hostnamectl set-hostname your-fqdn

ivnilv@sa584:~$ dig MX gomastodon.social

; <<>> DiG 9.16.1-Ubuntu <<>> MX gomastodon.social
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9541
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;gomastodon.social.             IN      MX

;; ANSWER SECTION:
gomastodon.social.      1528    IN      MX      15 eforward4.registrar-servers.com.
gomastodon.social.      1528    IN      MX      20 eforward5.registrar-servers.com.
gomastodon.social.      1528    IN      MX      10 eforward3.registrar-servers.com.
gomastodon.social.      1528    IN      MX      10 eforward2.registrar-servers.com.
gomastodon.social.      1528    IN      MX      10 eforward1.registrar-servers.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sat Jan 28 17:46:05 CET 2023
;; MSG SIZE  rcvd: 197

ivnilv@sa584:~$ 

✔ ~/projects/blog [main|…2] 
17:28 $ host gomastodon.social
gomastodon.social has address 217.79.189.227
gomastodon.social mail is handled by 10 mail.gomastodon.social.
✔ ~/projects/blog [main|…3] 
18:45 $ dig MX gomastodon.social

; <<>> DiG 9.18.1-1ubuntu1.3-Ubuntu <<>> MX gomastodon.social
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46282
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;gomastodon.social.             IN      MX

;; ANSWER SECTION:
gomastodon.social.      60      IN      MX      10 mail.gomastodon.social.

;; Query time: 48 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Sat Jan 28 18:47:15 EET 2023
;; MSG SIZE  rcvd: 67

✔ ~/projects/blog [main|…3] 

Postfix

sudo apt-get update

sudo apt-get install postfix -y
root@sa584:/etc/haproxy# ss -tunap | grep LISTEN | grep haproxy
tcp   LISTEN     0       4096               0.0.0.0:25            0.0.0.0:*      users:(("haproxy",pid=14327,fd=9))                                             
tcp   LISTEN     0       4096               0.0.0.0:80            0.0.0.0:*      users:(("haproxy",pid=14327,fd=8))                                             
root@sa584:/etc/haproxy# 

root@sa584:/etc/haproxy# telnet localhost 25
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

10.229.71.207:25      inet  n       -       -       -       1       postscreen
  -o postscreen_upstream_proxy_protocol=haproxy
  -o postscreen_cache_map=btree:$data_directory/postscreen_2525_cache
  -o syslog_name=postfix/25
Delivered-To: support@uptimelite.com
Received-SPF: none (zohomail.eu: 217.79.189.227 is neither permitted nor denied by domain of gomastodon.social) client-ip=217.79.189.227; envelope-from=root@gomastodon.social; helo=gomastodon.social;
Authentication-Results: mx.zohomail.eu;
	spf=none (zohomail.eu: 217.79.189.227 is neither permitted nor denied by domain of gomastodon.social)  smtp.mailfrom=root@gomastodon.social
Return-Path: <root@gomastodon.social>
Received: from gomastodon.social (sa584.saturn.dedi.server-hosting.expert [217.79.189.227]) by mx.zoho.eu
	with SMTPS id 1674998620420845.576018803501; Sun, 29 Jan 2023 14:23:40 +0100 (CET)
Received: by gomastodon.social (Postfix, from userid 0)
	id 038D316778; Sun, 29 Jan 2023 14:23:39 +0100 (CET)
Message-Id: <20230129132340.038D316778@gomastodon.social>
Date: Sun, 29 Jan 2023 14:23:39 +0100 (CET)
From: root <root@gomastodon.social>

test email4


Delivered-To: support@uptimelite.com
Received-SPF: pass (zohomail.eu: domain of gomastodon.social designates 217.79.189.227 as permitted sender) client-ip=217.79.189.227; envelope-from=root@gomastodon.social; helo=gomastodon.social;
Authentication-Results: mx.zohomail.eu;
	spf=pass (zohomail.eu: domain of gomastodon.social designates 217.79.189.227 as permitted sender)  smtp.mailfrom=root@gomastodon.social
Return-Path: <root@gomastodon.social>
Received: from gomastodon.social (sa584.saturn.dedi.server-hosting.expert [217.79.189.227]) by mx.zoho.eu
	with SMTPS id 1675004395621445.36709948522514; Sun, 29 Jan 2023 15:59:55 +0100 (CET)
Received: by gomastodon.social (Postfix, from userid 0)
	id E6E4D16774; Sun, 29 Jan 2023 15:58:19 +0100 (CET)
Message-Id: <20230129145954.E6E4D16774@gomastodon.social>
Date: Sun, 29 Jan 2023 15:58:19 +0100 (CET)
From: root <root@gomastodon.social>

test email5

SPF and DKIM

v=spf1 ip4:217.79.189.227/32 ~all

IMAP

certbot certonly -a nginx --agree-tos --no-eff-email --staple-ocsp --email root@gomastodon.social -d mail.gomastodon.social
#Enable TLS Encryption when Postfix receives incoming emails
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.gomastodon.social/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.gomastodon.social/privkey.pem
smtpd_tls_security_level=may 
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

#Enable TLS Encryption when Postfix sends outgoing emails
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

#Enforce TLSv1.3 or TLSv1.2
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
apt install dovecot-core dovecot-imapd
ssl_cert = </etc/letsencrypt/live/mail.gomastodon.social/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.gomastodon.social/privkey.pem
service auth {
    unix_listener /var/spool/postfix/private/auth {
      mode = 0660
      user = postfix
      group = postfix
    }
}

Roundcube

apt install php-net-ldap2 php-net-ldap3 php-imagick php8.1-common php8.1-gd php8.1-imap php8.1-mysql php8.1-curl php8.1-zip php8.1-xml php8.1-mbstring php8.1-bz2 php8.1-intl php8.1-gmp php8.1-redis
CREATE USER roundcube@localhost IDENTIFIED BY '0ePuCwWoZZvUuo0p6xt1';
GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost;
server {
      listen 80;
      listen [::]:80;
      server_name mail.gomastodon.social;

      root /usr/share/nginx/html/;

      location ~ /.well-known/acme-challenge {
         allow all;
      }
}



server {
  listen 80;
  listen [::]:80;
  server_name mail.example.com;
  root /usr/share/nginx/html/;
  index index.php index.html index.htm;

  error_log /var/log/nginx/roundcube.error;
  access_log /var/log/nginx/roundcube.access;

  location / {
    try_files $uri $uri/ /index.php;
  }

  location ~ \.php$ {
   try_files $uri =404;
    fastcgi_pass unix:/run/php/php8.1-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }

  location ~ /.well-known/acme-challenge {
    allow all;
  }
 location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
    deny all;
  }
  location ~ ^/(bin|SQL)/ {
    deny all;
  }
 # A long browser cache lifetime can speed up repeat visits to your page
  location ~* \.(jpg|jpeg|gif|png|webp|svg|woff|woff2|ttf|css|js|ico|xml)$ {
       access_log        off;
       log_not_found     off;
       expires           360d;
  }
}

Note: Don’t forget to add the user with adduser command and set a password so that IMAP login can work !

Configure RoundCube

More errors…



2023/02/16 18:59:15 [error] 66090#66090: *4979 FastCGI sent in stderr: "PHP message: PHP Warning:  file_put_contents(/usr/share/nginx/html/logs/errors.log): Failed to open stream: Permission denied in /usr/share/nginx/html/program/lib/Roundcube/rcube.php on line 1381PHP message: PHP Warning:  Invalid response code received from server in /usr/share/nginx/html/program/lib/Roundcube/rcube.php on line 1504PHP message: PHP Warning:  file_put_contents(/usr/share/nginx/html/logs/errors.log): Failed to open stream: Permission denied in /usr/share/nginx/html/program/lib/Roundcube/rcube.php on line 1381PHP message: PHP Warning:  Invalid response code received from server in /usr/share/nginx/html/program/lib/Roundcube/rcube.php on line 1504PHP message: PHP Warning:  file_put_contents(/usr/share/nginx/html/logs/errors.log): Failed to open stream: Permission denied in /usr/share/nginx/html/program/lib/Roundcube/rcube.php on line 1381PHP message: PHP Warning:  Failed to set sender 'ivnilv@gomastodon.social': 5.7.0 Must issue a STARTTLS command first (Code: 530) in /usr/share/nginx/html/program/lib/Roundcube/rcube.php on line 1504" while reading response header from upstream, client: 10.229.71.1, server: mail.example.com, request: "POST /?_task=mail&_unlock=loading1676570355645&_framed=1 HTTP/1.1", upstream: "fastcgi://unix:/run/php/php8.1-fpm.sock:", host: "mail.gomastodon.social", referrer: "http://mail.gomastodon.social/?_task=mail&_action=compose&_id=148318659863ee6ed354cd6"



2023/02/16 19:05:53 [error] 66090#66090: *5004 FastCGI sent in stderr: "PHP message: PHP Warning:  file_put_contents(/usr/share/nginx/html/logs/errors.log): Failed to open stream: Permission denied in /usr/share/nginx/html/program/lib/Roundcube/rcube.php on line 1381PHP message: PHP Warning:  Failed to connect socket:  in /usr/share/nginx/html/program/lib/Roundcube/rcube.php on line 1504PHP message: PHP Warning:  file_put_contents(/usr/share/nginx/html/logs/errors.log): Failed to open stream: Permission denied in /usr/share/nginx/html/program/lib/Roundcube/rcube.php on line 1381PHP message: PHP Warning:  Connection failed:  (Code: -1) in /usr/share/nginx/html/program/lib/Roundcube/rcube.php on line 1504" while reading response header from upstream, client: 10.229.71.1, server: mail.example.com, request: "POST /?_task=mail&_unlock=loading1676570753538&_framed=1 HTTP/1.1", upstream: "fastcgi://unix:/run/php/php8.1-fpm.sock:", host: "mail.gomastodon.social", referrer: "http://mail.gomastodon.social/?_task=mail&_action=compose&_id=142873075963ee7071e1bbf"