Email integration is essential for system notifications, web applications, and communication services. This guide will help you set up a complete email infrastructure on Alpine Linux, including both sending and receiving capabilities.
Table of Contents
- Prerequisites
- Understanding Email Services
- Installing Postfix (SMTP)
- Configuring Dovecot (IMAP/POP3)
- Setting Up Authentication
- SSL/TLS Configuration
- Spam Filtering with SpamAssassin
- Virus Scanning with ClamAV
- Webmail Installation
- Email Client Configuration
- Application Integration
- Monitoring and Logging
- Backup and Migration
- Troubleshooting
- Best Practices
- Conclusion
Prerequisites
Before configuring email services, ensure you have:
- Alpine Linux with root access
- Valid domain name with MX records
- Static IP address (for mail server)
- SSL certificate for secure connections
- Basic understanding of DNS and email protocols
- At least 2GB RAM for full mail server
Understanding Email Services
Email Components
# Check current mail setup
which sendmail
ls -la /var/spool/mail/Key components:
- MTA (Mail Transfer Agent): Postfix for sending/receiving
- MDA (Mail Delivery Agent): Dovecot for storage/retrieval
- MUA (Mail User Agent): Client applications
- Authentication: SASL for secure login
Installing Postfix (SMTP)
Step 1: Install Postfix
# Update package repository
apk update
# Install Postfix
apk add postfix postfix-pcre postfix-mysql
# Install utilities
apk add mailx cyrus-sasl cyrus-sasl-plain cyrus-sasl-login
# Enable Postfix service
rc-update add postfix defaultStep 2: Basic Postfix Configuration
# Backup original configuration
cp /etc/postfix/main.cf /etc/postfix/main.cf.backup
# Configure Postfix
cat > /etc/postfix/main.cf << 'EOF'
# Basic configuration
myhostname = mail.example.com
mydomain = example.com
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 127.0.0.0/8, 192.168.0.0/16
inet_interfaces = all
inet_protocols = ipv4
# Mail directories
home_mailbox = Maildir/
mail_spool_directory = /var/spool/mail
# Queue settings
maximal_queue_lifetime = 1d
bounce_queue_lifetime = 1d
maximal_backoff_time = 1h
minimal_backoff_time = 5m
queue_run_delay = 5m
# Message size limits
message_size_limit = 52428800
mailbox_size_limit = 1073741824
# Security settings
smtpd_banner = $myhostname ESMTP
biff = no
append_dot_mydomain = no
readme_directory = no
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/mail.crt
smtpd_tls_key_file = /etc/ssl/private/mail.key
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# SASL authentication
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
# Restrictions
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_rbl_client zen.spamhaus.org,
permit
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
defer_unauth_destination
EOFStep 3: Configure Master Process
# Configure master.cf
cat > /etc/postfix/master.cf << 'EOF'
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# ==========================================================================
smtp inet n - y - - smtpd
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
EOFConfiguring Dovecot (IMAP/POP3)
Step 1: Install Dovecot
# Install Dovecot
apk add dovecot dovecot-lmtpd dovecot-pop3d dovecot-mysql dovecot-pigeonhole-plugin
# Enable Dovecot service
rc-update add dovecot defaultStep 2: Configure Dovecot
# Main configuration
cat > /etc/dovecot/dovecot.conf << 'EOF'
# Protocols to enable
protocols = imap pop3 lmtp
# Listen addresses
listen = *, ::
# Base directory
base_dir = /var/run/dovecot/
# Greeting message
login_greeting = Mail Server Ready.
