2,306
edits
Changes
Jump to navigation
Jump to search
mLine 58:
Line 58: − + Line 70:
Line 70: − + Line 83:
Line 83: − + Line 95:
Line 95: − + − ServerAdmin rafael@herrerosolis.com+ − Redirect permanent / https://webmail.herrerosolis.com/+ − # DocumentRoot /var/www/rafael+ − ServerName webmail.herrerosolis.com+ − ServerAlias webmail.herrerosolis.com+ − ErrorLog /var/log/apache2/webmail/error.log+ − + − # Posible values include: debug, info, notice, warn, error, crit.+ − # alert, emerg.+ − + − CustomLog /var/log/apache2/webmail/access.log combined+ − </virtualHost>+ − + − <VirtualHost *:443>+ − ServerAdmin rafael@herrerosolis.com+ − DocumentRoot /var/lib/roundcube+ − ServerName webmail.herrerosolis.com+ − ServerAlias webmail.herrerosolis.com+ − + − ErrorLog /var/log/apache2/webmail/error.log+ − + − # Posible values include: debug, info, notice, warn, error, crit.+ − # alert, emerg.+ − CustomLog /var/log/apache2/webmail/access.log combined+ − SSLEngine on+ − SSLCertificateFile /etc/ssl/certs/herrerosolis.crt+ − SSLCertificateKeyFile /etc/ssl/private/herrerosolis.key+ − </virtualHost>+ − </nowiki>+ Line 136:
Line 136: − #<Directory "/usr/share/tinymce/www/">+ − # Options Indexes MultiViews FollowSymLinks+ − # AllowOverride None+ − # Order allow,deny+ − # allow from all+ − #</Directory>+ − </nowiki>+ Line 152:
Line 152: − id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,+ − domain_id INT(10) NOT NULL,+ − local_part VARCHAR(250) NOT NULL,+ − password VARCHAR(100) NULL,+ − description VARCHAR(250) NULL,+ − active TINYINT(1) NOT NULL DEFAULT 0,+ − created TIMESTAMP NOT NULL DEFAULT NOW(),+ − modified TIMESTAMP NULL+ − );+ − CREATE TABLE aliases (+ − id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,+ − domain_id INT(10) NOT NULL,+ − local_part VARCHAR(250) NOT NULL,+ − goto VARCHAR(250) NOT NULL,+ − description VARCHAR(250) NULL,+ − active TINYINT(1) NOT NULL DEFAULT 0,+ − created TIMESTAMP NOT NULL DEFAULT NOW(),+ − modified TIMESTAMP NULL+ − );+ − CREATE TABLE vacations (+ − id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,+ − mailbox_id INT(10) NOT NULL,+ − subject VARCHAR(250) NOT NULL,+ − body TEXT NOT NULL,+ − description VARCHAR(250) NULL,+ − active TINYINT(1) NOT NULL DEFAULT 0,+ − created TIMESTAMP NOT NULL DEFAULT NOW(),+ − modified TIMESTAMP NULL+ − );+ − + − CREATE TABLE domains (+ − id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,+ − fqdn VARCHAR(250) NOT NULL,+ − type ENUM('local','relay') NOT NULL DEFAULT 'local',+ − description VARCHAR(250) NULL,+ − active TINYINT(1) NOT NULL DEFAULT 0,+ − created TIMESTAMP NOT NULL DEFAULT NOW(),+ − modified TIMESTAMP NULL+ − );+ − </nowiki>+ Line 205:
Line 205: − flush privileges;+ − </nowiki>+ Line 220:
