################## E-mail using POSTFIX, DOVECOT, SQUIRRELMAIL and SASLAUTHD ##################
##########################~~~~~~~~~~~~ POSTFIX ~~~~~~~~~~~~##########################
### basic POSTFIX configuration:
# Postfix is used to manage and send e-mails
## DNS must be configured before you proceed with this guide!!!
## install postfix (service that uses port 25)
apt install postfix
# during intallation:
# * select the option "Internet Site" in 'General mail configuration type'
# * inform your mail domain name (the same one used on DNS) at the option
# 'System mail name', ex.: example.com
## (optional) at this point, it is already possible to test the service. See "TEST-1" below.
## on postfix, there are 2 configuration files:
# * /etc/postfix/master.cf, where you can enable new services (ex.: smtps on port 465)
# * /etc/postfix/main.cf, where you configure postfix's general and access options
# To make it work with the most basic configuration (only smtp, which
# is already enabled at master.cf after installation):
## on /etc/postfix/main.cf, configure your networks and domains:
mynetworks = 127.0.0.1/24 172.16.0.0/16 #networks from which it is possible to
# send e-mail without authentication
# with username/password. Usually only
# loopback. Include your network!
mydestination = $myhostname, domain.com, example.com #if an e-mail was sent for one of
# those domains, postfix will
# deliver it to a local mailbox
# or via MDA (Mail Delivery Agent).
#Keep on this line only the
# domains this server will be
# responsible for!
# restart postfix:
systemctl restart postfix #or: postfix reload
## (optional) configure alias~~~~~~~~~~~~~~~~~~~~~~~~
# at the same file (/etc/postfix/main.cf), make sure the the line 'alias_maps' is uncommented,
# then edit the file it poinst to:
nano /etc/aliases
# in this file, there is already one line 'postmaster: root', edit that line
# according to this example:
postmaster: root,user_name
# that should tell postfix that now both users, root and user_name, are part of
# the postmaster group
# next, execute the postalias command on that file so that it generates its hash:
postalias /etc/aliases
# restart postfix:
systemctl restart postfix #or: postfix reload
# now, if a mail is sent to postmaster, it will be delivered to both users, root and user_name
~~~~~~~~~~~~~~~~~~~~ How to READ e-mails received by postfix on Ubuntu ~~~~~~~~~~~~~~~~~~~~
# to read the e-mails received by each user, got to this directory and look for the file
# with the name of the user:
cd /var/mail
ls -la
# each message received by that user is separated by a blank line in the file
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ TEST-1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
### to test the postfix service at this point, we have 2 options:
## one is to check if port 25 is active using this command:
netstat -natl
## the other one is using telnet from the same machine you installed it or
## from another authorized machine
# this is a #commented example of how to send a message using telnet:
telnet 127.0.0.1 25 #from the same machine, port 25
# you may also use the e-mail domain or any
# other domain enabled at the main.cf file
helo mail #the e-mail server responds after every command you insert
mail from:random_name@anydomain.com
rcpt to:jack@example.com #the recipient user must exist on the server so
# that the message can be delivered/read
data
subjet: type in the subject #(optional line)
here you type the text of the message you wish to send, the content
. #a single dot marks the end of the message
quit
## after following the 'script' above, you may see how the server
## behaved by checking its logs:
cat /var/log/mail.log
# you can see if the server tried to send the message and what 'error'
# it received (in case it did). If it tried to send the message, it's working!
# if you sent the message to an user that exists in that server, you should
# be able to read the message at /var/mail/username
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ EXTRAS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
## command that shows all postfix configurations:
postconf
# https://www.postfix.org/ is the postfix webpage with extensive documentation
#########################################################################################
