Debian 10 Buster Dovecot Postfix Opendkim MariaDB PHP7.3 Letsencrypt Fail2ban mit Userverwaltung in Horde


Die Email-App in Nextcloud ist sehr Bescheiden. Das hier könnte eine gute Alternative sein. Anlegen der EMailkonten geht dann ganz einfach in Horde unter Administration- Users. Synchronisation zum Handy funktioniert mit der App DAVx5 auf F-Droid.

English Austria en_US.UTF-8 German root:. user:. GuidedUseEntireDisk-AllFilesInOne 10GBExt4/1SWAP SSH/OhneStandard

ssh-keygen -t rsa -b 4096 -C ""
ssh-copy-id user@IPServer
/etc/ssh/sshd_config PasswordAuthentication no
ssh user@IPServer
apt update && apt upgrade
apt install certbot python-certbot-apache dovecot-mysql postfix postfix-mysql fail2ban opendkim opendkim-tools mariadb-server php-mysql sudo dovecot-lmtpd dovecot-imapd php-gd php-imap php-memcache php-mysql php-pear php-tidy php-imagick php-intl php-gettext imagemagick tidy gettext php-curl
Nicht notwendige Pakete: apt install ckeditor3 fonts-glyphicons-halflings javascript-common libjs-bootstrap libjs-excanvas libjs-jquery libjs-prototype libjs-scriptaculous libxmlrpc-epi0 php-apcu php-apcu-bc php-auth-sasl php-bz2 php-codecoverage php-console-table php-deepcopy php-doctrine-instantiator php-file-iterator php-geoip php-http php-http-request php-igbinary php-ldap php-memcached php-msgpack php-net-dns2 php-net-imap php-net-smtp php-net-socket php-net-url php-net-url2 php-nrk-predis php-pecl-http php-phar-io-manifest php-phar-io-version php-phpdocumentor-reflection-common php-phpdocumentor-reflection-docblock php-phpdocumentor-type-resolver php-phpspec-prophecy php-propro php-raphf php-sabre-dav php-sabre-vobject php-seclib php-soap php-ssh2 php-text-figlet php-text-languagedetect php-text-template php-timer php-token-stream php-tokenizer php-webmozart-assert php-xml-svg php-xmlrpc php7.3-ldap php7.3-bz2 php7.3-soap php7.3-xmlrpc phpunit phpunit-code-unit-reverse-lookup phpunit-comparator phpunit-diff phpunit-environment phpunit-exporter phpunit-global-state phpunit-object-enumerator phpunit-object-reflector phpunit-recursion-context phpunit-resource-operations phpunit-version
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
ignoreip = IPServer
bantime = 100000m
findtime = 100000m
maxretry = 2
#logpath = /var/log/horde/horde.log
logpath = /var/log/syslog
enabled = true
enabled = true
enabled = true
enabled = true
enabled = true
sudo mkdir -p /var/www/
sudo mkdir -p /var/www/
sudo chown -R www-data: /var/www/
sudo chown -R www-data: /var/www/
<VirtualHost :80>
DocumentRoot /var/www/
<Directory /var/www/>
Options -Indexes +FollowSymLinks
AllowOverride All

