Complete Virtual Mail Server

From Gentoo Wiki
Jump to:navigation Jump to:search
Article status
This article has some todo items:

The purpose of this guide is to establish a virtual mail system that can handle multiple domains with a variety of different interface options. This is not intended to be used by the average user who is looking for a mail client, this is a full-scale Mail Transfer Agent (MTA) intended for individuals who are hosting their own domains and/or need to provide support for virtual domains.

This guide uses Postfix as the MTA.

By the end of this guide, an easy method to manage a mail server that supports the following features has passed the revue:

  • Web based system administration
  • Unlimited number of domains
  • Virtual mail users without the need for shell accounts
  • Domain (specific) user names
  • Mailbox quotas
  • Web access to email accounts
  • IMAP and (very optional) POP3 support
  • SMTP Authentication for secure relaying
  • SSL for transport layer security
  • Strong SPAM filtering
  • Anti-Virus filtering
  • Log Analysis

The real plus is that all of this is managed by a single database.

Getting started

System Setup and Packages
This section outlines a system setup (a multi-server implementation) as well as the core packages that were used. This is a MUST READ before reading on any further (don't worry, it's short).

Basic setup

Linux 'vmail' user
Mailboxes are stored on a normal filesystem and thus needs a user and group for security.
Admin Support Systems
www-apps/postfixadmin and www-servers/apache were key tools in getting through testing and getting this to hang together. While the details of an Apache/PHP setup are not here, there is good information in here all the same.
Linking Postfix to database backend
mail-mta/postfix will be coupled to a database backend allowing virtual users on multiple domains.
Linking Dovecot to database backend
Important
This setup is for the dovecot route. It is mutually exclusive with Linking Courier-imap to database backend.
net-mail/dovecot will be coupled to the same database.
Linking Courier-imap to database backend
Important
This setup is for the courier route. It is mutually exclusive with Linking Dovecot to database backend.
net-mail/courier-imap will be coupled to the same database.

Enhanced setup

SMTP Authentication - Dovecot route
Important
This setup is for the dovecot route. It is mutually exclusive with SMTP Authentication - Courier route.
Having a mailserver that relays local mail is good enough for most, being able to relay mail after authentication is extremely handy.
SMTP Authentication - Courier route
Important
This setup is for the courier route. It is mutually exclusive with SMTP Authentication - Dovecot route.
Having a mailserver that relays local mail is good enough for most, being able to relay mail after authentication is extremely handy.
Web Access
Now that a basic mailserver has been setup, web access can be both useful and helpful during testing.
SSL Certificates
Securing the mail server with SSL certificates.
DKIM, SPF and DMARC
DKIM will sign all outgoing messages with verification keys to prevent ending up in the junk box. SPF will ensure that the only verified servers/IP addresses may send mail from a given domain. DMARC ensures that both DKIM and SPF are properly enforced.
Refining the Setup
Using default Postfix configuration options, the server gets some performance tweaks and security settings.

Anti-Spam measures

Amavisd, Spam-Assassin and ClamAV
Defending against spam using Amavis, Spam-assassin and ClamAV for virus protection.

Log analyzer

Logging mail traffic with AWStats
Always important is monitoring. To do so AWStats is used to get a useful overview of passed messages.

Miscellaneous

POP3 protocol
POP3 is an old protocol and should not be used. For the sake of completeness it is included in this guide.