Merge branch 'master' into terminal

content/blog/mail_server_alpine_postfix_dovecot_tutorial.md

@@ -0,0 +1,274 @@
++++
+date = '2024-11-19T16:29:01Z'
+draft = true
+title = 'How to Set up a Mail Server on Alpine Linux with Postfix and Dovecot'
++++
+
+# About mail servers
+
+Simply put, a mail server sends and receives email. When `ruby@protonmail.com` emails `klaasje@gmail.com`, Protonmail's
+mail server's <abbr title="Mail Transfer Agent">MTA</abbr> sends the email to Google's mail server's MTA. Google's
+MTA then passes the email on to Google's <abbr title="Mail Delivery Agent">MDA</abbr>, which is responsible for storing
+the email. MDAs also run <abbr title="Internet Message Access Protocol">IMAP</abbr> or <abbr
+title="Post Office Protocol 3">POP3</abbr> servers so you can read your emails and send emails with an email client.
+IMAP and POP3 are protocols for email retrieval over [TCP/IP](https://en.wikipedia.org/wiki/Internet_protocol_suite).
+For sending email, you would use [<abbr
+title="Simple Mail Transfer Protocol">SMTP</abbr>](https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol).
+
+Or visualise it like this:
+
+    Ruby's email client via SMTP -> Protonmail's MTA -> Google's MTA -> Google's MDA -> Klaasje's email client via IMAP
+
+A mail server is software which can be run on any computer, including yours. You can host a mail server on a server you
+already own that is hosting other services, so long as those other services aren't using any of the [mail
+ports](## Unblock your ports).
+
+# Why this tutorial?
+
+There are many tutorials on the internet about how to set up a mail server. I don't claim that mine is particularly
+better than anyone else's; I'm mostly writing this for my own reference so that I can recreate my own setup on new
+machines.
+
+There are existing
+[mail server tutorials for Alpine Linux](https://wiki.alpinelinux.org/wiki/Hosting_services_on_Alpine#Mail), including
+ones for Postfix and Dovecot. This tutorial aims to be "monolithic" (i.e. covers the entire mail server setup with all
+its components), making it easier to follow without trying to follow different tutorials that may not be 100%
+compatible with each other, and to be adapted to my own specific use-cases, which may not be yours.
+
+I am hugely indebted to [LinuxBabe's mail server tutorial for
+Ubuntu](https://www.linuxbabe.com/mail-server/setup-basic-postfix-mail-sever-ubuntu), which is actually what I followed
+to set up my own server. Essentially, this tutorial could be thought of as an Alpine Linux adaptation of LinuxBabe's
+tutorial. If you want to set up an Ubuntu or Debian mail server, I recommend following LinuxBabe's tutorial, which is
+written very clearly and is easy to follow.
+
+The mail server will be composed of the following software:
+
+<!-- Using an html table for colspan & rowspan -->
+<table>
+    <tr>
+        <th>Component</th>
+        <th colspan="2">Software</th>
+    </tr>
+    <tr>
+        <td>Mail transfer agent</td>
+        <td colspan="2">Postfix</td>
+    </tr>
+    <tr>
+        <td>Mail delivery agent</td>
+        <td colspan="2">DKIM authentication and signing</td>
+    </tr>
+    <tr>
+        <td>Spam filter</td>
+        <td rowspan="2">Amavis</td>
+        <td>SpamAssassin</td>
+    </tr>
+    <tr>
+        <td>Antivirus</td>
+        <td>ClamAV</td>
+    </tr>
+    <tr>
+        <td>MDA server-side filtering</td>
+        <td colspan="2">Pigeonhole</td>
+    </tr>
+</table>
+
+Postfix will be our SMTP server, and Dovecot will run an IMAP server for us.
+
+Postfix and Dovecot are required for the minimum of what you'd expect from a working mail server (i.e. a user can log
+in through a standard SMTP/IMAP/POP3 email client, read their emails, and send emails). The rest is optional and
+modular, i.e. you can opt to have e.g. Pigeonhole but not Amavis.
+
+We will end up with a small-scale mail server running on Alpine Linux with one domain, and we will use Unix user
