Install (Choose your weapon)

yum install dovecot-pigeonhole

pacman -S dovecot-pigeonhole

Activation of Sieve over lmtp

/etc/dovecot/dovecot.conf

protocols = imap pop3 lmtp sieve

protocol lmtp {
  mail_fsync = optimized
  mail_plugins = $mail_plugins sieve
}

Configuration of Sieve

/etc/dovecot/dovecot.conf

service managesieve-login {
  inet_listener sieve {
    address = 0.0.0.0
    port = 4190
  }
  service_count = 0
  process_min_avail = 2
  vsz_limit = 64M
}

plugin {
  sieve = file:~/sieve;active=~/.sieve
}

Load configuration

systemctl restart dovecot

You need a Sieve implementation on your Mailserver to use the following function in Roundcube.

Configuration

// List of active plugins - add managesieve config/config.inc.php

$config[‘plugins’] = array(
...
'managesieve',
);

plugins/managesieve/config.inc.php

<?php
$config['managesieve_port'] = 4190;
$config['managesieve_host'] = 'tls://HOSTNAMEorIP';
$config['managesieve_auth_type'] = null;
$config['managesieve_auth_cid'] = null;
$config['managesieve_auth_pw'] = null;
$config['managesieve_usetls'] = false;
$config['managesieve_conn_options'] = null;
$config['managesieve_default'] = '/var/lib/dovecot/sieve/default.sieve';
$config['managesieve_script_name'] = 'Default';
$config['managesieve_mbox_encoding'] = 'UTF-8';
$config['managesieve_replace_delimiter'] = '';
$config['managesieve_disabled_extensions'] = array();
$config['managesieve_debug'] = true;
$config['managesieve_kolab_master'] = false;
$config['managesieve_filename_extension'] = '.sieve';
$config['managesieve_filename_exceptions'] = array();
$config['managesieve_vacation'] = 1;
$config['managesieve_vacation_interval'] = 0;
$config['managesieve_vacation_addresses_init'] = false;
$config['managesieve_notify_methods'] = array('mailto');

Have fun !

Bashscript

#/bin/bash

IFS='
'
hi=$(find /proc -maxdepth 3 -regex '/proc/[0-9].*[0-9]/fd'); 

for i in $hi; do 
  count=$(ls -la $i 2>&1 /dev/null | wc -l ); 
  container="$container\n$count $i";
done

echo -e $container | sort -n

Set configuration (e.g.)

/etc/systemd/journald.conf

[Journal]
Storage=auto
SystemMaxFileSize=100

Create directory and activate it for journald

mkdir -p /var/log/journal
systemd-tmpfiles --create --prefix /var/log/journal
systemctl restart systemd-journald

Installation

pacman -S postgrey

Activate configuration

cp /usr/lib/systemd/system/postgrey.service /etc/systemd/system/

Add to Postfix configuration

/etc/postfix/main.cf

smtpd_recipient_restrictions =
	check_policy_service inet:127.0.0.1:10030

Add automated whitelist

/etc/systemd/system/postgrey.service

ExecStart=/usr/bin/postgrey --inet=127.0.0.1:10030 \
	--pidfile=/run/postgrey/postgrey.pid \
	--group=postgrey --user=postgrey \
	--daemonize \
	--greylist-text="Greylisted for %%s seconds" \
	--auto-whitelist-clients=5

systemctl deamon-reload
systemctl restart postgrey

Install

pacman -S postfix dovecot

Add User for Maildeamon

useradd -u 5000 -s /usr/bin/nologin -d /var/spool/mail/vmail/ -m vmail
mkdir -p /var/spool/mail/vmail/

Postfix

Create database

mysql -u root -p

CREATE DATABASE postfix;
CREATE USER “postfix_user”@“localhost” IDENTIFIED BY “blafoo”;
GRANT ALL ON postfix.* TO “postfix_user”@“localhost”;
FLUSH PRIVILEGES;

Create tables

Virtual domains

CREATE TABLE `virtual_domains` (
`id`  INT NOT NULL AUTO_INCREMENT,
`name` VARCHAR(50) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

Virtual users

Installation

pacman -S opendkim
dnf install opendkim opendkim-tools

mkdir /etc/postfix/dkim
chown root:opendkim /etc/postfix/dkim -R

Create config

/etc/opendkim/opendkim.conf

AutoRestart             Yes
AutoRestartRate         10/1h
UMask                   002
Syslog                  yes
SyslogSuccess           Yes
LogWhy                  Yes
SendReports    		    yes
SoftwareHeader    	    yes

Canonicalization        relaxed/simple

KeyTable                /etc/postfix/dkim/KeyTable
ExternalIgnoreList      refile:/etc/postfix/dkim/TrustedHosts
InternalHosts           refile:/etc/postfix/dkim/TrustedHosts
SigningTable            refile:/etc/postfix/dkim/SigningTable

Mode                    sv
SignatureAlgorithm      rsa-sha256
MinimumKeyBits		    1024
OversignHeaders		    From
#QueryCache	        	yes

UserID                  opendkim:opendkim
Socket                  inet:12301@localhost

OversignHeaders		From

Add Dkim to Postfix

/etc/postfix/main.cf

# DKIM
milter_default_action 			= accept
non_smtpd_milters 			= inet:localhost:12301
smtpd_milters 				= inet:localhost:12301

Create directory for socket

mkdir /var/run/opendkim
chown opendkim:opendkim /var/run/opendkim

Installation CertBot

pacman -S certbot

Verzeichnis anlegen

mkdir -p /var/lib/letsencrypt/.well-known
chgrp http /var/lib/letsencrypt
chmod g+s /var/lib/letsencrypt

Nginx vorbereiten

Die Hauptdomain bzw. die erste Domain in einem Multi-Zertifikat muss im Nginx speziell vorbereitet werden, damit die Anfrage von Let’s Encrypt erfolgen kann.

/etc/nginx/includes/letsencrypt.conf

location ^~ /.well-known/acme-challenge/ {
  allow all;
  root /var/lib/letsencrypt/;
  default_type "text/plain";
  try_files $uri =404;
}

In der jeweilgen Serverkonfiguration bei Port 80 einen include der Regel

Server {
...
include includes/letsencrypt.conf;
...
}

Zertifikat erstellen

certbot certonly --email email@example.com --webroot -w /var/lib/letsencrypt/ -d domain.tld,sub.domain.tld

Zertifikat in Nginx einbinden

ssl_certificate /etc/letsencrypt/live/<domain>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<domain>/privkey.pem;

Zertifkat erneuern

certbot renew

Erneuern automatisieren

/etc/systemd/system/certbot.service