DBMail over PostgreSQL + Postfix + SASL on Debian. Part 1. Introduction.

Leave a Comment / Administration, Featured, PostgreSQL /

Databases are bad for email. Howbeit, sometimes you really don’t need fast mailing system, but want to use an existing database backup infrastructure. At this article we will setup our own mail server using DBMail, Postfix and SASL.

  • DBMail is an open source mail server which able to use relational database to store all users and mail data. It has IMAP and POP3 daemons with built-in connection encryption to view your mail box securerly.
  • Postfix is a mail transfer agent with SMTP daemon which is used to forward any outgoing mail from your PC to another mail server and receive incoming mails.
  • SASL is a Simple Authentication and Security Layer which is used by Postfix to auth a connection to SMTP daemon with your username and password.
Part 1. Introduction.
Part 2. DBMail.
Part 3. Postfix.
Part 4. SASL.
Part 5. SPF. DKIM. DMARC. Clear headers. DNS PTR.

Domain, DNS

First, you need to register a domain or use an existing one. At this article I will use somewhere-in-the.space domain registered with NameCheap.

Second, create A, AAAA(if you have IPv6) and MX records using your own or registrar’s DNS server.

mail.somewhere-in-the.space. IN    A       your-IPv4
mail.somewhere-in-the.space. IN    AAAA    your-IPv6
somewhere-in-the.space. IN      MX      1 mail.somewhere-in-the.space.

PostgreSQL

Add PostgreSQL repo and install it.

wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)"-pgdg main | tee  /etc/apt/sources.list.d/pgdg.list
apt update
apt install postgresql-11

Enable PostgreSQL autostart.

update-rc.d postgresql enable

Check PostgreSQL is working.

su - postgres -c "psql -c 'select version();'"

TLS Certificates

To make our server secure and trusted we need to obtain TLS certificate.
You can get one for free using Let’s Encrypt.

First, install certbot.

apt install certbot

Second, edit /etc/letsencrypt/cli.ini certbot config file.

max-log-backups = 0
authenticator = standalone
preferred-challenges = http
#change address to your public one on gmail, aol, etc.
email = your@mail.com
agree-tos = True
no-eff-email = True
manual-public-ip-logging-ok = True
#change permissions to appropriate ones
post-hook = /bin/chmod -R 640 /etc/letsencrypt/archive/ > /dev/null 2>&1

Obtain certificate.

certbot certonly -d mail.somewhere-in-the.space

Add cron job to renew certificate automatically every week.

crontab -e
* * * * 0 /usr/bin/certbot renew --force-renew

Let’s setup DBMail.

Leave a Comment

Your email address will not be published. Required fields are marked *