Line 220: − #+ − # Edit this file and /etc/mailname by hand and execute update-exim4.conf+ − # yourself or use 'dpkg-reconfigure exim4-config'+ − #+ − # Please note that this is _not_ a dpkg-conffile and that automatic changes+ − # to this file might happen. The code handling this will honor your local+ − # changes, so this is usually fine, but will break local schemes that mess+ − # around with multiple versions of the file.+ − #+ − # update-exim4.conf uses this file to determine variable values to generate+ − # exim configuration macros for the configuration file.+ − #+ − # Most settings found in here do have corresponding questions in the+ − # Debconf configuration, but not all of them.+ − #+ − # This is a Debian specific file+ − + − dc_eximconfig_configtype='internet'+ − dc_other_hostnames='[YOUR DOMAIN 1];[YOUR DOMAIN 2]'+ − dc_local_interfaces='127.0.0.1;[PUT YOUR SERVER's IP ADDRESS HERE]'+ − dc_readhost=''+ − dc_relay_domains=''+ − dc_minimaldns='false'+ − dc_relay_nets=''+ − dc_smarthost=''+ − CFILEMODE='644'+ − dc_use_split_config='true'+ − dc_hide_mailname=''+ − dc_mailname_in_oh='true'+ − dc_localdelivery='maildir_home'</nowiki>+ Line 257:
Line 257: − # need to be deliverable remotely.+ − domainlist local_domains = MAIN_LOCAL_DOMAINS+ − + − # MySQL because exim4 on Debian doesn't always add this:+ − + − MYSQL_SERVER=127.0.0.1+ − MYSQL_DB=email_accounts+ − MYSQL_USER=email+ − MYSQL_PASSWORD=password+ − hide mysql_servers = MYSQL_SERVER/MYSQL_DB/MYSQL_USER/MYSQL_PASSWORD</nowiki>+ Line 272:
Line 272: − driver = accept+ − condition = ${lookup mysql{SELECT CONCAT(mailboxes.local_part,'@',domains.fqdn) AS goto FROM domains,mailboxes WHERE \+ − mailboxes.local_part='${quote_mysql:$local_part}' AND \+ − mailboxes.active=1 AND \+ − mailboxes.domain_id=domains.id AND \+ − domains.fqdn='${quote_mysql:$domain}' AND \+ − domains.active=1}{yes}{no}}+ − transport = dovecot_delivery</nowiki>+ Line 286:
Line 286: − #################################+ − + − # ADAM: This router handles aliasing using the proprietary mysql setup+ − #+ − # c.f. http://alex.mamchenkov.net/2010/06/24/exim-dovecot-and-mysql/+ − #+ − + − system_aliases:+ − driver = redirect+ − allow_fail + − allow_defer+ − data = ${lookup mysql{SELECT aliases.goto AS goto FROM domains,aliases WHERE \+ − (aliases.local_part='${quote_mysql:$local_part}' OR aliases.local_part='@') AND \+ − aliases.active=1 AND \+ − aliases.domain_id=domains.id AND \+ − domains.fqdn='${quote_mysql:$domain}' AND \+ − domains.active=1}}+ − </nowiki>+ Line 309:
Line 309: − #################################+ − + − #+ − + − dovecot_delivery:+ − driver = appendfile+ − maildir_format = true+ − directory = /var/spool/mail/$domain/$local_part+ − create_directory = true+ − directory_mode = 0770+ − mode_fail_narrower = false+ − message_prefix =+ − message_suffix =+ − delivery_date_add+ − envelope_to_add+ − return_path_add+ − user = mail+ − group = mail+ − mode = 0660+ − </nowiki>+ Line 334:
Line 334: − + − auth_plain:+ − driver = plaintext+ − public_name = PLAIN+ − server_condition = ${lookup mysql{SELECT CONCAT(mailboxes.local_part,'@',domains.fqdn) FROM mailboxes,domains WHERE \+ − mailboxes.local_part=SUBSTRING_INDEX('${quote_mysql:$auth2}','@',1) AND \+ − mailboxes.password=MD5('${quote_mysql:$auth3}') AND \+ − mailboxes.active=1 AND \+ − mailboxes.domain_id=domains.id AND \+ − domains.fqdn=SUBSTRING_INDEX('${quote_mysql:$auth2}','@',-1) AND \+ − domains.active=1}{yes}{no}}+ − server_prompts = :+ − server_set_id = $auth2+ − + − auth_login:+ − driver = plaintext+ − public_name = LOGIN+ − server_condition = ${lookup mysql{SELECT CONCAT(mailboxes.local_part,'@',domains.fqdn) FROM mailboxes,domains WHERE \+ − mailboxes.local_part=SUBSTRING_INDEX('${quote_mysql:$auth1}','@',1) AND \+ − mailboxes.password=MD5('${quote_mysql:$auth2}') AND \+ − mailboxes.active=1 AND \+ − mailboxes.domain_id=domains.id AND \+ − domains.fqdn=SUBSTRING_INDEX('${quote_mysql:$auth1}','@',-1) AND \+ − domains.active=1}{yes}{no}}+ − server_prompts = Username:: : Password::+ − server_set_id = $auth1</nowiki>+ Line 417:
Line 417: − listen = *, ::</nowiki>+ Line 427:
Line 427: − connect = host=127.0.0.1 dbname=email_accounts user=email password=password+ − default_pass_scheme = MD5+ − + − password_query = SELECT CONCAT(mailboxes.local_part,'@',domains.fqdn) as `user`, mailboxes.password AS `password`,'/var/spool/mail/%d/%n' AS `userdb_home`, [YOUR UID] AS `userdb_uid`, [YOUR GID] AS `userdb_gid` FROM `mailboxes`, `domains` WHERE mailboxes.local_part = '%n' AND mailboxes.active = 1 AND mailboxes.domain_id = domains.id AND domains.fqdn = '%d' AND domains.active = 1+ − + − user_query = SELECT '/var/spool/mail/%d/%n' AS `home`, [YOUR UID] AS `uid`, [YOUR GID] AS `gid`</nowiki>+ Line 438:
Line 438: − # Preferred permissions: root:root 0444+ − ssl_cert = </etc/ssl/certs/dovecot.pem+ − # Preferred permissions: root:root 0400+ − ssl_key = </etc/ssl/private/dovecot.pem</nowiki>+ Line 460:
Line 460: − 'ssl' => array(+ − 'verify_peer' => false,+ − 'verify_peer_name' => false,+ − 'allow_self_signed' => true,+ − ),+ − );+ − </nowiki>+ Line 496:
Line 496: − ...,+ − "roundcube/rcsample": ">=0.2.0"+ − }</nowiki>+ Line 505:
Line 505: − /etc/init.d/exim4 restart+ − /etc/init.d/dovecot restart</nowiki>+
→DNS
'''Remove''' MX registries from godaddy email forwarder:<br />MX: <br />Host: @; Apunta a:smtp.secureserver.net; Prioridad:30; TTL:1h<br />Host: @; Apunta a:mailstore1.secureserver.net; Prioridad:50; TTL:1h
'''Remove''' MX registries from godaddy email forwarder:<br />MX: <br />Host: @; Apunta a:smtp.secureserver.net; Prioridad:30; TTL:1h<br />Host: @; Apunta a:mailstore1.secureserver.net; Prioridad:50; TTL:1h
====SPF====
=====SPF=====
{| class="wikitable"
{| class="wikitable"
|+DNS SPF Registry
|+DNS SPF Registry
|}
|}
====DMARC====
=====DMARC=====
{| class="wikitable"
{| class="wikitable"
|+DNS DMARC Registry
|+DNS DMARC Registry
<br />
<br />
====DKIM====
=====DKIM=====
{| class="wikitable"
{| class="wikitable"
|+DNS DKIM Registry
|+DNS DKIM Registry
|}
|}
* Note: DKIM Host must be {selector}._domainkey where {selector} = DKIM_SELECTOR variable from /etc/exim4/conf.d/main/000_localmacros
*Note: DKIM Host must be {selector}._domainkey where {selector} = DKIM_SELECTOR variable from /etc/exim4/conf.d/main/000_localmacros
