How to install a complete mailserver on Debian 8/9, featuring Postfix, Dovecot, MySQL, Spamassassin, ClamAV, Roundcube and Fail2ban.

~ This is the howto that actually works. ~

Part 1: Introduction
Part 2: Preparations: Apache, Let’s Encrypt, MySQL and phpMyAdmin
Part 3: MTA: Postfix
Part 4: IMAP server: Dovecot
Part 5: Web interface: Roundcube
Part 6: Spam filtering: SpamAsasssin
Part 7: Antivirus: ClamAV and ClamSMTP
Part 8: Quota and other Roundcube settings
Part 9: Using mail with a remote IMAP client (i.e. Thunderbird)
Part 10: Counter brute-force attacks with Fail2ban
Part 11: Sources, config files, colouring and comments

On this page

Quota
Rules
Aliases
Other Roundcube settings

Comments are on the last page.

Sidestepping the roadmap for a bit

Sidestepping the roadmap for a bit

This page contains some odds and ends.

Quota

Mail storage quota are defined in /etc/dovecot/conf.d/90-quota.conf:

plugin {
  quota_rule = *:storage=5M
  quota_rule2 = Trash:storage=+1M
  quota_grace = 10%%
  quota_status_overquota = "552 5.2.2 Mailbox is full"
}

Line 5 (quota_status_overquota) is optional. There are a lot more optional settings.
For this example I set a 5 megabyte storage limit plus 1 megabyte for the Trash folder, with a grace value of 10%. (The grace value is the amount of slack you allow the user.) 10G would mean 10 gigabytes.

In the backends section:

plugin {
  quota = maildir:User quota
}

Read the comments for some explanation on quotas. More info: http://wiki2.dovecot.org/Quota

In /etc/dovecot/conf.d/10-mail.conf:

mail_plugins = $mail_plugins quota

In /etc/dovecot/conf.d/20-imap.conf:

mail_plugins = $mail_plugins imap_quota

Note that you need to enter two different strings here: first ‘quota’ and then ‘imap_quota’.

Reload Dovecot:

# dovecot reload

Log out of Roundcube and log back in. Roundcube will now show an icon in the bottom left corner to indicate how full the mailbox is.

Mailbox quotum indicator

Mailbox quotum indicator

User rules

In the part about spam filtering we set up the Sieve filtering system. It is possible for the users to create their own Sieve rules from within Roundcube, for example to automatically move mails with certain content or a specified sender to a folder.

First we must enable the Sieve plugin. Open /etc/roundcube/config.inc.php and add the Managesieve plugin:

// List of active plugins (in plugins/ directory)
$config['plugins'] = array(
'archive',
'zipdownload',
'password',
'managesieve',
);

The Roundcube package in Debian 9 depends on php-net-sieve:

# aptitude install php-net-sieve

The default /etc/roundcube/plugins/managesieve/config.inc.php in the Debian backports repo at the moment of writing is quite empty. In /usr/share/roundcube/plugins/managesieve there’s a symlink to that file but there’s really no point (since it’s empty). So what we’ll do is unlink the file and copy the distribution file to the Roundcube install:

# unlink /usr/share/roundcube/plugins/managesieve/config.inc.php
# cp /usr/share/roundcube/plugins/managesieve/config.inc.php.dist /etc/roundcube/plugins/managesieve/config.inc.php

In the Roundcube web interface click Settings; you should now find a button labeled Filters.

Roundcube has a concept of ‘Filter sets’. You can create sets of filters but these are not groupings: only one set can be active at a time. So I tend to ignore the Filter sets and I suggest you tell your users about this as it can be quite confusing.

Now with filters!

Now with filters!

To create a filter click the + button in the Filters column. Select your parameters. If you want to overwrite the global spam rule we created earlier add an extra action that says ‘Stop evaluating rules’.

Creating a user filter

Creating a user filter

Aliases

Aliases work much the same as regular addresses in terms of setup: they are mentioned in Postfix’s main.cf and described in a config file telling Postfix how to connect to the database and what to look for.

We already set up the database in Part 2 so let’s connect it.

In /etc/postfix/main.cf:

virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_aliases.cf

In /etc/postfix/mysql_virtual_aliases.cf:

user = mailman
password = P@ssw0rd
hosts = 127.0.0.1
dbname = postfix
query = SELECT target FROM aliases WHERE source = '%s'

Enter an alias in the database:

# mysql -u root -p
mysql> INSERT INTO `postfix`.`aliases` (`id`, `source`, `target`) VALUES (NULL, 'helpdesk@example.com', 'tinus@example.com');
mysql> quit

Or from phpMyAdmin:

mailsvr044b

Test the connection with

# postmap -q helpdesk@example.com mysql:/etc/postfix/mysql_virtual_aliases.cf

This should result in one answer:

tinus@example.com

Non-existent aliases should result in no answer. If you get an error check the permission the user you specified in mysql_virtual_aliases.cf has got on the aliases table in the Postfix database. Check for typos.

I deliberately named the aliases table’s fields ‘source’ and ‘target’ so it’s easy to distinguish between them. These names are by no means mandatory and you are free to design as elaborate a database and a query as you like.

Other Roundcube Settings

To provide users with default settings you would edit the file /etc/roundcube/defaults.inc.php. In it you can set defaults for things such as which spell checker to use, which language to default to, and so on.