Friday, April 29, 2011

Setting up SendMail as SMTP Relay Server

Here are the steps to take in order to use Sendmail as SMTP relay server:

By default relay on sendmail is disabled.

So when you do relay on it by doing telnet

220 nagios.gowireless.net ESMTP Sendmail 8.13.8/8.13.8; Fri, 29 Apr 2011 11:59:2
3 -0700
HELO
501 5.0.0 HELO requires domain address
MAIL FROM:test@test.com
250 2.1.0 test@test.com... Sender ok
relaying denied

So to allow relay on SendMail do as follows:

1. First allow the sendmail to listen to all at port 25. (Allow incoming smtp connections)

- Edit /etc/mail/sendmail.mc

Change...

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

To..

DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl

- save it

and then do

make -C /etc/mail

- restart sendmail service

service sendmail restart

2. Allow or open port 25 on the firewall.

3. Now we will include IP based authentication

- Edit /etc/mail/access and add the IP / IP block to allow relay from

Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
Connect:10.1 RELAY
Connect:1.1 RELAY

- save it

- then recompile the access.db

makemap hash /etc/mail/access.db < /etc/mail/access

- then do restart sendmail

4. To test do as follow from a different pc

telnet 10.1.10.13 25
220 nagios.gowireless.net ESMTP Sendmail 8.13.8/8.13.8; Fri, 29 Apr 2011 11:59:2
3 -0700
HELO
501 5.0.0 HELO requires domain address
MAIL FROM:test@test.com
250 2.1.0 test@test.com... Sender ok
RCPT TO:rowell.rufino@gowireless.com
250 2.1.5 rowell.rufino@gowireless.com... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
testing
.
250 2.0.0 p3TIxNH1002876 Message accepted for delivery
quit
221 2.0.0 nagios.gowireless.net closing connection

Hopefully you find this helpful. Thanks. Take Care and God Bless!!!
Posted by at No comments:

Friday, April 8, 2011

Setting Up Mail Server on Linux

There came a time where I was asked by my boss to setup a Mail server for a certain client. At first I was astounded because I am not sure how to do it. But thankfully I found some helpful sites that guided me to establish a complete Email Server. In this blog I wanted to share them with you to help those who would like to setup their own Mail server.

The mail server that I have setup is composed of the following components:

- a Linux OS (preferably Red Hat Enterprise or CentOS)
- Dovecot for IMAP / POP3
- Postfix for SMTP
- ClamAV for antivirus
- SpamAssassin
- MailScanner

How to install SMTP, POP3, IMAP and Webmail service

Postfix will be providing the SMTP service, Dovecot will provide the POP3 and IMAP service, while Apache and SquirrelMail will provide the Webmail service.

The following are the steps we will take on setting up the mail server:

1. How to install and setup Postfix SMTP server.
2. How to install and setup Dovecot POP3 and IMAP server.
3. Configure Postfix SMTP Authentication using Dovecot SASL.
4. How to install and setup SquirrelMail WebMail.
5. How to configure the firewall.


How to install and setup Postfix SMTP server

We need to install 2 packages here namely:

- postfix and system-switch-mail

To do so, issue the following command:

# yum install postfix system-switch-mail

By default the MTA on Linux is sendmail so we need to switch from sendmail to postfix. Use the system-switch-mail tool to switch to postfix.

Configure Postfix

1. Edit the postfix configuration file.

# vi /etc/postfix/main.cf

Find the following keys and change its values as follows
inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain home_mailbox = Maildir/

Make sure that all mail_spool_directory lines are commented out. Otherwise, it will override the setting in the home_mailbox line above.

2. Restart postfix service

# service postfix restart

Test Postfix

1. For testing purposes, create a linux user.

# useradd johndoe

Sample postfix session. Replace johndoe with any valid user account. The dot after the line test is a command that should be typed in.

