Ubuntu Email Server

4/8/2015 UbuntuEmailServer

http://webmodelling.com/webbits/ubuntu/ubuntuemailserver.aspx#ubuntumailserverbasictest 1/18

Articlestutorialsetc.

Projectswebsites

Downloadsscripts&stuff.

IamadanishprogrammerlivinginBangkok.Readmoreaboutme@rasmus.rummel.dk.

WebmodellingHome>UbuntuEmailServerhowto

UbuntuEmailServer10Feb2012.ThistutorialisastepbystephowtomakeUbuntuintoapowerfulemailserverusingPostfix,Dovecot,MySQLandSquirrelmail.

Tomakeiteasy,Ihavemadeanemailserverinstallationscriptwhichallowsyoutochooseoneofthe3followingscenarios:

Youwanttoinstallastandalonefullfledgedemailserverinstallationscriptoption1.YouwanttoenhanceyourLAMPstackwithanemailserverinstallationscriptoption2.Youwanttounderstandhowtoinstallanemailserverinstallationscriptoption3willholdyourhandwhilefollowingthistutorial.

Installmailserverstepbystep:1. Install&configurebasicmailserver(test)2. Configurevirtualdomains(test)3. Installspamcontrolunderconstruction4. ConfigureSASL(test)5. ConfigureTLS(test)6. InstallSquirrelmail(test)

Appendixes:Appendix:AccessSquirrelmailonmultiplecustomurlsAppendix:Management&DebuggingCommandsAppendix:BasicConceptsifyouarenewtoemailconcepts,skimthisfirstAppendix:RelevantlinksAppendix:SquirrelmailinthaiAppendix:Commonerrors&solutionsComments

Toomuchtalkingalready

InstallbasicmailcomponentsAnEmailserverisaboutlettingaMailUserAgent(MUA)alsocalledanemailclient,eg.OutlookExpressorThunderbird,sendingandreceivingemailmessages.Aminimalworkingemailserverconsistsof2components:

AMailTransferAgent(MTA):wewillusePostfix:basicallyresponsibleforlettingaMUAsendanemailmessage.AMailDeliveryAgent(MDA):wewilluseDovecot:basicallyresponsibleforlettingaMUAreceiveanemailmessage.

BasicmailcomponentsinstallPostfix(alternativelyexecuteemailserverinstallationscriptstep3>1)

1. Logontoyourserverasroot(orlogonasyournormaluserandthenswitchusertoroot:shell>suroot).2. shell>aptgetupdate:alwaysstartwithupdatingpackageinformation.3. InstallPostfix:

1. shell>aptgetyinstallpostfixpostfixdoc:postfix:MTAmailserverpostfixdoc:documentationforPostfix,notnecessarybutnicetohave.Installingthepostfixpackagewillpromptyoufor:

1. generaltype:youshouldchooseinternetsite.

2. Systemmailname:youinternetdomainnameusedtoqualifyyouremails,[email protected],thenthevalueshouldbewebmodelling.com

4. ConfigurePostfix:(postconfeisaconvenientwaytosetconfigurationpropertiesin/etc/postfix/main.cf)1. shell>postconfe'myhostname=host.example.tld':changehost.example.tldtoyourownserversFQDN(FullyQualifiedDomainName),eg.

web1.webmodelling.comormaybejustwebmodelling.com.2. shell>postconfe'mydomain=example.tld':standardistouseyourserversinternetdomainwithoutthehostname.IfyourFQDNis

host.example.tld,thenyoushouldonlyhaveexample.tldhere.3. shell>postconfe'mydestination=$mydomain,localhost,localhost.localdomain':listofdomainsthatPostfixshoulddeliverlocally.If

mydestinationissettowebmodelling.com,[email protected](andallotheremailmessageswillbeforwardedtoanotherMTA).Herethevalueissetto$mydomainandlocalhostetc.

4. shell>postconfe'mynetworks=127.0.0.0/8[::ffff:127.0.0.0]/104[::1]/128':listoftrustednetworksfromwhichSMTPclients(MUAs&otherMTAs)havemorepriviledges,typicalltrustedSMTPclientsareallowedtorelayemailmessageswhilenontrustedarenot.

5. shell>postconfe'inet_interfaces=all':whatinterfacestoreceiveemailon,eitherspecifycommaseperatedIPaddressesorspecifyall.6. shell>postconfe'home_mailbox=Maildir/':setmailboxformattoMaildir(eachemailmessageinitsownfile).7. shell>postconfe'smtpd_sasl_auth_enable=no':whiledocumentationstatesthisvaluesisdefaultsettono,actuallyitseemsdefaulttobe

yesandsincewedonotwanttoenablesaslauthyet,wesetitexplicitlytonohere.8. shell>/etc/init.d/postfixrestart:restartPostfixtoapplythechangedconfiguration.

BasicmailcomponentsinstallDovecot(alternativelyexecuteemailserverinstallationscriptstep3>2)

1. Logontoyourserverasroot(orlogonasyournormaluserandthenswitchusertoroot:shell>suroot).2. InstallDovecot:

1. shell>aptgetyinstalldovecotcommondovecotimapddovecotpop3ddovecotpostfixdovecotcommon:MDA(MailDeliveryAgent).Isresponsibleforstoringfinalreceivedemailmessages(typicallyonharddrive).Alsodovecotpop3danddovecotimapdependsonthispackage.dovecotimapd:AllowsMUAs(MailUserAgents)todownloademailmessagesusingtheIMAPprotocol.dovecotpop3d:AllowsMUAs(MailUserAgents)todownloademailmessagesusingthePOP3protocol.dovecotpostfix:MailstackdeliveryintegrationIhavenottestedit,butIguessthepackagewilltrytosetupPostfixtouseDovecotLDAaswellasinstallSieve.

Dogood Suka Tweet



DovecotLDAaswellasinstallSieve.3. ConfigureDovecot:

Dovecotmainconfigurationfile/etc/dovecot/dovecot.confnowincludeslotsofseparateconfigurationfilesunder/etc/dovecot/conf.d/fordefaultconfigurationsettings.Themostimportantoftheseis/etc/dovecot/conf.d/01mailstackdelivery.conf.

1. shell>dovecotn|headn1:displayspathtoDovecotmainconfigfileshouldbe/etc/dovecot/dovecot.conf.2. shell>nano/etc/dovecot/dovecot.conf:loadDovecotmainconfigurationfileinthenanoeditorandbesureitcontainsthefollowinglines

(exceptthosestrikedthrough).protocols=pop3imap:notnecessarytoset,alreadysetinconf.d/01mailstackdelivery.conf.mail_location=maildir:~/Maildir/:notnecessarytoset,alreadysetinconf.d/01mailstackdelivery.conf.pop3_client_workarounds=outlooknonulsoenseoh:notnecessarytoset,alreadysetinconf.d/01mailstackdelivery.conf.Workaroundsforemailclientbugs.Outlook&OutlookExpresshangsifmailcontainsNULcharacters.outlooknonulsreplacesNULswith0x80.OutlookExpressandNetscapeMailbreaksifendofheaderslineismissing.oenseohsendsendofheaderslineifit'smissing.!includeconf.d/*.conf:loadallconfigurationfiles.pop3_uidl_format=%08Xu%08Xv:formatofPOP3uniquemailidentifier.log_timestamp="%Y%m%d%H:%M:%S":prefixforeachlinewrittentologfile.imap_client_workarounds=delaynewmailoutlookidlenetscapeeoh:thisisalsosetinconf.d/01mailstackdelivery.conf,howeverthevalueisnotcorrect,soweoverwriteithere.Workaroundsforemailclientbugs.namespace{:namespaceisnotstrictlyrequiredasadefaultnamespacewillbecreatedifyoudon'tcreateityourself.type=private:thisnamespacecontainsonlytheusersownmailboxes.(therearealsosharedandpublictypes).separator=.:charforseparatingchildfolders,eg.work.designorwork.programming.prefix=INBOX.inbox=yes:thisnamespacecontainstheinbox(thereareonlyoneinbox).}

3. shell>/etc/init.d/dovecotstop&&sleep5&&/etc/init.d/dovecotstart:restarttheDovecotservertoenabletheconfigurationchanges(wait5secondsbetweenstopandstartquatheansilchildprocessbug).

BasicmailserverTestitworks

Logontoyourserverasroot(orlogonasyournormaluserandthenswitchusertoroot:shell>suroot).Testthatserversareontherightports:

1. shell>nmaplocalhost:showsallportsonwhichserversarelisteningusingwhichprotocolyoushouldhaveatleast:25/tcpopensmtp110/tcpopenpop3143/tcpopenimap993/tcpopenimaps995/tcpopenpop3s

TestthatPostfixworks:(manuallysendinganemailthroughPostfix)1. shell>telnetlocalhost25:probetheserveronport25(Postfix)tobesurePostfixislistening.

1. Trying127.0.0.1...Connectedtolocalhost.Escapecharacteris'^]'.220Your.Domain.NameESMTPPostfix(Ubuntu)

2. helolocalhost:(moreinfowithehlolocalhost)3. 250your.domain.name4. mailfrom:root@localhost5. 2502.1.0Ok6. rcptto:rasmus@localhost:useavaliduserdifferentfromroot(theuserneedtohaveapassword,otherwisetheusercannotretrieve

mail)7. 2502.1.5Ok8. data:beginthedatasection.9. 354Enddatawith.

10. Subject:myfirstsubject11. Myfirstbody12. .:adotonanewlinefollowedbyEnterwillendthedatasection.13. 2502.0.0Ok:queuedas3141010228614. quit:15. 2212.0.0Bye

Connectionclosedbyforeignhost.2. shell>lsl/home/rasmus/Maildir/new:listtheemailmessagetoseethatithavebeenlocallydelivered(besuretochangerasmustoyour

ownuser)3. shell>cat/home/rasmus/Maildir/new/*:youcanalsoreadtheemailmessage.4. shell>telnetyour.server.domain25:shouldgivethesameresultastelnetlocalhost25andconfirmsthatyouhaveindeedusedthecorrect

FQDNforPostfixmyhostnameabove.TestthatDovecotworks:(retrievingtheemailusingDovecotpop3justsentthroughPostfixabove)

1. shell>telnetlocalhostpop31. Trying127.0.0.1...

Connectedtolocalhost.Escapecharacteris'^]'.+OKDovecotready.

2. userrasmus:theuser3. +OK4. passPASSWORD:insertthepasswordfortherasmususer.5. +OKLoggedin.6. list7. +OK1messages:

1420.

8. retr19. +OK420octets

ReturnPath:XOriginalTo:rasmus@localhostDeliveredTo:rasmus@localhostReceived:fromlocalhost(localhost[127.0.0.1])byyour.server.domain(Postfix)withSMTPid31410102286forWed,7Dec201119:58:25+0700(ICT)Subject:myfirstsubjectMessageId:Date:Wed,7Dec201119:58:25+0700(ICT)From:root@localhost

Myfirstbody.

10. quit



10. quit2. shell>lsl/home/rasmus/Maildir/new:afterretrievingtheemailusingpop3,theemailmessagehavebeenremovedfromthenewfolder...3. shell>lsl/home/rasmus/Maildir/cur:...tothecurfolder.

Ifyoupassedthetests,younowhaveabasicemailserverthatactuallyworks.

ConfigurePostfixforvirtualdomainsusingMySQL(alternativelyexecuteemailserverinstallationscriptstep3>3)MostemailserversneedtobefinalMTArecipientformultiplevirtualdomainsandmanymanyemailaddresses.These2tasksarebyfarmosteasilyhandledusingaMySQLdatabase.

WhilewestorevirtualdomainsandvirtualemailaddressesinaMySQLdatabase,westillstoretheactualemailmessagesonstandardstorage(harddrive).Alsowewilluseonesystemaccount,vmail,inwhichhomefolderwewillwriteafolder,email_box,foreachemailaddress.

Ifwedidnotusevirtualdomainsandthereforevirtualmailboxes,defaultistostoreemailmessagesinthesystemusershomedirectory.However,sinceourusersarevirtual,weinsteadhaveavirtual_mailbox_base,wewilluse/home/vmail,andthensubfoldersforeachvirtual_mailbox_domain.

1. shell>aptgetyinstallmysqlclientmysqlserverpostfixmysqldovecotmysql:ifyoualreadyhaveMySQLinstalled,thenjustinstallthepostfixmysql&dovecotmysqlpackages.

mysqlserver:theactualmysqlserverthatenablesyoutocreatedatabases.mysqlclient:thisisthemysqlCLIthatallowsyoutoaccessandmanagemysqlserveranddatabasesusingthecommandline(aGUIalternativeisphpMyAdmin).postfixmysql:addsMySQLmapssupporttoPostfix.MakesitpossibletoconfigurePostfixtouseMySQLtostoreuseraccountsandrelateddata.dovecotmysql:addsMySQLdriversupporttoDovecot.Installingthemysqlserverpackagewillpromptyoufor:

1. rootuserpassword:createapasswordforMySQLrootuser(notUbunturootuser).

2. confirmrootuserpassword.2. CreatethePostfixMySQLdatabase:

1. shell>mysqlurootpRootPassword:usemysqlclienttologontoMySQL.BesuretochangePasswordtothecorrectpassword(noticethereisnospacebetweenpandPassword).

2. mysql>CREATEDATABASEPostfix;:3. mysql>GRANTSELECT,INSERT,UPDATE,DELETEONPostfix.*TO'mail_admin'@'localhost'IDENTIFIEDBY'MailAdminPassword';:Youmakeupthe

MailAdminPasswordyourself.4. mysql>GRANTSELECT,INSERT,UPDATE,DELETEONPostfix.*TO'mail_admin'@'localhost.localdomain'IDENTIFIEDBY'MailAdminPassword';:5. mysql>USEPostfix;:6. mysql>CREATETABLEdomains(domainvarchar(50)NOTNULL,PRIMARYKEY(domain));:7. mysql>CREATETABLEforwardings(sourcevarchar(80)NOTNULL,destinationTEXTNOTNULL,PRIMARYKEY(source));:8. mysql>CREATETABLEusers(emailvarchar(80)NOTNULL,passwordvarchar(20)NOTNULL,PRIMARYKEY(email));:9. mysql>CREATETABLEtransport(domainvarchar(128)NOTNULLdefault'',transportvarchar(128)NOTNULLdefault'',UNIQUEKEYdomain(domain));:

10. mysql>quit:Postfixdatabaseschemaisfinished.11. shell>sedie"s/^[\t#]*bindaddress.*$/bindaddress=127.0.0.1/"/etc/mysql/my.cnf:uncommenttheMySQLlocalbindaddresstogetMySQL

tobindtolocalhostsothatthePostfixmail_adminusercanconnect(ifyouneedtouseanotherIP,youwillneed1)tocreateamail_adminuseronthatIPinsteadoflocalhostand2)changethehostvalueofthemysqlmapfilesbelow).

12. shell>servicemysqlrestart:reloadMySQLconfigurationfile.3. WritePostfix/MySQLmapfiles:4filesthatdefineshowPostfixmapsdomains,mailboxes,forwardingsandaccountstotablesintheabove

PostfixMySQLdatabase:(Anaturalplacetosavethe4filesisin/etc/postfix.Alsonotethatthefilesdifferonlywithrespecttothequeryline)

1. shell>cd/etc/postfix:changelocationtotheplacetherethe4filesshouldbecreated.2. shell>nanomysqlvirtual_domains.cf:createafilecalledmysqlvirtual_domains.cf

user=mail_adminpassword=MailAdminPassword:besuretosubstituteMailAdminPasswordwiththepasswordyoucreatedformail_admin@localhostabove.dbname="postfix"query=SELECTdomainASvirtualFROMdomainsWHEREdomain='%s'hosts=127.0.0.1

3. shell>nanomysqlvirtual_mailboxes.cf:createafilecalledmysqlvirtual_mailboxes.cfuser=mail_adminpassword=MailAdminPassworddbname="postfix"query=SELECTCONCAT(SUBSTRING_INDEX(email,'@',1),'/',SUBSTRING_INDEX(email,'@',1),'/')FROMusersWHEREemail='%s'hosts=127.0.0.1

4. shell>nanomysqlvirtual_forwardings.cf:createafilecalledmysqlvirtual_forwardings.cfuser=mail_adminpassword=MailAdminPassworddbname="postfix"query=SELECTdestinationFROMforwardingsWHEREsource='%s'hosts=127.0.0.1

5. shell>nanomysqlvirtual_email2email.cf:createafilecalledmysqlvirtual_email2email.cfuser=mail_adminpassword=MailAdminPassworddbname="postfix"query=SELECTemailFROMusersWHEREemail='%s'hosts=127.0.0.1

6. shell>chmodo=/etc/postfix/mysqlvirtual_*.cf:changeaccessfortheabove4mappingfiles.7. shell>chgrppostfix/etc/postfix/mysqlvirtual_*.cfchangethegroupfortheabove4mappingfiles.

4. Createthesystemgroupanduserthatvirtualdomainemailmessagefilesbelongsto:1. shell>groupaddg5000vmail:createagroupcalledvmailwithGroupID=5000(g)2. shell>useraddgvmailu5000s/sbin/nologinvmaild/home/vmailm:createausercalledvmailwithUserID=5000(u)belongingtothe

vmailgroup(g)withoutashelllogin(s)andwithhomedirectory/home/vmail(d).If/home/vmaildoesnotexist,thenmakeit(m).3. shell>chmod770/home/vmail:giveownerandgroupfullaccessandothersnoaccess.

5. ConfigurePostfixvirtualdomains:(usingtheabovefilestomapdomainslistandemailaccountslisttoMySQL):1. shell>postconfe'virtual_alias_domains=':

Avirtualaliasdomainisadomainonwhichemailaccountsaremappedtosystemusers,eg.ifexample.tldisspecifiedasavirtualaliasdomainthencontact@example.tldcouldbemappedtoasystemusercalledrasmustherebygivingthatsystemuseraccesstohavingemailaccountsonmultipledomains.However,Ithinkthissettingisdeprecatedespeciallyitdoesnotallowanyonetohaveanemailaddresswithoutalsohavingasystemaccount,aproblemsolvedwithvirtual_mailbox_domains.NEVERlistavirtualaliasdomainasamydestinationdomain.

2. shell>postconfe'virtual_alias_maps=proxy:mysql:/etc/postfix/mysqlvirtual_forwardings.cf,mysql:/etc/postfix/mysqlvirtual_email2email.cf':listofdomainaliasesandemailaddressaliases.Eg.example.tldcouldbeanaliasforwebmodelling.com,[email protected]@webmodelling.com.



[email protected]. shell>postconfe'virtual_mailbox_domains=proxy:mysql:/etc/postfix/mysqlvirtual_domains.cf':

Sameasmydestination,thatis:allthedomainsforwhichPostfixshoulddeliverlocallyandinthe/etc/vmailfoldertherewillbecreatedasubfolderforeachofthesedomainstosaveemailmessagesreceived,eg.anemailmessagetorasmus@webmodelling.comwillbesavedinthewebmodelling.commailboxfolder(itisthevirtualdeliveryagentthatdeliversdomainsinvirtual_mailbox_domains,whileIthinkitisthelocaldeliveryagentthatdeliversdomainsinmydestination).ifnotusingMySQL,wecouldwritethisinstead:postconfe'virtual_mailbox_domains=webmodelling.comanother.domainathird.domain'orwecouldcreateafileandthenreferencethefilelike:postconfe'virtual_mailbox_domains=/etc/postfix/virtual_mailboxes'(virtual_mailboxeswouldthenhaveonedomainperline)NEVERlistavirtualmailboxdomainasamydestinationdomain.

4. shell>postconfe'virtual_mailbox_maps=proxy:mysql:/etc/postfix/mysqlvirtual_mailboxes.cf':Mapseachandeveryvirtualemailaddresstoamailboxfile,eg.rasmus@webmodelling.commustbemappedtothefolderwebmodelling.com/rasmus,themappingshouldnotcontainthevirtual_mailbox_base,onlythemailboxfolderandtheuserfile/folder.IfusingMaildirformat,thevirtual_mailbox_mapsfilemustappendaforwardslashtothepathnamelike:[email protected]/rasmus/.

5. shell>postconfe'virtual_mailbox_base=/home/vmail':Virtual_mailbox_baseisjustafoldertherethemailboxeswillbecreated.Thevirtuallocaldeliveryagentwillprefixvirtual_mailbox_basetoallpathnamesfromvirtual_mailbox_mapstokeepmailboxesinthevirtual_mailbox_basefolder.

6. shell>postconfe'virtual_uid_maps=static:5000':SpecifiesthesystemuserthatPostfixusesthendeliveringvirtualmailboxfiles(allfilesmustbelongtoasystemuser,herevmailwithUserID=5000).

7. shell>postconfe'virtual_gid_maps=static:5000':SpecifiesthesystemgroupthatPostfixusesthendeliveringvirtualmailboxfiles(allfilesmustalsobelongtoasystemgroup,herevmailwithGroupID=5000).

