Difference between revisions of "Linux Mail Server: Exim4"
Jump to navigation
Jump to search
Rafahsolis (talk | contribs) |
Rafahsolis (talk | contribs) |
||
| Line 141: | Line 141: | ||
</nowiki> | </nowiki> | ||
http://bradthemad.org/tech/notes/exim_cheatsheet.php | http://bradthemad.org/tech/notes/exim_cheatsheet.php | ||
| + | |||
| + | === Exim Configuration === | ||
| + | dpkg-reconfigure exim4-config | ||
| + | |||
| + | Creates the file: /etc/exim4/update-exim4.conf.conf<br /> | ||
| + | Should look like: | ||
| + | |||
| + | <nowiki># /etc/exim4/update-exim4.conf.conf | ||
| + | # | ||
| + | # Edit this file and /etc/mailname by hand and execute update-exim4.conf | ||
| + | # yourself or use 'dpkg-reconfigure exim4-config' | ||
| + | # | ||
| + | # Please note that this is _not_ a dpkg-conffile and that automatic changes | ||
| + | # to this file might happen. The code handling this will honor your local | ||
| + | # changes, so this is usually fine, but will break local schemes that mess | ||
| + | # around with multiple versions of the file. | ||
| + | # | ||
| + | # update-exim4.conf uses this file to determine variable values to generate | ||
| + | # exim configuration macros for the configuration file. | ||
| + | # | ||
| + | # Most settings found in here do have corresponding questions in the | ||
| + | # Debconf configuration, but not all of them. | ||
| + | # | ||
| + | # This is a Debian specific file | ||
| + | |||
| + | dc_eximconfig_configtype='internet' | ||
| + | dc_other_hostnames='[YOUR DOMAIN 1];[YOUR DOMAIN 2]' | ||
| + | dc_local_interfaces='127.0.0.1;[PUT YOUR SERVER's IP ADDRESS HERE]' | ||
| + | dc_readhost='' | ||
| + | dc_relay_domains='' | ||
| + | dc_minimaldns='false' | ||
| + | dc_relay_nets='' | ||
| + | dc_smarthost='' | ||
| + | CFILEMODE='644' | ||
| + | dc_use_split_config='true' | ||
| + | dc_hide_mailname='' | ||
| + | dc_mailname_in_oh='true' | ||
| + | dc_localdelivery='maildir_home'</nowiki> | ||
| + | |||
| + | ==== Macros ==== | ||
| + | ADD the following to /etc/exim4/conf.d/main/000_localmacros | ||
| + | <nowiki>MAIN_LOCAL_DOMAINS = @:localhost:dsearch;/etc/exim4/virtual:${lookup mysql{SELECT fqdn AS domain FROM domains WHERE fqdn='${quote_mysql:$domain}' AND type='local' AND active=1}}</nowiki> | ||
| + | |||
| + | ADD the following to /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs | ||
| + | <nowiki># List of domains considered local for exim. Domains not listed here | ||
| + | # need to be deliverable remotely. | ||
| + | domainlist local_domains = MAIN_LOCAL_DOMAINS | ||
| + | |||
| + | # MySQL because exim4 on Debian doesn't always add this: | ||
| + | |||
| + | MYSQL_SERVER=127.0.0.1 | ||
