moeny/postfix-dovecot
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5 Commits 1 Branch 0 Tags 55 KiB
Shell 100%
main
Go to file
moeny-matt 1bd47f5e43 Fix file links
2025-04-17 16:57:38 -04:00
etc Add scripting for cert renewal with certbot 2025-04-17 16:51:25 -04:00
usr/local/bin Add scripting for cert renewal with certbot 2025-04-17 16:51:25 -04:00
.gitignore Initial commit 2025-02-03 15:07:12 -05:00
README.md Fix file links 2025-04-17 16:57:38 -04:00

README.md

postfix-dovecot

This repo details the configuration for setting up your own email server on Ubuntu 22.04.

The above guide will take you through the steps required to set up your own email server. However, this repo contains sample configuration files to aid in the process. Remember to replace any instances of moeny.ai with your own domain name.

Also, note that the /etc/postfix/virtual_alias file will need to include all user emails individually to prevent the catchall from sending those user's mail to the addresses it lists.

See the below steps for setting up SMTP capabilities for your email server. These steps are not included in the linked guide, but they are included in the sample configuration files provided in this repo:

  1. Create a dedicated SMTP user:
# Create user (no login shell needed)
sudo useradd -r -m -s /sbin/nologin smtp_user

# Set password for SMTP authentication
sudo passwd smtp_user

# Create mail directory for the user
sudo mkdir -p /home/smtp_user/Maildir/{cur,new,tmp}
sudo chown -R smtp_user:smtp_user /home/smtp_user/Maildir
sudo chmod -R 700 /home/smtp_user/Maildir
  1. Make sure to add this user to /etc/dovecot/dovecot-users like below:
smtp_user@moeny.ai:{plain}smtp_user-password
  1. Edit /etc/postfix/main.cf by setting the following lines to encrypt instead of may:
smtp_tls_security_level = encrypt
smtpd_tls_security_level = encrypt
  1. Edit /etc/postfix/master.cf by uncommenting the following lines:
# For STARTTLS secure SMTP submission on port 587
submission inet n       -       y       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_tls_auth_only=yes
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject

# For SMTPS implicit SSL/TLS on port 465
smtps     inet  n       -       y       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  1. Restart Postfix and Dovecot
sudo systemctl restart postfix
sudo systemctl restart dovecot
  1. Configure the end service you want to use with SMTP:
SMTP_HOST=mail01.moeny.ai
SMTP_PORT=587
SMTP_USERNAME=smtp_user@moeny.ai
SMTP_EMAIL=service@moeny.ai
SMTP_PASSWORD=smtp_user-password
  1. Test the configuration by sending an email from the end service.

Renewing Certs

In order to set up certs to autorenew, you can use a cron job. Perform the following steps as the root user. Note that this requires a bind9 DNS server set up for dynamic updates with a tsig.key file. See our bind9 repo for more details on this.

  1. Add the content of renew-mail-certs.sh at /usr/local/bin/renew-mail-certs.sh.
  2. Add the contents of dns-rfc2136.ini at /etc/letsencrypt/dns-rfc2136.ini. Don't forget to update the file with your own values.
  3. Run crontab -e and add the following to it:
0 2 1 * * /usr/local/bin/renew-mail-certs.sh