====== Mail server (for aliases only) ======


===== Initial cleaning =====

First of all, let's clean up our Debian 7 - 32 bit VPS
  apt-get remove --purge cifs-utils samba samba-common sendmail apache2 apache2-doc apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common
  apt-get update && apt-get upgrade
  apt-get install sudo mc vim

and install //ntp// (time is important!)
  apt-get install ntp
===== Database =====
Install mysql dbms
  apt-get install mysql-server mysql-client

Getting mysql innodb error on your lowcost/cheap/crappy vps?
  InnoDB: Error: io_setup() failed with EAGAIN after 5 attempts. 
  InnoDB: You can disable Linux Native AIO by setting innodb_use_native_aio = 0 in my.cnf [...]
Then you can
  * Disable AIO by adding ''innodb_use_native_aio=0'' in ''my.cnf'' (''[mysqld]'' section)
  * Increase the global limit for the server in ''/proc/sys/fs/aio-max-nr'' (''echo 65536 > /proc/sys/fs/aio-max-nr'')
  * Disable innodb (it's ok for our mail server)
To disable //innodb// add
  skip-innodb
  default-storage-engine=MyISAM
under ''[mysqld]'' in ''/etc/my.cnf''

===== WebServer =====

Now install a web server (needed for postfixadmin + webmail)
  apt-get install php5-fpm php5-mysql php5-intl php5-imap nginx 

Create web directories
  mkdir /var/www
  mkdir /var/www/XYZ
  mkdir /var/www/XYZ/tmp
  mkdir /var/www/XYZ/www

edit site configuration file ''vim /etc/nginx/sites-available/mailing''

  server {
    server_name XYZ;
    root /var/www/XYZ/www;
    index index.php index.html index.htm;
    location ~ \.php$ {
        try_files $uri =404;
        #try_files $uri $uri/ /index.html;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
    location ~ /\. {
        deny all;
    }
    access_log /var/log/nginx/XYZ-access.log;
    error_log /var/log/nginx/XYZ-error.log;
  }

disable default configuration and enable new one
  rm /etc/nginx/sites-available/default
  ln -s /etc/nginx/sites-available/mailing /etc/nginx/sites-enabled/mailing

and finally
  service nginx restart

Btw, to make Nginx use your 404.html custom page instead of the default one, inside the nginx.conf server section, add 404
  error_page  404              /404.html;
  location  /404.html {
   internal;
  }
Is a good idea, to block the access to that page, unless there is an error, so add also ''location'' directive as show above.

===== PostFixAdmin =====

Now login into mysql
  mysql -u root -p

and create postfix/pfa users
  CREATE DATABASE postfix;
  GRANT ALL PRIVILEGES ON postfix.* TO 'postfix_admin'@'%' IDENTIFIED BY '<dbpassword1>';
  GRANT SELECT ON postfix.* TO 'postfix'@'%' IDENTIFIED BY '<dbpassword2>';
  FLUSH PRIVILEGES;

Download postfixadmin and untar in www directory
  cd /var/www/XYZ/www
  wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.3.7/postfixadmin-2.3.7.tar.gz\?use_mirror=garr -O pfa.tar.gz
  tar -xzvf pfa.tar.gz
  mv postfixadmin-2.3.7/ pfa/
  chown -R www-data:www-data pfa
  cd pfa
  sed -i 's/change-this-to-your.domain.tld/XYZ/g' config.inc.php
  
Now edit configuration file config.inc.php and change these values:

  $CONF['configured'] = true;
  $CONF['postfix_admin_url'] = 'https://XYZ/pfa';
  $CONF['database_type'] = 'mysqli';
  $CONF['database_host'] = 'localhost';
  $CONF['database_user'] = 'postfix_admin';
  $CONF['database_password'] = '<dbpassword1>';
  $CONF['database_name'] = 'postfix';
  $CONF['domain_path'] = 'YES';
  $CONF['domain_in_mailbox'] = 'NO';
  $CONF['fetchmail'] = 'NO';

Go to http://XYZ/pfa/setup.php

This setup script should create the necessary tables into postfix database.

At the bottom of setup.php enter your admin password and click ‘Gererate password hash’.
Edit ''config.inc.php'' and add the hash:
  $CONF['setup_password'] = '<hash>';
Now enter superadmin account info.

===== PostFix & Sasl =====
  apt-get install postfix postfix-mysql libsasl2-modules libsasl2-modules-sql

When prompted, choose ‘Internet Site’.