+accounts as mail accounts.
+
+This tutorial was written for Alpine Linux 3.20.3, though will most likely work on other versions too.
+
+This tutorial assumes no prior knowledge about mail servers.
+
+# You will need
+
+## A server
+
+Any computer will do. This tutorial is for Alpine Linux specifically.
+
+The relevant thing to consider for your server is that port 25 (the port for sending email) is not blocked. Most <abbr
+title="Virtual Private Server">VPS</abbr> hosts block port 25 because spammers commonly use VPSes to send spam, so you
+will need to find one that doesn't block port 25. Some VPS hosts block port 25 by default, but will unblock it upon
+request, and re-block it if they find you are spamming.
+
+## A domain name
+
+Self-explanatory. You need a domain name and the ability to set its DNS records.
+
+# Before you start
+
+## Set up your DNS records
+
+Firstly, pick a domain for your mail server. If you're sending emails from `domain.com`, `mail.domain.com` is a common
+choice.
+
+### MX record
+
+An MX record denotes that your domain is used to send and receive email, and tells other MTAs the domain name of your
+mail server. We will use `mail.domain.com` for your MX record. For instance, my MX record looks like:
+
+```bindzone
+revsuine.xyz.                    14400 IN MX    0 mail.revsuine.xyz
+```
+
+### Mail server records (A, AAAA, and/or CNAME)
+
+Now you need to set a record stating the IP address of your mail server (`mail.domain.com` above). Depending on your
+setup, you may want to create a CNAME record pointing to `domain.com` if the IP address of `mail.domain.com` is the
+same as the IP address of `domain.com`, or an A record if the IP address is not shared with another domain.
+
+I use a CNAME record because the IP addresses of `mail.revsuine.xyz` and `revsuine.xyz` are the same, so my record is:
+
+```bindzone
+mail.revsuine.xyz.               14400 IN CNAME revsuine.xyz
+```
+
+If you use an A record, your record may look something like
+
+```bindzone
+mail.domain.com.                    14400 IN A     ip.address.here
+```
+
+If you use IPv6, you should also add an AAAA record, e.g.:
+
+```bindzone
+mail.domain.com.                    14400 IN AAAA  ip:address:here::
+```
+
+### A note on my DNS records
+
+I use one server with one IP address for hosting several services under one apex domain. For instance, my static
+website is hosted at `revsuine.xyz`; my Nextcloud is hosted at `cloud.revsuine.xyz`; and my mail server is hosted at
+`mail.revsuine.xyz`. To handle this setup, I've created a subdomain `master.revsuine.xyz` (you can call the subdomain
+anything you want) with an *A record* (because your [PTR record](### PTR record) is expected to be an A record, not a
+CNAME record) to my server's IP address.
+
+I set my server's hostname and PTR record to `master.revsuine.xyz`. I will also refer to this `master.revsuine.xyz`
+subdomain further down when configuring Postfix.
+
+### PTR record
+
+A PTR record is used for "reverse DNS", or rDNS, lookup: instead of mapping a domain to an IP address, it maps an IP
+address to a domain. It is not managed through your DNS manager (e.g. whomever you bought your domain name from), but
+through whoever gives you your IP address. If you rent a server, be it a VPS or a dedicated server, your hosting
+provider whom you rent from will be able to manage PTR records. You may have an option to add a PTR record in the
+dashboard of your hosting provider, or you may have to contact their support to get a PTR record added.
+
+For the above stated reasons, my PTR record for my single server (which hosts all my services) is `master.revsuine.xyz`.
+
+If your hostname is `mail.domain.com`, your PTR record should be `mail.domain.com`.
+
+## Unblock your ports
+
+After unblocking ports from your internet provider (e.g. if your VPS host blocks outgoing port 25), make sure the
+following TCP ports are open on your firewall:
+
