Как установить Postfix и Dovecot

sudo apt update && sudo apt upgrade

sudo hostnamectl set-hostname test.ru

sudo apt install apache2 git mariadb-server php-{xml,pear,imap,intl,common,json,curl,mbstring,mysql,gd,imagick,zip,opcache,sqlite3} libapache2-mod-php

sudo useradd -r -u 150 -g mail -d /var/vmail -s /sbin/nologin -c "Virtual Mail User" vmail

sudo mkdir -p /var/vmail

sudo chmod -R 770 /var/vmail

sudo chown -R vmail:mail /var/vmail

sudo mysql

CREATE DATABASE db_name;

GRANT ALL PRIVILEGES ON db_name.* TO 'username'@'localhost' IDENTIFIED BY 'PassWord';

FLUSH PRIVILEGES;

\q

sudo apt update && sudo apt upgrade

sudo apt install postfix-mysql

sudo mkdir -p /etc/postfix/sql

sudo nano /etc/postfix/sql/mysql_virtual_alias_maps.cf

user = username
password = PassWord
hosts = localhost
dbname = db_name
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'

sudo nano /etc/postfix/sql/mysql_virtual_domains_maps.cf

user = username
password = PassWord
hosts = localhost
dbname = db_name
query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'

sudo nano /etc/postfix/sql/mysql_virtual_mailbox_maps.cf

user = username
password = PassWord
hosts = localhost
dbname = db_name
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'

sudo nano /etc/postfix/sql/mysql_virtual_alias_domain_maps.cf

user = username
password = PassWord
hosts = localhost
dbname = db_name
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'

sudo nano /etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf

user = username
password = PassWord
hosts = localhost
dbname = db_name
query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'

sudo nano /etc/postfix/sql/mysql_virtual_mailbox_limit_maps.cf

user = username
password = PassWord
hosts = localhost
dbname = db_name
query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'

sudo nano /etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf

user = username
password = PassWord
hosts = localhost
dbname = db_name
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'

sudo nano /etc/postfix/main.cf

myhostname = $(hostname -f)
mydestination = localhost
mynetworks = 127.0.0.0/8
inet_protocols = ipv4
inet_interfaces = all
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
virtual_transport = lmtp:unix:private/lmtp
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf

sudo nano /etc/postfix/master.cf

smtp     inet  n      -      y      -      -      smtpd

#smtp     inet  n      -      y      -      1       postscreen
#smtpd    pass  -      -      y      -      -      smtpd
#dnsblog  unix  -      -      y      -      0      dnsblog
#tlsproxy unix  -      -      y      -      0       tlsproxy
# Choose one: enable submission for loopback clients only, or for any client.
#127.0.0.1:submission inet n -   y      -      -      smtpd
submission inet n      -      y      -      -       smtpd
 -o syslog_name=postfix/submission
 -o smtpd_tls_security_level=encrypt
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_tls_auth_only=yes
 -o local_header_rewrite_clients=static:all
 -o smtpd_reject_unlisted_recipient=no
   # Instead of specifying complex smtpd_<xxx>_restrictions here,
   # specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
    # here, and specify mua_<xxx>_restrictions in main.cf (where
    # "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
 -o smtpd_client_restrictions=
 -o smtpd_helo_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_relay_restrictions=
 -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
 -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 -o milter_macro_daemon_name=ORIGINATING

sudo apt update && sudo apt upgrade

sudo nano /etc/dovecot/conf.d/10-auth.conf

auth_mechanisms = plain login

#!include auth-system.conf.ext
!include auth-sql.conf.ext

sudo nano /etc/dovecot/dovecot-sql.conf.ext

driver = mysql

connect = host=localhost dbname=db_name user=username password=PassWord
default_pass_scheme = BLF-CRYPT
password_query = SELECT username as user, password, '/var/vmail/%d/%n' as userdb_home, 'maildir:/var/vmail/%d/%n' as userdb_mail, 150 as userdb_uid, 8 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
user_query = SELECT '/var/vmail/%d/%u' as home, 'maildir:/var/vmail/%d/%u' as mail, 150 AS uid, 8 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'

sudo nano /etc/dovecot/conf.d/10-mail.conf

mail_location = maildir:/var/vmail/%d/%n
mail_uid = vmail
mail_gid = mail
mail_privileged_group = mail
first_valid_uid = 150
last_valid_uid = 150

