install postfixadmin ubuntu

How to Setup PostfixAdmin in Ubuntu

PostfixAdmin is a web-based admin that helps you manage Postfix based email server. It allows you to also manage virtual domains, users and aliases. In this article, we will look at how to setup PostfixAdmin in Ubuntu.


How to Setup PostfixAdmin in Ubuntu

Here are the steps to setup PostfixAdmin in Ubuntu.


1. Pre-requisites

Before we proceed, you need to update DNS settings for your email server to work properly. Go to your domain registrar’s website and add the following records against your domain. Replace example.com below with your domain name, and 54.43.32.21 with your mail server’s IP address

A Record

mail.example.com. 3600 IN A   54.43.32.21

MX Record

example.com.      3600 IN MX  0 mail.example.com.

SPF Record

example.com.      3600 IN TXT "v=spf1 mx ~all"

A Record is used to point your FQDN (Fully Qualified Domain Name) to mail server, MX record is used to specify which mail server is responsible for accepting email messages, and SPF record is used to specify which domains are allowed to send emails on behalf of your domain.


2. Create System User

We need to create a master user that will be the owner of all mailboxes, which the virtual email users will use to access their mailbox. So open terminal and run the following command to create new user.

$ sudo groupadd -g 5000 vmail
$ sudo useradd -u 5000 -g vmail -s /usr/sbin/nologin -d /var/mail/vmail -m vmail

In the above command, we create a new user & group called vmail and set that user’s directory as /var/mail/vmail. This is where all virtual mailboxes are stored.


3. Install PHP and NGINX

PostfixAdmin is a PHP-based application. So we need to install web server and PHP. Run the following command to install PHP and NGINX.

$ sudo apt install nginx mysql-server php7.0-fpm php7.0-cli php7.0-imap php7.0-json php7.0-mysql php7.0-opcache php7.0-mbstring php7.0-readline


4. Install PostfixAdmin

Run the following commands to download PostfixAdmin 3.1. You can change it depending on your requirement.

$ VERSION=3.1
$ wget -q https://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-${VERSION}/postfixadmin-${VERSION}.tar.gz

Extract the downloaded archive with the following command.

$ tar xzf postfixadmin-${VERSION}.tar.gz

Move PostfixAdmin files to /var/www folder and also create template_c folder for caching.

$ sudo mv postfixadmin-${VERSION}/ /var/www/postfixadmin
$ rm -f postfixadmin-${VERSION}.tar.gz
$ mkdir /var/www/postfixadmin/templates_c

Change file ownership to www-data since both PHP & NGINX use this user by default, to access website files.

$ sudo chown -R www-data: /var/www/postfixadmin

PostfixAdmin uses MySQL database. So login to MySQL

$ mysql -u root -p

Create new MySQL user. Replace password with a password of your choice below.

mysql> CREATE DATABASE postfixadmin;
mysql> GRANT ALL ON postfixadmin.* TO 'postfixadmin'@'localhost' IDENTIFIED BY 'password';
mysql> FLUSH PRIVILEGES;

We will create a new config file for PostfixAdmin that will override the default one.

$ sudo vi /var/www/postfixadmin/config.local.php

Add the following lines to it. They define the database credentials and email addresses to be used by PostfixAdmin application. Replace password with your MySQL user’s password. Replace example.com with your domain name.

<?php
$CONF['configured'] = true;

$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfixadmin';
$CONF['database_password'] = 'password';
$CONF['database_name'] = 'postfixadmin';

$CONF['default_aliases'] = array (
  'abuse'      => 'abuse@example.com',
  'hostmaster' => 'hostmaster@example.com',
  'postmaster' => 'postmaster@example.com',
  'webmaster'  => 'webmaster@example.com'
);

$CONF['fetchmail'] = 'NO';
$CONF['show_footer_text'] = 'NO';

$CONF['quota'] = 'YES';
$CONF['domain_quota'] = 'YES';
$CONF['quota_multiplier'] = '1024000';
$CONF['used_quotas'] = 'YES';
$CONF['new_quota_table'] = 'YES';

$CONF['aliases'] = '0';
$CONF['mailboxes'] = '0';
$CONF['maxquota'] = '0';
$CONF['domain_quota_default'] = '0';
?>

Save and close the file.

Next, run the following command to create database schema for PostfixAdmin database.

