# Email Server Setup Script

This script automatically sets up a complete email server with the following components:

- **Postfix** - SMTP server for sending/receiving emails
- **Dovecot** - IMAP/POP3 server for email retrieval
- **PostgreSQL** - Database backend for virtual domains and users
- **PostfixAdmin** - Web interface for managing domains and mailboxes
- **Amavis** - Content filter for spam and virus scanning
- **SpamAssassin** - Spam filtering
- **ClamAV** - Antivirus scanning
- **OpenDKIM** - DKIM signing for email authentication
- **Let's Encrypt** - SSL/TLS certificates for secure connections

## Prerequisites

1. **Fresh Ubuntu/Debian server** (tested on Ubuntu 20.04/22.04)
2. **Root access** to the server
3. **Domain name** pointing to your server
4. **Hostname** (e.g., mail.yourdomain.com) with A record pointing to server IP
5. **Ports 25, 587, 465, 110, 995, 143, 993, 80, 443** open in firewall

## DNS Prerequisites

Before running the script, ensure you have these DNS records:

```
A     mail.yourdomain.com    [Your Server IP]
MX    yourdomain.com         mail.yourdomain.com
```

## Installation

1. **Download the script:**
   ```bash
   wget https://raw.githubusercontent.com/your-repo/setup-email-server.sh
   chmod +x setup-email-server.sh
   ```

2. **Run the script as root:**
   ```bash
   sudo ./setup-email-server.sh
   ```

3. **Provide the required information when prompted:**
   - Domain name (e.g., yourdomain.com)
   - Hostname (e.g., mail.yourdomain.com)
   - Admin email address
   - PostgreSQL password for postfix user
   - PostfixAdmin setup password

## Post-Installation Steps

### 1. Add DNS Records

After the script completes, add these DNS records:

#### SPF Record
```
TXT   yourdomain.com   "v=spf1 mx ~all"
```

#### DMARC Record
```
TXT   _dmarc.yourdomain.com   "v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com"
```

#### DKIM Record
The script will display the DKIM DNS record. Add it to your DNS:
```
TXT   mail._domainkey.yourdomain.com   "v=DKIM1; k=rsa; p=..."
```

### 2. Complete PostfixAdmin Setup

1. Visit `https://mail.yourdomain.com/postfixadmin/setup.php`
2. Enter the setup password you provided during installation
3. Create an admin user
4. Login to PostfixAdmin at `https://mail.yourdomain.com/postfixadmin/`

### 3. Create Domains and Mailboxes

1. Add your domain in PostfixAdmin
2. Create mailboxes for your users
3. Test email functionality

## Multiple Domain Support

This email server fully supports unlimited virtual domains. Each domain can have its own mailboxes, aliases, quotas, and DKIM signing.

### Adding Additional Domains

#### Method 1: Using the Helper Script (Recommended)
```bash
# Add DKIM support for a new domain
sudo ./add-domain.sh newdomain.com

# This will:
# - Generate DKIM keys
# - Update OpenDKIM configuration  
# - Display DNS records to add
# - Show PostfixAdmin setup instructions
```

#### Method 2: Manual Process
1. **Add domain via PostfixAdmin:**
   - Login to PostfixAdmin
   - Go to "Domain List" → "New Domain"
   - Enter domain details and save

2. **Configure DKIM for the domain:**
   ```bash
   sudo ./add-domain.sh newdomain.com
   ```

3. **Add DNS records for the new domain:**
   ```
   MX    newdomain.com       mail.yourmainhost.com
   TXT   newdomain.com       "v=spf1 mx ~all"
   TXT   _dmarc.newdomain.com "v=DMARC1; p=none; rua=mailto:dmarc@newdomain.com"
   TXT   mail._domainkey.newdomain.com "v=DKIM1; k=rsa; p=..."
   ```

### Managing Multiple Domains

Use the domain management script for comprehensive domain operations:

```bash
# List all configured domains
sudo ./manage-domains.sh list

# Show detailed information for a domain
sudo ./manage-domains.sh show example.com

# Test domain configuration (DNS, DKIM, etc.)
sudo ./manage-domains.sh test example.com

# Add a new domain
sudo ./manage-domains.sh add newdomain.com

# Remove a domain (WARNING: deletes all data)
sudo ./manage-domains.sh remove olddomain.com

# Show overall server status
sudo ./manage-domains.sh status
```

