Email Server

Email Programs & Daemons

1. MUA (Mail User Agent)
○ It is the main role of your email client. A MUA is where you read your email and compose emails
to others. The MUA uses IMAP (Internet Message Access Protocol) or POP3 (Post Office
Protocol) to download your email.
2. MSP (Mail Submission Program)
○ It is the role your email client has when you click 'Send'. The MSP submits your message to the
MTA (Mail Transfer Agent) using SMTP (Simple Mail Transfer Protocol).
3. MTA (Mail Transfer Agent)
○ It is the main role of your email server. The MTA is responsible for starting the process of sending
the message to the recipient. It does this by looking up the recipient and sending the message to
their MTA using SMTP.
4. MDA (Mail Delivery Agent)
○ It is the role your email server takes when it receives an email for you. The MDA is responsible
for storing the message for future retrieval. The MTA uses SMTP, LMTP (Local Mail Transfer
Protocol), or another protocol to transfer the message to the MDA.
Protocol SMTP, POP3 & IMAP
1. SMTP
○ The Simple Mail Transfer Protocol (SMTP) is a TCP/IP protocol used as an Internet standard for
electronic mail transmission
2. POP3
○ The Post Office Protocol (POP) is one of the main protocols used by MUAs to fetch mail. By
default, the protocol downloads the messages and deletes them from the server. It is simpler yet
less flexible protocol
3. IMAP
○ The Internet Message Access Protocol (IMAP) is the other main protocol used by MUA to fetch
mail. When using IMAP, the messages are managed on the server and left there. Copies are
downloaded to the MUA. This protocol is more complex and more flexible than POP3.
Email Life Cycle
1. You compose an email using your MUA.
2. Your MUA connects to your outbound MTA via SMTP, and sends the message to be delivered.
3. Your outbound MTA connects to the inbound MTA of the recipient via SMTP, and sends the message
along. (Note: This step can happen more than once).
4. Once the message gets to the final destination MTA, it is delivered to the MDA. This can happen over
SMTP, LMTP or other protocols.
5. The MDA stores the message (on disk as a file, or in a database, etc).
6. The recipient connects (via IMAP, POP3 or a similar protocol) to their email server, and fetches the
message. The IMAP or POP daemon fetches the message out of the storage and sends it to the MUA.
7. The message is then read by the recipient.
Email Life Cycle
Email Implementation Software
1. MTA 4. IMAP/POP
○ SendMail ○ Dovecot
○ Exim ○ Courier
○ Postfix ○ Cyrus Imap
2. MDA
○ SendMail
○ Postfix
○ Procmail
○ Cyrus
3. MUA
○ Thunderbird
○ Evolution
○ MS Outlook
Lab ITNSA
● Configure MAIL as centralized mail server using any application that supports SMTP and IMAP using
negotiable TLS.
○ Use the domain itnsa.id so mail can be send directly to @itnsa.id mailaddress.
○ Configure SMTP to listen in port 25.
■ Enable negotiable TLS using certificate from Corporate CA.
○ Configure IMAP to listen in port 143
■ Enable negotiable TLS using certificate from Corporate CA.
● Enable web-based email using roundcube.
○ Enable https access using certificate from Corporate CA.
○ Make it accessible with the domain webmail.itnsa.id
● Configure Mail Users according to table in the appendix
● Configure Mail Groups notification@itnsa.id with following members:
○ ops@itnsa.id
○ dev@itnsa.id
Email Server on Debian
1. Get Certificate SSL from MON1, store on dir /backup/certs/
2. Install package :
a. SMTP :
○ # apt install postfix
b. IMAP
○ # apt install dovecot-core dovecot-imapd dovecot-lmtpd
Configure Postfix
● # vim /etc/postfix/main.cf
smtpd_tls_cert_file=/backup/certs/itnsa.id.crt
smtpd_tls_key_file=/backup/certs/itnsa.id.key
smtpd_tls_security_level=may

smtpd_sasl_type=dovecot
smtpd_sasl_path=private/auth

mailbox_transport=lmtp:unix:private/dovecot-lmtp

mydestination = $myhostname, mail.itnsa.id, itnsa.id, localhost, localhost.localdomain, localhost

Configure Postfix
● # vim /etc/postfix/master.cf
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=$mua_client_restrictions
-o smtpd_helo_restrictions=$mua_helo_restrictions
-o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
Restart Postfix & Verify
● # systemctl restart postfix

● Check running port 25 & 587

○ # ss -lnptu

● # tail -f /var/log/mail.log

● # journalctl -f
Configure Dovecot
● # vim /etc/dovecot/conf.d/10-ssl.conf

ssl = yes
ssl_cert = </backup/certs/itnsa.id.crt
ssl_key = </backup/certs/itnsa.id.key
ssl_dh = </backup/certs/dh.pem
ssl_min_protocol = TLSv1.2

● # vim /etc/dovecot/conf.d/10-auth.conf

disable_plaintext_auth = yes
auth_username_format = %n
Configure Dovecot LMTP
● # vim /etc/dovecot/conf.d/10-master.conf

service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}

##################
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
Configure Dovecot Auth
● # vim /etc/dovecot/conf.d/auth-system.conf.ext

passdb {
driver = pam
# [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>]
# [cache_key=<key>] [<service name>]
args = dovecot
}

userdb {
# <doc/wiki/AuthDatabase.Passwd.txt>
driver = passwd
# [blocking=no]
#args =

# Override fields from passwd

#override_fields = home=/home/virtual/%u
}
Configure Dovecot Maildir
● # vim /etc/dovecot/conf.d/10-mail.conf

mail_location = maildir:~/Maildir
Restart Dovecot & Verify
● # systemctl restart dovecot

● Check running port 143 & 58

○ # ss -lnptu

● # tail -f /var/log/mail.log

● # journalctl -f
Configure Mail Group
● # vim /etc/aliases
notification : ops@itnsa.id, dev@itnsa.id

● # postalias /etc/aliases
● # newaliases
● # systemctl restart postfix
Test Using MUA Evolution From Office
Webmail Roundcube
1. Install database server using mariadb
○ # apt install mariadb-server
2. Make sure database server running
○ # systemctl status mysql
○ # mysql -u root -p
3. Install roundcube
○ # apt install roundcube
4. Configure https
○ # a2enmod ssl
○ # vim /etc/apache2/conf-enable/roundcube.conf
<VirtualHost *:443>
ServerName webmail.itnsa.id
DocumentRoot /var/lib/roundcube/public_html

ErrorLog ${APACHE_LOG_DIR}/roundcube_error.log
CustomLog ${APACHE_LOG_DIR}/roundcube_access.log combined

SSLEngine on
SSLCertificateFile /backup/certs/itnsa.id.crt
SSLCertificateKeyFile /backup/certs/itnsa.id.key

RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]

[CONTENT DEFAULT roundcube.conf]

</VirtualHost>
Webmail Roundcube
○ # systemctl restart apache2
5. Configure roundcube
○ # vim /var/lib/roundcube/config/config.inc.php

$config['default_host'] = 'mail.itnsa.id';
$config['smtp_server'] = 'tls://mail.itnsa.id';
$config['smtp_port'] = '25';
$config['smtp_user'] = '';
$config['smtp_pass'] = '';
$config['product_name'] = 'Roundcube Webmail ITNSA';