Build Your Own Personal Web Site Hosting Server

Build A Debian 11 Hosting Server Using Apache, BIND, Dovecot, MariaDb, PureFTPD and ISPConfig

Build a Debian 11 Web Site Hosting Server Using Apache, BIND, Dovecot, MariaDb, PureFTPD and ISPConfig Featuring PHPMyAdmin and RoundCube Web Applications with Multiple PHP Versions

Tutorial 3 Best if viewed by Tablet or Computer
  • Written By:
    Edward Kimmel
  • Published On:
    November 13th, 2022
    9:00 PM
  • Last Updated:
    December 9th, 2022
    9:00 PM

A Tutorial To Build A Debian 11 Web Site Hosting Server Using Apache, BIND, Dovecot, MariaDb, PureFTPD and ISPConfig - Page: 4

By: Edward Kimmel

Create A Mail Server With RoundCube Webmail Client

3.01 Overview

  Postfix is a mail transfer agent (MTA), an application used to send and receive email.

  Dovecot is an open-source service for IMAP and POP3 on Unix-like operating systems. It focused on lightweight and secure mail server available for most of the Linux operating system. POP3 (Post Office Protocol 3) and IMAP (Internet Message Access Protocol) both are protocols works as message accessing agent.

  Rkhunter is a tool that scans for rootkits, backdoors, and other security issues on Linux systems. It does this by examining your files and comparing the hashes against known values of trusted software and malware.

  amavisd-new is a high-performance interface between mailer (MTA) and content checkers: virus scanners, and/or SpamAssassin. It is written in Perl for maintainability, without paying a significant price for speed. It talks to MTA via (E)SMTP or LMTP, or by using helper programs. SpamAssassin is an extensible email filter which is used to identify spam. It has a wide range of features, uses DNSBL tests, heuristics, Bayesian classification and other concepts to tell your spam from ham. ClamAV® is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.

3.02 Install Postfix, Dovecot and rkhunter

  We can install Postfix, Dovecot and rkhunter with a single command:

apt-get -y install dbconfig-common postfix postfix-mysql postfix-doc getmail6 rkhunter dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-managesieved dovecot-lmtpd

You will be asked the following questions:

General type of mail configuration: <– Internet Site

System mail name: <– server.mydomain.com

3.03 Configure Postfix

  Open the TLS/SSL and submission ports in Postfix:

nano /etc/postfix/master.cf

  Uncomment the submission and smtps sections as follows and add lines where necessary so that this section of the master.cf file looks exactly like the one below. IMPORTANT: Remove the # in front of the lines that start with smtps and submission too and not just from the -o lines after these lines!

[…]
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
smtp      inet  n       -       y       -       -       smtpd
#smtp      inet  n       -       y       -       1       postscreen
smtpd     pass  -       -       y       -       -       smtpd
dnsblog   unix  -       -       y       -       0       dnsblog
tlsproxy  unix  -       -       y       -       0       tlsproxy

submission inet n - y - - smtpd
 -o syslog_name=postfix/submission
 -o smtpd_tls_security_level=encrypt
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - y - - smtpd
 -o syslog_name=postfix/smtps
 -o smtpd_tls_wrappermode=yes
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
[…]

  Close and save the file.

  Restart Postfix afterwards:

systemctl restart postfix

3.04 Install amavisd-new, SpamAssassin And ClamAV

  To install amavisd-new, SpamAssassin and ClamAV, we need to run:

apt-get install -y amavisd-new spamassassin clamav clamav-daemon clamav-docs postgrey

  The ISPConfig 3 setup uses amavisd which loads the SpamAssassin filter library internally, so we can stop SpamAssassin to free up some RAM:

systemctl stop spamassassin

systemctl disable spamassassin

  The output should look like this:

root@server:~# systemctl stop spamassassin
root@server:~# systemctl disable spamassassin
Synchronizing state of spamassassin.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable spamassassin
root@server:~#

3.05 Install fail2ban

  This is optional but recommended, because the ISPConfig monitor tries to show the log:

apt-get install -y fail2ban

  To make fail2ban monitor PureFTPd and Dovecot, create the file /etc/fail2ban/jail.local:

nano /etc/fail2ban/jail.local

  And add the following configuration to it.

