2,306
edits
Changes
Jump to navigation
Jump to search
mLine 1:
Line 1: − + − + − * Web server (Apache) − * Database server (MySQL) − * Email server (MTA) (Exim4) − * IMAP server (Dovecot) − * Webmail server (Roundcube) − == Install ==+ − * apt-get install apache2-mpm-prefork+ − ** (Some of these email servers require PHP; PHP is crappy and requires mpm-prefork (the ‘slow’ version of Apache)) + − + − + − − ** (should auto-install something like: mysql-server-5.5 + mysql-server-core-5.5) − − * apt-get install exim4-base − * apt-get install exim4-config − * apt-get install exim4-daemon-heavy − ** (there’s an “exim4-mysql” that might be sufficient to replace this, but I gave up: there are way too many exim4 packages, and no help for installing the “correct” set, so … just pick this and get the lot!) − * apt-get install dovecot-core − * apt-get install dovecot-imapd − * apt-get install dovecot-mysql − * apt-get install roundcube − * apt-get install roundcube-core − * apt-get install roundcube-mysql − * apt-get install roundcube-plugins − + − === DNS === − You should know about this already: you need an “MX” record on your DNS server, and it needs to point to your main server where you’ll run your email, web, etc. − @Goddady:+ − Removed:+ + + + + + + + + + + + + + + + + − + − Host: @; Apunta a: $ELASTIC_IP; TTL:1h+ + + + + + + + + + + + + + + + + + + + + + + + − CNAME<br /> − Host: webmail; Apunta a: @; TTL:1h − + − host: @; Apunta a: webmail.herrerosolis.com; Prioridad: 10; TTL: 1h<br /> − + − /etc/apache2/sites-available/webmail.conf+ − <nowiki><VirtualHost *:80>+ − ServerAdmin rafael@herrerosolis.com+ − Redirect permanent / https://webmail.herrerosolis.com/+ − # DocumentRoot /var/www/rafael+ − ServerName webmail.herrerosolis.com+ − ServerAlias webmail.herrerosolis.com+ − ErrorLog /var/log/apache2/webmail/error.log+ + + − # Posible values include: debug, info, notice, warn, error, crit.+ − # alert, emerg.+ + + + + + + + + + + − CustomLog /var/log/apache2/webmail/access.log combined+ − </virtualHost>+ + + + + + + + + + − <VirtualHost *:443>+ − ServerAdmin rafael@herrerosolis.com − DocumentRoot /var/lib/roundcube − ServerName webmail.herrerosolis.com − ServerAlias webmail.herrerosolis.com − ErrorLog /var/log/apache2/webmail/error.log+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + − # Posible values include: debug, info, notice, warn, error, crit.+ − # alert, emerg. − CustomLog /var/log/apache2/webmail/access.log combined − SSLEngine on − SSLCertificateFile /etc/ssl/certs/herrerosolis.crt − SSLCertificateKeyFile /etc/ssl/private/herrerosolis.key − </virtualHost> − </nowiki> − − Line 82:
Line 136: − #<Directory "/usr/share/tinymce/www/">+ − # Options Indexes MultiViews FollowSymLinks+ − # AllowOverride None+ − # Order allow,deny+ − # allow from all+ − #</Directory>+ − + − + − mysql -u root -p+ − + − + − + − USE email_accounts;+ − + − <nowiki>CREATE TABLE mailboxes (+ + Line 107:
Line 162: + − id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,+ − domain_id INT(10) NOT NULL,+ − local_part VARCHAR(250) NOT NULL,+ − goto VARCHAR(250) NOT NULL,+ − description VARCHAR(250) NULL,+ − active TINYINT(1) NOT NULL DEFAULT 0,+ − created TIMESTAMP NOT NULL DEFAULT NOW(),+ − modified TIMESTAMP NULL+ + − id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,+ − mailbox_id INT(10) NOT NULL,+ − subject VARCHAR(250) NOT NULL,+ − body TEXT NOT NULL,+ − description VARCHAR(250) NULL,+ − active TINYINT(1) NOT NULL DEFAULT 0,+ − created TIMESTAMP NOT NULL DEFAULT NOW(),+ − modified TIMESTAMP NULL+ − id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,+ − fqdn VARCHAR(250) NOT NULL,+ − type ENUM('local','relay') NOT NULL