AidanMontareDotNet

You are on the old part of aidanmontare.net, which I am no longer maintaining. Newer versions of some of this content can be found on the active part of my site, which you can reach from my homepage.

Mail Server

(last updated

Notes on my process of building a mail server for aidanmontare.net.

Follow the Linode Guide

It’s easy enough to follow, just don’t rush through the steps too fast.

Some warnings:

  • Make sure you are in mysql when you runs commands.
  • Make sure postfix config files have no space before lines.
  • Make sure you set the correct paths to your certificates (It took me five hours to realize this was my only problem).
  • Make sure your certificate does not have a password.
  • If something goes wrong, look at the logs and try to find the first line where something broke.

Linode Mail Filtering Guide

It’s a good idea after your server is working.

Once again, the instructions are pretty good. However:

  • Make sure you start clamav-daemon.
  • Do not have postfix set to force SSL connections, or you will not be able to receive mail.

Fail2Ban

There are some included settings for postfix and dovecot in fail2ban, so you might want to enable those to help block brute force attacks.

Useful References

When Things Go Wrong

https://www.linode.com/docs/email/postfix/troubleshooting-problems-with-postfix-dovecot-and-mysql/

Mail Filtering

http://www.akadia.com/services/postfix_amavisd.html

DNS and Such

http://www.openspf.org/SPF_Record_Syntax

https://www.linode.com/docs/email/running-a-mail-server#dns-records

MySQL

http://dev.mysql.com/doc/refman/5.7/en/create-table.html

Postfix

http://www.postfix.org/TLS_README.html

http://www.postfix.org/postconf.5.html#smtpd_tls_security_level

Dovecot

http://wiki2.dovecot.org/SSL

Lifestream Event

Other

https://help.ubuntu.com/community/MailServer

https://www.howtoforge.com/community/threads/amavis-warn-all-primary-virus-scanners-failed-considering-ba.44828/

http://www.microhowto.info/howto/remove_the_passphrase_from_an_existing_openssl_key_file.html

Things I Didn’t Use

iRedMail

Looks nice and simple for those who don’t already have a running server setup.

Its annoying that they really seem to want a fresh install, but I might have been able to make it work by modifying the files extensively. (This looks really useful, but I don’t know if it works any more.) But my server is limited on memory, so I didn’t want to install more than I need to. And at the end of the day, a manual install seemed more useful.