Debian 10 Buster Dovecot Postfix Opendkim MariaDB PHP7.3 Letsencrypt Fail2ban mit Userverwaltung in Horde

Die Email-App in Nextcloud ist sehr Bescheiden. Das hier könnte eine gute Alternative sein. Anlegen der EMailkonten geht dann ganz einfach in Horde unter Administration- Users. Synchronisation zum Handy funktioniert mit der App DAVx5 auf F-Droid.

English Austria en_US.UTF-8 German root:. user:. GuidedUseEntireDisk-AllFilesInOne 10GBExt4/1SWAP SSH/OhneStandard

ssh-keygen -t rsa -b 4096 -C ""
ssh-copy-id user@IPServer
/etc/ssh/sshd_config PasswordAuthentication no
ssh user@IPServer
apt update && apt upgrade
apt install certbot python-certbot-apache dovecot-mysql postfix postfix-mysql fail2ban opendkim opendkim-tools mariadb-server php-mysql sudo dovecot-lmtpd dovecot-imapd php-gd php-imap php-memcache php-mysql php-pear php-tidy php-imagick php-intl php-gettext imagemagick tidy gettext php-curl
Nicht notwendige Pakete: apt install ckeditor3 fonts-glyphicons-halflings javascript-common libjs-bootstrap libjs-excanvas libjs-jquery libjs-prototype libjs-scriptaculous libxmlrpc-epi0 php-apcu php-apcu-bc php-auth-sasl php-bz2 php-codecoverage php-console-table php-deepcopy php-doctrine-instantiator php-file-iterator php-geoip php-http php-http-request php-igbinary php-ldap php-memcached php-msgpack php-net-dns2 php-net-imap php-net-smtp php-net-socket php-net-url php-net-url2 php-nrk-predis php-pecl-http php-phar-io-manifest php-phar-io-version php-phpdocumentor-reflection-common php-phpdocumentor-reflection-docblock php-phpdocumentor-type-resolver php-phpspec-prophecy php-propro php-raphf php-sabre-dav php-sabre-vobject php-seclib php-soap php-ssh2 php-text-figlet php-text-languagedetect php-text-template php-timer php-token-stream php-tokenizer php-webmozart-assert php-xml-svg php-xmlrpc php7.3-ldap php7.3-bz2 php7.3-soap php7.3-xmlrpc phpunit phpunit-code-unit-reverse-lookup phpunit-comparator phpunit-diff phpunit-environment phpunit-exporter phpunit-global-state phpunit-object-enumerator phpunit-object-reflector phpunit-recursion-context phpunit-resource-operations phpunit-version
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
ignoreip = IPServer
bantime = 100000m
findtime = 100000m
maxretry = 2
#logpath = /var/log/horde/horde.log
logpath = /var/log/syslog
enabled = true
enabled = true
enabled = true
enabled = true
enabled = true
sudo mkdir -p /var/www/
sudo mkdir -p /var/www/
sudo chown -R www-data: /var/www/
sudo chown -R www-data: /var/www/
<VirtualHost :80>
DocumentRoot /var/www/
<Directory /var/www/>
Options -Indexes +FollowSymLinks
AllowOverride All

