Complete Virtual Mail Server
From Gentoo Wiki
Article status
This article has some todo items:
The purpose of this guide is to establish a virtual mail system that can handle multiple domains with a variety of different interface options. This is not intended to be used by the average user who is looking for a mail client, this is a full-scale Mail Transfer Agent (MTA) intended for individuals who are hosting their own domains and/or need to provide support for virtual domains.
This guide uses Postfix as the MTA.
By the end of this guide, an easy method to manage a mail server that supports the following features has passed the revue:
- Web based system administration
- Unlimited number of domains
- Virtual mail users without the need for shell accounts
- Domain (specific) user names
- Mailbox quotas
- Web access to email accounts
- IMAP and (very optional) POP3 support
- SMTP Authentication for secure relaying
- SSL for transport layer security
- Strong SPAM filtering
- Anti-Virus filtering
- Log Analysis
The real plus is that all of this is managed by a single database.
Getting started
- This section outlines a system setup (a multi-server implementation) as well as the core packages that were used. This is a MUST READ before reading on any further (don't worry, it's short).
Basic setup
- Mailboxes are stored on a normal filesystem and thus needs a user and group for security.
- www-apps/postfixadmin and www-servers/apache were key tools in getting through testing and getting this to hang together. While the details of an Apache/PHP setup are not here, there is good information in here all the same.
- mail-mta/postfix will be coupled to a database backend allowing virtual users on multiple domains.
- Linking Dovecot to database backend
- Important
This setup is for the dovecot route. It is mutually exclusive with Linking Courier-imap to database backend. - net-mail/dovecot will be coupled to the same database.
- Linking Courier-imap to database backend
- Important
This setup is for the courier route. It is mutually exclusive with Linking Dovecot to database backend. - net-mail/courier-imap will be coupled to the same database.
Enhanced setup
- SMTP Authentication - Dovecot route
- Important
This setup is for the dovecot route. It is mutually exclusive with SMTP Authentication - Courier route. - Having a mailserver that relays local mail is good enough for most, being able to relay mail after authentication is extremely handy.
- SMTP Authentication - Courier route
- Important
This setup is for the courier route. It is mutually exclusive with SMTP Authentication - Dovecot route. - Having a mailserver that relays local mail is good enough for most, being able to relay mail after authentication is extremely handy.
- Now that a basic mailserver has been setup, web access can be both useful and helpful during testing.
- Securing the mail server with SSL certificates.
- DKIM will sign all outgoing messages with verification keys to prevent ending up in the junk box. SPF will ensure that the only verified servers/IP addresses may send mail from a given domain. DMARC ensures that both DKIM and SPF are properly enforced.
- Using default Postfix configuration options, the server gets some performance tweaks and security settings.
Anti-Spam measures
- Defending against spam using Amavis, Spam-assassin and ClamAV for virus protection.
Log analyzer
- Always important is monitoring. To do so AWStats is used to get a useful overview of passed messages.
Miscellaneous
- POP3 protocol
- POP3 is an old protocol and should not be used. For the sake of completeness it is included in this guide.