DEFAULT 'local',+ − description VARCHAR(250) NULL,+ − active TINYINT(1) NOT NULL DEFAULT 0,+ − created TIMESTAMP NOT NULL DEFAULT NOW(),+ − modified TIMESTAMP NULL+ − + + − + − + − <nowiki>INSERT INTO domains VALUES(NULL,'herrerosolis.com','local','My personal domain',1,NOW(),NOW());</nowiki>+ + + + − + − <nowiki>INSERT INTO mailboxes VALUES(NULL,1,'joe',MD5('password - choose a good one'),'My account for joe@herrerosolis.com',1,NOW(),NOW());</nowiki>+ + + + − + − <nowiki>insert into aliases values (null, 1, 'rafa', 'rafael@herrerosolis.com', 'Redirect to me', 1, NOW(), NOW() );</nowiki>+ + + + − + − <nowiki>grant ALL on email_accounts.* to 'email'@'localhost' identified by 'password';+ + − + + + − + − + + Line 162:
Line 233: − + − + − <nowiki># /etc/exim4/update-exim4.conf.conf − + − Line 194:
Line 263: − + + − + − + − <nowiki># List of domains considered local for exim. Domains not listed here+ + Line 211:
Line 282: − + + + − + − + − + − <nowiki>dovecot_user: Line 224:
Line 296: − + + + + − + − + − <nowiki>### router/401_exim4-config_mysql_aliases Line 240:
Line 314: − + Line 248:
Line 322: − </nowiki> − ==== Transports ====+ − CREATE / OVERWRITE the file /etc/exim4/conf.d/transport/30_exim4-config_dovecot+ − <nowiki>### transport/30_exim4-config_dovecot+ + + − − # Line 273:
Line 346: − + + − + − + − + − <nowiki>### AUTHENTICATIOR SECTION Line 304:
Line 377: − + + − + + Line 314:
Line 389: − + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 321:
Line 435: − + − <nowiki>protocols = imap+ − + + + Line 331:
Line 447: − + − <nowiki>driver = mysql+ − + + − + − + − + + + + − <nowiki>ssl = required + − # Preferred permissions: root:root 0444+ − ssl_cert = </etc/ssl/certs/dovecot.pem+ − # Preferred permissions: root:root 0400+ − ssl_key = </etc/ssl/private/dovecot.pem</nowiki> − + − + Line 359:
Line 478: − + − + − 'ssl' => array(+ − 'verify_peer' => false,+ − 'verify_peer_name' => false,+ − 'allow_self_signed' => true,+ − ),+ − );+ − + + + + + − ==== Enable Password Plugin ==== − * TODO: SQL / password plugin options + + + + + + + − + − <nowiki>/etc/init.d/apache2 restart − /etc/init.d/exim4 restart − /etc/init.d/dovecot restart</nowiki> − Exim may output a “paniclog”. If so, read it, fix it – and then manually delete the paniclog file, or else you’ll keep getting fake warnings every time you restart exim.+ + + + + + + + + + + + + + + + + + + + − + + − + − + Line 402:
Line 547: − + − + + Line 422:
Line 568: − + Line 432:
Line 578: + + + + + + − + − + − + Line 449:
Line 601: − + Line 457:
Line 609: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
→Create email account
= Whispers Mail Server =
=Whispers Mail Server=
== Stack ==
==Stack==
*Web server (Apache)
*Database server (MySQL)
*Email server (MTA) (Exim4)
* apt-get install mysql-client
*IMAP server (Dovecot)
** (should auto-install something like: mysql-common + mysql-client-5.5)
*Webmail server (Roundcube)
* apt-get install mysql-server
* apt-get install exim4
== Setup ==
==Install==
*apt-get install apache2-mpm-prefork
**(Some of these email servers require PHP; PHP is crappy and requires mpm-prefork (the ‘slow’ version of Apache))
*apt-get install mysql-client
**(should auto-install something like: mysql-common + mysql-client-5.5)
*apt-get install mysql-server
**(should auto-install something like: mysql-server-5.5 + mysql-server-core-5.5)
*apt-get install exim4
*apt-get install exim4-base
*apt-get install exim4-config
*apt-get install exim4-daemon-heavy
**(there’s an “exim4-mysql” that might be sufficient to replace this, but I gave up: there are way too many exim4 packages, and no help for installing the “correct” set, so … just pick this and get the lot!)
*apt-get install dovecot-core
*apt-get install dovecot-imapd
*apt-get install dovecot-mysql
*apt-get install roundcube
*apt-get install roundcube-core
*apt-get install roundcube-mysql
*apt-get install roundcube-plugins
A <br />
==Setup==
====DNS====
{| class="wikitable"
|+DNS Registries required by Mail Server
!Type
!Host
!Points to
!TTL
|-
|A
|@
|54.154.227.190
|1h
|-
|CNAME
|webmail
|@
|1h
|-
|MX
|@
|webmail.herrerosolis.com
|1h
|}
You need an “MX” record on your DNS server, and it needs to point to your main server where you’ll run your email, web, etc.
MX<br />
'''Remove''' MX registries from godaddy email forwarder:<br />MX: <br />Host: @; Apunta a:smtp.secureserver.net; Prioridad:30; TTL:1h<br />Host: @; Apunta a:mailstore1.secureserver.net; Prioridad:50; TTL:1h
=== Apache ===
=====SPF=====
{| class="wikitable"
|+DNS SPF Registry
!Type
!Host
!TXT Value
|-
|TXT
|@
|v=spf1 mx ip4:54.154.227.190 ~all
|}
=====DMARC=====
{| class="wikitable"
|+DNS DMARC Registry
!Type
!Host
!TXT Value
|-
|TXT
|_dmarc
|v=DMARC1; p=none Verification details: mail-tester.com; dmarc=none header.from=herrerosolis.com From Domain: herrerosolis.com DKIM Domain:MIIBIjANBg[...]qCwPwIDAQAB
|}
<br />
=====DKIM=====
{| class="wikitable"
|+DNS DKIM Registry
!Type
!Host
!TXT Value
|-
|TXT
|webmail._domainkey
|v=DKIM1; k=rsa; p=MIIBIjAN[...]IDAQAB
|}
*Note: DKIM Host must be {selector}._domainkey where {selector} = DKIM_SELECTOR variable from /etc/exim4/conf.d/main/000_localmacros
===Apache===
/etc/apache2/sites-available/webmail.conf
<nowiki><VirtualHost *:80>
ServerAdmin rafael@herrerosolis.com
Redirect permanent / https://webmail.herrerosolis.com/
# DocumentRoot /var/www/rafael
ServerName webmail.herrerosolis.com
ServerAlias webmail.herrerosolis.com
ErrorLog /var/log/apache2/webmail/error.log
# Posible values include: debug, info, notice, warn, error, crit.
# alert, emerg.
CustomLog /var/log/apache2/webmail/access.log combined
</virtualHost>
<VirtualHost *:443>
ServerAdmin rafael@herrerosolis.com
DocumentRoot /var/lib/roundcube
ServerName webmail.herrerosolis.com
ServerAlias webmail.herrerosolis.com
ErrorLog /var/log/apache2/webmail/error.log
# Posible values include: debug, info, notice, warn, error, crit.
# alert, emerg.
CustomLog /var/log/apache2/webmail/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/herrerosolis.crt
SSLCertificateKeyFile /etc/ssl/private/herrerosolis.key
</virtualHost>
</nowiki>
====OPTIONAL: Remove TinyMCE====
=== OPTIONAL: Remove TinyMCE ===
TinyMCE is a WYSIWYG text-editor for HTML emails. I hate it. It had a long history of being insecure, buggy, slow, and hard to use. So I disable it:
TinyMCE is a WYSIWYG text-editor for HTML emails. I hate it. It had a long history of being insecure, buggy, slow, and hard to use. So I disable it:
<nowiki>Comment out these lines:
<nowiki>Comment out these lines:
#<Directory "/usr/share/tinymce/www/">
# Options Indexes MultiViews FollowSymLinks
# AllowOverride None
# Order allow,deny
# allow from all
#</Directory>
</nowiki>
</nowiki>
=== Create Databases ===
===Create Databases===
<syntaxhighlight lang="bash">
mysql -u root -p
CREATE DATABASE email_accounts;
</syntaxhighlight>
<syntaxhighlight lang="mysql">
CREATE DATABASE email_accounts;
USE email_accounts;
CREATE TABLE mailboxes (
id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
domain_id INT(10) NOT NULL,
domain_id INT(10) NOT NULL,
modified TIMESTAMP NULL
modified TIMESTAMP NULL
);
);
CREATE TABLE aliases (
CREATE TABLE aliases (
id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
domain_id INT(10) NOT NULL,
local_part VARCHAR(250) NOT NULL,
goto VARCHAR(250) NOT NULL,
description VARCHAR(250) NULL,
active TINYINT(1) NOT NULL DEFAULT 0,
created TIMESTAMP NOT NULL DEFAULT NOW(),
modified TIMESTAMP NULL
);
);
CREATE TABLE vacations (
CREATE TABLE vacations (
id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
mailbox_id INT(10) NOT NULL,
subject VARCHAR(250) NOT NULL,
body TEXT NOT NULL,
description VARCHAR(250) NULL,
active TINYINT(1) NOT NULL DEFAULT 0,
created TIMESTAMP NOT NULL DEFAULT NOW(),
modified TIMESTAMP NULL
);
);
CREATE TABLE domains (
CREATE TABLE domains (
id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
fqdn VARCHAR(250) NOT NULL,
type ENUM('local','relay') NOT NULL DEFAULT 'local',
description VARCHAR(250) NULL,
active TINYINT(1) NOT NULL DEFAULT 0,
created TIMESTAMP NOT NULL DEFAULT NOW(),
modified TIMESTAMP NULL
);
);
</nowiki>
</syntaxhighlight>
=== Create your first email account and domain ===
===Create your first email account and domain===
==== Domain ====
====Domain====
<syntaxhighlight lang="mysql">
INSERT INTO domains VALUES(NULL,'herrerosolis.com','local','My personal domain',1,NOW(),NOW());
</syntaxhighlight>
==== User ====
====User====
<syntaxhighlight lang="mysql">
INSERT INTO mailboxes VALUES(NULL,1,'joe',MD5('password - choose a good one'),'My account for joe@herrerosolis.com',1,NOW(),NOW());
</syntaxhighlight>
==== Alias ====
====Alias====
<syntaxhighlight lang="mysql">
insert into aliases values (null, 1, 'rafa', 'rafael@herrerosolis.com', 'Redirect to me', 1, NOW(), NOW() );
</syntaxhighlight>
=== Create a database-account to access the database ===
===Create a database-account to access the database===
<syntaxhighlight lang="mysql">
grant ALL on email_accounts.* to 'cartero'@'localhost' identified by 'password';
flush privileges;
flush privileges;
</nowiki>
</syntaxhighlight>
http://bradthemad.org/tech/notes/exim_cheatsheet.php
http://bradthemad.org/tech/notes/exim_cheatsheet.php
=== Exim Configuration ===
===Exim Configuration===
* TODO: review daemon ports @/etc/exim4/conf.d/main/9_exim4-config_daemon
*TODO: review daemon ports @/etc/exim4/conf.d/main/9_exim4-config_daemon
Creates the file: /etc/exim4/update-exim4.conf.conf<br />
Creates the file: /etc/exim4/update-exim4.conf.conf<br />
Should look like:
Should look like:<syntaxhighlight lang="text">
# /etc/exim4/update-exim4.conf.conf
#
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# Edit this file and /etc/mailname by hand and execute update-exim4.conf # yourself or use 'dpkg-reconfigure exim4-config'
# yourself or use 'dpkg-reconfigure exim4-config'
#
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# Please note that this is _not_ a dpkg-conffile and that automatic changes
dc_hide_mailname=''
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_mailname_in_oh='true'
dc_localdelivery='maildir_home'</nowiki>
dc_localdelivery='maildir_home'
</syntaxhighlight>
==== Macros ====
====Macros====
ADD the following to /etc/exim4/conf.d/main/000_localmacros
ADD the following to /etc/exim4/conf.d/main/000_localmacros
<nowiki>MAIN_LOCAL_DOMAINS = @:localhost:dsearch;/etc/exim4/virtual:${lookup mysql{SELECT fqdn AS domain FROM domains WHERE fqdn='${quote_mysql:$domain}' AND type='local' AND active=1}}</nowiki>
<nowiki>MAIN_LOCAL_DOMAINS = @:localhost:dsearch;/etc/exim4/virtual:${lookup mysql{SELECT fqdn AS domain FROM domains WHERE fqdn='${quote_mysql:$domain}' AND type='local' AND active=1}}</nowiki>
ADD the following to /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
ADD the following to /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs<syntaxhighlight lang="text">
# List of domains considered local for exim. Domains not listed here
# need to be deliverable remotely.
# need to be deliverable remotely.
domainlist local_domains = MAIN_LOCAL_DOMAINS
domainlist local_domains = MAIN_LOCAL_DOMAINS
MYSQL_USER=email
MYSQL_USER=email
MYSQL_PASSWORD=password
MYSQL_PASSWORD=password
hide mysql_servers = MYSQL_SERVER/MYSQL_DB/MYSQL_USER/MYSQL_PASSWORD</nowiki>
hide mysql_servers = MYSQL_SERVER/MYSQL_DB/MYSQL_USER/MYSQL_PASSWORD
</syntaxhighlight>
==== Routers ====
====Routers====
CREATE the file /etc/exim4/conf.d/router/360_exim4-config_mysqlusers
CREATE the file /etc/exim4/conf.d/router/360_exim4-config_mysqlusers<syntaxhighlight lang="text">
dovecot_user:
driver = accept
driver = accept
condition = ${lookup mysql{SELECT CONCAT(mailboxes.local_part,'@',domains.fqdn) AS goto FROM domains,mailboxes WHERE \
condition = ${lookup mysql{SELECT CONCAT(mailboxes.local_part,'@',domains.fqdn) AS goto FROM domains,mailboxes WHERE \
domains.fqdn='${quote_mysql:$domain}' AND \
domains.fqdn='${quote_mysql:$domain}' AND \
domains.active=1}{yes}{no}}
domains.active=1}{yes}{no}}
transport = dovecot_delivery</nowiki>
transport = dovecot_delivery
</syntaxhighlight>
Either DELETE this file, or comment-out all lines /etc/exim4/conf.d/router/400_exim4-config_system_aliases<br />
Either DELETE this file, or comment-out all lines /etc/exim4/conf.d/router/400_exim4-config_system_aliases<br />
CREATE this file /etc/exim4/conf.d/router/401_exim4-config_mysql_aliases
CREATE this file /etc/exim4/conf.d/router/401_exim4-config_mysql_aliases<syntaxhighlight lang="text">
### router/401_exim4-config_mysql_aliases
#################################
#################################
system_aliases:
system_aliases:
driver = redirect
driver = redirect
allow_fail
allow_fail
allow_defer
allow_defer
data = ${lookup mysql{SELECT aliases.goto AS goto FROM domains,aliases WHERE \
data = ${lookup mysql{SELECT aliases.goto AS goto FROM domains,aliases WHERE \
domains.fqdn='${quote_mysql:$domain}' AND \
domains.fqdn='${quote_mysql:$domain}' AND \
domains.active=1}}
domains.active=1}}
</syntaxhighlight>
====Transports====
CREATE / OVERWRITE the file /etc/exim4/conf.d/transport/30_exim4-config_dovecot<syntaxhighlight lang="text">
### transport/30_exim4-config_dovecot
#################################
#################################
dovecot_delivery:
dovecot_delivery:
group = mail
group = mail
mode = 0660
mode = 0660
</nowiki>
</syntaxhighlight>
==== Auth ====
====Auth====
CREATE the file /etc/exim4/conf.d/auth/20_exim4-config_mysql-authenticator
CREATE the file /etc/exim4/conf.d/auth/20_exim4-config_mysql-authenticator<syntaxhighlight lang="text">
### AUTHENTICATIOR SECTION
auth_plain:
auth_plain:
domains.active=1}{yes}{no}}
domains.active=1}{yes}{no}}
server_prompts = Username:: : Password::
server_prompts = Username:: : Password::
server_set_id = $auth1</nowiki>
server_set_id = $auth1
</syntaxhighlight>
==== Ports ====
====Ports====
CREATE the file /etc/exim4/conf.d/main/9_exim4-config_daemon
CREATE the file /etc/exim4/conf.d/main/9_exim4-config_daemon
<nowiki>daemon_smtp_ports = 25 : 465 : 587</nowiki>
<nowiki>daemon_smtp_ports = 25 : 465 : 587</nowiki>
https://aws.amazon.com/forms/ec2-email-limit-rdns-request?catalog=true&isauthcode=true
https://aws.amazon.com/forms/ec2-email-limit-rdns-request?catalog=true&isauthcode=true
=== Dovecot ===
====DKIM====
====Generate DKIM private & public keys:====
<syntaxhighlight lang="bash">
sudo mkdir /etc/exim4/dkim && cd /etc/exim4/dkim
sudo openssl genrsa -out webmail.herrerosolis.com.dkim.pem 2048
sudo openssl rsa -in webmail.herrerosolis.com.dkim.pem -pubout |sudo tee webmail.herrerosolis.com.dkim.pub
</syntaxhighlight>
====Configure your exim to sign using the DKIM key====
Edit /etc/exim4/conf.d/main/000_localmacros and add at the beggining:<syntaxhighlight lang="text">
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_KEY_FILE = /etc/exim4/dkim/webmail.herrerosolis.com.dkim.pem
DKIM_PRIVATE_KEY = ${if exists{DKIM_KEY_FILE}{DKIM_KEY_FILE}{0}}
DKIM_SELECTOR = webmail
</syntaxhighlight>
====DKIM Multiple Domains (TODO)====
TODO: Handle multiple domains: https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4<syntaxhighlight lang="text">
