Grommunio Mail Server: Difference between revisions
(Created page with "{{Draft|This is a work in progress}} # HOWTO: Install AlpineLinux Mail Server with Grommunio This tutorial outlines the steps for setting up a mail server on Alpine Linux using **Grommunio**, a modern, open-source groupware solution that supports email and calendar services. The installation includes MariaDB, Nginx, PHP, Postfix, and other components necessary for a fully functioning mail server. ## Prerequisites Before proceeding with the installation, ensure you ha...") |
No edit summary |
||
Line 2: | Line 2: | ||
# HOWTO: Install AlpineLinux Mail Server with Grommunio | = # HOWTO: Install AlpineLinux Mail Server with Grommunio | ||
This tutorial outlines the steps for setting up a mail server on Alpine Linux using **Grommunio**, a modern, open-source groupware solution that supports email and calendar services. The installation includes MariaDB, Nginx, PHP, Postfix, and other components necessary for a fully functioning mail server. | This tutorial outlines the steps for setting up a mail server on Alpine Linux using **Grommunio**, a modern, open-source groupware solution that supports email and calendar services. The installation includes MariaDB, Nginx, PHP, Postfix, and other components necessary for a fully functioning mail server. | ||
## Prerequisites | == ## Prerequisites | ||
Before proceeding with the installation, ensure you have a fresh Alpine Linux system setup. You'll need root privileges to execute these commands. | Before proceeding with the installation, ensure you have a fresh Alpine Linux system setup. You'll need root privileges to execute these commands. | ||
## Steps: | == ## Steps: | ||
1. Install and configure MariaDB | 1. Install and configure MariaDB | ||
Line 23: | Line 24: | ||
--- | --- | ||
== 1. Install and Configure MariaDB == | |||
=== Step 1: Install MariaDB | |||
To start, install MariaDB and necessary client utilities: | To start, install MariaDB and necessary client utilities: | ||
Line 32: | Line 33: | ||
``` | ``` | ||
=== Step 2: Set up MariaDB Database Variables | |||
Define the variables used in the setup and create a symlink to the MariaDB data directory. | Define the variables used in the setup and create a symlink to the MariaDB data directory. | ||
Line 50: | Line 51: | ||
``` | ``` | ||
=== Step 3: Secure MariaDB | |||
Run the built-in security script to set a root password and configure MariaDB security settings. | Run the built-in security script to set a root password and configure MariaDB security settings. | ||
Line 57: | Line 58: | ||
``` | ``` | ||
=== Step 4: Create MariaDB User for Grommunio | |||
Create a new user for Grommunio and assign privileges: | Create a new user for Grommunio and assign privileges: | ||
Line 69: | Line 70: | ||
``` | ``` | ||
=== Step 5: Configure MariaDB for Grommunio | |||
Edit the MariaDB configuration for better performance: | Edit the MariaDB configuration for better performance: | ||
Line 116: | Line 117: | ||
``` | ``` | ||
=== Step 6: Verify MariaDB Setup | |||
Check if the MariaDB listener is running and bound to the correct address: | Check if the MariaDB listener is running and bound to the correct address: | ||
Line 123: | Line 124: | ||
``` | ``` | ||
=== Step 7: Create Grommunio Database | |||
Define the database parameters and create the Grommunio database: | Define the database parameters and create the Grommunio database: | ||
Line 146: | Line 147: | ||
--- | --- | ||
== 2. MariaDB Performance Tuning (Optional) | |||
Install and configure MySQLTuner to help with database performance: | Install and configure MySQLTuner to help with database performance: | ||
Line 160: | Line 161: | ||
--- | --- | ||
== 3. Install and Configure Nginx | |||
=== Step 1: Install Nginx | |||
Install the necessary Nginx modules: | Install the necessary Nginx modules: | ||
Line 169: | Line 170: | ||
``` | ``` | ||
=== Step 2: Configure Nginx | |||
Backup the original Nginx configuration and edit it for security headers and TLS settings: | Backup the original Nginx configuration and edit it for security headers and TLS settings: | ||