CustomLog ${APACHE_LOG_DIR}/ combined

sudo ln -s /etc/apache2/sites-available/ /etc/apache2/sites-enabled/
sudo ln -s /etc/apache2/sites-available/ /etc/apache2/sites-enabled/
certbot --apache --register-unsafely-without-email 2
non-interactively “certbot renew”
sudo ln -s /etc/apache2/sites-available/ /etc/apache2/sites-enabled/
sudo ln -s /etc/apache2/sites-available/ /etc/apache2/sites-enabled/
RewriteCond %{SERVER_NAME} [OR]
RewriteCond %{SERVER_NAME} [OR]
RewriteCond %{SERVER_NAME}
RewriteRule ^{REQUEST_URI} [END,NE,R=permanent]
rm /var/www/html 000-default-le-ssl.conf 000-default.conf default-ssl.conf
- 3:
pear upgrade PEAR
mysql --user=root -p …
create database horde;
grant ALL on horde.
to ‘horde’ identified by ‘…’;
pear channel-discover
pear install -a -B --force horde/groupware
pear run-scripts horde/horde_role /var/www/horde
chown -R www-data /var/www/horde
pecl upgrade -a -B --force channel://
pear upgrade -a -B --force channel://
pecl upgrade -a -B --force channel://
pecl upgrade -a -B --force channel://
pear upgrade -a -B --force channel://
pear upgrade -a -B --force channel://
pear upgrade -a -B --force channel://
pear upgrade -a -B --force channel://
pear upgrade -a -B --force channel://
pear upgrade -a -B --force channel://
pear list -c horde
pear uninstall Services_Weather
pear uninstall file_Fstab
Alias /horde /var/www/horde
ln -s /etc/apache2/conf-available/php-horde.conf /etc/apache2/conf-enabled/php-horde.conf
cp /var/www/horde/imp/config/backends.php /var/www/horde/imp/config/backends.local.php
‘hordeauth’ => ‘full’, //‘port’ => 143, ‘secure’ => ‘ssl’,
cp /var/www/horde/config/conf.php.dist /var/www/horde/config/conf.php
/horde/ Update all configuration, Update DB schema, Check for newer versions
Database mysqli horde pw horde
Authentication driver:SQLauth driverconfig:Horde encryption:crypt-sha512 count_bad_logins:X login_block:X login_block_count: 2
Spell Checker driver:aspell
Image Manipulation driver:PECL Imagick
Problem Reporting
Update all configuration, Update DB schema, Check for newer versions
/etc/hosts IPserver mx
smtpd_tls_auth_only = yes
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_helo_restrictions =
smtpd_recipient_restrictions =
smtpd_sender_restrictions =
smtpd_relay_restrictions =
myhostname =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydomain =
myorigin = $mydomain
mydestination = localhost
relayhost =
mynetworks = [::ffff:]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
home_mailbox = Maildir/
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains =
virtual_mailbox_maps = mysql:/etc/postfix/
virtual_alias_maps = hash:/etc/postfix/virtual
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtp_always_send_ehlo = yes
smtpd_timeout = 30s
smtp_helo_timeout = 15s
smtp_rcpt_timeout = 15s
smtpd_recipient_limit = 40
minimal_backoff_time = 180s
maximal_backoff_time = 3h
invalid_hostname_reject_code = 550
non_fqdn_reject_code = 550
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_reject_unlisted_recipient=no
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
user = horde
password = …
hosts =
dbname = horde
query = SELECT 1 FROM horde_users WHERE user_uid=’%s’
sudo postmap /etc/postfix/virtual
sudo postmap -q mysql:/etc/postfix/
mkdir -p /var/mail/vhosts/
groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /var/mail
chown -R vmail:vmail /var/mail
chown -R vmail:dovecot /etc/dovecot
chmod -R 755 /etc/postfix
-chmod -R o-rwx /etc/postfix
chmod -R o-rwx /etc/dovecot
protocols = imap lmtp
postmaster_address = postmaster at
mail_location = maildir:/var/mail/vhosts/%d/%n/
mail_privileged_group = mail
disable_plaintext_auth = yes
auth_mechanisms = plain login
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
#userdb {

driver = sql

args = /etc/dovecot/dovecot-sql.conf.ext

userdb {
driver = static
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
driver = mysql
connect = host= dbname=horde user=horde password=
default_pass_scheme = SHA512-CRYPT
nano /etc/dovecot/conf.d/10-master.conf
service imap-login {
inet_listener imap {
port = 0
inet_listener imaps {
port = 993
ssl = yes

service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
#mode = 0666i
mode = 0600
user = postfix
group = postfix
service auth {

unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
unix_listener auth-userdb {
mode = 0600
user = vmail

user = dovecot

service auth-worker {

user = vmail
ssl = required
ssl_cert = </etc/letsencrypt/live/
ssl_key = </etc/letsencrypt/live/
atp imstall getmail
mkdir /root/.getmail/
chmod 700 /root/.getmail/
type = SimpleIMAPSSLRetriever
server =
port = 993
username =
password =
type = Maildir
path = /var/mail/vhosts/
user = vmail
verbose = 2
message_log = ~/.getmail/log
read_all = false
delete = true
crontab -e
/10 * * * * getmail -r /root/.getmail/getmailrcuser --quiet #60/10min
/10 * * * * getmail -r /root/.getmail/getmailrcuser123 --quiet
0 2 * * * apt update && apt upgrade # 2:00 Täglich
0 3 * * * pear upgrade -a -B horde/groupware # 3:00 Täglich
0 4 * * 2 crontab certbot renew #4:00 DI
mkdir /etc/postfix/dkim/
opendkim-genkey -D /etc/postfix/dkim/ -d domainorg -s mail
chgrp opendkim /etc/postfix/dkim/

chmod g+r /etc/postfix/dkim/

Mode sv
Socket inet:8891@localhost
KeyTable file:/etc/postfix/dkim/keytable
InternalHosts refile:/etc/postfix/dkim/trustedhosts
SigningTable refile:/etc/postfix/dkim/signingtable
p=MI… (take it from /etc/postfix/dkim/mail.txt file; remove the >"< and connect the lines after p= to one key.)
mail._domainkey TXT v=DKIM1; k=rsa;
opendkim-testkey -d -s mail -vvv