CustomLog ${APACHE_LOG_DIR}/ combined

sudo ln -s /etc/apache2/sites-available/ /etc/apache2/sites-enabled/
sudo ln -s /etc/apache2/sites-available/ /etc/apache2/sites-enabled/
certbot --apache --register-unsafely-without-email 2
non-interactively “certbot renew”
sudo ln -s /etc/apache2/sites-available/ /etc/apache2/sites-enabled/
sudo ln -s /etc/apache2/sites-available/ /etc/apache2/sites-enabled/
RewriteCond %{SERVER_NAME} [OR]
RewriteCond %{SERVER_NAME} [OR]
RewriteCond %{SERVER_NAME}
RewriteRule ^{REQUEST_URI} [END,NE,R=permanent]
rm /var/www/html 000-default-le-ssl.conf 000-default.conf default-ssl.conf
- 3:
pear upgrade PEAR
mysql --user=root -p …
create database horde;
grant ALL on horde.
to ‘horde’ identified by ‘…’;
pear channel-discover
pear install -a -B --force horde/groupware
pear run-scripts horde/horde_role /var/www/horde
chown -R www-data /var/www/horde
pecl upgrade -a -B --force channel://
pear upgrade -a -B --force channel://
pecl upgrade -a -B --force channel://
pecl upgrade -a -B --force channel://
pear upgrade -a -B --force channel://
pear upgrade -a -B --force channel://
pear upgrade -a -B --force channel://
pear upgrade -a -B --force channel://
pear upgrade -a -B --force channel://
pear upgrade -a -B --force channel://
pear list -c horde
pear uninstall Services_Weather
pear uninstall file_Fstab
Alias /horde /var/www/horde
ln -s /etc/apache2/conf-available/php-horde.conf /etc/apache2/conf-enabled/php-horde.conf
cp /var/www/horde/imp/config/backends.php /var/www/horde/imp/config/backends.local.php
‘hordeauth’ => ‘full’, //‘port’ => 143, ‘secure’ => ‘ssl’,
cp /var/www/horde/config/conf.php.dist /var/www/horde/config/conf.php
/horde/ Update all configuration, Update DB schema, Check for newer versions
Database mysqli horde pw horde
Authentication driver:SQLauth driverconfig:Horde encryption:crypt-sha512 count_bad_logins:X login_block:X login_block_count: 2
Spell Checker driver:aspell
Image Manipulation driver:PECL Imagick
Problem Reporting
Update all configuration, Update DB schema, Check for newer versions
/etc/hosts IPserver mx
smtpd_tls_auth_only = yes
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_helo_restrictions =
smtpd_recipient_restrictions =
smtpd_sender_restrictions =
smtpd_relay_restrictions =
myhostname =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydomain =
myorigin = $mydomain
mydestination = localhost
relayhost =
mynetworks = [::ffff:]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
home_mailbox = Maildir/
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains =
virtual_mailbox_maps = mysql:/etc/postfix/
virtual_alias_maps = hash:/etc/postfix/virtual
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtp_always_send_ehlo = yes
smtpd_timeout = 30s
smtp_helo_timeout = 15s
smtp_rcpt_timeout = 15s
smtpd_recipient_limit = 40
minimal_backoff_time = 180s
maximal_backoff_time = 3h
invalid_hostname_reject_code = 550
non_fqdn_reject_code = 550
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_reject_unlisted_recipient=no
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
user = horde
password = …
hosts =
dbname = horde
query = SELECT 1 FROM horde_users WHERE user_uid=’%s’
sudo postmap /etc/postfix/virtual
sudo postmap -q mysql:/etc/postfix/
mkdir -p /var/mail/vhosts/
groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /var/mail
chown -R vmail:vmail /var/mail
chown -R vmail:dovecot /etc/dovecot
chmod -R 755 /etc/postfix
-chmod -R o-rwx /etc/postfix
chmod -R o-rwx /etc/dovecot
protocols = imap lmtp
postmaster_address = postmaster at
mail_location = maildir:/var/mail/vhosts/%d/%n/
mail_privileged_group = mail
disable_plaintext_auth = yes
auth_mechanisms = plain login
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
#userdb {

driver = sql

args = /etc/dovecot/dovecot-sql.conf.ext

userdb {
driver = static
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
driver = mysql
connect = host= dbname=horde user=horde password=
default_pass_scheme = SHA512-CRYPT
nano /etc/dovecot/conf.d/10-master.conf
service imap-login {
inet_listener imap {
port = 0
inet_listener imaps {
port = 993
ssl = yes

service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
#mode = 0666i
mode = 0600
user = postfix
group = postfix
service auth {

unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
unix_listener auth-userdb {
mode = 0600
user = vmail

user = dovecot

service auth-worker {

user = vmail
ssl = required
ssl_cert = </etc/letsencrypt/live/
ssl_key = </etc/letsencrypt/live/
atp imstall getmail
mkdir /root/.getmail/
chmod 700 /root/.getmail/
type = SimpleIMAPSSLRetriever
server =
port = 993
username =
password =
type = Maildir
path = /var/mail/vhosts/
user = vmail
verbose = 2
message_log = ~/.getmail/log
read_all = false
delete = true
crontab -e
/10 * * * * getmail -r /root/.getmail/getmailrcuser --quiet #60/10min
/10 * * * * getmail -r /root/.getmail/getmailrcuser123 --quiet
0 2 * * * apt update && apt upgrade # 2:00 Täglich
0 3 * * * pear upgrade -a -B horde/groupware # 3:00 Täglich
0 4 * * 2 crontab certbot renew #4:00 DI
mkdir /etc/postfix/dkim/
opendkim-genkey -D /etc/postfix/dkim/ -d domainorg -s mail
chgrp opendkim /etc/postfix/dkim/

chmod g+r /etc/postfix/dkim/

Mode sv
Socket inet:8891@localhost
KeyTable file:/etc/postfix/dkim/keytable
InternalHosts refile:/etc/postfix/dkim/trustedhosts
SigningTable refile:/etc/postfix/dkim/signingtable
p=MI… (take it from /etc/postfix/dkim/mail.txt file; remove the >"< and connect the lines after p= to one key.)
mail._domainkey TXT v=DKIM1; k=rsa;
opendkim-testkey -d -s mail -vvv

Debian 10 Buster Dovecot Postfix Opendkim MariaDB PHP7.3 Letsencrypt Fail2ban mit Userverwaltung in Nextcloud

Statt Horde kann auch Nextcloud verwendet werden.
Mit Nextcloud Talk funktionieren auch Viedeokonferenzen.
Eventuell statt der Nextcloud Mail die Nextcloud Rainloop App verwenden.

Für die Userverwaltung in Nextcloud ist die Konfig anzupassen:

driver = mysql
connect = host= dbname=nextclouddb user=nextclouduser
default_pass_scheme = ARGON2I
password_query = SELECT uid as user, replace(password,‚3|‘,’’) as
password FROM oc_users WHERE uid=’%u’;