8. shell>postconfe'proxy_read_maps=$local_recipient_maps$mydestination$virtual_alias_maps$virtual_alias_domains$virtual_mailbox_maps$virtual_mailbox_domains$relay_recipient_maps$relay_domains$canonical_maps$sender_canonical_maps$recipient_canonical_maps$relocated_maps$transport_maps$mynetworks$virtual_mailbox_limit_maps':

9. SpecifytouseDovecotLDAforlocaldelivery(insteadofPostfixvirtualdeliveryagent):1. shell>postconfevirtual_transport=dovecot::2. shell>postconfedovecot_destination_recipient_limit=1:notethatyouhavetowritedovecot_destination_recipient_limitinsteadofthe

generictransport_destination_recipient_limit.3. shell>nano/etc/postfix/master.cf:openPostfixmaster.cffileandregisterDovecotLDAservicebyaddingthefollowingline:

dovecotunixnnpipeflags=DRhuuser=vmail:vmailargv=/usr/lib/dovecot/deliverf${sender}d${recipient}10. shell>postconf#mydomain:outcommentmydomain,otherwiseDovecotLDAwilltrytodelivermailtothatdomaintosystemaccounts

andnotvirtualaccounts,eg.ifmydomainisexample.comandpostfixsendsanemailtorasmus@example.comtoDovecotLDA,thenDovecotLDAwilltrytodeliverthemailtoarasmussystemaccounteg./home/rasmus/Maildir/newresultinginanerroriftherasmussystemaccountdoesnotexist.

11. shell>postconfe'mydestination=localhost,localhost.localdomain':tobesurewealsobetterremove$mydomainfrommydestination.12. shell>servicepostfixreload:reloadPostfixconfigurationtomakethechangesactive.

6. ConfigureDovecotvirtualdomains:1. shell>nano/etc/dovecot/dovecot.conf:opendovecot.confinthenanoeditorandmakeitlooklikethefollowing:(newpropertiesin

Fuchsia)!includeconf.d/*.confpop3_uidl_format=%08Xu%08Xvlog_timestamp="%Y%m%d%H:%M:%S"imap_client_workarounds=delaynewmailoutlookidlenetscapeeohmail_location=maildir:/home/vmail/%d/%n/Maildir:overwritethedefaultmail_locationvalue.%disdomain,%nisaccount.([email protected]/home/vmail/example.com/rasmus/Maildir)disable_plaintext_auth=no:otherwiseIcannotgetGmailPOP3integrationtowork.namespace{type=private:thisnamespacecontainsonlytheusersownmailboxes.(therearealsosharedandpublictypes).separator=.:charforseparatingchildfolders,eg.work.designorwork.programming.prefix=INBOX.inbox=yes:thisnamespacecontainstheinbox(thereareonlyoneinbox).}protocollda{:weneedtooverwritetheprotocolldasettinginconf.d/01mailstackdelivery.confauth_socket_path=/var/run/dovecot/authmaster:UNIXsocketpathtoDovecotLDA.postmaster_address=root@localhost:hereitmaybebettertouseyourownemailaddressmail_plugins=sievelog_path=/home/vmail/dovecotdeliver.logdeliver_log_format=msgid=%m:%$rejection_reason=Yourmessagetowasautomaticallyrejected:%n%r}authdefault{user=rootpassdbsql{args=/etc/dovecot/dovecotsql.conf}userdbstatic{args=uid=5000gid=5000home=/home/vmail/%d/%nallow_all_users=yes}socketlisten{master{:mastersocketgivesaccesstouserdbinformationtypicallysotheDovecotLDAcanfindmailboxlocationspath=/var/run/dovecot/authmastermode=0600user=vmail}

}}

2. shell>nano/etc/dovecot/dovecotsql.conf:open/createdovecotsql.confinthenanoeditorandaddthefollowing:driver=mysqlconnect=host=127.0.0.1dbname=Postfixuser=mail_adminpassword=MailAdminPassword:thesameMailAdminPasswordasthenyoucreatedthemail_adminuserforthePostfixdatabaseabove.default_pass_scheme=PLAINpassword_query=SELECTemailASuser,passwordFROMusersWHEREemail='%u'

3. shell>chmod600/etc/dovecot/dovecotsql.conf:besureonlyrootcanaccessthefilesinceitcontainsyourMailAdminPassword.4. shell>/etc/init.d/dovecotstop&&sleep5&&/etc/init.d/dovecotstart:restarttheDovecotservertoenabletheconfigurationchanges(as

usuallywait5secondsbetweenstopandstartquatheansilchildprocessbug).

VirtualdomainsTestitworks

Youremailserverisnowreadytohandlehugeamountsofdomainsandemailaddresses,howeverwebettertestsomeofitbeforewecontinuetoenhancetheemailserverwithspamcontrolandsecurity.



enhancetheemailserverwithspamcontrolandsecurity.

1. shell>mysqlurootpPassword:logontoMySQLserver.2. mysql>USEPostfix;3. mysql>INSERTINTOdomains(domain)VALUES('example.com');4. mysql>INSERTINTOusers(email,password)VALUES('[email protected]','abc');5. mysql>quit6. shell>postmapqexample.commysql:/etc/postfix/mysqlvirtual_domains.cf:ifthatcommandoutputsexample.com,thenPostfixvirtualdomainsworks

usingMySQL.7. shell>[email protected]:/etc/postfix/mysqlvirtual_email2email.cf:[email protected],thenPostfix

virtualusersworksusingMySQL.8. shell>echo"127.0.0.1example.com">>/etc/hosts:resolveexample.comtolocalhost.9. TestPostfix:

1. shell>telnetlocalhost25:probetheserveronport25(Postfix)tobesurePostfixislistening.1. Trying127.0.0.1...

Connectedtolocalhost.Escapecharacteris'^]'.:noticetheescapecharacter,ctrl+],shouldyougetinanytroublehere220Your.Domain.NameESMTPPostfix(Ubuntu)

2. helolocalhost:(moreinfowithehlolocalhost)3. 250your.domain.name4. mailfrom:root@localhost5. 2502.1.0Ok6. rcptto:[email protected]. 2502.1.5Ok8. data:beginthedatasection.9. 354Enddatawith.

10. Subject:Mysecondsubject11. Mysecondbody12. .:adotonanewlinefollowedbyEnterwillendthedatasection.13. 2502.0.0Ok:queuedasB58B210247814. quit:15. 2212.0.0Bye

Connectionclosedbyforeignhost.10. TestDovecotLDA:(registeredin/etc/postfix/master.cf,sinceitisPostfixthatdecideswhatagentisresponsibleforlocaldelivery)

1. shell>lsl/home/vmail/example.com/rasmus/Maildir/new:thereshouldbeoneemailmessagefile,whichconfirmsthatDovecotLDAisactivatedforlocaldelivery,thatitfunctionsandthatthepathiscorrect(thepathisdefinedusingmail_locationin/etc/dovecot/dovecot.conf).

11. TestDovecot:(hereusingimapinsteadofpop3justforfun)1. shell>telnetlocalhostimap

1. Trying127.0.0.1...Connectedtolocalhost.Escapecharacteris'^]'.*OK[CAPABILITYIMAP4rev1LITERAL+SASLIRLOGINREFERRALSIDENABLEIDLESTARTTLSAUTH=PLAINAUTH=LOGIN]Dovecotready.

2. [email protected]:everycommandneedtostartwithanumber3. 1OK[CAPABILITYIMAP4rev1LITERAL+SASLIRLOGINREFERRALSIDENABLEIDLESORTSORT=DISPLAY

THREAD=REFERENCESTHREAD=REFSMULTIAPPENDUNSELECTCHILDRENNAMESPACEUIDPLUSLISTEXTENDEDI18NLEVEL=1CONDSTOREQRESYNCESEARCHESORTSEARCHRESWITHINCONTEXT=SEARCHLISTSTATUS]Loggedin:notethattheanswerstartswiththesamenumberasthecommand.

4. 2list"""*":[email protected]. *LIST(\HasChildren)".""INBOX"

2OKListcompleted.6. 3select"INBOX":selecttheINBOXfolder.Asyoucanseebelow,Ihave15emailsofwhich1isnew(theoneIjustsentabove).7. *FLAGS(\Answered\Flagged\Deleted\Seen\Draft)

*OK[PERMANENTFLAGS(\Answered\Flagged\Deleted\Seen\Draft\*)]Flagspermitted.*15EXISTS*1RECENT*OK[UNSEEN4]Firstunseen.*OK[UIDVALIDITY1323581618]UIDsvalid*OK[UIDNEXT16]PredictednextUID*OK[HIGHESTMODSEQ1]Highest3OK[READWRITE]Selectcompleted.

8. 4fetch1all:fetchthefirstemailmessage.9. *1FETCH(FLAGS()INTERNALDATE"12Dec201112:22:00+0700"RFC822.SIZE394ENVELOPE("Mon,12Dec2011

12:21:37+0700(ICT)""Mysecondsubject"((NILNIL"root""localhost"))((NILNIL"root""localhost"))((NILNIL"root""localhost"))NILNILNILNIL""))4OKFetchcompleted.

10. 5fetch1body[]:thebodyneedstobefetchedexplicitly.11. *1FETCH(FLAGS(\Seen)BODY[]{394}

ReturnPath:DeliveredTo:[email protected]:fromlocalhost(localhost[127.0.0.1])byyour.server.domain(Postfix)withSMTPidB06DC101AB3forMon,12Dec201112:21:37+0700(ICT)Subject:MysecondsubjectMessageId:Date:Mon,12Dec201112:21:37+0700(ICT)From:root@localhost

Mysecondbody)5OKFetchcompleted.

12. 6logout13. *BYELoggingout

6OKLogoutcompleted.Connectionclosedbyforeignhost.

Ifyoupassedthetests,younowhaveanemailserverthatcanhandleemailaddressesonmultipledomains.AlsoyouareusingMySQLtostorethedomainsandaddresseswhichmakescreatingnewdomainsandemailaddressesabreezeandservesforeasyintegrationwithotherprograms,egthePostfixAdminprogramthatamongotherthingswillgiveyouawebbasedtooltohandledomainsandemailaccountsthroughMySQL.

ConfigureSASL(alternativelyexecuteemailserverinstallationscriptstep3>5)Currentlywerelyontrustednetworks(specifiedin/etc/postfix/main.cfmynetworksproperty)todecidewhetherPostfixwillallowrelayingan



Currentlywerelyontrustednetworks(specifiedin/etc/postfix/main.cfmynetworksproperty)todecidewhetherPostfixwillallowrelayinganemailmessage,howeverinsteadwewanttoconfigurePostfixtouseaccountauthenticationtodecidewhethertoallowrelayinganemailmessageratherthanwhethertheIPoftheemailclientiswithinourtrustednetworks.

