Creating your own Mail Server (Amazon ec2, Postfix, Dovecot, Postgresql, Amavis, Spamassassin, Apache, and Squirrelmail) PART 2

<< Go back to Part 1 (If you haven’t already read it)

Wait- the rest is easy?

So you’ve got your very own server, a domain that points to it, and a way to connect! We’re almost done believe it or not. Instead of telling you how to configure every little piece yourself, I’m going to provide you with a bash script that will do it all for you. Essentially you just have to download the script, and then it will build the amazon ec2 mail server after you change a couple of important variables.

IMPORTANT* If you are an experienced user and wish to suggest changes to the script on github, feel free to do so;

https://github.com/Avix101/Mail-Server-Script

My goal is to keep the script functional and also improve the integrity of the setup it provides whenever possible. If you don’t want to make the changes yourself but wish to point out something, you can comment below this post- I will read and respond to as much as I can and also work on making fixes. A note of honesty from me- it will be quicker to implement fixes / changes if I can just review them and commit versus writing them myself.

Now that you know how to help me help you, let’s continue!

Step 1: Preliminary Server Setup

If you haven’t already switched over to your server, login via ssh.

 ssh nameOfServer 

Currently you will be a user named ec2-user. We need to upgrade your privileges before continuing. To become the root user, type the following command;

 sudo su 

Now let’s install emacs, a powerful text editor and git, the tool we’ll use to grab the script. Then, make a directory to store the mail script in and download it.

 yum install emacs git -y

git clone https://github.com/Avix101/Mail-Server-Script.git

cd Mail-Server-Script

ls (to display contents)

 

Now that you have the script, we have to adjust a couple of variables before running it. If you only have one domain that you want to receive mail for, only put one between the quotes of virtual_mailbox_domains. If you have multiple, add them all delimted by a single space, and make sure the one you want to use to connect via http and https is the first domain.

emacs super.sh

#### In this file change
virtual_mailbox_domains="yourdomain.com secondDomainIfYouHaveOne.com ..." (Only enter one if you only have one)
default_password="whateverYouChoose"
 

Step 2: Running the Script

Once done, type ctrl+x -> ctrl+s to save, and ctrl+x -> ctrl+c to exit. At this point everything should be ready to go. Just type the following command, sit back, and watch the magic. The script usually takes about 3-4 minutes to complete if you have a stable internet connection.

 ./super.sh 

Once done (assuming no error messages popped up) the server should be completely configured! You should be able to log into https://yourdomain/mail (you won’t have valid certs installed at this point, so expect the browser to say it’s an untrusted connection) with the default account: user=admin@yourdomain.com pass=default_password

Step 3: Tell Amazon to lift Email Sending Limitations

In order to send email from an Amazon ec2 instance, you’ll have to fill out a request to have the email sending limitations removed from your aws account. The form can be found here. Type in your email (not the one you just setup), and tell them why you want to have the limitations removed. Explain that you are trying to build a personal mail server with packages like Postfix and Dovecot. Then, supply them with the elastic IP address that you are using for your server. Where it asks for a Reverse DNS Record, type mail.yourdomain.com. If you want to clarify, in the case description explain that your domain is yourdomain.com and mail that you send is being flagged as spam, so you would like to setup a reverse DNS record for mail.yourdomain.com. This process will take some time, but upon completion you should be all set to go. The only additional thing you may want to look into is obtaining certificates for your site. If you are interested in doing that and need help, keep an eye out for part 3 of this series, or tell me that you need help with it, in which case I’ll write part 3 faster.

*IMPORTANT NOTICE (9/21/16):

DO NOT USE THIS SCRIPT FOR ANYTHING BUT A NEW INSTANCE. Or just be warned of the risks. Use snapshots to ensure the safety of your content.

UPDATE: I have been able to successfully install the script on a new instance after making a few fixes. We are back on a stable release. The script should complete successfully if all instructions are followed.

Test Parameters (9/22/16):

Script runs on a brand new Amazon Linux instance Passed
Script runs without throwing errors Passed
Script runs without throwing warnings – (Some inconsequential Dovecot semantics)
No extra steps required outside of the guide Passed
Apache starts and /mail is accessible Passed
Sent and received email from a Google account to new server Passed
Detected default spam flag and placed in junk folder Passed

Please enjoy, and continue to update me on issues as they arise.

