EXIM • DOVECOT • MYSQL • SPAMASSASSIN • CLAMAV • ECM3
        ECM3     64-bit Sierra Server (OS X 10.12+)
  •   High performance SMTP mail server
  •   Enterprise IMAP server that uses Maildirs
  •   Integrated content scanning (ClamAV and SpamAssassin)
  •   SMTP Authentication from MySQL
  •   Supports from few to thousands of mail accounts
  •   POP3 support
  •   Unlimited Virtual Domains
  •   SSL/TLS
  •   Web-based administration
  •   Access on a per user, per domain or administrator basis
  •   Each user is able to manage his/her account
  •   Per User/Account Quota
  •   All account info stored in MySQL (No system user required)
  •   Support for Web-based e-mail (Squirrell Mail or SqWebMail)
  •   Full mailing list server support (Mailman)
  •   Discussion board

PREPARATION     OPENSSL     MYSQL     PHPMYADMIN   HOMEBREW  PHP     EXIM     SSL-CERTS     SPAMASSASSIN     CLAMAV     DOVECOT   ROUNDCUBEMAIL

PREPARATION

Install Command Line Tools via terminal.

xcode-select --install

Bring back Apple's "allow app install from anywhere"

sudo spctl --master-disable

Disable System Integrity Protection (more info on how to do it: here)



OPENSSL

pkg openssl-1.0.2k.pkg



MYSQL

Download and install MySql. Follow these instruction in case you haven't done it in the past.
And here is instruction on how to upgrade MySql.



PHPMYADMIN

Download from this link phpMyAdmin 4.7.0 (or check for the latest version of phpMyAdmin)

Unzip file and rename it to phpMyAdmin and move it to your web server folder /Library/Server/Web/Data/Sites/Default/

Rename config.sample.inc.php to config.inc.php in the phpMyAdmin folder and create in a randomly generated phrase of at least 32 characters. A good place to generate it at https://strongpasswordgenerator.com/

$cfg['blowfish_secret'] = 'w908rh180nyUB0Lw0X6E0316z52834cz'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

You can bring it up to confirm through your browser: http://localhost/phpMyAdmin/  


HOMEBREW

Install homebrew via terminal as a user, follow the instructions until it will say "Your system is ready to brew."

ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

This will take care of initial installation of homebrew and I will indicate what modules you need to install as we go along below with other installations.


PHP 5.6.30

Download and install the following packages followed by PHP 5.6.30 as the last package.

Install homebrew modules via terminal (as user - not root):

brew install mcrypt
brew install libmemcached
brew install gettext
brew install pcre
brew link gettext --force
brew install libpng
brew install freetype
brew install libjpeg
brew install apr
brew link apr --force
brew install apr-util
brew link apr-util --force
brew install libtool
brew install autoconf
brew install pkg-config

and install the following packages: (These packages are built specifically to coexist with homebrew modules.)

pkg imap-2007f.pkg
pkg php-5.6.30.pkg

Restart webserver
Includes pear, gd etc. for a complete list checkwith your browser at http://localhost/info.php .



EXIM (smtp)

Download and install the these packages:

pkg exim-4.89.pkg
pkg db-6.2.23.pkg
pkg libspf2-1.2.10.pkg

Create and set up database in MySql. Also create a user/password in mysql for Exim and other mail programs to run under. Replace USERNAME and PASSWORD before you paste the command in your terminal.

mysql -h 127.0.0.1 -u root -p
mysql> CREATE database ecm3;
mysql> use ecm3;
mysql> \. /Library/WebServer/Documents/ecm3Admin/sql/ecm3.sql
GRANT ALL PRIVILEGES ON ecm3.* TO 'USERNAME'@'localhost' IDENTIFIED BY 'PASSWORD';
mysql> quit

Create a security key exchange primer for exim by logging in to your terminal as root:

login root
mkdir -p /private/etc/certificates
openssl dhparam -out /private/etc/certificates/dhparam.pem 2048

For exim open "/usr/local/exim/configure" file and edit the top part of "Main configuration Setting":

SERVER_IP = 0.0.0.0
primary_hostname = example.com
hide mysql_servers = localhost::(/var/mysql/mysql.sock)/ecm3/USERNAME/PASSWORD



ecm3Admin

Download and install

pkg ecm3Admin.zip

For ecm3Admin open "/Library/WebServer/Documents/ecm3Admin/config/config.inc.php" file and enter database username/password:

$sqluser = "username"; // Database user
$sqlpass = "password"; // Database password

Point your browser to http://localhost/ecm3Admin/ and log in as "siteadmin" with password "change" which you should of course change asap.



