Untitled

sudo apt-get install mysql-server
sudo mysql_secure_installation


CREATE DATABASE mail;
GRANT SELECT ON mail.* TO 'mail'@'localhost' IDENTIFIED BY 'mailpassword';
FLUSH PRIVILEGES;
USE mail;


Tables:
CREATE TABLE IF NOT EXISTS `virtual_domains` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(50) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

CREATE TABLE IF NOT EXISTS `virtual_aliases` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `domain_id` int(11) NOT NULL,
  `source` varchar(254) NOT NULL,
  `destination` varchar(254) NOT NULL,
  PRIMARY KEY (`id`),
  KEY `domain_id` (`domain_id`),
  CONSTRAINT `virtual_aliases_ibfk_1` FOREIGN KEY (`domain_id`) REFERENCES `virtual_domains` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

CREATE TABLE IF NOT EXISTS `virtual_users` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `domain_id` int(11) NOT NULL,
  `password` varchar(106) NOT NULL,
  `email` varchar(254) NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `email` (`email`),
  KEY `domain_id` (`domain_id`),
  CONSTRAINT `virtual_users_ibfk_1` FOREIGN KEY (`domain_id`) REFERENCES `virtual_domains` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;


Virtual domains:
INSERT INTO `virtual_domains`
(`id`, `name`)
VALUES
('1', 'mydomain.com'),
('2', 'my2nddomain.com');


Virtual mailboxes:
INSERT INTO `virtual_users`
(`id`, `domain_id`, `password` , `email`)
VALUES
('1', '1', ENCRYPT('firstpassword', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'mail@mydomain.com'),
('2', '2', ENCRYPT('secondpassword', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'mail@my2nddomain.com');


Virtual aliases:
INSERT INTO `virtual_aliases`
(`id`, `domain_id`, `source`, `destination`)
VALUES
('1', '1', 'alias@mydomain.com', 'mail@mydomain.com');


sudo apt-get install -y dovecot-core dovecot-imapd dovecot-lmtpd dovecot-mysql


Now we'll enable the protocols we need:
sudo vim /etc/dovecot/dovecot.conf

!include_try /usr/share/dovecot/protocols.d/*.protocol
protocols = imap lmtp

we have to make sure the following line is uncommented:
!include conf.d/*.conf


Mail configuration:
sudo groupadd -g 5000 mail
sudo useradd -g mail -u 5000 mail -d /var/mail
sudo mkdir -p /var/mail/vhosts/{mydomain.com,my2nddomain.com}
sudo chown -R mail:mail /var/mail
sudo chown -R dovecot:mail /etc/dovecot
sudo chmod -R o-rwx /etc/dovecot

sudo vim /etc/dovecot/conf.d/10-mail.conf
Find the mail_location line, uncomment it and change it to the following:
mail_location = maildir:/var/mail/vhosts/%d/%n
Find the mail_privileged_group line, uncomment it and change it to the following:
mail_privileged_group = mail
Finally, find the first_valid_uid line, uncomment it and change it to the following:
first_valid_uid = 1


Auth configuration:
Now we need to tell dovecot that we're using MySQL to authenticate our users.
sudo vim /etc/dovecot/conf.d/10-auth.conf

Uncomment the following line:
disable_plaintext_auth = yes

Find the line containing auth_mechanisms = plain and change it to the following:
auth_mechanisms = plain login

Comment out this line:
#!include auth-system.conf.ext

Uncomment this line in order to enable MySQL authentication:
!include auth-sql.conf.ext


MySQL configuration:
To allow dovecot to connect to our MySQL database, we need to give it our MySQL credentials using a driver.
sudo vim /etc/dovecot/conf.d/auth-sql.conf.ext
Enter the following in the file before saving it:
passdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
  driver = static
  args = uid=mail gid=mail home=/var/mail/vhosts/%d/%n
}


sudo vim /etc/dovecot/dovecot-sql.conf.ext
Find the #driver = line, uncomment it and change it to the following:
driver = mysql
Find the #connect = line, uncomment it and change it to the following, replacing the highlighted parts with your own MySQL credentials we created here.
connect = host=127.0.0.1 dbname=mail user=mail password=mailpassword
Find the #default_pass_scheme = line, uncomment it and change it to the following:
default_pass_scheme = SHA512-CRYPT
Finally, find the #password_query = \ line, uncomment it and change it to the following:
password_query = SELECT email as user, password FROM virtual_users WHERE email='%u';


Master configuration:
Now we're going to define the services that dovecot will provide.
sudo vim /etc/dovecot/conf.d/10-master.conf
 Find service imap-login and change it to the following:
service imap-login {
    inet_listener imap {
        port = 143
    }
    inet_listener imaps {
        port = 993
        ssl = yes
    }
}
Find service lmtp and change it to the following:
service lmtp {
    unix_listener /var/spool/postfix/private/dovecot-lmtp {
        mode = 0600
        user = postfix
        group = postfix
    }
}

Find service auth and change it to the following:
service auth {
    unix_listener /var/spool/postfix/private/auth {
        mode = 0666
        user = postfix
        group = postfix
    }

    unix_listener auth-userdb {
        mode = 0600
        user = mail
    }

    user = dovecot
}

Finally, find service auth-worker and change it to the following:
service auth-worker {
    user = mail
}


sudo vim /etc/dovecot/conf.d/10-ssl.conf

Change the ssl parameter to required:
ssl = required
Modify the path for ssl_cert to your full certificate chain minus your CA's certificate and ssl_key to the path to your certificate's private key.
ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.mydomain.com/privkey
This will take a very long time to complete, and dovecot will not be functional until it is completed. Alternatively you can use "2048" although that is not as future-proof.
Use stronger ssl_dh_parameters_length
ssl_dh_parameters_length = 4096
Disable insecure ssl_protocols
ssl_protocols = !SSLv2 !SSLv3 !TLSv1
Use a stronger ssl_cipher_list
ssl_cipher_list = ALL:HIGH:!SSLv2:!MEDIUM:!LOW:!EXP:!RC4:!MD5:!aNULL:@STRENGTH
Prefer server ciphers
ssl_prefer_server_ciphers = yes