Setup encfs

1. Install encfs by: apt-get install encfs

2. Create the two directories: mkdir /encrypted-mail /decrypted-mail
3. Add fuse user to mail group: gpasswd -a mail fuse
4. Change permissions: chgrp fuse /dev/fuse; chmod g+rw /dev/fuse
5. Create the encrypted volume: encfs /encrypted-mail /decrypted-mail --public
6. Enter and confirm passwords
7. Change group: chgrp mail /decrypted-mail/
8. Modify permissions: chmod -R g+rw /decrypted-mail/
Install Postfix, Dovecot and MySQL
You can install all of them by issuing the following command:
apt-get install postfix postfix-mysql dovecot-core dovecot-imapd
dovecot-mysql mysql-server dovecot-lmtpd
Configure MySQL
1. Create database: mysqladmin -p create mailserver
2. Select that database: mysqladmin -p create mailserver
3. Grant permissions:
GRANT SELECT ON mailserver.* TO 'mailuser'@'127.0.0.1' IDENTIFIED BY 'mailuserpass';
FLUSH PRIVILEGES;

4. Create the users table:
CREATE TABLE `virtual_domains` (
`id` int(11) NOT NULL auto_increment,
`name` varchar(50) NOT NULL,
PRIMARY KEY (`id`)
)ENGINE=InnoDB DEFAULT CHARSET=utf8;
5. Create the alias table:
CREATE TABLE `virtual_aliases` (
`id` int(11) NOT NULL auto_increment,
`domain_id` int(11) NOT NULL,
`source` varchar(100) NOT NULL,
`destination` varchar(100) NOT NULL,
PRIMARY KEY (`id`),
FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
6. Insert a domain:
INSERT INTO `mailserver`.`virtual_domains` (`id` ,`name`)
VALUES ('1', 'awesomebox.sealedabstract.com');
7. Get the dove admin password:
doveadm pw -s SHA512
The part after {SHA512-CRYPT} is the hash for your password. It always starts with $6$.

(Note: SHA512-CRYPT hash actually computes a SHA512 hash with salt.)

8. Insert a virtual user:
INSERT INTO `mailserver`.`virtual_users`
(`id`, `domain_id`, `password` , `email`)
VALUES ('1', '1', '$6$YOURPASSWORDHASH', 'drew@awesomebox.sealedabstract.com');


Configure Dovecot
1. Generate the SSL certificates:
openssl req -new -x509 -days 1000 -nodes -out "/etc/ssl/certs/dovecot.pem" -keyout
"/etc/ssl/private/dovecot.pem"

2. Set them up in the config file
nano /etc/dovecot/conf.d/10-ssl.conf

ssl_cert = /etc/ssl/certs/dovecot.pem
ssl_key = /etc/ssl/private/dovecot.pem
ssl = required

3. Edit the main config file
nano /etc/dovecot/dovecot.conf

protocols = imap lmtp

4. Edit the mail locations file
nano /etc/dovecot/conf.d/10-mail.conf

mail_location = maildir:/decrypted-mail/%d/%n
mail_privileged_group = mail
first_valid_uid = 0

5. Edit the authentication file
nano /etc/dovecot/conf.d/10-auth.conf

disable_plaintext_auth = yes
auth_mechanisms = plain login
#!include auth-system.conf.ext
!include auth-sql.conf.ext
6. Configure that SQL file
nano /etc/dovecot/conf.d/auth-sql.conf.ext

passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = static
args = uid=mail gid=mail home=/decrypted-mail/%d/%n
}

7. Edit SQL authentication file
nano /etc/dovecot/dovecot-sql.conf.ext

driver = mysql
connect = host=127.0.0.1 dbname=mailserver user=mailuser password=mailuserpass
default_pass_scheme = SHA512
password_query = SELECT email as user, password FROM virtual_users WHERE email='%u';

8. Set permissions
chown -R mail:dovecot /etc/dovecot
chmod -R o-rwx /etc/dovecot

9. Force to use secure sockets
nano /etc/dovecot/conf.d/10-master.conf

service imap-login {
inet_listener imap {
port = 0
}

service pop3-login {
inet_listener pop3 {
port = 0
}

service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0666
group = postfix
user = postfix
}
user=mail
}



service auth {
# auth_socket_path points to this userdb socket by default. It's typically
# used by dovecot-lda, doveadm, possibly imap process, etc. Its default
# permissions make it readable only by root, but you may need to relax these
# permissions. Users that have access to this socket are able to get a list
# of all usernames and get results of everyone's userdb lookups.
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
unix_listener auth-userdb {
mode = 0600
user = mail
#group =
}
# Postfix smtp-auth
#unix_listener /var/spool/postfix/private/auth {
# mode = 0666
#}
# Auth process is run as this user.
user = dovecot
}
service auth-worker {
# Auth worker process is run as root by default, so that it can access
# /etc/shadow. If this isn't necessary, the user should be changed to
# $default_internal_user.
user = mail
}

10. Edit LMTP settings
nano /etc/dovecot/conf.d/20-lmtp.conf

protocol lmtp {
postmaster_address = postmaster@domainname # required
}
11. Restart the Doveco service
dovecot restartt server


Configure Postfix

1. Main config file
nano /etc/postfix/main.cf

smtpd_tls_cert_file=/etc/ssl/certs/dovecot.pem
smtpd_tls_key_file=/etc/ssl/private/dovecot.pem
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtp_tls_security_level = may
smtp_tls_loglevel = 2
smtpd_tls_received_header = yes

2. Point to dovecot as the message storage
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination

3. Destination
mydestination = localhost

4. Setup custom config files
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
local_recipient_maps = $virtual_mailbox_maps

5. Create the virtual mailbox query
nano /etc/postfix/mysql-virtual-mailbox-domains.cf

user = mailuser
password = mailuserpass
hosts = 127.0.0.1
dbname = mailserver
query = SELECT 1 FROM virtual_domains WHERE name='%s'

6. Create the mailbox mapping query
nano /etc/postfix/mysql-virtual-mailbox-maps.cf

user = mailuser
password = mailuserpass
hosts = 127.0.0.1
dbname = mailserver
query = SELECT 1 FROM virtual_users WHERE email='%s'

7. Create the virtual alias maps file
nano /etc/postfix/mysql-virtual-alias-maps.cf

user = mailuser
password = mailuserpass
hosts = 127.0.0.1
dbname = mailserver
query = SELECT destination FROM virtual_aliases WHERE source='%s'

8. Restart postfix
service postfix restart

9. Verify domains
postmap -q awesomebox.sealedabstract.com mysql:/etc/postfix/mysql-virtual-mailbox-
domains.cf
10. Verify mappings
postmap -q drew@awesomebox.sealedabstract.com mysql:/etc/postfix/mysql-virtual-mailbox-
maps.cf