SASL(SimpleAuthenticationandSecurityLayer)isanauthenticationprotocolandPostfixcanuseSASLtoauthenticateemailclients(MUA's)thentheyconnecttoPostfixtoforward(relay)anemailmessage,thatisthenanemailclientasktorelayanemailmessageusingSMTP.

IfwedidNOTconfigurePostfixtouseSASLforSMTPauthentication,wewouldhavetorelyontrustednetworkslikethis:

AnyMUAsendinganemailfromanIPbelongingtothetrustednetworksareALLOWEDtosend.AnyMUAsendinganemailfromanIPNOTbelongingtothetrustednetworksareREJECTEDtosend.

Ifweallowedeveryonetosend,thenourmailserverwouldbeanopenrelayandfastblacklistedbyotherMTA's.

IfwewanttoallowpeopleonmanydifferentIPstosendemailmessagesthroughourserver,wehavethefollowingsolutions:

AddingtheIPtoourtrustednetworkseachandeverytimeanewpersonwanttosendemail:thatisjusttooheavymaintenance.UsingtheSMTPafterPOPmethod,whichrequiresaMUAtoPOPbeforeSMTPtotemporarilyaddtheIPtotrustednetworks:thatisnotsupportedbyallMUA's,itisasecurityissueespeciallyondynamicIP'sanditisjustplainawkward.UsingSASLtoauthenticatetheMUAallowingtheMUAtoforwardemailmessagesevenifit'sIPisnotinthetrustednetworks:thisiseasytoimplement,wellsupportedbyMUA'sandtheindustrystandardoftoday.

Postfixsupports2SASLplugins:CyrusSASLandDovecotSASL,wewilluseDovecotSASLbecausewealreadyuseDovecotforMDAandforLDAandbecausewehavealreadyinstalledallnecessarypackagesandbecausetheconfigurationismoreeasythanforCyrusSASL.

Let'sgettoit:

1. ConfigureDovecottoprovideSASLauthentication:1. shell>nano/etc/dovecot/dovecot.conf:loadtheDovecotconfigurationfileinthenanoeditorandmaketheauthdefaultsectionlooklike

this:(newpropertiesinFuchsia)!includeconf.d/*.confpop3_uidl_format=%08Xu%08Xvlog_timestamp="%Y%m%d%H:%M:%S"imap_client_workarounds=delaynewmailoutlookidlenetscapeeohmail_location=maildir:/home/vmail/%d/%n/Maildirnamespace{type=privateseparator=.prefix=INBOX.inbox=yes}protocollda{auth_socket_path=/var/run/dovecot/authmasterpostmaster_address=root@localhostmail_plugins=sievelog_path=/home/vmail/dovecotdeliver.logdeliver_log_format=msgid=%m:%$rejection_reason=Yourmessagetowasautomaticallyrejected:%n%r}authdefault{user=rootmechanisms=plainlogin:plainisthestandardverbforunencrypted(OutlookExpressexpectslogininstead).passdbsql{args=/etc/dovecot/dovecotsql.conf}userdbstatic{args=uid=5000gid=5000home=/home/vmail/%d/%nallow_all_users=yes}socketlisten{master{path=/var/run/dovecot/authmastermode=0600user=vmail}client{path=/var/spool/postfix/private/auth:tellsDovecotwheretocommunicatewithPostfixauthentication.mode=0660:tellsDovecotthatthereareread&writeaccess.user=postfix:tellsDovecottousethepostfixuserforaccess.group=postfix:tellsDovecotusethepostfixgroupforaccess.}}}

2. shell>/etc/init.d/dovecotstop&&sleep5&&/etc/init.d/dovecotstart:restarttheDovecotservertoenabletheconfigurationchanges(asusuallywait5secondsbetweenstopandstartquatheansilchildprocessbug).

2. ConfigurePostfixtousetheSASLauthenticationprovidedbyDovecot:1. shell>postconfe'smtpd_sasl_type=dovecot':specifytheSASLplugintouse,hereDovecotSASL(asopposedtoCyrusSASLwhichis

default).2. shell>postconfe'smtpd_sasl_path=private/dovecotauth':thispathisrelativeto/var/spool/postfix(notethatprivate/authwas

automaticallychangedtoprivate/dovecotauththeninstallingthedovecotpostfixpackage.AlsoItriedtochangeitbackto

private/authbutIwouldthengetfatal:noSASLauthenticationmechanismsin/var/log/mail.errandalsotelnetlocalhost25woulddisconnect).

3. shell>postconfe'smtpd_sasl_auth_enable=yes':enabletheuseofSASL.Ifthisvalueisno(default),thenonlyMUA'sontrustednetworkswillbeabletorelayemailmessages.

4. shell>postconfe'smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination':herewespecifytopermitrelayforMUA'sthatareeitherauthenticatedusingSASLorisonourtrustednetworksandtorejectallotherMUA'storelay.

5. shell>postconfe'broken_sasl_auth_clients=yes':supportforolderMUA'slikeOutlookuptoversion2003andOutlookExpressuptoversion6withanobsoleteversionoftheAUTHcommand.Defaultvalueisno,howeverIguessthereisnosecurityriskinvolved.

6. shell>postconfe'smtpd_tls_auth_only=no':wehavenotconfiguredTLSyet,soifthissettingissettoyes,theSASLauthenticationwouldfail.

7. shell>servicepostfixreload:reloadtheconfiguration.

SASLTestitworks

Whatweneedtotestis:

ThatweareNOTallowedtorelayemailmessageswithoutloggingin.



ThatweareNOTallowedtorelayemailmessageswithoutloggingin.ThatweCANloginandthatwearethenallowedtorelayemailmessages.

Torunthistest,youneedtotelnetfromaremoteboxashelloneg.yourWindowsorUbuntubox.DONOTtrytotelnetfromthesameOSthathostyourmailserver,theideaistogetanIPoutsideofthePostfixtrustednetworks.(Ifyourunthewholetutorialonyourdevmachine,youcanuseeg.VirtualBoxtofastsetupavirtualmachinetotestfrom).

1. FirstconfirmthatPostfixannouncestheSASLcapabilityandthatyoucansendemailthatdoesnotneedtoberelayed:1. remoteshell>telnetMailServerIP25


2. ehlolocalhost3. 250your.server.domain

250PIPELINING250SIZE10240000250VRFY250ETRN250AUTHPLAINLOGIN:Postfixannouncesthatitsupportsauthenticationusingplainorloginmechanisms250AUTH=PLAINLOGIN:Postfixannouncesittwicebecausebroken_sasl_auth_clientsissettoyes.250ENHANCEDSTATUSCODES2508BITMIME250DSN

4. mailfrom:root@localhost5. 2502.1.0Ok6. rcptto:[email protected]:[email protected](rememberweaddedthisdomainandemailaddressabove

thentestingvirtualdomains).7. 2502.1.5Ok8. data9. 354Enddatawith.

10. Subject:subremote111. bodyremote112. .13. quit14. 2212.0.0Bye

Connectionclosedbyforeignhost.2. localshell>lsl/home/vmail/example.com/rasmus/Maildir/new:checkthemailhasarrived(thiscommandshouldbeexecutedonthesameOS

thathostyourmailserver).2. Secondconfirmthatyoucannotrelayanemailmessagewithoutloggingin:

1. remoteshell>telnetMailServerIP251. Trying127.0.0.1...

Connectedtolocalhost.Escapecharacteris'^]'.:noticetheescapecharacter,ctrl+],youaregoingtoneedit220Your.Domain.NameESMTPPostfix(Ubuntu)

2. mailfrom:root@localhost3. 2502.1.0Ok4. rcptto:[email protected]:[email protected]. 5545.7.1:Relayaccessdenied:indeedPostfixcorrectlyrejectedtorelaytheemailmessage.6. ctrl+]:pressctrl+]toescape,itisnotpossibletocontinue.7. ^]8. telnet>quit9. Connectionclosed.

3. ThirdconfirmthatyoucanlogonandthatPostfixaccepttorelaythemessage:1. shell>aptgetinstallopenssl:installopenssltobase64encodeyouremailcredentials.2. shell>printf'\0%s\0%s''username''password'|opensslbase64:createabase64encodedvalueofyourusernameandpasswordtousefor

SASLauthenticationbelow.3. remoteshell>telnetMailServerIP25:again,besuretousearemoteshell.


2. AUTHPLAINAHJhc211c0BleGFtcGxlLmNvbQBhYmM=:'AHJhc211c0BleGFtcGxlLmNvbQBhYmM='[email protected](Iuseabcforpassword)besuretocreateyourownbase64encodingofthelocalemailaccountyouwillusetosendfrom.

3. 2352.7.0Authenticationsuccessful:ThereyougotitSASLworks!4. mailfrom:[email protected]. 2502.1.0Ok6. rcptto:[email protected]:useoneofyourownemailaccounts.7. 2502.1.5Ok8. data9. 354Enddatawith.

10. Subject:subremote111. bodyremote112. .13. quit14. 2212.0.0Bye

Connectionclosedbyforeignhost.4. Confirmthatyouhavereceivedtheemail([email protected]).

ConfigureTLS(alternativelyexecuteemailserverinstallationscriptstep3>6)WhileSASLprovidesamechanismtoauthenticateremoteusersbyusernameandpasswordthentheytryrelayanemailmessagethroughtheemailserver,bothusernameandpasswordaresentinplaintextandcouldbeeasilyinterceptedandstolen.

UsingTLS(TransportLayerSecurity)wecanencryptthecommunicationbetweentheemailclientandtheemailserver,sothatifthecommunicationisintercepted,thecredentialswillnotbeinplaintext.

Thereare2waystosecureaprotocolwithTLS:

Theclientconnecttoaserverssecureportemailtypically993(imaps)or995(pop3s)andimmediatelybeginanencryptedhandshake.Theclientconnecttoaserversplaintextportemailtypically25(smtp),110(pop3)or143(imap)andbeginanunencryptedhandshake.IftheserverrespondtheSTARTTLScapability,thenthesubsequentcommunicationcanbeencryptedwhichincludestheauthenticationprocess(whereusernameandpasswordaresent).



process(whereusernameandpasswordaresent).

RegardlessofwhichTLSmethodisapplied,theservermustsentapublickeytotheclient,whichtheclientwillthenusetoencrypttherestofthesession.Onlytheserverthathavethecorrespondingprivatekeywillbeabletodecrypt.However,theclientwillneedtotrustthatitisconnectedtotherightserver,thereforetheserverdisplaysasignedcertificate,whichtheclientwillautomaticallyacceptifthesigningisdonebyatrustedauthority,whileifitisaselfsignedcertificate(whichwewilldo)thentheclientwillasktheuserwhethertotrustit.

Allinallwethereforeneed:

AprivatekeyAsignedpublickeycertificate(createdfromtheprivatekey)

Createthe2TLSkeyfiles

Dovecotmaylikelyalreadyhavecreatedthe2keysin/etc/ssl/certs/dovecot.pem&/etc/ssl/private/dovecot.pem,howeverwewanttocreateourown

1. shell>cd$HOME:changecurrentdirectorytoyourhomedirectorytomakethekeyfilesthere.2. shell>opensslgenrsades3outserver.key1024:useopensslgenrsatogenerateatripleDES(des3)encryptedprivatekeyfile(server.key).You

willbepromptedforapassphraseforthetripleDESencryption.3. Unencrypttheprivatekey:(OtherwisewewouldhavetomanuallywritethepassphraseeachtimePostfixstartsup,whichisnotpractical)

1. shell>opensslrsainserver.keyoutserver.insecure:useopensslrsatocreateanunencryptedversionoftheprivatekey.2. shell>mvserver.keyserver.key.secure:storetheencryptedprivatekeyasserver.key.secure.3. shell>mvserver.key.insecureserver.key:renametheunencryptedprivatekeytoserver.key.

4. shell>opensslreqnewkeyserver.keyoutserver.csr:useopensslreqtogenerateaCertificateSigningRequestfile(server.csr)usingtheprivatekey(server.key).Youwillbepromptedforrelevantinformationtobeincorporatedintoyourcertificatesigningrequest:(youdon'tneedtoanswerthemall)

1. CountryName(2lettercode)[TH]:TH:THforThailand(whereIlive).2. StateorProvinceName(fullname)[SomeState]:Nonthaburi:morepreciselyIliveinNonthaburi.3. LocalityName(eg,city)[]::Idon'tanswer.4. OrganizationName(eg,company)[InternetWidgitsPtyLtd]:FD:FDforFavouriteDesign.5. OrganizationalUnitName(eg,section)[]::Idon'tanswer.6. CommonName(eg,YOURname)[]:your.server.domain:thisisthemostimportantquestiontoanswer.7. EmailAddress[]:[email protected]. Achallengepassword[]::Idon'tanswer.9. Anoptionalcompanyname[]::mygood,thenwillitend.

5. shell>opensslx509reqdays365inserver.csrsignkeyserver.keyoutserver.crt:useopensslx509tocreatea(self)signedcertificatefile(server.crt)thatisvalidfor365daysusingthesigningrequestfile(server.csr)containingyourorganizationsinformationandusing(server.key)

Signatureoksubject=/C=TH/ST=Nonthaburi/O=FD/CN=RasmusRummelGettingPrivatekey

6. shell>mvserver.key/etc/ssl/private/:movetheprivatekeyfileto/etc/ssl/private/.7. shell>mvserver.crt/etc/ssl/certs/:movethecertificatefileto/etc/ssl/certs/.8. shell>chownroot:root/etc/ssl/private/server.key:setfullownershiptorootfortheprivatekeyfile.9. shell>chmod600/etc/ssl/private/server.key:besurethatonlyroothaveaccesstotheprivatekeyfile(sinceitisnotencrypted).

ConfigurePostfixtoofferTLS

1. shell>postconfe'smtp_tls_security_level=may':securitylevelfortheSMTPclient.'may'meansthatPostfixwilluseTLSiftheremoteSMTPserversupportsit(othervaluesare'none','encrypt''fingerprint','verify'and'secure').

2. shell>postconfe'smtpd_tls_security_level=may':'securitylevelfortheSMTPserver.may'meansthatPostfixwillannounceSTARTTLScapabilitytoclients,butnotrequirethatclientsuseTLS(othervaluesare'none'and'encrypt',encryptwillrequiretheclienttouseTLS).

3. shell>postconfe'smtpd_tls_auth_only=no':thiswillallowemailclientstologonwithoutencrypting.Ifyouwanttoforceemailclientstoenableencrypting,youneedtosetthisvaluetoyesandehlolocalhostwillnotanylongershowtheAUTHPLAINcapability(bepreparedtohelppeoplewithemailaccountsonyourservertosetupencryptionintheiremailclients).

4. shell>postconfe'smtpd_tls_key_file=/etc/ssl/private/server.key':5. shell>postconfe'smtpd_tls_cert_file=/etc/ssl/certs/server.crt':6. shell>postconfe'smtpd_tls_loglevel=1':loglevelsrunfrom0(verylittlelogging)to4(extremelogging).7. shell>postconfe'smtpd_tls_session_cache_timeout=3600s':defineaTLSsessioncachetoavoidmultiplerelativelyexpensivekeyexchangesand

clearthecacheeveryhour.8. shell>postconfe'tls_random_source=dev:/dev/urandom':

TLSTestitworks

1. shell>telnetMailServerIP25:again,besuretousearemoteshell.1. Trying127.0.0.1...

Connectedtolocalhost.Escapecharacteris'^]'.220Your.Domain.NameESMTPPostfix(Ubuntu)

2. ehlolocalhost3. 250mail6.example.tld

250PIPELINING250SIZE10240000250VRFY250ETRN250STARTTLS:PostfixannouncesSTARTTLScapability250AUTHPLAINLOGIN250AUTH=PLAINLOGIN

250ENHANCEDSTATUSCODES2508BITMIME250DSN

4. quit:it'stoodifficulttoencryptonthecommandline,sojustquit.5. 2212.0.0Bye

Connectionclosedbyforeignhost.2. Letstestwitharealemailclientonaremotemachine,eg.yourWindowsorUbuntudevbox

1. Onyourdevbox,mapourtestdomain,example.com,toyouremailserversIPusingthedevboxhostsfile:OnanUbuntudevbox:

1. devboxshell>echoe"\nYouEmailServerIPexample.com">>/etc/hosts:thee"\n"istostartonanewline.2. devboxshell>pingexample.com:besureyougetYourEmailServerIP.

1. OnaWindows7devbox:1. OpenC:\Windows\System32\drivers\etc\hostsinyourfavouritetexteditorandaddthefollowingline:

YourEmailServerIPexample.com:eg.formeitis192.168.1.72example.com2. devboxshell>pingexample.com:besureyougetYourEmailServerIP.

2. Onyourdevboxopenanemailclient,eg.OutlookExpressorThunderbird.



2. Onyourdevboxopenanemailclient,eg.OutlookExpressorThunderbird.3. SetyouremailclienttouseSTARTTLS:(hereThunderbird)

1. [email protected].

2. AddMailAccount.

3. MailAccountSetup

4. IMAP&SMTPareautomaticallyconfiguredtouseSTARTTLS.

5. PresstheCreatebuttonandwaitforThunderbirdtotestthepassword.

6. Successaccountcreated.AlsonotetheOutgoingServerisexample.comusingrasmus@example.comforauthentication.

4. Useyouremailclienttofetch(usingIMAP)emailmessagesfromyouremailserver:(hereThunderbird)1. IntheleftpanelselectthenewaccountandthenintherightpanelclickonReadMessages.

2. Acceptthecertificate(thisistheDovecotdefaultcertificate).

3. SuccessearliertestmailsfetchedusingTLS.5. Useyouremailclienttorelayanemailmessagethroughyouremailserverfromyourtestaddress([email protected])

tooneofyourrealemailaddresses([email protected]):(hereThunderbird)1. Writeanemailtooneofyourrealemailaddresses.

2. Dreadfulunknownerrorhoweverthereasonisthemissingcertificate.

3. Acceptthecertificateagain(actuallythisisanewcertificate,theonewemadeforSMTP).

4. SuccessmailrelayedusingTLS(noteyourtestservercannotsenddirectlytogmailbecausegmailrefusestoreceiveemailmessagesifsendersIPaddressanddomainnamedoesnotmatch,seemorehere(thisproblemwillgoawaythenyoupublishyouremailserverforproductionwithdomainnamesacknowledgedbypublicdns)).

Ifyoupassedthetests,younowhaveasecurefullworkingemailserver,congratulations.

InstallspamcontrolUNDERCONSTRUCTION

InstallSquirrelmailSquirrelmailisamongthemost,ifnotthemost,popularwebmailprogramsforlinuxmachines(andcanalsobeinstalledonwindows).

InstallApache(alternativelyexecuteemailserverinstallationscriptstep3>7)

Webmailneedstorunontopofawebserver,thereforeweneedtoinstallApachefirst(ifyoualreadyhaveApacheonyoursystem,eg.ifyouhaveaLAMPstack,youshouldskipthisstep).

1. shell>aptgetinstallapache2:installApache.2. shell>/etc/init.d/apache2restart:restartApache.

Thatwaskindofeasy!

InstallSquirrelmail(alternativelyexecuteemailserverinstallationscriptstep3>8)

1. shell>aptgetinstallsquirrelmailsquirrelmailcompatibilityphppearphpdbsquirrelmail:thewebmailprogramwithsupportforIMAP&SMTP.squirrelmailcompatibility:supportforplugins.phppear:MAYBEnecessaryforSquirrelmailtorunonApache(SquirrelmailisaPHPprogram).phppearisnecessaryforphpdbthough.phpdb:MAYBEnecessaryforSquirrelmailtorun(thoughIthinkSquirrelmaildonotaccessMySQLonlyPostfix&Dovecot)

2. shell>lns/etc/squirrelmail/apache.conf/etc/apache2/conf.d/squirrelmail.conf:SquirrelmailcomeswithapredefinedApacheconfigurationfilewhichwesymlinkto/etc/apache2/conf.dthatwillenableApachetoloadtheconfiguration.

3. shell>/etc/init.d/apache2restart:restartApachetostarttheSquirrelmailweb.

NotethatSquirrelmailisnotusingSASLandthereforedependson:

BeinginstalledonthesameserverasPostfix./etc/postfix/main.cfsmtpd_recipient_restrictionsMUSTincludepermit_mynetworks.

OtherwiseyouwillgetTransactionfailed5545.7.1:RelayaccessdeniedeverytimeyoutrytosendanemailfromSquirrelmail.

WebmailTestitworks

1. Openabrowseronaremotemachineandputinthefollowingurl:http://YouEmailServerIP/squirrelmail:youshouldseetheloginpage.2. Loginwiththeuserwehaveusedthroughoutthetutorial([email protected]):youshouldnowcometo

yourinboxanditshouldshowtheemailmessageswehavetestsendearlier.3. Composeatestemailinsquirrelmailandsendittooneofyourownemailaddresses([email protected]):aftersome

timeyoushouldreceivetheemail(ifithavenotarrivedwithinhalfanhour,itislikelynottoarrive).

Ifyoupassedthetest,congratulationsyouwebmailisfunctioning.

AppendixAccessSquirrelmailonmultiplecustomurlsSincethisemailserversupportsvirtualdomains,youmaywanttoaccessSquirrelmailondifferentcustomurls,herewewillconfigureSquirrelmailtobeaccessibleon2testdomains:

http://webmail.test1.comhttp://webmail.test2.com

Alsoweneed2machinesforthetest:



Youremailservermachine.Aremotemachine,eg.yourWindowsorUbuntudevbox,onwhichtheabovedomainswillresolvetoYourEmailServerIP.

1. Onyouremailservereditthesquirrelmail.conffiletomaptowebmail.test1.comandwebmail.test2.com:1. shell>nano/etc/apache2/conf.d/squirrelmail.conf:loadsquirrelmail.confinthenanoeditorandaddthefollowing:

:*meansthatthisvirtualhostisdefinedforallIPaddresses.ServerNamewebmail.test1.com:thisvirtualhostmapstowebmail.test1.comServerNamewebmail.test2.com:thisvirtualhostmapstowebmail.test1.comDocumentRoot/usr/share/squirrelmail:thisvirtualhosthavedocumentrootin/urs/share/squirrelmail

2. Pressctrl+xandthenytosaveandreturntoprompt.3. shell>/etc/init.d/apache2restart:restartApachetoloadthechangedconfiguration.

2. Onyourdevboxmapourtestdomains,test1.com&test2.com,toyouremailserversIPaddressbyaddingthetestdomainstothedevboxhostsfile:

OnaWindows7devbox:1. OpenC:\Windows\System32\drivers\etc\hostsinyourfavouritetexteditorandaddthefollowinglines:

YourEmailServerIPwebmail.test1.com:eg.formeitis192.168.1.72test1.comYourEmailServerIPwebmail.test2.com:eg.formeitis192.168.1.72test2.com

2. devboxshell>pingwebmail.test1.com:besureyouseeYourEmailServerIP(inmycase192.168.1.72)OnanUbuntudevbox:

1. devboxshell>echoe"\nYourEmailServerIPwebmail.test1.com">>/etc/hosts:echoe"\n"willinsertanewline.2. devboxshell>echo"YourEmailServerIPwebmail.test2.com">>/etc/hosts3. devboxshell>pingwebmail.test1.com:besureyouseeYourEmailServerIP(inmycase192.168.1.72)

3. Startawebbrowseronyourdevboxandnavigatetowebmail.test1.com:youshouldseeSquirrelmailloginpage.4. Navigatethesamewebbrowsertowebmail.test2.com:youshouldagainseeSquirrelmailloginpage.

Appendix:Management&DebuggingCommandsThefollowingisasmallcollectionofcommandstoempoweryousomewhatincaseofproblemseg.ifunderattack.

shell>tail30/var/log/mail.log:displaythelast30linesinthemaillog.shell>tail30/var/log/mail.err:displaythelast30linesinthemailerrorlog.shell>tail1000/var/log/mail.log|grepi':to=,'|less:focusthelogondeliveriestowebmodelling.com.shell>tail1000/var/log/mail.log|grepi':from=,'|less:focusthelogonemailssendbywebmodelling.com.

Workingwiththemailqueue

ThepostfixmailqueueisaqueueofmailmessagesthatPostfixhavenotyetdelivered.Thepostfixmailqueueisactuallyconsistingofseveralsubqueues.Messagesaremovedbetweenthesesubqueuesbythequeuemanagerthatalsoisresponsiblefordeliveringthemessages:

incomingqueue:thenamessagearrivesatthepostfixserver,thecleanupservicewillwritethemessagetoafileownedbythepostfixuserandmaskit0600.Thenthemessageisfinishedwrittentofile,thecleanupservicechangethefilemaskto0700.Iftheactivequeueisnotfull,thequeuemanagerwillperiodicallyscantheincomingqueue(allthenewmessagefiles)andmovefileswithmask0700totheactivequeue.Ifmailsarecominginfasterthanthequeuemanagercanmovethemfromincomingtoactive,theincomingqueuewillgrow.activequeue:messagesintheactivequeuearereadytobesent(runable)butnotnecessarilyintheprocessofbeingsent(running).Whiletheincoming,deferred,maildropandholdqueuesareonlyfilesondisknotoccupyingmemory,theactivequeueisalsoadatastructureinmemoryownedbythequeuemanagerprocess.Becausemessagesintheactivequeuearerepresentedinmemory,thereisalimittohowmanymessagescanbeholdintheactivequeueatwhichpointthequeuemanagerstopscanningtheincomingandthedeferredqueues(sincenomoremessagescanbemovedtotheactivequeue).deferredqueue:ifdeliveryfailedforoneormorerecipientsofamessage(eg.arecipientaddresscouldnotbevalidated),themessagewillbemovedtothedeferredqueueandassignedacoolofftime(betweenminimal_backup_timeandmaximum_backoff_time)beforewhichthequeuemanagerwillnotmovethemessagebackintotheactivequeue.holdqueue:theadministratorcancreaterules(eg.basedoncontentinheadersorbody)thatwillmovemessagestotheholdqueueoutsideofnormalprocessing.Amessageinholdisnothandledbythequeuemanagerbutneedstobemanuallymovedtoanotherqueue.postsuperrwillmovemessagesfromholdtomaildrop,whilepostsuperHwillmovemessagesfromholdtodeferred.maildropqueue:containerformessageslocallysubmittedusingpostfixsendmail.Themaildropqueueisnotconsideredpartofthepostfixmainqueueasmessageshavenotyetbeencheckedandrewrittenbythecleanupservice.Messagesaremovedtoincomingqueuebythepickupservicefromwhichpointonthecleanupserviceistakingover.

NotethatthequeuemanagerismainlysloweddownbyI/Ooperations(movingthemessagesbetweenqueues)andbytransportlookupqueries.

shell>mailq:listallmailsinthemailqueue(maildrop,incoming,active&deferred).shell>mailq|grep"webmodelling.com":displayallmessagescontaining"webmodelling.com".Folderactions:

shell>lsl/var/spool/postfix:listallfoldersinvolvedwiththemailqueue.shell>find/var/spool/postfixtypef|wcl:veryfastwaytoapprocimatelycountfilesinahugemailqueue(theresultisnotprecisebecauseotherfoldersthanthe4mainqueuefoldersarecounted).shell>find/var/spool/postfix/deferredtypef|wcl:countmessagesinthedeferredqueue.shell>grep"webmodelling.com"/var/spool/postfix/deferred/*|wcl:countmessagesinthedeferredqueuecontaining"webmodelling.com".

postsupershell>postsuperdMESSAGEID:deleteamessagebyit'smessageID.shell>postsuperdALL:deleteallmailsinthequeue(typicallyusedthenyourqueueisfloodedwitheg.spam).shell>postsuperdAlldeferred:deleteallmailsinthedeferredqueue.

shell>postsuperhMESSAGEID:movemessagewithID=MESSAGEIDfromincomingqueuetoholdqueue.shell>postsuperrMESSAGEID:requeuemessagewithID=MESSAGEIDfromanyqueuetoincomingqueue.shell>postsuperhALL:moveallmessagesfromincomingqueuetoholdqueue.shell>postsuperrALL:requeueallmessagesfromanyqueuetoincomingqueue.Deletemessagesfromaspecificdomainoruserormessagescontainingaspecifictext:

shell>mailq|grep'webmodelling.com'|awk'{print$1}'|postsuperd:deleteallmessagescontaining'webmodelling.com'.shell>mailq|grep'webmodelling.com'|awk'{printsubstr($1,0,12)}'|postsuperd:sometimesthemessageIDfieldhaveastar(*)appended,whichmustberemovedbeforepostsuperwillrecognisethemessageIDfield.

postqueue:shell>postqueuepshell>postqueuef:flushallmailsinthedeferredqueue,thatis:moveallmessagestotheactivequeuetotrytodeliverallmailsimmediately.Thisismostoftenabadideaasmailsinthedeferredqueuearetherebecauseofdeliverytrouble,soiftryingtodeliverthemallatonce,theactivequeuemayeasilybecomecongestedandmessagesintheincomingqueuemaywaitalongtimebeforetheycanbedelivered.

postcat:shell>postcatqMESSAGEID:readallheadersofathemessagewithID=MESSAGEID.Thisisveryusefultoidentifythereasonwhya



shell>postcatqMESSAGEID:readallheadersofathemessagewithID=MESSAGEID.Thisisveryusefultoidentifythereasonwhyamessageisinthedeferredqueue.

qshape:(qshapetutorial)shell>qshape:showspostfixqueuecontentinatabularformorderingdestinationdomainsafteroccurrenceontheverticalaxisandqueueagealongthehorizontalaxis.shell>qshapes:showssenderdomainsinsteadofdestinationdomainsusefultoidentifyfromwhichdomainsspamarebeingsent.shell>qshapedeferred:showswhichdestinationshavebeenunabletobedelivered.shell>qshapeactive:showswhichdestinationsareintheprocessoftryingtobedelivered.

shell>postconfemaximal_queue_lifetime=1d:settingthequeuelifetimeto1day,whichmeansthatamessageundeliverableafter1daywillbereturnedtosenderwithan"undelivered"notice.Thedefaultqueuelifetimeis5days.Thequeuelifetimevaluecanbesetinseconds(s),minutes(m),hours(h),days(d)andweeks(w).(reloadpostfixaftersettingthispropertyservicepostfixreload).

MailLog

Logfiles:(Postfixlogsthroughsyslog,/etc/syslog.conf,onUbuntuthisisdefaultto/var/log)

/var/log/mail.log:PostfixsendsALLlogmessagestothisfile./var/log/mail.err:Postfixalsosendserrormessagestothisfile(becauseitcanbedifficulttofindtheerrormessagesinmail.log)/var/log/mail.warn:Postfixalsosendswarningmessagestothisfile.

Usethetailcommandtoviewthelogfiles:

shell>tail30/var/log/mail.log:printthelast30messagestoscreen.shell>tailf/var/log/mail.log:keepprintingnewmessagestoscreeninrealtime.

Postfixlogformat:(Postfixconsistofseveralcomponentsthateachlogstomail.logintheirownformat,howeverallentriesconsistof4elementaryparts:

1. Datetime:eg.Mar1312:54:07.2. Hostname:eg.mail1.3. ComponentID:eg.postfix/smtpd[27559]:(otherexamplesarepostfix/master[932]:orDovecot:oramavis[2021]:).4. Message:thisisverydifferentdependingonthecomponent(Iamnotsureifthesamecomponentalwayshavethesameformat)

Elementsofthepostfix/smtpdcomponentlog:

delaysa/b/c/d:a:timebeforequeuemanager,includingmessagetransmission.b:timeinqueuemanager.c:connectionsetupincludingDNS,HELOandTLS.d:messagetransmissiontime.

