2. Create the two directories: mkdir /encrypted-mail /decrypted-mail 3. Add fuse user to mail group: gpasswd -a mail fuse 4. Change permissions: chgrp fuse /dev/fuse; chmod g+rw /dev/fuse 5. Create the encrypted volume: encfs /encrypted-mail /decrypted-mail --public 6. Enter and confirm passwords 7. Change group: chgrp mail /decrypted-mail/ 8. Modify permissions: chmod -R g+rw /decrypted-mail/ Install Postfix, Dovecot and MySQL You can install all of them by issuing the following command: apt-get install postfix postfix-mysql dovecot-core dovecot-imapd dovecot-mysql mysql-server dovecot-lmtpd Configure MySQL 1. Create database: mysqladmin -p create mailserver 2. Select that database: mysqladmin -p create mailserver 3. Grant permissions: GRANT SELECT ON mailserver.* TO 'mailuser'@'127.0.0.1' IDENTIFIED BY 'mailuserpass'; FLUSH PRIVILEGES;
4. Create the users table: CREATE TABLE `virtual_domains` ( `id` int(11) NOT NULL auto_increment, `name` varchar(50) NOT NULL, PRIMARY KEY (`id`) )ENGINE=InnoDB DEFAULT CHARSET=utf8; 5. Create the alias table: CREATE TABLE `virtual_aliases` ( `id` int(11) NOT NULL auto_increment, `domain_id` int(11) NOT NULL, `source` varchar(100) NOT NULL, `destination` varchar(100) NOT NULL, PRIMARY KEY (`id`), FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; 6. Insert a domain: INSERT INTO `mailserver`.`virtual_domains` (`id` ,`name`) VALUES ('1', 'awesomebox.sealedabstract.com'); 7. Get the dove admin password: doveadm pw -s SHA512 The part after {SHA512-CRYPT} is the hash for your password. It always starts with $6$.
(Note: SHA512-CRYPT hash actually computes a SHA512 hash with salt.)
8. Insert a virtual user: INSERT INTO `mailserver`.`virtual_users` (`id`, `domain_id`, `password` , `email`) VALUES ('1', '1', '$6$YOURPASSWORDHASH', 'drew@awesomebox.sealedabstract.com');
9. Force to use secure sockets nano /etc/dovecot/conf.d/10-master.conf
service imap-login { inet_listener imap { port = 0 }
service pop3-login { inet_listener pop3 { port = 0 }
service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { mode = 0666 group = postfix user = postfix } user=mail }
service auth { # auth_socket_path points to this userdb socket by default. It's typically # used by dovecot-lda, doveadm, possibly imap process, etc. Its default # permissions make it readable only by root, but you may need to relax these # permissions. Users that have access to this socket are able to get a list # of all usernames and get results of everyone's userdb lookups. unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } unix_listener auth-userdb { mode = 0600 user = mail #group = } # Postfix smtp-auth #unix_listener /var/spool/postfix/private/auth { # mode = 0666 #} # Auth process is run as this user. user = dovecot } service auth-worker { # Auth worker process is run as root by default, so that it can access # /etc/shadow. If this isn't necessary, the user should be changed to # $default_internal_user. user = mail }