##########################~~~~~~~~~~~~ DOVECOT ~~~~~~~~~~~~##########################
### basic DOVECOT configuration:
# Dovecot is used to download the e-mails received by postfix via pop3 or imap, which
# enables that mail to be seen in graphic form using other programs (outlook,
# squirrelmail, etc)
## install dovecot for imap (port 143) and pop3 (port 110)
apt install dovecot-imapd dovecot-pop3d
## configure the (same) local delivery address in postfix and dovecot, for example, a
## directory called Maildir inside each user's home directory. Doing this is useful, for
## example, to limit the max disk size available for each user (using other programs). If
## you choose not to do it, postfix will keep delivering to the regular mailbox location
## and dovecot will retrieve the messages from that same location /var/mail/username.
### (optional 1-START): if you want to set the mail delivery to "Maildir", inside each user's
### home directory:
# on Dovecot's configuration file:
nano /etc/dovecot/conf.d/10-mail.conf
# uncomment the line:
mail_location = maildir:~/Maildir
# and comment the other line with mail_location:
mail_location = mbox:~/mail:INBOX=/var/mail/%u
# on Postfix's configuration file:
nano /etc/postfix/main.cf
# below the line 'mailbox_size_limit', add this line:
home_mailbox = Maildir/
# restart both services:
systemctl restart postfix
systemctl restart dovecot
### (optional 1-END)
## (test - optional 2) if you do the TEST-1 after executing all the steps on 'optional 1',
## sending messages to your mail server: now, if you check the logs, they will show that
## the message was 'delivered to maildir' instead of 'delivered to mailbox'. If you go to
## the directory /home/username, there will be a new automatically created direcotry
## called 'Maildir'; inside it, you'll find a subdirectory called 'new' with every new
## message received since you made the maildir configuration.
## if you did not follow the steps on 'optional 1', postfix will keep delivering the messages
## to the mailbox at /var/mail/username.
## at this point, it is possible to test the service (pop3 and imap). See the TEST-2 below!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ TEST-2 (POP3) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
## to test the dovecot service (pop3) at this point, we have 2 options:
# one is to check if the port 110 is active using this command:
netstat -natl
## the other one is using telnet from the same machine you installed it or
## from another authorized machine
# this is a #commented example of how to read a message using telnet:
telnet 127.0.0.1 110 #from the same machine, port 110
user username #inform the username
pass password #inform the password
list #lists the messages
retr 1 #retrieves the message with the specified number
quit
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ TEST-2 (IMAP) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
## to test the dovecot service (imap) at this point, we have 2 options:
# one is to check if the port 143 is active using this command:
netstat -natl
## the other one is using telnet from the same machine you installed it or
## from another authorized machine
# this is a #commented example of how to read a message using telnet (capital letters
# are optional). The first character of every command after telnet can be anything:
telnet localhost 143
. LOGIN username password #inform the username and password
1 LIST "" * #lists the available folders
3 SELECT inbox #select a folder by its name
5 FETCH 1:* all #lists information about all messages in the folder
1 FETCH 1 (body[]) #retrieves the specified message, the number after 'fetch'
# specifies which message
9 LOGOUT
## https://www.atmail.com/blog/imap-commands/ is an option to see more IMAP commands
#########################################################################################
##########################~~~~~~~~~~~~ SQUIRRELMAIL ~~~~~~~~~~~~##########################
### basic SQUIRRELMAIL configuration:
# Squirrelmail is an e-mail client with graphic interface
# Squirrelmais's official site: https://www.squirrelmail.org/
# to better test the IMAP version of Dovecot, it is recommended to use an e-mail
# client, like Squirrelmail: it connects to dovecot (imap) via browser!!!
## Apache (with PHP configured), postfix and dovecot MUST be installed before you proceed with this guide!
## squirrelmail is not available at the Ubuntu's repository, therefore please verify at the
## official site what is the latest version and its link. This link is working today (05/09/2024) to
## download the version with support for PHP 8:
wget http://snapshots.squirrelmail.org/squirrelmail-20240509_0200-SVN.stable.tar.gz #switch the date in
# the link to the
# current date, ex.:
# 20240509
# extract the downloaded file:
tar -xvf squirrelmail-20240509_0200-SVN.stable.tar.gz
# go inside the extracted directory and move the subdirectory 'squirrelmail' to the same directory
# of your webpage files and rename it to 'mail' (the name that will identify your e-mail site)
cd squirrelmail.stable/
mv squirrelmail/ /var/www/html/mail
## in the mail directory /var/www/html/mail, execute the script for configuration:
./configure
# in this menu, go to 'Server Settings'/'Domain' then inform your domain, ex.:
example.com
# then go to 'General Options'/'Data Directory' and inform your data directory address:
/var/www/html/mail/data/
# then go to 'General Options'/'Attachment Directory'and inform your attachment directory address:
/var/www/html/mail/attach/
# finally, go to 'Set pre-defined settings for specific IMAP servers' and choose:
dovecot #this will load the pre-defined configuration for dovecot
# save and exit
# the directory 'data' should be alredy there, but you'll need to create the 'attach' directory:
mkdir /var/www/html/mail/attach/
# set the correct permissions so that the apache user (www-data) can interact with squirrelmail
chown -R www-data:www-data /var/www/html/mail
# restart apache
systemctl restart apache2
## open squirellmail on your server's webpage:
# * in a browser thata can access your webpage (www.example.com), enter:
www.example.com/mail #or: your_IP_address/mail
# * log-in with the username and password of the account you wish to enter.
## (optional) at this point, it is possible to test the service (webclient/imap). See the TEST-3 below!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ TEST-3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
## send an e-mail using the webclient squirrelmail
# to test the services squirrelmail/dovecot(imap)/postfix at this poing, we have 2 options:
## one is to log-in to the user account you sent the mail at your squirrelmail page and
## check if you received it
# the other one is viewing the e-mail logs and checking if postfix sent the message correctly:
cat /var/log/mail.log
#########################################################################################
##########################~~~~~~~~~~~~ SASLAUTHD ~~~~~~~~~~~~##########################
### basic SASLAUTHD configuration:
# saslauthd is used to make postfix demand authentication from the user trying to accesss it to
# use it as mail relay. It is important to install saslauthd and configure both, postfix and it!
## on postfix, at /etc/postfix/master.cf, uncomment the line:
submission inet n - y - - smtpd
## on postfix, at /etc/postfix/main.cf, add the line (or make sure it is already there):
smtpd_tls_security_level = may
## install saslauthd
apt install sasl2-bin
## edit the saslauthd configuration file:
nano /etc/default/saslauthd
# add/substitute on it:
START=yes
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
## execute those commands:
mkdir -p /var/spool/postfix/var/run/saslauthd
dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
adduser postfix sasl
ln -s /var/spool/postfix/var/run/saslauthd/ /var/run/
systemctl start saslauthd
## create/edit this file:
nano /etc/postfix/sasl/smtpd.conf
# add the lines:
pwcheck_method: saslauthd
mech_list: plain login
## on postfix, at /etc/postfix/main.cf, add those lines with the saslauthd configuration:
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
## restart postfix:
systemctl restart postfix
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SASLAUTHD TESTS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
### there are 3 tests you can do to verify that saslauthd is working:
### first test (is postfix encrypting correctly?):
## use this command:
testsaslauthd -u username -p password
# the result should be 'success'
# if you get an error, you may want to run those commands and then try again:
rm -rf /var/run/saslauthd
ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd
### second test (postfix authentication test):
## follow all the steps on this page (it envolves using the username and password encrypted
## in base64 to send an e-mail):
http://networking.ringofsaturn.com/Protocols/howtotestsendmailauthentication.php
# with your credentials encrypted in base64, basically, you use a telnet to the port 587:
telnet localhost 587
ehlo example.com #type 'ehlo your_domain'
auth login username_in_base64 #inform your username in base64, preceeded by 'auth login'
password_in_base64 #inform your password in base64
# then you follow the same steps to send a message as you did
# in Postfix's TEST-1 (above on this guide)
### third test (postfix authentication test on a TLS session):
## use this command:
openssl s_client -starttls smtp -crlf -connect localhost:587
# then follow the same script on the second test to send a new e-mail.
#########################################################################################
ATTENTION: Always read a script before you run it!!!
To run a basic Postfix/Dovecot/Squirrelmail configuration script for one mail domain, run the following command line in your server's terminal:
wget -nc https://www.maycke.com.br/guides/raw/postfix-dovecot-squirrelmail.sh && chmod 700 postfix-dovecot-squirrelmail.sh && sudo ./postfix-dovecot-squirrelmail.sh && sudo rm postfix-dovecot-squirrelmail.sh
#########################################################################################