You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2.0 KiB
2.0 KiB
steps needed to deploy mailserver
create dirs
sudo mkdir -p /srv/vol/mailsrv/{db,mail,ssl}
sudo chown -R 5000:5000 /srv/vol/mailsrv
sudo chmod go-rwx /srv/vol/mailsrv/ssl
put your users and aliases.d in the db directory. Mail will go in the mail directory.
sudo -i
cd /srv/vol/mailsrv/db
mkdir aliases.d
create aliases as needed
vi /srv/vol/mailsrv/db/users
format is like a passwd file with user:passwd (no spaces between)
make sure that all files are owned by 5000:5000
make sure mail ports are open
add the following directives to the myfirewall chain in /etc/nftables.conf:
# accept incoming SMTP(s) connections
tcp dport {25, 587} accept
# accept incoming IMAP(s) connections
tcp dport {143, 993} accept
then make sure configuration has taken place by running:
nft -f /etc/nftables.conf
set up domain name
Set up a DNS A Record pointing to your host machine. Make sure it works by running:
ping ${dnsname:?}
get SSL certificates from letsencrypt
install acme.sh
apt install socat
git clone https://github.com/acmesh-official/acme.sh.git
cd acme.sh
./acme.sh --install --home /usr/local/lib/acme-sh \
--config-home /etc/acme-sh \
--accountemail ${email:?}
Then exit and relogin to refresh the bash hash
acme.sh --issue --alpn --pre-hook 'systemctl stop haproxy' \
--post-hook 'systemctl start haproxy' -d ${domain:?}
DEPLOY_HAPROXY_PEM_PATH=/etc/haproxy/certs \
DEPLOY_HAPROXY_RELOAD="/usr/sbin/service haproxy reload" \
acme.sh --install-cert --deploy --deploy-hook haproxy \
--fullchain-file /srv/vol/mailsrv/ssl/fullchain.pem \
--key-file /srv/vol/mailsrv/ssl/privkey.pem \
-d ${domain:?}
make users and aliases
cd /srv/volumes/mailsrv/db
mkdir aliases.d
touch users
chmod go= users
then edit users and add aliases lists to aliases.d. Don't forget to change its ownership once you're done:
chown -R 5000:5000 /srv/volumes/mailsrv/db