Use yor domain name as ‘System mail name’: <abc.XYZ.foo>

Create virtual mail user and group:

  groupadd -g 3000 vmail
  useradd -d /var/vmail -m -u 3000 -g 3000 vmail

Check mydestination in /etc/postfix/main.cf; it should look like

 mydestination = <abc.XYZ.foo>, localhost

and add the following lines:

  virtual_uid_maps = static:3000
  virtual_gid_maps = static:3000
  virtual_mailbox_base = /var/vmail
  virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_mailbox_domains.cf
  virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
  virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
  relay_domains = mysql:/etc/postfix/mysql_relay_domains.cf
  virtual_transport = lmtp:unix:private/dovecot-lmtp
  smtpd_recipient_restrictions =
   permit_mynetworks,
   permit_sasl_authenticated,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unauth_destination,
   reject_unauth_pipelining,
   reject_invalid_hostname
  smtpd_sasl_auth_enable = yes
  smtpd_sasl_security_options = noanonymous
  smtpd_sasl_type = dovecot
  smtpd_sasl_path = private/auth
  milter_default_action = accept

Create the cf file for interfacing postfix and mysql
  cd /etc/postfix/
  wget https://dl.dropboxusercontent.com/u/12576285/mysql_postfix_cf.tar.gz
  tar -xzvf mysql_postfix_cf.tar.gz
(remember to set mysql password within config files!). 
Add postfix user to sasl group:

  adduser postfix sasl

Enable secure smtp ports, edit /etc/postfix/master.cf and uncomment:

  submission inet n - - - - smtpd 
   -o syslog_name=postfix/submission 
   -o smtpd_tls_security_level=encrypt 
   -o smtpd_sasl_auth_enable=yes 
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
   -o milter_macro_daemon_name=ORIGINATING
  smtps inet n - - - - smtpd
   -o syslog_name=postfix/smtps
   -o smtpd_tls_wrappermode=yes
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
   -o milter_macro_daemon_name=ORIGINATING

Restart service
  service postfix restart

===== Dovecot =====
  apt-get install dovecot-imapd dovecot-mysql dovecot-lmtpd

Edit /etc/dovecot/conf.d/10-master.conf

  service lmtp {
    unix_listener /var/spool/postfix/private/dovecot-lmtp {
      mode = 0600
      user = postfix
      group = postfix
    }
  }
  service auth {
    # Postfix smtp-auth
    unix_listener /var/spool/postfix/private/auth {
      mode = 0666
    }
  }

Restart services:

  service dovecot restart
  service postfix restart

You can now add a domain with PostfixAdmin: first of all, chooese "Create a new Domain" and add your domain XYZ; then create mailboxes/aliases.
To test your e-mail server, install //mail// tool
  apt-get install bsd-mailx

And send a test mail
  mail -s "My first outgoing mail" info@sth.com < /var/log/dmesg
  mail -s "My first local mail" info@XYZ.foo < /var/log/dmesg

Any errors are found in logfiles:

  /var/log/auth.log
  /var/log/mail.log
  /var/log/syslog

Getting 
  warning: do not list domain XYZ.foo in BOTH mydestination and virtual_mailbox_domains
  warning: do not list domain XYZ.foo in BOTH mydestination and virtual_alias_domains
in /var/log/mail.warn?

Remove domain XYZ.foo from /etc/postfix/main.cf and leave only hostname
  mydestination = hostname.<del>XYZ.foo</del>, localhost
BTW, in /etc/hosts you should have something like
  127.0.0.1 localhost.localdomain localhost
  <server_ip> <hostname>.XYZ.foo <hostname>

===== Missing =====

  * HTTPS [php5-mcrypt openssl ssl-cert]
  * Dovecot pop3/imap + Mailboxes [dovecot-pop3d + sql .cf]
  * Spam / AV filters
  * Webmail

See [1] for what's missing

===== Source / More info =====

[1] [[http://www.xenlens.com/debian-wheezy-mail-server-postfix-dovecot-sasl-mysql-postfixadmin-roundcube-spamassassin-clamav-greylist-nginx-php5/]]

[2] [[https://www.digitalocean.com/community/articles/how-to-install-linux-nginx-mysql-php-lemp-stack-on-debian-7]]

[3] [[https://help.ubuntu.com/community/Postfix]]