| + | MYSQL_DB=email_accounts | ||
| + | MYSQL_USER=email | ||
| + | MYSQL_PASSWORD=password | ||
| + | hide mysql_servers = MYSQL_SERVER/MYSQL_DB/MYSQL_USER/MYSQL_PASSWORD</nowiki> | ||
| + | |||
| + | ==== Routers ==== | ||
| + | CREATE the file /etc/exim4/conf.d/router/360_exim4-config_mysqlusers | ||
| + | |||
| + | <nowiki>dovecot_user: | ||
| + | driver = accept | ||
| + | condition = ${lookup mysql{SELECT CONCAT(mailboxes.local_part,'@',domains.fqdn) AS goto FROM domains,mailboxes WHERE \ | ||
| + | mailboxes.local_part='${quote_mysql:$local_part}' AND \ | ||
| + | mailboxes.active=1 AND \ | ||
| + | mailboxes.domain_id=domains.id AND \ | ||
| + | domains.fqdn='${quote_mysql:$domain}' AND \ | ||
| + | domains.active=1}{yes}{no}} | ||
| + | transport = dovecot_delivery</nowiki> | ||
| + | |||
| + | Either DELETE this file, or comment-out all lines /etc/exim4/conf.d/router/400_exim4-config_system_aliases<br /> | ||
| + | |||
| + | CREATE this file /etc/exim4/conf.d/router/401_exim4-config_mysql_aliases | ||
| + | |||
| + | <nowiki>### router/401_exim4-config_mysql_aliases | ||
| + | ################################# | ||
| + | |||
| + | # ADAM: This router handles aliasing using the proprietary mysql setup | ||
| + | # | ||
| + | # c.f. http://alex.mamchenkov.net/2010/06/24/exim-dovecot-and-mysql/ | ||
| + | # | ||
| + | |||
| + | system_aliases: | ||
| + | driver = redirect | ||
| + | allow_fail | ||
| + | allow_defer | ||
| + | data = ${lookup mysql{SELECT aliases.goto AS goto FROM domains,aliases WHERE \ | ||
| + | (aliases.local_part='${quote_mysql:$local_part}' OR aliases.local_part='@') AND \ | ||
| + | aliases.active=1 AND \ | ||
| + | aliases.domain_id=domains.id AND \ | ||
| + | domains.fqdn='${quote_mysql:$domain}' AND \ | ||
| + | domains.active=1}} | ||
| + | </nowiki> | ||
| + | |||
| + | ==== Transports ==== | ||
| + | CREATE / OVERWRITE the file /etc/exim4/conf.d/transport/30_exim4-config_dovecot | ||
| + | |||
| + | <nowiki>### transport/30_exim4-config_dovecot | ||
| + | ################################# | ||
| + | |||
| + | # | ||
| + | |||
| + | dovecot_delivery: | ||
| + | driver = appendfile | ||
| + | maildir_format = true | ||
| + | directory = /var/spool/mail/$domain/$local_part | ||
| + | create_directory = true | ||
| + | directory_mode = 0770 | ||
| + | mode_fail_narrower = false | ||
| + | message_prefix = | ||
| + | message_suffix = | ||
| + | delivery_date_add | ||
| + | envelope_to_add | ||
| + | return_path_add | ||
| + | user = mail | ||
| + | group = mail | ||
| + | mode = 0660 | ||
| + | </nowiki> | ||
| + | |||
| + | ==== Auth ==== | ||
| + | CREATE the file /etc/exim4/conf.d/auth/20_exim4-config_mysql-authenticator | ||