+| Port | Usage                             |
+| ---- | --------------------------------- |
+| 25   | SMTP                              |
+| 143  | IMAP                              |
+| 465  | Email message submission over TLS |
+| 587  | Email message submission          |
+| 993  | IMAPS (IMAP over TLS)             |
+
+# Postfix
+
+Postfix is a [mail transport agent](https://en.wikipedia.org/wiki/Message_transfer_agent) (aka SMTP server). [In its
+own words](https://www.postfix.org/):
+
+> Postfix attempts to be fast, easy to administer, and secure. The outside has a definite Sendmail-ish flavor, but the
+> inside is completely different.
+
+## Installing Postfix
+
+On your server, install Postfix with:
+
+    # apk add postfix
+
+You likely also want to have Postfix documentation:
+
+    # apk add postfix-doc
+
+Verify that Postfix is installed by checking its version:
+
+    $ postconf mail_version
+
+## Configuring Postfix
+
+Edit `/etc/postfix/main.cf`.
+
+You should set `myhostname` to the hostname of your server; [in my case, this is
+`master.revsuine.xyz`](### A note on my DNS records).
+
+Now set `mydomain` to the domain you intend to send email from. For instance, my email addresses are
+`name@revsuine.xyz`, so `mydomain` is set to `revsuine.xyz`.
+
+`myorigin` determines the domain name in the `From:` field of locally sent emails. So you could for instance set this
+to `revsuine.xyz`.
+
+`maillog_file` denotes where Postfix's log file is. By default this is `/var/log/messages`; you may want to configure
+Postfix to have a dedicated log file like `/var/log/postfix.log`.
+
+You probably want to have `logrotate` rotate your Postfix log. If there isn't already such a file, you want to create
+one at `/etc/logrotate.d/postfix`:
+
+```
+/var/log/postfix*.log
+/var/log/mail*.log
+{
+    daily
+    missingok
+    notifempty
+    rotate 7
+}
+```
+
+## Send your first email
+
+Have the `postfix` service auto-start upon boot, and start it during this session:
+
+    # rc-update add postfix default
+    # rc-service postfix start
+
+You can now send an email with the following command:
+
+    $ echo "test email" | sendmail user@externaldomain.com
+
+Send this email to your email account with an external server, e.g. a gmail account. Note that Protonmail has quite
+stringent spam filters and this likely would be rejected by Protonmail, i.e. not even reach your spam folder.
+
+## Configure email aliases
+
+You can configure aliases for your mail server. Edit the `/etc/postfix/aliases`[^postfix_aliases_location] file.
+
+You shouldn't receive mail as root, so configure `root` to have an alias to your user, e.g.
+
+```
+root: revsuine
+```
+
+You also *must* have a `MAILER-DAEMON` and `postmaster` alias present:
+
+```
+MAILER-DAEMON: postmaster
+postmaster:    root
+```
+
+Note how you can have referential aliases; mail to `postmaster` is aliased to `root`, which is aliased to `revsuine`,
+so ultimately `revsuine` will get `postmaster`'s mail.
+
+You can continue to populate the aliases file with whatever aliases you want.
+
+<!-- FOOTNOTES: -->
+
+[^postfix_aliases_location]: Your aliases file will most likely be in this location by default, but you can run
+
+        $ postconf alias_maps
+
+    to find out where this file should be.
+

content/contact.md

@@ -6,12 +6,12 @@ title = 'Contact'
   Toc = false
 +++
 
-## Email
+# Email
 
-You can email me at `pid1 at revsuine dot xyz`. Please use [my GPG key](/revsuine_public_key.asc) (fingerprint
+You can email me at `pid1 [at] revsuine [dot] xyz`. Please use [my GPG key](/revsuine_public_key.asc) (fingerprint
 `8FB4 18CD 9520 22E5 BBC4  3261 3F25 7B68 F5BC 9339`) to encrypt emails to me.
 
-## Matrix
+# Matrix
 
 I can be contacted on Matrix at
 

hugo.toml

@@ -12,6 +12,9 @@ theme = 'terminal'
   # allow you to set tags with tags = [ 'tags', 'here' ] in post front matter
   tag = 'tags'
 
+[pagination]
+  pagerSize = 5
+
 ### TERMINAL THEME CONFIG ###
 
 [params]