Creating an IMAP & webmail server
First follow instructions from here: Creating a simple mail server
Dovecot
Install the following packages
apt-get install dovecot-ldap dovecot-lmtpd
Create self-signed certificates for dovecot
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/imap.key -out /etc/ssl/certs/imap.crt
Add certificate for dovecot in file /etc/dovecot/conf.d/10-ssl.conf
ssl = yes ssl_cert = </etc/ssl/certs/imap.crt ssl_key = </etc/ssl/private/imap.key
Create a samba/ldap user for dovecot to use, more info can be found here Samba. Copy the certificate from samba server found in /var/lib/samba/private/tls/cert.pem to the mail server in /opt/bin/samba-cert.pem
Modify file /etc/ldap/ldap.conf like this
#TLS_CACERT /etc/ssl/certs/ca-certificates.crt TLS_CACERT /opt/samba/samba-cert.pem
Add a line in /etc/hosts with the samba domain
<samba-server-ip> hostname.domain.local
Add/modify following lines in /etc/dovecot/dovecot-ldap.conf.ext
hosts = hostname.domain.local dn = cn=<samba-user>,cn=Users,dc=DOMAIN,dc=LOCAL dnpass = <samba-user-password> tls = yes tls_ca_cert_file = /opt/samba/samba-cert.pem auth_bind = yes ldap_version = 3 base = dc=DOMAIN,dc=LOCAL scope = subtree user_attrs = dNumber=uid,gidNumber=gid user_filter = (&(&(objectClass=Person)(sAMAccountName=%n))) pass_attrs = sAMAccountName=user,userPassword=password pass_filter = (&(&(objectClass=Person)(sAMAccountName=%n)))
Uncomment this line from /etc/dovecot/conf.d/10-auth.conf
!include auth-ldap.conf.ext
File /etc/dovecot/conf.d/auth-ldap.conf.ext should look like this
passdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf.ext } userdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf.ext default_fields = home=/var/mail/vmail/%n }
You should have this in /etc/dovecot/conf.d/10-master.conf so postfix can send the emails to dovecot
service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } }
And this in /etc/dovecot/dovecot.conf
protocols = imap lmtp
And finally restart dovecot
service dovecot restart
Postfix
To make postfix send the emails to dovecot add these lines to /etc/postfix/main.cf
local_transport = lmtp:unix:private/dovecot-lmtp local_recipient_maps =
And if using a relay add this to the same file
relayhost = <relay-ip>
Restart postfix
service postfix restart
Postfix auth
If you want to use the mail service from outside your network using an IMAP client, and want to send email out through the same SMTP instance (so that emails sent from the IMAP client use the same outgoing server as emails from webmail) it is highly advisable to enable authentication. The neatest way is via SASL auth using Dovecot. To enable this you must first ensure Dovecot is listening for the auth connections
# vi /etc/dovecot/conf.d/10-master.conf
ensuring that within the service auth section the following lines are present and uncommented
unix_listener /var/spool/postfix/private/auth { mode = 0666 }
If changes were required, reload Dovecot
# dovecot reload
Then for postfix
# vi /etc/postfix/main.cf
Adding the following lines
smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth
And reloading postfix
# postfix reload
Depending on your scenario, you may need to forward a port on your firewall to make Postfix available from the outside.
Roundcube
Roundcube is a webmail app.
Install a lamp server
apt-get install lamp-server^
Install php extensions
apt-get install php-xml php7.0-mbstring
Set your timezone in /etc/php/7.0/apache2/php.ini
date.timezone = "UTC"
Connect to mysql
mysql -u root -p
And create a database and a user for roundcube
create database roundcubedb; create user 'roundcubeuser' identified by 'password'; grant all privileges on roundcubedb.* to 'roundcubeuser'; flush privileges; exit
Download roundcube (latest version can be found here: roundcube)
wget https://github.com/roundcube/roundcubemail/releases/download/1.2.5/roundcubemail-1.2.5-complete.tar.gz
Extract and move to /var/www
tar -xzf roundcubemail-1.2.5-complete.tar.gz mv roundcubemail-1.2.5 /var/www/roundcube
Change ownership
chown -R www-data:www-data /var/www/roundcube
Import roundcube database into mysql
mysql -u root -p roundcubedb < /var/www/roundcube/SQL/mysql.initial.sql
Add the domain used for dovecot certificate(and the one you want to use for your mails) in /etc/hosts on the same line with 127.0.1.1
127.0.1.1 example.com etc.
Add/modify following lines in /var/www/roundcube/config/config.inc.php
$config['db_dsnw'] = 'mysql://roundcubeuser:password@localhost/roundcubedb'; $config['default_host'] = 'imaps://example.com'; $config['default_port'] = 993; $config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => true, 'verify_depth' => 3, 'cafile' => '/etc/ssl/certs/imap.crt', ), ); $config['smtp_server'] = 'localhost'; $config['smtp_port'] = 25;
Edit /etc/apache2/sites-available/000-default.conf to point apache to the right directory
DocumentRoot /var/www/roundcube
Finally restart apache
service apache2 restart