sudo nano /etc/dovecot/conf.d/10-master.conf

service lmtp {
    unix_listener /var/spool/postfix/private/lmtp {
    mode = 0600
    user = postfix
    group = postfix
    }
}

service auth {

  unix_listener /var/spool/postfix/private/auth 
  mode = 0666
  user = postfix
  group = postfix
}
unix_listener auth-userdb {
  mode = 0600
  user = vmail
}
user = dovecot
}

service auth-worker {
  user = vmail
}

sudo chown -R vmail:dovecot /etc/dovecot

sudo chmod -R o-rwx /etc/dovecot

cd /opt

sudo git clone https://github.com/postfixadmin/postfixadmin.git

cd /opt/postfixadmin

sudo bash install.sh

sudo chown -R www-data: /opt/postfixadmin

sudo nano /etc/apache2/conf-enabled/postfixadmin.conf

Alias /postfixadmin /opt/postfixadmin/public
<Directory "/opt/postfixadmin/public">
        AllowOverride All
        Options +FollowSymLinks
        Require all granted
</Directory>

sudo systemctl reload apache2

sudo nano /opt/postfixadmin/config.local.php

<?php
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'username';
$CONF['database_password'] = 'PassWord';
$CONF['database_name'] = 'db_name';
$CONF['configured'] = true;
?>

sudo apt update && sudo apt upgrade

sudo apt install roundcube

sudo nano /etc/apache2/conf-enabled/roundcube.conf

Alias /roundcube /var/lib/roundcube/public_html

sudo systemctl restart apache2

sudo nano /etc/roundcube/config.inc.php

$config['smtp_host'] = 'tls://%n:587';

sudo apt update
sudo apt upgrade

sudo apt install opendkim opendkim-tools -y

sudo systemctl start opendkim

sudo systemctl enable opendkim

sudo mkdir -p /etc/opendkim/keys/test.ru

sudo opendkim-genkey --directory /etc/opendkim/keys/test.ru/ --domain test.ru --selector dkim

sudo chown -R opendkim:opendkim /etc/opendkim/keys/test.ru

sudo nano /etc/opendkim.conf

AutoRestart             Yes
AutoRestartRate         10/1h
Umask                   002
Syslog                  yes
SyslogSuccess           Yes
LogWhy                  Yes
Canonicalization        relaxed/simple
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                refile:/etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable
Mode                    sv
PidFile                 /var/run/opendkim/opendkim.pid
SignatureAlgorithm      rsa-sha256
UserID                  opendkim:opendkim
Socket                  inet:8891@localhost

sudo nano /etc/opendkim/TrustedHosts

*.test.ru

sudo nano /etc/opendkim/KeyTable

dkim._domainkey.test.ru test.ru:dkim:/etc/opendkim/keys/test.ru/dkim.private

sudo nano /etc/opendkim/SigningTable

*@test.ru dkim._domainkey.test.ru

sudo nano /etc/default/opendkim

SOCKET="inet:8891@localhost"
milter_default_action=accept
milter_protocol=2
smtpd_milters=inet:127.0.0.1:8891
non_smtpd_milters=inet:127.0.0.1:8891

sudo systemctl restart opendkim
sudo systemctl restart postfix

dkim._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; "
   "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0gYwtTQCLzrWSUtQ7j77194kM4h3J7mOvsZoh50fzyYWItXC2CATVAjUq29Ki2FM/JOUYKBDxZIQltoaCYINNt6oLxbkPKfkwhMntwVzNxHS9jlS1rXjTyPGW04HM751tvUbxQ5Q5/aC6gkIiaHOywEqt1iec1YCAulHIjbG8caUSSYnNKSzZdoBRz6rtLUMkWkZl/aUDCBcR7"
   "GnKUy9HmsJPHfKv4MQtjUSQo+5XrQeFIwqBT8e+bDMuo2pOSUT5FgbJBdQOTvSqqk8wpPIqxfKX3e42oFAsLUihL1v2aX1w+kb6vt+bGDBPKkGK4HaNoXhHKQuueQXiVbiERqUGwIDAQAB" )  ; ----- DKIM key dkim for test.ru

v=spf1 ip4:123.123.123.123 a mx ~all

v=DMARC1; p=none; rua=mailto:dmarc-test@test.ru