Setup mail server with Dovecot and Postfix
Dovecot is an open source IMAP and POP3 email server. Postfix is a fast and secure SMTP mail server. Both Dovecot and Postfix are widely used open source projects that can run on UNIX-like systems.
Install Dovecot and Postfix
apt-get install dovecot-imapd dovecot-pop3d
apt-get install postfix
Configure Dovecot
1.Create SSL certification
wget http://dovecot.org/doc/mkcert.sh
wget http://dovecot.org/doc/dovecot-openssl.cnf
Edit information in mkcert.sh and dovecot-openssl.cnf
sudo sh mkcert.sh
2.Create new mail user
Generate password for the user, supported password schema: PLAIN, CRYPT, SHA256-CRYPT, SHA512-CRYPT, MD5-CRYPT, PLAIN-MD5, etc.
doveadm pw -s CRYPT
Copy the password above and edit /etc/dovecot/users and add user line:
postmaster@mydomain.com:{CRYPT}password
3.Edit configuration
vi /etc/dovecot/dovecot.conf
mbox_write_locks = fcntl
protocols = imap
service imap-login {
inet_listener imap {
address = *
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
auth_mechanisms = plain login
ssl = yes
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem`
passdb {
driver = passwd-file
args = scheme=CRYPT username_format=%n /etc/dovecot/users
}
userdb {
driver = static
args = uid=mail gid=mail home=/var/mail/%d/%n
}
first_valid_uid = 0
disable_plaintext_auth = no
log_path = /var/log/dovecot.log
mail_location = maildir:~/Maildir
Configure Postfix
Edit /etc/postfix/master.cf and uncomment lines below:
smtp inet n - n - - smtpd
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
dovecot unix - n n - - pipe
flags=DRhu user=mail:mail argv=/usr/libexec/dovecot/deliver -d ${recipient}
Edit /etc/postfix/main.cf
#alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = all
local_destination_concurrency_limit = 5
local_destination_recipient_limit = 300
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydomain = mydomain.com
myhostname = mail.mydomain.com
#mynetworks = 127.0.0.0/8
mynetworks_style = host
mydestination = localhost, $myhostname
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
relay_domains =
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
#SSL
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/ssl/private/dovecot.pem
smtpd_tls_cert_file = /etc/ssl/certs/dovecot.pem
smtpd_tls_CAfile = /etc/ssl/certs/dovecot.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_auth_only = yes
virtual_mailbox_domains = $mydomain
virtual_mailbox_base = /var/mail
virtual_minimum_uid = 8
virtual_uid_maps = static:8
virtual_gid_maps = static:8
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_alias_maps = hash:/etc/postfix/virtual
Change the static id of 'virtual_uid_maps' and 'virtual_gid_maps' to uid and gid of mail.
id mail
Edit /etc/postfix/virtual
postmaster@mydomain.com postmaster
Edit /etc/postfix/vmailbox
postmaster@mydomain.com mydomain.com/postmaster/Maildir/
Update hash file
sudo postmap /etc/postfix/virtual
sudo postmap /etc/postfix/vmailbox
Restart services
sudo service dovecot restart
sudo service postfix restart
Add iptables rules
iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT
See Dovecot documentation and Postfix documentation for detailed configuration.