[full-post]

 



How to Install a Mail Server with PostfixAdmin on Ubuntu 20.04

 

In this tutorial, we’ll be covering the process of setting up a mail server with Postfix, Dovecot, Postfixadmin and MariaDB on an Ubuntu 20.04 VPS. But first, what is PostfixAdmin?

PostfixAdmin is an open-source web-based application written in PHP that’s used to create virtual domains and email accounts for a Postfix mail server. Using PostfixAdmin, we can manage mailboxes & aliases, set quotas, configure vacation/out-of-the-office messages, and more. Plus, the web-based interface gives you the user-friendliness of a browser window with a UI.

PostfixAdmin allows us to use virtual email addresses and virtual mailboxes, so we do not need to create a new system user account for each email address. Considering all of these details, PostfixAdmin is a versatile tool and can be used for almost all of your mailing needs. This tutorial goes quite in-depth and may take some time to configure everything properly. Let’s get started with the installation steps.


Hardware/Software Requirements

  • An Ubuntu 20.04 server or VPS with root access enabled, or a user with sudo privileges. We provide all of our users will full root access on their VPSes.
  • Postfix mail transfer agent (MTA) and Dovecot IMAP/POP3 Mail Delivery Agent need to be installed.
  • A database server (MySQL/MariaDB, PostgreSQL or SQLite) needs to be installed.
  • Apache web server needs to be installed with the mod_rewrite module enabled.
  • PHP 7.1 or greater must be installed with the imap, mbstring and mysql extensions all enabled.

Step 1. Getting Started

To begin, we’re going to need to log into our server using SSH. You can do that by entering this command:

ssh root@IP_Address -p Port_Number

Remember to replace “root” with your username if you are not using the root user. Change the values in red according to your server’s IP address and SSH port number (the default number is 22, so try that first unless your server uses a custom port number).

Once you are logged in, you should update all of your packages to their latest available versions.

apt-get update -y
apt-get upgrade -y

Once all the packages are up-to-date, restart your server to apply the configuration changes and ensure that all software is running on their latest versions.

Step 2. Create a System User Account

PostfixAdmin has the ability to create multiple virtual domains, users and aliases. This saves us the hassle of having to create new system users whenever we need a new email account added. For security reasons, we will create a new user named ‘vmail’ with permissions to store the emails in the /var/vmail directory:

useradd -r -u 150 -g mail -d /var/vmail -s /sbin/nologin -c "Virtual Mail User" vmail
mkdir -p /var/vmail
chmod -R 770 /var/vmail
chown -R vmail:mail /var/vmail

Step 3. Install PHP, Apache and Required Extensions

PHP 7.4 and Apache2 are included in the default Ubuntu repository for 20.04. We can install Apache 2, PHP 7.4 and the required PHP extensions using the following command. We also included the required PHP and Apache modules in the command:

apt-get install apache libapache2-mod-php php php-common php-mbstring php-imap php-mysql

Step 4. Install MariaDB Server

PostfixAdmin requires a database in order to be able to store the email account and domain information. For the purpose of this tutorial, we will use a MariaDB database system, an open-source version of MySQL that maintains feature parity. We can install the MariaDB server using the following command:

apt-get install mariadb-server mariadb-client mariadb-common

Start the MariaDB service and enable it to start on server boot using the following commands:

systemctl start mariadb 
systemctl enable mariadb

In order to improve the security of your MariaDB installation, run the mysql_secure_installation script:

mysql_secure_installation

When prompted, you can set the MariaDB root password and safely answer ‘Y’ to all questions.

Enter current password for root (enter for none): Just press the [Enter] key since there is no default password
Set root password? [Y/n]: Y
New password: Enter a strong password
Re-enter new password: Repeat the same password from before
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y

If you followed the above steps, then you will have a password set for the MariaDB root user.

Run this command to access the MySQL console:

mysql -u root -p

And enter the root password you set previously using the mysql_secure_installation script. If you chose not to run that script, there is no password set, so you just need to press the [Enter] key once.

Next, create a MariaDB user and database for PostfixAdmin:

MariaDB [(none)]> CREATE USER 'postfixadmin'@'localhost' IDENTIFIED BY 'Strong_Password';
MariaDB [(none)]> CREATE DATABASE postfixadmin;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON postfixadmin.* TO 'postfixadmin'@'localhost';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> \q

Do not forget to replace ‘Strong_Password‘ with a good and unique password.

Step 5. Install Postfix

Install Postfix and postfix-mysql packages by running the command below:

apt-get install postfix postfix-mysql

During the Postfix installation, you will be asked for the type of mail configuration. Select ‘Internet Site’ and click on OK to continue. Then, enter the server’s hostname in the ‘system mail name’ field.

Once the Postfix installation is complete, we have to create several Postfix configuration files. This will take a while as there are quite a few files that have to be made and configured.

mkdir -p /etc/postfix/sql/

Define the database connection settings for querying the virtual alias domain catchall maps by creating this file. We’re using vi, but you can use any text editor that you prefer:

vi /etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf

Once the file is created, insert these contents:

user = postfixadmin
password = Strong_Password
hosts = localhost
dbname = postfixadmin
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'

Create this file so we can set the database connection settings for querying the virtual alias domain mailbox maps:

vi /etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf

Then insert these contents:

user = postfixadmin
password = Strong_Password
hosts = localhost
dbname = postfixadmin
query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'

After that, define the database connection settings for querying the virtual alias domain maps by creating this file:

vi /etc/postfix/sql/mysql_virtual_alias_domain_maps.cf

Add the following:

user = postfixadmin
password = Strong_Password
hosts = localhost
dbname = postfixadmin
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'

The next settings are for the database connection settings for querying the virtual alias maps. Create this file:

vi /etc/postfix/sql/mysql_virtual_alias_maps.cf

Add this text:

user = postfixadmin
password = Strong_Password
hosts = localhost
dbname = postfixadmin
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'

There are a few more to go. Now, create a file for the database connection settings for querying the virtual domain maps:

vi /etc/postfix/sql/mysql_virtual_domains_maps.cf

Make sure you set the passwords on all of these files that you have been adding. Add the contents:

user = postfixadmin
password = Strong_Password
hosts = localhost
dbname = postfixadmin
query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'

Onto the next file. Create it and add the database connection settings for querying the virtual mailbox limit maps:

vi /etc/postfix/sql/mysql_virtual_mailbox_limit_maps.cf

Insert this and change the password:

user = postfixadmin
password = Strong_Password
hosts = localhost
dbname = postfixadmin
query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'

Finally, create this file and add the database connection settings for querying the virtual mailbox maps:

vi /etc/postfix/sql/mysql_virtual_mailbox_maps.cf
user = postfixadmin
password = Strong_Password
hosts = localhost
dbname = postfixadmin
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'

NOTE: Do not forget to replace ‘Strong_Password‘ with your own password in all of the configuration files above.

Modify the main.cf Postfix configuration file, which is the core of the Postfix configuration. Run these commands to edit each setting:

postconf -e "myhostname = $(hostname -f)"
postconf -e "virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf"
postconf -e "virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf"
postconf -e "virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf"
postconf -e "smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem"
postconf -e "smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key"
postconf -e "smtpd_use_tls = yes"
postconf -e "smtpd_tls_auth_only = yes"
postconf -e "smtpd_sasl_type = dovecot"
postconf -e "smtpd_sasl_path = private/auth"
postconf -e "smtpd_sasl_auth_enable = yes"
postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination"
postconf -e "mydestination = localhost"
postconf -e "mynetworks = 127.0.0.0/8"
postconf -e "inet_protocols = ipv4"
postconf -e "inet_interfaces = all"
postconf -e "virtual_transport = lmtp:unix:private/dovecot-lmtp"

We can also install Certbot, then install a new Let’s encrypt SSL certificate for the server hostname and replace /etc/ssl/certs/ssl-cert-snakeoil.pem and /etc/ssl/private/ssl-cert-snakeoil.key with the newly created SSL certificate and public key files.

Then, edit the the master.cf Postfix configuration file, and modify it as follows:

vi /etc/postfix/master.cf

Add or change the contents so that the file looks like this:

smtp inet n - y - - smtpd
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING

Enable the Postfix service to start on server boot and restart the Postfix service:

systemctl enable postfix
systemctl restart postfix

Postfix is finally installed and configured.

Step 6. Install Dovecot

Dovecot is a Mail Delivery Agent which allows a user to receive emails in complete security through IMAP and/or POP3 protocols. We can install Dovecot and the dovecot-mysql package using the command below:

apt-get install dovecot-core dovecot-lmtpd dovecot-imapd dovecot-pop3d dovecot-mysql

Edit the /etc/dovecot/conf.d/10-mail.conf file:

vi /etc/dovecot/conf.d/10-mail.conf

Insert this as the content:

mail_location = maildir:/var/vmail/%d/%n
mail_privileged_group = mail
mail_uid = vmail
mail_gid = mail
first_valid_uid = 150
last_valid_uid = 150

Open the /etc/dovecot/conf.d/10-auth.conf file:

vi /etc/dovecot/conf.d/10-auth.conf

Edit it so that the file looks like this:

auth_mechanisms = plain login
#!include auth-system.conf.ext
!include auth-sql.conf.ext

Then edit the dovecot-sql.conf.ext file, and add these lines:

vi /etc/dovecot/dovecot-sql.conf.ext
driver = mysql
connect = host=localhost dbname=postfixadmin user=postfixadmin password=Strong_Password
default_pass_scheme = MD5-CRYPT
password_query = SELECT username as user, password, '/var/vmail/%d/%n' as userdb_home, 'maildir:/var/vmail/%d/%n' as userdb_mail, 150 as userdb_uid, 8 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
user_query = SELECT '/var/vmail/%d/%u' as home, 'maildir:/var/vmail/%d/%u' as mail, 150 AS uid, 8 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'

Do not forget to replace Strong_Password with the actual password that you set previously in Step 4 when creating the MariaDB user.

Edit the /etc/dovecot/conf.d/10-ssl.conf file, and enable SSL support:

vi /etc/dovecot/conf.d/10-ssl.conf
ssl = yes

Save and close that file, then edit the /etc/dovecot/conf.d/15-lda.conf file and set the postmaster_address email address.

vi /etc/dovecot/conf.d/15-lda.conf
postmaster_address = postmaster@yourdomain.com

Make sure that you change yourdomain.com to the actual domain name that points to your server.

Edit the /etc/dovecot/conf.d/10-master.conf file, find the service lmtp section and replace it with the following lines:

vi /etc/dovecot/conf.d/10-master.conf
service lmtp {
     unix_listener /var/spool/postfix/private/dovecot-lmtp {
     mode = 0600
     user = postfix
     group = postfix
     }
}

Once that part is edited, find the service auth section and replace it with the following snippet:

service auth {
     unix_listener /var/spool/postfix/private/auth {
     mode = 0666
     user = postfix
     group = postfix
}

unix_listener auth-userdb {
     mode = 0600
     user = vmail

}
user = dovecot
}

Then change the service auth-worker section to the following:

service auth-worker {
user = vmail
}

Save and close the file.

Set the correct permissions of the Dovecot configuration files:

chown -R vmail:dovecot /etc/dovecot 
chmod -R o-rwx /etc/dovecot

Enable the Dovecot service to start on server boot, and restart Dovecot so that all of these new configuration files are in effect:

systemctl enable dovecot
systemctl restart dovecot

Step 7. Install PostfixAdmin

Now that all of our required software is installed and configured, let’s install and configure PostfixAdmin and finish this tutorial.

Download the latest available version of PostfixAdmin from Github and extract it in the /var/www/html/postfixadmin directory.

apt-get install git
cd  /var/www/html/
git clone https://github.com/postfixadmin/postfixadmin.git

Edit the /var/www/html/postfixadmin/config.local.php file and add these lines:

vi /var/www/html/postfixadmin/config.local.php
<?php
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfixadmin';
$CONF['database_password'] = 'Strong_Password';
$CONF['database_name'] = 'postfixadmin';
$CONF['configured'] = true;
$CONF['encrypt'] = 'md5crypt';
?>

Replace Strong_Password with the MariaDB user password.

mkdir /var/www/html/postfixadmin/templates_c

chown -R www-data: /var/www/html/postfixadmin

Open http://your_server_IP/postfixadmin/public/setup.php . Check if everything is okay and make sure that there are no errors:

Scroll down and enter your new setup password twice. Make sure to choose a strong one:

Then click on the ‘Generate password hash’ button.

Edit the config.local.php file and add the generated hash to it:

$CONF['setup_password'] = '0584cbe2b03cad2e29c8be0127361e37:d41ceb2689b747cf143d1809aec7b8e6bdde983e';

Replace the hash shown in the example with the one generated for your instance.

Save the config.local.php file, open the setup page once again and create a PostfixAdmin admin user account. The setup password in that page is the same password you used in the previous step, so fill the other required fields such as the admin email address and password, then click on the ‘Add admin’ button.

That’s it! The PostfixAdmin installation is complete.

Open http://your_server_IP/postfixadmin/login.php in your preferred web browser. You’ll see the login page:

Log in as the admin user and add the domains hosted on the server:

Once you do that, then you can create email addresses, set a mail quota, and so on:

That is everything you’ll need to install, configure, and start using your PostfixAdmin install on your Ubuntu 20.04 VPS.


This install process is very involved and is quite easy to mess up and end up with a botched install of Postfix, Dovecot, or both. However, if you have a Managed Ubuntu VPS hosting with us, you won’t need to do anything more than ask us to install it for you, Our team of support experts will completely install and configure all aspects of your server so that Postfix, Dovecot, and PostfixAdmin all work flawlessly. They can also help set up routine maintenance and optimize your server to maximize its speed.

We would appreciate you sharing this on social media if you found this tutorial useful. Or, you can write a comment letting us know how the install went, and if PostfixAdmin helped you manage your mail server more easily. Thanks!



 Kaynak: https://www.rosehosting.com/blog/how-to-install-a-mail-server-with-postfixadmin-on-ubuntu-20-04