===Apache===
===Apache===
/etc/apache2/sites-available/webmail.conf
/etc/apache2/sites-available/webmail.conf
<nowiki><VirtualHost *:80>
<nowiki><VirtualHost *:80>
ServerAdmin rafael@herrerosolis.com
Redirect permanent / https://webmail.herrerosolis.com/
# DocumentRoot /var/www/rafael
ServerName webmail.herrerosolis.com
ServerAlias webmail.herrerosolis.com
ErrorLog /var/log/apache2/webmail/error.log
# Posible values include: debug, info, notice, warn, error, crit.
# alert, emerg.
CustomLog /var/log/apache2/webmail/access.log combined
</virtualHost>
<VirtualHost *:443>
ServerAdmin rafael@herrerosolis.com
DocumentRoot /var/lib/roundcube
ServerName webmail.herrerosolis.com
ServerAlias webmail.herrerosolis.com
ErrorLog /var/log/apache2/webmail/error.log
# Posible values include: debug, info, notice, warn, error, crit.
# alert, emerg.
CustomLog /var/log/apache2/webmail/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/herrerosolis.crt
SSLCertificateKeyFile /etc/ssl/private/herrerosolis.key
</virtualHost>
</nowiki>
===OPTIONAL: Remove TinyMCE===
===OPTIONAL: Remove TinyMCE===
<nowiki>Comment out these lines:
<nowiki>Comment out these lines:
#<Directory "/usr/share/tinymce/www/">
# Options Indexes MultiViews FollowSymLinks
# AllowOverride None
# Order allow,deny
# allow from all
#</Directory>
</nowiki>
===Create Databases===
===Create Databases===
<nowiki>CREATE TABLE mailboxes (
<nowiki>CREATE TABLE mailboxes (
id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
domain_id INT(10) NOT NULL,
local_part VARCHAR(250) NOT NULL,
password VARCHAR(100) NULL,
description VARCHAR(250) NULL,
active TINYINT(1) NOT NULL DEFAULT 0,
created TIMESTAMP NOT NULL DEFAULT NOW(),
modified TIMESTAMP NULL
);
CREATE TABLE aliases (
id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
domain_id INT(10) NOT NULL,
local_part VARCHAR(250) NOT NULL,
goto VARCHAR(250) NOT NULL,
description VARCHAR(250) NULL,
active TINYINT(1) NOT NULL DEFAULT 0,
created TIMESTAMP NOT NULL DEFAULT NOW(),
modified TIMESTAMP NULL
);
CREATE TABLE vacations (
id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
mailbox_id INT(10) NOT NULL,
subject VARCHAR(250) NOT NULL,
body TEXT NOT NULL,
description VARCHAR(250) NULL,
active TINYINT(1) NOT NULL DEFAULT 0,
created TIMESTAMP NOT NULL DEFAULT NOW(),
modified TIMESTAMP NULL
);
CREATE TABLE domains (
id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
fqdn VARCHAR(250) NOT NULL,
type ENUM('local','relay') NOT NULL DEFAULT 'local',
description VARCHAR(250) NULL,
active TINYINT(1) NOT NULL DEFAULT 0,
created TIMESTAMP NOT NULL DEFAULT NOW(),
modified TIMESTAMP NULL
);
</nowiki>
===Create your first email account and domain===
===Create your first email account and domain===
===Create a database-account to access the database===
===Create a database-account to access the database===
<nowiki>grant ALL on email_accounts.* to 'email'@'localhost' identified by 'password';
<nowiki>grant ALL on email_accounts.* to 'email'@'localhost' identified by 'password';
flush privileges;
</nowiki>
http://bradthemad.org/tech/notes/exim_cheatsheet.php
http://bradthemad.org/tech/notes/exim_cheatsheet.php
<nowiki># /etc/exim4/update-exim4.conf.conf
<nowiki># /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file
dc_eximconfig_configtype='internet'
dc_other_hostnames='[YOUR DOMAIN 1];[YOUR DOMAIN 2]'
dc_local_interfaces='127.0.0.1;[PUT YOUR SERVER's IP ADDRESS HERE]'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='true'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='maildir_home'</nowiki>
