# EMAIL SERVER SETUP
## TOOLS
- Postfix
- Dovecot
- OpenDKIM
- Froxlor (server management software)
- PHP
- MySQL
- Nginx
## Intro
The setup is quite straight forward, and thanks to [Froxlor](https://froxlor.org)
for making things easier.
This guide was created on Ubuntu 22.04 however, it can be easily replicated on other
unix versions with possible minimal changes. After updating system packages
with
`sudo apt-get update && sudo apt-get upgrade -y`
then I installed nginx,
php and mysql. Then I downloaded [Froxlor](https://froxlor.org) and unzipped it into /var/www/froxlor.
# Installations
To install base dependencies run
`sudo apt install nginx php-fpm mariadb-client mariadb-server php-bcmaths php-intl php-mysql openssl`
accept to continue the installations.
Now change directory to where froxlor will be downloaded to `cd /var/www` then download
`sudo wget https://files.froxlor.org/releases/froxlor-latest.tar.gz`,
extract the folder
`tar xvfz froxlor-latest.tar.gz`
and change the owner to web user
`chown -R www-data:www-data /var/www/froxlor/`.
You can delete the tar file to free up space
`rm froxlor-latest.tar.gz`.
At this point you can install Pstfix, Dovecot and their dependencies
`sudo apt install postfix postfix-mysql resolvconf postfix-policyd-spf-python dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-mysql dovecot-managesieved dovecot-sieve ntp`.
Postfix will pop-up an otion, select internet site and enter the smtp domain name to use in sending emails
`smtp.domain.xyz`.
Then install certbot via snap with
`sudo apt install snapd && snap install certbot --classic`.
Atter insllations setup the nginx configuration for `smtp.domain.xyz` for sending emails and `server.domain.xyz` for managing email addresses.
Then generated their SSL certificate with
`sudo certbot -d smtp.domain.xyz -d server.domain.xyz`.
Then you can visit `server.domain.xyz` to complete the setup by following the onscreen guide.
When done a script will be generated, run the script to complete the setup.
After the setup open `/etc/postfix/main.cf` and update the ssl file to the generated one.
```bash
smtp_use_tls = yes
smtp_tls_security_level = may
smtp_tls_key_file = /etc/letsencrypt/live/mail.smtp.domain.xyz/privkey.pem
smtp_tls_cert_file = /etc/letsencrypt/live/mail.smtp.domain.xyz/cert.pem
smtp_tls_CAfile = /etc/letsencrypt/live/mail.smtp.domain.xyz/fullchain.pem
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtp_sasl_security_options = noanonymous, noplaintext
smtpd_tls_key_file = /etc/letsencrypt/live/mail.smtp.domain.xyz/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.smtp.domain.xyz/cert.pem
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.smtp.domain.xyz/fullchain.pem
```
and add OpenDKIM
```bash
# OpenDKIM
milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:localhost:8891
non_smtpd_milters = $smtpd_milters
```
Next setup ssl for Dovecot by editing
`/etc/dovecot/conf.d/10-ssl.conf` with the following to point to the generated ssl and dh param files.
So we need to first generate a dh param file with
`openssl dhparam -out /etc/ssl/dhparams.pem 4096`
```bash
ssl = yes
ssl_cert = </etc/letsencrypt/live/smtp.domain.xyz/fullchain.pem
ssl_key = </etc/letsencrypt/live/smtp.domain.xyz/privkey.pem
ssl_dh = </etc/ssl/dhparams.pem
ssl_min_protocol = TLSv1.2
```
Then we need to generate sigining key for our sending domain `domain.com` so emails sent via this server will
be signed.
We first cd into the opendkim directory
`sudo mkdir -p /etc/opendkim/keys/domain.com && cd /etc/opendkim/keys/domain.com`
`sudo opendkim-genkey -s mail -d domain.com`
You will do this for all sending domains the server should sign their outgoing emails.
Now domain.com signing key will be in mail.private. Copy the content in mail.txt and update domain.com DNS with.
`cat mail.txt` remove all white space and quotes. In your domain DNS section create a TXT record for `mail._domainkey`
with the formatted value as value.
Restart both OpendKIM, Dovecot and Postfix
`sudo service opendkim restart` `sudo service dovecot restart` and `sudo service postfix rstart`