# SSL/TLS configuration
ssl = required
ssl_cert = </etc/ssl/certs/mail.crt
ssl_key = </etc/ssl/private/mail.key
ssl_min_protocol = TLSv1.2
ssl_cipher_list = HIGH:!aNULL:!MD5
ssl_prefer_server_ciphers = yes
# Authentication
auth_mechanisms = plain login
disable_plaintext_auth = yes
# Mail location
mail_location = maildir:~/Maildir
# User database
userdb {
driver = passwd
}
# Password database
passdb {
driver = pam
}
# Services
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
}
# Logging
log_path = /var/log/dovecot.log
info_log_path = /var/log/dovecot-info.log
debug_log_path = /var/log/dovecot-debug.log
# Plugin configuration
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
# Protocol specific settings
protocol imap {
mail_plugins = $mail_plugins
imap_client_workarounds = delay-newmail
}
protocol pop3 {
mail_plugins = $mail_plugins
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lmtp {
mail_plugins = $mail_plugins sieve
}
EOFStep 3: Configure Mailbox Settings
# Create mail directories configuration
cat > /etc/dovecot/conf.d/10-mail.conf << 'EOF'
# Mail location and namespace
mail_location = maildir:~/Maildir
namespace inbox {
inbox = yes
mailbox Drafts {
special_use = \Drafts
auto = create
}
mailbox Junk {
special_use = \Junk
auto = create
}
mailbox Trash {
special_use = \Trash
auto = create
}
mailbox Sent {
special_use = \Sent
auto = create
}
}
# Mail UID/GID
mail_uid = vmail
mail_gid = vmail
# Performance settings
mail_fsync = optimized
mmap_disable = yes
mail_nfs_storage = no
mail_nfs_index = no
EOF
# Create vmail user
addgroup -g 5000 vmail
adduser -u 5000 -G vmail -h /var/mail -D -s /sbin/nologin vmailSetting Up Authentication
Step 1: Configure SASL Authentication
# Create SASL configuration
cat > /etc/sasl2/smtpd.conf << 'EOF'
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
saslauthd_path: /var/run/saslauthd/mux
EOF
# Start saslauthd
rc-update add saslauthd default
rc-service saslauthd startStep 2: Virtual User Setup
# Create virtual user database
cat > /etc/postfix/virtual_mailbox_domains << 'EOF'
example.com OK
subdomain.example.com OK
EOF
# Create virtual mailbox mapping
cat > /etc/postfix/virtual_mailbox_maps << 'EOF'
[email protected] example.com/admin/
[email protected] example.com/info/
[email protected] example.com/user/
EOF
# Hash the maps
postmap /etc/postfix/virtual_mailbox_domains
postmap /etc/postfix/virtual_mailbox_maps
# Update Postfix configuration
cat >> /etc/postfix/main.cf << 'EOF'
# Virtual domains
virtual_mailbox_domains = hash:/etc/postfix/virtual_mailbox_domains
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/virtual_mailbox_maps
virtual_minimum_uid = 5000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
EOFSSL/TLS Configuration
Step 1: Generate SSL Certificates
# Generate self-signed certificate (for testing)
openssl req -new -x509 -days 365 -nodes -newkey rsa:4096 \
-keyout /etc/ssl/private/mail.key \
-out /etc/ssl/certs/mail.crt \
-subj "/C=US/ST=State/L=City/O=Organization/CN=mail.example.com"
# Set permissions
chmod 600 /etc/ssl/private/mail.key
chmod 644 /etc/ssl/certs/mail.crtStep 2: Let’s Encrypt Certificate
# Install certbot
apk add certbot
# Obtain certificate
certbot certonly --standalone -d mail.example.com -d smtp.example.com -d imap.example.com
# Create renewal hook
cat > /etc/periodic/daily/renew-mail-cert << 'EOF'
#!/bin/sh
certbot renew --quiet --no-self-upgrade --post-hook "rc-service postfix reload && rc-service dovecot reload"
EOF
chmod +x /etc/periodic/daily/renew-mail-certSpam Filtering with SpamAssassin
Step 1: Install SpamAssassin
# Install SpamAssassin
apk add spamassassin spamassassin-client perl-mail-spf
