####      Install and Configure an Email Server on Ubuntu 24.04    ####

## Step 1. Set Hostname
sudo hostnamectl set-hostname mail.univ-poitiers.fr


## Step 2. Install Dependencies (Apache, PHP and MariaDB)
sudo apt install apache2 git mariadb-server php-{xml,pear,imap,intl,common,json,curl,mbstring,mysql,gd,imagick,zip,opcache,sqlite3} libapache2-mod-php


## Step 3. Create a System User (to store the emails on the server)
sudo useradd -r -u 150 -g mail -d /var/vmail -s /sbin/nologin -c "Virtual Mail User" vmail
sudo mkdir -p /var/vmail
sudo chmod -R 770 /var/vmail
sudo chown -R vmail:mail /var/vmail


## Step 4. Create a Database
sudo mysql
CREATE DATABASE postfixadmin;
GRANT ALL PRIVILEGES ON postfixadmin.* TO 'postfixadmin'@'localhost' IDENTIFIED BY 'Password*2025';
FLUSH PRIVILEGES;
\q


## Step 5. Install Postfix
sudo apt install postfix-mysql

# Create several configuration files for Postfix to communicate with the database
sudo mkdir -p /etc/postfix/sql

# Match the password, database name, and database user with those you created in the earlier step
sudo nano /etc/postfix/sql/mysql_virtual_alias_maps.cf

user = postfixadmin
password = Password*2025
hosts = localhost
dbname = postfixadmin
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'

sudo nano /etc/postfix/sql/mysql_virtual_domains_maps.cf

user = postfixadmin
password = Password*2025
hosts = localhost
dbname = postfixadmin
query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'

sudo nano /etc/postfix/sql/mysql_virtual_mailbox_maps.cf

user = postfixadmin
password = Password*2025
hosts = localhost
dbname = postfixadmin
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'

sudo nano /etc/postfix/sql/mysql_virtual_alias_domain_maps.cf

user = postfixadmin
password = Password*2025
hosts = localhost
dbname = postfixadmin
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'

sudo nano /etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf

user = postfixadmin
password = Password*2025
hosts = localhost
dbname = postfixadmin
query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'

sudo nano /etc/postfix/sql/mysql_virtual_mailbox_limit_maps.cf

user = postfixadmin
password = Password*2025
hosts = localhost
dbname = postfixadmin
query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'

sudo nano /etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf

user = postfixadmin
password = Password*2025
hosts = localhost
dbname = postfixadmin
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'

# Run the commands below to edit postfix’s main.cf file
sudo postconf -e "myhostname = $(hostname -f)"
sudo postconf -e "mydestination = localhost"
sudo postconf -e "mynetworks = 127.0.0.0/8"
sudo postconf -e "inet_protocols = ipv4"
sudo postconf -e "inet_interfaces = all"
sudo postconf -e "smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem"
sudo postconf -e "smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key"
sudo postconf -e "smtpd_use_tls = yes"
sudo postconf -e "smtpd_tls_auth_only = yes"
sudo postconf -e "smtpd_sasl_type = dovecot"
sudo postconf -e "smtpd_sasl_path = private/auth"
sudo postconf -e "smtpd_sasl_auth_enable = yes"
sudo postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination"
sudo postconf -e "virtual_transport = lmtp:unix:private/lmtp"
sudo postconf -e "virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf"
sudo postconf -e "virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf"
sudo postconf -e "virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf"

# Edit /etc/postfix/master.cf file and modify or add the following lines to the file
sudo nano /etc/postfix/master.cf

smtp      inet  n       -       y       -       -       smtpd
#smtp      inet  n       -       y       -       1       postscreen
#smtpd     pass  -       -       y       -       -       smtpd
#dnsblog   unix  -       -       y       -       0       dnsblog
#tlsproxy  unix  -       -       y       -       0       tlsproxy
# Choose one: enable submission for loopback clients only, or for any client.
#127.0.0.1:submission inet n -   y       -       -       smtpd
submission inet n       -       y       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_tls_auth_only=yes
#  -o local_header_rewrite_clients=static:all
#  -o smtpd_reject_unlisted_recipient=no
#     Instead of specifying complex smtpd_<xxx>_restrictions here,
#     specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
#     here, and specify mua_<xxx>_restrictions in main.cf (where
#     "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
#  -o smtpd_client_restrictions=
#  -o smtpd_helo_restrictions=
#  -o smtpd_sender_restrictions=
#  -o smtpd_relay_restrictions=
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
  
