Set up mail server with PostfixAdmin

s2 0

Postfix Admin is a web-based interface that enables users to configure and manage a Postfix-based email server. Postfix Admin allows you to create and manage multiple virtual domains, users, and aliases.

This is the first post in the series on setting up and configuring a mail server, which covers creating the required DNS entries and explains the installation and configuration of Postfix Admin, Nginx with free Let’s Encrypt certificate, PHP and MySQL.

This tutorial was written for Ubuntu 16.04, but the same steps with minor modifications should work on any newer version of Ubuntu.

requirements

As prerequisites for this series you need:

  • Ubuntu 16.04 server. The host name of the server must be an FQDN. In this series we use mail.linuxize.com.
  • Users with sudo permissions.

DNS settings

In order for your mail system to work, you need to set up the following DNS entries:

  • An entry to point the FQDN (host name) of your system to the IPv4 address of your mail server.
mail.linuxize.com. 3600 IN A   23.45.67.89
The FQDN consists of two parts, the host name and the domain name.
  • MX record to indicate which mail server is responsible for accepting email messages on behalf of a recipient domain. In our case we want all emails to be sent to @linuxize.com Email addresses sent by the. be accepted mail.linuxize.com Mail server.
linuxize.com.      3600 IN MX  0 mail.linuxize.com.
  • SPF record used to check which mail servers are allowed to send e-mail on behalf of a particular domain. In the example below we are approving the domain mail servers (mx) and if the SPF check fails, the result is a soft error (~ all):
linuxize.com.      3600 IN TXT "v=spf1 mx ~all"
Of course, you’ll need to replace the domain name and IP address with your real domain name and the IP address of your mail server.

Reverse DNS (PTR)

Reverse DNS (PTR) is a mapping of IP addresses to domain names, the exact opposite of DNS, which maps domain names to IP addresses.

Most email servers do a reverse DNS lookup on the IP address trying to connect to them and may not accept email from the server if the PTR record is not set.

In most cases, PTR records can be set through your hosting provider’s web interface or by contacting the support team and asking them to set up a correct PTR record for you.

You can use the dig command to find out the reverse DNS of a specific IP address.

dig -x 23.45.67.89
23.45.67.89.in-addr.arpa domain name pointer mail.linuxize.com.

Create a system user

Since we are configuring a mail server with virtual users, we need a system user who owns all mailboxes and is used by the virtual users to access their email messages on the server.

The following command creates a new group and user named vmail and set up the user’s home directory /var/mail/vmail:

sudo groupadd -g 5000 vmailsudo useradd -u 5000 -g vmail -s /usr/sbin/nologin -d /var/mail/vmail -m vmail

All virtual mailboxes are saved in /var/mail/vmail Directory.

Install Nginx PHP and MySQL

Postfix admin
is a PHP-based application. In order to be able to access the PostfixAdmin web interface, we have to install a web server and PHP.

Run the following command to install Nginx, PHP, and any required PHP modules:

sudo apt install nginx mysql-server php7.0-fpm php7.0-cli php7.0-imap php7.0-json php7.0-mysql php7.0-opcache php7.0-mbstring php7.0-readline

During the installation you will be asked to create a MySQL root password.

Download and configure Postfix Admin

At the time of writing, 3.1 is the latest stable version of Postfix Admin.

Download the Postfix admin archive using the following wget command:

VERSION=3.1wget -q https://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-${VERSION}/postfixadmin-${VERSION}.tar.gz

Once the download is complete, extract the archive:

tar xzf postfixadmin-${VERSION}.tar.gz

Move the Postfix Admin source files to the /var/www Directory and create templates_c Directory (Smart Cache):

sudo mv postfixadmin-${VERSION}/ /var/www/postfixadminrm -f postfixadmin-${VERSION}.tar.gzmkdir /var/www/postfixadmin/templates_c

Both Nginx and PHP-FPM run under users www-data So we have to change ownership of the /var/www/postfixadmin to this user:

sudo chown -R www-data: /var/www/postfixadmin

Postfix Admin uses a MySQL database to store information about users, domains, and application configuration.

Log in to the MySQL shell:

mysql -u root -p

Create a new MySQL user and database using the following commands:

CREATE DATABASE postfixadmin;GRANT ALL ON postfixadmin.* TO 'postfixadmin'@'localhost' IDENTIFIED BY 'P4ssvv0rD';FLUSH PRIVILEGES;
Don’t forget to change the password (P4ssvv0rD) to something safer.

