# steps needed to deploy mailserver

## create dirs

```
sudo mkdir -p /srv/vol/mailsrv/{db,mail,ssl}
sudo chown -R 5000:5000 /srv/vol/mailsrv
sudo chmod go-rwx /srv/vol/mailsrv/ssl
```
put your `users` and `aliases.d` in the `db` directory. Mail will go in the `mail` directory.

```
sudo -i
cd /srv/vol/mailsrv/db
mkdir aliases.d
```

create aliases as needed

```
vi /srv/vol/mailsrv/db/users
```

format is like a passwd file with user:passwd (no spaces between)

make sure that all files are owned by 5000:5000

## make sure mail ports are open

add the following directives to the `myfirewall` chain in `/etc/nftables.conf`:
```
                # accept incoming SMTP(s) connections
                tcp dport {25, 587} accept

                # accept incoming IMAP(s) connections
                tcp dport {143, 993} accept
```
then make sure configuration has taken place by running:
```
nft -f /etc/nftables
```

## set up domain name

Set up a DNS A Record pointing to your host machine. Make sure it works by running:
```
ping ${dnsname:?}
```

## get SSL certificates from letsencrypt

install certbot:
```
apt install certbot
```

if you are using a firewall, you need to figure out how to define a temporary rule allowing http access. For nftables, the rule would be `nft insert rule inet myfilter myfirewall tcp dport 80 accept`.

Get a certificate for your domain by running:
```
certbot certonly --standalone --pre-hook "nft insert rule inet myfilter myfirewall tcp dport 80 accept" --post-hook "nft -f /etc/nftables.conf" --deploy-hook "rsync -vaSHL /etc/letsencrypt/live/${domain:?}/ /srv/volumes/mailsrv/ssl/; chown -R 5000:5000 /srv/volumes/mailsrv/ssl" -d ${domain:?}
```
the application may ask you a few questions. Answer them as you would like. Including the appropriate hooks in the issue command should ensure that those hooks are also included in subsequent renew commands.

## make users and aliases

```
cd /srv/volumes/mailsrv/db
mkdir aliases.d
touch users
chmod go= users
```
then edit `users` and add aliases lists to `aliases.d`. Don't forget to change its ownership once you're done:
```
chown -R 5000:5000 /srv/volumes/mailsrv/db
```