arch-emailwiz

Fork of emailwiz for Arch-based Linux distributions. NOTE: not maintained.
git clone git://git.concealed.world/arch-emailwiz
Log | Files | Refs | README | LICENSE

README (6205B)


      1 # Email server setup script
      2 
      3 This set of scripts is a fork of Luke Smith's "emailwiz", which you may
      4 acquire via 'git clone https://github.com/LukeSmithxyz/emailwiz.git', or
      5 get the 'emailwiz.sh' script directly via 'curl -LO lukesmith.xyz/emailwiz.sh'.
      6 
      7 The reason I have made this fork is that the original script is built around
      8 Debian servers, and will likely work for anyone running Debian as their server
      9 OS, or a derivative. I use Arch Linux ARM on my server. And thus, this fork is
     10 designed to set up an e-mail server (relatively) painlessly on an Arch Linux
     11 server.
     12 
     13 Read this readme and peruse the script's comments before running it. My
     14 intention is that this will get you 98% of the way there to having a functional
     15 e-mail server. Ideally it would be 100%, but I'm not that optimistic - go into
     16 this fully expecting you may need to do mild bug-fixing for the peculiarities
     17 of your individual system.
     18 
     19 ## This script installs
     20 
     21 - **Postfix** to send and receive mail.
     22 - **Dovecot** to get mail to your email client (mutt, Thunderbird, etc).
     23 - Config files that unique the two above securely with native log-ins.
     24 - **Spamassassin** to prevent spam and allow you to make custom filters.
     25 - **Spamassassin-spamc** a spamassassin client.
     26 - **OpenDKIM** to validate you so you can send to Gmail and other big sites.
     27 
     28 ## This script does _not_
     29 
     30 - use a SQL database or anything like that.
     31 - set up a graphical interface for mail like Roundcube or Squirrel Mail. If you
     32   want that, you'll have to install it yourself.
     33 
     34 ## Requirements
     35 1. A server running Arch Linux (ARM) as OS, and nginx as web server. I've
     36    tested this on Arch Linux ARM, it will presumably work on regular Arch Linux 
     37    also.
     38 
     39 2. An MX record pointing to - for example - mail.domain.org for domain.org,
     40    alongside a CNAME record for mail.domain.org (whether or not as a subdomain
     41    does not matter). Set up both with your registrar.
     42    If you have a DDNS service, ensure DDNS on the mail.domain.org CNAME record.
     43 
     44 3. Valid nginx configuration for mail.domain.org. This may be added to
     45    /etc/nginx/nginx.conf in the relevant location, or as a separate file within
     46    /etc/nginx/sites-available/ e.g. /etc/nginx/sites-available/mail. The web 
     47    server root directory may be whatever you want it to be.
     48 
     49    If using sites-available format, do 
     50 # 'ln -s /etc/nginx/sites-available/mail /etc/nginx/sites-enabled/'
     51 
     52    See an nginx configuration example below:
     53 
     54 # server {
     55 #	listen 80 ;			### IPV4
     56 #	listen [::]:80 ;		### IPV6
     57 # 
     58 #	root /usr/share/nginx/mail;	### ENSURE DIR EXISTS
     59 #
     60 #	index index.html;
     61 #
     62 #	server_name mail.domain.org;	### CHANGE EX DOMAIN
     63 #
     64 #	location / {
     65 #		try_files $uri $uri/ =404;
     66 # 	}
     67 # }
     68 
     69    It's not necessary for index.html to contain anything, or to exist. You can
     70    create some content on it if you like though.
     71 
     72    Reload nginx. Example:
     73 # 'sudo systemctl reload nginx.service'
     74 
     75 4. Ensure relevant ports are open. E.g.
     76    * 80/443 - HTTP(S)
     77    * 25/465/587 - SMTP
     78    * 993 - IMAP 
     79 
     80 5. Have a Let's Encrypt SSL certificate for $maildomain. You might need one
     81    for $domain as well, but they're free with Let's Encypt so you should have
     82    them anyway.
     83    E.g. domain.org and mail.domain.org.
     84 
     85    Run something like 'sudo certbot --nginx'.
     86 
     87 6. OPTIONAL - Ensure you have reverse DNS.
     88 
     89    Otherwise, you could possibly be prevented from e-mailing large companies
     90    like Gmail. You can still use the server to recieve incoming mail, but mail
     91    sent to servers such as Gmail will be silently dropped.
     92 
     93    Your reverse DNS - a PTR record - is likely managed by your hosting
     94    provider, or your ISP. You would need to negotiate with them to set it up,
     95    and you will probably want a static IP.
     96 
     97    If you don't care, feel free to skip this step.   
     98 
     99 7. If you've been toying around with your server settings trying to get
    100    postfix/dovecot/etc. working before running this, remove everything prior 
    101    first because this script is build on top of only the defaults.
    102    Clear out /etc/postfix and /etc/dovecot yourself if needbe.
    103 
    104 ## Post-install requirement
    105 
    106 - After the script runs, you'll have to add additional DNS TXT records which
    107   are displayed at the end when the script is complete. They will help ensure
    108   your mail is validated and secure. Add them to the relevant place for TXT 
    109   records with your registrar.
    110 
    111 ## Making new users/mail accounts
    112 
    113 Let's say we want to add a user Billy and let him receive mail, run this:
    114 
    115 ```
    116 useradd -m -G mail billy
    117 passwd billy
    118 ```
    119 
    120 Any user added to the `mail` group will be able to receive mail. Suppose a user
    121 Cassie already exists and we want to let her receive mail to. Just run:
    122 
    123 ```
    124 usermod -a -G mail cassie
    125 ```
    126 
    127 A user's mail will appear in `~/Mail/`. If you want to see your mail while ssh'd
    128 in the server, you could just install mutt, add `set spoolfile="+Inbox"` to
    129 your `~/.muttrc` and use mutt to view and reply to mail. You'll probably want
    130 to log in remotely though:
    131 
    132 ## Logging in from Thunderbird or mutt (and others) remotely
    133 
    134 Let's say you want to access your mail with Thunderbird or mutt or another
    135 email program. See the example details below:
    136 
    137 - SMTP server: `mail.lukesmith.xyz`
    138 - SMTP port: 587
    139 - IMAP server: `mail.lukesmith.xyz`
    140 - IMAP port: 993
    141 - Username `luke` (I.e. *not* `luke@lukesmith.xyz`)
    142 
    143 The last point is important. Many email systems use a full email address on
    144 login. Since we just simply use local PAM logins, only the user's name is used.
    145 
    146 ## Troubleshooting -- Can't send mail?
    147 
    148 - Always check `journalctl -xe` to see the specific problem.
    149 - Go to [this site](https://appmaildev.com/en/dkim) to test your TXT records.
    150   If your DKIM, SPF or DMARC tests fail you probably copied in the TXT records
    151   incorrectly.
    152 - If everything looks good and you *can* send mail, but it still goes to Gmail
    153   or another big provider's spam directory, your domain (especially if it's a
    154   new one) might be on a public spam list.  Check
    155   [this site](https://mxtoolbox.com/blacklists.aspx) to see if it is. Don't
    156   worry if you are: sometimes especially new domains are automatically assumed
    157   to be spam temporaily. If you are blacklisted by one of these, look into it
    158   and it will explain why and how to remove yourself.