Linux email service

Email Service

What you will need for emails to work

  • Need to have static IP address
  • Need to have domain with MX record (mail exchanger)
  • Need firewall access
  • Example of MX => "example.com 14400 IN MX example.com"
  • Other A records - subdomains too help autoconfiguration
example.com 14400 IN A 12.34.56.78

mail.example.com 14400 IN A 12.34.56.78a
smtp.example.com 14400 IN A 12.34.56.78
imap.example.com 14400 IN A 12.34.56.78

DNS Records: To help delivery:

  • TXT record - help Gmail delivery (SPF)
@ 14400 TXT example.com “v=spf1 ip4:12.13.56.78 ~all”
  • Reverse zone - check s that sending server is valid
56.34.12.in-addr.arpa IN SOA example.com

78 IN PTR example.com

Aside from DNS you will need:

  • Non-blacklisted IP, check with mxtolbox.com/blacklists.aspx
  • TLS certificate for your domain
  • Firewall open TCP ports 25, 587 (SMTP), 143 (IMAP), PORT 25 might be blocked by provider, possible to solve by contacting support

How email works

Software and protocols needed.

Postfix:

  • Mail submission, transport, delivery agent
  • SMTP: simple message transport protocol

Dovecot:

  • Access to message for message user agents
  • POP: Post office protocol
  • IMAP: internet message access protocol

Postfix

Postfix can works like:

  • Mail submission agent (MSA)
  • Mail transport agent (MTA)
  • Mail delivery agent (MDA)

Installing postfix "apt install postfix".

Configuring postfix "/etc/postfix/main.cf".

Configuring firewall "ufw allow 25/tcp".

Log files "/var/log/mail.log" and "/var/log/mail.err".

Securing SMTP

  • By default SMTP has no encryption
  • To secure SMTP, we can use Dovecot’s SASL authentication
  • Make changes in main.cf and master.cf to support this method

In "/etc/postfix/main.cf"

smtpd_tls_cert=path to cert
smtpd_tls_key=path to key
smtpd_use_tls=yes
smtpd_tls_auth_only=yes
smtpd_tls_security_level=may

In "/etc/postfix/master.cf"

submission inet n - - - - smtpd
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_sasl_type=dovecot
 -o smtpd_sasl_path=private/auth
 -o smtpd_tls_wrappermode=no
-o smtpd_tls_securre_level=encrypt
 -o smtpd_recipient_restrctions=permit_mynetworks,permit_sasl_authenticated,reject
-o syslog_name=postfix/submission
-o milter_macro_daemon_name=ORIGINATING

After changes to the configuration files the postfix must be restarted and firewall access must be provided:

sudo systemctl restart postfix
sudo uwf allow 587/tcp

Installing and configuring Dovecot for mail access

Providing Mailbox service:

  • Read mail locally Mutt and Pine
  • Remote access through POP or IMAP with Dovecot
  • Dovecot is modular

Installing Dovecot "apt install dovecot-core dovecot-imapd".

Configuration fileČ™ "/etc/dovecot" "/etc/dovecot/conf.d".

Modifying Dovecot settings.

In 10-mail.conf, we need to set "mail_location = maildir:~/path".

In 10-master.conf we need to uncomment "smtp_auth unix_listener block", and "user declaration".

In 10-ssl.conf we need to enable "ssl=yes, set key and cert path".

Restarting Dovecot "sudo systemctl restart dovecot".

Opening Dovecot port in firewall "sudo ufw allow 143/tcp".

Viewing and receiving email remotly

Configuring a Mail Client:

  • Mail user agent (MUA) provides access to mailbox
  • Configuration (used to be manual, now mostly automatic)
  • Some clients expect common subdomains for setup

Webmail

  • Roundcube: PHP email application
  • Requires a web server and database server
  • Roundcube is flexible and configurable
  • Installing Roundcube "sudo apt install roundcube"
  • Configs for Roundcube "/etc/apache2/conf-available/roundcube.conf"