Line 210: | Line 211: | ||
--- | --- | ||
== 4. Install and Configure PHP | |||
=== Step 1: Install PHP | |||
Install the required PHP packages for Grommunio: | Install the required PHP packages for Grommunio: | ||
Line 219: | Line 220: | ||
``` | ``` | ||
=== Step 2: Harden PHP Configuration | |||
Disable insecure PHP settings and adjust PHP limits: | Disable insecure PHP settings and adjust PHP limits: | ||
Line 229: | Line 230: | ||
``` | ``` | ||
=== Step 3: Configure Session Security | |||
Configure PHP session security: | Configure PHP session security: | ||
Line 240: | Line 241: | ||
--- | --- | ||
== 5. Install and Configure Postfix | |||
=== Step 1: Install Postfix | |||
Install Postfix and related modules: | Install Postfix and related modules: | ||
Line 249: | Line 250: | ||
``` | ``` | ||
=== Step 2: Configure Postfix | |||
Backup and configure the Postfix settings. Adapt the values as necessary, such as `myhostname`, `mynetworks`, and `smtp_tls_chain_files`: | Backup and configure the Postfix settings. Adapt the values as necessary, such as `myhostname`, `mynetworks`, and `smtp_tls_chain_files`: | ||
Line 282: | Line 283: | ||
--- | --- | ||
== 6. Install and Configure Grommunio | |||
Install and configure Grommunio to provide email and calendar functionality. Follow the detailed installation steps outlined in the official Grommunio documentation. | Install and configure Grommunio to provide email and calendar functionality. Follow the detailed installation steps outlined in the official Grommunio documentation. | ||
Line 288: | Line 289: | ||
--- | --- | ||
== 7. Configure Valkey (Redis Replacement) | |||
Configure Valkey for optimal caching and session handling, replacing Redis if required. | Configure Valkey for optimal caching and session handling, replacing Redis if required. | ||
--- | --- | ||
== 8. Install and Configure Rspamd | |||
Rspamd provides spam filtering for your mail server. Follow the official documentation to install and configure Rspamd to work with Postfix and Nginx. | Rspamd provides spam filtering for your mail server. Follow the official documentation to install and configure Rspamd to work with Postfix and Nginx. | ||
Line 299: | Line 300: | ||
--- | --- | ||
== 9. Finalize and Verify Installation | |||
=== Step 1: Test Server Components | |||
Ensure that all services (Postfix, MariaDB, Nginx, PHP, Grommunio) are running correctly: | Ensure that all services (Postfix, MariaDB, Nginx, PHP, Grommunio) are running correctly: | ||
Line 308: | Line 309: | ||
``` | ``` | ||
=== Step 2: Verify Mail Functionality | |||
Test sending and receiving emails using a mail client and verifying server logs for any errors. | Test sending and receiving emails using a mail client and verifying server logs for any errors. |
Revision as of 22:20, 30 November 2024
This material is work-in-progress ... This is a work in progress |
= # HOWTO: Install AlpineLinux Mail Server with Grommunio
This tutorial outlines the steps for setting up a mail server on Alpine Linux using **Grommunio**, a modern, open-source groupware solution that supports email and calendar services. The installation includes MariaDB, Nginx, PHP, Postfix, and other components necessary for a fully functioning mail server.
== ## Prerequisites
Before proceeding with the installation, ensure you have a fresh Alpine Linux system setup. You'll need root privileges to execute these commands.
== ## Steps:
1. Install and configure MariaDB 2. MariaDB performance tuning (optional) 3. Install and configure Nginx 4. Install and configure PHP 5. Install and configure Postfix 6. Install and configure Grommunio 7. Configure Valkey (Redis replacement) 8. Install and configure Rspamd 9. Finalize and verify installation
---
1. Install and Configure MariaDB
=== Step 1: Install MariaDB To start, install MariaDB and necessary client utilities:
```sh apk add mariadb mariadb-client mariadb-server-utils ```
=== Step 2: Set up MariaDB Database Variables Define the variables used in the setup and create a symlink to the MariaDB data directory.
