Author: Luke Smith <firstname.lastname@example.org>
Date: Sat, 20 Jun 2020 15:43:27 -0400
non-communicative commit message
|M||README.md|| | ||118||++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----------------------|
|M||emailwiz.sh|| | ||46||++++++++++++++++++++++++++++++----------------|
2 files changed, 114 insertions(+), 50 deletions(-)
diff --git a/README.md b/README.md
@@ -1,57 +1,107 @@
# Email server setup script
-I wrote this script during the gruelling process of installing and setting up an email server.
-It perfectly reproduces my successful steps to ensure the same setup time and time again.
+I wrote this script during the gruelling process of installing and setting up
+an email server. It perfectly reproduces my successful steps to ensure the
+same setup time and time again.
-I've linked this file on Github to a shorter, more memorable address on my website so you can get it on your machine with this short command:
+I've linked this file on Github to a shorter, more memorable address on my
+website so you can get it on your machine with this short command:
curl -LO lukesmith.xyz/emailwiz.sh
-When prompted by a dialog menu at the beginning, select "Internet Site", then give your full domain without any subdomain, i.e. `lukesmith.xyz`.
+When prompted by a dialog menu at the beginning, select "Internet Site", then
+give your full domain without any subdomain, i.e. `lukesmith.xyz`.
-Read this readme and peruse the script's comments before running it.
-Expect it to fail and you have to do bug testing and you will be very happy when it actually works perfectly.
+Read this readme and peruse the script's comments before running it. Expect it
+to fail and you have to do bug testing and you will be very happy when it
+actually works perfectly.
-## This script...
+## This script installs
-- Installs a **Dovecot/Postfix mail server** for your domain of choice
-- Sets up **sensible default mailboxes** located in `~/Mail`
-- Installs and sets up **Spam Assassin**
-- Installs and sets up **OpenDKIM** which validates your emails so you can send to Google and other sites with picky spam filters
+- **Postfix** to send mail.
+- **Dovecot** to receive mail.
+- Config files that unique the two above securely with native log-ins.
+- **Spamassassin** to prevent spam and allow you to make custom filters.
+- **OpenDKIM** to validate you so you can send to Gmail and other big sites.
## This script does _not_
-- ...install or use a mySQL databse, instead uses the traditional Unix/PAM/login system where every user can be an email address on the domain.
-- ...set up a graphical interface for mail like Roundcube or Squirrel Mail. If you want that, you'll have to install it yourself. I just use [isync/msmtp/mutt-wizard](https://github.com/lukesmithxyz/mutt-wizard) to have an offline mirror of my email setup and I recommend the same. There are other ways of doing it though, like Thunderbird, etc.
-- ...offer any frills. If you want to change something, open the script up and change some variables.
+- use a SQL database or anything like that.
+- set up a graphical interface for mail like Roundcube or Squirrel Mail. If you
+ want that, you'll have to install it yourself. I just use
+ [isync/msmtp/mutt-wizard](https://github.com/lukesmithxyz/mutt-wizard) to
+ have an offline mirror of my email setup and I recommend the same. There are
+ other ways of doing it though, like Thunderbird, etc.
-- `apt purge` all your previous (failed) attempts to install and configure a mailserver. Get rid of _all_ your system settings for Postfix, Dovecot, OpenDKIM and everything else. This script builds off of a fresh install.
-- A **Debian or Ubuntu server**. I've tested this on a [Vultr](https://www.vultr.com/?ref=7914655-4F) Debian server and their setup works, but I suspect other VPS hosts will have similar/possibly identical default settings which will let you run this on them.
-- An **MX record** in your DNS settings that points to your own main domain/IP. Unless you have your own DNS server, you'll put this setting on your domain registrar's site. Look up their documentation on how to do this, but it's usually really easy.
-- **SSL for your site's mail subdomain**, specifically for mail.yourdomain.tld with Let's Encrypt. The script will look to Let's Encrypt's generated configs. If you have some other SSL system, you can manually change the SSL locations in the script before running it and it should be fine. You might want to create a dummy Apache/nginx record for your mail domain as this makes running Let's Encrypt's Certbot easier.
-- After the script runs, you'll have to add an *additional DNS TXT record* which involves the OpenDKIM key that it generates during the script.
+1. A **Debian or Ubuntu server**. I've tested this on a
+ [Vultr](https://www.vultr.com/?ref=8384069-6G) Debian server and one running
+ Ubuntu and their setup works, but I suspect other VPS hosts will have
+ similar/possibly identical default settings which will let you run this on
+ them. Note that the affiliate link there to Vultr gives you a $100 credit
+ for the first month to play around.
+2. **A Let's Encrypt SSL certificate for your site's `mail.` subdomain**.
+ Create a nginx/apache site at `mail.<yourdomain.com>` and get a certificate
+ for it with Let's Encrypt's [Certbot](https://certbot.eff.org/).
+3. - You need two little DNS records set on your domain registrar's site/DNS
+ server: (1) an **MX record** pointing to your own main domain/IP and (2) a
+ **CNAME record** for your `mail.` subdomain.
+4. `apt purge` all your previous (failed) attempts to install and configure a
+ mailserver. Get rid of _all_ your system settings for Postfix, Dovecot,
+ OpenDKIM and everything else. This script builds off of a fresh install.
+## Post-install requirement!
-My intention is to have this script working for me on my Debian web server which I have with Vultr.
-Different VPS hosts or distros might have a startup config that's a little different and I'm sure as heck not going to make sure everything works on every possible machine out there, please do not even ask.