| + | |||
| + | <nowiki>### AUTHENTICATIOR SECTION | ||
| + | |||
| + | auth_plain: | ||
| + | driver = plaintext | ||
| + | public_name = PLAIN | ||
| + | server_condition = ${lookup mysql{SELECT CONCAT(mailboxes.local_part,'@',domains.fqdn) FROM mailboxes,domains WHERE \ | ||
| + | mailboxes.local_part=SUBSTRING_INDEX('${quote_mysql:$auth2}','@',1) AND \ | ||
| + | mailboxes.password=MD5('${quote_mysql:$auth3}') AND \ | ||
| + | mailboxes.active=1 AND \ | ||
| + | mailboxes.domain_id=domains.id AND \ | ||
| + | domains.fqdn=SUBSTRING_INDEX('${quote_mysql:$auth2}','@',-1) AND \ | ||
| + | domains.active=1}{yes}{no}} | ||
| + | server_prompts = : | ||
| + | server_set_id = $auth2 | ||
| + | |||
| + | auth_login: | ||
| + | driver = plaintext | ||
| + | public_name = LOGIN | ||
| + | server_condition = ${lookup mysql{SELECT CONCAT(mailboxes.local_part,'@',domains.fqdn) FROM mailboxes,domains WHERE \ | ||
| + | mailboxes.local_part=SUBSTRING_INDEX('${quote_mysql:$auth1}','@',1) AND \ | ||
| + | mailboxes.password=MD5('${quote_mysql:$auth2}') AND \ | ||
| + | mailboxes.active=1 AND \ | ||
| + | mailboxes.domain_id=domains.id AND \ | ||
| + | domains.fqdn=SUBSTRING_INDEX('${quote_mysql:$auth1}','@',-1) AND \ | ||
| + | domains.active=1}{yes}{no}} | ||
| + | server_prompts = Username:: : Password:: | ||
| + | server_set_id = $auth1 | ||
| + | </nowiki> | ||
=== STARTTLS === | === STARTTLS === | ||
Revision as of 20:35, 31 March 2017
Whispers Mail Server
Stack
- Web server (Apache)
- Database server (MySQL)
- Email server (MTA) (Exim4)
- IMAP server (Dovecot)
- Webmail server (Roundcube)
Install
- apt-get install apache2-mpm-prefork
- (Some of these email servers require PHP; PHP is crappy and requires mpm-prefork (the ‘slow’ version of Apache))
- apt-get install mysql-client
- (should auto-install something like: mysql-common + mysql-client-5.5)
- apt-get install mysql-server
- (should auto-install something like: mysql-server-5.5 + mysql-server-core-5.5)
- apt-get install exim4
- apt-get install exim4-base
- apt-get install exim4-config
- apt-get install exim4-daemon-heavy
- (there’s an “exim4-mysql” that might be sufficient to replace this, but I gave up: there are way too many exim4 packages, and no help for installing the “correct” set, so … just pick this and get the lot!)
- apt-get install dovecot-core
- apt-get install dovecot-imapd
- apt-get install dovecot-mysql
- apt-get install roundcube
- apt-get install roundcube-core
- apt-get install roundcube-mysql
Setup
DNS
You should know about this already: you need an “MX” record on your DNS server, and it needs to point to your main server where you’ll run your email, web, etc.
