MailAD

This page is also available in the following languages: [ Español 🇪🇸 🇨🇺] [ Deutsch 🇩🇪]

This is a handy tool to provision a mail server on linux linked to an Active Directory server (Samba or Windows, it does not care) with some constraints in mind, as this is a typical mail config to be used in Cuba under certain laws and security requirements. You can see a simple provision in this asciinema movie.

Rationale

This repository is intended to be cloned on your fresh OS install under /root (you can use a LXC instance, VM, CT, etc) and setup on a main conf file as per the file comments, then run the steps on a makefile and follow the steps to configure your server.

After a few steps you will have a mail server up and running in about 15 minutes tops. (this time is based on a 2Mbps internet connection to a repository, if you have a local repository it will be less)

This tool is tested and supported on:

• Ubuntu Bionic 18.04 (former LTS).
• Ubuntu Focal 20.04 (actual LTS and actual dev env).
• Debian Buster 10 (see note below please).

Note: If you are using a Debian Buster Container on LXC (Proxmox for example) you need to tweak the dovecot install or it will not work, see this fix for more info

It's recommended that the instance of MailAD sits inside your DMZ net with a firewall between it and your users and a mail gateway like Proxmox Mail Gateway between it and the outside world.

Features

This will provision a mail server in a enterprise as a real server facing the users, you can see the major features in the Features.md file, among others you will find:

0. Low resource footprint.
1. Advanced (and optional) mail filtering features that includes attachments, SPF, AntiVirus & Spam.
2. Encrypted LDAP communication as an option.
3. In place protection to major and known SSL & mail services attacks.
4. Automatic alias using AD groups.
5. Manual alias, manual ban, manual headers & body checks.
6. On demand Backup and restore of raw configurations.
7. Really painless upgrades.
8. Daily mail traffic summary in you inbox.
9. Optional user privilege access via AD groups (local/national/international).
10. Optional disclaimer/notice/adverting on every outgoing mail.
11. Optional aggressive SPAM fight measures.

TODO

There is a TODO list, a kind of "roadmap" for new features, but as I (only one dev so far) have a life, a family and a daily job, you know...

All dev is made on weekend or late at night (seriously take a peek on the commit dates!) if you need a feature or fix ASAP, please take into account making a donation or found me and I will be happy to help you ASAP, my contact info is on the bottom of this page.

Constraints and requirements

Remember the comment at top of the page about "...with some constraints in mind..." yeah, here they are:

0. Your user base and config came from an Active Directory (AD from now on) as mentioned, we prefer a Samba AD but works on Windows too; see AD requirements for this tool
1. The mail storage will be a folder in /home/vmail, all mail will belong to a user named vmail with uid:5000 & gid:5000. Tip: that folder can be a NFS mount or any other type of network storage (configurable)
2. You use a Windows PC to control and manage the domain (must be a domain member and have the RSAT installed and activated), we recommend a Windows 10 LTSC/Professional
3. The communication with the server is done in this way: (See this question on the FAQ file to know more)
   • Port 25 (SMTP) is used to receive incoming traffic from the outside world or from a mail gateway.
   • Port 587 (SUBMISSION) is used to receive emails from the users to deliver locally or relay to other servers.
   • Port 465 (SMTPS) is used like the 587 but is only enabled as a legacy option, it's use is discourage in favor of the port 587.
   • Port 993 (IMAPS) the preffered metod to retrieve the email form the server.
   • Port 995 (POP3S) used like the 993, but discouraged as IMAPS is better (unless you are in a very slow link)

How to install or try it?

We have a INSTALL.md file just for that, and also a FAQ file with common problems.

This is free software!

Have a comment, question, contributions or fix?

Use the Issues tab in the repository URL or drop me a message via Twitter or Telegram

Contributors ✨

Thanks goes to these wonderful people (emoji key):

danny920825 ⚠️ 🤔

HugoFlorentino 🤔 💡

Armando Felipe 🤔

Koratsuki 🤔 💻 🌍

Gabriel A. López López 🌍

oneohthree 🤔

Please read the CONTRIBUTING.md file if you want to contribute to MailAD to know the details of how to do it. All kinds of contributions are welcomed, ideas, fixes, bugs, improvements and even a phone top-up to keep me online.

This project follows the all-contributors specification. Contributions of any kind welcome!