Postfix, Dovecot, My. SQL – Ex Ratione. This long post contains a recipe for building a reasonably secure Ubuntu 1. Amazon Web Services, using Postfix, Dovecot, and My. SQL, with anti- spam packages in the form of amavisd- new, Clam Anti. Virus, Spam. Assassin, and Postgrey. Local users are virtual rather than being system users. Administration of users and domains is achieved through the Postfix Admin web interface. Webmail is provided by Roundcube. A number of people graciously helped to fix bugs and make improvements in the original, so should you find a blocking issue here please do let me know. Checking the PGP signature is always a good idea. Download Pigeonhole Sieve and ManageSieve for Dovecot. List of binary packages can be seen in Wiki. Postfix Howtos and FAQs. To have information listed on this page, please send mail to [email protected]. The information listed here is maintained by the. Step #4: Configure PostfixAdmin Download PostfixAdmin and extract it to /var/www/PostfixAdmin. Yes it seems to be a better plan for free SSL now. A mailserver generally consists of a range of different packages that separately handle SMTP, POP/IMAP, local storage of mail, and spam- related tasks: they must all talk to one another correctly, all have small novels in place of configuration documentation, and there is no one obvious best practice for how users are managed, how to store user data, or how to glue the various different components together. There are any number of different viable setups for moving mail between Postfix and Dovecot, for example. Further, the whole assembly tends to be unforgiving on matters such as file ownership and permissions, choice of users for specific processes, and tiny errors in esoteric configuration files. Unless you know what you are doing the end result will likely be either insecure or otherwise subtly non- functional. Merely not working is perhaps the best of bad outcomes. Free, secure and fast downloads from the largest Open Source applications and software directory - SourceForge.net. To install iRedMail on Debian or Ubuntu Linux, you need: A FRESH, working Debian/Ubuntu Linux. Supported releases are listed on Download page. 34 thoughts on “Postfixadmin – setup/install guide for virtual mail users on Postfix”. Install and Configure a Postfix Mail Server. NOTE: For the purposes of this article I will be installing Postfix on an Ubuntu Server. Download the Latest iRedMail Release Download Now 0.9.5-1 (May 10, 2016) Installation Guides Release Notes and Upgrade Tutorials Source code hosted on BitBucket. DIY: Install SquirrelMail to allow web access to your Postfix server. Installing SquirrelMail. Download the plugin you want to use.It's a good set of documents, as the author places an emphasis on producing a secure mailserver as the end result. In the past I have made good use of Abrahamsen's guide as a basis for my mail servers, and recommend it. The configuration is completely different, and so are many of the administrative and tool binaries. When I chose to migrate my servers from Courier to Dovecot it was a challenge to find a good all- in- one- place guide, and hence the existence of this document. That should help to avoid unpleasant surprises, and there are some notes at the end on alternative options and additions that are worth reading before you get started. It will only relay mail on to other mailservers if the mail is sent by an authenticated user, but anyone can send mail to this server for local delivery. Dovecot: a POP and IMAP server that manages local mail directories and allows users to log in and download their mail. It also handles user authentication. Postgrey: greylists incoming mail, requiring unfamiliar deliverers to wait for a while and then resend. This is one of the better tools for cutting down on spam. Clam Anti. Virus: a virus detection suite. Spam. Assassin: for sniffing out spam in emails. Postfix Admin: a web front end for administering mail users and domains. Roundcube: a webmail interface for users. It will pass through a minimal set of mail headers for mail sent by local users, removing identifying information from the original sender's mail software. Very little of the material here is concerned with Amazon- specific issues. So if you are working with another service, just skip over the AWS- specific instructions and perform the equivalent operations in the service that you have chosen to use. In services such as Digital Ocean a virtual server is completely exposed to the internet, so you would want to lock it down immediately with something like Uncomplicated Firewall. For example, as below, replacing MY. So wherever you see these items be sure to replace them with your chosen domain and mail server hostname. At the time of writing, Ubuntu 1. Mail servers don't generally have to be all that big if you aren't in the business of email: 2. G of RAM is enough for the recipe here, and that much is needed only because Clam. AV and Amavis are memory hogs. Thus while micro instances are too small any of the larger instance types should be more than enough to support a personal mail server, a small business mail server, or the throughput of a mailing list of a few thousand members. You'll probably want to create one before starting the server. The Security Group should allow inbound TCP traffic from any IP address to these ports. SMTP)8. 0 (HTTP)1. POP3)1. 43 (IMAP)4. HTTPS)4. 65 (SMTPS)9. IMAPS)9. 95 (POP3. S). The above is in addition to whatever rules you might have for SSH access over port 2. IP address ranges you use. In fact it is a good idea to restrict all inbound traffic to the server to your own IP addresses while you are building it. You can adjust the rules to allow traffic from the rest of the world after you're certain that everything is secure and shipshape. You'll log in as the . By default, an AWS instance will have its own strange- looking hostname, so changing to the domain the server will have is the first item on the list. You may have purchased an SSL certificate for your mail server, but it is perfectly possible and completely secure to run a mail server using a self- signed certificate. The only consequences will be warning screens when using webmail hosted on the server and warnings from Microsoft Outlook when connecting via POP, IMAP, or SMTP. Fortunately there is a shortcut to install all of the basic LAMP packages, so start by updating the repository data and installing those packages. Choose something sensible and wait for the remaining installations to complete. Then you can move on to adding an array of must- have additional packages for PHP, such as APC bytecode caching, Mcrypt support, Memcache support, c. URL, an XML parser, and GD image processing support. You may also choose to add more to suite your own taste and any other applications you might want to support on this server. You'll notice its absence when webmail fails to work later on. The following command fixes that issue by enabling the module. Configure PHP. The default configuration settings for PHP and the additional packages mentioned above are sufficient for most casual usage. So unless you have something complicated or high- powered in mind, you should probably only change the expose. One of the more recent attacks on SSL is known as Logjam, and defending against it requires what is presently a non- standard addition to your SSL configuration in applications using it. Creating your own Diffie- Helman groups and saving them to configuration files is the first step. Configure Apache. The expected end result for the Apache webserver is that it will serve a single site with a couple of running web applications: (a) Roundcube for webmail, and (b) Postfix Admin hidden away in a subdirectory. All HTTP requests will be redirected to use HTTPS, as there is no good reason to allow non- secure access to any of applications that will reside on the server. The default is 'Full' which sends information about the OS- Type. See. # https: //weakdh. SSLCipher. Suite ECDHE- RSA- AES1. GCM- SHA2. 56: ECDHE- ECDSA- AES1. GCM- SHA2. 56: ECDHE- RSA- AES2. GCM- SHA3. 84: ECDHE- ECDSA- AES2. GCM- SHA3. 84: DHE- RSA- AES1. GCM- SHA2. 56: DHE- DSS- AES1. GCM- SHA2. 56: k. EDH+AESGCM: ECDHE- RSA- AES1. SHA2. 56: ECDHE- ECDSA- AES1. SHA2. 56: ECDHE- RSA- AES1. SHA: ECDHE- ECDSA- AES1. SHA: ECDHE- RSA- AES2. SHA3. 84: ECDHE- ECDSA- AES2. SHA3. 84: ECDHE- RSA- AES2. SHA: ECDHE- ECDSA- AES2. SHA: DHE- RSA- AES1. SHA2. 56: DHE- RSA- AES1. SHA: DHE- DSS- AES1. SHA2. 56: DHE- RSA- AES2. SHA2. 56: DHE- DSS- AES2. SHA: DHE- RSA- AES2. SHA: AES1. 28- GCM- SHA2. AES2. 56- GCM- SHA3. AES1. 28- SHA2. 56: AES2. SHA2. 56: AES1. 28- SHA: AES2. SHA: AES: CAMELLIA: DES- CBC3- SHA: ! NULL: ! e. NULL: ! EXPORT: ! DES: ! RC4: ! MD5: ! PSK: ! a. ECDH: ! EDH- DSS- DES- CBC3- SHA: ! EDH- RSA- DES- CBC3- SHA: ! KRB5- DES- CBC3- SHA. SSLHonor. Cipher. Order on. # The protocols to enable. Keeping the same simple approach, the upper portion of the SSL configuration in /etc/apache. If. Module mod. You may have a wildcard certificate for *. Place the relevant certificate, private key, and CA certificate bundle in the following locations. The key must not be password protected, and it must be locked down such that only the root user can read it. Now change these lines in /etc/apache. A self- signed (snakeoil) certificate can be created by installing. See. # /usr/share/doc/apache. README. Debian. gz for more info. Alternatively. # the referenced file can be the same as SSLCertificate. File. # when the CA certificates are directly appended to the server. You can find your version by running. If you are running 2. SSLOpen. SSLConf. Cmd DHParameters . For example. cat /etc/ssl/private/dhparams. Now restart Apache to pick up the changes, after which you should be able to load the default Apache homepage and see that you are automatically redirected to HTTPS. If you are building a larger machine for heavy usage, you will probably want to bump the memory allocation to be higher than the default of 6. M. # Start with a cap of 6. It's reasonable, and the daemon default. Note that the daemon will grow to this size, but does not start out holding this much. Install the Mailserver Packages. Now we're ready to start in on the harder stuff. As for the LAMP server, there is a shortcut for installing the basic packages for a mail server. At this point select . You will be asked for the system mail name, which is the hostname of your mailserver, e. When Dovecot installs you will be asked whether you want to create an SSL certificate. That is not the goal here, so we need the rest of the cast, such as My. SQL support for Postfix and Dovecot, and a coterie of spam- mashing packages. The php. 5- imap package actually provides support for POP3 as well as the IMAP protocol, and will be needed by Postfix Admin and most of the possible options for PHP webmail applications. It isn't automatically enabled, however. You must run this command to ensure that it is. You will want to restart Apache at this point to have php. Next you'll want to install a few optional packages that extend the abilities of the spam and virus detection packages by allowing greater inspection of attached files. Create a Mail Database and User in My. SQL. Log in to My.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |