Back to home
In progress! Development on this server is still in progress, so some options aren't finished quite yet.
Having said that, the project is advanced far enough to be able to use it as a mailserver and caldav/carddav server
It will handle your email etc, just some of the nice options like a user panel so your users can do settings on their account aren't finished yet.

Where needed, it is stated what still needs doing..
Complete mailserver This installs a complete mailserver based on a standard install of dovecot and postfix. No patched, no weird stuff, just a couple of configuration files that make it work!
This way there will be no trouble when updating the server unless they change option names in dovecot or postfix.

The specific points on this server: All but the last 2 items can be done with the standard packages on the system. For carddav and caldav some custom software will be needed.
Since this software has to be created anyway, we can define the points on this: This document is based on freebsd, but i don't see a problem replicating things on any sort of OS short of windows..
Installation All we will need for the email server are 2 services: dovecot and postfix. For storing the data, we will need some sort of database. In this case, we simply use MariaDB since that is natively supported by these 2 services.
First of all, install a clean freebsd system without the ports.
Then install the services needed:
Installation
#portsnap fetch extract
#cd /usr/ports/ports-mgmt/portmaster
#make install clean
#cd /
-- we need to install mariadb first, else either dovecot or postfix will install the mysql client instead of mariadb
#postmaster database/mariadb102-server
-- do the usual setup and finis mariadb installation

#portmaster mail/dovecot2
-- make sure you select MYSQL and VPOPMAIL

#portmaster mail/dovecot2-pigeonhole
-- make sure the MANAGESIEVE option is selected here

#portmaster mail/postfix
-- again, make sure you select MYSQL support. Also, select TLS, anything else is not needed.

For the mailserver, that's all the installation needed.
Configuration As stated, we didn't patch the software in any way. So it's all up to the configuration of both services to make things work the way we want them to.
First of all, download the configuration files and the sql to create the database:
On freebsd, you can extract these into /usr/local/etc/dovecot and /usr/local/etc/postfix. Also, we will need a folder to contain the certificates for SSL and TLS:
Configuration
-- we install wget to fetch those tar files..
#portmaster ftp/wget

#adduser
-- add a user called vmail with group vmail, and make sure these have UID and GID 1003!
-- if these are not available, write down the UID and GID, obtainable from /etc/passwd and /etc/groups. We will need them later.

#mkdir -p /datastore/mailstore
#chown -R vmail:vmail /datastore/mailstore

#cd /usr/local/etc

#mkdir certificates

#wget http://www.tec4u.nl/emailserver/dovecot.tar.gz
#tar -xzvf dovecot.tar.gz

#wget http://www.tec4u.nl/emailserver/postfix.tar.gz
#tar -xzvf postfix.tar.gz

-- set up the entire database with one SQL file. Reminder: if you already have this, all data will be killed!
#wget http://www.tec4u.nl/emailserver/database.sql
#mysql -p < database.sql
-- login with the information from the mariadb setup

Postfix configuration We need to do some minor changes in the configuration to make sure we are using the correct domains etc.:
Postfix configuration
#nano /usr/local/etc/postfix/main.cf

-- change the following lines and enter YOUR domain:
myhostname 			= mail.domain.tld
smtp_helo_name 	= mail.domain.tld

-- change the line:
mydomain				= mydomain.local
-- mydomain can be anything, but make sure it ends on .local!

-- if your vmail uid and gid isn't 1003, change the lines to the correct value:
virtual_uid_maps = static:1003
virtual_gid_maps = static:1003

-- the current configuration allows for an email to be 50MB maximum. If you want to change this, change the line containing:
message_size_limit = 50000000

-- the current configuration allows for a maximum of 20 email recipients in any email. To change this, change the line:
smtpd_recipient_limit = 20
Postfix configuration
#nano /usr/local/etc/postfix/

-- change the following lines and enter YOUR domain:
myhostname 			= mail.domain.tld
smtp_helo_name 	= mail.domain.tld

-- change the line:
mydomain				= mydomain.local
-- mydomain can be anything, but make sure it ends on .local!

-- if your vmail uid and gid isn't 1002, change the lines to the correct value:
virtual_uid_maps = static:1002
virtual_gid_maps = static:1002

-- the current configuration allows for an email to be 50MB maximum. If you want to change this, change the line containing:
message_size_limit = 50000000

-- the current configuration allows for a maximum of 20 email recipients in any email. To change this, change the line:
smtpd_recipient_limit = 20
Last, we change the file regex_helo_checks. This file has lines that will deny anybody that either uses our IP address or our (primary) domain name when sending the HELO command.
This SHOULD NOT be our name! It SHOULD be the servername that is sending the email. We check at a later point if that name is valid and resolveable.
Open the file with nano and make the changes so it reflects your domain name and IP address..

TODO:
Dovecot configuration There isn't much to change in dovecot other than maybe the uid and gid used to deliver mail:
Postfix configuration
#nano /usr/local/etc/dovecot/dovecot.conf
-- look for these lines and change 1003 to the correct uid and gid:
mail_uid = 1003
mail_gid = 1003
first_valid_uid = 1003
first_valid_gid = 1003

-- change the line and fill in your own email address:
postmaster_address = postmaster@domain.tld

-- the quota amount is dictated by the quotadict. This is done by an sql query. if that fails, the standard quota is enforced which is set to 1GB plus a maximum of 100MB for the trash.
-- any spam folder is ignored in quota calculations.
-- to change this, change the lines:

quota_rule = *:storage=1G
quota_rule2 = Trash:storage=+100M
quota_rule3 = Spam:ignore

-- in the current configuration the user will get 2 quota warnings: at 80% and 95% and 1 critical warning at 100%. Also, they will receive a critical message if the mailbox is over 100%
-- to change this, change the lines:
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
quota_warning3 = storage=100%% quota-critical %u
quota_warning4 = -storage=100%% quota-warning below %u

	

To send the quota warnings 2 files are used. Edit these files and change domain.tld to your domain!
Postfix configuration
#nano /usr/local/etc/dovecot/quota-warning.sh
-- edit the file and change the sender email address. Make any changes you like, even html email is possible. Store it after you are done

#nano /usr/local/etc/dovecot/quota-critical.sh
-- edit the file and change the sender email address. Make any changes you like, even html email is possible. Store it after you are done
The certificates To make TLS and SSL work, we will need certificates. If you can, get valid ones from a provider! If you don't, you can make self-signed ones:
Postfix certificates
#cd /usr/local/etc/certificates/
-- enter the following commands, make sure you enter the correct infomation!
-- especially the YOUR name, which should be your full server name as is found in DNS.
#openssl genrsa -des3 -out postfix.key.pass
#openssl req -new -key postfix.key.pass -out postfix.csr
#openssl x509 -req -days 3650 -in postfix.csr -signkey postfix.key.pass -out postfix.crt
#openssl rsa -in postfix.key.pass -out postfix.key.nopass
#mv postfix.key.nopass postfix.key
#openssl req -new -x509 -extensions v3_ca -keyout postfix.cakey.pem -out postfix.cacert.pem -days 3650

For dovecot we need a certificate also to use imaps and/or pop3s:
Dovecot certificates
#cd /usr/local/etc/certificates/
-- enter the following commands, make sure you enter the correct infomation!
-- especially the YOUR name, which should be your full server name as is found in DNS.
openssl req -new -x509 -nodes -keyout dovecot.key -out dovecot.crt -days 365
openssl x509 -subject -fingerprint -noout -in dovecot.crt
Management The database can become quite complicated, so i made a front-end for it. Granted, the code can be way better, so excuse the mess here and there.
Most important part is: it works, and you can drag and drop even!

To use it, we will need 3 things: the apache webserver, perl with a couple of modules and some software
We are still asuming a clean system, no previous install of apache etc. If there is, just create a folder for the manager and put the software in that, making sure you are allowed to use the .htaccess file and overrule the ExecCGI option. Skip any apache related stuff then.

(please check the todo list at the bottom of this panel!)
Install manager
#portmaster www/apache24
-- just use the standard config
		
-- perl itself was installed with the postfix and dovecot install, so no need to re-install.
-- we do need some modules though..
#cpan DBD-mysql
#cpan CGI
#cpan File::Copy
#cpan Data::Dumper
#cpan Encode
#cpan HTML::Entities

-- we create a folder for the document root
#mkdir -p /www/hostconfig
#mkdir -p /www/sites/myhost/htdocs
#mkdir -p /www/sites/myhost/logs
#chown -R www:www /www/sites/myhost
#cd /www/sites/myhost/htdocs
#wget http://www.tec4u.nl/emailserver/manager.tar.gz
#tar -xzvf manager.tar.gz
#mv manager/htaccess manager/.htaccess
#touch index.html
	

After this, you ended up with everything needed, except for the apache configuration:
Apache configuration
#nano /usr/local/etc/apache24/httpd.conf
-- enable the modules: ssl_module, rewrite_module
-- add as the last line in this file:
Include /www/hostconfig/*.active		
-- save and close the file

#nano /www/hostconfig/default.active

-- enter the following in this file. Please note: it is a basic configuration! 
-- you might change Options and AllowOverride to something else than All, but this will work.
-- change any domain.tld entries in your domain or ip address

<VirtualHost *>
	Servername domain.tld
	Redirect permanent / https://domain.tld/
</VirtualHost>

<VirtualHost *:443>
	ServerName domain.tld
	DocumentRoot /www/sites/myhost/htdocs
	Errorlog /www/myhost/logs/error.log
	CustomLog /www/myhost/logs/transfer.log combined
</VirtualHost>
<Directory "/www/sites/myhost/htdocs">
        AllowOverride All
        Options All
        Order allow,deny
        Allow from all
        require all granted
</Directory>

-- save it and close it

-- start apache:
#service apache start
-- or
#apachectl start

If all is well, apache should now be running. Open up a browser and enter the url: http://<your domain or ip>/manager
you should see a login screen. The default username and password is admin/password.
Once logged in, enter at least 1 domain to accept mail for, and set it mail enabled.
After this, create at least one email address on the entered domain, and you are set for testing!!

If everything seems ok, you can add as many pop3 accounts, domains and email adresses as needed.


TODO
Firewall If you are like me, you either have a seperate firewall in front of your server or one at least on-board!
make sure the following ports are open to the world:
In freebsd there is the easy firewall ipfw. It only takes one line to accomplish this:
Apache configuration
#ipfw add 1000 allow tcp from any to any 25,110,143,587,993,995
Mail client account setup After creating at lease one pop3 account, you can enter an account in your email client. This can be outlook, thunderbird, your phone, pad, etc.
The most important settings for a new account:
(manage) Sieve Sieve (server side email scripts) is supported in this setup as is!
All you need is a sieve rule editor to make the script and activate it.
Editing these rules is very easy if you use the email client: thunderbird
There is a nice extension for it called (how else: sieve). But do NOT install the latest version (0.2.8 at the time of writing). It will crash.
Instead, i have found a working version: 0.2.5, which you can download here, sieve-0.2.3k
Download and save it, then install it in thunderbird
After installation, you will see a new option in the dropdown bar menu, under message filters: Sieve message filters. (Or, hit the alt key, and find it under the 'tools' menu)
it's worth reading up on sieve rules (for instance on the page https://p5r.uk/blog/2011/sieve-tutorial.html, but the interface has a nice drag and drop way of creating your rules.
Vacation notice There are actually 2 ways of setting a vacation notice!

If you use the manager, you can enter it on any pop3 account and enable it. The script that handles the vacation notice will take care of the rest, including not sending any recipient the vacation notice more than once!

If you use the sieve option: it is included in the sieve extension in thunderbird.
CALDAV / CARDDAV These services got installed when the manager was installed, it is part of the code!
So there is nothing to do as far as configuration goes..

To use it: use login/password login with the url: https://domain.tld/manager/dav/ (don't forget the trailing /!) as the basic url for it.
Any caldav/carddav client that can handle discovery will accept and use it.

I tested it with: I am still trying to get lightning to work, but that seems to have some issues still.

If you need the url's for your calendars and/or contactlists (for instance for lighting, which doesn't do discovery....), you can simply enter https://your domain/manager/dav/mystuff in your browser. Log in with your pop3 account, and it will show you an XML response listing all your calendars and contact lists.

TODO