Installing a new mailserver

From Edgar BV Wiki
Jump to navigation Jump to search

You will need these for the mail server

apt-get install openssh-server proftpd snmpd iotop iptstate atsar postfix shorewall vim awstats bmon nscd sshfs mc zip unzip bzip2 arj spamassassin pyzor razor ncftp rsync quota ntpdate ntp vacation pdnsd dovecot-common dovecot-imapd dovecot-pop3d

pdnsd - use resolvconf configuration

Network

Set up networking in /etc/network/interfaces

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
#auto eth0
iface eth0 inet static
        address 192.168.0.112
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
#       gateway 192.168.0.1
        dns-nameservers 213.75.63.36 213.75.63.70 192.168.0.1
#       dns-nameservers 192.168.0.1 192.168.0.2
#       dns-search tripnet.int internal.tripnet.int ops.tripnet.int

auto eth1
iface eth1 inet static
        address 188.204.140.195
        netmask 255.255.255.224
        network 188.204.140.192
        broadcast 188.204.140.223
        gateway 188.204.140.193
        dns-nameservers 213.75.63.36 213.75.63.70 192.168.0.1

Postfix and Procmail

First install Postfix as the mail transport agent

Amavis-new + ClamAV

Amavis functions as a postfix addon that filters mail through ClamAV and Spamassassin. Amavis-new and ClamAV

Spamassassin

Then configure Spamassassin

Dovecot

Now install Dovecot as an IMAP / POP3 server

Roundcube webmail

And install Roundcube for webmail

Converting from mbox to maildir

Because we want the system to support IMAP functionality fully, there are some changes to to be made which will be documented further. For now, look at Converting from mbox to maildir

Webmail performance

package imapproxy implements UP-IMapProxy

Iphone Push

package imaprowl implements push for Iphone and Gmail

Mobile settings

Incoming:

Security type: TLS (Accept all certificates)
Port: 143

Outgoing:

Hostname: mail.edgarbv.com
Security Type: TLS (Accept all certificates)
Port: 587
Require sign in: on

Note, TLS will only work for 1 IP adres per hostname. It only gets 1 certificate per IP adres.

Spam protection

SPF

This implements Sender Policy Framework, a method to check if an email's From comes from an authorised server http://www.openspf.org/Introduction

DKIM

Another trust mechanism http://www.dkim.org/

DMARC

A system to tell you what to do with reply messages http://www.dmarc.org/overview.html