  
## Step 6. Install Dovecot
sudo apt install dovecot-mysql dovecot-imapd dovecot-pop3d dovecot-lmtpd


# We can proceed with the following steps and edit some configuration files
sudo nano /etc/dovecot/conf.d/10-auth.conf
#replace the line with this one: " = plain" by "auth_mechanisms = plain login"

# We need to comment !include auth-system.conf.ext and uncomment the line !include auth-sql.conf.ext
     #!include auth-system.conf.ext
      !include auth-sql.conf.ext
	  
# Edit this file 
sudo nano /etc/dovecot/dovecot-sql.conf.ext
# Insert the following lines (contain the database credentials):
driver = mysql
connect = host=localhost dbname=postfixadmin user=postfixadmin password=Password*2025
default_pass_scheme = BLF-CRYPT
password_query = SELECT username as user, password, '/var/vmail/%d/%n' as userdb_home, 'maildir:/var/vmail/%d/%n' as userdb_mail, 150 as userdb_uid, 8 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
user_query = SELECT '/var/vmail/%d/%u' as home, 'maildir:/var/vmail/%d/%u' as mail, 150 AS uid, 8 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'

# Open the /etc/dovecot/conf.d/10-mail.conf file and change the following values:
sudo nano /etc/dovecot/conf.d/10-mail.conf

mail_location = maildir:/var/vmail/%d/%n
mail_uid = vmail
mail_gid = mail
mail_privileged_group = mail
first_valid_uid = 150
last_valid_uid = 150

# Editing other dovecot configuration files  
sudo nano /etc/dovecot/conf.d/10-master.conf
#Find the service lmtp section and change it to the following:
service lmtp {
    unix_listener /var/spool/postfix/private/dovecot-lmtp {
    mode = 0600
    user = postfix
    group = postfix
    }
}
#Find the service auth section and change it to:
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}

unix_listener auth-userdb {
mode = 0600
user = vmail

}
user = dovecot
}
#Change the service auth-worker section to the following:
service auth-worker {
user = vmail
}
#Save the file and then exit

# Add the correct the permissions
sudo chown -R vmail:dovecot /etc/dovecot
sudo chmod -R o-rwx /etc/dovecot


## Step 7. Install PostfixAdmin

# Download PostfixAdmin from Github and store it in the /opt directory
cd /opt
sudo git clone https://github.com/postfixadmin/postfixadmin.git
cd /opt/postfixadmin
sudo bash install.sh

# Correct the permission
sudo chown -R www-data: /opt/postfixadmin

# Add /etc/apache2/conf-enabled/postfixadmin.conf
sudo nano /etc/apache2/conf-enabled/postfixadmin.conf
#Insert these lines into that file
Alias /postfixadmin /opt/postfixadmin/public

<Directory "/opt/postfixadmin/public">
        AllowOverride All
        Options +FollowSymLinks
        Require all granted
</Directory>

# Reload Apache
sudo systemctl reload apache2

# Create config.local.php
sudo nano /opt/postfixadmin/config.local.php

<?php
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfixadmin';
$CONF['database_password'] = 'Password*2025';
$CONF['database_name'] = 'postfixadmin';
$CONF['configured'] = true;

?>

# Go to http://localhost/postfixadmin/setup.php and create a setup password
#Type your setup password twice and click on Generate setup_password hash button
#You will see a line containing a setup password, and you need to copy it to "/opt/postfixadmin/config.local.php", something like:
$CONF['setup_password'] = '$2y$10$YpUXiIQAP47pudUDz0n3leljN2ap5xBq/O1ntFmgAtU0WArEXy84y';
#After adding the line to "config.local.php" file, you can refresh the page to log in and create a superadmin.
#Scroll down to create a superadmin account. The setup password you created earlier is required to create a superadmin. In the admin field, it should be filled with an email address
(Mettre le mot de passe créé à la première connexion, Admin : admin@univ-poitiers.fr, mot de passe x2)
# Setup password
Password@2025

