Secure Ubuntu 9.10 Mail Server

by Mike on October 30, 2009 · 3 comments

in Postfix Mail Server

The Mini-Course will help you set up a secure Ubuntu 9.10 Server using Postifx, Dovecot and Thunderbird with TLS and SMTP AUTH.
The goal of this configuration is to create a secure mail server using encrypted communication to retrieve mail and to send mail through your mail server.

1. Encrypted  Connection to Retrieve Mail
Retrieve mail by connecting to server using port 993 (IMAPS).   The importance here is that user names, passwords and data are encrypted when your mail is retrieved.

2. Encrypt the Connection to Send Mail
Encrypting the connection to retrieve your mail is only half the battle, you also need to encrypt it to send mail on port 25 (SMTP with TLS).

3. Provide Access for Mobile Users
The mynetworks setting in Postfix will determine who can send mail through your mail server.  The problem when users are traveling is that you will not be able to determine the IP Address or subnet to enter it into the mynetworks setting.  Therefore, it is important to be able to use SMTP AUTH which will provide connections for mobile users who are authenticated through the server so they can send mail.

Ubuntu Mail server Course
Secure Connections
Postfix with TLS
Dovecot with Sasl
Secure Client


Now there is one problem you need to recognize.  The mail that you send and retrieve from your mail server is plain text but is protected because of the security you have set up.  However, when you send mail, once it leaves your mail server it is not protected and travels to the next mail server in plain text in which it could be captured and read.  If you want to protect the contents of your mail you must use encryption to protect your mail from source to destination.  Meaning, you encrypt it and someone on the other end must unencrypt with keys that you need to provide them.  The real advantage of protecting your connections when you are sending and retrieving is that your passwords are protected to and from your mail server.

Get a Live Linux Training Course


nhuygen74 October 30, 2009 at 7:33 pm

Why all these steps? Instead just install one of the all-in-one mail systems that are out there. Some are totally free/Free (GPL) such as kolab and citadel, and do everything.

nickzip November 17, 2009 at 3:41 pm

Just because there are all-in-one packages out there that do the same thing, doesn’t mean they’re suitable for everyone – they come with preset defaults and make assumptions about how the mail server is setup. For example, Citadel is a full Exchange-like server app, with calendar and address book system – in a corporate environment which already has these services elsewhere, or on a low-powered home server that doesn’t need it, those extras are simply wasted resources.

Thanks for the guide – been waiting for one of these for 9.10.

{ 1 trackback }

Previous post:

Next post: