Using the Flockport mailserver

This is one of the more useful and also more complex Flockport containers. Anyone who has set up a mail server will know what a hair pulling experience it can be. There are a number of moving parts and many ways for thing to go wrong.

The Flockport mail server cuts the complexity and makes it easy. Here is the video walkthrough of this guide

A word of warning here, there is more to a mail server than installation and basic configuration. The Flockport mail server container provides a mail server with defaults. Configuring it for your environment involves configuring your chosen email domains, SSL access, DNS configuration, and running it needs intimate knowledge of how a mail server works.

Running a mail server is a non trivial exercise. A mail server has to up all the time 24/7, so you have to ensure your mail server does not go down, ever. A mail server has to be secure. A mail server has to deal with spam on a massive scale, and a mail server needs to be configured properly so outgoing emails do not land into users' junk boxes.

This is not for beginners, you need have an intimate understanding of how a mail server works, and what the individual components needed to build one do. There are other one in all mail servers, but some of these solutions are needlessly demanding and tend to take over your system. The Flockport mail server is probably more functional and not as intrusive and much more transparent and flexible to manage and run.

The Flockport mail server is a multi-domain mail server complete with a pretty GUI to manage domains, Roundcube webmail, and IMAP and POP access. It also had DNSBL lists configured by default to prevent spam. Let's look the awesome individual bits that make up the Flockport mail server.

Postfix                 :     SMTP server
Dovecot               :     IMAP and POP server
Roundcube          :     Webmail
Nginx                  :     Webserver for Vimbadmin GUI and Roundcube webmail
Vimbadmin         :     GUI layer for multi-domain management

A good place to understand mail servers and how the components work together is workaround.org and the Linode mail server guide. They have the best documentation on mail servers online.

Download the Flockport mail server and untar it in your LXC folder. Please go through the flockport.readme file in the root folder before proceeding. This exercise is best done on a cloud KVM instance or a server with a public IP. Without that you will not be able to test whether it works. But you can test it on a local system to get a look  at the Vimbadmin GUI and the rest of the components, though without configuring DNS and mail domains actual email will not work.

tar -xpJf mailserver.tar.xz -C /var/lib/lxc --numeric-owner

Start the container

lxc-start -n mailsever -d

At this point your mail server is up. Yup, that's all it takes.

Get the mail server container IP

lxc-ls -f

Edit to your /etc/hosts to associate the container IP with Vimbadmin and Roundcube URLs on your browser as shown below. For instance if the container IP is 10.0.3.26

nano /etc/hosts

10.0.3.26  vma.flockport.org mail.flockport.org

If you are on a cloud instance you need to forward at least port 80 of your public IP to the container port 80 so that you can access the Vimbadmin management GUI and Roundcube webmail for this example. For instance if the public IP is 1.2.3.4

iptables -t nat -I PREROUTING -i eth0 -p TCP -d 1.2.3.4/32 --dport 80 -j DNAT --to-destination 10.0.3.26:80

Now access the Vimbadmin management GUI in your browser.

http://vma.flockport.org

The first Vimbadmin screen asks for super-user password and allows you to create the first super admin account. This is a one time setting, so if you are running a test it's a good idea to clone the container before proceeding, so you have the original instance to deploy for your production use.

The security salt is in /usr/local/vimbadmin/applications/configs/application.ini

security salt   : superuser-password
admin user  : choose a super admin login email (for testing anything works)
admin pass  : likewise

You can add and configure multiple domains and add users and aliases for the domains here. This is the control HQ of your mail server. Adding a mail domain is a one click exercise, however you should to ensure the DNS configuration for the mail domains you are adding are done accordingly so the mail server is connected to these domains and can process emails.

For this example let's add some domains, users and aliases. We will add the Flockport.org and Flockport.com domains. Let's also add [email protected], [email protected], [email protected], [email protected] users and a [email protected] alias.

Once these domains and users have been created, you can test them on Roundcube webmail. This is configured to be available at mail.flockport.org

You can of course change the default access URLs for Vimbadmin and Roundcube in the Nginx configuration.

Production use
The Flockport mail server is configured with defaults so SMTP, IMAP, POP are all on default ports. In actual production you would want to configure your chosen email domains, DNS and SSL. Current access for Vimbadmin and Roundcube is on http, in production this would be https, and you will need a SSL certificate for these domains.

You will need to change Nginx configuration accordingly. Vimbadmin and Roundcube are in /usr/local/. It's also a good idea to use something like fail2ban to protect your mail server from bots.

For production ideally the Flockport mail server container should be on a public IP, as a mail server needs a number of ports to be open, or you should forward the ports you need for the mail server from the public IP to the container IP.

To scale-out all you have to do is clone the container and change the component configs to talk via the network. For storage replication and availability you can use Gluster. See our guide to build distributed storage nodes with LXC and Gluster

To learn how to deploy the mail server in your environment please visit
Deploying the Flockport mail server.

Recommended Posts

Leave a Comment

Login

Register | Lost your password?