# steps needed to deploy mailserver

## create dirs

```
sudo mkdir -p /srv/vol/mailsrv/{db,mail,ssl}
sudo chown -R 5000:5000 /srv/vol/mailsrv
sudo chmod go-rwx /srv/vol/mailsrv/ssl
```
put your `users` and `aliases.d` in the `db` directory. Mail will go in the `mail` directory.

```
sudo -i
cd /srv/vol/mailsrv/db
mkdir aliases.d
```

create aliases as needed

```
vi /srv/vol/mailsrv/db/users
```

format is like a passwd file with user:passwd (no spaces between)

make sure that all files are owned by 5000:5000

## make sure mail ports are open

add the following directives to the `myfirewall` chain in `/etc/nftables.conf`:
```
                # accept incoming SMTP(s) connections
                tcp dport {25, 587} accept

                # accept incoming IMAP(s) connections
                tcp dport {143, 993} accept
```
then make sure configuration has taken place by running:
```
nft -f /etc/nftables.conf
```

## set up domain name

Set up a DNS A Record pointing to your host machine. Make sure it works by running:
```
ping ${dnsname:?}
```

## get SSL certificates from letsencrypt

install acme.sh

```
apt install socat
git clone https://github.com/acmesh-official/acme.sh.git
cd acme.sh
./acme.sh --install --home /usr/local/lib/acme-sh \
          --config-home /etc/acme-sh \
          --accountemail ${email:?}
```

Then exit and relogin to refresh the bash hash

```
acme.sh --issue --alpn --pre-hook 'systemctl stop haproxy' \
        --post-hook 'systemctl start haproxy' -d ${domain:?}
acme.sh --install-cert -d ${domain:?} \
        --fullchain-file /srv/vol/mailsrv/ssl/fullchain.pem \
        --key-file /srv/vol/mailsrv/ssl/privkey.pem
```

## make users and aliases

```
cd /srv/volumes/mailsrv/db
mkdir aliases.d
touch users
chmod go= users
```
then edit `users` and add aliases lists to `aliases.d`. Don't forget to change its ownership once you're done:
```
chown -R 5000:5000 /srv/volumes/mailsrv/db
```