How to setup Zimbra on Debian Squeeze

What is Zimbra?

Zimbra is a complete email, address book, calendar and tasks solution that can be accessed from the Zimbra Web Client, Zimbra Desktop offline client, Outlook and a variety of other standards-based email clients and mobile devices. It can be deployed as a traditional binary install on Linux, or as a software virtual appliance, commonly referred to as Zimbra appliance.There are several versions of ZCS to choose from:

    >> ZCS Network Edition
    >> ZCS hosted email by a Zimbra partner
    >> ZCS Open Source Edition (free)

Zimbra is a groupware system that provides email, calendaring, integrated antivirus and spam filtering, and more for multiple domains. Available in several editions, this guide will help you get Zimbra Collaboration Suite-Open Source Edition installed on your Debian 6 (Squeeze) Linux VPS.

Please note that Zimbra is a fairly "heavy" (resource-intensive) product compared to some other groupware offerings. We recommend a Linode 2048 or higher for best results; you may encounter issues using Zimbra with plans with less resources. Additionally, note that Zimbra works best as a standalone product on your VPS; installation alongside other software is not advised. Zimbra is deprecating support for 32-bit systems, and therefore it is assumed you have deployed the 64-bit version of Debian 6. If this is not the case, you will want to redeploy with the 64-bit version before continuing. All configuration will be performed through the terminal; please make sure you're logged into your Linode as root via SSH.

Please note that as of this writing, Zimbra is not officially supported on Debian 6. The software should function as expected but your support options may be limited by choosing to install it on Debian 6.


Please check your host record is Ok...
------------------------------------------------
    # vim /etc/hosts

====================================================
127.0.0.1       localhost
127.0.1.1       mx.mithu.com    mx
172.16.0.7     mx.mithu.com    mx

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
====================================================



Check your debian squeeze source list is Ok...
------------------------------------------------------------
  
    # vim /etc/apt/sources.list

===========================================================
deb ftp://ftp.us.debian.org/debian/ squeeze main contrib non-free
deb-src ftp://ftp.us.debian.org/debian/ squeeze main contrib non-free

deb http://security.debian.org/ squeeze/updates main
deb-src http://security.debian.org/ squeeze/updates main
===========================================================


Don't forget to update & upgrade:

    # apt-get update
    # apt-get upgrade


Download & Install several packages required by Zimbra:


    # apt-get install libpcre3 libgmp3c2 libgmp3-dev sysstat libexpat1 libidn11 perl-modules wget lzma sudo


Download Zimbra Software for Debian:


    # wget http://files2.zimbra.com/downloads/6.0.10_GA/zcs-6.0.10_GA_2692.DEBIAN5.20101215161423.tgz
    # tar -xzvf zcs*
    # cd zcs*

Now we have to edit the file util/utilfunc.sh
    # vim /root/zcs-6.0.10_GA_2692.DEBIAN5.20101215161423/util/utilfunc.sh                    [assumed that zimbra software donloaded and extracted in /root folder..    ]

=========================================================
=========================================================
Search for the first instance of the following line:

--------------------------------------------------------------------------------
PREREQ_PACKAGES="sudo libidn11 libgmp3 libstdc++6"
--------------------------------------------------------------------------------


Change it to match the following line:


------------------------------------------------------------------------------------
PREREQ_PACKAGES="sudo libidn11 libgmp3c2 libstdc++6"
------------------------------------------------------------------------------------

=========================================================
=========================================================

====================================================================
Note: while editing this file it will fire a message that... the file is read only. You have forcefully save it using (wq!).
====================================================================


Due to stricter behavior in the version supplied in Debian 6, you'll need to temporarily downgrade your dpkg binary before proceeding.
Download appropriate package depending on whether you are running 32-bit or 64-bit Debian:

Assumed that you are downloading the package in /root folder..
==========================================================
wget http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.15.5.6ubuntu4.5_amd64.deb [for 64bit]
wget http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.15.5.6ubuntu4.5_i386.deb     [for 32bit]   
==========================================================

Install the downloaded dev package with the following command:
    # dpkg -i dpkg_1.15.5.6ubuntu4.5_i386.deb

Now its time for the installation of ZIMBRA... ha ha ha
    # cd /root/zcs-6.0.10_GA_2692.DEBIAN5.20101215161423  (assumed that you extracted zimbra package in this direcotry..)
    # ./install.sh --platform-override

The install will begin, prompting you to respond to a number of questions, and consuming a moment to perform various tasks.

You can safely assume the default configuration..... (Asking prompts are as follows....)

-------------------------------------------------------------------
The system will be modified.  Continue? [N] Y
-------------------------------------------------------------------


-------------------------------------------------------------------------------------------------
DNS ERROR resolving MX for hostname.example.com
It is suggested that the domain name have an MX record configured in DNS
Change domain name? [Yes] No
--------------------------------------------------------------------------------------------------


You'll then be presented with an admin menu next.....


-------------------------------------------------------------------------------------------------------------
Main menu

   1) Common Configuration:
   2) zimbra-ldap:                                   Enabled
   3) zimbra-store:                                  Enabled
        +Create Admin User:                     yes
        +Admin user to create:                  admin@hostname.example.com
******* +Admin Password                        UNSET
        +Enable automated spam training:       yes
        +Spam training user:                           spam.5jdzb7fy@hostname.example.com
        +Non-spam(Ham) training user:          ham.vhdq0mhzo@hostname.example.com
        +Global Documents Account:             wiki@hostname.example.com
        +SMTP host:                                       hostname.example.com
        +Web server HTTP port:                     80
        +Web server HTTPS port:                   443
        +Web server mode:                             http
        +IMAP server port:                              143
        +IMAP server SSL port:                       993
        +POP server port:                               110
        +POP server SSL port:                       995
        +Use spell check server:                     yes
        +Spell server URL:                             http://hostname.example.com:7780/aspell.php
        +Configure for use with mail proxy:     FALSE
        +Configure for use with web proxy:     FALSE
        +Enable version update checks:          TRUE
        +Enable version update notifications:  TRUE
        +Version update notification email:       admin@hostname.example.com
        +Version update source email:              admin@hostname.example.com

   4) zimbra-mta:                                Enabled
   5) zimbra-snmp:                             Enabled
   6) zimbra-logger:                            Enabled
   7) zimbra-spell:                              Enabled
   8) Default Class of Service Configuration:
   r) Start servers after configuration        yes
   s) Save config to file
   x) Expand menu
   q) Quit

Address unconfigured (**) items  (? - help)
------------------------------------------------------------------------------------------------------------


Enter "3" to enter the zimbra-store menu, which will look similar to the following:

-------------------------------------------------------------------------------------------------------------
Store configuration

   1) Status:                                               Enabled
   2) Create Admin User:                           yes
   3) Admin user to create:                        admin@hostname.example.com
** 4) Admin Password                               UNSET
   5) Enable automated spam training:      yes
   6) Spam training user:                           spam.5jdzb7fy@hostname.example.com
   7) Non-spam(Ham) training user:          ham.vhdq0mhzo@hostname.example.com
   8) Global Documents Account:             wiki@hostname.example.com
   9) SMTP host:                                       hostname.example.com
  10) Web server HTTP port:                    80
  11) Web server HTTPS port:                  443
  12) Web server mode:                            http
  13) IMAP server port:                            143
  14) IMAP server SSL port:                     993
  15) POP server port:                              110
  16) POP server SSL port:                      995
  17) Use spell check server:                    yes
  18) Spell server URL:                            http://hostname.example.com:7780/aspell.php
  19) Configure for use with mail proxy:         FALSE
  20) Configure for use with web proxy:         FALSE
  21) Enable version update checks:             TRUE
  22) Enable version update notifications:     TRUE
  23) Version update notification email:        admin@hostname.example.com
  24) Version update source email:               admin@hostname.example.com

Select, or 'r' for previous menu [r] 4
-------------------------------------------------------------------------------------------------------------

You can configure various options here; but, the most important option is the one for setting the administrator password.Enter "4" to set it, choosing a strong password comprised of letters, numbers, and non-alphanumeric characters. After setting the admin password, enter "r" to return to the main menu. At this point you can enter "a" to apply the configuration that you have set, and follow this procedure. This allows Zimbra to proceed with the remaining installation steps.

Issue the following command to restore your original version of dpkg:
====================================================================
    # apt-get install dpkg

And finally don't forget restart zimber service.
    # /etc/init.d/zimbra restart



Now time to visit the Zimbra admin URL in your browser. It will be in the form of :
=====================================================================
    # https://hostname.example.com:7071/

Once you have configured the server and added accounts, users may log in using a link similar to

    # http://hostname.example.com/zimbra/mail



Note:    Default Admin Account : admin@hostname.example.com
                                      Password: as you entered during setup



Tuning:
Problem in log:

zimbra postfix/smtp[1927]: 34A2F90126: to=<email@host.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=26462, delays=26461/0.49/0.05/0.15, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=32120-01, parts_decode_ext FAILED: Unix utility file(1) not available, but is needed at (eval 85) line 113. (in reply to end of DATA command))

451 4.5.0 Error in processing, id=16530-01, parts_decode_ext FAILED: Unix utility file(1) not available, but is needed at (eval 85) line 113. (in reply to end of DATA command))

Solution:

    #apt-get install file

Restart Zimbra...
    # /etc/init.d/zimbra restart

How to install iRedMail on Debian 7 (Wheezy)

What iRedMail is?
----------------------

            >> A ZERO COST, fully fledged, full-featured mail server solution.
           All used packages are free and open source, provided by the Linux/BSD     distribution venders you trust.
           
           >> An open source project, released under GPLv2, hosted on BitBucket.

What iRedMail does?
-----------------------------
        >> Install and configure mail server related BINARY packages automatically from the official software
           repositories provided by Linux/BSD distribution venders.

What Opensource Software are Used in iRedMail ?
-----------------------------------------------------------------


            >> Postfix: SMTP service

        >> Dovecot: POP3/POP3S, IMAP/IMAPS, Managesieve service

        >> Apache: Web server

        >> MySQL/PostgreSQL: Storing application data and/or mail accounts

        >> OpenLDAP: Storing mail accounts

        >> Policyd: Postfix policy server

        >> Amavisd: An interface between Postfix and SpamAssassin, ClamAV. Used for spam and virus scanning.
   
        >> Roundcube: Webmail

            >> Awstats: Apache and Postfix log analyzer

            >> Fail2ban: scans log files (e.g. /var/log/maillog) and bans IPs that show the malicious signs
             -- too many password failures, seeking for exploits, etc.


========================================
--------------------------------------------------------
iRedMail Installation and Configuration:
-------------------------------------------------------
========================================



Please check your host record is Ok...
--------------------------------------------------
    # vim /etc/hosts

===========================================================
127.0.0.1       localhost
127.0.1.1       mx.mithu.com    mx
172.16.0.7      mx.mithu.com    mx

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
===========================================================



Check your debian squeeze source list is Ok...
---------------------------------------------------------
   
    # vim /etc/apt/sources.list

===========================================================
deb http://http.debian.net/debian wheezy main
deb-src http://http.debian.net/debian wheezy main

deb http://security.debian.org/ wheezy/updates main
deb-src http://security.debian.org/ wheezy/updates main
===========================================================


Dont forget to update & upgrade:
----------------------------------------
    # apt-get update
    # apt-get upgrade


You may need to Install the package 'bzip2' so that you can uncompress iRedMail installer.

    # sudo apt-get install bzip2


Download the latest iRedMail Package:(Supposed to be in /root directory)
------------------------------------------------------------------------------------------
    # wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.8.6.tar.bz2
    # cd /root/
    # tar xjf iRedMail-0.8.6.tar.bz2

=============================
Now Start iRedMail installer:
=============================

    # cd /root/iRedMail-0.8.6/
    # bash iRedMail.sh



Screens that will during installation:
--------------------------------------------

    ~ Welcom and thanks for use >> Click Yes
    ~ Specify location to store all mailboxes. Default is /var/vmail/
    ~ Choose backend used to store mail accounts. Please choose the one which you're familiar with. [I prefer MySql]
    ~ Set password of MySQL root user. MySQL is used to store data of other applications, e.g. Roundcube webmail, Policyd, Amavisd-new.
    ~ Add your first mail domain name : mithu.com [Don't be confused...Give only the domain not fqdn]
    ~ Set password of admin account of your first mail domain. [Give your desired pass $**********$ ]
    ~ Choose optional components : [Select All and press Next...]
    ~ Setup will ask for iptables config and restart the firewall ...[ Type { Y } and press enter ]


configure Mail clients (Microsoft Outlook):
====================================
User Inforamtion ~
          >> Your Name: Mehedi Hasan
          >> Email Address : mithu@imehedi.com

Server Information ~
          >> Account Type: IMAp
          >> Incomming Mail Server: 116.193.170.5
          >> Outgoing Mail Server (SMTP): 116.193.170.5


Logon Information ~
          >> User Name: mithu@imehedi.com {need [user@FullDomain] because iRedMail supports multiple virtual domains }
          >> Password:  $*********$.

Go to More Settings ~
            >> Go to Outgoing Server Tab >> Tick Mark [V] on My Outgoing Server (SMTP) requires authentication >> Select Log On using (Radio Button)
                =>> User Name: mithu@imehedi.com
                =>> Password:  $*********$.
                =>> Tick Mark [V] on Remember Password


                >> Go to Advanced Tab
                =>> Incomming Server (IMAP): 143
                =>> Use the type of encrypted connection: Choose TLS
                =>> Outgoing Server (SMTP): 25
                =>> Use the type of encrypted connection: Choose TLS


Trouble Shooting:
===============
Problem 1. Recipient address rejected: Greylisting in effect, please come back later.
-------------

Solution:  This is the way to disable Greylisting effect in iRedMail:

    # vim  /etc/cluebringer/cluebringer.conf

==========================
Change

# Greylisting module
[Greylisting]
enable=1

to

# Greylisting module
[Greylisting]
enable=0
===========================

Now the restart the serviec to take effect:
    # /etc/init.d/postfix-cluebringer restart



Problem 2. Helo command rejected: need fully-qualified hostname.
------------


Solution: 
This type  of error will appear when we try to send message from various mail clients like Outlook, thunderbird etc. To solve this problem:

Go to More Settings ~
            >> Go to Outgoing Server Tab >> Tick Mark [V] on My Outgoing Server (SMTP) requires authentication >> Select Log On using (Radio Button)
                =>> User Name: mithu@imehedi.com
                =>> Password:  $*********$.
                =>> Tick Mark [V] on Remember Password

How to install and configure Amavis, Clamav and Spamassassin on Debian Squeeze

Concept:

In this tutorial we will show you how to install and configure Amavis-new, clamAV and Spamassassin. We also integrate these packages with Postfix for better understanding that how they works with smtpd.

Amavis-new is a wrapper that can call any number of content filtering programs for spam detection, antivirus, etc. ClamAv is world famous opensource package for content filtering and Spamassassin is for spam protection.

First of all Update Debian Squeeze Souce List (Otherwise you can't install the optional packages):


===============================================================
deb ftp://ftp.se.debian.org/debian squeeze main
deb ftp://ftp.se.debian.org/debian squeeze main contrib non-free


deb http://http.us.debian.org/debian/ squeeze main contrib non-free
deb-src http://http.us.debian.org/debian/ squeeze main contrib non-free
===============================================================


Don't forget to update & upgrade:

    # apt-get update
    # apt-get upgrade

Installation on Debian squeeze:


    # apt-get install amavisd-new spamassassin clamav-daemon


Optional packages for better spam detection:


    # apt-get install libnet-dns-perl libmail-spf-query-perl pyzor razor libmail-spf-perl


Packages to enable scanning of attached archive files:
   
        # apt-get install arj bzip2 cabextract cpio file gzip lha nomarch pax rar unrar unzip unzoo zip zoo p7zip


Configuration [Clamav]:

The default behaviour of Clamav will fit our needs. A daemon is launched (clamd) and signatures are fetched every day.

For more Clamav configuration options, check the configuration files in /etc/clamav.

Add clamav user to the amavis group and vice versa in order for Clamav to have access to scan files:

    # adduser clamav amavis
    # adduser amavis clamav


Configuration [Spamassassin]:

Spamasssassin autodetects optional components and will use them if they are present. This means that there is no need to configure dcc-client, pyzor and razor.

Edit /etc/default/spamassassin to activate the Spamassassin daemon change ENABLED=0 to:

ENABLED=1

and to enable automatic rule updates change CRON=0 at the bottom to:

CRON=1


Now start Spamassassin: (not restart)

    # /etc/init.d/spamassassin start

Configuration [Amavis]:


First, activate spam and antivirus detection in Amavis by editing /etc/amavis/conf.d/15-content_filter_mode:

=====================================================================
use strict;

# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.

#
# Default antivirus checking mode
# Uncomment the two lines below to enable it
#

@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);


#
# Default SPAM checking mode
# Uncomment the two lines below to enable it
#

@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

1;  # insure a defined return
======================================================================

After configuration Amavis needs to be restarted:

    # /etc/init.d/amavis restart


Postfix integration:

For postfix integration, you need to add the content_filter configuration variable to the Postfix
configuration file /etc/postfix/main.cf.. This instructs postfix to pass messages to amavis at a given IP address and port:

    content_filter = smtp-amavis:[127.0.0.1]:10024

Alternatively you can use the following command to do the same:
    # postconf -e "content_filter = smtp-amavis:[127.0.0.1]:10024


