Email Server Administration

邮件服务器维护

Suppose we are using postfix + dovecot + postgresql for our email server.

Config files

/etc/postfix/main.cf
/etc/postfix/*
/etc/dovecot/dovecot.conf

Status Checking

## start and stop on ubuntu
sudo service postfix status/stop/start/reload
sudo service dovecot status
sudo service postgresql status
tail -f /var/log/mail.log
tail -f /var/log/mail.err

## tail log
sudo journalctl -u postfix -f
sudo journalctl -u dovecot -f
sudo journalctl -f

## tcp port check
sudo ss -ntlp

# smtp(postfix, send mail): 25/465
# imap(dovecot, client receive mail): 143/993
# pop3: 995/110

# port 25/143/110 are unencrypted
# port 465/993/995 are TLS encrypted
# 

Differenct between POP3 and IMAP

When using IMAP, the status of the mailbox are all synchronized across all clients and server, that means if one mail is deleted on one client, the mail will be gone in the server and also in other clients. POP3 is not synchronized.

Usually, we should use IMAP.

Connect to SMTP Server Using CLI

# or telnet mail.example.com 25
nc mail.example.com 25
250-example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250-SMTPUTF8
250 CHUNKING

Sending Email on localhost

mail user@bac.com

Enable TLS

sudo vim /etc/postfix/main.cf


# TLS parameters
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.example.net/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.example.net/privkey.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_loglevel = 1

smtpd_tls_received_header = yes
#
smtp_use_tls = yes

sudo vim /etc/dovecot/conf.d/10-ssl.conf

##
## SSL settings
##

# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
#ssl = yes
# if ssl is set to yes, others may not use TLS to send you email.
ssl = required # must use TLS

# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf

ssl_cert = </etc/letsencrypt/live/mail.example.net/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.example.net/privkey.pem