# Create SpamAssassin user
adduser -D -s /sbin/nologin -h /var/lib/spamassassin spamd
# Enable service
rc-update add spamd defaultStep 2: Configure SpamAssassin
# Configure SpamAssassin
cat > /etc/mail/spamassassin/local.cf << 'EOF'
# Basic configuration
rewrite_header Subject [SPAM]
report_safe 0
required_score 5.0
use_bayes 1
bayes_auto_learn 1
skip_rbl_checks 0
# Network tests
dns_available yes
razor_config /etc/mail/spamassassin/.razor/razor-agent.conf
pyzor_options --homedir /etc/mail/spamassassin/.pyzor
# Whitelist
whitelist_from *@example.com
whitelist_from_rcvd *@trustedomain.com
# Custom scores
score URIBL_BLACK 3.0
score URIBL_GREY 1.5
score HTML_MESSAGE 0.5
EOF
# Update SpamAssassin rules
sa-update
# Configure Postfix integration
cat >> /etc/postfix/master.cf << 'EOF'
# SpamAssassin filter
spamassassin unix - n n - - pipe
user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
EOF
# Update main.cf
echo "content_filter = spamassassin" >> /etc/postfix/main.cfVirus Scanning with ClamAV
Step 1: Install ClamAV
# Install ClamAV
apk add clamav clamav-daemon clamav-scanner clamav-libunrar
# Update virus database
freshclam
# Configure ClamAV
sed -i 's/^Example/#Example/' /etc/clamav/clamd.conf
sed -i 's/^Example/#Example/' /etc/clamav/freshclam.conf
# Enable services
rc-update add clamd default
rc-update add freshclam default
rc-service clamd start
rc-service freshclam startStep 2: Integrate with Postfix
# Install clamsmtp
apk add clamsmtp
# Configure clamsmtp
cat > /etc/clamsmtpd.conf << 'EOF'
OutAddress: 127.0.0.1:10026
Listen: 127.0.0.1:10025
TempDirectory: /var/spool/clamsmtp
User: clamsmtp
Action: drop
Quarantine: on
QuarantineDir: /var/spool/clamsmtp/quarantine
VirusAction: reject
XHeaders: on
EOF
# Update Postfix configuration
cat >> /etc/postfix/main.cf << 'EOF'
content_filter = scan:[127.0.0.1]:10025
receive_override_options = no_address_mappings
EOF
# Add to master.cf
cat >> /etc/postfix/master.cf << 'EOF'
# Virus scanning
scan unix - - n - 16 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10026 inet n - n - 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o strict_rfc821_envelopes=yes
EOFWebmail Installation
Step 1: Install Roundcube
# Install dependencies
apk add nginx php82 php82-fpm php82-imap php82-ldap php82-pdo_mysql \
php82-session php82-dom php82-xml php82-json php82-openssl \
php82-mbstring php82-intl php82-zip
# Download Roundcube
cd /tmp
wget https://github.com/roundcube/roundcubemail/releases/download/1.6.3/roundcubemail-1.6.3-complete.tar.gz
tar -xzf roundcubemail-1.6.3-complete.tar.gz
# Install Roundcube
mv roundcubemail-1.6.3 /var/www/roundcube
chown -R nginx:nginx /var/www/roundcubeStep 2: Configure Roundcube
# Create database
mysql -u root -p << 'EOF'
CREATE DATABASE roundcube;
CREATE USER 'roundcube'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON roundcube.* TO 'roundcube'@'localhost';
FLUSH PRIVILEGES;
EOF
# Configure Roundcube
cat > /var/www/roundcube/config/config.inc.php << 'EOF'
<?php
$config['db_dsnw'] = 'mysql://roundcube:password@localhost/roundcube';
$config['default_host'] = 'localhost';
$config['default_port'] = 143;
$config['smtp_server'] = 'localhost';
$config['smtp_port'] = 25;
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
$config['support_url'] = '';
$config['product_name'] = 'Webmail';
$config['des_key'] = 'your-24-char-random-key';
$config['plugins'] = array('archive', 'zipdownload');
$config['language'] = 'en_US';
$config['enable_spellcheck'] = true;
$config['mail_domain'] = '%d';
?>
EOF
# Configure Nginx
cat > /etc/nginx/conf.d/roundcube.conf << 'EOF'
server {
listen 80;
server_name webmail.example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name webmail.example.com;
ssl_certificate /etc/ssl/certs/mail.crt;
ssl_certificate_key /etc/ssl/private/mail.key;
root /var/www/roundcube;
index index.php;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php-fpm82.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\. {
deny all;
}
}
EOFEmail Client Configuration
Step 1: Thunderbird Configuration
# Create autoconfiguration
mkdir -p /var/www/autoconfig/mail
cat > /var/www/autoconfig/mail/config-v1.1.xml << 'EOF'
<?xml version="1.0" encoding="UTF-8"?>
<clientConfig version="1.1">
<emailProvider id="example.com">
<domain>example.com</domain>
<displayName>Example Mail</displayName>
<displayShortName>Example</displayShortName>
<incomingServer type="imap">
<hostname>mail.example.com</hostname>
<port>993</port>
<socketType>SSL</socketType>
<authentication>password-cleartext</authentication>
<username>%EMAILADDRESS%</username>
</incomingServer>
<incomingServer type="pop3">
<hostname>mail.example.com</hostname>
<port>995</port>
<socketType>SSL</socketType>
<authentication>password-cleartext</authentication>
<username>%EMAILADDRESS%</username>
</incomingServer>
<outgoingServer type="smtp">
<hostname>mail.example.com</hostname>
<port>465</port>
<socketType>SSL</socketType>
<authentication>password-cleartext</authentication>
<username>%EMAILADDRESS%</username>
</outgoingServer>
</emailProvider>
</clientConfig>
EOFStep 2: Mobile Device Setup Script
# Create mobile configuration profile generator
cat > /usr/local/bin/generate-mail-profile << 'EOF'
#!/bin/sh
# Generate mail configuration profile
EMAIL=$1
DOMAIN=$(echo $EMAIL | cut -d@ -f2)
UUID1=$(uuidgen)
UUID2=$(uuidgen)
UUID3=$(uuidgen)
cat << XML
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>EmailAccountDescription</key>
<string>$EMAIL</string>
<key>EmailAccountType</key>
<string>EmailTypeIMAP</string>
<key>EmailAddress</key>
<string>$EMAIL</string>
<key>IncomingMailServerAuthentication</key>
<string>EmailAuthPassword</string>
<key>IncomingMailServerHostName</key>
<string>mail.$DOMAIN</string>
<key>IncomingMailServerPortNumber</key>
<integer>993</integer>
<key>IncomingMailServerUseSSL</key>
<true/>
<key>IncomingMailServerUsername</key>
<string>$EMAIL</string>
<key>OutgoingMailServerAuthentication</key>
<string>EmailAuthPassword</string>
<key>OutgoingMailServerHostName</key>
<string>mail.$DOMAIN</string>
<key>OutgoingMailServerPortNumber</key>
<integer>465</integer>
<key>OutgoingMailServerUseSSL</key>
<true/>
<key>OutgoingMailServerUsername</key>
<string>$EMAIL</string>
<key>PayloadDescription</key>
<string>Configures email account</string>
<key>PayloadDisplayName</key>
<string>$EMAIL</string>
<key>PayloadIdentifier</key>
<string>com.example.mail.$UUID1</string>
<key>PayloadType</key>
<string>com.apple.mail.managed</string>
<key>PayloadUUID</key>
<string>$UUID2</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>Mail Configuration</string>
<key>PayloadIdentifier</key>
<string>com.example.mail</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>$UUID3</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
XML
EOF
chmod +x /usr/local/bin/generate-mail-profileApplication Integration
Step 1: PHP Mail Integration
# Create PHP mail configuration
cat > /var/www/html/mail-test.php << 'EOF'
<?php
// SMTP configuration
ini_set('SMTP', 'localhost');
ini_set('smtp_port', '25');
ini_set('sendmail_from', '[email protected]');
// Using PHPMailer (recommended)
require 'vendor/autoload.php';
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
use PHPMailer\PHPMailer\Exception;
$mail = new PHPMailer(true);
try {
// Server settings
$mail->isSMTP();
$mail->Host = 'localhost';
$mail->SMTPAuth = true;
$mail->Username = '[email protected]';
$mail->Password = 'password';
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
$mail->Port = 587;
// Recipients
$mail->setFrom('[email protected]', 'Mailer');
$mail->addAddress('[email protected]', 'Joe User');
// Content
$mail->isHTML(true);
$mail->Subject = 'Test Email';
$mail->Body = 'This is a test email body';
$mail->AltBody = 'This is the plain text version';
$mail->send();
echo 'Message has been sent';
} catch (Exception $e) {
echo "Message could not be sent. Error: {$mail->ErrorInfo}";
}
?>
EOFStep 2: Python Mail Integration
# Create Python mail script
cat > /usr/local/bin/send-mail.py << 'EOF'
#!/usr/bin/env python3
import smtplib
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart
from email.mime.base import MIMEBase
from email import encoders
import os
def send_email(subject, body, to_email, from_email="[email protected]",
smtp_server="localhost", smtp_port=587,
username=None, password=None, attachment=None):
"""Send email with optional attachment"""
# Create message
msg = MIMEMultipart()
msg['From'] = from_email
msg['To'] = to_email
msg['Subject'] = subject
# Add body
msg.attach(MIMEText(body, 'plain'))
# Add attachment if provided
if attachment and os.path.isfile(attachment):
with open(attachment, "rb") as f:
part = MIMEBase('application', 'octet-stream')
part.set_payload(f.read())
encoders.encode_base64(part)
part.add_header(
'Content-Disposition',
f'attachment; filename= {os.path.basename(attachment)}'
)
msg.attach(part)
# Send email
try:
server = smtplib.SMTP(smtp_server, smtp_port)
server.starttls()
if username and password:
server.login(username, password)
text = msg.as_string()
server.sendmail(from_email, to_email, text)
server.quit()
return True, "Email sent successfully"
except Exception as e:
return False, str(e)
# Example usage
if __name__ == "__main__":
success, message = send_email(
subject="Test Email",
body="This is a test email from Python",
to_email="[email protected]",
username="[email protected]",
password="password"
)
print(message)
EOF
chmod +x /usr/local/bin/send-mail.pyStep 3: System Notification Integration
# Create system notification script
cat > /usr/local/bin/notify-admin << 'EOF'
#!/bin/sh
# Send system notifications via email
SUBJECT="$1"
MESSAGE="$2"
PRIORITY="${3:-normal}"
ADMIN_EMAIL="[email protected]"
# Add priority header
case "$PRIORITY" in
high)
HEADERS="X-Priority: 1\nImportance: High"
;;
low)
HEADERS="X-Priority: 5\nImportance: Low"
;;
*)
HEADERS="X-Priority: 3"
;;
esac
# Send notification
echo -e "$HEADERS\n\n$MESSAGE" | mail -s "[$HOSTNAME] $SUBJECT" "$ADMIN_EMAIL"
# Log notification
echo "$(date): Notification sent - $SUBJECT" >> /var/log/notifications.log
EOF
chmod +x /usr/local/bin/notify-admin
# Create cron job for system alerts
cat > /etc/periodic/hourly/system-alerts << 'EOF'
#!/bin/sh
# Check system status and send alerts
# Check disk space
DISK_USAGE=$(df -h / | awk 'NR==2 {print $5}' | sed 's/%//')
if [ $DISK_USAGE -gt 90 ]; then
/usr/local/bin/notify-admin "Disk Space Alert" "Root partition is $DISK_USAGE% full" "high"
fi
# Check mail queue
QUEUE_SIZE=$(mailq | grep -c "^[A-F0-9]")
if [ $QUEUE_SIZE -gt 100 ]; then
/usr/local/bin/notify-admin "Mail Queue Alert" "Mail queue has $QUEUE_SIZE messages" "high"
fi
# Check services
for service in postfix dovecot; do
if ! rc-service $service status >/dev/null 2>&1; then
/usr/local/bin/notify-admin "Service Alert" "$service is not running" "high"
fi
done
EOF
chmod +x /etc/periodic/hourly/system-alertsMonitoring and Logging
Step 1: Mail Log Analysis
# Install log analysis tools
apk add pflogsumm
# Create log analysis script
cat > /usr/local/bin/mail-stats << 'EOF'
#!/bin/sh
# Generate mail statistics
LOG_FILE="/var/log/mail.log"
