How to install a complete mailserver on Debian 8/9, featuring Postfix, Dovecot, MySQL, Spamassassin, ClamAV, Roundcube and Fail2ban.
~ This is the howto that actually works. ~
Part 1: Introduction
Part 2: Preparations: Apache, Let’s Encrypt, MySQL and phpMyAdmin
Part 3: MTA: Postfix
Part 4: IMAP server: Dovecot
Part 5: Web interface: Roundcube
Part 6: Spam filtering: SpamAsasssin
Part 7: Antivirus: ClamAV and ClamSMTP
Part 8: Quota and other Roundcube settings
Part 9: Using mail with a remote IMAP client (i.e. Thunderbird)
Part 10: Counter brute-force attacks with Fail2ban
Part 11: Sources, config files, colouring and comments
On this page
Comments are on the last page.
This page contains some odds and ends.
Mail storage quota are defined in /etc/dovecot/conf.d/90-quota.conf:
quota_rule = *:storage=5M
quota_rule2 = Trash:storage=+1M
quota_grace = 10%%
quota_status_overquota = "552 5.2.2 Mailbox is full"
Line 5 (quota_status_overquota) is optional. There are a lot more optional settings.
For this example I set a 5 megabyte storage limit plus 1 megabyte for the Trash folder, with a grace value of 10%. (The grace value is the amount of slack you allow the user.) 10G would mean 10 gigabytes.
In the backends section:
quota = maildir:User quota
Read the comments for some explanation on quotas. More info: http://wiki2.dovecot.org/Quota
mail_plugins = $mail_plugins quota
mail_plugins = $mail_plugins imap_quota
Note that you need to enter two different strings here: first ‘quota’ and then ‘imap_quota’.
# dovecot reload
Log out of Roundcube and log back in. Roundcube will now show an icon in the bottom left corner to indicate how full the mailbox is.
In the part about spam filtering we set up the Sieve filtering system. It is possible for the users to create their own Sieve rules from within Roundcube, for example to automatically move mails with certain content or a specified sender to a folder.
First we must enable the Sieve plugin. Open /etc/roundcube/config.inc.php and add the Managesieve plugin:
// List of active plugins (in plugins/ directory)
$config[‘plugins’] = array(
The Roundcube package in Debian 9 depends on php-net-sieve:
# aptitude install php-net-sieve
The default /etc/roundcube/plugins/managesieve/config.inc.php in the Debian backports repo at the moment of writing is quite empty. In /usr/share/roundcube/plugins/managesieve there’s a symlink to that file but there’s really no point (since it’s empty). So what we’ll do is unlink the file and copy the distribution file to the Roundcube install:
# unlink /usr/share/roundcube/plugins/managesieve/config.inc.php
# cp /usr/share/roundcube/plugins/managesieve/config.inc.php.dist /etc/roundcube/plugins/managesieve/config.inc.php
In the Roundcube web interface click Settings; you should now find a button labeled Filters.
Roundcube has a concept of ‘Filter sets’. You can create sets of filters but these are not groupings: only one set can be active at a time. So I tend to ignore the Filter sets and I suggest you tell your users about this as it can be quite confusing.
To create a filter click the + button in the Filters column. Select your parameters. If you want to overwrite the global spam rule we created earlier add an extra action that says ‘Stop evaluating rules’.
Aliases work much the same as regular addresses in terms of setup: they are mentioned in Postfix’s main.cf and described in a config file telling Postfix how to connect to the database and what to look for.
We already set up the database in Part 2 so let’s connect it.
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_aliases.cf
user = mailman
password = P@ssw0rd
hosts = 127.0.0.1
dbname = postfix
query = SELECT target FROM aliases WHERE source = ‘%s’
Enter an alias in the database:
# mysql -u root -p
mysql> INSERT INTO `postfix`.`aliases` (`id`, `source`, `target`) VALUES (NULL, ‘firstname.lastname@example.org’, ‘email@example.com’);
Or from phpMyAdmin:
Test the connection with
# postmap -q firstname.lastname@example.org mysql:/etc/postfix/mysql_virtual_aliases.cf
This should result in one answer:
Non-existent aliases should result in no answer. If you get an error check the permission the user you specified in mysql_virtual_aliases.cf has got on the aliases table in the Postfix database. Check for typos.
I deliberately named the aliases table’s fields ‘source’ and ‘target’ so it’s easy to distinguish between them. These names are by no means mandatory and you are free to design as elaborate a database and a query as you like.
Other Roundcube Settings
To provide users with default settings you would edit the file /etc/roundcube/defaults.inc.php. In it you can set defaults for things such as which spell checker to use, which language to default to, and so on.