If you host your own mail server you know that one of the biggest issues is spam. How do you get rid of them, is there any good tool, open source? Or maybe you have to go for that overpriced “enterprise grade” software that will erase all spam (commercials always exaggerate) emails just to get some peace of mind? Well, not if you use Mailcleaner. It’s open source, free, easy to install, and gives you that peace of mind without the need to pay for it. They have different plans if you’re interested though.

We have used it for some time now, and they just released a new version called “2017.09 Jessie” that can be found here as different VMs. But if you ended up here you probably already have it installed and just want to know how to install Let’s Encrypt to get free SSL together with Mailcleaner. So, here we go.

  1. Login via SSH with your favorite terminal and run these commands:
    $~: cd /etc
    $~: git clone https://github.com/letsencrypt/letsencrypt
    $~: cd /etc/letsencrypt
    $~: ./cerbot-auto certonly --standalone --pre-hook '/usr/mailcleaner/etc/init.d/apache stop' --post-hook '/usr/mailcleaner/etc/init.d/apache start' -d mailcleaner.example.com
  2. Edit the Mailcleaner Apache template
    $~: nano /usr/mailcleaner/etc/apache/sites/mailcleaner.conf_template

    Change this:

    Redirect / https://__SERVERNAME__/
    SSLCACertificatePath __SRCDIR__/etc/apache/certs
    SSLCertificateFile __SRCDIR__/etc/apache/certs/certificate.pem
    __IFSSLCHAIN__ SSLCertificateChainFile __SRCDIR__/etc/apache/certs/certificate-chain.pem

    To this:

    # Redirect / https://__SERVERNAME__/ 
    Redirect / https://mailcleaner.example.com/
    # SSLCACertificatePath __SRCDIR__/etc/apache/certs
    # SSLCertificateFile __SRCDIR__/etc/apache/certs/certificate.pem
    #__IFSSLCHAIN__ SSLCertificateChainFile __SRCDIR__/etc/apache/certs/certificate-chain.pem
    SSLCACertificatePath /etc/letsencrypt/live/mailcleaner.example.com
    SSLCertificateFile /etc/letsencrypt/live/mailcleaner.example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/mailcleaner.example.com/privkey.pem
    __IFSSLCHAIN__ SSLCertificateChainFile /etc/letsencrypt/live/mailcleaner.example.com/chain.pem
  3. Extract the info from the Let’s Encrypt certs to your GUI

    Go to Configuration –> Services –> Webinterfaces and post the content of the following files:

    fullchain.pem –> Encoded SSL certificate
    privkey.pem –> Encoded SSL private key
    chain.pem –> Encoded SSL certificate chain

    Use cat /etc/letsencrypt/live/mailcleaner.example.com/file.pem

  4. Restart Mailcleaner
    $~: /usr/mailcleaner/etc/init.d/mailcleaner restart
  5. Add a cronjob for the renewal
    $~: crontab -e

    Add this at the bottom:

    # Let's Encrypt
    43 5 * * * /etc/letsencrypt/certbot-auto renew
  6. Enjoy Mailcleaner with Let’s Encrypt!

This post is not sponsored by Mailcleaner