Apache
/etc/apache2/sites-available/webmail.conf
<VirtualHost *:80>
ServerAdmin rafael@herrerosolis.com
Redirect permanent / https://webmail.herrerosolis.com/
# DocumentRoot /var/www/rafael
ServerName webmail.herrerosolis.com
ServerAlias webmail.herrerosolis.com
ErrorLog /var/log/apache2/webmail/error.log
# Posible values include: debug, info, notice, warn, error, crit.
# alert, emerg.
CustomLog /var/log/apache2/webmail/access.log combined
</virtualHost>
<VirtualHost *:443>
ServerAdmin rafael@herrerosolis.com
DocumentRoot /var/lib/roundcube
ServerName webmail.herrerosolis.com
ServerAlias webmail.herrerosolis.com
ErrorLog /var/log/apache2/webmail/error.log
# Posible values include: debug, info, notice, warn, error, crit.
# alert, emerg.
CustomLog /var/log/apache2/webmail/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/herrerosolis.crt
SSLCertificateKeyFile /etc/ssl/private/herrerosolis.key
</virtualHost>
OPTIONAL: Remove TinyMCE
TinyMCE is a WYSIWYG text-editor for HTML emails. I hate it. It had a long history of being insecure, buggy, slow, and hard to use. So I disable it:
Edit /etc/roundcube/apache.conf:
Comment out these lines: #<Directory "/usr/share/tinymce/www/"> # Options Indexes MultiViews FollowSymLinks # AllowOverride None # Order allow,deny # allow from all #</Directory>
Create Databases
mysql -u root -p
CREATE DATABASE email_accounts;
USE email_accounts;
CREATE TABLE mailboxes (
id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
domain_id INT(10) NOT NULL,
local_part VARCHAR(250) NOT NULL,
password VARCHAR(100) NULL,
description VARCHAR(250) NULL,
active TINYINT(1) NOT NULL DEFAULT 0,
created TIMESTAMP NOT NULL DEFAULT NOW(),
modified TIMESTAMP NULL
);
CREATE TABLE aliases (
id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
domain_id INT(10) NOT NULL,
local_part VARCHAR(250) NOT NULL,
goto VARCHAR(250) NOT NULL,
description VARCHAR(250) NULL,
active TINYINT(1) NOT NULL DEFAULT 0,
created TIMESTAMP NOT NULL DEFAULT NOW(),
modified TIMESTAMP NULL
);
CREATE TABLE vacations (
id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
mailbox_id INT(10) NOT NULL,
subject VARCHAR(250) NOT NULL,
body TEXT NOT NULL,
description VARCHAR(250) NULL,
active TINYINT(1) NOT NULL DEFAULT 0,
created TIMESTAMP NOT NULL DEFAULT NOW(),
modified TIMESTAMP NULL
);
CREATE TABLE domains (
id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
fqdn VARCHAR(250) NOT NULL,
type ENUM('local','relay') NOT NULL DEFAULT 'local',
description VARCHAR(250) NULL,
active TINYINT(1) NOT NULL DEFAULT 0,
created TIMESTAMP NOT NULL DEFAULT NOW(),
modified TIMESTAMP NULL
);
Create your first email account and domain
Domain
INSERT INTO domains VALUES(NULL,'herrerosolis.com','local','My personal domain',1,NOW(),NOW());
User
INSERT INTO mailboxes VALUES(NULL,1,'joe',MD5('password - choose a good one'),'My account for joe@herrerosolis.com',1,NOW(),NOW());
Alias
insert into aliases values (null, 1, 'support', 'ceo@mydomain.com', 'Redirecting support@ to the CEO. It will be a good experience', 1, NOW(), NOW() );
Create a database-account to access the database
grant ALL on email_accounts.* to 'email'@'localhost' identified by 'password'; flush privileges;
http://bradthemad.org/tech/notes/exim_cheatsheet.php
Exim Configuration
dpkg-reconfigure exim4-config
Creates the file: /etc/exim4/update-exim4.conf.conf
Should look like:
# /etc/exim4/update-exim4.conf.conf # # Edit this file and /etc/mailname by hand and execute update-exim4.conf # yourself or use 'dpkg-reconfigure exim4-config' # # Please note that this is _not_ a dpkg-conffile and that automatic changes # to this file might happen. The code handling this will honor your local # changes, so this is usually fine, but will break local schemes that mess # around with multiple versions of the file. # # update-exim4.conf uses this file to determine variable values to generate # exim configuration macros for the configuration file. # # Most settings found in here do have corresponding questions in the # Debconf configuration, but not all of them. # # This is a Debian specific file dc_eximconfig_configtype='internet' dc_other_hostnames='[YOUR DOMAIN 1];[YOUR DOMAIN 2]' dc_local_interfaces='127.0.0.1;[PUT YOUR SERVER's IP ADDRESS HERE]' dc_readhost='' dc_relay_domains='' dc_minimaldns='false' dc_relay_nets='' dc_smarthost='' CFILEMODE='644' dc_use_split_config='true' dc_hide_mailname='' dc_mailname_in_oh='true' dc_localdelivery='maildir_home'
Macros
ADD the following to /etc/exim4/conf.d/main/000_localmacros
MAIN_LOCAL_DOMAINS = @:localhost:dsearch;/etc/exim4/virtual:${lookup mysql{SELECT fqdn AS domain FROM domains WHERE fqdn='${quote_mysql:$domain}' AND type='local' AND active=1}}
ADD the following to /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
# List of domains considered local for exim. Domains not listed here # need to be deliverable remotely. domainlist local_domains = MAIN_LOCAL_DOMAINS # MySQL because exim4 on Debian doesn't always add this: MYSQL_SERVER=127.0.0.1 MYSQL_DB=email_accounts MYSQL_USER=email MYSQL_PASSWORD=password hide mysql_servers = MYSQL_SERVER/MYSQL_DB/MYSQL_USER/MYSQL_PASSWORD
Routers
CREATE the file /etc/exim4/conf.d/router/360_exim4-config_mysqlusers
dovecot_user:
driver = accept
condition = ${lookup mysql{SELECT CONCAT(mailboxes.local_part,'@',domains.fqdn) AS goto FROM domains,mailboxes WHERE \
mailboxes.local_part='${quote_mysql:$local_part}' AND \
mailboxes.active=1 AND \
mailboxes.domain_id=domains.id AND \
domains.fqdn='${quote_mysql:$domain}' AND \
domains.active=1}{yes}{no}}
transport = dovecot_delivery
Either DELETE this file, or comment-out all lines /etc/exim4/conf.d/router/400_exim4-config_system_aliases
CREATE this file /etc/exim4/conf.d/router/401_exim4-config_mysql_aliases
### router/401_exim4-config_mysql_aliases
#################################
# ADAM: This router handles aliasing using the proprietary mysql setup
#
# c.f. http://alex.mamchenkov.net/2010/06/24/exim-dovecot-and-mysql/
#
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{SELECT aliases.goto AS goto FROM domains,aliases WHERE \
(aliases.local_part='${quote_mysql:$local_part}' OR aliases.local_part='@') AND \
aliases.active=1 AND \
aliases.domain_id=domains.id AND \
domains.fqdn='${quote_mysql:$domain}' AND \
domains.active=1}}
Transports
CREATE / OVERWRITE the file /etc/exim4/conf.d/transport/30_exim4-config_dovecot
### transport/30_exim4-config_dovecot
#################################
#
dovecot_delivery:
driver = appendfile
maildir_format = true
directory = /var/spool/mail/$domain/$local_part
create_directory = true
directory_mode = 0770
mode_fail_narrower = false
message_prefix =
message_suffix =
delivery_date_add
envelope_to_add
return_path_add
user = mail
group = mail
mode = 0660
Auth
CREATE the file /etc/exim4/conf.d/auth/20_exim4-config_mysql-authenticator
### AUTHENTICATIOR SECTION
auth_plain:
driver = plaintext
public_name = PLAIN
server_condition = ${lookup mysql{SELECT CONCAT(mailboxes.local_part,'@',domains.fqdn) FROM mailboxes,domains WHERE \
mailboxes.local_part=SUBSTRING_INDEX('${quote_mysql:$auth2}','@',1) AND \
mailboxes.password=MD5('${quote_mysql:$auth3}') AND \
mailboxes.active=1 AND \
mailboxes.domain_id=domains.id AND \
domains.fqdn=SUBSTRING_INDEX('${quote_mysql:$auth2}','@',-1) AND \
domains.active=1}{yes}{no}}
server_prompts = :
server_set_id = $auth2
auth_login:
driver = plaintext
public_name = LOGIN
server_condition = ${lookup mysql{SELECT CONCAT(mailboxes.local_part,'@',domains.fqdn) FROM mailboxes,domains WHERE \
mailboxes.local_part=SUBSTRING_INDEX('${quote_mysql:$auth1}','@',1) AND \
mailboxes.password=MD5('${quote_mysql:$auth2}') AND \
mailboxes.active=1 AND \
mailboxes.domain_id=domains.id AND \
domains.fqdn=SUBSTRING_INDEX('${quote_mysql:$auth1}','@',-1) AND \
domains.active=1}{yes}{no}}
server_prompts = Username:: : Password::
server_set_id = $auth1
STARTTLS
Troubleshooting
exim4 -bP | grep tls_
test with:
sudo apt-get install swaks swaks -a -tls -q HELO -s gollum.redactate.com -au test -ap '<>'
- Choose internet site
- Choose domain
Resources
http://t-machine.org/index.php/2014/06/27/webmail-on-your-debian-server-exim4-dovecot-roundcube/