test2101

LanMail Features: Offline Delivery, Encryption, and User Management

Written by

adm

in

LanMail Setup Guide: Install, Configure, and Secure Your Local Mail Server

Overview

LanMail is a local-network mail server designed for secure, private email within a LAN. This guide walks through installation, basic configuration, security hardening, and maintenance. Assumes a Linux-based server (Ubuntu 22.04 LTS) and familiarity with command line and basic networking.

1. System requirements

  • 2+ CPU cores, 2+ GB RAM (more for larger user counts)
  • 20+ GB disk (mail storage + logs)
  • Static LAN IP (e.g., 192.168.1.10)
  • Ubuntu 22.04 LTS (or equivalent Debian-based distro)

2. Install prerequisites

  1. Update system: 
    Code
    sudo apt update && sudo apt upgrade -y
  2. Install core packages: 
    Code
    sudo apt install -y postfix dovecot-core dovecot-imapd dovecot-pop3d mysql-server certbot ufw fail2ban

(If LanMail provides its own server package, replace components above with the vendor package installation.)

3. Postfix (MTA) basic configuration

  1. During install choose “Internet Site” and set system mail name to your LAN domain (e.g., lanmail.local).
  2. Edit /etc/postfix/main.cf — key settings:
    • myhostname = mail.lanmail.local
    • mydomain = lanmail.local
    • myorigin = \(mydomain</li> <li>inet_interfaces = all</li> <li>inet_protocols = ipv4</li> <li>mydestination = \)myhostname, localhost.\(mydomain, localhost, \)mydomain
    • relay_domains =
    • smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauthdestination
    • mynetworks = 192.168.0.0/16, 127.0.0.0/8
  3. Reload Postfix: 
    Code
    sudo systemctl restart postfix

4. Dovecot (IMAP/POP3) configuration

  1. Enable protocols in /etc/dovecot/dovecot.conf: 
    Code
    protocols = imap pop3 lmtp
  2. Configure mail location (Maildir): 
    Code
    maillocation = maildir:~/Maildir
  3. Authentication using system users (or configure SQL backend for virtual users). For system users ensure: 
    Code
    disable_plaintextauth = no

    For secure environments prefer SASL over TLS (see TLS section).

  4. Restart Dovecot: 
    Code
    sudo systemctl restart dovecot

5. User management

  • For system users: 
    Code
    sudo adduser alice sudo mkdir /home/alice/Maildir && sudo maildirmake.dovecot /home/alice/Maildir sudo chown -R alice:alice /home/alice/Maildir
  • For virtual users, set up MySQL/Postgres backend and map domains/users in Postfix/Dovecot.

6. TLS encryption (recommended even on LAN)

  1. Obtain certs for internal CA or use self-signed certs. Example self-signed: 
    Code
    sudo openssl req -new -x509 -days 365 -nodes -out /etc/ssl/certs/lanmail.pem -keyout /etc/ssl/private/lanmail.key
  2. Configure Postfix: 
    Code
    smtpd_tls_cert_file=/etc/ssl/certs/lanmail.pem smtpd_tls_key_file=/etc/ssl/private/lanmail.key smtpd_use_tls=yes smtp_tls_securitylevel = may
  3. Configure Dovecot in /etc/dovecot/conf.d/10-ssl.conf: 
    Code
    ssl = required ssl_cert =
  4. Restart services.

7. Access controls and anti-abuse

  • Postfix: ensure reject_unauthdestination is set to avoid becoming an open relay.
  • Enable SMTP AUTH (SASL) so only authenticated clients can send externally.
  • Configure rate limits and greylisting if needed (postfwd, policyd).
  • Use fail2ban to block brute-force attempts for SSH, Postfix, Dovecot: 
    Code
    sudo systemctl enable –now fail2ban

8. Firewall and network

  • Open necessary LAN ports only:
    • TCP 25 (SMTP) — restrict to LAN or authenticated use
    • TCP 587 (Submission) — authenticated mail submission
    • TCP 993 (IMAPS), 995 (POP3S) — IMAP/POP3 over TLS
  • Using UFW: 
    Code
    sudo ufw allow from 192.168.0.0/16 to any port 25,587,993,995 proto tcp sudo ufw enable

9. Backups and storage

  • Regularly back up /etc/postfix, /etc/dovecot, mail storage directories, and SQL databases.
  • Example rsync cron (daily): 
    Code
    0 2rsync -a /var/mail /backup/lanmail/

10. Monitoring and logs

  • Check logs:
    • Postfix: /var/log/mail.log
    • Dovecot: /var/log/dovecot.log
  • Use logrotate to manage sizes (default typically configured).
  • Consider simple monitoring (Monit, Prometheus exporter) for service uptime and disk usage.

11. Optional: Webmail and admin UI

  • Install a lightweight webmail (RainLoop, Roundcube) on an internal web server, configure SMTP/IMAP settings to point to the LanMail server.
  • For virtual user admin, use admin panels like PostfixAdmin.

12. Maintenance checklist

  • Update system and mail packages monthly.
  • Rotate certificates before expiry.
  • Regularly prune spam and mailbox bloat.
  • Review fail2ban logs and blocked IPs weekly.

Quick command summary

  • Update: sudo apt update && sudo apt upgrade -y
  • Restart services: sudo systemctl restart postfix dovecot
  • Add user: sudo adduser alice
  • Create self-signed cert: see TLS step above

If you want, I can generate Postfix/Dovecot example config files for lanmail.local or an instruction set for virtual users with MySQL-backed authentication.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts