Servidor de Correo con Postfix, Mariadb y PostfixAdmin en Debian9. 1era Parte

PDF

En este tutorial les mostrare como  implementar un servidor de correo postfix desde cero. Le he llamado inutil mail 🙂 .Para ello usaremos Mariadb y PostfixAdmin sobre un debian 9. Como webmail usaremos RoundCube, pero en este otro tutorial les muestro como usar Rainloop. Por lo extenso del tutorial lo dividire en 4 partes:

Primera parte: Instalación de dependencias y configuración de las mismas.

Segunda parte: Preparación e instalación de RoundCube y seguridad del mismo.

Tercera parte: Instalación de  PostfixAdmin , Dovecot y Postfix.

Cuarta parte: Configuración del Postfix.

• Instalar/upgradear un sistema debian 9

apt update
apt upgrade
apt dist-upgrade

• Dependencias

Antes de instalar algo debemos instalar las dependencias básicas o herramientas que necesitaremos para nuestro trabajo:

apt install arj bzip2 cabextract cpio file lzop rpm2cpio gzip nomarch pax rar unrar unzip zoo unace razor pyzor tnef ripole zip p7zip-full mc

• Grupo y usuario

Comenzamos con añadir el grupo de nuestros sistema de correo al que llamaré vmail:

groupadd -g 5000 vmail

Usuario del sistema:

useradd -d /home/vmail -s /bin/false -m -u 5000 -g 5000 -c "Virtual Mailbox Storage" vmail

• Soporte Web

apt install nginx php-cgi php-fpm php-pear php-mcrypt php-mysql php-imap php-memcache memcached php-pear php-intl mariadb-server phpmyadmin

Configurar MariaDB:

MariaDB -> /etc/mysql/my.cnf

El archivo my.cnf sólo hace referencia a donde estan guardados los archivos de configuracion. Sólo necesitaremos modificar
/etc/mysql/mariadb.conf.d/50-server.cnf (modificando/ajustando) las siguientes variables según nuestras necesidades:

max_connections = 100
max_user_connections = 100

general_log_file = /var/log/mysql/mysql.log
general_log = 1

Sólo queda guardar los cambios.

Ahora debemos ejecutar el script de seguridad para la configuración de MariaDB:

mysql_secure_installation

Responder las preguntas lo más certeramente posible.

Configurar Nginx y PHP7:

Creamos la configuracion del nginx

Nginx -> /etc/nginx/nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##
	
	log_format specialLog '$http_x_real_ip - $remote_user [$time_local]' '"$request" $status $body_bytes_sent' '"$http_referer" "$http_user_agent"';
	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;
	gzip_disable "MSIE [1-6].(?!.*SV1)";
	#gzip_disable "msie6";

	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 6;
	gzip_buffers 16 8k;
	gzip_http_version 1.1;
	gzip_static on;
	gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
	
	ignore_invalid_headers on;
	keepalive_requests 100;
	keepalive_disable none;
	max_ranges 1;
	
	


	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}


#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#	# auth_http localhost/auth.php;
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#	server {
#		listen     localhost:110;
#		protocol   pop3;
#		proxy      on;
#	}
# 
#	server {
#		listen     localhost:143;
#		protocol   imap;
#		proxy      on;
#	}
#}

Para procesar php en sites-available:

Editar /etc/nginx/sites-available/default

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or WordPress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
listen 80 default_server;

# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;

root /var/www/html;

# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;

server_name _;

location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}

# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
# # With php-cgi (or other tcp sockets):
#fastcgi_pass 127.0.0.1:9000;
}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}

# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

Guardar al configuración y probar que funciona OK:

nginx -t

Debe devolver:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

PHP7 -> /etc/php/7.0/fpm/php.ini

Editar la variable date.timezone, para ajustarla a nuestro país:

date.timezone = "America/Havana"

Ahora sólo nos queda hacer un link para phpmyadmin:

ln -s /usr/share/phpmyadmin/ /var/www/html/

Reiniciar Nginc y PHP7/:

/etc/init.d/mysql restart
/etc/init.d/php7.0-fpm restart
/etc/init.d/nginx restart

Ahora podemos entrar a nuestro phpmyadmin:

http://IP_del_server/phpmyadmin/

Hasta aqui esta primera parte del tutorial donde ya tenemos todo instalado, solo nos queda configurar.

Link a la 2da parte.