Full Mail Server Solution w/ Virtual Domains & Users (Debian Etch, Postfix, Mysql, Dovecot, DSpam, ClamAV, Postgrey, RBL)
Submitted by Vecter (Contact Author) (Forums) on Mon, 2007-10-29 19:00. :: Anti-Spam/Virus | Debian | MySQL | Postfix | Security
Full Mail Server Solution w/ Virtual Domains & Users (Debian Etch, Postfix, MySQL, DoveCot, DSpam, ClamAV, Postgrey, RBL)
This tutorial is Copyright (c) 2007 by Justin Refice. It is derived from various guides and original material, listed at the end of the document. You are free to use this tutorial under the Creative Commons license 2.5 or any later version.
This guide describes how to set up a full email solution in Debian Linux (all code is from Debian Etch). I was asked to design a secure, scalable, portable solution for a small company. While the guide references many 'servers', the company only had 4 physical machines, Xen was used to virtualize the entire solution. That particular aspect of the system is not discussed in this guide, although I will try to get it into the next revision.
Just a note on the server names used below: If it doesn't need to be accessed by the internet, don't let it be. Domain names ending in internal.example.com are internal NIC/IP Addresses... there is no way to access them directly from the internet, nor should there be. Any server that ONLY has an internal.example.com domain name is a pure-internal server, and can't be accessed directly from the internet. All non-internal servers have two NICS (These can be two real NICs, or virtual). The first NIC has access to the internet, and is strictly firewalled. The second NIC has access to the internal network, and has a little less security as a result. The details of how to setup these NICs are outside the scope of this document, but I may update it to include them in the future.
The general layout of the servers is:
SMTP+TLS & IMAPS:
Mail Delivery Server: postman.internal.example.com
Database Server: sql-1.internal.example.com
File Server: files-1.internal.example.com
Temporary Build Server: build.internal.example.com
Mail works in the following way:
Internet mail to your domains:
1. Mail comes in to Primary or Secondary MX on port 25
Internet mail from your domains:
1. User initiates connection to SMTP Relay on port 25
Remote users access mail via IMAPS (Secure IMAP)
Local users access mail via IMAP
If the user detects a false positive SPAM detection, they
forward the email to
II. Important Notes
All this may be installed in either Debian 4.0 Etch or Ubuntu Feisty Fawn, since both systems are quite similar. Note however that there may be some minor issues if you use the default version of Dovecot and Postfix, but I will try to note them down for you when they arise.
If you are a Ubuntu user, note that I will not use “sudo” in front of every command. Instead, I will launch a root shell using the command “sudo -s”.
Installing software in Ubuntu & Debian is very easy, so whenever possible we'll be using the build in apt-get utility. The less we have to build ourselves, the easier it is to maintain later.
So, let's get started!