### Application SMTP for Multiple Domains

Applications can send from any configured domain using the same SMTP server:

```python
# Example: Send from different domains
domains = ['company.com', 'mysite.org', 'shop.net']

for domain in domains:
    smtp_config = {
        'host': 'mail.yourmainhost.com',
        'port': 587,
        'username': f'noreply@{domain}',
        'password': 'domain_specific_password'
    }
    # Send email using this configuration
```

## Security Features

- **SSL/TLS encryption** for all connections
- **DKIM signing** for email authentication
- **SPF and DMARC** policies for anti-spoofing
- **Spam filtering** with SpamAssassin
- **Virus scanning** with ClamAV
- **Secure authentication** with encrypted passwords
- **Firewall rules** restricting access to necessary ports

## Email Ports

- **25** - SMTP (incoming mail)
- **587** - Submission (authenticated sending)
- **465** - SMTPS (secure SMTP)
- **143** - IMAP
- **993** - IMAPS (secure IMAP)
- **110** - POP3
- **995** - POP3S (secure POP3)

## Client Configuration

### IMAP Settings
- **Server**: mail.yourdomain.com
- **Port**: 993 (SSL) or 143 (STARTTLS)
- **Security**: SSL/TLS
- **Authentication**: Normal password

### SMTP Settings
- **Server**: mail.yourdomain.com
- **Port**: 587 (STARTTLS) or 465 (SSL)
- **Security**: SSL/TLS
- **Authentication**: Normal password

## Troubleshooting

### Check Service Status
```bash
systemctl status postfix dovecot amavis spamassassin clamav-daemon opendkim apache2
```

### View Logs
```bash
# Postfix logs
tail -f /var/log/mail.log

# Dovecot logs
tail -f /var/log/dovecot.log

# Amavis logs
tail -f /var/log/amavis.log

# Apache logs
tail -f /var/log/apache2/error.log
```

### Test Email Sending
```bash
echo "Test email" | mail -s "Test Subject" user@yourdomain.com
```

### Test DKIM
```bash
opendkim-testkey -d yourdomain.com -s mail -vvv
```

### Test DNS Records
```bash
dig MX yourdomain.com
dig TXT yourdomain.com
dig TXT mail._domainkey.yourdomain.com
```

## Maintenance

### Update SSL Certificates
Certificates are automatically renewed via cron. To test renewal:
```bash
certbot renew --dry-run
```

### Update Spam Rules
```bash
sa-update
systemctl restart spamassassin
```

### Update Virus Definitions
```bash
freshclam
systemctl restart clamav-daemon
```

### Backup Configuration
```bash
tar -czf email-backup-$(date +%Y%m%d).tar.gz \
  /etc/postfix \
  /etc/dovecot \
  /etc/amavis \
  /etc/opendkim \
  /var/www/postfixadmin/config.local.php \
  /etc/letsencrypt
```

## File Locations

- **Postfix config**: `/etc/postfix/`
- **Dovecot config**: `/etc/dovecot/`
- **Amavis config**: `/etc/amavis/`
- **OpenDKIM config**: `/etc/opendkim/`
- **PostfixAdmin**: `/var/www/postfixadmin/`
- **Mail storage**: `/var/mail/vhosts/`
- **SSL certificates**: `/etc/letsencrypt/live/`
- **Setup log**: `/var/log/email-server-setup.log`

## Advanced Configuration

### Custom Spam Rules
Edit `/etc/spamassassin/local.cf` and restart SpamAssassin.

### Additional Domains
Add domains through PostfixAdmin web interface.

### Quota Management
Quotas are managed through PostfixAdmin and enforced by Dovecot.

### Backup Strategy
Implement regular backups of:
- PostgreSQL database
- Configuration files
- SSL certificates
- Mail data

## Support

For issues and support:
1. Check the setup log: `/var/log/email-server-setup.log`
2. Review service logs
3. Verify DNS configuration
4. Test with online email testing tools

## License

This script is provided as-is under the MIT License.