Instead of editing the default Postfix Admin configuration, let’s create a new file called config.local.php which overwrites the default application settings:

Open the file with your text file:

sudo nano /var/www/postfixadmin/config.local.php

Paste the following PHP code:

/var/www/postfixadmin/config.local.php
<?php
$CONF['configured'] = true;

$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfixadmin';
$CONF['database_password'] = 'P4ssvv0rD';
$CONF['database_name'] = 'postfixadmin';

$CONF['default_aliases'] = array (
  'abuse'      => '[email protected]',
  'hostmaster' => '[email protected]',
  'postmaster' => '[email protected]',
  'webmaster'  => '[email protected]'
);

$CONF['fetchmail'] = 'NO';
$CONF['show_footer_text'] = 'NO';

$CONF['quota'] = 'YES';
$CONF['domain_quota'] = 'YES';
$CONF['quota_multiplier'] = '1024000';
$CONF['used_quotas'] = 'YES';
$CONF['new_quota_table'] = 'YES';

$CONF['aliases'] = '0';
$CONF['mailboxes'] = '0';
$CONF['maxquota'] = '0';
$CONF['domain_quota_default'] = '0';
?>

Save and close the file.

With the above configuration we define the database type and the access data. We also specify and deactivate the standard aliases fetchmail and activate quota.

Next, run the following command to create the schema for the Postfix Admin database:

sudo -u www-data php /var/www/postfixadmin/upgrade.php

Once the database is filled we can go ahead and create our first PostfixAdmin superadmin user by using the postfixadmin-cli Tool.

This user has administrator rights to change any domain or application settings.

sudo bash /var/www/postfixadmin/scripts/postfixadmin-cli admin add [email protected] --superadmin 1 --active 1 --password P4ssvv0rD --password2 P4ssvv0rD

The output should look something like this:

Welcome to Postfixadmin-CLI v0.2
---------------------------------------------------------------

The admin [email protected] has been added!

---------------------------------------------------------------
Don’t forget to change the password (P4ssvv0rD) a little more secure for the Superadmin account.

Install the free Let’s Encrypt SSL certificate

We will use the SSL certificate to access our Postfix Admin installation and enable Dovecot and Postfix SSL / TLS encryption.

We have a tutorial on how to install a Let’s Encrypt SSL certificate. The most important point here is to generate an SSL certificate for your server host name (FQDN) in our case mail.linuxize.com.

After generating the SSL certificate by following the tutorial linked above, edit your Nginx server block as follows:

/etc/nginx/sites-enabled/mail.linuxize.com.conf
server {
    listen 80;
    server_name mail.linuxize.com;

    include snippets/letsencrypt.conf;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name mail.linuxize.com;
    root /var/www;

    ssl_certificate /etc/letsencrypt/live/mail.linuxize.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mail.linuxize.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/mail.linuxize.com/chain.pem;
    include snippets/ssl.conf;
    include snippets/letsencrypt.conf;

    location / {
       try_files $uri $uri/ /index.php;
    }

    location /postfixadmin {
       index index.php;
       try_files $uri $uri/ /postfixadmin/index.php;
    }

    location ~* .php$ {
         fastcgi_split_path_info ^(.+?.php)(/.*)$;
         if (!-f $document_root$fastcgi_script_name) {return 404;}
         fastcgi_pass  unix:/run/php/php7.0-fpm.sock;
         fastcgi_index index.php;
         include fastcgi_params;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}

Reload the Nginx service for the changes to take effect:

sudo systemctl reload nginx

At this point you should be able to log into your Postfix Admin installation under https://mail.linuxize.com/postfixadminby using the superadmin user created earlier in this tutorial.

Conclusion

In this tutorial, you installed Postfix Admin. In the next part of this series we will continue with installing and configuring Postfix and Dovecot. Stay tuned!

This post is part of the Set up and configure mail server Series.
Further articles in this series:


Set up mail server with PostfixAdmin

Install and configure Postfix and Dovecot

Install and integrate rspamd

Install and configure Roundcube Webmail

This post is part of the Set up and configure mail server Series.
Further articles in this series:


Set up mail server with PostfixAdmin

Install and configure Postfix and Dovecot

Install and integrate rspamd

Install and configure Roundcube Webmail

Set up mail server with PostfixAdmin

Install and configure Postfix and Dovecot

Install and integrate rspamd

Install and configure Roundcube Webmail