ISP Mail Server HowTo: Difference between revisions

A Full Service Mail Server

The goal of this document is to describe how to set up postfix, dovecot, clamav, dspam, roundecube, and postfixadmin for a full-featured "ISP" level mail server.

The server must provide:

• multiple virtual domains
• admins for each domain (to add/remove virtual accounts)
• Quota support per domain / account
• downloading email via IMAP / IMAPS / POP3 / POP3S
• relaying email for authenticated users with TLS or SSL (Submission / SMTPS protocol)
• Standard filters (virus/spam/rbl/etc)
• Web mail client
• Value Add services

Set up Lighttpd + PHP

PostfixAdmin needs php pgpsql and imap modules, so we do it in this step.

 apk add lighttpd php php-pgsql php-imap

Stop and remove mini_httpd, and move ACF to lighttpd; We are setting this up to be a mult-domain virtual web server:

 mkdir -p /var/www/domains/host.example.com
 mv  /usr/share/acf/* /var/www/domains/host.example.com

Edit /etc/lighttpd/mod_cgi.conf to serve haserl files by adding a "" => "" cgi handler

$HTTP["url"] =~ "^/cgi-bin/" {
    # disable directory listings
    dir-listing.activate = "disable"
    # only allow cgi's in this directory
    cgi.assign = (
		".pl"	=>	"/usr/bin/perl",
		".cgi"	=>	"/usr/bin/perl",
		"" => ""
	)
}

Edit /etc/lighttpd/mod_fastcgi.conf to serve php scripts

server.modules += ("mod_fastcgi")
fastcgi.server = ( ".php" => ((
                   "socket" =>  "/var/run/lighttpd/lighttpd-fastcgi-php-" + PID + ".socket"
                    "bin-path" => "/usr/bin/php-cgi"
                  ))
                 )
                  

Add these lines to /etc/lighttpd/lighttpd.conf to point to the new document root, and set it up to listen on port 443:

simple-vhost.server-root   = "/var/www/domains/"
simple-vhost.default-host  = "/"
simple-vhost.document-root = "www/

$SERVER["socket"] == "[ip_address_of_server]" {
ssl.engine    = "enable"
ssl.pemfile   = "/etc/lighttpd/server-bundle.pem"
ssl.ca-file   = "/etc/lighttpd/ca-crt.pem"
}

Get a web certificate, and install it. If you want to use a self-signed cert, you can use Generating SSL certs with ACF or Generating SSL certs with ACF 1.9. If you create a certificate with ACF, you can create the "server-bundle.pem" and the "ca-crt.pem" file with these commands:

 openssl x509 -nocerts -nokeys -cacert -in certificate.pfx  -out /etc/lighttpd/ca-crt.pem
 openssl x509 -nodes -in certifcate.pfx -out /etc/lighttpd/server-bundle.pem
 chown root:root /etc/lighttpd/server-bundle.pem
 chmod 400 /etc/lighttpd/server-bundle.pem

Note: The server certifcate and key are in the server-bundle.pem file, so it is critical that the file be read-only by user "root".

Stop and remove mini_httpd; start lighttpd, test

 /etc/init.d/mini_httpd stop
 rc-update del mini_httpd
 apk del mini_httpd
 rc-update add lighttpd
 /etc/init.d/lighttpd start

At this point you should be able to see ACF being served with lighttpd: https://host.example.com/

Install Postgresql

Add get and configure postgresql

 apk add acf-postgresql postgresql-client
 /etc/init.d/postgresql setup
 /etc/init.d/postgresql start
 rc-update add postgresql

At this point any user can connect to the sql server with "trust" mechanism. If you want to enforce password authentication (you probably do) edit /var/lib/postgresql/8.4/data/pg_hba.conf

 Editme: What should we recommend?

Create the postfix database:

 psql -U postgres
  create user postfix with password '******';
  create database postfix owner postfix;
  \c postfix
  create language plpgsql;
  \q

(Of course, use your selected password where ******* is shown above.)

Install PostfixAdmin

We are going to install the postfix admin web front-end before we install the mail server. This just creates an interface to populate the SQL tables that postfix and dovecot will use.

Download PostfixAdmin from Sourceforge. When these instructions were written, 2.3 was the current release, so:

wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin_2.3.tar.gz
tar zxvf postfixadmin_2.3.tar.gz
mkdir /var/www/domains/host.example.com/postfixadmin
mv postfixadmin-2.3/* /var/www/domains/host.example.com/postfixadmin
rm -rf postfixadmin*

Edit /var/www/domains/host.example.com/postfixadmin/config.inc.php and modify at least these lines:

$CONF['configured'] = true;
$CONF['setup_password'] = ;  << Don't change this yet
$CONF['database_type'] = 'pgsql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix';
$CONF['database_password'] = '*****';   << The password you chose above
$CONF['database_name'] = 'postfix';
$CONF['database_prefix'] = ;
$CONF['database_prefix'] = ;
$CONF['database_tables'] = array (
$CONF['admin_email'] = 'you@some.email.com';  << Your email address 
$CONF['encrypt'] = 'md5crypt';
$CONF['authlib_default_flavor'] = 'md5raw';
$CONF['dovecotpw'] = "/usr/sbin/dovecotpw";
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';
$CONF['aliases'] = '10';                       
$CONF['mailboxes'] = '10';
$CONF['maxquota'] = '10';
$CONF['quota'] = 'YES';
$CONF['quota_multiplier'] = '1024000';
$CONF['alias_control'] = 'YES';
$CONF['alias_control_admin'] = 'YES';
$CONF['special_alias_control'] = 'YES';
$CONF['fetchmail'] = 'NO';
$CONF['user_footer_link'] = "http://host.example.com";
$CONF['footer_link'] = 'http://host.example.com/postfixadmin/main.php';
$CONF['create_mailbox_subdirs_prefix']='INBOX.';
$CONF['used_quotas'] = 'YES';                     
$CONF['new_quota_table'] = 'YES';

Go to http://host.example.com/postfixadmin/setup.php

Create the password hash, add it to the config.inc.php file

Go back to http://host.example.com/postfixadmin/setup.php

Create superadmin, create a mail domain or other, as desired.

Install Postfix

Install Dovecot