$ sudo -u www-data php /var/www/postfixadmin/upgrade.php

Once the database is populated, we will use postfixadmin-cli tool to create superadmin user. Replace Userpass with the password of your choice. Replace example.com with your domain name.

$ sudo bash /var/www/postfixadmin/scripts/postfixadmin-cli admin add superadmin@example.com --superadmin 1 --active 1 --password Userpass --password2 Userpass

You will see the following output.

Welcome to Postfixadmin-CLI v0.2
---------------------------------------------------------------

The admin superadmin@example.com has been added!

---------------------------------------------------------------


5. Get Let’s Encrypt SSL/TLX certificate

We will use free SSL/TLS certificate available from Let’s Encrypt to secure our connections.

Run the following command to install Lets Encrypt. We will install its certbot that automatically generates & renews certificates for you.

$ sudo apt install certbot

Once the installation is complete, run the following command to generate certificate. Replace example.com with your domain name, and admin@example.com with your administrator’s email address.

$ sudo certbot certonly --agree-tos --email admin@example.com -d mail.example.com

After you run the above command, the certbot will issue some questions to understand your requirement and issue a text string that you need to add as a text record in your website’s DNS entry.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: y
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for example.com

-------------------------------------------------------------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
-------------------------------------------------------------------------------
(Y)es/(N)o: y

-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.example.com with the following value:

Y4FrZ6y-JqFJQRmq_lGi9ReRQHPa1aTC9J2O7wDKzq8

Before continuing, verify the record is deployed.

The text in bold needs to be added as a text record in your website’s DNS entry. This will prove to the certbot that you indeed are the owner/administrator of your domain.

Wait for a few minutes before proceeding with the prompt. If all goes well, then certbot will generate your certificates and display a success message, with the location of SSL/TLS certificates.

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/mail.example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/mail.example.com/privkey.pem
   Your cert will expire on 2020-01-09. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Verify the certificates with the following command.

$ sudo certbot certificates

You will see the following output.

Found the following certs:
  Certificate Name: mail.example.com
    Domains: mail.example.com
    Expiry Date: 2021-09-05 07:48:04+00:00 (VALID: 85 days)
    Certificate Path: /etc/letsencrypt/live/mail.example.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/mail.example.com/privkey.pem

Let’s Encrypt’s certificate is valid for 85 days. So we will setup cronjob to auto-renew it regularly. For that, open crontab with the following command.

$ sudo crontab -e

Add the following lines to it.

0 1 * * * /usr/bin/certbot renew >> /var/log/letsencrypt/renew.log

Save and close the file to apply the new cronjob.


6. Configure NGINX

Once you have generated the above SSL certificates, edit your NGINX configuration to mention their paths. We will create two server blocks for mail.example.com. Replace example.com with your domain name.

server {
    listen 80;
    server_name mail.example.com;

    include snippets/letsencrypt.conf;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name mail.example.com;
    root /var/www;

    ssl_certificate /etc/letsencrypt/live/mail.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mail.example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/mail.example.com/chain.pem;
    include snippets/ssl.conf;
    include snippets/letsencrypt.conf;

    location / {
       try_files $uri $uri/ /index.php;
    }

    location /postfixadmin {
       index index.php;
       try_files $uri $uri/ /postfixadmin/index.php;
    }

    location ~* \.php$ {
         fastcgi_split_path_info ^(.+?\.php)(/.*)$;
         if (!-f $document_root$fastcgi_script_name) {return 404;}
         fastcgi_pass  unix:/run/php/php7.0-fpm.sock;
         fastcgi_index index.php;
         include fastcgi_params;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}

Save and close the file. Reload NGIN configuration to apply changes.

$ sudo systemctl reload nginx


7. Verify Installation

Now you can easily open browser and visit https://mail.example.com/postfixadmin to access the login screen of your PostfixAdmin installation. Enter the username and password of superuser admin created at the end of step 4 to proceed.

In this article, we have learnt how to install and configure PostfixAdmin in Ubuntu.

Also read:

How to Completely Uninstall PostgreSQL from Ubuntu
How to Setup NTP Server & Client in Ubuntu
How to Add User to Sudoers in Linux
How to Install Brotli for NGINX in Ubuntu
How to Uninstall Docker in CentOS

Leave a Reply

Your email address will not be published.