Next edit /etc/postfix/master.cf and add the following to the end of the file:


=====================================================================
smtp-amavis     unix    -       -       -       -       2       smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes
        -o disable_dns_lookups=yes
        -o max_use=20

127.0.0.1:10025 inet    n       -       -       -       -       smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_delay_reject=no
        -o smtpd_client_restrictions=permit_mynetworks,reject
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_data_restrictions=reject_unauth_pipelining
        -o smtpd_end_of_data_restrictions=
        -o mynetworks=127.0.0.0/8
        -o smtpd_error_sleep_time=0
        -o smtpd_soft_error_limit=1001
        -o smtpd_hard_error_limit=1000
        -o smtpd_client_connection_count_limit=0
        -o smtpd_client_connection_rate_limit=0
        -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

Also add the following two lines immediately below the "pickup" transport service:
[This will prevent messages that are generated to report on spam from being classified as spam.]

         -o content_filter=
         -o receive_override_options=no_header_body_checks
======================================================================


Reload postfix:

    # /etc/init.d/postfix reload

=======================================================================
Now content filtering with spam and virus detection is enabled. Yy@aHh0o0o...Great Job MAN..Done...
=======================================================================

How to setup secure mail server on Debian Squeeze

Setup Email Services on Debian 6 Using Postfix (TLS+SASL) and Dovecot:


Concept:

Are not TLS and SSL different encryption mechanisms?

If you setup an email program you will often see separate options for “no encryption”, “SSL”, or “TLS” encryption of you transmission.  This leads one to assume that TLS and SSL are different things.

In truth, this labeling is a misnomer.  You are not actually selecting which method to use (SSL v3 or TLS v1.x) when making this choice.  You are merely selecting between options that dictate how the secure connection will be initiated.

No matter which method you choose, TLS or SSL, the same level of encryption will be obtained when talking to the server and that level is determined by the software installed on the server, how that is configured, and what your program actually supports. If the SSL vs TLS choice is not one of security, what is it?

There are two distinct ways that a program can initiate a secure connection with a server:

By Port:

Connecting to a specific port means that a secure connection should be used.  For example, port 443 for https (secure web), 993 for secure IMAP, 995 for secure POP, etc.  These ports are setup on the server ready to negotiate a secure connection first, and do whatever else you want second.

By Protocol:

These connections first begin with an insecure “hello” to the server and only then switch to secured communications after the handshake between the client and the server is successful. If this handshake fails for any reason, the connection is severed.  A good example of this is the command “STARTTLS” used in outbound email (SMTP) connections.

About Secure Mail Server:

Now a days postfix and dovecot are most famous and widely used Mailserver config packages. Postfix is used as MTA to send & receive mail and dovecot is used for poping the mail from mailbox in the server. By default postfix listens on 25 and dovecot listen 110 i.e. all  of which we know as plain text (not encrypted). As security threats are widely spreaded One problem when you administer a network is securing data that is being sent between applications across an untrusted network.

You can use TLS/SSL to authenticate servers and clients and then  use it to encrypt messages between  the  authenticated parties.

Here is a guide on getting Email services running on Debian Squeeze. I used Postfix for core services

(SMTP wtih TLS and SASL) and Dovecot for fast & secure IMAP and POP3. Both of these packages will work secure port which means

    Postfix as SMTPs-Port 465
    Dovecot as PoP3s-Port 995


Below are the checklist as prerequisite:


Please check your host record is Ok...
-----------------------------------------------
    # vim /etc/hosts

=====================================================
127.0.0.1       localhost
127.0.1.1       mx.mithu.com    mx
172.16.0.7      mx.mithu.com    mx

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
====================================================


Check your debian squeeze source list is Ok...
--------------------------------------------------------

              # vim /etc/apt/sources.list
===========================================================
deb http://ftp.debian.org/debian/ squeeze main
deb-src http://ftp.debian.org/debian/ squeeze main

deb http://security.debian.org/ squeeze/updates main
deb-src http://security.debian.org/ squeeze/updates main
===========================================================



Dont forget to update & upgrade:
-----------------------------------------
    # apt-get update
    # apt-get upgrade

Installation and Configuration:


For SSL Support in Debian SQUEEZE:
============================
    # apt-get install openssl ssl-cert sasl2-bin libsasl2 libsasl2-modules


Next, let’s take care of certificates for TLS. You will be asked several questions during this process. Fill them in as you see fit.


