Email Service (SMTP,IMAP)
I will describe how to use postfix as MTA and use it locally and on the interet, then DOVECOT for IMAP & POP3
Basically you will do 2 things
Configure a macine as an SMTP server using POSTFIX
Configure IMAP or POP3 for Client Access (Remotly connect)
SMTP Server
Postfix is what's called an MTA or a message transfer agent. That's a server or a daemon that runs a process that supports these simple mail transport protocol, or SMTP communications. So when it comes to email, a lot of us use web-based mail now, so we don't see these protocols at all. That's why people don't even think about these things running. But if you configure an email client, you're normally receiving email by using things like POP3 or IMAP4. But when you send email, email is sent using SMTP. And MTAs or message transfer agents, they receive the email you're sending and then guide it to its destination. So if it needs to go to Gmail or me.com or AOL or whoever it is that you're emailing, it finds the servers and gets it delivered to the right place. So SMTP servers aren't really designed to interact with end users. They're designed to interact with other SMTP servers.
Building an SMTP server with Postfix
Installing the binaries and starting the configuration: sudo DEBIAN_PRIORITY=low apt install postfix
If you want to configure an email server on the internet you don’t want to use the default configuration that comes with sudo apt install postfix which will result to the server being an open relay
An open SMTP relay is a server that allows anyone on the internet to send email through it. This is not a desirable configuration because it can be exploited by spammers to send massive amounts of unsolicited email. If your server is an open relay, it can be added to blacklists and your legitimate email may not be delivered. It's important to properly configure your SMTP server to prevent it from becoming an open relay.
Reconfigure the installation:
sudo dpkg-reconfigure postfix
Postfix Configuration
using it’s config file:
sudo vim /etc/postfix/mainc.cfOr using a command utility:
postconfIf you want to see only overwritten things :
postconf -n
Next thing is Mapping users to email addresses
We need to define a mapping file, by default w don’t have it inside /etc/postfix, I will create it
sudo postconf -e 'virtual_alias_maps= hash:/etc/postfix/maps’
Now it’s gonna now that have a mapping file and i can go and create it
sudo vim /etc/postfix/maps
I need to tell postfix about it :
sudo postmap /etc/postfix/maps
And it is a good idea to restart the service:
sudo systemctl restart postfix
Now, I have a functional SMTP server and it can accepts emails
Allow it through the firewall?
sudo ufw allow 25/tcp or sudo ufw allow postfix and it will add more needed ports like secure smtp …
SOME CHANGES I HAD TO DO:
I added an MX record for my mail server:
sudo systemctl restart bind9
Changing host-name in /etc/postfix/main.cf
sudo systemctl restart postfix
One thing else, i have messed with the home_mailbox for postfix, so you shouldn’t do that
just comment it and restart the service and everything will 100% work
sudo vim /etc/postfix/main.cf
#home_mailvbox= Mail/
sudo systemctl restart postfix
I will add another user and check if he can receive mails
As you can see in my sudo cat /etc/postfix/maps
echo “Hello test user” | mail -s 'to testuser' testuser@homelab.lan
and now :
TEST IT via the intrnet:
Securing Postfix with TLS
We will use Let’s Encrypt for that!
Let's Encrypt will let you generate a certificate that is publicly trusted, free of charge
sudo apt install certbot
What Certbot is is a little automated utility that will help us generate a trusted certificate. Well, it can spin up a temporary web server on port 80, and Let's Encrypt can use that temporary web server to validate that I am who I say I am, that I control that domain.
sudo certbot certonly --standalone --rsa-key-size 4096 --agree-tos --preferred-challenges http -d server.homelab.lan
Make sure to point the record for your smtp server like i am doing in my bind9 server:
Once that done it will create a trusted cert for you
For me i dont have these certs, because my domain is not registered
Or you can do this lol:
register a free domain in No-IP AND then point it to the public ip of your home router and do port forwarding to the smtp server
View the current values postconf | grep 'smtpd_tls_cert\\|smtpd_tls_key'
Update the values sudo postconf -e'smtpd_tls_cert_file=/etc/letsencrypt/live/lab.itpro.tv/fullchain.pem' sudo postconf -e'smtpd_tls_key_file=/etc/letsencrypt/live/lab.itpro.tv/privkey.pem'
Now encryption is like a boolean between the server and the client
You can force it, but it violates the standards, mails might be dropped (If it is an smtp serve on the internet not in private net)
sudo postconf -e 'smtpd_tls_security_level=encrypt’
IMAP & POP3
REMOTE EMAIL DELIVERY
We all love the terminal, i am assuming lol
but i do not like working on the terminal when it comes to recieve and sending emails, i don’t want to ssh very time i want to check my mail to get in the server
i am going to have my laptop or my phone or something like that retrieve mail from the server
In order for that to work we need to install Remote email delivery
sudo apt install dovecot-pop3d dovecot-imapd
Configuring Dovecot for User Access
sudo vim /etc/dovecot/10-auth.conf
adding ‘login’ will give as basic linux login
disabling plain text is referred to looking at password in plain text or hashed, but we will use TLS instead
Setting email users location
i have commented the first line and added the default directory
This will use the Maildir format and store the emails in the Maildir directory in the user's home directory.
Configure Unix Listener
And then one last thing I need to do is to configure a Unix listener. When somebody logs in, they're logging in with their Linux user account. Dovecot expects them to log in with a virtual user account. So that's already set up, but I I'd be good to go if I went with virtual users. But I'm using real users, so I need to add a couple of extra permissions to make that happen. So I need to go into the 10-master file, which is the master configuration for Dovecot as a whole
sudo vim 10-master.conf
I'm just going to uncomment that line right there. That's the one that's allowing us to handle that authentication and tie the users together. Now the default configuration is fine, but if you're running Postfix under a dedicated user account, which Ubuntu does by default, then you may need to add two extra lines here. I'm going to say user equals postfix and group equals postfix. And that's letting Dovecot know that the Postfix server is running under its own user account. And so now it knows which user and which group to use when it's dealing with file permissions.
For TLS as i menionned you can configure the 10-ssl.conf and add the path for your certificate and key in ssl_crt path and ssl_jey path inside this file
Firewall access
sudo systemctl restart dovecot
This was done because i faced an issue of directories conflict between postfix using mailbox and dovecot using Maildir
touk@ubuntu-server:/etc/dovecot/conf.d$ sudo apt install mb2md
mb2md -s /var/mail/touk -d ~/Maildir
There is a mismatch between the old directory used by postfix which use /var/mail/touk and pop3 ~/Maildir so i need to tell postfix to use Maildir in /etc/postfix/main.cf
sudo systemctl restart postfix
Testing Dovecot Locally
Using ThunderBird
Last updated