271 lines
8.4 KiB
Plaintext
271 lines
8.4 KiB
Plaintext
# MAIL SERVER
|
|
#######################################################
|
|
Self Hosted Email Server with postfixadmin + roundcubemail + dovecot + postfix + spamassassin
|
|
#######################################################
|
|
|
|
# Following resources depends on your users count.
|
|
# Supports up to 200 users.
|
|
# Supports up to 20k mail flow daily mail flow handles.
|
|
|
|
RAM: 2 GiB
|
|
SWAP: 2x RAM
|
|
Disk: 20GB OR your requirement as per user count.
|
|
CPU: 2 or 4 core.
|
|
|
|
# Operating System and Components Version:
|
|
OS: Centos 7.x (Minimal Package)
|
|
Dovecot: 2.2.36
|
|
Postfix: 2.10.1
|
|
SpamAssassin: 3.4.0
|
|
PHP: 7.4.16
|
|
Postfixadmin: 3.3.8
|
|
Roundcubemail: 1.4.11
|
|
Apache: 2.4.6
|
|
Mariadb
|
|
|
|
Reference Link:
|
|
https://github.com/postfixadmin/postfixadmin
|
|
https://github.com/roundcube/roundcubemail
|
|
|
|
# Install required packages.
|
|
|
|
yum install -y epel-release yum-utils http://rpms.remirepo.net/enterprise/remi-release-7.rpm vim net-tools ; yum-config-manager --enable remi-php74 ; yum -y install postfix dovecot dovecot-mysql dovecot-pigeonhole mariadb-server telnet mailx wget ; yum -y install spamassassin ; yum install -y libopendkim opendkim; yum install -y postgrey spamassassin spamass-milter-postfix spamass-milter; yum install -y clamav-filesystem clamav-server clamav-update clamav-milter-systemd clamav-data clamav-server-systemd clamav-scanner-systemd clamav clamav-milter clamav-lib clamav-devel; yum install -y php php-cli php-gd php-xml php-curl php-mysql php-zip php-mbstring php-mcrypt php-fpm php-imap php-common php-pdo php-intl php-imagick; yum update -y; yum clean all;
|
|
|
|
# Enable and start mariadb service.
|
|
|
|
systemctl enable mariadb && systemctl start mariadb && systemctl status mariadb
|
|
|
|
# Disable selinux.
|
|
|
|
getenforce
|
|
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
|
|
setenforce 0
|
|
|
|
# Reboot server.
|
|
|
|
reboot
|
|
|
|
# Setup MySQL root password.
|
|
|
|
mysql_secure_installation
|
|
|
|
Configure it like this:
|
|
- Enter current password for root (enter for none): (Just Enter)
|
|
- Set root password? [Y/n] y
|
|
New password: <STRONGPASSWORD>
|
|
Re-enter new password: <STRONGPASSWORD>
|
|
Password updated successfully!
|
|
- Remove anonymous users? [Y/n] y
|
|
- Disallow root login remotely? [Y/n] y
|
|
- Remove test database and access to it? [Y/n] y
|
|
- Reload privilege tables now? [Y/n] y
|
|
|
|
# Create postfixadmin database and user.
|
|
|
|
mysql -u root -p;
|
|
|
|
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'example#2345';
|
|
SELECT host, user FROM mysql.user;
|
|
|
|
CREATE DATABASE vmailadmin;
|
|
GRANT ALL PRIVILEGES ON vmailadmin.* TO 'vmailadmin'@'localhost' IDENTIFIED BY 'STRONGPASSWORD';
|
|
grant select on vmailadmin.* to 'vmailadmin'@'localhost' identified by 'STRONGPASSWORD';
|
|
FLUSH PRIVILEGES;
|
|
SELECT host, user FROM mysql.user;
|
|
exit
|
|
|
|
# Create roundcube database and user.
|
|
|
|
mysql -u root -p;
|
|
|
|
CREATE DATABASE roundcubemail CHARACTER SET utf8 COLLATE utf8_general_ci;
|
|
CREATE USER 'roundcube'@'localhost' IDENTIFIED BY 'password';
|
|
GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube'@'localhost';
|
|
FLUSH PRIVILEGES;
|
|
exit
|
|
|
|
# Create mailstore directory for store users mails in this location.
|
|
|
|
mkdir -p /mailstore/vmail
|
|
useradd -r -u 2000 -g mail -d /mailstore/vmail -s /sbin/nologin -c "MyHosted Virtual Mail User" vmail
|
|
mkdir -p /mailstore/vmail
|
|
chmod -R 770 /mailstore/vmail
|
|
chown -R vmail:mail /mailstore/vmail
|
|
|
|
# Take backup Postfix configuration.
|
|
|
|
cp -a /etc/postfix /etc/postfix_original
|
|
|
|
# Take backup Dovecot configuration.
|
|
|
|
cp -a /etc/dovecot /etc/dovecot_original
|
|
|
|
# Pull mailserver configuration from github.
|
|
|
|
cd /root/
|
|
git clone https://github.com/harishjadhav26/mail_server.git
|
|
|
|
# Remove default postfix and dovecot configuration.
|
|
|
|
rm -rf /etc/postfix
|
|
|
|
rm -rf /etc/dovecot
|
|
|
|
# Copy postfix and dovecot new config files.
|
|
|
|
cp -a /root/mail_server/postfix /etc/postfix
|
|
|
|
cp -a /root/mail_server/dovecot /etc/dovecot
|
|
|
|
# Copy postfixadmin and roundcubemail configuration in html.
|
|
|
|
cp -a /root/mail_server/postfixadmin /var/www/html/
|
|
|
|
cp -a /root/mail_server/roundcubemail /var/www/html/
|
|
|
|
# Import postfixadmin and roundcubemail DB.
|
|
|
|
mysql -u root -p vmailadmin < /root/mail_server/vmailadmin.sql
|
|
mysql -u root -p roundcubemail < /root/mail_server/roundcubemail.sql
|
|
|
|
# Copy dovecot quota script.
|
|
|
|
cp /root/mail_server/quota-warning.sh /usr/local/bin/quota-warning.sh
|
|
|
|
# configure SpamAssassin.
|
|
|
|
cp /etc/mail/spamassassin/local.cf /etc/mail/spamassassin/local.cf_original
|
|
|
|
cp /root/mail_server/local.cf /etc/mail/spamassassin/local.cf
|
|
|
|
# PHP config file.
|
|
|
|
cp /etc/php.ini /etc/php.ini_original
|
|
|
|
cp /root/mail_server/php.ini /etc/php.ini
|
|
|
|
# Add new user to run SpamAssassin. ** -g = add to group spamd, -s /bin/false = No shell (does not mean, cannot access via SSH!), -d = home dir **
|
|
|
|
groupadd spamd
|
|
useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd
|
|
chown -R spamd:spamd /var/log/spamassassin
|
|
|
|
# Update the spam rules by running
|
|
|
|
time sa-update
|
|
|
|
# Update ownership to dovecot and postfix files.
|
|
|
|
touch /etc/postfix/sasl_passwd
|
|
touch /var/lib/postfix/smtpd_scache
|
|
postmap /etc/postfix/sasl_passwd
|
|
postmap /etc/postfix/master.cf
|
|
postmap /etc/postfix/main.cf
|
|
postmap /etc/postfix/sql/*.cf
|
|
postmap /etc/postfix/header_checks
|
|
postmap /etc/postfix/transport
|
|
|
|
# Update files permission.
|
|
|
|
chown -R root:postfix /etc/postfix/sql/*
|
|
sudo chmod 0640 /etc/postfix/sql/*
|
|
chown -R postfix. /var/lib/postfix/smtpd_scache
|
|
|
|
# Update postfixadmin and roundcubemail configuration.
|
|
|
|
chown -R apache. /var/www/html/*
|
|
|
|
# Update apache virtualhost file.
|
|
|
|
cp /root/mail_server/httpd/* /etc/httpd/conf.d/
|
|
|
|
# Service restart.
|
|
|
|
systemctl enable mariadb dovecot postfix httpd spamassassin php-fpm
|
|
systemctl restart mariadb dovecot postfix httpd spamassassin php-fpm
|
|
systemctl status mariadb dovecot postfix httpd spamassassin php-fpm
|
|
|
|
# Dovecot config permission and ownership update.
|
|
|
|
chown -R vmail.mail /var/run/dovecot/dict
|
|
|
|
# Send mail from command line.
|
|
|
|
echo "hello" | mail -r harish@example.com -s "test sub" postmaster@example.com
|
|
|
|
# Verify mail delivery in maillog.
|
|
|
|
tail -f /var/log/maillog
|
|
|
|
# Default password:
|
|
PostfixadminDB:
|
|
MySQL USER: vmailadmin
|
|
Password: STRONGPASSWORD
|
|
|
|
RoundcubemailDB:
|
|
MySQL User: roundcube
|
|
Password: password
|
|
|
|
Postfixadmin:
|
|
http://<IP/HOSTNAME>:8080
|
|
Superadmin User: postmaster@example.com
|
|
Password: password#123
|
|
|
|
Roundcubemail:
|
|
http://<IP/HOSTNAME>
|
|
User: postmaster@example.com
|
|
Password: password#123
|
|
|
|
# Reset User Password and DB, Set in Postfixadmin, Roundcubemail, Postfix and Dovecot as per your require meet.
|
|
|
|
sed -i 's/password = postfixadmin_password/password = STRONGPASSWORD/g' /etc/postfix/sql/*.cf
|
|
|
|
# Quota update for all domain users.
|
|
doveadm quota recalc -u *@*
|
|
|
|
# Quota verify.
|
|
sudo doveadm quota get -A
|
|
|
|
# Open ports in your firewall application and os level.
|
|
|
|
Service Software Protocol Port
|
|
SMTP Postfix TCP 25
|
|
HTTP Apache TCP 80
|
|
HTTP Apache TCP 8080
|
|
POP3 Dovecot TCP 110
|
|
IMAP Dovecot TCP 143
|
|
HTTPS Apache TCP 443
|
|
SMTPS Postfix TCP 465
|
|
Submission Postfix TCP 587
|
|
IMAPS Dovecot TCP 993
|
|
POP3S Dovecot TCP 995
|
|
ManageSieve Dovecot TCP 4190
|
|
|
|
firewall-cmd --permanent --add-port={25/tcp,80/tcp,8080/tcp,143/tcp,110/tcp,443/tcp,993/tcp,995/tcp,465/tcp,587/tcp,4190/tcp}
|
|
firewall-cmd --reload
|
|
firewall-cmd --list-all
|
|
|
|
# Suggestion use Nginx as frontend server.
|
|
|
|
LICENSE:
|
|
|
|
Copyright (c) 2021 Harish <nirahhp999@gmail.com>
|
|
|
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
of this software and associated documentation files (the "Software"), to deal
|
|
in the Software without restriction, including without limitation the rights
|
|
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
copies of the Software, and to permit persons to whom the Software is
|
|
furnished to do so, subject to the following conditions:
|
|
|
|
The above copyright notice and this permission notice shall be included in all
|
|
copies or substantial portions of the Software.
|
|
|
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
SOFTWARE.
|