OUTPUT_FILE="/var/log/mail-stats-$(date +%Y%m%d).txt"
echo "Mail Statistics Report - $(date)" > "$OUTPUT_FILE"
echo "======================================" >> "$OUTPUT_FILE"
# General statistics
pflogsumm -d today "$LOG_FILE" >> "$OUTPUT_FILE"
# Top senders
echo -e "\nTop Senders:" >> "$OUTPUT_FILE"
grep "from=<" "$LOG_FILE" | awk '{print $7}' | sort | uniq -c | sort -rn | head -10 >> "$OUTPUT_FILE"
# Top recipients
echo -e "\nTop Recipients:" >> "$OUTPUT_FILE"
grep "to=<" "$LOG_FILE" | awk '{print $7}' | sort | uniq -c | sort -rn | head -10 >> "$OUTPUT_FILE"
# Rejected connections
echo -e "\nRejected Connections:" >> "$OUTPUT_FILE"
grep "NOQUEUE: reject" "$LOG_FILE" | wc -l >> "$OUTPUT_FILE"
# Send report
cat "$OUTPUT_FILE" | mail -s "Daily Mail Statistics" [email protected]
EOF
chmod +x /usr/local/bin/mail-stats
# Add to cron
echo "0 23 * * * /usr/local/bin/mail-stats" >> /etc/crontabs/rootStep 2: Real-time Monitoring
# Create monitoring dashboard script
cat > /usr/local/bin/mail-monitor << 'EOF'
#!/bin/sh
# Real-time mail server monitoring
clear
while true; do
echo "=== Mail Server Monitor - $(date) ==="
echo
# Queue status
echo "Mail Queue:"
mailq | tail -5
echo
# Active connections
echo "Active Connections:"
netstat -tan | grep -E ':25|:143|:993|:110|:995' | grep ESTABLISHED | wc -l
echo
# Recent logs
echo "Recent Activity:"
tail -5 /var/log/mail.log
echo
# Service status
echo "Service Status:"
for service in postfix dovecot spamd clamd; do
printf "%-10s: " "$service"
if rc-service $service status >/dev/null 2>&1; then
echo "Running"
else
echo "Stopped"
fi
done
sleep 5
clear
done
EOF
chmod +x /usr/local/bin/mail-monitorBackup and Migration
Step 1: Backup Script
# Create comprehensive backup script
cat > /usr/local/bin/backup-mail << 'EOF'
#!/bin/sh
# Backup mail server configuration and data
BACKUP_DIR="/backup/mail"
DATE=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/mail-backup-$DATE.tar.gz"
# Create backup directory
mkdir -p "$BACKUP_DIR"
# Create temporary directory
TEMP_DIR=$(mktemp -d)
mkdir -p "$TEMP_DIR"/{config,data,databases}
# Backup configurations
cp -r /etc/postfix "$TEMP_DIR/config/"
cp -r /etc/dovecot "$TEMP_DIR/config/"
cp -r /etc/mail/spamassassin "$TEMP_DIR/config/"
cp -r /etc/clamav "$TEMP_DIR/config/"
# Backup mail data
rsync -a /var/mail/ "$TEMP_DIR/data/mail/"
rsync -a /var/spool/mail/ "$TEMP_DIR/data/spool/"
# Backup databases
if command -v mysqldump >/dev/null; then
mysqldump roundcube > "$TEMP_DIR/databases/roundcube.sql"
fi
# Backup user list
getent passwd | grep -E "^[^:]+:[^:]+:[0-9]{4,}" > "$TEMP_DIR/users.txt"
# Create archive
tar -czf "$BACKUP_FILE" -C "$TEMP_DIR" .
# Cleanup
rm -rf "$TEMP_DIR"
# Report
echo "Backup completed: $BACKUP_FILE"
ls -lh "$BACKUP_FILE"
# Rotate old backups (keep last 7)
find "$BACKUP_DIR" -name "mail-backup-*.tar.gz" -mtime +7 -delete
EOF
chmod +x /usr/local/bin/backup-mail
# Add to cron
echo "0 2 * * * /usr/local/bin/backup-mail" >> /etc/crontabs/rootStep 2: Migration Script
# Create migration script
cat > /usr/local/bin/migrate-mail << 'EOF'
#!/bin/sh
# Migrate mail from another server
SOURCE_SERVER=$1
SOURCE_USER=${2:-root}
if [ -z "$SOURCE_SERVER" ]; then
echo "Usage: $0 <source-server> [username]"
exit 1
fi
echo "Starting mail migration from $SOURCE_SERVER"
# Sync mail data
echo "Syncing mail data..."
rsync -avz --progress \
"$SOURCE_USER@$SOURCE_SERVER:/var/mail/" \
/var/mail/
# Sync configurations
echo "Syncing configurations..."
rsync -avz \
"$SOURCE_USER@$SOURCE_SERVER:/etc/postfix/" \
/etc/postfix.migrated/
rsync -avz \
"$SOURCE_USER@$SOURCE_SERVER:/etc/dovecot/" \
/etc/dovecot.migrated/
# Sync user accounts
echo "Syncing user accounts..."
