This page is also available in the following languages: [ Español 🇪🇸 🇨🇺] [ Deutsch 🇩🇪] Warning: translations may be outdated.
This is a handy tool to provision a mail server on Linux linked to an Active Directory (AD from now on) server (Samba or Windows) with some constraints in mind. This is a typical mail configuration to be used in Cuba as regulated by law and security enforcement requirements, but can be used on any domain. You can see a simple provision in this asciinema movie.
We have also some derived projects you might find interesting:
- MailAD-Docker - A Docker Compose version of this software.
- MailD - A multi-domain Docker solution with no AD linking, an all-web solution.
- MailAD ansible role - An Ansible role for the mail server.
This repository is intended to be cloned on your fresh OS install under /root (you can use a LXC instance, VM, etc.) and setup via a main configuration file as per the file comments. Then run the steps in a makefile and follow the instructions to configure your server.
After a few steps, you will have a mail server up and running in about 15 minutes tops. (This time is based on a 2Mbps internet connection to a repository. If you have a local repository, it will be less.)
This tool is tested and supported on:
| OS | Active Support | Legacy |
|---|---|---|
| Ubuntu Noble 24.04 LTS | ✅ | |
| Debian Bookworm 12 | ✅ | |
| Ubuntu Jammy 22.04 LTS | ||
| Debian Bullseye 11 | ||
| Ubuntu Focal 20.04 LTS | ||
| Debian Buster 10 | ||
| Ubuntu Bionic 18.04 LTS |
Legacy means it works but is not supported anymore. It's recommended to use the latest version.
Note: If you are using Debian Buster or Bullseye in a LXC Container (Proxmox for example), you need to tweak the Dovecot installation or it will not work. See this fix for more information.
It's recommended that the instance of MailAD sits within your DMZ segment with a firewall between it and your users, and a mail gateway like Proxmox Mail Gateway between it and the external network.
This will provision a mail server for an enterprise serving corporate users. You can see the major features in the Features.md file. Among others, you will find:
- Low resource footprint.
- Advanced (and optional) mail filtering features that include attachments, SPF, AntiVirus & Spam.
- Encrypted LDAP communication as an option.
- In-place protection against major and known SSL & mail service attacks.
- Automatic alias using AD groups.
- Manual alias, manual ban, manual headers & body checks.
- On-demand backup and restore of raw configurations.
- Really painless upgrades.
- Daily mail traffic summary to your inbox.
- Optional user privilege access via AD groups (local/national/international).
- Optional disclaimer/notice/warning on every outgoing mail.
- Optional aggressive SPAM fight measures.
- Weekly background check for new versions with a detailed email if you need to upgrade.
- Optional mailbox split by office/city/country.
- Optional Webmail, you have Roundcube or SnappyMail to choose from.
There is a TODO list, which serves as a kind of "roadmap" for new features. But as I (the only dev so far) have a life, a family, and a daily job, you know...
All development is made on weekends or late at night (seriously, take a peek at the commit dates!). If you need a feature or fix ASAP, please consider making a donation or contacting me, and I will be happy to help you ASAP. My contact info is at the bottom of this page.
Do you remember the comment at the top of the page about "...with some constraints in mind..."? Yeah, here they are:
- Your user base and configuration come from AD as mentioned. We prefer Samba AD, but it works on Windows too; see the AD requirements for this tool.
- The username part of the email must not exceed 20 characters, so
thisisalongemailaddress@domain.comwill be truncated tothisisalongemailaddr@domain.com. This is not our rule, but a limitation of the LDAP directory as specified by Windows Schema. - The mail storage will be a folder in
/home/vmail. All mail will belong to a user namedvmailwith uid:5000 & gid:5000. Tip: that folder can be a NFS mount or any other type of network storage (configurable). - You use a Windows PC to control and manage the domain (must be a domain member and have the RSAT installed and activated). We recommend Windows 10 LTSC/Professional.
- The communication with the server is done in this way: (See this question on the FAQ file to know more)
- Port 25 (SMTP) is used to receive incoming traffic from the outside world or from a mail gateway.
- Port 587 (SUBMISSION) is used to receive emails from the users to be delivered locally or relayed to other servers.
- Port 465 (SMTPS) is used like port 587 but is only enabled as a legacy option; its use is discouraged in favor of port 587.
- Port 993 (IMAPS) the preferred method to retrieve email from the server.
- Port 995 (POP3S) used like 993, but discouraged in favor of IMAPS (unless you are on a very slow link).
We have an INSTALL.md file just for that, and also a FAQ file with common problems.
Have a comment, question, contribution, or fix?
Use the Issues tab in the repository URL or drop me a message via Twitter or Telegram.
Thanks goes to these wonderful people (emoji key):
Please read the CONTRIBUTING.md file if you want to contribute to MailAD to know the details of how to do it. All kinds of contributions are welcomed: ideas, fixes, bug reports, improvements, and even a phone top-up to keep me online.
This project follows the all-contributors specification. Contributions of any kind welcome!