Mini-analogue of “mail.yandex.ru” for a small company
Greetings!
I have not written articles for a long time, all hands did not reach, finally, the time was chosen and I decided to share with you the solution of one problem.
A little background.
At the end of 2018, I had a chance to participate in the creation of the infrastructure of one clinic, and one of the tasks was to organize a mail server. At the request of the customer, preference was given to external services, namely pdd.yandex.ru. At that time, no more than 3-5 users were required, and this solution was considered optimal and fastest. But time passed, tasks changed, and at the end of 2022 the number of accounts grew to 95 of them active, 25 in daily work. When Yandex introduced a fee for each user, it was decided to transfer all mail to local hosting. In addition, all mail access is for local use only, with no external network access. Having shoveled a bunch of options, from boxed solutions to a self-assembly configuration, the choice fell on Kolab Groupware. The choice was due to the desire to work through the WEB interface, with a common address book, calendar, to-do list and file cloud. There were more than enough buns, but a number of difficulties arose, about the ways to solve which, I will write below.
Initial data:
Server: container on ProxMox, 6Gb RAM, 120 Gb SSD, 4 Core.
OS: Debian 11 (all linux servers, in Debian 10-11).
VPS from REG.RU with an external IP, for sending mail (the provider allocates an external IP but there is no way to make a PTR record).
Let’s get started
Kolab is designed for use in the RHEL environment, in the RHEL 8 recommendations, but there are packages for Debian 11, which only threw up problems, I had to deal with them a lot. But this is all poetry, let’s get down to business.
Let’s start by setting the keys for the repositories:
wget -q -O- https://ssl.kolabsys.com/community.asc | apt-key add -
If suddenly, we get an error, like me, then we won’t survive, there are simply no packages in the system, we fix it:
apt install gnupg2
Now we register the repository itself:
nano /etc/apt/sources.list.d/kolab.list:
deb https://mirror.apheleia-it.ch/repos/Kolab:/16/Debian_11.0/ ./
deb https://mirror.apheleia-it.ch/repos/Kolab:/16:/Testing/Debian_11.0/ ./
deb-src https://mirror.apheleia-it.ch/repos/Kolab:/16:/Testing/Debian_11.0/ ./
deb-src https://mirror.apheleia-it.ch/repos/Kolab:/16/Debian_11.0/ ./
Specify the repository priority:
nano /etc/apt/preferences.d/kolab:
Package: *
Pin: origin mirror.apheleia-it.ch
Pin-Priority: 501
Update and install packages:
apt update && apt install kolab
This was the easiest part that is in the documentation.
Next, we need to get an SSL certificate, there are a lot of instructions, from self-written ones to Let’s Encrypt. Together with kolab, the Apache2 server is installed, a certificate from Let’s Encrypt was received on it and will be used. Let’s prepare it for use:
cp /etc/letsencrypt/live/mail.example.ru/cert.pem /etc/ssl/private/cyrus-imapd.pem
cp /etc/letsencrypt/live/mail.example.ru/privkey.pem /etc/ssl/private/cyrus-imapd.key
usermod -a -G ssl-cert cyrus
chmod 0755 /etc/ssl/private
chmod 0644 /etc/ssl/private/cyrus-imapd.key
Let’s start setting up kolab:
setup-kolab --with-php-ini=/etc/php/7.4/apache2/php.ini
We do everything by default and according to your desire. Ideally, at this stage, everything should already be working, but in fact the system still requires manual work. Let’s start fixing it.
Change the paths:
sed -i 's#/var/lib/imap/#/var/lib/cyrus/#' /etc/cyrus.conf
sed -i 's#/var/lib/imap/#/var/lib/cyrus/#' /etc/imapd.conf
sed -i 's#/var/lib/imap/#/var/lib/cyrus/#' /etc/postfix/ldap/transport_maps.cf
sed -i 's#/var/lib/imap/#/var/lib/cyrus/#' /etc/postfix/transport
The kolab packages are built with the RHEL paths, but I changed them to the DEB paths of the systems.
In the GUAM system, add the paths to the certificate:
nano /etc/guam/sys.config:
{ keyfile, "/etc/ssl/private/cyrus-imapd.key" }
Add certificates to postfix:
postfix tls deploy-server-cert /etc/ssl/private/cyrus-imapd.pem /etc/ssl/private/cyrus-imapd.key
Reconfiguring postfix
postmap /etc/postfix/transport
Add a path to save archived messages:
echo "partition-archive: /var/spool/ cyrus/archive" >> /etc/imapd.conf
Reboot the system:
reboot
We are happy with a working mail system, if not but ….
By default, Amavis has anti-spam and virus checks disabled in Debian, this issue needs to be fixed:
Editing
nano /etc/amavis/conf.d/15-content_filter_mode
And remove the comments, from the lines with the beginning @@bypass_
Since we have a VPS that acts as a forwarder, don’t forget to set up SmartHost. This completes the basic steps for starting the mail server. It remains to configure DKIM, port forwarding and DNS. But there are a lot of these instructions on the Internet. If the need arises, I will gladly add information to this article.
As materials for the implementation of this project, articles and forums from the Internet were used, in particular:
https://kb.kolabenterprise.com/
https://habr.com/ru/articles/260527/
Thank you for your attention