ssh "$SOURCE_USER@$SOURCE_SERVER" "getent passwd" > /tmp/remote-users.txt
# Import users
while IFS=: read -r username x uid gid gecos home shell; do
if [ $uid -ge 1000 ] && [ $uid -lt 65534 ]; then
if ! id "$username" >/dev/null 2>&1; then
useradd -u "$uid" -g "$gid" -d "$home" -s "$shell" -c "$gecos" "$username"
echo "Imported user: $username"
fi
fi
done < /tmp/remote-users.txt
echo "Migration completed"
echo "Please review and merge configuration files manually"
EOF
chmod +x /usr/local/bin/migrate-mailTroubleshooting
Common Issues
- Mail not being delivered:
# Check mail queue
mailq
# View mail log
tail -f /var/log/mail.log
# Test mail delivery
echo "Test" | mail -s "Test" [email protected]
# Check DNS
dig MX example.com- Authentication failures:
# Test SASL authentication
testsaslauthd -u username -p password
# Check Dovecot auth
doveadm auth test [email protected]
# Debug authentication
tail -f /var/log/dovecot.log | grep auth- SSL/TLS issues:
# Test SSL certificate
openssl s_client -connect mail.example.com:993 -servername mail.example.com
# Check certificate expiry
openssl x509 -in /etc/ssl/certs/mail.crt -noout -dates
# Test STARTTLS
openssl s_client -starttls smtp -connect mail.example.com:587Debug Mode
# Enable Postfix debug
postconf -e "debug_peer_list = 127.0.0.1"
postconf -e "debug_peer_level = 3"
# Enable Dovecot debug
cat >> /etc/dovecot/dovecot.conf << 'EOF'
auth_debug = yes
mail_debug = yes
verbose_ssl = yes
EOF
# Restart services
rc-service postfix reload
rc-service dovecot reloadBest Practices
Security Hardening
# Create security checklist script
cat > /usr/local/bin/mail-security-check << 'EOF'
#!/bin/sh
# Mail server security audit
echo "Mail Server Security Audit"
echo "========================="
# Check open relay
echo -n "Open relay test: "
if postconf | grep -q "mynetworks = 127.0.0.0/8"; then
echo "PASS"
else
echo "WARNING - Check mynetworks setting"
fi
# Check authentication
echo -n "SASL authentication: "
if postconf | grep -q "smtpd_sasl_auth_enable = yes"; then
echo "ENABLED"
else
echo "DISABLED"
fi
# Check TLS
echo -n "TLS encryption: "
if postconf | grep -q "smtpd_use_tls = yes"; then
echo "ENABLED"
else
echo "DISABLED"
fi
# Check RBL
echo -n "RBL checking: "
if postconf | grep -q "reject_rbl_client"; then
echo "ENABLED"
else
echo "DISABLED"
fi
# Check SPF
echo -n "SPF record: "
if dig TXT example.com | grep -q "v=spf1"; then
echo "CONFIGURED"
else
echo "MISSING"
fi
# Check DKIM
echo -n "DKIM signing: "
if [ -f /etc/opendkim/keys/*/default.private ]; then
echo "CONFIGURED"
else
echo "NOT CONFIGURED"
fi
EOF
chmod +x /usr/local/bin/mail-security-checkPerformance Tuning
# Create performance tuning script
cat > /usr/local/bin/tune-mail-performance << 'EOF'
#!/bin/sh
# Optimize mail server performance
# Postfix tuning
postconf -e "default_process_limit = 100"
postconf -e "qmgr_message_active_limit = 20000"
postconf -e "qmgr_message_recipient_limit = 20000"
postconf -e "smtp_connection_cache_destinations = $mydestination"
postconf -e "smtp_connection_cache_on_demand = yes"
postconf -e "smtp_connection_cache_time_limit = 2s"
# Dovecot tuning
cat >> /etc/dovecot/conf.d/10-performance.conf << EOC
# Performance optimizations
mail_fsync = optimized
mail_nfs_storage = no
mail_nfs_index = no
mmap_disable = no
mail_cache_min_mail_count = 10
maildir_copy_with_hardlinks = yes
# Process limits
default_process_limit = 200
default_client_limit = 1000
# Login process
login_max_processes_count = 128
login_max_connections = 256
# Mail process
mail_max_userip_connections = 50
EOC
echo "Performance tuning applied"
echo "Restart services to apply changes"
EOF
chmod +x /usr/local/bin/tune-mail-performanceConclusion
You’ve successfully configured a complete email integration system on Alpine Linux. This setup includes a full-featured mail server with SMTP, IMAP, and POP3 support, along with spam filtering, virus scanning, webmail access, and comprehensive monitoring. Your email infrastructure is now ready to handle both sending and receiving mail securely and efficiently.
Remember to regularly update your mail server components, monitor logs for suspicious activity, and maintain proper backups. With this configuration, you have a professional-grade email system suitable for production use.
