For more information, see the Wikipedia Article on Email

Email entered limited use in the 1960s. Initially, users could send mail to users of the same computer (internal mail). Later on, email evolved to be able to send messages to users across different hosts over a network. Ray Tomlinson is credited as the inventor of networked email. In 1971, he developed the first system able to send mail between users on different hosts across the ARPANET. He used the @ sign to link the username with a server (username@hostname). By the mid-1970s, this was the form recognized as an email address using DNS names.

Email systems are based on a store-and-forward model. Originally, they were an ASCII text-only communications medium. Internet email was extended by Multipurpose Internet Mail Extensions (MIME) to carry text in other character sets and other content attachments.

Mail Terminology

Email messages have an "envelope" (or email header) and a "body".

• MUA: mail user agent (Email client)
• MTA: mail transfer agent (uses SMTP to transmit and receive email)
• MDA: mail delivery agent (i.e. mailbox)
• MAA: Mail Access Agent (IMAP, POP)

Email Security

Email is a legacy format and is transmitted in plain text without encryption by default, and is inherently insecure. Additionally, an email is sent from MTA to MTA until it reaches the destination MDA. TLS can be used to encrypt communications between MTAs to prevent adversary-in-the-middle attacks (i.e. use SMTPS), but there is no guarantee that all other MTAs in between are going to use encryption (uses opportunistic encryption). The communications between MUA and MAA can also be encrypted when using POP and IMAP protocols (i.e. POPS and IMAPS).

Unfortunately, it is common practice for various services and websites to use email as a credential recovery or fallback method, or for communicating critically private information such as financial information. I have personally been going through the pain of communicating with my accountant on why I am attaching my income tax and financial information in an encrypted file rather than just attaching the plain PDFs and giving him the password by talking to him directly. My accountant is very annoyed that he had to download the file to his computer and use 7-Zip rather than just opening the PDFs in his "Yahoo_Rogers" web email interface, as he does for all his other clients. My work is always delayed and pushed to the bottom of the pile. I'm sorry to inform you now that you know, you may end up being annoying in the same way if you value your information security.

It is possible to achieve end-to-end encryption using additional software and plugins on the clients. End-to-end encryption refers to the body of messages being encrypted on the sender's computer before being transmitted, and gets decrypted on the recipient's computer without anyone being able to access the contents of the message, including the mail servers. Currently, there is no way to encrypt the envelope (or the header) as this information is required for mail transmission. End-to-end encryption requires the sender and the receiver to exchange encryption keys. Additionally, both parties must be using the same scheme. Most users are not interested or have the technical know-how or control over their mail (i.e. outsourced their mail service to external parties) to be able to use these schemes. On the other hand, some organizations, such as financial institutions or governments, may enforce an encryption scheme for their email communications.

Example of encrypted email protocols:

• Bitmessage
• GNU Privacy Guard (GPG)
• Pretty Good Privacy (PGP)
• S/MIME

If you are interested to learn more, refer to the Wikipedia Article on Email Encryption.

Email Software

Note: Microsoft Exchange is widely used by many businesses. Exchange uses a proprietary protocol from Microsoft and only exclusively works on Microsoft products or is provided as a service and is NOT a standard. While there are attempts to reverse-engineer Exchange and bring such functionality to open-source projects (mostly client software), there are currently no viable alternatives to this service (as a server) and business emails using Exchange are effectively locked in. We are not discussing this proprietary service and are focusing on standard and interoperable internet protocols for basic email functions.

Sending email from a Linux server is useful, not just for enabling user communications, but also for enabling servers to send logs, errors, and other notifications for management and monitoring purposes. The consumers of the email messages sent from a server can be other machines or system administrators.

If you intend to send mail from your server to any destinations (local or the internet), you will need an MTA. MTA software can be configured to act as a local server or relay mail to other MTAs on an external server or via a service provider. There are many options available, such as sendmail, ssmtp, and postfix. You may also want to install the mailutils package for basic mail client functionality via CLI and in scripts (sudo apt install mailutils).

If you need to set up a full email server for a domain, you will need an MTA, MDA and MAA stack to provide SMTP and IMAP/POP services. Postfix and Dovecot are two of the most common and configurable open source software available. We are focusing on these two fundamental software for our use:

• Postfix (Documentation: https://ubuntu.com/server/docs/mail-postfix)
  • Accepts SMTP (TCP 25), Submissions (TCP 587), SMTPS (TCP 465)
  • Reads the envelope, hands off to another server via MTA, or sends to MDA
  • returns an error message to the originator if it fails
  • Postfix configuration:
    • /etc/postfix/main.cf
    • postconf: CLI tool to view and change configuration
    • Service management: service postfix [stop | restart | start]
• Dovecot (Documentation: https://ubuntu.com/server/docs/mail-dovecot)
  • MDA and MAA: functions for storing messages and access management
  • POP3/POP3S (TCP 110/995), IMAP/IMAPS (TCP 143/993)
    • IMAP supports directories and folders, and synchronization
    • POP3 only supports forwarding messages to the client. The client can decide to delete the message from the server when received, or leave it on the server.
  • Access control can be done using Unix/Linux users
  • Supports two formats for mailbox storage:
    • mbox format: messages are stored in a single system spool (message store) directory /var/mail
    • maildir format: spool is located in users’ home directory ~/mail
  • Dovecot configuration:
    • under /etc/dovecot, dovecot.conf and conf.d
    • doveadm: CLI tool to manage dovecot service (e.g. doveadm reload)
    • doveconf: CLI tool to manage Dovecot configurations

Using standard SMTP and IMAP/POP means any client software can be used to access emails. However, for the sake of completeness, we are also installing a popular webmail client software as an additional option for our users:

• Roundcube (Documentation: https://github.com/roundcube/roundcubemail/wiki)
  • MUA with a web-based User interface
  • requires a web server and MySQL (we will be using Apache)
  • Configuration for the web application site: /etc/apache2/conf-available/roundcube.conf
    • Ubuntu installation script provides a Text User Interface and prompts for required information to connect to the mail servers.
    • The web application can be configured to connect to any mail server by editing the PHP configuration files under the config directory under the web document root, where the application files are stored (for example, /var/www/roundcube)
      All these software is provided in the Ubuntu repositories, so installation is done through the package manager apt install postfix dovecot roundcube.

Errors and Logs

The log files are located under /var/log by default, including:

• mail.log
• mail.err
• mail.warn

In addition to log files, some issues and errors are emailed to root or postmaster.