63 thoughts on “Creating your own Mail Server (Amazon ec2, Postfix, Dovecot, Postgresql, Amavis, Spamassassin, Apache, and Squirrelmail) PART 2

  1. Oh, well, pardon me, it seems it just needed a little time. Anyhow, the location of the warning is nevertheless pretty… weak! Please relocate it to a more appropriate place, so that it appears BEFORE the instructions that pertain to it. If such a warning is apt, then this simple relocation would seem to be a self-evident feature of your instructions.

  2. Hi there Avix

    Unfortunately I followed your instructions sequentially, and hence the warning that pertains to your script did not appear on screen until after I’d received an error message stating that Apache did not successfully restart! Now my web server is, well, ****ed! It would have been great if the warning had appeared a little earlier on screen, but hey, I was the fool that got trigger happy with a blogger’s instructions. Anyhow, the errors pertained to /etc/httpd/conf.d/ssl.conf – which I backed up and replaced with a blank file – and with no luck still, errors followed on /etc/httpd/conf/httpd.conf – which I then replaced with a backup I had created earlier. Apache restarted, but my website is still down, with a 503 error. Can you pleeeease help me??

  3. Hi,
    thank you so much for this guide and the script. It worked beautifully for me.

    Not being an expert in system administration I have one quick question:
    If I want to use an email client like outlook to connect to dovetail. What do I need to change in the configuration so that I can access the smtp outgoing server from outlook?

    I did get the IMAP (incoming) connection to work by setting the server to mail..com and setting SSL connections up. But whatever I try for the outgoing server, I can’t get it to work.

    Any help would be much appreciated.

    Best,
    Pat

  4. I have the same issue as @msanhueza — I get “Not Found: The requested URL /mail was not found on this server” when I go to mydomain.com/mail. I’ve also tried mail.mydomain.com and mail.mydomain.com/mail — all for naught. The only error I see for the install is this:

    Starting amavisd: The value of variable $myhostname is “ip-NNN-NN-N-NNN”, but should have been a fully qualified domain name; perhaps uname(3) did not provide such. You must explicitly assign a FQDN of this host to variable $myhostname in amavisd.conf, or fix what uname(3) provides as a host’s network name!
    [FAILED]

    The thing is, if I open amavisd.conf, it *does* contain my FQDN. So I’m not sure what to think or do at this point.

  5. Hello Avix,

    Thank-you for the awesome resource! I’m looking forward to any improvements you come up with, user management would definitely be a bonus.

    I did have a question about usage that I hope you can answer. In the use case I’m looking to set this up in. I have a user with an established imap server that they are not looking to stop using. The idea would be to simply use this setup as a spam filter to offload spam traffic to Amazon and any mail that gets through the filter would then be forwarded down to the legacy imap server. Additionally, they would like a grace period on the Amazon server for going back and looking for any mail that was a miss-hit and was captured in the filter.

    Did you have any ideas or thoughts on this?

    Thanks again for the awesome resource.

    Cheers!

  6. Has any progress been mage on the user admin interface for this project? The project is great and works perfectly for me, however I would like users to be able to set there own passwords and there does not seem to be any good way to do that.. Any suggestions?

  7. Well, seems promising a lot this script. I have a modified ISPCONFIG c4.xlarge instance with postfix already installed.
    As I am in the first year of my Amazon account (well, my second year with different names) I will try to install this as an external mail server. I should be able to add users within my ISPCONFIG. It supports multi servers so that would be fine.

  8. I get the same error as some other people commented, such that the vanilla screen shows up when I use https://mail.mysitename.com/ however, all I get was the URL was not found on the server.

    Being that I am completely new to this I am not even sure what to expect to be honest, should a web page have popped up?

    Any help would be appreciated.

    Nathan

  9. Can you please let us know how to install/configured postfixadmin with your setup. Your script is great, but it would be even nicer with a simpler way to add domains and users. Thanks!

  10. Stasha,
    thank you again for the email exchange, i am however still unsuccessful. just to preface i have done this setup now 4 times and i am now able to access the server via web but receive only the apache default page”Linux AMI Test Page”. as this is the 4th time i decided to start fresh and clean. created a new vpc removed all key pairs and records from my previous setups and regenerated with a new elastic ip hoping that any previous screw ups on my part would be wiped by this process. i can only access the web portion via the public ip4 on the web so i know there is something wrong in the dns somewhere. hopefully your or anyone here might be able to provide some direction. i am a sys admin at work but alas windows is my domain and have not had much experience in the ways of web servers other than local intranet services. here is a screen cap of dns records http://i.imgur.com/a0npdcd.png

  11. Greetings:

    Everything installed perfectly and I can access mail locally but cannot via a mail client like Outlook. Also, I can’t seem to access any of the web based utilities. Would you have any suggestions in this regard?

  12. Squirrelmail attachments didn’t work until I did :

    # mkdir /usr/local/squirrelmail/www/attach/
    # chown apache:apache /usr/local/squirrelmail/www/attach/

  13. hi,
    your script worked very well.
    but still my mail.mydomain.com is still pointing to apache test page.
    mydomain and mail server are running on different instances.
    i did the redirect as mentioned, but still going to the apache start page.
    even though i have edited document root, why it is still showing the apache page (in fact i deleted the entire html folder. (/var/www/html).
    is there any thing i can do by changing the documentRoot to point to the squirrel mail folder (if any at all ) ?
    my elastic ip itself is showing the apache test page.
    i am new to this area, please help.

  14. HI Avix,
    Thanks for the document. I have permission issue..

    Forbidden

    You don’t have permission to access /mail on this server.

  15. Hey, Love the script, It worked like a charm! I did run into one issue that another user ran into (I have my mail server on a different ec2 instance than my website so I wanted mail.mydomain.com/mail to point to squirrel mail…)

    Here are my notes I wrote up to help other people who ran into this issue

    fix issue with mail.domain.com/mail not loading squirrelmail (even though mail.domain.com shows vanilla apache screen):

    vi /etc/httpd/conf/httpd.conf


    ServerName mail.domain.com
    Redirect permanent /mail https://mail.domain.com/mail


    ServerName mail.domain.com

    Then to add another user / login / account

    doveadm pw -s SSHA512 -p PasswordToEncrypt

    psql mail mailreader

    insert into users (email, password, realname) values (‘newemail@domain.com’ ‘passwordstringFromDOVEADMgen’, ‘Real name’);

    \q

    • Hey Derek,

      I’m glad the script worked for you. 🙂 Thank you for your notes, I’m sure they will be helpful to others who are attempting to do the same kind of setup!

      As for adding new users, what you have written works well! If anyone is looking for a way to add users to their setup, this will work for you.

      In the future adding users will be easier, as I am currently in the process of coding a webpage that you can add to your site with the purpose of letting users register themselves for an account (with admin approval if you desire).

      Thank you!

      Avix

  16. Hi Avix, your post is much appreciated. It saves a lot of time for a lot of people.

    I had the “access denied” issue and it went away after changing the access-control directives to 2.4-compatible format and restarting apache (https://httpd.apache.org/docs/current/upgrading.html).

    Now I’m getting the “unknown user” error when I login with admin@mydomain.com and the default password. Haven’t looked at the logs yet but will post when I make any progress. Has anybody else seen this issue?

    • Sep 20 14:36:53 mail dovecot: auth: Error: pgsql(localhost): Connect failed to database mail: FATAL: password authentication failed for user “mailreader”

      • Hello Gopi,

        I recently did a revamping of the script to fix a few issues that were causing a lot of trouble for most users. I’m not sure if upgrading your apache version would have changed anything or if perhaps permissions are not configured correctly.

        If you don’t mind (Hopefully you haven’t done a lot of work on the server), could you try running the script from a new instance? I tested the script very recently and it should work now. Please let me know if you have any more questions or if you need further assistance. I’m happy to help if I can 🙂

        -Avix

    • Hello Sergio,

      I’m glad the tutorial was easy to read! I’m hoping that the issue is just one of permissions. If a file does not have the correct permissions, certain users will not be able to read it (those on the web for instance). The document root of the /mail directory is “/usr/local/squirrelmail/www/” and the local file is “index.php”. Navigate to theis file, and perform the command “ls -la” and look at the permissions of that file. If it is -rw-r–r–, then your permissions are configured correctly and the issue lies elsewhere. If the permissions do not look correct, perform the command “sudo chmod 644 index.php”, and verify that the permissions have changed by again performing “ls -la”. I hope this helps!

      -Avix

  17. Word of warning, don’t run this script if you already have your web server up and running. I made the big mistake and this script overwrote all of my Apache configuration.

    Not mad, just unaware that this is far beyond an “Install a email system”.

    And in the end I still have no working email.

    Oh well, off to put back what it overwrote…..

    • Hello again Gregory,

      I’m terribly sorry to hear that running the script broke your settings. As you said, this script is intended for a fresh installation with no prior changes having been made to the server. Here is an important note especially because we work with EC2, always make a backup copy of your instance before running a script using Amazon’s imaging service. This way, in case of catastrophe you can always boot up your saved image.

      -Avix

  18. Hi,

    Got the same parse error as above on line 123. But I believe that the correction noted by Shawn from Switzerland is not 100% correct.

    I made Shawn’s change, script ran. But…

    After running the script I noted that the following message was reported:

    —-
    The amavisd service may fail to start the first time… this is okay. If the mail setup isn’t working, just run the setup script again, and the amavisd service should start correctly. Or to start the service yourself; service amavisd start.

    amavisd: unrecognized service
    —-

    No matter how many times I run super.sh it does not appear that amavisd is started. Nor in my tiny amount of looking, consisting of “which amavisd”, does it appear anywhere.

    After going into the amavis.sh script and hard coding the variable in question to 1 nothing changed. Same non-start on the service.

    To be honest, this stuff is all way over my head, but I wanted to report the issue. I’ve gone about as far as I can go. Thank you so very much for your efforts.

    • Hello Gregory,

      Amavisd is a very difficult piece of software to work with, so it does not surprise me that this was something that ended up breaking my script. I’m not entirely sure how to resolve this issue, but what I can do is recommend is installing the version that I used on my server (amavisd-new-2.8.0). Hopefully that solves the issue!

      -Avix

  19. Just had a few dramas getting this up and running. It seems to be failing on the amavisd installation. was able to recover it by running “yum install epel-release” and using “yum –enablerepo=epel install amavisd-new”

    • ***IMPORTANT: Potential fix for those who are struggling with the amavis installation!

      Hello Alex,

      This may be an important fix! It could potentially help others who are struggling with the amavis installation.

      Thank you.

      -Avix

  20. Hi Avix

    When I run ./super.sh

    I see following:

    Checking for postfix installation…
    postfix is installed, continue.
    sudo: postfix: Kommando ikke fundet
    Fatal Error: postfix directory not present
    Postfix failed to start… stopping script.

    What to do?

    Thanks,
    Jonas

  21. First of all, thanks for this text! It’s very helpful…

    I’ll try this after I received Amazon’s answer of submited form so I just want to confirm the script is update to do it in August/2016. 🙂

    Thanks

  22. @bypass_virus_checks_maps = (1);
    character “(” generates an error – Line 123

    and you can not restart the http server

    Por favor vuelve a probar tu script en una instancia de amazon ec2. Debes actualizar tu solución

  23. Hi, I ran into the same problem as Shawn from Switzlerand. I removed the the parenthesis and ran it again. and it ran fine until the message:

    the amavisd service may fail to start.

    I also had a web page previously and could not find /mail under /var/www/html

    Any ideas before I try something else?

  24. Hi Avix,

    Thanks for the great script.

    I just wanted to point out that the instructions at the top of this page are a little out of date. They describe using ‘mkdir mail_script’ to create a mail_script folder, but this is misleading as the git clone actually automatically creates and uses one called ‘Mail-Server-Script’.

    Cheers,
    Shane.

  25. Not work.
    I spend many hours to try use this script but do not work, the problem is:

    When you Donwload the git clone https://github.com/Avix101/Mail-Server-Script.git its ok, but when i run the Script ./super.sh show error in line 123 @bypass_virus_checks_maps = (1); i try to remove the brackets but is the same, than i comment the line run scritp again, but when i type myhostname.com/mail the SquirrelMail not work to, only index.php show.

