Install and configure the Postfix email service on Ubuntu 12.04

The mail server configuration is troublesome because you need to know a lot about the domain name service DNS/Bind, Web sending and receiving emails Apache/PHP/MySQL/SquirrelMail, authentication service LDAP, Kerberos, PAM, emails are usually stored in additional storage but also NFS/SAN, mail service Postfix/Dovecot, anti-spam Postgrey/Clam AV/SpamAssassion, security authentication SSL, monitoring and backup, etc, this set covers almost all aspects of Linux system management. Therefore, it is not easy to configure a secure and reliable enterprise-level mail system. It is enough to write a book. For personal configuration of email servers, LDAP/rabbitsos/NFS/SAN/SSL is usually not required. It is not that complicated to remove them. However, do you need to configure the email server? It is not convenient to directly use the free Google App.

Preparations

A brief introduction to the software package to be installed:

Postfix: the Mail server used to receive and send emails. The correct description should be Mail Transfer Agent (MTA), which is the most important part of the Mail service;
Dovecot: POP and IMAP servers are used to manage local Mail directories so that users can use Mail. email clients such as app, Thunderbird, and Mutt (also called Mail User proxy Mail User Agent and MUA) can log on and download emails;
Postgrey: The Mail gray List tool, which can easily resist spam;
Amavisd-new: a proxy used to connect to the Mail transmission proxy and content checker. It can be understood as a Postfix to send the mail to it, which is responsible for contacting virus scanning and spam filtering;
Clam AntiVirus: virus scanning tool;
SpamAssassin: spam content filtering tool;
Postfix Admin: Postfix Web front-end, used to manage mail users and domain names.

Set the host name (do not skip this step ):

# Hostname mail.vpsee.com

# Vi/etc/hosts
127.0.0.1 mail.vpsee.com localhost

Update system:

$ Sudo apt-get update
$ Sudo apt-get upgrade

Install necessary software packages

Installing LAMP and Postfix does not require Apache/PHP/MySQL. However, to install Postfix Admin and manage databases, you must install Apache/PHP and MySQL.

$ Sudo apt-get install lamp-server ^
$ Sudo apt-get install php-apc php5-curl php5-gd php-xml-parser php5-imap

Install the email server and some tools:

$ Sudo apt-get install mail-server ^

$ Sudo apt-get install postfix-mysql dovecot-mysql Y
$ Sudo apt-get install amavis clamav-daemon spamassassin

$ Sudo apt-get install libnet-dns-perl pyzor razor
$ Sudo apt-get install arj bzip2 cabextract cpio file gzip nomarch pax unzip zip

Configure Apache

Edit the apache configuration file and restart:

$ Sudo vi/etc/apache2/sites-available/default
...
DocumentRoot/var/www
<Directory/>
Options FollowSymLinks
AllowOverride None
</Directory>
...

$ Sudo/etc/init. d/apache2 restart

Configure the MySQL database

Create a database named mail and set the permission and password:

$ Mysql-uroot-p

Mysql> create database mail;
Mysql> grant all on mail. * to 'mail' @ 'localhost' identified by 'password ';

Configure Postfix Admin

Download psotfixadmin, decompress it, and put it in/var/www:

$ Wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.3.5/postfixadmin-2.3.5.tar.gz
$ Gunzip postfixadmin-2.3.5.tar.gz
$ Tar-xf postfixadmin-2.3.5.tar
$ Sudo mv postfixadmin-2.3.5/var/www/postfixadmin
$ Sudo chown-R www-data: www-data/var/www/postfixadmin

Configure postfixamdin, the standard php program configuration method, and fill in the information required to access the database. The setup_password part will be entered later:

$ Sudo vi/var/www/postfixadmin/config. inc. php
...
$ CONF ['configured'] = true;
$ CONF ['Setup _ password'] = 'replace later ';
$ CONF ['postfix _ admin_url '] = 'http: // mail.vpsee.com/postfixadmin ';
$ CONF ['database _ type'] = 'mysql ';
$ CONF ['database _ host'] = 'localhost ';
$ CONF ['database _ user'] = 'mail ';
$ CONF ['database _ password'] = 'password ';
$ CONF ['database _ name'] = 'mail ';
$ CONF ['admin _ email '] = 'admin @ vpsee.com ';
$ CONF ['encrypt'] = 'md5crypt ';
...

Visit http://mail.vpsee.com/postfixadmin/setup.php in a browser, and use the following password to replace the above $ CONF ['Setup _ password'] = 'replace later.

For security considerations, it is best to disable web access setup. php:

$ Sudo vi/var/www/postfixadmin/. htaccess

Deny from all

Configure Dovecot

Add a vmail account to the system:

$ Sudo useradd-r-u 150-g mail-d/var/vmail-s/sbin/nologin-c "Virtual Mail" vmail
$ Sudo mkdir/var/vmail
$ Sudo chmod 770/var/vmail
$ Sudo chown vmail: mail/var/vmail

Start to configure Dovecot. dovecot supports multiple authentication methods. Database authentication is used here. Note that the following configuration file contains one. It seems messy at first, and 10-auth.conf is available! Include a auth-sql.conf.ext line that will contain/etc/dovecot/conf. d/auth-sql.conf.ext, and the auth-sql.conf.ext will contain the/etc/dovecot/dovecot-sql.conf.ext to be mentioned below, so that as long as different include can switch different authentication methods, although it is a little complicated at first, it is quite convenient to be familiar with it.

$ Sudo vi/etc/dovecot/conf. d/10-auth.conf

Disable_plaintext_auth = yes
Auth_mechanic isms = plain login

! Include auth-sql.conf.ext

Configure Dovecot and set database parameters so that dovecot can correctly access the mail database just created:

$ Sudo vi/etc/dovecot/dovecot-sql.conf.ext
...
Driver = mysql
Connect = host = localhost dbname = mail user = mail password = password
Default_pass_scheme = MD5-CRYPT
...
Password_query =
SELECT username as user, password, '/var/vmail/% d/% n' as userdb_home,
'Maildir:/var/vmail/% d/% n' as userdb_mail, 150 as userdb_uid, 8 as userdb_gid
FROM mailbox WHERE username = '% u' AND active = '1'

User_query =
SELECT '/var/vmail/% d/% n' as home, 'maildir:/var/vmail/% d/% n' as mail,
150 AS uid, 8 AS gid, concat ('dirsize: storage = ', quota) AS quota
FROM mailbox WHERE username = '% u' AND active = '1'
...

Where can I store emails on the server? Therefore, you need to specify the mail storage address/var/vmail, which is already created when you create a vmail account:

$ Sudo vi/etc/dovecot/conf. d/10-mail.conf
...
Mail_location = maildir:/var/vmail/% d/% n
Mail_uid = vmail
Mail_gid = mail
...

Modify/etc/dovecot/conf. d/10-master.conf

$ Sudo vi/etc/dovecot/conf. d/10-master.conf
...
Service auth {
Unix_listener auth-userdb {
Mode = 0600
User = vmail
Group = mail
  }
Unix_listener/var/spool/postfix/private/auth {
Mode = 0660
User = postfix
Group = postfix
  }
...

Make sure that dovecot has the permission to read the configuration file:

$ Sudo chown-R vmail: dovecot/etc/dovecot
$ Sudo chmod-R o-rwx/etc/dovecot

Configure Amavis, ClamAV, and SpamAssassin

Add clamav and amavis users to the peer group to allow mutual access. Configure the filter mode:

$ Sudo adduser clamav amavis
$ Sudo adduser amavis clamav

$ Sudo vi/etc/amavis/conf. d/15-content_filter_mode
Use strict;
@ Bypass_virus_checks_maps = (
% Bypass_virus_checks, @ bypass_virus_checks_acl, $ bypass_virus_checks_re );
@ Bypass_spam_checks_maps = (
% Bypass_spam_checks, @ bypass_spam_checks_acl, $ bypass_spam_checks_re );
1; # ensure a defined return

Enable spamassassin:

$ Sudo vi/etc/default/spamassassin
...
ENABLED = 1
CRON = 1
...

Configure Postfix

Main. cf is the main configuration file of postfix:

$ Sudo/etc/postfix/main. cf
...
Smtpd_sasl_type = dovecot
Smtpd_sasl_path = private/auth
Smtpd_sasl_auth_enable = yes

Myhostname = mail.vpsee.com
Myorigin =/etc/hostname
Mydestination = mail.vpsee.com, localhost
Mynetworks = 127.0.0.0/8
Inet_interfaces = all
Mynetworks_style = host

Virtual_mailbox_base =/var/vmail/
Virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/m
Ysql_virtual_alias_domainaliases_maps.cf
Virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf

Mail_spool_directory =/var/mail
Virtual_transport = dovecot
Dovecot_destination_recipient_limit = 1

Content_filter = amvis: [127.0.0.1]: 10024

Header_checks = regexp:/etc/postfix/header_checks
...

Note that the above configuration includes the line header_checks = regexp:/etc/postfix/header_checks. We do not have the header_checks file yet, create and include the content, and add a bit of privacy to our emails, filter some information:

$ Sudo vi/etc/postfix/header_checks
/^ Received:/IGNORE
/^ User-Agent:/IGNORE
/^ X-Mailer:/IGNORE
/^ X-Originating-IP:/IGNORE
/^ X-cr-[a-z] *:/IGNORE
/^ Thread-Index:/IGNORE

You also need to configure the master. cf file:

$ Sudo vi/etc/postfix/master. cf
...
Smtps inet n---smtpd
-O syslog_name = postfix/smtps
-O smtpd_tls_wrappermode = yes
-O smtpd_sasl_auth_enable = yes
-O smtpd_tls_auth_only = yes
-O smtpd_client_restrictions = permit_sasl_authenticated, reject_unauth_destination, reject
-O smtpd_sasl_security_options = noanonymous, noplaintext
-O smtpd_sasl_tls_security_options = noanonymous

Amavis unix--2 smtp
-O smtp_data_done_timeout = 1200
-O smtp_send_xforward_command = yes
-O disable_dns_lookups = yes
-O max_use = 20
127.0.0.1: 10025 inet n--smtpd
-O content_filter =
-O local_recipient_maps =
-O relay_recipient_maps =
-O smtpd_restriction_classes =
-O smtpd_delay_reject = no
-O smtpd_client_restrictions = permit_mynetworks, reject
-O smtpd_helo_restrictions =
-O smtpd_sender_restrictions =
-O smtpd_recipient_restrictions = permit_mynetworks, reject
-O smtpd_data_restrictions = reject_unauth_pipelining
-O smtpd_end_of_data_restrictions =
-O mynetworks = 127.0.0.0/8
-O smtpd_error_sleep_time = 0
-O smtpd_soft_error_limit = 1001
-O smtpd_hard_error_limit = 1000
-O smtpd_client_connection_count_limit = 0
-O smtpd_client_connection_rate_limit = 0
-O receive_override_options = no_header_body_checks, no_unknown_recipient_checks

Dovecot unix-n-pipe
Flags = DRhu user = vmail: mail argv =/usr/lib/dovecot-lda-d $ (recipient)

You also need to configure several files:

$ Sudo vi/etc/postfix/mysql_virtual_alias_domainaliases_maps.cf
User = mail
Password = password
Hosts = 127.0.0.1
Dbname = mail
Query = SELECT goto FROM alias, alias_domain
WHERE alias_domain.alias_domain = '% d'
AND alias. address = concat ('% u',' @ ', alias_domain.target_domain)
AND alias. active = 1

$ Sudo vi/etc/postfix/mysql_virtual_alias_maps.cf
User = mail
Password = password
Hosts = 127.0.0.1
Dbname = mail
Table = alias
Select_field = goto
Where_field = address
Additional_conditions = and active = '1'

$ Sudo vi/etc/postfix/mysql_virtual_domains_maps.cf
User = mail
Password = password
Hosts = 127.0.0.1
Dbname = mail
Table = domain
Select_field = domain
Where_field = domain
Additional_conditions = and backupmx = '0' and active = '1'

$ Sudo vi/etc/postfix/mysql_virtual_mailbox_domainaliases_maps.cf
User = mail
Password = password
Hosts = 127.0.0.1
Dbname = mail
Query = SELECT maildir FROM mailbox, alias_domain
WHERE alias_domain.alias_domain = '% d'
AND mailbox. username = concat ('% u',' @ ', alias_domain.target_domain)
AND mailbox. active = 1

$ Sudo vi/etc/postfix/mysql_virtual_mailbox_maps.cf
User = mail
Password = password
Hosts = 127.0.0.1
Dbname = mail
Table = mailbox
Select_field = CONCAT (domain, '/', local_part)
Where_field = username
Additional_conditions = and active = '1'

As a result, restart related services:

$ Sudo service spamassassin restart
$ Sudo service clamav-daemon restart
$ Sudo service amavis restart
$ Sudo service dovecot restart
$ Sudo service postfix restart

Test Postfix

Use telnet to connect to port 25 (SMTP) of the email server, and then send the HELO mail.vpsee.com command to get the confirmation message 250 mail.vpsee.com:

$ Telnet mail.vpsee.com 25
Trying 192.168.2.66...
Connected to mail.vpsee.com.
Escape character is '^]'.
220 mail.vpsee.com ESMTP Postfix (Ubuntu)
HELO mail.vpsee.com
250 mail.vpsee.com

Use telnet TO send an email. The following mail from, rcpt to, DATA,., and QUIT commands are used:

$ Telnet mail.vpsee.com 25
Trying 192.168.2.66...
Connected to mail.vpsee.com.
Escape character is '^]'.
220 mail.vpsee.com ESMTP Postfix (Ubuntu)
Mail from: <test1@vpsee.com>
250 2.1.0 OK
Rcpt to: <test2@vpsee.com>
250 2.1.5 OK
DATA
354 End data with <CR> <LF>. <CR> <LF>
Subject: a test message
This is a test message!
.
250 2.0.0 OK: queued as 6832FF0036
QUIT
221 2.0.0 Bye
Connection closed by foreign host.

After logging on to the email server via ssh, go to the/var/vmail email directory and check whether the user test2 has received the email from the user test1. of course, this email can also be sent via Mail. apps, Thunderbird, and Mutt tools can be viewed on local computers.

Finally, the email server has been configured. It seems that installing and configuring this is not a simple task. I wish you a smooth operation.