DKIM_CANON = relaxed
DKIM_SELECTOR = 20150726
# Get the domain from the outgoing mail.
DKIM_DOMAIN = ${sg{${lc:${domain:$h_from:}}}{^www\.}{}}
# The file is based on the outgoing domain-name in the from-header.
DKIM_FILE = /etc/exim4/dkim/{DKIM_DOMAIN}.pem
# If key exists then use it, if not don't.
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
</syntaxhighlight>
Then run:<syntaxhighlight lang="bash">
update-exim4.conf
service exim4 restart
</syntaxhighlight>
===Dovecot===
Make sure you choose split files, can be fixed with:
Make sure you choose split files, can be fixed with:
dpkg-reconfigure dovecot-core
dpkg-reconfigure dovecot-core
cat /etc/passwd | grep mail
cat /etc/passwd | grep mail
ADD to the file /etc/dovecot/dovecot.conf
ADD to the file /etc/dovecot/dovecot.conf<syntaxhighlight lang="text">
protocols = imap
listen = *, ::</nowiki>
listen = *, ::
</syntaxhighlight>
Add to the file /etc/dovecot/conf.d/10-mail.conf
Add to the file /etc/dovecot/conf.d/10-mail.conf
<nowiki>!include auth-sql.conf.ext</nowiki>
<nowiki>!include auth-sql.conf.ext</nowiki>
ADD to the file /etc/dovecot/dovecot-sql.conf.ext
ADD to the file /etc/dovecot/dovecot-sql.conf.ext<syntaxhighlight lang="text">
driver = mysql
connect = host=127.0.0.1 dbname=email_accounts user=email password=password
connect = host=127.0.0.1 dbname=[MYSQL DATABASE] user=[MYSQL user] password=[MYSQL mailbox PASSWORD plain text]
default_pass_scheme = MD5
default_pass_scheme = MD5
password_query = SELECT CONCAT(mailboxes.local_part,'@',domains.fqdn) as `user`, mailboxes.password AS `password`,'/var/spool/mail/%d/%n' AS `userdb_home`, [YOUR UID] AS `userdb_uid`, [YOUR GID] AS `userdb_gid` FROM `mailboxes`, `domains` WHERE mailboxes.local_part = '%n' AND mailboxes.active = 1 AND mailboxes.domain_id = domains.id AND domains.fqdn = '%d' AND domains.active = 1
password_query = SELECT CONCAT(mailboxes.local_part,'@',domains.fqdn) as `user`, mailboxes.password AS `password`,'/var/spool/mail/%d/%n' AS `userdb_home`, [YOUR mail user GID] AS `userdb_uid`, [YOUR mail user GID] AS `userdb_gid` FROM `mailboxes`, `domains` WHERE mailboxes.local_part = '%n' AND mailboxes.active = 1 AND mailboxes.domain_id = domains.id AND domains.fqdn = '%d' AND domains.active = 1
user_query = SELECT '/var/spool/mail/%d/%n' AS `home`, [YOUR UID] AS `uid`, [YOUR GID] AS `gid`</nowiki>
user_query = SELECT '/var/spool/mail/%d/%n' AS `home`, [YOUR mail USER UID] AS `uid`, [YOUR mail user GID] AS `gid`
==== SSL ====
</syntaxhighlight>
====SSL====
- Get certificates ej: Lets Encrypt
- Get certificates ej: Lets Encrypt
Edit: /etc/dovecot/conf.d/10-ssl.conf
Edit: /etc/dovecot/conf.d/10-ssl.conf
ssl = required
ssl_key = </etc/letsencrypt/live/webmail.herrerosolis.com/privkey.pem
ssl_cert = </etc/letsencrypt/live/webmail.herrerosolis.com/fullchain.pem
==== Ports ====
====Ports====
Open ports: IMAP 143 & SSL IMAP 993
Open ports: IMAP 143 & SSL IMAP 993
=== Roundcube ===
===Roundcube===
EDIT the file /etc/roundcube/main.inc.php
EDIT the file /etc/roundcube/main.inc.php
$rcmail_config['default_host'] = '[YOUR MX RECORD]';
$rcmail_config['default_host'] = '[YOUR MX RECORD]';
In that file, there are instructions on how to make it automatically calculate the address using %n, %d, etc. If your MX records for your different domains follow the same pattern (e.g. they are all “mail.my-domain.com”), and your webmail login addresses all follow the same pattern (e.g. “wemail.my-domain.com”), you can put one string here and it will automatically log people into the right server in every case, based on the URL they visited.
In that file, there are instructions on how to make it automatically calculate the address using %n, %d, etc. If your MX records for your different domains follow the same pattern (e.g. they are all “mail.my-domain.com”), and your webmail login addresses all follow the same pattern (e.g. “wemail.my-domain.com”), you can put one string here and it will automatically log people into the right server in every case, based on the URL they visited.
==== TLS ====
====TLS====
@/etc/roundcube/config.inc.php
@/etc/roundcube/config.inc.php
$config['default_host'] = "tls://webmail.herrerosolis.com";
$config['default_host'] = "tls://webmail.herrerosolis.com";
==== Allow dovecot self-signed certificate ====
====Allow dovecot self-signed certificate====
TODO: Lets Encrypt Certificate CA
TODO: Lets Encrypt Certificate CA
Add to /etc/roundcube/config.inc.php
Add to /etc/roundcube/config.inc.php
<nowiki>$config['imap_conn_options'] = array(
<nowiki>$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true,
),
);
</nowiki>
</nowiki>
====Enable Password Plugin====
*TODO: SQL / password plugin options
@/etc/roundcube/config.inc.php
@/etc/roundcube/config.inc.php
$config['plugins'] = array('xskin', 'password');
$config['plugins'] = array('xskin', 'password');
====Maximum size for attached documents =====
*TODO: Maximum size for attached documents
====Fix zipdownload plugin====
sudo apt-get install php7.0-zip
sudo apt-get install php7.0-gd
== Restart Everithing ==
====Spamassasin====
*TODO: Spamassasin
====Roundcube Plugin Installer====
cd <roundcube-project-root>
curl -s https://getcomposer.org/installer | php
composer.json-dist to composer.json in your Roundcube root directory
=====Installing Plugins=====
https://plugins.roundcube.net/explore/<br />
Then edit your local composer.json file and add the "vendor/plugin" names to the "require" section of the JSON structure. Don't forget to specify the version constraint:
<nowiki>"require" : {
...,
"roundcube/rcsample": ">=0.2.0"
}</nowiki>
After every change to composer.json run
php composer.phar install
==Restart Everithing==
<syntaxhighlight lang="text">
/etc/init.d/apache2 restart
/etc/init.d/exim4 restart
/etc/init.d/dovecot restart
</syntaxhighlight>Exim may output a “paniclog”. If so, read it, fix it – and then manually delete the paniclog file, or else you’ll keep getting fake warnings every time you restart exim.
=== STARTTLS ===
===STARTTLS===
https://wiki.debian.org/Exim
https://wiki.debian.org/Exim
= Troubleshooting =
=Troubleshooting=
https://mediatemple.net/community/products/dv/204404634/troubleshooting-common-issues-with-email
https://mediatemple.net/community/products/dv/204404634/troubleshooting-common-issues-with-email
=== Exim ===
===Exim===
exim4 -bP | grep tls_
exim4 -bP | grep tls_
test with:
test with:
swaks -a -tls -q HELO -s gollum.redactate.com -au test -ap '<>'
swaks -a -tls -q HELO -s gollum.redactate.com -au test -ap '<>'
==== Receiving emails ====
====Receiving emails====
Pick an email address that you added to the “email_accounts” database, and try sending email to it while logged-in to server command-line:
Pick an email address that you added to the “email_accounts” database, and try sending email to it while logged-in to server command-line:
exim -d -bt testname@yourdomain.com
exim -d -bt testname@yourdomain.com
…this will give a COMPLETE list of what exim is doing, and it will tell you every decision it made along the way. It should eventually decide the address is “routeable” and OK it.
…this will give a COMPLETE list of what exim is doing, and it will tell you every decision it made along the way. It should eventually decide the address is “routeable” and OK it.
* TODO: SOLVED --> bind SMTP to eth0 but not to elastic_ip https://forums.aws.amazon.com/thread.jspa?messageID=776527򽥏
*TODO: SOLVED --> bind SMTP to eth0 but not to elastic_ip https://forums.aws.amazon.com/thread.jspa?messageID=776527򽥏
If that looks OK, try sending an email from your normal email account (e.g. your Hotmail / Gmail / Yahoo.com address). Wait a minute, then check the server to see if it crashed trying to receive the email, by checking the logfiles.
