Linux email service
Email Service
What you will need for emails to work
- Need to have static IP address
- Need to have domain with MX record (mail exchanger)
- Need firewall access
- Example of MX => "example.com 14400 IN MX example.com"
- Other A records - subdomains too help autoconfiguration
example.com 14400 IN A 12.34.56.78
mail.example.com 14400 IN A 12.34.56.78a
smtp.example.com 14400 IN A 12.34.56.78
imap.example.com 14400 IN A 12.34.56.78
DNS Records: To help delivery:
- TXT record - help Gmail delivery (SPF)
@ 14400 TXT example.com “v=spf1 ip4:12.13.56.78 ~all”
- Reverse zone - check s that sending server is valid
56.34.12.in-addr.arpa IN SOA example.com
78 IN PTR example.com
Aside from DNS you will need:
- Non-blacklisted IP, check with mxtolbox.com/blacklists.aspx
- TLS certificate for your domain
- Firewall open TCP ports 25, 587 (SMTP), 143 (IMAP), PORT 25 might be blocked by provider, possible to solve by contacting support
How email works
Software and protocols needed.
Postfix:
- Mail submission, transport, delivery agent
- SMTP: simple message transport protocol
Dovecot:
- Access to message for message user agents
- POP: Post office protocol
- IMAP: internet message access protocol
Postfix
Postfix can works like:
- Mail submission agent (MSA)
- Mail transport agent (MTA)
- Mail delivery agent (MDA)
Installing postfix "apt install postfix".
Configuring postfix "/etc/postfix/main.cf".
Configuring firewall "ufw allow 25/tcp".
Log files "/var/log/mail.log" and "/var/log/mail.err".
Securing SMTP
- By default SMTP has no encryption
- To secure SMTP, we can use Dovecot’s SASL authentication
- Make changes in main.cf and master.cf to support this method
In "/etc/postfix/main.cf"
smtpd_tls_cert=path to cert
smtpd_tls_key=path to key
smtpd_use_tls=yes
smtpd_tls_auth_only=yes
smtpd_tls_security_level=may
In "/etc/postfix/master.cf"
submission inet n - - - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_tls_wrappermode=no
-o smtpd_tls_securre_level=encrypt
-o smtpd_recipient_restrctions=permit_mynetworks,permit_sasl_authenticated,reject
-o syslog_name=postfix/submission
-o milter_macro_daemon_name=ORIGINATING
After changes to the configuration files the postfix must be restarted and firewall access must be provided:
sudo systemctl restart postfix
sudo uwf allow 587/tcp
Installing and configuring Dovecot for mail access
Providing Mailbox service:
- Read mail locally Mutt and Pine
- Remote access through POP or IMAP with Dovecot
- Dovecot is modular
Installing Dovecot "apt install dovecot-core dovecot-imapd".
Configuration fileČ™ "/etc/dovecot" "/etc/dovecot/conf.d".
Modifying Dovecot settings.
In 10-mail.conf, we need to set "mail_location = maildir:~/path".
In 10-master.conf we need to uncomment "smtp_auth unix_listener block", and "user declaration".
In 10-ssl.conf we need to enable "ssl=yes, set key and cert path".
Restarting Dovecot "sudo systemctl restart dovecot".
Opening Dovecot port in firewall "sudo ufw allow 143/tcp".
Viewing and receiving email remotly
Configuring a Mail Client:
- Mail user agent (MUA) provides access to mailbox
- Configuration (used to be manual, now mostly automatic)
- Some clients expect common subdomains for setup
Webmail
- Roundcube: PHP email application
- Requires a web server and database server
- Roundcube is flexible and configurable
- Installing Roundcube "sudo apt install roundcube"
- Configs for Roundcube "/etc/apache2/conf-available/roundcube.conf"