====Macros====
====Macros====
ADD the following to /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
ADD the following to /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
<nowiki># List of domains considered local for exim. Domains not listed here
<nowiki># List of domains considered local for exim. Domains not listed here
# need to be deliverable remotely.
domainlist local_domains = MAIN_LOCAL_DOMAINS
# MySQL because exim4 on Debian doesn't always add this:
MYSQL_SERVER=127.0.0.1
MYSQL_DB=email_accounts
MYSQL_USER=email
MYSQL_PASSWORD=password
hide mysql_servers = MYSQL_SERVER/MYSQL_DB/MYSQL_USER/MYSQL_PASSWORD</nowiki>
====Routers====
====Routers====
<nowiki>dovecot_user:
<nowiki>dovecot_user:
driver = accept
condition = ${lookup mysql{SELECT CONCAT(mailboxes.local_part,'@',domains.fqdn) AS goto FROM domains,mailboxes WHERE \
mailboxes.local_part='${quote_mysql:$local_part}' AND \
mailboxes.active=1 AND \
mailboxes.domain_id=domains.id AND \
domains.fqdn='${quote_mysql:$domain}' AND \
domains.active=1}{yes}{no}}
transport = dovecot_delivery</nowiki>
Either DELETE this file, or comment-out all lines /etc/exim4/conf.d/router/400_exim4-config_system_aliases<br />
Either DELETE this file, or comment-out all lines /etc/exim4/conf.d/router/400_exim4-config_system_aliases<br />
<nowiki>### router/401_exim4-config_mysql_aliases
<nowiki>### router/401_exim4-config_mysql_aliases
#################################
# ADAM: This router handles aliasing using the proprietary mysql setup
#
# c.f. http://alex.mamchenkov.net/2010/06/24/exim-dovecot-and-mysql/
#
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{SELECT aliases.goto AS goto FROM domains,aliases WHERE \
(aliases.local_part='${quote_mysql:$local_part}' OR aliases.local_part='@') AND \
aliases.active=1 AND \
aliases.domain_id=domains.id AND \
domains.fqdn='${quote_mysql:$domain}' AND \
domains.active=1}}
</nowiki>
====Transports====
====Transports====
<nowiki>### transport/30_exim4-config_dovecot
<nowiki>### transport/30_exim4-config_dovecot
#################################
#
dovecot_delivery:
driver = appendfile
maildir_format = true
directory = /var/spool/mail/$domain/$local_part
create_directory = true
directory_mode = 0770
mode_fail_narrower = false
message_prefix =
message_suffix =
delivery_date_add
envelope_to_add
return_path_add
user = mail
group = mail
mode = 0660
</nowiki>
====Auth====
====Auth====
<nowiki>### AUTHENTICATIOR SECTION
<nowiki>### AUTHENTICATIOR SECTION
auth_plain:
driver = plaintext
public_name = PLAIN
server_condition = ${lookup mysql{SELECT CONCAT(mailboxes.local_part,'@',domains.fqdn) FROM mailboxes,domains WHERE \
mailboxes.local_part=SUBSTRING_INDEX('${quote_mysql:$auth2}','@',1) AND \
mailboxes.password=MD5('${quote_mysql:$auth3}') AND \
mailboxes.active=1 AND \
mailboxes.domain_id=domains.id AND \
domains.fqdn=SUBSTRING_INDEX('${quote_mysql:$auth2}','@',-1) AND \
domains.active=1}{yes}{no}}
server_prompts = :
server_set_id = $auth2
auth_login:
driver = plaintext
public_name = LOGIN