If that looks OK, try sending an email from your normal email account (e.g. your Hotmail / Gmail / Yahoo.com address). Wait a minute, then check the server to see if it crashed trying to receive the email, by checking the logfiles.
https://www.wormly.com
https://www.wormly.com
==== Sending emails ====
====Sending emails====
sending emails
sending emails
mailq | grep frozen | awk '{print $3}' | xargs exim -v -M
mailq | grep frozen | awk '{print $3}' | xargs exim -v -M
====Exim usefull commands====
https://hostpapasupport.com/list-useful-commands-manage-exim-mail-server/
====Spam filters filtering your mails====
https://www.mail-tester.com/
Here is a list of commands to help: http://bradthemad.org/tech/notes/exim_cheatsheet.php
Here is a list of commands to help: http://bradthemad.org/tech/notes/exim_cheatsheet.php
=== Test Dovecot ===
===Test Dovecot===
https://wiki2.dovecot.org/TestInstallation
https://wiki2.dovecot.org/TestInstallation
=== Roundcube ===
===Roundcube===
http://www.iredmail.org/docs/debug.roundcubemail.html
http://www.iredmail.org/docs/debug.roundcubemail.html
=== DNS ===
===DNS===
https://mxtoolbox.com/diagnostic.aspx
https://mxtoolbox.com/diagnostic.aspx
[https://www.dropbox.com/s/8w55kys0yirfmv9/Exim4.69%20configuration%20%2B%20exploitation%20review-j1osx__Q0PE.mp4?dl=0|exim4 configuration (mp4)]
[https://www.dropbox.com/s/8w55kys0yirfmv9/Exim4.69%20configuration%20%2B%20exploitation%20review-j1osx__Q0PE.mp4?dl=0|exim4 configuration (mp4)]
= Resources =
=Resources=
http://t-machine.org/index.php/2014/06/27/webmail-on-your-debian-server-exim4-dovecot-roundcube/<br />
http://t-machine.org/index.php/2014/06/27/webmail-on-your-debian-server-exim4-dovecot-roundcube/<br />
https://intodns.com/herrerosolis.com<br />
https://intodns.com/herrerosolis.com<br />
1. In the file /etc/dovecot/conf.d/auth-sql-conf.ext uncomment driver and set it to mysql
1. In the file /etc/dovecot/conf.d/auth-sql-conf.ext uncomment driver and set it to mysql
2. /etc/dovecot/conf.d/10-mail.conf uncomment first_valid_uid and set it to [your_uid] (ie. 8). If you need to do the same for first_valid_gid
2. /etc/dovecot/conf.d/10-mail.conf uncomment first_valid_uid and set it to [your_uid] (ie. 8). If you need to do the same for first_valid_gid
https://pasztor.at/blog/the-big-exim-tutorial
=Adding new Domains=
#Add the new domain to to MySQL email_accounts.domains
#Start creating accounts with the new domain id
=Auxiliary Scripts=
===Create email account===
<syntaxhighlight lang="bash">
#!/bin/bash
PASSWORD1="hola"
PASSWORD2="mundo"
DOMAIN="herrerosolis.com"
echo "******************************* MAIL ACCOUNT INFORMATION *****************************************"
read -p "Username (without@herrerosolis.com): " USERNAME
while [[ "$PASSWORD1" != "$PASSWORD2" ]]; do
read -s -p "Password: " PASSWORD1
echo
read -s -p "Confirm password: " PASSWORD2
if [ "$PASSWORD1" != "$PASSWORD2" ]; then
echo "Passwords dont match, try again..."
fi
done
echo
echo
echo "Input MySQL database password for user mail"
mysql -h 127.0.0.1 -u cartero -p -D email_accounts -e "INSERT INTO mailboxes VALUES(NULL,1,'$USERNAME',MD5('$PASSWORD1'),'Mail account for $USERNAME@${DOMAIN}',1,NOW(),NOW());"
</syntaxhighlight>
===Create email alias===
<syntaxhighlight lang="bash">
#!/bin/bash
echo "******************************* MAIL ACCOUNT INFORMATION *****************************************"
read -p "Alias name (without _@redactate.com): " ALIAS
read -p "Destiny account (full email address): " GOTO
echo
echo
echo "Input MySQL database password for user mail"
mysql -h 127.0.0.1 -u cartero -p -D email_accounts -e "INSERT INTO aliases VALUES (null, 2, '$ALIAS', '$GOTO', 'Redirecting $ALIAS@ to $GOTO', 1, NOW(),NOW());"
</syntaxhighlight>