hacking attempts. Notice that we're passing the hostname (the name of the computer where our server is running) and not our email domain here. This is important. |
apt install certbot
certbot certonly --standalone -d mx.sneakermail.net
| |
Tell |
postconf -e "smtpd_tls_cert_file = /etc/letsencrypt/live/mx.sneakermail.net/fullchain.pem"
postconf -e "smtpd_tls_key_file = /etc/letsencrypt/live/mx.sneakermail.net/privkey.pem"
| |
Tell |
postconf -e 'smtp_tls_security_level = may'
postconf -e 'smtpd_tls_security_level = may'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
| |
Tell Don't leave your server out in the open! It will make big providers like GMail block you, making you unable to send them any email, and might even leave you liable to prosecution. |
postconf -e 'smtpd_sasl_type = dovecot'
postconf -e 'smtpd_sasl_path = private/auth'
postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_recipient_restrictions =permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
| |
Tell |
postconf -e 'virtual_alias_domains = $mydomain'
postconf -e 'virtual_alias_maps = hash:/etc/postfix/virtual'
| |
Edit the file where the virtual aliases will be stored. The
following command just replaces the contents of the file
|
cat << EOF > /etc/postfix/virtual
postmaster@sneakermail.net root
root@sneakermail.net root
info@sneakermail.net pedro
EOF
| |
After updating the virtual alias file you must run postmap
on it, as |
postmap /etc/postfix/virtual
| |
Finally restart |
systemctl restart postfix
| |
Creating mail boxesCreate a mailbox structure for users that will be created in the future. This will create a Drafts, Sent, Trash and templates folder in every mail box in users created from here on. If you already have users this won't apply to them. |
maildirmake.dovecot /etc/skel/Maildir
maildirmake.dovecot /etc/skel/Maildir/.Drafts
maildirmake.dovecot /etc/skel/Maildir/.Sent
maildirmake.dovecot /etc/skel/Maildir/.Trash
maildirmake.dovecot /etc/skel/Maildir/.Templates
echo 'export MAIL=~/Maildir' | sudo tee -a /etc/bash.bashrc | sudo tee -a /etc/profile.d/mail.sh
| |
Create a user to receive our mail and their respective mail box. |
useradd -m -s /bin/bash pedro
cp -r /etc/skel/Maildir /home/pedro/
chown -R pedro:pedro /home/pedro/Maildir
chmod -R 700 /home/pedro/Maildir
adduser pedro mail
| |
Set a password for the user we created. Remember this password, it will be the one you'll use when configuring your phone to receive email, for example. |
passwd pedro
| |
Configuring dovecot |
| |
Tell |
vim /etc/dovecot/conf.d/10-auth.conf
#/ Find and change the following lines:
#/
#/ disable_plaintext_auth = yes
#/ auth_mechanisms = plain login
| |
Tell dovecot where messages are stored. If you changed this in postfix you'll also have to change it here. If you forget you'll still receive and send email in the server without problems, but won't be able to access it from the outside in your phone or computer via IMAP4 because dovecot will be looking for it in the wrong place. |
vim /etc/dovecot/conf.d/10-mail.conf
#/ Find and change the following lines:
#/
#/ mail_location = maildir:~/Maildir
| |
Tell dovecot which services we need, which will only be IMAP4
for us to access our messages without having to SSH into the
server, and auth to help |
vim /etc/dovecot/conf.d/10-master.conf
#/ Find and change the following lines:
#/
#/ service imap-login {
#/ inet_listener imap {
#/ port = 143
#/ }
#/ }
#/
#/ service auth {
#/ unix_listener /var/spool/postfix/private/auth {
#/ mode = 0660
#/ user = postfix
#/ group = postfix
#/ }
#/ }
| |
Enable TLS, tell where certificates are and tell which protocols to avoid due to them being insecure. Again, more of a technicality but it makes you more secure. |
vim /etc/dovecot/conf.d/10-ssl.conf
#/ Find and change the following lines:
#/ ssl = required
#/
#/ ssl_cert = </etc/letsencrypt/live/mx.sneakermail.net/fullchain.pem
#/ ssl_key = </etc/letsencrypt/live/mx.sneakermail.net/privkey.pem
#/
#/ ssl_protocols = !SSLv2 !SSLv3
| |
Restart dovecot and everything's in place. |
dovecot -n
systemctl restart dovecot
| |
Configure OpenDKIM |
| |
Install OpenDKIM |
apt install opendkim opendkim-tools
| |
Generate your private and public key. Keep your private key safe! |
mkdir -p /etc/opendkim
cd /etc/opendkim
opendkim-genkey -b 2048 -d sneakermail.net -s sneakermail.net.dkim
| |
Configure |
cat << EOF > /etc/opendkim.conf
Syslog yes
Selector mail
Mode sv
SubDomains yes
AutoRestart yes
Background yes
Canonicalization relaxed/relaxed
DNSTimeout 5
SignatureAlgorithm rsa-sha256
X-Header yes
Logwhy yes
InternalHosts /etc/opendkim/internalhosts
KeyTable /etc/opendkim/keytable
SigningTable refile:/etc/opendkim/signtable
OversignHeaders From
EOF
| |
Tell |
cat << EOF > /etc/opendkim/keytable
mail._domainkey.sneakermail.net sneakermail.net:mail:/etc/opendkim/sneakermail.net.dkim.private
EOF
| |
Tell |
cat << EOF > /etc/opendkim/signtable
*@sneakermail.net mail._domainkey.sneakermail.net
EOF
| |
Tell |
cat << EOF > /etc/opendkim/internalhosts
sneakermail.net
mx.sneakermail.net
127.0.0.1/8
EOF
| |
Make |
cat <<EOF >> /etc/default/opendkim
SOCKET="inet:8891@localhost"
EOF
| |
Set the correct permissions on OpenDKIM files |
chown opendkim:opendkim /etc/opendkim -R
| |
Tell |
postconf -e 'smtpd_milters = inet:localhost:8891'
postconf -e 'non_smtpd_milters = inet:localhost:8891'
postconf -e 'milter_default_action = accept'
postconf -e 'milter_protocol = 2'
| |
Check the file that |
cat /etc/opendkim/sneakermail.net.dikm.txt
| |
Everything's ready, restart everything. |
systemctl restart opendkim
systemctl restart postfix
| |
Bonus roundSome extra stuff that makes your setup slightly better. |
| |
Tell |
postconf -e 'smtpd_helo_required = yes'
postconf -e 'smtpd_helo_restrictions = reject_non_fqdn_helo_hostname,reject_invalid_helo_hostname,reject_unknown_helo_hostname'
| |
Tell |
postconf -e 'disable_vrfy_command = yes'
| |
Give |
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,\
permit_mynetworks,reject_unauth_destination,reject_invalid_hostname,\
reject_non_fqdn_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,\
reject_unknown_sender_domain,reject_rbl_client sbl.spamhaus.org,reject_rbl_client cbl.abuseat.org'
| |
Tell |
postconf -e 'smtpd_delay_reject = yes'
| |
Configuring muttMutt is a great client that you can use in the terminal if you choose to connect to your server via SSH. You may also use it on your local terminal if you wish, but that's up to you. When using it remotely via SSH, mutt doesn't need |
cat <<EOF > ~/.muttrc
set mbox_type=Maildir
set folder="~/Maildir"
set mask="!^\\.[^.]"
set mbox="~/Maildir"
set record="+.Sent"
set postponed="+.Drafts"
set spoolfile="~/Maildir"
EOF
| |
Now if you want to check your mail upon login you just have to write
|
mutt
| |
FinallyRemmeber to:
|
|
|