Self signed certs for Exim and Dovecot (Sierra)

login root
cd /private/etc/certificates

(Replace domain.com with your domain name)

openssl genrsa -des3 -out domain.com.key.secure 2048
openssl req -new -key domain.com.key.secure -out domain.com.csr

Follow instructions on screen:

countryName = US
state = CA
localityName = Los Angeles
organizationName = CAPTAIN NET (domain.com)
organizationalUnitName = IT
commonName = domain.com
emailAddress = webmaster@domain.com

Sign and create a certificate and a nopass key

openssl x509 -req -days 365 -in domain.com.csr -signkey domain.com.key.secure -out domain.com.crt
openssl rsa -in domain.com.key.secure -out domain.com.key

Uncomment the following lines in exim config and write in your domain name on .crt and .key

tls_advertise_hosts = *
tls_certificate = /private/etc/certificates/domain.com.crt
tls_privatekey = /private/etc/certificates/domain.com.key
tls_dhparam = /private/etc/certificates/dhparam.pem
tls_on_connect_ports = 465
daemon_smtp_ports = 25 : 465 : 587



SPAMASSASSIN (mysql based)

download and install

pkg SpamAssassin-3.4.1.pkg
pkg DBD-mysql-4.042.pkg

Install following perl modules via terminal logged in as root. (takes a while - do not interrupt)

login root
cpan
install DBI
install IO::Socket::IP
install Net::Patricia
install Net::DNS

For spamassassin open "/usr/local/spamassassin/etc/mail/spamassassin/sql.cf" file and edit all instances of username/password. (3 different places)

user_scores_sql_username   username
user_scores_sql_password   password

bayes_sql_username         username
bayes_sql_password         password

user_awl_sql_username      username
user_awl_sql_password      password

Also edit "/usr/local/spamassassin/etc/mail/spamassassin/local.cf" file by entering your IP (and uncomment)

trusted_networks #0.0.0.0

login root
echo 'export PATH=/usr/local/spamassassin/bin:$PATH' >> ~/.bash_profile
echo 'export MANPATH=/usr/local/spamassassin/share/man:$MANPATH' >> ~/.bash_profile

sudo launchctl load /Library/LaunchDaemons/net.captainnet.spamassassin.plist

sa-update --no-gpg



CLAMAV (Virus Scanner)

download and install

pkg clamav-0.99.2.pkg



DOVECOT (IMAP and POP3)

download and install

pkg dovecot-2.2.30.2.pkg

Open "/usr/local/dovecot/etc/dovecot/dovecot-sql.conf.ext" file and enter database username/password on this line:

connect = host=/var/mysql/mysql.sock dbname=ecm3 user=USERNAME password=PASSWORD

Open "/usr/local/dovecot/etc/dovecot/conf.d/10-ssl.conf" file and edit the the domain name:

ssl_cert = </etc/certificates/domain.com.crt
ssl_key = </etc/certificates/domain.com.key

Open "/usr/local/dovecot/etc/dovecot/conf.d/10-auth.conf" and edit your domain name again:

auth_realms = domain.com

Open "/usr/local/dovecot/etc/dovecot/conf.d/15-lda.conf" file and replace with your domain:

postmaster_address = postmaster@domain.com



ROUNDCUBEMAIL

Download and install

pkg roundcubemail.pkg

Create database in MySql

mysql -h 127.0.0.1 -u root -p
mysql> CREATE database roundcubemail;
mysql> use roundcubemail;
mysql> \. /Library/WebServer/Documents/roundcubemail/SQL/roundcube.sql
mysql> quit

Edit username/password in 3 different places.

/Library/WebServer/Documents/roundcubemail/config/config.inc.php

$config['db_dsnw'] = 'mysql://USERNAME:PASSWORD@localhost/roundcubemail';

/Library/WebServer/Documents/roundcubemail/plugins/SAUserPrefs/config.inc.php

$config['password_db_dsn'] = 'mysql://USERNAME:PASSWORD@localhost/ecm3';

/Library/WebServer/Documents/roundcubemail/plugins/password/config.inc.php

$config['password_db_dsn'] = 'mysql://USERNAME:PASSWORD@localhost/ecm3

restart server and point your browser to:

http://localhost/roundcubemail or http://127.0.0.1/roundcubemail