2.1 KiB
steps needed to deploy mailserver
create dirs
sudo mkdir -p /srv/vol/mailsrv/{db,mail,ssl}
sudo chown -R 5000:5000 /srv/vol/mailsrv
sudo chmod go-rwx /srv/vol/mailsrv/ssl
put your users and aliases.d in the db directory. Mail will go in the mail directory.
sudo -i
cd /srv/vol/mailsrv/db
mkdir aliases.d
create aliases as needed
vi /srv/vol/mailsrv/db/users
format is like a passwd file with user:passwd (no spaces between)
make sure that all files are owned by 5000:5000
make sure mail ports are open
add the following directives to the myfirewall chain in /etc/nftables.conf:
# accept incoming SMTP(s) connections
tcp dport {25, 587} accept
# accept incoming IMAP(s) connections
tcp dport {143, 993} accept
then make sure configuration has taken place by running:
nft -f /etc/nftables
set up domain name
Set up a DNS A Record pointing to your host machine. Make sure it works by running:
ping ${dnsname:?}
get SSL certificates from letsencrypt
install certbot:
apt install certbot
if you are using a firewall, you need to figure out how to define a temporary rule allowing http access. For nftables, the rule would be nft insert rule inet myfilter myfirewall tcp dport 80 accept.
Get a certificate for your domain by running:
certbot certonly --standalone --pre-hook "nft insert rule inet myfilter myfirewall tcp dport 80 accept" --post-hook "nft -f /etc/nftables.conf" --deploy-hook "rsync -vaSHL /etc/letsencrypt/live/${domain:?}/ /srv/volumes/mailsrv/ssl/; chown -R 5000:5000 /srv/volumes/mailsrv/ssl" -d ${domain:?}
the application may ask you a few questions. Answer them as you would like. Including the appropriate hooks in the issue command should ensure that those hooks are also included in subsequent renew commands.
make users and aliases
cd /srv/volumes/mailsrv/db
mkdir aliases.d
touch users
chmod go= users
then edit users and add aliases lists to aliases.d. Don't forget to change its ownership once you're done:
chown -R 5000:5000 /srv/volumes/mailsrv/db