Setting up a Basic Nevertheless Advanced Mail Service

mailto:pboy@fedoraproject.org[Peter Boy] Versi F38 Last review: 2023-03-xx
The objective is to set up an elaborate mail system that provides an IMAP and pop3 server and includes up-to-date techniques for fighting spam and strengthening trustworthiness like a professional server. It is basic as it is not optimized for operation with large number of users. It lacks a database system for users and configuration, as well as scalability. All this is done directly through configuration files of the corresponding software.

You are in the Fedora Server documentation staging area!

These documents are not approved yet and may be incomplete and/or incorrect. Take everything here with a grain of salt! You would probably prefer to study the published documentation.

Status of this document: Work in progress, version 0.2 (early state).

You may help us and comment using the ticket system - see button above

The tutorial aims to provide a reliable mail system. It composes from various components, which have to cooperatioe seaminglessly.

  • Postfix as SMTP Server (MTA - Mail Transfer Agent) to organize Mail traffic between servers. It also allows users to submit mails.

  • Dovecot as secure IMAP / POP backend for user mailboxes (MUA - Mail User Agent) with up-to-date connection to Postfix via LMTP and availability of Sieve Management for efficient overview even with heavy mail traffic.

  • Spam and virus defense using Amavis, Spamassessin, and ClamAV, interconnected via milter protocol.

The tutorial focuses on setting up the software in the specific Fedora runtime environment. Further details are covered in the documentation of the respective project.

Features and concept

  • Postfix as SMTP server

  • Dovecot as IMAP / POP backend

    • Up-to-date connection to Postfix via LMTP (scalable and dynamic recipient validation).

    • By means of Sieve-manage and differentiated mailboxes (inbox, spam, etc., see in particular Leistner), an efficient overview is achieved even with extensive mail traffic.

  • Spam and virus defense using Amavis/Amavis-milter, Spamassessin, ClamAV, connection via milter protocol

  • Use of SPF

  • For small mail services: Configuration of users in configuration files, for direct and uncomplicated access for the administrator

Planned future additions

  • Use of DMARC

  • Use of DKIM, i.e. signing of outgoing mails (possible with Amavis or openDKIM, preference: openDKIM)

    • Integration of OpenDKIM as Milter (in Postgres Milter integration is more elegant and robust) Unix Sockets are more performant

  • Adding user administration and configuration management via database (PostgreSQL) and ,graphical UI for larger installations *

Prerequisites

  1. Static hostname

    At Red Hat based distributions a Fully Qulified Domain Name (FQDN), e.g. mymailer.example.com.

  2. Access to Firewall

  3. Access to DNS configuration

  4. SSL Certificate

Software used

Tabel 1. Software Overview
No. Software minimal version F38 version upstream version

1

postfix

x.y

x.y

x.y

2

dovecot

x.y

x.y

x.y

3

amavis

x.y

x.y

x.y

4

amavisd-milter

x.y

x.y

x.y

5

spamassassin

6

clamv

7

openDKIM

8

Preparations

Set static hostname

Configure firewall

Configure DNS

Create certificates

Let’s Encrypt certificates

Letsencrypt Zertifikat für die Servermaschine anfordern MIT laufendem Webserver letsencrypt certonly --webroot --webroot-path /srv/a_default/htdocs --domains pontos.resdigita.de,imap.resdigita.de,smtp.resdigita.de --renew-by-default --agree-tos --email pb@boy-digital.de OHNE laufendem Webserver (P 80 verf.) letsencrypt certonly --standalone --domains pontos.resdigita.de,imap.resdigita.de,smtp.resdigita.de --renew-by-default --agree-tos --email pb@boy-digital.de

You may have a look at the certificate using

[…]$ openssl  x509 -in /etc/letsencrypt/live/mymailer.example.com/cert.pem  -text -noout

The work steps involved

  1. Install and basic configure Postfix

  2. Install and configure dovecot

  3. Enable Postfix to accept submissions by mail clients

  4. Protecting the trustworthiness: DKim, dmarc & co.

  5. Improve junk and relay control

  6. Test procedures

With everything prepared, let’s start with Postfix installation.