    I need i big help, because i’m here a 4 days a go and this don’t want work.

  26. The script gets stuck at:
    Hit http://security.ubuntu.com trusty-security/main Sources
    Hit http://security.ubuntu.com trusty-security/universe Sources
    Hit http://security.ubuntu.com trusty-security/main amd64 Packages
    Hit http://security.ubuntu.com trusty-security/universe amd64 Packages
    Hit http://security.ubuntu.com trusty-security/main Translation-en
    Hit http://security.ubuntu.com trusty-security/universe Translation-en
    Reading package lists… Done

    it doesnt move past this point?

  27. For the certificates, what domain should they be issues for?
    example.com
    mail.example.com
    or
    *.example.com

    -Mayor

  28. Hi Avix!
    I am a newer in linux.
    Your tools help me a lot! Thank you so much.
    I have some problems needed to learn.

    Q1. I can mail a test-mail to gmail , but I can’t received that from gmail.
    What should I check?

    Q2.If I want to add more mail-account, how do I do?

    Q3.How I know my SMTP setting ?

    Appreciate your help.

  29. Hi,

    I’ve installed this on a second instance (mail.*) but configured the file using mydomain.com as otherwise I’d be sending emails from a subdomain of my site.

    I am getting the Apache test page when I visit mail.* however when I visit mail.*./mail I’m getting a 404.

    Any ideas?

    Thanks
    Darren

    • Hello Darren,

      My best guess is that in editing the config file, somehow a reference got misplaced which is causing you to have this error.

      Assuming squirrelmail is still working on your instance (if it isn’t I’m not quite sure what the fix would be, and I’d need more details of the error) follow these steps.

      -Cd to /etc/httpd/conf
      -emacs /httpd.conf
      -Ctrl-S and type in *:80>
      -Press Crtl-S until you see the uncommented version of the line
      -Underneath that line look for this line:

      Alias /mail /usr/local/squirrelmail/www

      If it isn’t present, add it in, save the file and exit the file
      Then type these commands

      -sudo su
      -service httpd restart

      After that hopefully the /mail link will take you to squirrelmail!

      Let me know if this issue persists, or another one pops up

      Avix

      • Hi Avix,

        Thanks for your help. The Alias was missing from the file, however it hasn’t worked as I’m still getting the same 404.

        The Alias folder exists at /usr/local/squirrelamail/www
        Server error is pointing at them being a 404 on :443, but the aliases exist under the *:443 too.

        I might attempt a new install on a new instance and see if it was either a user issue or an issue with the script not downloading correctly the first time.

        Thanks,
        Darren

        • Hey Darren,

          The alias missing probably was one of the issues, but it sounds like something else went wrong as well, and it may be difficult to pinpoint.

          I think the best course of action would be to do exactly what you suggested, stop the current instance (but keep it in case the new one doesn’t work) and boot up a fresh one.

          Also, you may already know this but there is an important distinction between :80 and
          :443.

          :80 is an “untrusted” web port that responds to http:// calls
          :443 is a “trusted” web port that responses to https:// calls

          It is perfectly okay to use :80, (although your browser may complain), and to use :443 (correctly) you need a certificate installed on your site. I’m mentioning this just to make sure you’re aware that http:// is very different from https:// and if your calls are going through one, but the alias / document root is not setup for that port, that could be causing the 404

          Best of luck to you, and let me know if the issue persists!

          Avix

    • Hey Shawn,

      I’m not sure why you had this error; as the vanilla Amazon ec2 server should be consistent across all fronts… However I guess syntactically it couldn’t handle the parsing. In the future if there are unexpected token errors such as this, try removing the culprit character as you did. If that does not work, you will have to comment out the line and find the section of code where that setting should be changed and change it manually after the setup runs (I.E. The setting @bypass_virus_checks_maps would be in the amavis.conf file).

      If you have another error please don’t hesitate to post about it. I apologize for not being prompt with my reply.

