paru -S postfix dovecot certbot certbot-nginx postfix-mysql roundcubemail postfixadmin

sudo certbot --nginx -d mail.turboteam.run
# Postfix

sudo vim /etc/postfix/main.cf
----
myhostname = mail.turboteam.run
mydomain = turboteam.run

# Secure SMTP

smtp_tls_security_level = may
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.turboteam.runpath/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.turboteam.run/privkey.pem
----

sudo vim /etc/postfix/master.cf
----
submission inet n       -       n       -       -       smtpd
#  Uncommented for Dovecot auth
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes

#  Added for Dovecot auth
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_sasl_security_options=noanonymous
  -o smtpd_sasl_local_domain=$myhostname
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
----

# Dovecot SSL
sudo cp /usr/share/doc/dovecot/dovecot-openssl.cnf /etc/ssl/dovecot-openssl.cnf
sudo vim /etc/ssl/dovecot-openssl.cnf
----
# Common Name (*.example.com is also possible)
CN=imap.turboteam.run

# E-mail contact
emailAddress=postmaster@turboteam.run
----
sudo /usr/lib/dovecot/mkcert.sh
sudo cp /etc/ssl/certs/dovecot.pem /etc/ca-certificates/trust-source/anchors/dovecot.crt
sudo trust extract-compat

sudo systemctl restart postfix
sudo systemctl enable postfix --now

# Dovecot config
sudo mkdir /etc/dovecot
sudo cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot/
sudo cp -r /usr/share/doc/dovecot/example-config/conf.d/ /etc/dovecot/

sudo vim /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:/var/mail/%u/Maildir