From 2ecbe79eeb342692b13cb4ce9ca8ed4cdb86fcdf Mon Sep 17 00:00:00 2001 From: David Luevano Alvarado Date: Fri, 19 Mar 2021 22:44:52 -0700 Subject: Almost finish up the mail entry --- blog/src/a/mail_server_with_postfix.md | 259 ++++++++++++++++++++++++++++++++- 1 file changed, 255 insertions(+), 4 deletions(-) (limited to 'blog/src/a') diff --git a/blog/src/a/mail_server_with_postfix.md b/blog/src/a/mail_server_with_postfix.md index beff83f..a0cf526 100644 --- a/blog/src/a/mail_server_with_postfix.md +++ b/blog/src/a/mail_server_with_postfix.md @@ -4,19 +4,24 @@ The entry is going to be long because it's a *tedious* process. This is also bas This configuration works for local users (users that appear in `/etc/passwd`), and does not use any type of SQL. And note that most if not all commands executed here are run with root privileges. +More in depth configuration is detailed in the Arch Wiki for each package used here. + ## Prerequisites Basically the same as with the [website with Nginx and Certbot](https://blog.luevano.xyz/a/website_with_nginx.html): * A domain name. Got mine on [Epik](https://www.epik.com/?affid=da5ne9ru4) (affiliate link, btw). * Later we'll be adding some **MX** and **TXT** records. - * I also recommend to add a **CNAME** ("mail" and "www.mail") for SSL certificates. + * I also recommend to add a **CNAME** for "mail" and "www.mail", to get SSL certificates. * A VPS or somewhere else to host. I'm using [Vultr](https://www.vultr.com/?ref=8732849) (also an affiliate link). * Also `ssh` configured. * Ports 25, 587 (SMTP), 465 (SMTPS), 143 (IMAP) and 993 (IMAPS) open on the firewall (I use `ufw`). + * With `nginx` and `certbot` setup and running. ## Postfix +[Postfix](https://wiki.archlinux.org/index.php/Postfix) is a "mail transfer agent" which is the component of the mail server that receives and sends emails via SMTP. + Install the `postfix` package: ```sh @@ -125,11 +130,257 @@ smtps 465/tcp smtps 465/udp ``` -At this point you're done configuring `postfix` and you can already start/enable the service: +At this point you're done configuring `postfix` and you can already start/enable the `postfix` service: ```sh -systemctl start postfix -systemctl enable postfix +systemctl start postfix.service +systemctl enable postfix.service ``` ## Dovecot + +[Dovecot](https://wiki.archlinux.org/index.php/Dovecot) is an IMAP and POP3 server, which is what lets an email application retrieve the mail. + +Install the `dovecot` and `pigeonhole` (sieve for `dovecot`) packages: + +```sh +pacman -S dovecot pigeonhole +``` + +On arch, by default, there is no `/etc/dovecot` directory with default configurations set in place, but the package does provide the example configuration files. Create the `dovecot` directory under `/etc` and, optionally, copy the `dovecot.conf` file and `conf.d` directory under the just created `dovecot` directory: + +```sh +mkdir /etc/dovecot +cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot/dovecot.conf +cp -r /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot +``` + +As Luke stated, `dovecot` comes with a lot of "modules" (under `/etc/dovecot/conf.d/` if you copied that folder) for all sorts of configurations that you can include, but I do as he does and just edits/creates the whole `dovecot.conf` file; although, I would like to check each of the separate configuration files `dovecot` provides I think the options Luke provides are more than good enough. + +I'm working with an empty `dovecot.conf` file. Add the following lines for SSL and login configuration (also replace `{yourcertdir}` with the same certificate directory described in the Postfix section above, note that the `<` is required): + +```conf +ssl = required +ssl_cert = <{yourcertdir}/fullchain.pem +ssl_key = <{yourcertdir}/privkey.pem +ssl_min_protocol = TLSv1.2 +ssl_cipher_list = ALL:!RSA:!CAMELLIA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SHA1:!SHA256:!SHA384:!LOW@STRENGTH +ssl_prefer_server_ciphers = yes +ssl_dh =