postfix + dovecot

postfix + dovecot

apt-get install postfix postfix-mysql mailutils certbot nginx dovecot-core dovecot-imapd dovecot-lmtpd mariadb-server mariadb-client -y
certbot certonly

echo "submission     inet     n    -    y    -    -    smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_tls_wrappermode=no
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth" >> /etc/postfix/master.cf

#Remove old tls entry
echo '#Enable TLS Encryption when Postfix receives incoming emails
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.your-domain.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.your-domain.com/privkey.pem
smtpd_tls_security_level=may 
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

#Enable TLS Encryption when Postfix sends outgoing emails
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

#Enforce TLSv1.3 or TLSv1.2
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1

mailbox_transport = lmtp:unix:private/dovecot-lmtp
smtputf8_enable = no' >> /etc/postfix/main.cf

systemctl restart postfix

echo "protocols = imap lmtp" >> /etc/dovecot/dovecot.conf

#You need to remove the existing lmtp + auth entry or replace it
echo "service lmtp {
 unix_listener /var/spool/postfix/private/dovecot-lmtp {
   mode = 0600
   user = postfix
   group = postfix
  }
}

service auth {
    unix_listener /var/spool/postfix/private/auth {
      mode = 0660
      user = postfix
      group = postfix
    }
}
" >> /etc/dovecot/conf.d/10-master.conf

echo "disable_plaintext_auth = yes" >> /etc/dovecot/conf.d/10-auth.conf

echo "ssl = required
ssl_cert = </etc/letsencrypt/live/mail.your-domain.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.your-domain.com/privkey.pem
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv3 !TLSv1 !TLSv1.1
#or
ssl_min_protocol = TLSv1.2" >> /etc/dovecot/conf.d/10-ssl.conf

#Replace  mailbox Trash with:
 mailbox Trash {
    auto = create
    special_use = \Trash
 }
in /etc/dovecot/conf.d/15-mailboxes.conf

systemctl restart postfix dovecot

echo "0 0 * * 0 certbot renew --quiet && systemctl reload postfix dovecot nginx" >> /var/spool/cron/crontabs/root

cd /var/www/html/
wget https://github.com/postfixadmin/postfixadmin/archive/refs/tags/postfixadmin-3.3.10.zip
tar xvf postfixadmin-3.3.10.zip
rm postfixadmin-3.3.10.zip
mv postfixadmin-postfixadmin-3.3.10/ postfixadmin
mkdir /var/www/html/postfixadmin/templates_c
chown -R www-data:www-data /var/www/html/postfixadmin
apt install php7.4-fpm php7.4-imap php7.4-mbstring php7.4-mysql php7.4-json php7.4-curl php7.4-zip php7.4-xml php7.4-bz2 php7.4-intl php7.4-gmp

mysql -u root...
CREATE USER 'postfixadmin'@'localhost' IDENTIFIED BY 'randompassword';
CREATE DATABASE postfixadmin;
GRANT ALL PRIVILEGES ON postfixadmin.* TO 'postfixadmin'@'localhost';
FLUSH PRIVILEGES;