208 lines
6.2 KiB
Plaintext
208 lines
6.2 KiB
Plaintext
# Email Server Configuration Template
|
|
# Copy this file and customize for your environment
|
|
|
|
# =============================================================================
|
|
# BASIC CONFIGURATION
|
|
# =============================================================================
|
|
|
|
# Your domain name (e.g., example.com)
|
|
DOMAIN="yourdomain.com"
|
|
|
|
# Your mail server hostname (e.g., mail.example.com)
|
|
HOSTNAME="mail.yourdomain.com"
|
|
|
|
# Administrator email address
|
|
ADMIN_EMAIL="admin@yourdomain.com"
|
|
|
|
# =============================================================================
|
|
# DATABASE CONFIGURATION
|
|
# =============================================================================
|
|
|
|
# PostgreSQL database settings
|
|
DB_NAME="postfix"
|
|
DB_USER="postfix"
|
|
DB_PASSWORD="your_secure_database_password"
|
|
|
|
# =============================================================================
|
|
# POSTFIXADMIN CONFIGURATION
|
|
# =============================================================================
|
|
|
|
# PostfixAdmin setup password (used during initial setup)
|
|
POSTFIXADMIN_PASSWORD="your_secure_setup_password"
|
|
|
|
# PostfixAdmin installation directory
|
|
WEBROOT="/var/www/postfixadmin"
|
|
|
|
# =============================================================================
|
|
# SSL/TLS CONFIGURATION
|
|
# =============================================================================
|
|
|
|
# Let's Encrypt email for certificate registration
|
|
LETSENCRYPT_EMAIL="admin@yourdomain.com"
|
|
|
|
# =============================================================================
|
|
# SECURITY SETTINGS
|
|
# =============================================================================
|
|
|
|
# Fail2ban configuration (optional)
|
|
ENABLE_FAIL2BAN="yes"
|
|
|
|
# Maximum message size (in bytes) - 50MB default
|
|
MAX_MESSAGE_SIZE="52428800"
|
|
|
|
# Maximum mailbox size (0 = unlimited)
|
|
MAX_MAILBOX_SIZE="0"
|
|
|
|
# =============================================================================
|
|
# SPAM FILTERING SETTINGS
|
|
# =============================================================================
|
|
|
|
# SpamAssassin score thresholds
|
|
SA_TAG_LEVEL="2.0" # Add spam headers
|
|
SA_TAG2_LEVEL="6.0" # Add more spam headers
|
|
SA_KILL_LEVEL="6.9" # Reject/quarantine
|
|
|
|
# =============================================================================
|
|
# ADVANCED SETTINGS
|
|
# =============================================================================
|
|
|
|
# Virtual mail user/group IDs
|
|
VMAIL_UID="5000"
|
|
VMAIL_GID="5000"
|
|
|
|
# Mail storage location
|
|
MAIL_LOCATION="/var/mail/vhosts"
|
|
|
|
# Dovecot authentication method
|
|
AUTH_MECHANISMS="plain login"
|
|
|
|
# =============================================================================
|
|
# NETWORK SETTINGS
|
|
# =============================================================================
|
|
|
|
# Listen on these interfaces (all = all interfaces)
|
|
INET_INTERFACES="all"
|
|
|
|
# IP protocol (ipv4, ipv6, or all)
|
|
INET_PROTOCOLS="ipv4"
|
|
|
|
# =============================================================================
|
|
# BACKUP SETTINGS
|
|
# =============================================================================
|
|
|
|
# Backup directory
|
|
BACKUP_DIR="/var/backups/email-server"
|
|
|
|
# Backup retention (days)
|
|
BACKUP_RETENTION="30"
|
|
|
|
