Friday, April 8, 2011

Setting Up Mail Server on Linux

There came a time where I was asked by my boss to setup a Mail server for a certain client. At first I was astounded because I am not sure how to do it. But thankfully I found some helpful sites that guided me to establish a complete Email Server. In this blog I wanted to share them with you to help those who would like to setup their own Mail server.

The mail server that I have setup is composed of the following components:

- a Linux OS (preferably Red Hat Enterprise or CentOS)
- Dovecot for IMAP / POP3
- Postfix for SMTP
- ClamAV for antivirus
- SpamAssassin
- MailScanner

How to install SMTP, POP3, IMAP and Webmail service

Postfix will be providing the SMTP service, Dovecot will provide the POP3 and IMAP service, while Apache and SquirrelMail will provide the Webmail service.

The following are the steps we will take on setting up the mail server:

1. How to install and setup Postfix SMTP server.
2. How to install and setup Dovecot POP3 and IMAP server.
3. Configure Postfix SMTP Authentication using Dovecot SASL.
4. How to install and setup SquirrelMail WebMail.
5. How to configure the firewall.


How to install and setup Postfix SMTP server

We need to install 2 packages here namely:

- postfix and system-switch-mail

To do so, issue the following command:

# yum install postfix system-switch-mail

By default the MTA on Linux is sendmail so we need to switch from sendmail to postfix. Use the system-switch-mail tool to switch to postfix.

Configure Postfix

1. Edit the postfix configuration file.

# vi /etc/postfix/main.cf

Find the following keys and change its values as follows
inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain home_mailbox = Maildir/

Make sure that all mail_spool_directory lines are commented out. Otherwise, it will override the setting in the home_mailbox line above.

2. Restart postfix service

# service postfix restart

Test Postfix

1. For testing purposes, create a linux user.

# useradd johndoe

Sample postfix session. Replace johndoe with any valid user account. The dot after the line test is a command that should be typed in.

2. Perform testing.

[root@mail ~]# telnet localhost smtp Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 mail.acme.local ESMTP Postfix ehlo localhost 250-mail.acme.local 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from: 250 2.1.0 Ok rcpt to: 250 2.1.5 Ok data 354 End data with . test . 250 2.0.0 Ok: queued as 9729067C17 quit 221 2.0.0 Bye Connection closed by foreign host. [root@mail ~]#
To check if the mail indeed exists

[root@mail ~]# cd /home/johndoe/Maildir/new [root@mail new]# ls 1185669817.Vfd00I18012M795756.mail.acme.local [root@mail new]# cat 1185669817.Vfd00I18012M795756.mail.acme.local
Don’t worry, you don’t have to type in the whole filename above. Just type in the first few characters say 118 then press Tab to activate automatic completion.

From johndoe@mail.acme.local  Thu Feb 22 21:48:28 2007 Return-Path:  X-Original-To: johndoe Delivered-To: johndoe@mail.acme.local Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])         by mail.acme.local (Postfix) with SMTP id 9729067C17         for ; Thu, 22 Feb 2007 21:48:26 -0500 (EST) Message-Id: <20070222134827.9729067C17@mail.acme.local> Date: Thu, 22 Feb 2007 21:48:26 -0500 (EST) From: johndoe@mail.acme.local To: undisclosed-recipients:;  test  [root@mail mail]#
If you encounter any problems, check the log file at /var/log/maillog.

How to install and setup Dovecot POP3 and IMAP server

1. To install dovecot:

# yum install dovecot

Configure Dovecot

1. Edit the dovecot configuration file

# vi /etc/dovecot.conf

Find the following keys and change its values as follows

protocols = pop3 pop3s imap imaps mail_location = maildir:~/Maildir/ pop3_uidl_format = %08Xu%08Xv imap_client_workarounds = delay-newmail outlook-idle netscape-eoh pop3_client_workarounds = outlook-no-nuls oe-ns-eoh


2. Start Dovecot server

# service dovecot start

Test Dovecot

Sample dovecot session. Replace johndoe and password with any valid user name and password.

root@mail ~]# telnet localhost pop3 +OK dovecot ready. user johndoe +OK pass password +OK Logged in. list +OK 1 messages: 1 622 . retr 1 +OK 622 octets Return-Path:  X-Original-To: johndoe Delivered-To: johndoe@mail.acme.local Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])         by mail.acme.local (Postfix) with SMTP id 9729067C17         for ; Thu, 22 Feb 2007 09:06:37 -0500 (EST) Message-Id: <20070222140640.9729067C17@mail.acme.local> Date: Thu, 22 Feb 2007 09:06:37 -0500 (EST) From: johndoe@mail.acme.local To: undisclosed-recipients:; X-IMAPbase: 1172153557 1 Status: O X-UID: 1 Content-Length: 5 X-Keywords:   test . quit +OK Logging out. Connection closed by foreign host. [root@mail ~]#

Configure Postfix SMTP Authentication using Dovecot SASL

SMTP Authentication (SMTP Auth) provides an access control mechanism that can be used to allow legitimate users to relay mail while denying relay service to unauthorized users, such as spammers.