-If a lot of people try this script and see that it works as expected everywhere, then I might try to label it as such and try to make it universal, but think of this script as a script that works on my exact setup that has some educational comments for the uninitiated and only _might_ work as intended.
+- After the script runs, you'll have to add two *additional DNS TXT records*
+ which involves the OpenDKIM key that it generates during the script.
-If you decide to start a VPS, specifically Vultr since I made this script and have tempered it most on their default setup,
-use [this referal link of mine](https://www.vultr.com/?ref=8384069-6G) because you get a free $100 credit for a month, and if you stay on the site, eventually I get a smaller kickback too.
-I honestly have no really strong preference of Vultr over other VPS providers, but they're about as cheap and reliable as it gets and if we can get free money, lol whatever click the link 👏👏.
+## Making new users/mail accounts
+Let's say we want to add a user Billy and let him receive mail, run this:
-- A user's mail is in `~/Mail`. Want a new email address? Create a new user and just add them to the mail group, be sure to give them a password with `passwd <name>` as well. Now they can send and receive mail. Look up using aliases too if you want for more cool stuff. Dovecot should autocreate the directories as needed.
-- All dovecot configuration is just in `/etc/dovecot/dovecot.conf` instead of a dozen little config files. You can read those in `/etc/dovecot/conf.d/` for more info, but they are not called by default after running this script and the needed settings are edited into the main config.
-- Your IMAP/SMTP server will be `mail.yourdomain.tld` and your ports will be the typical ones: 993 for IMAP and 587 for SMTP.
-- Using non-encrypted ports is not allowed for safety! The login is with plaintext because that's simpler and more robust given SSL's security.
-- As is, you will use your name, not full email to log in. E.g., for my `email@example.com` address, `luke` is my login.
+useradd -m -G mail billy
+Any user added to the `mail` group will be able to receive mail. Suppose a user
+Cassie already exists and we want to let her receive mail to. Just run:
+usermod -a -G mail cassie
+A user's mail will appear in `~/.Mail/`. I you want to see your mail while
+ssh'd in the server, you could just install mutt, add `set spoolfile="+Inbox"`
+to your `~/.muttrc` and use mutt to view and reply to mail. You'll probably
+want to log in remotely though:
+## Logging in from Thunderbird or mutt (and others) remotely
+Let's say you want to access your mail with Thunderbird or mutt or another
+email program. For my domain, the server information will be as follows:
+- SMTP server: `mail.lukesmith.xyz`
+- SMTP port: 587
+- IMAP server: `mail.lukesmith.xyz`
+- IMAP port: 993
+- Username `luke` (I.e. *not* `firstname.lastname@example.org`)
+The last point is important. Many email systems use a full email address on
+login. Since we just simply use local PAM logins, only the user's name is used
+(this makes a difference if you're using my
+## Tweaking things
+You're a big boy now if you have your own mail server!
+You can tweak Postfix (sending mail
+## Benefited from this?
-If this script or documentation has saved you some frustration, you can donate to support me at [lukesmith.xyz/donate](https://lukesmith.xyz/donate.html).
-No refunds if the process of having a mail server causes you another kind of frustration! 😉
+If this script or documentation has saved you some frustration, you can donate
+to support me at [lukesmith.xyz/donate](https://lukesmith.xyz/donate.html).
diff --git a/emailwiz.sh b/emailwiz.sh
@@ -40,11 +40,13 @@ which opendkim-genkey >/dev/null 2>&1 || apt install opendkim-tools
-# Determine location of ssl certificate from common names.
-for x in /etc/letsencrypt/live/$maildomain /etc/letsencrypt/live/mail /etc/letsencrypt/live/$domain; do
- [ -d "$x" ] && certdir="$x" && break
+[ ! -d "$certdir" ] && echo "Note! You must first have a HTTPS/SSL Certificate for $maildomain.
+Use Let's Encrypt's Certbot to get that and then rerun this script.
+You may need to set up a dummy $maildomain site in nginx or Apache for that to work."
# NOTE ON POSTCONF COMMANDS
@@ -271,15 +273,27 @@ for x in dovecot postfix opendkim spamassassin; do
pval="$(tr -d "\n" </etc/postfix/dkim/mail.txt | sed "s/k=rsa.* \"p=/k=rsa; p=/;s/\"\s*\"//;s/\"\s*).*//" | grep -o "p=.*")"
-echo "Here is your TXT entry:"
-printf "Record Name\\tRecord Type\\tText of entry\\n"
-# the DKIM record is this one
-printf "%s._domainkey\\tTXT\\t\\tv=DKIM1; k=rsa; %s\\n" "$subdom" "$pval"
-# the SPF record is this one
-printf "%s\\tTXT\\t\\tv=spf1 mx a:%s -all\\n" "@" "$maildomain"
+dkimentry="$subdom._domainkey.$domain\\tTXT\\tv=DKIM1; k=rsa; $pval"
+dmarcentry="_dmarc.$domain\\tTXT\\tv=DMARC1; p=none; rua=mailto:dmarc@$domain; fo=1"
+spfentry="@\\tTXT\\ttv=spf1 mx a:$maildomain -all"
+useradd -m -G mail dmarc
+$spfentry" > "$HOME/dns_emailwizard"
+echo " _ _
+| \ | | _____ ___
+| \| |/ _ \ \ /\ / (_)
+| |\ | (_) \ V V / _
+|_| \_|\___/ \_/\_/ (_)
+Add these three records to your DNS TXT records on either your registrar's site
+or your DNS server:
+Also saving these to ~/dns_emailwizard in case you want them in a file.
+Once you do that, you're done! Check the README for how to add users/accounts and how to log in."