server_condition = ${lookup mysql{SELECT CONCAT(mailboxes.local_part,'@',domains.fqdn) FROM mailboxes,domains WHERE \
mailboxes.local_part=SUBSTRING_INDEX('${quote_mysql:$auth1}','@',1) AND \
mailboxes.password=MD5('${quote_mysql:$auth2}') AND \
mailboxes.active=1 AND \
mailboxes.domain_id=domains.id AND \
domains.fqdn=SUBSTRING_INDEX('${quote_mysql:$auth1}','@',-1) AND \
domains.active=1}{yes}{no}}
server_prompts = Username:: : Password::
server_set_id = $auth1</nowiki>
ADD to the file /etc/dovecot/dovecot.conf
ADD to the file /etc/dovecot/dovecot.conf
<nowiki>protocols = imap
<nowiki>protocols = imap
listen = *, ::</nowiki>
Add to the file /etc/dovecot/conf.d/10-mail.conf
Add to the file /etc/dovecot/conf.d/10-mail.conf
ADD to the file /etc/dovecot/dovecot-sql.conf.ext
ADD to the file /etc/dovecot/dovecot-sql.conf.ext
<nowiki>driver = mysql
<nowiki>driver = mysql
connect = host=127.0.0.1 dbname=email_accounts user=email password=password
default_pass_scheme = MD5
password_query = SELECT CONCAT(mailboxes.local_part,'@',domains.fqdn) as `user`, mailboxes.password AS `password`,'/var/spool/mail/%d/%n' AS `userdb_home`, [YOUR UID] AS `userdb_uid`, [YOUR GID] AS `userdb_gid` FROM `mailboxes`, `domains` WHERE mailboxes.local_part = '%n' AND mailboxes.active = 1 AND mailboxes.domain_id = domains.id AND domains.fqdn = '%d' AND domains.active = 1
user_query = SELECT '/var/spool/mail/%d/%n' AS `home`, [YOUR UID] AS `uid`, [YOUR GID] AS `gid`</nowiki>
====SSL====
====SSL====
Edit: /etc/dovecot/conf.d/10-ssl.conf
Edit: /etc/dovecot/conf.d/10-ssl.conf
<nowiki>ssl = required
<nowiki>ssl = required
# Preferred permissions: root:root 0444
ssl_cert = </etc/ssl/certs/dovecot.pem
# Preferred permissions: root:root 0400
ssl_key = </etc/ssl/private/dovecot.pem</nowiki>
====Ports====
====Ports====
Add to /etc/roundcube/config.inc.php
Add to /etc/roundcube/config.inc.php
<nowiki>$config['imap_conn_options'] = array(
<nowiki>$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true,
),
);
</nowiki>
====Enable Password Plugin====
====Enable Password Plugin====
Then edit your local composer.json file and add the "vendor/plugin" names to the "require" section of the JSON structure. Don't forget to specify the version constraint:
Then edit your local composer.json file and add the "vendor/plugin" names to the "require" section of the JSON structure. Don't forget to specify the version constraint:
<nowiki>"require" : {
<nowiki>"require" : {
...,
"roundcube/rcsample": ">=0.2.0"
}</nowiki>
After every change to composer.json run
After every change to composer.json run
==Restart Everithing==
==Restart Everithing==
<nowiki>/etc/init.d/apache2 restart
<nowiki>/etc/init.d/apache2 restart
/etc/init.d/exim4 restart
/etc/init.d/dovecot restart</nowiki>
Exim may output a “paniclog”. If so, read it, fix it – and then manually delete the paniclog file, or else you’ll keep getting fake warnings every time you restart exim.
Exim may output a “paniclog”. If so, read it, fix it – and then manually delete the paniclog file, or else you’ll keep getting fake warnings every time you restart exim.