Read in 6 minutes

last updated 

Set up a mail server with PostfixAdmin

Photo by geralt

Postfix Admin is a web based interface which allows users to configure and manage a Postfix based email server. With Postfix Admin you can create and manage multiple virtual domains, users and aliases.

This is the first post in the series Setting up and configuring a mail server which covers creating the necessary DNS records and explains how to install and configure Postfix Admin, Nginx with free Let’s Encrypt certificate, PHP and MySQL.

This tutorial was written for Ubuntu 16.04, however the same steps with small modifications should work on any newer version of Ubuntu.

Prerequisites

As the prerequisites to follow this series, you will need:

DNS settings

You need to set up the following DNS records for your mail system to work:

  • A record, to point your system’s FQDN (hostname) to your mail server IPv4 address.
mail.linuxize.com. 3600 IN A   23.45.67.89

The FQDN consists of two parts, the hostname and the domain name.

  • MX record, to specify which mail server is responsible for accepting email messages on behalf of a recipient’s domain. In our case we want all emails sent to @linuxize.com email addresses to be accepted by the mail.linuxize.com mail server.
linuxize.com.      3600 IN MX  0 mail.linuxize.com.
  • SPF record, which is used to verify which mail servers are approved to send email on behalf of a given domain. In the example below we are approving the domain mail servers (mx) and if the SPF check fails, the result will be a soft failure (~all):
linuxize.com.      3600 IN TXT "v=spf1 mx ~all"

Of course, you need to replace the domain name and the IP address with your real domain name and your mail server IP address.

Reverse DNS (PTR)

Reverse DNS (PTR) is IP address to domain name mapping, it’s the exact opposite of DNS which maps domain names to IP addresses.

Most email servers will perform a reverse DNS lookup on the IP address that is attempting to connect to them and may not accept emails from the server if the PTR record is not set.

In most cases PTR entries can be set via your hosting provider web interface or by contacting the support team and ask them to setup a correct PTR record for you.

You can use the dig command to find out the reverse DNS of a given IP address.

dig -x 23.45.67.89
23.45.67.89.in-addr.arpa domain name pointer mail.linuxize.com.

Create a system user

Since we are configuring a mail server with virtual users we need one system user which will be the owner of all mailboxes and will be used by the virtual users to access their email messages on the server.

The following command will create a new group and user named vmail and set the user’s home directory to /var/mail/vmail:

sudo groupadd -g 5000 vmail
sudo useradd -u 5000 -g vmail -s /usr/sbin/nologin -d /var/mail/vmail -m vmail

All virtual mailboxes will be stored in the /var/mail/vmail directory.

Install Nginx PHP and MySQL

Postfix Admin is a PHP based application. To be able to access the PostfixAdmin web interface we need to install a Web server and PHP.

Run the following command to install Nginx, PHP and all required PHP modules:

sudo apt install nginx mysql-server php7.0-fpm php7.0-cli php7.0-imap php7.0-json php7.0-mysql php7.0-opcache php7.0-mbstring php7.0-readline

You’ll be prompted to create a MySQL root password during the installation.

Download and Configure Postfix Admin

At the time of the writing, 3.1 is the latest stable version of Postfix Admin.

Download the Postfix Admin archive using the following wget command:

VERSION=3.1
wget -q https://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-${VERSION}/postfixadmin-${VERSION}.tar.gz

Once the download is completed extract the archive:

tar xzf postfixadmin-${VERSION}.tar.gz

Move the Postfix Admin source files the /var/www directory and create templates_c directory (smarty cache):

sudo mv postfixadmin-${VERSION}/ /var/www/postfixadmin
rm -f postfixadmin-${VERSION}.tar.gz
mkdir /var/www/postfixadmin/templates_c

Both Nginx and PHP-FPM are running under user www-data so we need to change the ownership of the /var/www/postfixadmin to that user:

sudo chown -R www-data: /var/www/postfixadmin

Postfix Admin will use a MySQL database to store information about users, domains and the application configuration.

Login to the MySQL shell:

mysql -u root -p

Create a new database and user:

CREATE DATABASE postfixadmin;
GRANT ALL ON postfixadmin.* TO 'postfixadmin'@'localhost' IDENTIFIED BY 'P4ssvv0rD';
FLUSH PRIVILEGES;

Don’t forget to change the password (P4ssvv0rD) to something more secure.

Instead of editing the default Postfix Admin configuration we will create a new file named config.local.php which will overwrite the default application settings:

Open the file with your text file:

sudo nano /var/www/postfixadmin/config.local.php

Paste the following php code:

/var/www/postfixadmin/config.local.php
<?php
$CONF['configured'] = true;

$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfixadmin';
$CONF['database_password'] = 'P4ssvv0rD';
$CONF['database_name'] = 'postfixadmin';

$CONF['default_aliases'] = array (
  'abuse'      => '[email protected]',
  'hostmaster' => '[email protected]',
  'postmaster' => '[email protected]',
  'webmaster'  => '[email protected]'
);

$CONF['fetchmail'] = 'NO';
$CONF['show_footer_text'] = 'NO';

$CONF['quota'] = 'YES';
$CONF['domain_quota'] = 'YES';
$CONF['quota_multiplier'] = '1024000';
$CONF['used_quotas'] = 'YES';
$CONF['new_quota_table'] = 'YES';

$CONF['aliases'] = '0';
$CONF['mailboxes'] = '0';
$CONF['maxquota'] = '0';
$CONF['domain_quota_default'] = '0';
?>

Save and close the file.

With the configuration above we are defining the database type and the login credentials. Also, we are specifying the default aliases, disabling fetchmail and enabling quota.

Next, run the following command to create the schema for the Postfix Admin database:

sudo -u www-data php /var/www/postfixadmin/upgrade.php

Once the database is populated, we can go on and create our first PostfixAdmin superadmin user using the postfixadmin-cli tool.

This user will have administration privileges to modify any domain or application setting.

sudo bash /var/www/postfixadmin/scripts/postfixadmin-cli admin add [email protected] --superadmin 1 --active 1 --password P4ssvv0rD --password2 P4ssvv0rD

The output should look something like this:

Welcome to Postfixadmin-CLI v0.2
---------------------------------------------------------------

The admin [email protected] has been added!

---------------------------------------------------------------

Don’t forget to change the password (P4ssvv0rD) for the superadmin account to something more secure.

Install free Let’s Encrypt SSL Certificate

We are gonna use the SSL certificate to access our Postfix Admin installation and to enable Dovecot and Postfix SSL/TLS encryption.

We have a tutorial about how to install a Let’s Encrypt SSL Certificate. The most important point here is to generate a SSL Certificate for your server hostname (FQDN) in our case mail.linuxize.com.

Once you generated the SSL certificate by following the tutorial linked above, edit your Nginx server block as follows:

/etc/nginx/sites-enabled/mail.linuxize.com.conf
server {
    listen 80;
    server_name mail.linuxize.com;

    include snippets/letsencrypt.conf;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name mail.linuxize.com;
    root /var/www;

    ssl_certificate /etc/letsencrypt/live/mail.linuxize.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mail.linuxize.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/mail.linuxize.com/chain.pem;
    include snippets/ssl.conf;
    include snippets/letsencrypt.conf;

    location / {
       try_files $uri $uri/ /index.php;
    }

    location /postfixadmin {
       index index.php;
       try_files $uri $uri/ /postfixadmin/index.php;
    }

    location ~* \.php$ {
         fastcgi_split_path_info ^(.+?\.php)(/.*)$;
         if (!-f $document_root$fastcgi_script_name) {return 404;}
         fastcgi_pass  unix:/run/php/php7.0-fpm.sock;
         fastcgi_index index.php;
         include fastcgi_params;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}

Reload the Nginx service for changes to take effect:

sudo systemctl reload nginx

At this point you should be able to login to your Postfix Admin installation at https://mail.linuxize.com/postfixadmin using the superadmin user you created previously.

Conclusion

In this tutorial you installed Postfix Admin. In the next part of this series, we will continue with Postfix and Dovecot installation and configuration. Stay tuned!

This post is a part of the Setting up and configuring a mail server series.
Other posts in this series:

Set up a mail server with PostfixAdmin