# Include mail data in backups (yes/no)
|
|
BACKUP_INCLUDE_MAIL="no"
|
|
|
|
# =============================================================================
|
|
# MONITORING SETTINGS
|
|
# =============================================================================
|
|
|
|
# Log file locations
|
|
MAIN_LOG="/var/log/mail.log"
|
|
SETUP_LOG="/var/log/email-server-setup.log"
|
|
|
|
# Disk space warning threshold (percentage)
|
|
DISK_WARNING_THRESHOLD="85"
|
|
|
|
# Certificate expiration warning (days)
|
|
CERT_WARNING_DAYS="30"
|
|
|
|
# =============================================================================
|
|
# DNS RECORDS REFERENCE
|
|
# =============================================================================
|
|
|
|
# Add these DNS records to your domain:
|
|
#
|
|
# A Record:
|
|
# mail.yourdomain.com IN A YOUR_SERVER_IP
|
|
#
|
|
# MX Record:
|
|
# yourdomain.com IN MX 10 mail.yourdomain.com
|
|
#
|
|
# SPF Record:
|
|
# yourdomain.com IN TXT "v=spf1 mx ~all"
|
|
#
|
|
# DMARC Record:
|
|
# _dmarc.yourdomain.com IN TXT "v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com"
|
|
#
|
|
# DKIM Record (generated by the script):
|
|
# mail._domainkey.yourdomain.com IN TXT "v=DKIM1; k=rsa; p=..."
|
|
|
|
# =============================================================================
|
|
# FIREWALL PORTS
|
|
# =============================================================================
|
|
|
|
# These ports will be opened in the firewall:
|
|
# 25 - SMTP (incoming mail)
|
|
# 587 - Submission (authenticated sending)
|
|
# 465 - SMTPS (secure SMTP)
|
|
# 143 - IMAP
|
|
# 993 - IMAPS (secure IMAP)
|
|
# 110 - POP3
|
|
# 995 - POP3S (secure POP3)
|
|
# 80 - HTTP (for certificate validation)
|
|
# 443 - HTTPS (PostfixAdmin web interface)
|
|
|
|
# =============================================================================
|
|
# RECOMMENDED ADDITIONAL SECURITY
|
|
# =============================================================================
|
|
|
|
# Consider implementing:
|
|
# 1. Fail2ban for intrusion prevention
|
|
# 2. Regular security updates
|
|
# 3. Strong passwords for all accounts
|
|
# 4. Regular backups
|
|
# 5. Monitoring and alerting
|
|
# 6. Rate limiting
|
|
# 7. Greylisting (optional)
|
|
|
|
# =============================================================================
|
|
# MAINTENANCE SCHEDULE
|
|
# =============================================================================
|
|
|
|
# Recommended cron jobs:
|
|
# Daily virus definition updates:
|
|
# 0 2 * * * /usr/bin/freshclam
|
|
|
|
# Weekly SpamAssassin rule updates:
|
|
# 0 3 * * 1 /usr/bin/sa-update && /bin/systemctl restart spamassassin
|
|
|
|
# Weekly maintenance:
|
|
# 0 4 * * 1 /path/to/maintenance-email-server.sh
|
|
|
|
# Monthly backups:
|
|
# 0 5 1 * * /path/to/backup-email-server.sh
|
|
|
|
# =============================================================================
|
|
# TROUBLESHOOTING COMMANDS
|
|
# =============================================================================
|
|
|
|
# Check service status:
|
|
# systemctl status postfix dovecot amavis spamassassin clamav-daemon opendkim
|
|
|
|
# View logs:
|
|
# tail -f /var/log/mail.log
|
|
# tail -f /var/log/dovecot.log
|
|
|
|
# Test configuration:
|
|
# postfix check
|
|
# dovecot -n
|
|
# amavisd-new testkeys
|
|
|
|
# Check mail queue:
|
|
# mailq
|
|
# postqueue -p
|
|
|
|
# Test DKIM:
|
|
# opendkim-testkey -d yourdomain.com -s mail -vvv
|
|
|
|
# Test ports:
|
|
# telnet localhost 25
|
|
# openssl s_client -connect localhost:993
|