```sh DB_DATA_PATH="/srv/mysql" DB_ROOT_PASS="Passw0rd1" DB_USER="admin" DB_PASS="Passw0rd2" ```
Setup system tables and configure the symlink for MariaDB:
```sh sudo mysql_install_db --user=mysql --datadir=${DB_DATA_PATH} ln -s /srv/mysql /var/lib/mysql rc-service mariadb restart ```
=== Step 3: Secure MariaDB Run the built-in security script to set a root password and configure MariaDB security settings.
```sh sudo mysql_secure_installation ```
=== Step 4: Create MariaDB User for Grommunio Create a new user for Grommunio and assign privileges:
```sh echo "GRANT ALL ON *.* TO ${DB_USER}@'127.0.0.1' IDENTIFIED BY '${DB_PASS}' WITH GRANT OPTION;" > /tmp/sql echo "GRANT ALL ON *.* TO ${DB_USER}@'localhost' IDENTIFIED BY '${DB_PASS}' WITH GRANT OPTION;" >> /tmp/sql echo "GRANT ALL ON *.* TO ${DB_USER}@'::1' IDENTIFIED BY '${DB_PASS}' WITH GRANT OPTION;" >> /tmp/sql echo "DELETE FROM mysql.user WHERE User=;" >> /tmp/sql echo "FLUSH PRIVILEGES;" >> /tmp/sql cat /tmp/sql | mysql -u root --password="${DB_ROOT_PASS}" ```
=== Step 5: Configure MariaDB for Grommunio Edit the MariaDB configuration for better performance:
```sh vi /etc/my.cnf.d/mariadb-server.cnf ```
Add the following configuration:
```ini [mysqld] innodb_log_buffer_size=16M innodb_log_file_size=32M innodb_read_io_threads=4 innodb_write_io_threads=4 join_buffer_size=512K query_cache_size=0 query_cache_type=0 query_cache_limit=2M performance_schema=ON bind-address = 127.0.0.1 skip-name-resolve=ON ```
Create a default charset configuration for MariaDB:
```sh cat > /etc/my.cnf.d/mariadb-server-default-charset.cnf << EOF [client] default-character-set = utf8mb4
[mysqld] collation_server = utf8mb4_general_ci character_set_server = utf8mb4
[mysql] default-character-set = utf8mb4 EOF ```
Restart MariaDB and enable it to start on boot:
```sh rc-update add mariadb default service mariadb restart ```
=== Step 6: Verify MariaDB Setup Check if the MariaDB listener is running and bound to the correct address:
```sh ss -tulpn ```
=== Step 7: Create Grommunio Database Define the database parameters and create the Grommunio database:
```sh MYSQL_HOST="localhost" MYSQL_USER="grommunio" MYSQL_PASS="Passw0rd3" MYSQL_DB="grommunio"
echo "create database $MYSQL_DB character set 'utf8mb4';" > /tmp/sql echo "grant select, insert, update, delete, create, drop, index, alter, create temporary tables, lock tables on $MYSQL_DB.* TO $MYSQL_USER@$MYSQL_HOST identified by '$MYSQL_PASS';" >> /tmp/sql echo "flush privileges;" >> /tmp/sql cat /tmp/sql | mysql -u admin --password="${DB_PASS}" ```
Test the database connection:
```sh mysql -hlocalhost -u grommunio -p${MYSQL_PASS} grommunio ```
---
== 2. MariaDB Performance Tuning (Optional)
Install and configure MySQLTuner to help with database performance:
```sh wget -v --no-check-certificate https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl -O /tmp/mysqltuner.pl mv /tmp/mysqltuner.pl /usr/local/bin/mysqltuner.pl chmod 755 /usr/local/bin/mysqltuner.pl apk add perl perl-doc /usr/local/bin/mysqltuner.pl --user admin --pass ${DB_PASS} ```
---
== 3. Install and Configure Nginx
=== Step 1: Install Nginx Install the necessary Nginx modules:
```sh apk add nginx nginx-mod-http-headers-more nginx-mod-http-vts nginx-mod-http-brotli ```
=== Step 2: Configure Nginx Backup the original Nginx configuration and edit it for security headers and TLS settings:
```sh cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.orig vi /etc/nginx/nginx.conf ```
Add the following configuration:
```nginx error_log syslog:server=unix:/dev/log,facility=local2,nohostname warn; more_set_headers "Strict-Transport-Security : max-age=2592000; includeSubDomains;"; more_set_headers "X-Frame-Options : SAMEORIGIN"; more_set_headers "Content-Security-Policy : default-src https: data: 'unsafe-inline' 'unsafe-eval' always"; more_set_headers "X-Xss-Protection : 1; mode=block"; more_set_headers "X-Content-Type-Options : nosniff"; more_set_headers "Referrer-Policy : strict-origin-when-cross-origin"; more_set_headers "Server : Follow the white rabbit.";
ssl_protocols TLSv1.2 TLSv1.3; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m;
log_format main_ssl '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" ' 'client_ciphers="$ssl_ciphers" client_curves="$ssl_curves"';
access_log off; ```
Restart Nginx and enable it to start on boot:
```sh rc-update add nginx service nginx restart ```
---
== 4. Install and Configure PHP
=== Step 1: Install PHP Install the required PHP packages for Grommunio:
```sh apk add php83 php83-fpm ```
=== Step 2: Harden PHP Configuration Disable insecure PHP settings and adjust PHP limits:
```sh sed 's/^;\?\(allow_url_fopen\).*/\1 = Off/' -i /etc/php83/php.ini sed 's/^;\?\(expose_php\).*/\1 = Off/' -i /etc/php83/php.ini sed 's/^;\?\(display_errors\).*/\1 = Off/' -i /etc/php83/php.ini sed 's/^;\?\(log_errors\).*/\1 = On/' -i /etc/php83/php.ini ```
=== Step 3: Configure Session Security Configure PHP session security:
```sh sed 's/^;\?\(session.use_strict_mode\).*/\1 = 1/' -i /etc/php83/php.ini sed 's/^;\?\(session.cookie_secure\).*/\1 = 1/' -i /etc/php83/php.ini sed 's/^;\?\(session.cookie_httponly\).*/\1 = 1/' -i /etc/php83/php.ini ```
---
== 5. Install and Configure Postfix
=== Step 1: Install Postfix Install Postfix and related modules:
```sh apk add postfix postfix-mysql postfix-pcre ```
=== Step 2: Configure Postfix Backup and configure the Postfix settings. Adapt the values as necessary, such as `myhostname`, `mynetworks`, and `smtp_tls_chain_files`:
```sh mv /etc/postfix/main.cf /etc/postfix/main.cf.orig mv /etc/postfix/master.cf /etc/postfix/master.cf.orig ```
Run Postfix setup:
```sh newaliases postmap /etc/postfix/transport ```
Enable Postfix service:
```sh rc-update add postfix service postfix restart ```
- Step 3: Verify Postfix Logs
Check the Postfix logs for any errors:
```sh tail -f /var/log/maillog ```
---
== 6. Install and Configure Grommunio
Install and configure Grommunio to provide email and calendar functionality. Follow the detailed installation steps outlined in the official Grommunio documentation.
---
== 7. Configure Valkey (Redis Replacement) Configure Valkey for optimal caching and session handling, replacing Redis if required.
---
== 8. Install and Configure Rspamd
Rspamd provides spam filtering for your mail server. Follow the official documentation to install and configure Rspamd to work with Postfix and Nginx.
---
== 9. Finalize and Verify Installation
=== Step 1: Test Server Components Ensure that all services (Postfix, MariaDB, Nginx, PHP, Grommunio) are running correctly:
```sh ss -tulpn ```
=== Step 2: Verify Mail Functionality Test sending and receiving emails using a mail client and verifying server logs for any errors.