# Création d'un compte administrateur dans la partie "setup password":
compte : admin@univ-poitiers.fr
mot de passe :Password*2025

# Now that a superadmin has been created, you can use the credentials to log in to http://192.168.0.16/postfixadmin/login.php and add domains, email address, etc

# Connexion au portail d'administration avec le compte administrateur : http://192.168.0.16/postfixadmin/login.php 
compte : admin@univ-poitiers.fr
mot de passe : Password*2025

# Création du domaine 
# nom du domaine:
univ-poitiers.fr
# cocher "Le serveur est un "Backup MX"
#  Après validation les alias suivants sont créés : abuse@univ-poitiers.fr, hostmaster@univ-poitiers.fr, postmaster@univ-poitiers.fr et webmaster@univ-poitiers.fr

# créer / ajouter un compte courriel POP/IMAP (prénom.nom, et un mot de passe)
neil.andre (neil.andre@univ-poitiers.fr)
david.dupre (david.dupre@univ-poitiers.fr)


## Step 8. Install Webmail
# At this point, your server can send emails. To receive emails, make sure your domain’s DNS MX record points to this server. You can use your favorite email client to send emails or use a webmail instead. Let’s install Roundcube now.
sudo apt install roundcube # Spécifier : le nom de la BDD : postfixadmin, l'utilisateur BDD : postfixadmin et mot de passe : Password*2025


# Edit rouncube configuration file at /etc/apache2/conf-enabled/roundcube.conf
sudo nano /etc/apache2/conf-enabled/roundcube.conf
#Uncomment this line:
Alias /roundcube /var/lib/roundcube/public_html

# Save the file, exit then restart apache
sudo systemctl restart apache2

# Edit another Rouncube config file, this one at /etc/roundcube/config.inc.php
sudo nano /etc/roundcube/config.inc.php
#Replace "config['smtp_host'] = 'localhost:587';" by  $config['smtp_host'] = 'tls://%n:587';

## Step 9. Préparer les postes clients
Les clients doivent être configurés avec le DNS dans les paramètres réseaux.
Celui-ci doit être indiqué dans le fichier hosts

## Création du certificat SSL (openssl) dans /etc/ssl:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/selfsigned.key -out /etc/ssl/certs/selfsigned.crt

# Activer le https
sudo nano /etc/postfix/main.cf et Ajoutez les lignes suivantes dans votre fichier:
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/ssl/private/selfsigned.key
smtpd_tls_cert_file = /etc/ssl/certs/selfsigned.crt
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 86400

#Configurer Roundcube pour SSL
sudo nano /etc/roundcube/config.inc.php
#Configurer IMAP avec SSL : Ajoutez ou modifiez les lignes suivantes pour utiliser SSL pour IMAP :
$config['default_host'] = 'ssl://imap.univ-poitiers.fr';
$config['default_port'] = 993;
#Configurer SMTP avec SSL : Ajoutez ou modifiez les lignes suivantes pour utiliser SSL pour SMTP :
$config['smtp_server'] = 'ssl://smtp.univ-poitiers.fr';
$config['smtp_port'] = 465;

sudo systemctl restart apache2


# Accéder à la messagerie
http://192.168.1.100/roundcube ou http://mail.univ-poitiers.fr/roundcube

## Si problème de connexion au webmail 
 1)Vérifier si le service LMTP tourne:
 sudo systemctl status dovecot
 
 2) Redémarrer le service LMTP:
  sudo systemctl restart dovecot
  
 3) Tester la connexion LMTP manuellement (Depuis le serveur où tourne Postfix), exécuter :
 telnet mail.univ-poitiers.fr 25
 ou
 nc -v mail.univ-poitiers.fr 25
 
 4) Vérifier les logs de Dovecot :
 journalctl -u dovecot --since "10 minutes ago"
 
 5) Vérifier le pare-feu :
 iptables -L -n | grep 24
firewall-cmd --list-ports

 6) Regarder la charge du serveur :
 top
free -m
df -h

## Si Le message "Connection refused" lors du test "telnet mail.univ.com 24" indique que le serveur LMTP n'écoute pas sur le port 24 ou qu'un pare-feu bloque la connexion.
# Vérifier si LMTP écoute bien sur le bon port :