MailAD v1.1.8

This page is also available in the following languages: [ Español 🇪🇸 🇨🇺] [ Deutsch 🇩🇪]

This is a handy tool to provision a mail server on linux linked to an Active Directory (AD from now on) server (Samba or Windows) with some constraints in mind, as this is a typical mail config to be used in Cuba as regulated by law and security enforcement requirements, but can be used on any domain. You can see a simple provision in this asciinema movie.

Notice

We have also some derived projects you can find interesting:

MailAD-Docker a docker compose version of this software.
MailD a Multi domain docker solution with no AD linking, an all web solution.
MailAD ansible role an Ansible role for the mail server.

Rationale

This repository is intended to be cloned on your fresh OS install under /root (you can use a LXC instance, VM, etc) and setup on a main conf file as per the file comments, then run the steps on a makefile and follow the steps to configure your server.

After a few steps you will have a mail server up and running in about 15 minutes tops. (this time is based on a 2Mbps internet connection to a repository, if you have a local repository it will be less)

This tool is tested and supported on:

Ubuntu Bionic 18.04 LTS (⚠️ legacy NOT recommended)
Ubuntu Focal 20.04 LTS (⚠️ legacy NOT recommended)
Ubuntu Jammy 22.04 LTS (⚠️ legacy NOT recommended)
Ubuntu Noble 24.04 LTS (✅ recommended, this is the development & testing platform)
Debian Buster 10 (⚠️ legacy NOT recommended)
Debian Bullseye 11 (⚠️ legacy NOT recommended)
Debian Bookworm 12 (✅ recommended)

Note: If you are using a a Debian buster or bullseye in a LXC Container (Proxmox for example) you need to tweak the dovecot install or it will not work, see this fix for more info

It’s recommended that the instance of MailAD sits within your DMZ segment with a firewall between it and your users and a mail gateway like Proxmox Mail Gateway between it and the external network.

Features

This will provision a mail server for an enterprise serving corporate users. You can see the major features in the Features.md file, among others you will find:

Low resource footprint.
Advanced (and optional) mail filtering features that includes attachments, SPF, AntiVirus & Spam.
Encrypted LDAP communication as an option.
In place protection to major and known SSL & mail service attacks.
Automatic alias using AD groups.
Manual alias, manual ban, manual headers & body checks.
On demand backup and restore of raw configurations.
Really painless upgrades.
Daily mail traffic summary to your inbox.
Optional user privilege access via AD groups (local/national/international).
Optional disclaimer/notice/warning on every outgoing mail.
Optional aggressive SPAM fight measures.
Weekly background check for new versions with a detailed email if you need to upgrade.
Optional mailbox split by office/city/country

TODO

There is a TODO list, which serves as a kind of “roadmap” for new features, but as I (the only dev so far) have a life, a family and a daily job, you know…

All dev is made on weekend or late at night (seriously take a peek on the commit dates!) if you need a feature or fix ASAP, please take into account making a donation or found me and I will be happy to help you ASAP, my contact info is on the bottom of this page.

Constraints and requirements

Do you remember the comment at top of the page about “…with some constraints in mind…”? Yeah, here they are:

Your user base and config came from AD as mentioned, we prefer Samba AD but it works on Windows too; see the AD requirements for this tool
The username part of the email must not pass the 20 chars mark, so thisisalongemailaddress@domain.com will be cut to thisisalongemailaddr@domain.com this is not our rule, but a handycap of the LDAP directory as specified by Windows Schema.
The mail storage will be a folder in /home/vmail, all mail will belong to a user named vmail with uid:5000 & gid:5000. Tip: that folder can be a NFS mount or any other type of network storage (configurable)
You use a Windows PC to control and manage the domain (must be a domain member and have the RSAT installed and activated), we recommend a Windows 10 LTSC/Professional
The communication with the server is done in this way: (See this question on the FAQ file to know more)
- Port 25 (SMTP) is used to receive incoming traffic from the outside world or from a mail gateway.
- Port 587 (SUBMISSION) is used to receive emails from the users to be delivered locally or relayed to other servers.
- Port 465 (SMTPS) is used like port 587 but is only enabled as a legacy option, its use is discouraged in favor of port 587.
- Port 993 (IMAPS) the preffered method to retrieve the email form the server.
- Port 995 (POP3S) used like the 993, but discouraged in favor of IMAPS (unless you are in a very slow link)

How to install or try it?

We have a INSTALL.md file just for that, and also a FAQ file with common problems.

This is free software!

Have a comment, question, contributions or fix?

Use the Issues tab in the repository URL or drop me a message via Twitter or Telegram

Contributors ✨

Thanks goes to these wonderful people (emoji key):

_danny920825 ⚠️ 🤔	_{HugoFlorentino} 🤔 💡	_{Armando Felipe} 🤔	_Koratsuki 🤔 💻 🌍	_{Gabriel A. López López} 🌍	_oneohthree 🤔	_{Eddy Ernesto del Valle Pino} 📖
_dienteperro 📖 💵 🤔	_Joe1962 🤔 ⚠️	_{Sandy Napoles Umpierre} 🤔 ⚠️	_{Carlos Zaldívar} 💻 🌍 ⚠️

Please read the CONTRIBUTING.md file if you want to contribute to MailAD to know the details of how to do it. All kinds of contributions are welcomed, ideas, fixes, bugs, improvements and even a phone top-up to keep me online.

This project follows the all-contributors specification. Contributions of any kind welcome!