# Email Server Configuration Template # Copy this file and customize for your environment # ============================================================================= # BASIC CONFIGURATION # ============================================================================= # Your domain name (e.g., example.com) DOMAIN="yourdomain.com" # Your mail server hostname (e.g., mail.example.com) HOSTNAME="mail.yourdomain.com" # Administrator email address ADMIN_EMAIL="admin@yourdomain.com" # ============================================================================= # DATABASE CONFIGURATION # ============================================================================= # PostgreSQL database settings DB_NAME="postfix" DB_USER="postfix" DB_PASSWORD="your_secure_database_password" # ============================================================================= # POSTFIXADMIN CONFIGURATION # ============================================================================= # PostfixAdmin setup password (used during initial setup) POSTFIXADMIN_PASSWORD="your_secure_setup_password" # PostfixAdmin installation directory WEBROOT="/var/www/postfixadmin" # ============================================================================= # SSL/TLS CONFIGURATION # ============================================================================= # Let's Encrypt email for certificate registration LETSENCRYPT_EMAIL="admin@yourdomain.com" # ============================================================================= # SECURITY SETTINGS # ============================================================================= # Fail2ban configuration (optional) ENABLE_FAIL2BAN="yes" # Maximum message size (in bytes) - 50MB default MAX_MESSAGE_SIZE="52428800" # Maximum mailbox size (0 = unlimited) MAX_MAILBOX_SIZE="0" # ============================================================================= # SPAM FILTERING SETTINGS # ============================================================================= # SpamAssassin score thresholds SA_TAG_LEVEL="2.0" # Add spam headers SA_TAG2_LEVEL="6.0" # Add more spam headers SA_KILL_LEVEL="6.9" # Reject/quarantine # ============================================================================= # ADVANCED SETTINGS # ============================================================================= # Virtual mail user/group IDs VMAIL_UID="5000" VMAIL_GID="5000" # Mail storage location MAIL_LOCATION="/var/mail/vhosts" # Dovecot authentication method AUTH_MECHANISMS="plain login" # ============================================================================= # NETWORK SETTINGS # ============================================================================= # Listen on these interfaces (all = all interfaces) INET_INTERFACES="all" # IP protocol (ipv4, ipv6, or all) INET_PROTOCOLS="ipv4" # ============================================================================= # BACKUP SETTINGS # ============================================================================= # Backup directory BACKUP_DIR="/var/backups/email-server" # Backup retention (days) BACKUP_RETENTION="30" # Include mail data in backups (yes/no) BACKUP_INCLUDE_MAIL="no" # ============================================================================= # MONITORING SETTINGS # ============================================================================= # Log file locations MAIN_LOG="/var/log/mail.log" SETUP_LOG="/var/log/email-server-setup.log" # Disk space warning threshold (percentage) DISK_WARNING_THRESHOLD="85" # Certificate expiration warning (days) CERT_WARNING_DAYS="30" # ============================================================================= # DNS RECORDS REFERENCE # ============================================================================= # Add these DNS records to your domain: # # A Record: # mail.yourdomain.com IN A YOUR_SERVER_IP # # MX Record: # yourdomain.com IN MX 10 mail.yourdomain.com # # SPF Record: # yourdomain.com IN TXT "v=spf1 mx ~all" # # DMARC Record: # _dmarc.yourdomain.com IN TXT "v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com" # # DKIM Record (generated by the script): # mail._domainkey.yourdomain.com IN TXT "v=DKIM1; k=rsa; p=..." # ============================================================================= # FIREWALL PORTS # ============================================================================= # These ports will be opened in the firewall: # 25 - SMTP (incoming mail) # 587 - Submission (authenticated sending) # 465 - SMTPS (secure SMTP) # 143 - IMAP # 993 - IMAPS (secure IMAP) # 110 - POP3 # 995 - POP3S (secure POP3) # 80 - HTTP (for certificate validation) # 443 - HTTPS (PostfixAdmin web interface) # ============================================================================= # RECOMMENDED ADDITIONAL SECURITY # ============================================================================= # Consider implementing: # 1. Fail2ban for intrusion prevention # 2. Regular security updates # 3. Strong passwords for all accounts # 4. Regular backups # 5. Monitoring and alerting # 6. Rate limiting # 7. Greylisting (optional) # ============================================================================= # MAINTENANCE SCHEDULE # ============================================================================= # Recommended cron jobs: # Daily virus definition updates: # 0 2 * * * /usr/bin/freshclam # Weekly SpamAssassin rule updates: # 0 3 * * 1 /usr/bin/sa-update && /bin/systemctl restart spamassassin # Weekly maintenance: # 0 4 * * 1 /path/to/maintenance-email-server.sh # Monthly backups: # 0 5 1 * * /path/to/backup-email-server.sh # ============================================================================= # TROUBLESHOOTING COMMANDS # ============================================================================= # Check service status: # systemctl status postfix dovecot amavis spamassassin clamav-daemon opendkim # View logs: # tail -f /var/log/mail.log # tail -f /var/log/dovecot.log # Test configuration: # postfix check # dovecot -n # amavisd-new testkeys # Check mail queue: # mailq # postqueue -p # Test DKIM: # opendkim-testkey -d yourdomain.com -s mail -vvv # Test ports: # telnet localhost 25 # openssl s_client -connect localhost:993