[…]
[pure-ftpd]
enabled = true
port = ftp
filter = pure-ftpd
logpath = /var/log/syslog
maxretry = 3

[dovecot]
enabled = true
filter = dovecot
logpath = /var/log/mail.log
maxretry = 5

[postfix-sasl]
enabled = true
port = smtp
filter = postfix[mode=auth]
logpath = /var/log/mail.log
maxretry = 3
[…]

  Then Close and Save the file.

  Restart fail2ban afterwards:

systemctl restart fail2ban

3.06 Install And Configure Rspamd

  Rspamd is an advanced spam filtering system supporting a variety of filtering mechanisms including regular expressions, statistical analysis and custom services such as URL black lists. Each message is analysed by rspamd and given a spam score.

  To install rspamd:

apt-get install -y rspamd

  Activate Redis in Rspamd configuration:

echo 'servers = "127.0.0.1";' > /etc/rspamd/local.d/redis.conf

  Increase the Rspamd history, enable compression and show the subject in the history. This step is optional:

echo "nrows = 2500;" > /etc/rspamd/local.d/history_redis.conf 

echo "compress = true;" >> /etc/rspamd/local.d/history_redis.conf

echo "subject_privacy = false;" >> /etc/rspamd/local.d/history_redis.conf

  Then restart Rspamd:

systemctl restart rspamd

3.07 Install RoundCube Webmail Client

  Now we will install the RoundCube webmail client. First, we have to create the database for Roundcube manually as there is currently an issue in the RoundCube Debian installer which causes it to fail to create the database automatically.

  Run this command to create the database:

echo "CREATE DATABASE roundcube;" | mysql –defaults-file=/etc/mysql/debian.cnf

  Then install RoundCube with this command:

apt-get install -y roundcube roundcube-core roundcube-mysql roundcube-plugins

  The installer will ask the following questions:

Configure database for roundcube with dbconfig.common? <– yes

MySQL application password for roundcube: <– RCBcfg4Me2@ccessU

Confirm password: <– RCBcfg4Me2@ccessU

3.08 Configure RoundCube Webmail Client

  Then edit the RoundCube /etc/roundcube/config.inc.php file and adjust a few settings:

nano /etc/roundcube/config.inc.php

  Set the default_host and the smtp_server to localhost. Set the smtp_port to either 25 or 587, you can’t use both at the same time.

[…]
// The IMAP host chosen to perform the log-in.
// Leave blank to show a textbox at login, give a list of hosts
// to display a pulldown menu or set one host as string.
// Enter hostname with prefix ssl:// to use Implicit TLS, or use
// prefix tls:// to use STARTTLS.
// Supported replacement variables:
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %s - domain name after the '@' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %t = domain.tld
$config['default_host'] = 'localhost';

// SMTP server host (for sending mails).
// Enter hostname with prefix ssl:// to use Implicit TLS, or use
// prefix tls:// to use STARTTLS.
// Supported replacement variables:
// %h - user's IMAP hostname
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %z - IMAP domain (IMAP hostname without the first part)
// For example %n = mail.domain.tld, %t = domain.tld
$config['smtp_server'] = 'localhost';

// SMTP port. Use 25 for cleartext, 465 for Implicit TLS, or 587 for STARTTLS (>
//$config['smtp_port'] = 587;
$config['smtp_port'] = 25;
[...]

[...]
// Name your service. This is displayed on the login screen and in the window title
//$config['product_name'] = 'Roundcube Webmail';
$config['product_name'] = 'MyDomain.com Webmail';
[…]

  Then Close and Save the file.

  Then edit the Apache RoundCube configuration file /etc/apache2/conf-enabled/roundcube.conf:

nano /etc/apache2/conf-enabled/roundcube.conf

  And add an alias line for the apache /webmail alias and one for /roundcube, you can add the line right at the beginning of the file. NOTE: Do not use /mail as alias or the ispconfig email module will stop working!

[…]
# Alias line for the apache /webmail alias and one for /roundcube alias.
Alias /roundcube /var/lib/roundcube/public_html
Alias /webmail /var/lib/roundcube/public_html
[…]

  Then Close and Save the file.

  Then reload Apache:

systemctl reload apache2

3.9 Confirm RoundCube Webmail Client Online

  From another device on the local network confirm RoundCube is functional by entering http://192.168.0.150/webmail or http://localhost/webmail in the brower URL address.

Figure 3-7

  Now you have a functional mail server. After ISPConfig is installed you will be able to create email addresses.