Thanks to the new SASL support in Dovecot 1.0 and the new Dovecot SASL support in Postfix 2.3, setting up SMTP authentication is now easier. Instead of setting up two separate authentication for Postfix and Dovecot, we can now just setup the authentication in Dovecot and just let Postfix talk to Dovecot.

Configure Postfix and Dovecot

1. Edit the file /etc/dovecot.conf and make sure your auth default section has the lines below.

auth default {    socket listen {     client {    path = /var/spool/postfix/private/auth    mode = 0660    user = postfix    group = postfix     }   }    mechanisms = plain login }


2. Edit /etc/postfix/main.cf, find the keys below and change its values as follows or add it at the bottom of the file if the key (the word before the = sign) cannot be found.

mynetworks = 127.0.0.0/8 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions =  permit_mynetworks,      permit_sasl_authenticated, reject_unauth_destination broken_sasl_auth_clients = yes
The first line says trust only localhost, meaning only localhost can send email outside the network (relay). The last line is there to support old clients like Microsoft Outlook Express 4.0 and Microsoft Exchange 5.0 just in case someone is still using it.

3. Restart the Dovecot and Postfix service. But if you installed MailScanner, restart MailScanner instead of Postfix.

Test Postfix

Sample postfix session

[root@mail ~]# telnet mail smtp
Replace mail with the name of your server. We should not use localhost since localhost is a trusted client ip address. And make sure the domain name you specified does not resolve to 127.0.0.1 which is the IP address of localhost.

Trying 192.168.0.1... Connected to mail.acme.local (192.168.0.1). Escape character is '^]'. 220 mail.acme.local ESMTP Postfix ehlo localhost 250-mail.acme.local 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
Note the new 250-AUTH lines.

mail from: 250 2.1.0 Ok rcpt to: 554 5.7.1 : Relay access denied
It works, now to check if we can send it after authenticating.

auth plain AGpvaG5kb2UAcGFzc3dvcmQ= 235 2.0.0 Authentication successful rcpt to: 250 2.1.5 Ok quit 221 2.0.0 Bye Connection closed by foreign host. [root@mail ~]#
The gibberish text after AUTH PLAIN is the base64 encoded value of the user name johndoe and password password. You can generate your own base64 text using the form below.

http://www.linuxmail.info/postfix-smtp-auth-dovecot-sasl/

How to install and setup SquirrelMail WebMail.

SquirrelMail is an open source standards-based webmail package written in PHP. When installed, SquirrelMail is ready out of the box. All it needs is an installed web server like Apache, SMTP server like Postfix, and IMAP server like Dovecot.

1. Get the latest stable release of Squirrelmail

# cd /usr/src

# wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fprdownloads.sourceforge.net%2Fsquirrelmail%2Fsquirrelmail-1.4.21.tar.gz

# tar xvzf squirrelmail-1.4.21.tar.gz

# mv squirrelmail-1.4.21 /usr/local/squirrelmail

Prepare SquirrelMail directories

Make sure to change "nogroup" to whatever group Apache will be running as. You can check what that is by looking at the value of the "Group" setting in your Apache main configuration file (probably /etc/httpd/conf/httpd.conf).

# mkdir /usr/local/squirrelmail # cd /usr/local/squirrelmail # mkdir data temp # chgrp nogroup data temp # chmod 0730 data temp

Unpack SquirrelMail

# cd /usr/local/squirrelmail # tar --bzip2 -xvf /usr/local/src/downloads/squirrelmail-1.4.17.tar.bz2 # mv squirrelmail-1.4.17 www

Configure SquirrelMail

Run the SquirrelMail configuration utility.

# cd /usr/local/squirrelmail # www/configure

Select the "D" option and then configure SquirrelMail with the "uw" preset. Also make sure to set the data and attachment directory settings ("/usr/local/squirrelmail/data" and "/usr/local/squirrelmail/temp" respectively) under "4. General Options". Make any other changes as you see fit, select "S" to save and then "Q" to quit.

Configure access to SquirrelMail in Apache

Modify your main Apache configuration file (typically /etc/httpd/conf/httpd.conf) by adding the following:


"Alias /squirrelmail /usr/local/squirrelmail/www    Options None   AllowOverride None   DirectoryIndex index.php   Order Allow,Deny   Allow from all     Deny from all     Allow from all     Allow from all     Allow from all     Allow from all     Allow from all     Order Deny,Allow   Deny from All   Allow from 127   Allow from 10   Allow from 192     Order Deny,Allow   Deny from All   Allow from 127   Allow from 10   Allow from 192 "

Restart apache

Reference:
http://www.linuxmail.info/squirrelmail-webmail-setup-howto-in-centos-5/
http://squirrelmail.org/docs/admin/admin-3.html#ss3.2
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)