Myemailserverissendingalotofspamhelp

Ifyouremailserverstartstosendalotofspam,youremailserverwillbeblacklistedbydifferentemailblacklistserversandyoucannotanylongersendemailtoanyoneusingtheseblacklistservers.

Tofighttheproblem,youcanamongotherstryto:

Testthatyouremailserverisnotanopenrelay:Gotohttp://abuse.netMakeanaccountandtestifyouremailservercanbeusedasanopenrelay

SetyourlogleveltomaximumFocusonacertainlog

Ifyouhostmanywebsites,itcanbeverydifficult,eg.ifthereareanoldversionofJoomla,Mambo,Wordpressetc.,someonemaybeabletobreakinanduploadamailsendingscript.

Appendix:BasicConcepts



MTA:MailTransferAgent:AnMTAreceivesandsendsoutmail.PostfixisthedefaultMTAonUbuntu(thoughExim4isalsointhemainrepository).MDA:MailDeliveryAgent:AnMDAmakesmessagesreceivedbyMTAavailablefordownloadusingeg.IMAPorPOP3.DovecotisthedefaultMDAonUbuntu(thoughCourierwithsupportforexternaldatabaseserverisalsointhemainrepository).SinceDovecotsupportsIMAP&POP3,DovecotisalsocalledanIMAP&POP3server.MUA:MailUserAgent:AMUAistheemailprogramyouusetocreateemailmessagesandtoreceiveandreadthem,eg.OutlookExpressorThunderbird.LDA:LocalDeliveryAgent:ThenanMTAdecidesthatitisitselfthefinalMTAdestinationforanemailmessage,theMTAinsteadofforwardingtheemailmessagetoyetanotherMTAneedstostoretheemailmessageonlocalstorage.PostfixcanstoreanemailmessageifthestorageformatiseithermboxorMaildir,howevertheMTAcanalsoletanLDAhandlethelocalstorage,eg.DovecotLDAisaPostfixpluginthathandlesdeliveringemailmessagesfromthePostfixservertothelocalstoragemedia.IMAP::HighbandwithprotocolforMUAtodownloademailmessagesfromMDA.TypicallyemailmessagesareonlycachedontheMUA(alsoothergoodstuff).POP3::LowbandwithprotocolforMUAtodownloademailmessagesfromMDA.TypicallyemailmessagesaredownloadedtotheMUAanddeletedontheserverbytheMDA.SMTP:SimpleMailTransferProtocol:ProtocolfortransferingemailmessagesfromMUAtoMTAandfromMTAtoanotherMTA.Mailbox:Amailboxisanemailmessagestorageformat.ThetwomostpopulararemboxandMaildir(bothsupportedbyPostfixfordirectlocaldeliverywithoutusinganLDA).mboxstoresemailmessagesinonebigfileforeachemailaccountwhileMaildirstoreseachemailmessageinitsownfile.SASL:SimpleAuthenticationandSecurityLayer:SASLisanSMTPAuthenticationprotocol/plugin.Postfixsupports2SASLimplementations,CyrusSASL&DovecotSASL.

Appendix:RelevantlinksPostfixmanualsDebianPackagedocumentationPostfixconfigurationproperties(main.cf)DovecotconfigurationpropertiesDovecotexplainedPostfixVirtualDomainHostingHowtoofficialandgoodHowtoconfigurePostfixforvirtualdomainsverygoodPostfixdocumentationforMySQLmapping

Appendix:SquirrelmailinthaiFirstoff:sorryforspammingwithanappendixthatiswithoutinterestforthemajority,howeverpartlyIalsousethispageaspersonaldocumentationandpartlythelogicisapplicableforotherlessprominentlanguagesaswell.

ConfigureSquirrelmailtodisplaythaicharacterscorrectthenemailisnotarrivinginutf8:

1. In/usr/share/squirrelmail/functions/i8n.php:1. ChangetheUScharsetfromiso88591totis620:(tis620isthethaicharacterset)

#$languages['en_US']['CHARSET']='iso88591':outcommentthisrecord.$languages['en_US']['CHARSET']='tis620';:insertthisrecordbelowtherecordjustoutcommented.

2. Thethailabeltranslationsaredefaultoutcommentedbecauselessthan50%istranslated,howeverwewanttousethem:Searchthei8n.phpfilefor$languages['th_TH']['NAME']anduncommentthe4recordsdefiningthethailanguage.

2. In/etc/squirrelmail/config.php:#$squirrelmail_default_language='en_US':outcommentthisrecord.#$default_charset='iso88591':outcommentthisrecord.$squirrelmail_default_language='th_TH';:insertthisrecordbelowthe2justoutcommentedrecords.$default_charset='tis620';:andtheninsertthisrecordalso.

Appendix:Commonerrorsandsolutions1. Dovecotunknowndatabasedrivermysql.

Reason:Ifyouhavetheaboveerror1,youhaveforgottoaddmysqlsupportfordovecot.



Solution:Installthedovecotmysqlpackage:

1. shell>aptgetinstalldovecotmysql.

2. Dovecotfatal:pipe_command:execvp/usr/local/libexec/dovecot/deliver:Nosuchfileordirectory.

Reason:Ifyouhavetheaboveerror2,thenDovecotLDAisregisteredwithPostfixinmaster.cfbutwithawrongpath.Ithink/usr/local/libexec/dovecot/deliveristheoldpathtoDovecotLDAandthereforemanyguidesanddocumentationwillspecifythatpath.Thedovecotpostfixpackageversion2.0.13storesDovecotLDAin/usr/lib/dovecot/deliver.

Solution:RegisterDovecotLDAwiththerightpath:

1. shell>sedie"/\/usr\/local\/libexec\/dovecot/,s/local\/libexec/lib/"/etc/postfix/master.cf:changethepathtoDovecotLDA.(Youcanalsoopen/etc/postfix/master.cfinnanoandchangethepaththereifyoudon'tlikethesedcommand).

2. shell>/etc/init.d/postfixrestart:makethenewpathactive.

3. Dovecotdovecot:master:Error:service(anvil):Socketalreadyexists:/var/run/dovecot/anvil.

Reason:Thisisaknownbugindovecotcommon2.0.13,seehere,thattheanvilchildprocessisslowtocloseandthereforemayblockDovecotstartup.

Solution:IusethefollowingworkaroundthatinsteadofrestartingDovecot,IfirststopDovecotthenwait5secondsandthenstartDovecot(itseemstoworkeverytime).

1. shell>/etc/init.d/dovecotstop:stopthedovecotserverandWAIT5secondshopingthattheanvilchildprocessisalsostopping2. shell>/etc/init.d/dovecotstart:startthedovecotserver3. shell>nmaplocalhost:checkifpop3&imapareup,ifnotthenstopDovecotandagainwaitsometimebeforetryingtostartDovecot.

shell>/etc/init.d/dovecotstop&&sleep5&&/etc/init.d/dovecotstart:alternativelyyoucanexecutethewholeprocedureinonego.

4. Postfixpostfix/qmgr[6080]:warning:connecttotransportprivate/dovecot:Nosuchfileordirectory.

Reason:Ifyouhavetheaboveerror4,onereasoncouldbethatyouhaveenabledsaslauthforsmtpwithoutactuallyconfiguringsaslauth.Igotthiserrorwiththefollowingrelevantdefaultentriesin/etc/postfix/main.cf:

smtpd_sasl_auth_enable=yes:tellPostfixtousesaslauth.smtpd_sasl_type=dovecot:tellPostfixthatthesaslauthisdovecot.smtpd_sasl_path=private/dovecotauth:tellPostfixwheretofinddovecotsaslauthandindeedthispathisreplicatedintheerrormessage.

Solution:TellpostfixtoNOTusesaslauth:

1. shell>postconfe"smtpd_sasl_auth_enable=no

5. TryingtouseGmailsMailFetchertocheckmailusingPOP3errors:ServerdeniedPOP3accessforthegiveusernameandpassword.andServerreturnederror:"Plaintextauthenticationdisallowedonnonsecure(SSL/TLS)connections."

Reason:Dovecotdefaultdisablesplaintextauthenticationovernonsecureconnections.

Solution:ItwouldbebestifGmailMailFetchercouldworkoverasecureconnection(eg.POP3Sonport995),howeverIhavenotbeenabletomakethatwork.InsteadIsimplyconfigureDovecottoallowplaintextauthenticationalsoovernonsecureconnections:

1. emailservershell>nano/etc/dovecot/dovecot.conf:opentheDovecotmainconfigurationfileandaddthisrecord:disable_plaintext_auth=no

2. Pressctrl+xandthenytocloseandsavethehostsfile.3. emailservershell>/etc/init.d/dovecotstop&&sleep5&&/etc/init.d/dovecotstart:restartDovecotwaiting5secondsbetweenstopandstartto

bypasstheanvilchildprocessbuginDovecot2.0.13(andpossibleotherversionsaswell).

6. status=deferred(deliverytemporarilysuspended:connectto127.0.0.1[127.0.0.1]:10024:Connectionrefused)7. NOQUEUE:reject:RCPTfromunknown[]:5545.7.1:Relayaccessdeniedfrom=to=

proto=ESMTPhelo=

Reason:LasttimemyAmavisdnewwasdown,Igotthe2above6&7errormessages.ConfirmthatAmavisdnewisdown:

shell>nmaplocalhost:ifyoudon'tseeport10024inuse,thenlikelyAmavisdnewisnotlistening.shell>netstaptap:anotherwaytochecklisteningdaemons.

Solution1:RestartAmavisdnewandPostfix:

1. shell>/etc/init.d/amavisdnewrestart2. shell>servicepostfixrestart

Solution2:Restartthemailserver

6. amavis(!)ClamAVclamdavscannerFAILED:run_averror:Toomanyretriestotalkto/var/run/clamav/clamd.ctl(Can'tconnecttoUNIXsocket/var/run/clamav/clamd.ctl:Connectionrefused).

7. amavis(!!)WARN:allprimaryvirusscannersfailed,consideringbackups

Reason:Ifyouhavetheaboveerror6&7

Solution:

shell>psef|grepclam:testiftheclamdisrunning.shell>/etc/init.d/clamavdaemonstart:starttheclamd.

