README.md (6419B)
1 # Email server setup script 2 3 I wrote this script during the grueling process of installing and setting up 4 an email server. It perfectly reproduces my successful steps to ensure the 5 same setup time and time again, now with many improvements. 6 7 I'm glad to say that dozens, hundreds of people have now used it and there is a 8 sizeable network of people with email servers thanks to this script. 9 10 I've linked this file on Github to a shorter, more memorable address on my 11 website so you can get it on your machine with this short command: 12 13 ```sh 14 curl -LO lukesmith.xyz/emailwiz.sh 15 ``` 16 17 When prompted by a dialog menu at the beginning, select "Internet Site", then 18 give your full domain without any subdomain, i.e. `lukesmith.xyz`. 19 20 ## This script installs 21 22 - **Postfix** to send and receive mail. 23 - **Dovecot** to get mail to your email client (mutt, Thunderbird, etc.). 24 - Config files that link the two above securely with native log-ins. 25 - **Spamassassin** to prevent spam and allow you to make custom filters. 26 - **OpenDKIM** to validate you so you can send to Gmail and other big sites. 27 28 ## This script does _not_ 29 30 - use a SQL database or anything like that. 31 - set up a graphical interface for mail like Roundcube or Squirrel Mail. If you 32 want that, you'll have to install it yourself. I just use 33 [isync/msmtp/mutt-wizard](https://github.com/lukesmithxyz/mutt-wizard) to 34 have an offline mirror of my email setup and I recommend the same. There are 35 other ways of doing it though, like Thunderbird, etc. 36 37 ## Requirements 38 39 1. A **Debian or Ubuntu server**. I've tested this on a 40 [Vultr](https://www.vultr.com/?ref=8384069-6G) Debian server and one running 41 Ubuntu and their setup works, but I suspect other VPS hosts will have 42 similar/possibly identical default settings which will let you run this on 43 them. Note that the affiliate link there to Vultr gives you a $100 credit 44 for the first month to play around. 45 2. **A Let's Encrypt SSL certificate for your site's `mail.` subdomain**. 46 3. You need two little DNS records set on your domain registrar's site/DNS 47 server: (1) an **MX record** pointing to your own main domain/IP and (2) a 48 **CNAME record** for your `mail.` subdomain. 49 4. **A Reverse DNS entry for your site.** Go to your VPS settings and add an 50 entry for your IPv4 Reverse DNS that goes from your IP address to 51 `<yourdomain.com>` (not mail subdomain). If you would like IPv6, you can do 52 the same for that. This has been tested on Vultr, and all decent VPS hosts 53 will have a section on their instance settings page to add a reverse DNS PTR 54 entry. 55 You can use the 'Test Email Server' or ':smtp' tool on 56 [mxtoolbox](https://mxtoolbox.com/SuperTool.aspx) to test if you set up 57 a reverse DNS correctly. This step is not required for everyone, but some 58 big email services like Gmail will stop emails coming from mail servers 59 with no/invalid rDNS lookups. This means your email will fail to even 60 make it to the recipients spam folder; it will never make it to them. 61 5. `apt purge` all your previous (failed) attempts to install and configure a 62 mail server. Get rid of _all_ your system settings for Postfix, Dovecot, 63 OpenDKIM and everything else. This script builds off of a fresh install. 64 6. Some VPS providers block mail port numbers like 25, 933 or 587 by default. 65 You may need to request these ports be opened to send mail successfully. 66 Vultr and most other VPS providers will respond immediately and open the 67 ports for you if you open a support ticket. 68 69 ## Post-install requirement! 70 71 - After the script runs, you'll have to add additional DNS TXT records which 72 are displayed at the end when the script is complete. They will help ensure 73 your mail is validated and secure. 74 75 ## Making new users/mail accounts 76 77 Let's say we want to add a user Billy and let him receive mail, run this: 78 79 ``` 80 useradd -m -G mail billy 81 passwd billy 82 ``` 83 84 Any user added to the `mail` group will be able to receive mail. Suppose a user 85 Cassie already exists and we want to let her receive mail too. Just run: 86 87 ``` 88 usermod -a -G mail cassie 89 ``` 90 91 A user's mail will appear in `~/Mail/`. If you want to see your mail while ssh'd 92 in the server, you could just install mutt, add `set spoolfile="+Inbox"` to 93 your `~/.muttrc` and use mutt to view and reply to mail. You'll probably want 94 to log in remotely though: 95 96 ## Logging in from Thunderbird or mutt (and others) remotely 97 98 Let's say you want to access your mail with Thunderbird or mutt or another 99 email program. For my domain, the server information will be as follows: 100 101 - SMTP server: `mail.lukesmith.xyz` 102 - SMTP port: 587 103 - IMAP server: `mail.lukesmith.xyz` 104 - IMAP port: 993 105 106 In previous versions of emailwiz, you also had to log on with *only* your 107 username (i.e. `luke`) rather than your whole email address (i.e. 108 `luke@lukesmith.xyz`), which caused some confusion. This is no longer the 109 case. 110 111 ## Benefited from this? 112 113 I am always glad to hear this script is still making life easy for people! If 114 this script or documentation has saved you some frustration, you can donate to 115 support me at [lukesmith.xyz/donate](https://lukesmith.xyz/donate.html). 116 117 ## Troubleshooting -- Can't send mail? 118 119 - Always check `journalctl -xe` to see the specific problem. 120 - Check with your VPS host and ask them to enable mail ports. Some providers 121 disable them by default. It shouldn't take any time. 122 - Go to [this site](https://appmaildev.com/en/dkim) to test your TXT records. 123 If your DKIM, SPF or DMARC tests fail you probably copied in the TXT records 124 incorrectly. 125 - If everything looks good and you *can* send mail, but it still goes to Gmail 126 or another big provider's spam directory, your domain (especially if it's a 127 new one) might be on a public spam list. Check 128 [this site](https://mxtoolbox.com/blacklists.aspx) to see if it is. Don't 129 worry if you are: sometimes especially new domains are automatically assumed 130 to be spam temporarily. If you are blacklisted by one of these, look into it 131 and it will explain why and how to remove yourself. 132 - Check your DNS settings using [this site](https://intodns.com/), it'll report 133 any issues with your MX records 134 - Ensure that port 25 is open on your server. 135 [Vultr](https://www.vultr.com/docs/what-ports-are-blocked) for instance 136 blocks this by default, you need to open a support ticket with them to open 137 it. You can't send mail if 25 is blocked