Tutorial: Your own mail server (Dovecot, Postfix, Rspamd) with tight Nextcloud (on Apache) integration for Debian

Why PostgreSQL?

For me the reasons are

• a lower memory footprint
• more convenient functions, e.g. ILIKE for case insensitive search which is a mess in MariaDB, i.e. queries becomes way more complex instead of just using ILIKE instead of LIKE as you can with Postgres.
• PostgreSQL just feels more rounded, is more standard compliant and creates less hassle. MariaDB (to me personally) feels too “hacky” compared to Postgres. Another example is that to make MariaDB queries secure with PDO in PHP you need to make sure the right charset is used. In Postgres “it just works”.

Why no virus scan implementation?

Because virus scanners are mostly snake oil, i.e. give you a wrong sense of security while detecting few viruses that really matter. This might be even more true for desktop solutions but I just decided that its not worth the effort for the little to no gain.

What’s about redis?

I actually state in the tutorial that you should use Redis for larger user bases and provide links to instructions on how to set up Redis. I did not include it merely because at some point I had to make a cut (you can always explain more and do more but time is limited) and for my use case I don’t need it (relatively few users). But if you do, just follow the links.

Thx for your explanations. Honestly Database is just a black box for me at the moment. So any real-world comparison is more than welcome.

Thank you for posting this tutorial, it’s exactly what I wanted to do

I’m hoping that you can help, or point me in a helpful direction, since you know much more about this topic than I do.

After starting dovecot, when I check the error log, it says

mail dovecot: auth: Fatal: sql /etc/dovecot/dovecot-sql.conf.ext: Error in configuration file /etc/dovecot/dovecot-sql.conf.ext line 72: Unknown setting: password

Then command startup failed, throttling for x seconds, imap error login timeout.

I went triple-checked the tutorial to make sure I’d typed correctly (checked to make sure I typed it properly, tried putting password on a different line, tried putting it all on one line the way I’d done it initially in case it auto-misformatted).

These seemed most relevant, but I checked others:

It seems that the issue actually has nothing to do with the password setting, since by all accounts that is an actual setting that is supposed to be there.

Every test up to this point has worked successfully, except the SSL setup; I used the --staging option for that, but when I reran it without that, it said the certificates were already there and to use force renew. When I visit my domain in a browser it says
SSL_ERROR_RX_RECORD_TOO_LONG
But that is fixed with
https://support.servertastic.com/knowledgebase/article/error-code-ssl_error_rx_record_too_long
and I was going to do that afterwords, when everything else was set up, since I didn’t want to lose my place. I’m not sure if that’s related but I want to give as much information as possible.

So, I’m not sure where to look next, since the error seems to be of the “something other than what the error says is causing it to spit this error out” type, but everything else has tested as working.

Any help would be greatly appreciated, and thank you for this tutorial

Okay, I switched (in the offending file mentioned in the previous post) from 127.0.0.1 to localhost since they mean the same thing and the latter was used both originally in the file and in the dovecot wiki. /var/log/mail.err didn’t spit out an error when I reloaded dovecot, nor when I tried the start command. I’m going to consider this fixed for now and keep going. I’ll update as events warrant.

Update: I went back to where I was, and the next step was test the mail server. I used the telnet command, and it worked. Wtf. Let’s see if it sticks.

Update2: Test email went through. Seems to have worked, in both directions…

Hey, I am very busy with a non-hobby project atm, so I haven’t had the time to come here and didn’t see your question. Glad, it works now.

Hi all, hi @PancakeConnaisseur ! This tutorial is awesome, very detailed and everything is explained very well. But I have one issue with it. I’m using environment where we have MariaDB(MySQL) already deployed. I don’t want to install additional database instance just to maintain email addresses.

I was never working with PostgreSQL and it seems MySQL lacks some features like for example user-defined domain…

Can anybody help translating these SQL statements to MySQL?

Thank you so much.
K

Now that is how a tutorial is done easy to follow and learned a lot. Of course at the very end ran into a problem and have been stuck for a couple days. After installing User Backend Using Raw SQL I cant access the Users in the profile so I am not able to create any users. I get an internal error page and nextcloud.log gives error “File”:"/var/www/nextcloud/apps/user_backend_sql_raw/lib/Dbs/Postgresql.php",“Line”:30,“CustomMessage”:"–"} . This is the file the error is referring to.
namespace OCA\UserBackendSqlRaw\Dbs;
23
24 use OCA\UserBackendSqlRaw\Db;
25 use \PDO;
26
27 class Postgresql extends Db {
28
29 protected function createDbHandle() {
30 return new PDO($this->assembleDsn());
31 }
32
33 protected function assembleDsn() {
34 return ‘pgsql:host=’ . $this->config->getDbHost()
35 . ‘;port=’ . $this->config->getDbPort()
36 . ‘;dbname=’ . $this->config->getDbName()
37 . ‘;user=’ . $this->config->getDbUser()
38 . ‘;password=’ . $this->config->getDbPassword();
39 }
40 }

Any clues would be great.
Thanks!
UPDATE: This was solved by removing \ symbol in the mail_admin password. Once removed User Backend Using Raw SQL connected perfectly. This really was the best tutorial I have ever used and just what I needed. Thanks @PancakeConnaisseur you really raised the bar on tutorials with this one.

After weeks of research, testing and writing I have released an updated version for Debian 10 (Buster). You can view the changes in the changelog.

The main things are:

• Debian 10 packages
• TLS security and password hashing ramped up
• simplifications in Apache configuration

Feedback is very welcome. Either here or in the comments on the site.

3 posts were split to a new topic: TLS can’t open secure connection to own mailserver

Just realized that both links were dead. I change the structure of the guide after the release and forgot to update them here. . It is fixed now.

Great tutorial. I intend to follow it and set up such a server myself later.

This may sound greedy, but it would be nice if you also added how to add z-push which enables ActiveSync.

There’s already several good posts on it, perhaps you could reference them.:

• Z-Push Sync and how it works
• Using Nextcloud/Owncloud with Z-push (for CalDAV and CardDAV)

Hello, at first that is a really good tutorial. I haven´t tried it yet but soon. It it very full of detail. I know you write at the end, that a tutorial for the data transfer is too much, but do you know a good tutorial how i can do this? We are useing at the moment a Mailserver from our provider where our website. It´s an all inclusive package. The only problem I don´t know how to transfer all our mails too the new server.

Hey, thanks for info. I am not using Active Directory myself, so I have to interest/motivation to add this to my tutorial. I suppose people needing that can just google “Nextcloud Active Directory” and would find these guides anyway.

It really depends on how the e-mails are stored and whether your hoster will give you access to the e-mails on a system level. This is really specific to your hoster’s technical setup and policies, so I can’t really help you there.

@PancakeConnaisseur

Hi, and thank you for your tutorial!

I got myself a VPS with the goal to run my own Mailserver and have an option to store some files i.e, so in the end your solution was basically what i was looking for (even though i dont need al ot of the functions of Nextcloud.

So far most of the stuff works. With a tinly little exception. I cannot send Mails. It works with the sendmail command from the command line, but neither through NExtcloud (Error 500) nor from Microsoft Outlook or the The Bat was i able to send Mails.

The Bat first told me about some fqdn Errors which i could squash by commenting out the HELO restrictions in the postfix configuration.

But the next error was
04.10.2020, 15:55:43: SEND - Verbinde mit SMTP-Server mx.rzie.net auf Port 587
04.10.2020, 15:55:43: SEND - Einleitung TLS-Handshake
!04.10.2020, 15:55:43: SEND - TLS-Protokollfehler: Unerwartete Nachricht SessionUnknownContentType ct (50)

Outlook being a microsoftproduct doesnt hand out anything. The initial testmail went out after a few tries (at first i told me that the server doent understand its security protocolls) but since then all messages are stuck

So i tried reducing the mandated TLS version by also allowing 1 and 1.1 but to no success.

After some googling i activated a deeper debuglevel with postfix for my IP to get more information and thats the block i get from a The Bat! connection attempt:

it boils down to the 500 5.5.2 Error: bad UTF-8 syntax and 500 5.5.2 Error: bad syntax errors. (Outlook just gave me the UTF8 part)

Do you have any suggestion at what mistake i made setting this up to cause this error?
What confuses me is, that if it is a TLS error, why cant i send mails with Nextcloud then since if i understood your tutorial a lot of the security features arent applicable to nextclouds mailclient since it runs localy.

Hey Schwarzie,

1. What do you mean by Error 500 with Nextcloud? What component yields this error?
2. No, I haven’t encountered this UTF-8 error yet. Weird. Can you try a recent version of Mozilla Thunderbird? This is what I mostly use and didn’t have any issues yet.
3. Yes, Nextcloud connects via localhost and uses no encryption.
4. AFAIK sendmail does not use Postfix but implements a SMTP client itself, thus connects to other mail servers without Postfix.
5. What distribution are you using specifically? If it is not Debian 10, there might be some libary conflicts or unresolved bugs.

1. When i try to send a Mail with Nextcloud, for example answering to one i got i receive this error:

Error sending your message

Error: Request failed with status code 500

2. I can try Thunderbiord tomorrow, but when the Webclient and two other Clients wont work (with identical error) i dont have many hopes that it works.

3. Which hardens my assumption that something in my postfix is borked and the UTF error is just a symptom.

4. I am using Debian 10, it was a completely fresh install, only webmin came preinstalled, and Nextcloud 20.

Everything works except sending mail. So something in postfix must be broken, if it were doveblablub i wouldnt be able to connect via IMAP and read my mail, which works flawlessly

@PancakeConnaisseur

Ok. im completely confused now.

I installed Thunderbird and put in my Account. It worked out of the box. But the wierdness doesnt stop here. i then started The Bat and Outlook and the Mails stuck in there could be send aswell.

Whenever i send an Email with the Webinterface i still get the error 500 message BUT those Emails are send aswell. Which is even stranger…

And i definitely didnt touch my server since the last time i tried to send a Mail. No upgrades, no configchanges, no restarts. Nothing.

Gremlins?

@Schwarzie This is really weird, indeed. Update me if you find more useful log entries.

Although this is probably not the culprit, I would advice against using Nextcloud 20 for now. I haven’t tested it yet and in general I wait until the first patch release (20.0.1) just to be sure that there are not major bugs before updating my server. This is also what Nextcloud does itself when you are on the production update channel.

Hi!
Thanks for tutorial.

Installation without major problems, but sending mail causes error 500 (Error: Request failed with status code 500) or unavailable send button.

mail.warn – ‘Oct 8 11:49:07 mail postfix/submission/smtpd[1592]: warning: TLS library problem: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:…/ssl/statem/statem_srvr.c:1661:”

Fresh debian 10.6 amd64, nextcloud 19.0.3

Can you suggest something?

Thanks!