1. 4504.7.1:Recipientaddressrejected:SPFResult=webmodelling.com:'SERVFAIL'erroronDNS'SPF'lookupof'webmodelling.com'(inreplytoRCPTTOcommand))

Reason:



Solution:

CommentsYoucancommentwithoutloggingin

Register username

Captcha

Nickname

Facebook

Save Cancel

uwilUsertype:StandardRegister:2013Feb22

Topics:1Replies:6

reportreply22Aug201319:58

hay..it'sawesomeguideandijustfollowthisguidestepbystep,butihaveprobleminstepvirtualdomain..

aftercommand>>postmapqexample.commysql:/etc/postfix/mysqlvirtual_domains.cf

outputwas>>postmap:warning:connecttomysqlserver127.0.0.1:Accessdeniedforuser'mail_admin'@'localhost'todatabase'"postfix"'postmap:fatal:tablemysql:/etc/postfix/mysqlvirtual_domains.cf:queryerror:Success

so,canyouhelpme?whatisupposedtodo??thanks

RasmusUsertype:AdminRegister:2012Dec21

Topics:0Replies:107


Hiuwil

Myguessisthepasswordspecifiedformail_adminuserin/etc/dovecot/dovecotsql.confisnotidenticaltothepasswordspecifiedforthemail_adminuserin/etc/postfix/mysqlvirtual_domains.cfornotidenticaltothepasswordspecifiedforthemail_adminuserthenaddingmail_adminusertoMySql.

Totestifthemail_adminusercanconnect,dothefollowing:shell>mysqlumail_adminpMailAdminPassword:(thereisnospacebetweenpandMailAdminPassword).

Redothe"ConfigurePostfixforvirtualdomainsusingMySQL"sectionandpaycloseattentiontothepasswordeachtimeyouengagethemail_adminuser.

webfiddlerbynature

Anonymous


hirasmus

thankforreply.Iguessin/etc/dovecot/dovecotsql.confisindentical,sameasin/etc/postfix/mysqlvirtual_domains.cfandMySQLusertoo

/etc/postfix/mysqlvirtual_domains.cfuser=mail_adminpassword=MailAdmindbname="Postfix"query=SELECTdomainASvirtualFROMdomainsWHEREdomain='%s'localhost=127.0.0.1

/etc/dovecot/dovecotsql.confdriver=mysqlconnect=host=127.0.0.1dbname=Postfixuser=mail_adminpassword=MailAdmindefault_pass_scheme=PLAINpassword_query=SELECTemailASuser,passwordFROMusersWHEREemail='%u'

mysqlmysql>CREATEDATABASEPostfixmysql>GRANTSELECT,INSERT,UPDATE,DELETEONPostfix.*TO'mail_admin'@'localhost'IDENTIFIEDBY'MailAdmin';

GRANTSELECT,INSERT,UPDATE,DELETEONPostfix.*TO'mail_admin'@'localhost.localdomain'IDENTIFIEDBY'MailAdmin';

please,correctmeifi'mwrong,islooksdifferent?

iusingubuntu12.04thankyou


Hiuwil

Yourconfigurationlookscorrect,howeveryoudidnotwritewhetheryouhadtriedtomanually

Words:0 Chars:0 Charsleft:2000

B U I S Helvetica 3




Topics:0Replies:107

Yourconfigurationlookscorrect,howeveryoudidnotwritewhetheryouhadtriedtomanuallyconnecttothePostfixdatabaseandifyoudidwhetheryoucouldconnectornot:shell>mysqlumail_adminpMailAdminPassword

webfiddlerbynature


Topics:1Replies:6


hi

oh,ihadtriedtomauanllyconnecttothePostfixdatabase,andiguessnotproblemhere..

shell>mysqlumail_adminpMailAdmin

outputcommandmysql>

anythingelse?igetstuckinthispart:(canyouhelpme,please


Topics:1Replies:6


hi

goodnews,ijustwanttomakecorrection.theissuewasworkfinenow

in/etc/postfix/mysqlvirtual_domains.cfijustremoved""indbname.

/etc/postfix/mysqlvirtual_domains.cfuser=mail_adminpassword=MailAdmindbname=Postfixquery=SELECTdomainASvirtualFROMdomainsWHEREdomain='%s'localhost=127.0.0.1

postmapqexample.commysql:/etc/postfix/mysqlvirtual_domains.cf

outputcommand>>example.com

itsworkingnowthankyou:)


Topics:1Replies:6


hirasmus

ihaveanotherissueagain..*sign*

afterinputcommand>>lsl/home/vmail/examples.com/uwil/Maildir/newoutputwas>>ls:cannotaccess/home/vmail/example.com/uwil/Maildir/new:Nosuchfileordirectory

iguessmail_locationwasrightin/etc/dovecot/dovecot.conf

and,whenitriedtelnetlocalhostimapshell>telnetlocalhostimapTrying127.0.0.1...Connectedtolocalhost.Escapecharacteris'^]'.*OKWaitingforauthenticationprocesstorespond..*BYEDisconnectedforinactivity.Connectionclosedbyforeignhost.

canyouhelpmeagain??plz

thankyou:)


Topics:0Replies:107


HiuwilItisalongtimesinceImanuallyworkedwithPostfix,howeverIthinkIcanrememberthatthedomainsarenotwrittento/home/vmailbeforethefirstuseronthatdomainreceivesanemailthismeansthattoseethefolder:/home/vmail/example.com/uwil/Maildir/new,[email protected],eg.usingtelnettosendtheemailthroughpostfixlike:shell>telnetlocalhost25.Iguessyouhavealreadytriedtousetelnettosendanemailtouwil@example.comthroughPostfixinwhichcasetheemailhavenotbeendeliveredcorrectly.

Reconfirmthat:

1. /etc/dovecot/dovecot.confcontainsthecorrectmail_location:mail_location=maildir:/home/vmail/%d/%n/Maildir

2. /etc/postfix/main.cfcontainsthecorrectvirtualtransport:virtual_transport=dovecot



2. /etc/postfix/main.cfcontainsthecorrectvirtualtransport:virtual_transport=dovecot3. /etc/postfix/master.cfregisterthedovecotlda:dovecotunixnnpipeflags=DRhuuser=vmail:vmail

argv=/usr/lib/dovecot/deliverf${sender}d${recipient}4. Thatnoemailiswrittento/home/uwil/Maildir/new:ifthereisanemailthereafteryouusedtelnettosendan

[email protected],dovecotldawillsendemailtosystemaccountsinsteadvirtualaccounts.

5. Remembertorestartdovecot&postfixaftermakingchanges:1. shell>etc/init.d/dovecotstop&&sleep5&&/etc/init.d/dovecotstart2. shell>servicepostfixrestart

Youwillneedtoseeanemailin/home/vmail/example.com/uwil/Maildir/newbeforeitgivesmeaningtocontinuewithshell>telnetlocalhostimap

webfiddlerbynature


Topics:1Replies:6


hirasmus

Iwanttoasksomethingaboutthemailserverthistutorial.ShouldweinstallandconfigureDNSserver(bind9)inubuntubeforewestarttheconfigurationofthemailserver?


Topics:0Replies:107


Hiuwil

ItisnotnecessarytoconfigureaDNSserverbeforeconfigurethemailserver(asIremember:thetutorialhaveonetestwithgmail(underTLSTestitworks)thatwillfailwithoutproperDNS,butthatshouldbeall)

webfiddlerbynature

Anonymous


hirasmus

Iwanttoasksomethingaboutthemailserverthistutorial.ijustmakeconfigurationinSASLnow,yourelayingemailto'[email protected]',thatisnotlocaldomain?likeaccountingmail?


Topics:0Replies:107


HiAnonymous

Yes,rasmus@webmodelling.comisaremotedomainrelativetothecontextofthetutorialjustlikeyouraccountongmailwouldbe.IntheSASLsectionitisparamounttotestwitharemotedomain.

NotethoughthatgmailisnotgoodfortestingbecausegmailwillrefuseemailsifitcannotconfirmtheIPaddressofthesendingdomain(calledreverselookuporrDNS),eg.ifyousendfromexample.comonyourlocalmachine,thengmailwilllookupexample.comandreceiveanIPdifferentfromtheIPyouaresendingfrom.

webfiddlerbynature


Topics:1Replies:6


hirasmus

thankforreplysorryi'mforgettologin,i'mpersonwhoaskthequestion

so,whatisupposedtodo,togetmaketestingiftheSASLTLSworkinginmymailserverasrelayingemaillikeyourtutorial.ihaveonlyaccountsgmailfortherealemail,andidon'thavedomainlike'webmodelling.com'asyou.

canyouadviceme?


Topics:0Replies:107


Hiuwil

Ihavecreatedanemailaddressforyou:[email protected],youcanaccessyouremailonlineatwebmail.webmodelling.comusinguwil@webmodelling.comforusernameandthepasswordIhavePM'edyou.

webfiddlerbynature


hirasmus



Anonymous

thankyousomuchforeverythingyourhelp..i'msopleasure

[email protected],butit'[email protected]:(

canhelpmeagain?thank


Topics:0Replies:107


Hiuwil

Inthe"SASLtestitworks"thereare3tests.Tellmeexactlywhatpartsofthetestsyoucanpassandwhatyoucannotpass.

webfiddlerbynature


Topics:1Replies:6


"ThirdconfirmthatyoucanlogonandthatPostfixaccepttorelaythemessage"

[email protected],buticannotrecievethatemai..inboxstillempty..

beforethatiguessihavepassedtheAUTHPLAIN,andsuccess..


Topics:0Replies:107


Hiuwil

Ifyoupassed"SASLTestitworks"test3.3.3"2352.7.0Authenticationsuccessful",thenSASLshouldactuallyworkandlikelysomethingelseisprohibitingyoufromsendingmail.

Youshouldlookinthelogfiles:/var/log/mail.log&/var/log/mail.err.JustaftertryingoutSASLtest3,youshoulddothefollowing:

shell>tail50/var/log/mail.log:printthelast50recordsofmail.logtoscreen.shell>tail50/var/log/mail.errshell>mailq:seeifsomethingispendinginthemailqueue.

Hopefullyyouwillbeabletogetahintfromtheabove.

webfiddlerbynature


Topics:0Replies:107

reportreply02Sep201303:02

Hiuwil,[email protected]@domain.comItakeityouhavemadeSASLwork?Inthatcase:congratulation

webfiddlerbynature

MostdownloadedC#UtilityFunctionsFlexCaptchaQueryString

PopularreadISPConfigsetupInstallOracleonSolarisUbuntuVirtualizationBacula

FavouriteProjectsfindthaifurniture.comfavouritebaker.commenulab.com

Date post:	25-Sep-2015
Category:	Documents
Upload:	dian-s-aji
View:	35 times
Download:	1 times

Ubuntu Email Server

Documents