emailwiz

Script for setting up an email server automatically
Log | Files | Refs | README

README.md (6191B)

      1 # Email server setup script
      2 
      3 I wrote this script during the gruelling process of installing and setting up
      4 an email server.  It perfectly reproduces my successful steps to ensure the
      5 same setup time and time again.
      6 
      7 I've linked this file on Github to a shorter, more memorable address on my
      8 website so you can get it on your machine with this short command:
      9 
     10 ```
     11 curl -LO lukesmith.xyz/emailwiz.sh
     12 ```
     13 
     14 When prompted by a dialog menu at the beginning, select "Internet Site", then
     15 give your full domain without any subdomain, i.e. `lukesmith.xyz`.
     16 
     17 Read this readme and peruse the script's comments before running it.  Expect it
     18 to fail and you have to do bug testing and you will be very happy when it
     19 actually works perfectly.
     20 
     21 ## This script installs
     22 
     23 - **Postfix** to send and receive mail.
     24 - **Dovecot** to get mail to your email client (mutt, Thunderbird, etc).
     25 - Config files that unique the two above securely with native log-ins.
     26 - **Spamassassin** to prevent spam and allow you to make custom filters.
     27 - **OpenDKIM** to validate you so you can send to Gmail and other big sites.
     28 
     29 ## This script does _not_
     30 
     31 - use a SQL database or anything like that.
     32 - set up a graphical interface for mail like Roundcube or Squirrel Mail. If you
     33   want that, you'll have to install it yourself. I just use
     34   [isync/msmtp/mutt-wizard](https://github.com/lukesmithxyz/mutt-wizard) to
     35   have an offline mirror of my email setup and I recommend the same. There are
     36   other ways of doing it though, like Thunderbird, etc.
     37 
     38 ## Requirements
     39 
     40 1. A **Debian or Ubuntu server**. I've tested this on a
     41    [Vultr](https://www.vultr.com/?ref=8384069-6G) Debian server and one running
     42    Ubuntu and their setup works, but I suspect other VPS hosts will have
     43    similar/possibly identical default settings which will let you run this on
     44    them. Note that the affiliate link there to Vultr gives you a $100 credit
     45    for the first month to play around.
     46 2. **A Let's Encrypt SSL certificate for your site's `mail.` subdomain**.
     47    Create a nginx/apache site at `mail.<yourdomain.com>` and get a certificate
     48    for it with Let's Encrypt's [Certbot](https://certbot.eff.org/).
     49 3. You need two little DNS records set on your domain registrar's site/DNS
     50    server: (1) an **MX record** pointing to your own main domain/IP and (2) a
     51    **CNAME record** for your `mail.` subdomain.
     52 4. **A Reverse DNS entry for your site.** Go to your VPS settings and add an
     53    entry for your IPV4 Reverse DNS that goes from your IP address to
     54    `mail.<yourdomain.com>`. If you would like IPV6, you can do the same for
     55    that. This has been tested on Vultr, and all decent VPS hosts will have
     56    a section on their instance settings page to add a reverse DNS PTR entry.
     57    You can use the 'Test Email Server' or ':smtp' tool on
     58    [mxtoolbox](https://mxtoolbox.com/SuperTool.aspx) to test if you set up
     59    a reverse DNS correctly. This step is not required for everyone, but some
     60    big email services like gmail will stop emails coming from mail servers
     61    with no/invalid rDNS lookups. This means your email will fail to even
     62    make it to the receipients spam folder; it will never make it to them.
     63 5. `apt purge` all your previous (failed) attempts to install and configure a
     64    mailserver. Get rid of _all_ your system settings for Postfix, Dovecot,
     65    OpenDKIM and everything else. This script builds off of a fresh install.
     66 6. Some VPS providers block port 25 (used to send mail). You may need to
     67    request that this port be opened to send mail successfully. Although I have
     68    never had to do this on a Vultr VPS, others have had this issue so if you
     69    cannot send, contact your VPS provider.
     70 
     71 ## Post-install requirement!
     72 
     73 - After the script runs, you'll have to add additional DNS TXT records which
     74   are displayed at the end when the script is complete. They will help ensure
     75   your mail is validated and secure.
     76 
     77 ## Making new users/mail accounts
     78 
     79 Let's say we want to add a user Billy and let him receive mail, run this:
     80 
     81 ```
     82 useradd -m -G mail billy
     83 passwd billy
     84 ```
     85 
     86 Any user added to the `mail` group will be able to receive mail. Suppose a user
     87 Cassie already exists and we want to let her receive mail to. Just run:
     88 
     89 ```
     90 usermod -a -G mail cassie
     91 ```
     92 
     93 A user's mail will appear in `~/Mail/`. I you want to see your mail while ssh'd
     94 in the server, you could just install mutt, add `set spoolfile="+Inbox"` to
     95 your `~/.muttrc` and use mutt to view and reply to mail. You'll probably want
     96 to log in remotely though:
     97 
     98 ## Logging in from Thunderbird or mutt (and others) remotely
     99 
    100 Let's say you want to access your mail with Thunderbird or mutt or another
    101 email program. For my domain, the server information will be as follows:
    102 
    103 - SMTP server: `mail.lukesmith.xyz`
    104 - SMTP port: 587
    105 - IMAP server: `mail.lukesmith.xyz`
    106 - IMAP port: 993
    107 - Username `luke` (I.e. *not* `luke@lukesmith.xyz`)
    108 
    109 The last point is important. Many email systems use a full email address on
    110 login. Since we just simply use local PAM logins, only the user's name is used
    111 (this makes a difference if you're using my
    112 [mutt-wizard](https://github.com/lukesmithxyz/mutt-wizard), etc.).
    113 
    114 ## Tweaking things
    115 
    116 You're a big boy now if you have your own mail server!
    117 
    118 You can tweak Postfix (sending mail
    119 
    120 ## Benefited from this?
    121 
    122 If this script or documentation has saved you some frustration, you can donate
    123 to support me at [lukesmith.xyz/donate](https://lukesmith.xyz/donate.html).
    124 
    125 ## Troubleshooting -- Can't send mail?
    126 
    127 - Always check `journalctl -xe` to see the specific problem.
    128 - Go to [this site](https://appmaildev.com/en/dkim) to test your TXT records.
    129   If your DKIM, SPF or DMARC tests fail you probably copied in the TXT records
    130   incorrectly.
    131 - If everything looks good and you *can* send mail, but it still goes to Gmail
    132   or another big provider's spam directory, your domain (especially if it's a
    133   new one) might be on a public spam list.  Check
    134   [this site](https://mxtoolbox.com/blacklists.aspx) to see if it is. Don't
    135   worry if you are: sometimes especially new domains are automatically assumed
    136   to be spam temporaily. If you are blacklisted by one of these, look into it
    137   and it will explain why and how to remove yourself.