|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144 |
- # Email server setup script
-
- I wrote this script during the grueling process of installing and setting up
- an email server. It perfectly reproduces my successful steps to ensure the
- same setup time and time again, now with many improvements.
-
- I'm glad to say that dozens, hundreds of people have now used it and there is a
- sizeable network of people with email servers thanks to this script.
-
- I've linked this file on Github to a shorter, more memorable address on my
- website so you can get it on your machine with this short command:
-
- ```sh
- curl -LO lukesmith.xyz/emailwiz.sh
- ```
-
- When prompted by a dialog menu at the beginning, select "Internet Site", then
- give your full domain without any subdomain, i.e. `lukesmith.xyz`.
-
- ## This script installs
-
- - **Postfix** to send and receive mail.
- - **Dovecot** to get mail to your email client (mutt, Thunderbird, etc.).
- - Config files that link the two above securely with native log-ins.
- - **Spamassassin** to prevent spam and allow you to make custom filters.
- - **OpenDKIM** to validate you so you can send to Gmail and other big sites.
-
- ## This script does _not_
-
- - use a SQL database or anything like that.
- - set up a graphical interface for mail like Roundcube or Squirrel Mail. If you
- want that, you'll have to install it yourself. I just use
- [isync/msmtp/mutt-wizard](https://github.com/lukesmithxyz/mutt-wizard) to
- have an offline mirror of my email setup and I recommend the same. There are
- other ways of doing it though, like Thunderbird, etc.
-
- ## Before you run this script you need...
-
- 1. A **Debian or Ubuntu server**. I've tested this on a
- [Vultr](https://www.vultr.com/?ref=8940911-8H) Debian server and one running
- Ubuntu and their setup works, but I suspect other VPS hosts will have
- similar/possibly identical default settings which will let you run this on
- them. Note that the affiliate link there to Vultr gives you a $100 credit
- for the first month to play around.
- 2. **A Let's Encrypt SSL certificate for your site's `mail.` subdomain**.
- 3. You need two little DNS records set on your domain registrar's site/DNS
- server: (1) an **MX record** pointing to your own main domain/IP and (2) a
- **CNAME record** for your `mail.` subdomain.
- 4. **A Reverse DNS entry for your site.** Go to your VPS settings and add an
- entry for your IPv4 Reverse DNS that goes from your IP address to
- `<mail.yourdomain.com>`. If you would like IPv6, you can do the same for
- that. This has been tested on Vultr, and all decent VPS hosts will have a
- section on their instance settings page to add a reverse DNS PTR entry. You
- can use the 'Test Email Server' or ':smtp' tool on
- [mxtoolbox](https://mxtoolbox.com/SuperTool.aspx) to test if you set up a
- reverse DNS correctly. This step is not required for everyone, but some big
- email services like Gmail will stop emails coming from mail servers with
- no/invalid rDNS lookups. This means your email will fail to even make it to
- the recipients spam folder; it will never make it to them.
- 5. `apt purge` all your previous (failed) attempts to install and configure a
- mail server. Get rid of _all_ your system settings for Postfix, Dovecot,
- OpenDKIM and everything else. This script builds off of a fresh install.
- 6. Some VPS providers block mail port numbers like 25, 993 or 587 by default.
- You may need to request these ports be opened to send mail successfully.
- Vultr and most other VPS providers will respond immediately and open the
- ports for you if you open a support ticket.
- 7. If you have a firewall, you'll need to open ports on your side as well. For
- example, with `ufw`, just run: `ufw allow 587` on ports 587, 993 and 25 (you
- will need port 80 for Certbot too).
-
- ## Post-install requirement!
-
- - After the script runs, you'll have to add additional DNS TXT records which
- are displayed at the end when the script is complete. They will help ensure
- your mail is validated and secure.
-
- ## Making new users/mail accounts
-
- Let's say we want to add a user Billy and let him receive mail, run this:
-
- ```
- useradd -m -G mail billy
- passwd billy
- ```
-
- Any user added to the `mail` group will be able to receive mail. Suppose a user
- Cassie already exists and we want to let her receive mail too. Just run:
-
- ```
- usermod -a -G mail cassie
- ```
-
- A user's mail will appear in `~/Mail/`. If you want to see your mail while ssh'd
- in the server, you could just install mutt, add `set spoolfile="+Inbox"` to
- your `~/.muttrc` and use mutt to view and reply to mail. You'll probably want
- to log in remotely though:
-
- ## Logging in from Thunderbird or mutt (and others) remotely
-
- Let's say you want to access your mail with Thunderbird or mutt or another
- email program. For my domain, the server information will be as follows:
-
- - SMTP server: `mail.lukesmith.xyz`
- - SMTP port: 587
- - IMAP server: `mail.lukesmith.xyz`
- - IMAP port: 993
-
- In previous versions of emailwiz, you also had to log on with *only* your
- username (i.e. `luke`) rather than your whole email address (i.e.
- `luke@lukesmith.xyz`), which caused some confusion. This is no longer the
- case.
-
- ## Benefited from this?
-
- I am always glad to hear this script is still making life easy for people! If
- this script or documentation has saved you some frustration, you can donate to
- support me at [lukesmith.xyz/donate](https://lukesmith.xyz/donate.html).
-
- ## Troubleshooting -- Can't send mail?
-
- - Always check `journalctl -xe` to see the specific problem.
- - Check with your VPS host and ask them to enable mail ports. Some providers
- disable them by default. It shouldn't take any time.
- - Go to [this site](https://appmaildev.com/en/dkim) to test your TXT records.
- If your DKIM, SPF or DMARC tests fail you probably copied in the TXT records
- incorrectly.
- - If everything looks good and you *can* send mail, but it still goes to Gmail
- or another big provider's spam directory, your domain (especially if it's a
- new one) might be on a public spam list. Check
- [this site](https://mxtoolbox.com/blacklists.aspx) to see if it is. Don't
- worry if you are: sometimes especially new domains are automatically assumed
- to be spam temporarily. If you are blacklisted by one of these, look into it
- and it will explain why and how to remove yourself.
- - Check your DNS settings using [this site](https://intodns.com/), it'll report
- any issues with your MX records
- - Ensure that port 25 is open on your server.
- [Vultr](https://www.vultr.com/docs/what-ports-are-blocked) for instance
- blocks this by default, you need to open a support ticket with them to open
- it. You can't send mail if 25 is blocked
-
- ## TODO
-
- - Fail2ban for security.
- - Scripts for easier spam prevention.
|