# mailserver - Mail Server mail.nbit.ch

Als Grundlage soll https://thomas-leister.de/mailserver-debian-buster/ dienen,
jedoch verwenden wir CentOS 8.

Code zum Erstellen des Servers

Spezifikaktion:
- CentOS 8
- Hetzner Cloud Server
- mailcow (Docker-basiert)

## Erstellen des Servers

Mit dem Binary hcloud von:
https://github.com/hetznercloud/cli

Temporaer einen API Key erstellen (nachher wieder loeschen)

```bash
$ hcloud context create nbit.ch
$ hcloud image list                          # zeigt moegliche Images
$ hcloud server-type list                    # zeigt moegliche Typen

$ hcloud server create --name mail --image centos-8 --type cx21 --ssh-key joerg@cinnamon.nbit.ch
$ hcloud server set-rdns mail --hostname mail.nbit.ch
$ IPV6="$(hcloud server ip mail -6)"
$ hcloud server set-rdns mail --ip $IPV6 --hostname mail.nbit.ch
```

DNS Eintraege erstellen:
```bash
$ hcloud server ip mail
$ hcloud server ip mail -6                     
```

Root-Passwort setzen (das machen wir von Hand)

## Ansible Playbook laufen lassen
```bash
$ cd ansible
$ ansible-playbook -i production mailserver.yml
```

## Zertifikate erzeugen
```bash
# systemctl stop nginx
# certbot certonly --noninteractive --standalone --agree-tos -m postmaster@nbit.ch -d mail2.nbit.ch -d smtp.nbit.ch -d imap.nbit.ch
# systemctl start nginx
```

## DB erstellen
```bash
# mysql
MariaDB [(none)]> create database vmail CHARACTER SET 'utf8';
MariaDB [(none)]> grant select on vmail.* to 'vmail'@'localhost' identified by 'vmaildbpass';    
# anderes Passwort waehlen!
MariaDB [(none)]> use vmail;

Folgende Statements durchfuehren:

CREATE TABLE `domains` (
    `id` int unsigned NOT NULL AUTO_INCREMENT,
    `domain` varchar(255) NOT NULL,
    PRIMARY KEY (`id`),
    UNIQUE KEY (`domain`)
);

CREATE TABLE `accounts` (
    `id` int unsigned NOT NULL AUTO_INCREMENT,
    `username` varchar(64) NOT NULL,
    `domain` varchar(255) NOT NULL,
    `password` varchar(255) NOT NULL,
    `quota` int unsigned DEFAULT '0',
    `enabled` boolean DEFAULT '0',
    `sendonly` boolean DEFAULT '0',
    PRIMARY KEY (id),
    UNIQUE KEY (`username`, `domain`),
    FOREIGN KEY (`domain`) REFERENCES `domains` (`domain`)
);

CREATE TABLE `aliases` (
    `id` int unsigned NOT NULL AUTO_INCREMENT,
    `source_username` varchar(64),
    `source_domain` varchar(255) NOT NULL,
    `destination_username` varchar(64) NOT NULL,
    `destination_domain` varchar(255) NOT NULL,
    `enabled` boolean DEFAULT '0',
    PRIMARY KEY (`id`),
    UNIQUE KEY (`source_username`, `source_domain`, `destination_username`, `destination_domain`),
    FOREIGN KEY (`source_domain`) REFERENCES `domains` (`domain`)
);

CREATE TABLE `tlspolicies` (
    `id` int unsigned NOT NULL AUTO_INCREMENT,
    `domain` varchar(255) NOT NULL,
    `policy` enum('none', 'may', 'encrypt', 'dane', 'dane-only', 'fingerprint', 'verify', 'secure') NOT NULL,
    `params` varchar(255),
    PRIMARY KEY (`id`),
    UNIQUE KEY (`domain`)
);
```

## DKIM Signing (manuell einrichten)