Creating an IMAP & webmail server: Difference between revisions

From Newroco Tech Docs
Jump to navigationJump to search
Line 149: Line 149:
$config['default_host'] = 'imaps://example.com';
$config['default_host'] = 'imaps://example.com';
$config['default_port'] = 993;
$config['default_port'] = 993;
$config['smtp_server'] = 'localhost';
$config['smtp_port'] = 25;
#if using self-signed sertificate you need the following lines too
$config['imap_conn_options'] = array(
$config['imap_conn_options'] = array(
   'ssl'        => array(
   'ssl'        => array(
     'verify_peer'  => true,
     'verify_peer'  => true,
     'verify_depth' => 3,
     'verify_depth' => 3,
     'cafile'      => '/etc/ssl/certs/imap.crt',
     'cafile'      => '/path/to/certificate',
   ),
   ),
);
);</pre>
$config['smtp_server'] = 'localhost';
$config['smtp_port'] = 25;</pre>


Edit /etc/apache2/sites-available/000-default.conf to point apache to the right directory
Edit /etc/apache2/sites-available/000-default.conf to point apache to the right directory

Revision as of 06:43, 9 June 2017

First follow instructions from here: Creating a simple mail server

Dovecot

Install the following packages

apt-get install dovecot-ldap dovecot-lmtpd

Generate a certificate for dovecot like this Certbot, if using a proxy you can copy it from there using a crontab and a script:

#!/bin/bash
/usr/bin/rsync -rl --safe-links --rsync-path="/usr/bin/sudo /usr/bin/rsync" user-on-proxy@proxy-ip:/etc/letsencrypt/ /etc/letsencrypt-proxy/ 2>&1 >> /var/log/letsencrypt_sync.log
service dovecot restart

Or you can generate your own self-signed certificate like this (note: self-signed certificates are untrusted)

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/imap.key -out /etc/ssl/certs/imap.crt

Add certificate for dovecot in file /etc/dovecot/conf.d/10-ssl.conf

ssl = yes
ssl_cert = </path/to/certificate
ssl_key = </path/to/private/key

Create a samba/ldap user for dovecot to use, more info can be found here Samba. Copy the certificate from samba server found in /var/lib/samba/private/tls/cert.pem to the mail server in /opt/bin/samba-cert.pem

Modify file /etc/ldap/ldap.conf like this

#TLS_CACERT     /etc/ssl/certs/ca-certificates.crt
TLS_CACERT      /opt/samba/samba-cert.pem

Add a line in /etc/hosts with the samba domain

<samba-server-ip> hostname.domain.local

Add/modify following lines in /etc/dovecot/dovecot-ldap.conf.ext

hosts = hostname.domain.local
dn = cn=<samba-user>,cn=Users,dc=DOMAIN,dc=LOCAL
dnpass = <samba-user-password>
tls = yes
tls_ca_cert_file = /opt/samba/samba-cert.pem
auth_bind = yes
ldap_version = 3
base = dc=DOMAIN,dc=LOCAL
scope = subtree
user_attrs = dNumber=uid,gidNumber=gid
user_filter = (&(&(objectClass=Person)(sAMAccountName=%n)))
pass_attrs = sAMAccountName=user,userPassword=password
pass_filter = (&(&(objectClass=Person)(sAMAccountName=%n)))

Uncomment this line from /etc/dovecot/conf.d/10-auth.conf

!include auth-ldap.conf.ext

File /etc/dovecot/conf.d/auth-ldap.conf.ext should look like this

passdb {
  driver = ldap
  args = /etc/dovecot/dovecot-ldap.conf.ext
}
userdb {
  driver = ldap
  args = /etc/dovecot/dovecot-ldap.conf.ext
  default_fields = home=/var/mail/vmail/%n
}

You should have this in /etc/dovecot/conf.d/10-master.conf so postfix can send the emails to dovecot

service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
}

And this in /etc/dovecot/dovecot.conf

protocols = imap lmtp

And finally restart dovecot

service dovecot restart

Postfix

To make postfix send the emails to dovecot add these lines to /etc/postfix/main.cf

local_transport = lmtp:unix:private/dovecot-lmtp
local_recipient_maps =

And if using a relay add this to the same file

relayhost = <relay-ip>

Restart postfix

service postfix restart

Postfix auth

If you want to use the mail service from outside your network using an IMAP client, and want to send email out through the same SMTP instance (so that emails sent from the IMAP client use the same outgoing server as emails from webmail) it is highly advisable to enable authentication. The neatest way is via SASL auth using Dovecot. To enable this you must first ensure Dovecot is listening for the auth connections

# vi /etc/dovecot/conf.d/10-master.conf

ensuring that within the service auth section the following lines are present and uncommented

unix_listener /var/spool/postfix/private/auth {
    mode = 0666
  }

If changes were required, reload Dovecot

# dovecot reload

Then for postfix

# vi /etc/postfix/main.cf

Adding the following lines

smtpd_sasl_auth_enable              = yes
smtpd_sasl_type                     = dovecot
smtpd_sasl_path                     = private/auth

And reloading postfix

# postfix reload

Depending on your scenario, you may need to forward a port on your firewall to make Postfix available from the outside.

Roundcube

Roundcube is a webmail app.

Install a lamp server

apt-get install lamp-server^

Install php extensions

apt-get install php-xml php7.0-mbstring

Set your timezone in /etc/php/7.0/apache2/php.ini

date.timezone = "UTC"

Connect to mysql

mysql -u root -p

And create a database and a user for roundcube

create database roundcubedb;
create user 'roundcubeuser' identified by 'password';
grant all privileges on roundcubedb.* to 'roundcubeuser';
flush privileges;
exit

Download roundcube (latest version can be found here: roundcube)

wget https://github.com/roundcube/roundcubemail/releases/download/1.2.5/roundcubemail-1.2.5-complete.tar.gz

Extract and move to /var/www

tar -xzf roundcubemail-1.2.5-complete.tar.gz
mv roundcubemail-1.2.5 /var/www/roundcube

Change ownership

chown -R www-data:www-data /var/www/roundcube

Import roundcube database into mysql

mysql -u root -p roundcubedb < /var/www/roundcube/SQL/mysql.initial.sql

Add the domain used for dovecot certificate(and the one you want to use for your mails) in /etc/hosts on the same line with 127.0.1.1

127.0.1.1 example.com etc.

Add/modify following lines in /var/www/roundcube/config/config.inc.php

$config['db_dsnw'] = 'mysql://roundcubeuser:password@localhost/roundcubedb';
$config['default_host'] = 'imaps://example.com';
$config['default_port'] = 993;
$config['smtp_server'] = 'localhost';
$config['smtp_port'] = 25;

#if using self-signed sertificate you need the following lines too
$config['imap_conn_options'] = array(
  'ssl'         => array(
     'verify_peer'  => true,
     'verify_depth' => 3,
     'cafile'       => '/path/to/certificate',
   ),
);

Edit /etc/apache2/sites-available/000-default.conf to point apache to the right directory

DocumentRoot /var/www/roundcube

Finally restart apache

service apache2 restart