      Avix

  30. Hmmm. When I run ./super.sh I get the following error:

    ./super.sh: line 123: syntax error near unexpected token `(‘
    ./super.sh: line 123: `@bypass_virus_checks_maps = (1);’

    line 123 looks like this:
    @bypass_virus_checks_maps = (1);

    🙁

  31. Thanks for providing this script.

    I have been following the instructions, however when I get to the “emacs super.sh” stage, the file appears empty. Any ideas whats going on? Cheers

    • Hi Daniel,

      My best guess is that either the download of the script did not complete, or that you were not in the correct directory (where the script downloaded to). Emacs will automatically write a new file if you type “emacs super.sh” and the file is not present in that directory.

      1. To make sure you are in the proper directory use the command ‘ls’ to see all items in your current directory.
      2. If you do not see super.sh as well as many other .sh files (from the script) then you aren’t in the correct directory!
      3. Use the command ‘pwd’ to get your current directory path. If the directory isn’t: /home/ec2-user/Mail_Script then that is why it won’t work.
      4. Navigate to /home/ec2-user/Mail_Script using ‘cd ..’ to move up a directory and ‘cd FOLDER_NAME’ to go into a folder. Remember ‘ls’ can be used to see the folders and files in your current directory.
      5. Once you are in the proper folder and can see super.sh as well as the other script files you can run ’emacs super.sh’
      6. If the above didn’t help you, move your current directory to /home/ec2-user
      7. Use ‘ls’ to confirm the existence of ‘Mail_Script’ if the folder is present type ‘rm -rf Mail_Script’ to get rid of it.
      8. Try cloning the repo again with the git command in the tutorial above.
      9. After the download has completed, ‘cd’ back into ‘Mail_Script’ and confirm the existence of ‘super.sh’ with ‘ls’ before typing ’emacs super.sh’
      10. Assuming it exists, open it up and everything should be there!

      I hope that helped 🙂

  32. Hi Avix 🙂
    Thank you for this nice tutorial, everything was very clear, simple and easy to understand. The only thing is that when running the script, I’m getting an error:

    –2016-03-18 13:49:32– http://ufpr.dl.sourceforge.net/project/squirrelmail/stable/1.4.22/squirrelmail-webmail-1.4.22.zip
    Resolving ufpr.dl.sourceforge.net (ufpr.dl.sourceforge.net)… 200.236.31.2, 2801:82:80ff:8000::3
    Connecting to ufpr.dl.sourceforge.net (ufpr.dl.sourceforge.net)|200.236.31.2|:80… connected.
    HTTP request sent, awaiting response… Read error (Connection timed out) in headers.
    Retrying.

    Any idea why is this error? and how I can solve it?
    Thanks!

    • Hi Francisco!

      I’m not entirely sure why the script is throwing that error. It looks as though the server couldn’t connect to sourceforge in order to download the necessary resources. This kind of network error could be caused by a multitude of reasons unfortunately.

      What I can tell you is that I downloaded the resources just a minute ago and the link worked just fine. I would give the script another try if the problem hasn’t been resolved already (I’d be willing to bet whatever network issue there was is now resolved.

      I’m glad the tutorial was helpful to you!

      Please do let me know if you need additional help and I’ll do the best I can to assist.

  33. Hi Avix, this is great thanks, got it installed. Not being a Linux guy, I’m not sure how to proceed from here. I found this URL but I’m not sure if the script has already taken care of most of that for me or not:
    https://www.howtoforge.com/squirrelmail-configuration-easy-steps-squirrelmail-sendmail-apache-redhat-centos-fedora

    What do I need to do after running your script to set up mailboxes and actually use the email service? Any help would be really appreciated.

    Thanks,
    sheeptest

    • Hello Sheeptest, I’m sorry for taking so long to get back to you; I stepped away from this project for a while because of school. If you are still having trouble, here are the steps you can take. Everything regarding squirrelmail should be setup for you already.

      To access your account go to yourdomain/mail. (If you don’t have valid certs installed it will tell you it is unsafe, but it is safe)

      To log into your account, type in admin@yourdomain.com and then use your password or the default password.

      To add accounts, you will have to update the pgsql table titled “users”. (Also don’t forget to use SHA512 encryption for passwords!

      Unfortunately, at the moment I haven’t implemented an easy way to add accounts, but that may be something I work on soon!

      I hope I helped!

Leave a Comment