2. Perform testing.

[root@mail ~]# telnet localhost smtp Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 mail.acme.local ESMTP Postfix ehlo localhost 250-mail.acme.local 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from: 250 2.1.0 Ok rcpt to: 250 2.1.5 Ok data 354 End data with . test . 250 2.0.0 Ok: queued as 9729067C17 quit 221 2.0.0 Bye Connection closed by foreign host. [root@mail ~]#
To check if the mail indeed exists

[root@mail ~]# cd /home/johndoe/Maildir/new [root@mail new]# ls 1185669817.Vfd00I18012M795756.mail.acme.local [root@mail new]# cat 1185669817.Vfd00I18012M795756.mail.acme.local
Don’t worry, you don’t have to type in the whole filename above. Just type in the first few characters say 118 then press Tab to activate automatic completion.

From johndoe@mail.acme.local  Thu Feb 22 21:48:28 2007 Return-Path:  X-Original-To: johndoe Delivered-To: johndoe@mail.acme.local Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])         by mail.acme.local (Postfix) with SMTP id 9729067C17         for ; Thu, 22 Feb 2007 21:48:26 -0500 (EST) Message-Id: <20070222134827.9729067C17@mail.acme.local> Date: Thu, 22 Feb 2007 21:48:26 -0500 (EST) From: johndoe@mail.acme.local To: undisclosed-recipients:;  test  [root@mail mail]#
If you encounter any problems, check the log file at /var/log/maillog.

How to install and setup Dovecot POP3 and IMAP server

1. To install dovecot:

# yum install dovecot

Configure Dovecot

1. Edit the dovecot configuration file

# vi /etc/dovecot.conf

Find the following keys and change its values as follows

protocols = pop3 pop3s imap imaps mail_location = maildir:~/Maildir/ pop3_uidl_format = %08Xu%08Xv imap_client_workarounds = delay-newmail outlook-idle netscape-eoh pop3_client_workarounds = outlook-no-nuls oe-ns-eoh


2. Start Dovecot server

# service dovecot start

Test Dovecot

Sample dovecot session. Replace johndoe and password with any valid user name and password.

root@mail ~]# telnet localhost pop3 +OK dovecot ready. user johndoe +OK pass password +OK Logged in. list +OK 1 messages: 1 622 . retr 1 +OK 622 octets Return-Path:  X-Original-To: johndoe Delivered-To: johndoe@mail.acme.local Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])         by mail.acme.local (Postfix) with SMTP id 9729067C17         for ; Thu, 22 Feb 2007 09:06:37 -0500 (EST) Message-Id: <20070222140640.9729067C17@mail.acme.local> Date: Thu, 22 Feb 2007 09:06:37 -0500 (EST) From: johndoe@mail.acme.local To: undisclosed-recipients:; X-IMAPbase: 1172153557 1 Status: O X-UID: 1 Content-Length: 5 X-Keywords:   test . quit +OK Logging out. Connection closed by foreign host. [root@mail ~]#

Configure Postfix SMTP Authentication using Dovecot SASL

SMTP Authentication (SMTP Auth) provides an access control mechanism that can be used to allow legitimate users to relay mail while denying relay service to unauthorized users, such as spammers.

Thanks to the new SASL support in Dovecot 1.0 and the new Dovecot SASL support in Postfix 2.3, setting up SMTP authentication is now easier. Instead of setting up two separate authentication for Postfix and Dovecot, we can now just setup the authentication in Dovecot and just let Postfix talk to Dovecot.

Configure Postfix and Dovecot

1. Edit the file /etc/dovecot.conf and make sure your auth default section has the lines below.

auth default {    socket listen {     client {    path = /var/spool/postfix/private/auth    mode = 0660    user = postfix    group = postfix     }   }    mechanisms = plain login }


2. Edit /etc/postfix/main.cf, find the keys below and change its values as follows or add it at the bottom of the file if the key (the word before the = sign) cannot be found.

mynetworks = 127.0.0.0/8 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions =  permit_mynetworks,      permit_sasl_authenticated, reject_unauth_destination broken_sasl_auth_clients = yes
The first line says trust only localhost, meaning only localhost can send email outside the network (relay). The last line is there to support old clients like Microsoft Outlook Express 4.0 and Microsoft Exchange 5.0 just in case someone is still using it.

3. Restart the Dovecot and Postfix service. But if you installed MailScanner, restart MailScanner instead of Postfix.

Test Postfix

Sample postfix session

[root@mail ~]# telnet mail smtp
Replace mail with the name of your server. We should not use localhost since localhost is a trusted client ip address. And make sure the domain name you specified does not resolve to 127.0.0.1 which is the IP address of localhost.

Trying 192.168.0.1... Connected to mail.acme.local (192.168.0.1). Escape character is '^]'. 220 mail.acme.local ESMTP Postfix ehlo localhost 250-mail.acme.local 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
Note the new 250-AUTH lines.

mail from: 250 2.1.0 Ok rcpt to: 554 5.7.1 : Relay access denied
It works, now to check if we can send it after authenticating.

auth plain AGpvaG5kb2UAcGFzc3dvcmQ= 235 2.0.0 Authentication successful rcpt to: 250 2.1.5 Ok quit 221 2.0.0 Bye Connection closed by foreign host. [root@mail ~]#
The gibberish text after AUTH PLAIN is the base64 encoded value of the user name johndoe and password password. You can generate your own base64 text using the form below.

http://www.linuxmail.info/postfix-smtp-auth-dovecot-sasl/

How to install and setup SquirrelMail WebMail.

SquirrelMail is an open source standards-based webmail package written in PHP. When installed, SquirrelMail is ready out of the box. All it needs is an installed web server like Apache, SMTP server like Postfix, and IMAP server like Dovecot.

1. Get the latest stable release of Squirrelmail

# cd /usr/src

# wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fprdownloads.sourceforge.net%2Fsquirrelmail%2Fsquirrelmail-1.4.21.tar.gz

# tar xvzf squirrelmail-1.4.21.tar.gz

# mv squirrelmail-1.4.21 /usr/local/squirrelmail

Prepare SquirrelMail directories

Make sure to change "nogroup" to whatever group Apache will be running as. You can check what that is by looking at the value of the "Group" setting in your Apache main configuration file (probably /etc/httpd/conf/httpd.conf).

# mkdir /usr/local/squirrelmail # cd /usr/local/squirrelmail # mkdir data temp # chgrp nogroup data temp # chmod 0730 data temp

Unpack SquirrelMail

# cd /usr/local/squirrelmail # tar --bzip2 -xvf /usr/local/src/downloads/squirrelmail-1.4.17.tar.bz2 # mv squirrelmail-1.4.17 www

Configure SquirrelMail

Run the SquirrelMail configuration utility.

# cd /usr/local/squirrelmail # www/configure

Select the "D" option and then configure SquirrelMail with the "uw" preset. Also make sure to set the data and attachment directory settings ("/usr/local/squirrelmail/data" and "/usr/local/squirrelmail/temp" respectively) under "4. General Options". Make any other changes as you see fit, select "S" to save and then "Q" to quit.

Configure access to SquirrelMail in Apache

Modify your main Apache configuration file (typically /etc/httpd/conf/httpd.conf) by adding the following:


"Alias /squirrelmail /usr/local/squirrelmail/www    Options None   AllowOverride None   DirectoryIndex index.php   Order Allow,Deny   Allow from all     Deny from all     Allow from all     Allow from all     Allow from all     Allow from all     Allow from all     Order Deny,Allow   Deny from All   Allow from 127   Allow from 10   Allow from 192     Order Deny,Allow   Deny from All   Allow from 127   Allow from 10   Allow from 192 "

Restart apache

Reference:
http://www.linuxmail.info/squirrelmail-webmail-setup-howto-in-centos-5/
http://squirrelmail.org/docs/admin/admin-3.html#ss3.2
Posted by at No comments:
Subscribe to: Posts (Atom)