    # mkdir /etc/postfix/ssl
    # cd /etc/postfix/ssl/
    # openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
    # chmod 600 smtpd.key
    # openssl req -new -key smtpd.key -out smtpd.csr
    # openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
    # openssl rsa -in smtpd.key -out smtpd.key.unencrypted
    # mv -f smtpd.key.unencrypted smtpd.key
    # openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650


SASL Config:


Authentication will be done by saslauthd which will need to be configured to support a chrooted Postfix setup. Edit /etc/default/saslauthd and add or change the following settings so that they match:

    # vim /etc/default/saslauthd


====================================================

START=yes
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

====================================================


Finish up SASL by creating the chroot directory, adding the postfix user to the sasl group
and then starting saslauthd.


    # mkdir -p /var/spool/postfix/var/run/saslauthd
    # dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
    # adduser postfix sasl

and Finally restart sasl
   
    # /etc/init.d/saslauthd start




Installing & configuring Postfix for TLS and SASL:

    # apt-get install postfix

Edit the main.cf file as follows:(you should change Domain name and networks as to fit your organizational needs )


    # vim /etc/postfix/main.cf

=====================================================================

# TLS parameters

smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_CAfile =   /etc/postfix/ssl/cacert.pem
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_sasl_type = cyrus
local_recipient_maps =

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mx.mithu.com
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/aliases
access_maps = hash:/etc/postfix/access
transport_maps = hash:/etc/postfix/transport
myorigin = /etc/mailname
mydestination = mx.mithu.com, mx, localhost.mithu.com, localhost
relayhost =
mynetworks = 127.0.0.0/8 , 10.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
mailbox_command =
=====================================================================

Now edit the master.cf file as follows:

commet out smtp and Paste smpts lines as follows:

====================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ===================================================================
#smtp      inet  n       -       -       -       -       smtpd
#submission inet n       -       -       -       -       smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       -       -       -       smtpd
smtps   inet n   -   n   - - smtpd
      -o smtpd_sasl_auth_enable=yes
#      -o smtpd_reject_unlisted_sender=yes
#      -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
      -o broken_sasl_auth_clients=yes

===================================================================


Now create a file named smptd.conf and paste the following lines:
================================================================
    # vim /usr/lib/sasl2/smtpd.conf

============================

pwcheck_method: saslauthd
mech_list: plain login

============================

Important:


Using Port 587 for Secure Submission
===========================

If you want to use port 587 as the submission port for SMTP mail rather than 25 (many ISPs block port 25)
you will need to edit /etc/postfix/master.cf and uncomment the line

----------------------------------------------------------------------
|    submission inet n      -       n       -       -       smtpd     |
----------------------------------------------------------------------


Testing:

At this point, core email services should be up and running.
Let’s make sure that you’re in good shape before moving on. First, establish a connection with the mail server.

===========================================
root@mx:/# telnet localhost 465
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mx.mithu.com ESMTP Postfix (Debian/GNU)
ehlo mithu
250-mx.mithu.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
============================================

If you see the following lines among others, then everything is working perfectly. Type quit to exit.

=====================
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
====================


Installing & configuring Dovecot:

    # apt-get install dovecot*

now we will configure dovecot....(Uncomment some of the following lines and change their values)

    # vim /etc/dovecot/dovecot.conf


============================================
protocols = imap imaps pop3 pop3s
auth_debug = yes
mail_location = mbox:~/mail:INBOX=/var/mail/%u
disable_plaintext_auth = yes
pop3_uidl_format = %08Xu%08Xv
============================================

~~~~~~
N.B.R.
~~~~~~

Configure Dovecot for your mailbox format use (for maildir): {If mbox format used nothing to add in main.cf}

mail_location = maildir:~/Maildir


Do these steps ONLY if you want Maildir. This setup will put the Maildir in each user's home directory.

If you are using Postfix as your MTA, then add the following line to your /etc/postfix/main.cf file:


    # vim /etc/postfix/main.cf
---------------------------
home_mailbox = Maildir/
---------------------------

Edit /etc/dovecot/dovecot.conf:

mail_location = maildir:/home/%u/Maildir


$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
   @@@ Great Job!!!! we have done..Lets check it with Outlook express.....@@@@
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$


While configuring Outlook express (Keep in mind):

    We have to go advanced mail setup on Advanced Tab.
        >> Server Port Numbers
            ~ Outgoing mail (SMTP) 465
            ~ Incomming mail(POP3) 995
            ~ Give tick mark [v] on This Server requires SSL (Option)