Mailserver

Project Abandoned
A few years ago I managed to setup a basic mail-server for myself. It wasn't something I ended up using in the long term. I have found some of my notes on the setup and am putting them here for reference. The notes are not guaranteed to be correct, complete or in any sort of order. The notes are in reference to a Gentoo Linux system around 2008.

[20/04/2008] Email - Anti-Virus & Anti-Spam
The easiest way to virus scan incoming/outgoing email is to setup Postfix and Amavis. In addition to this the setup for spam filtering with this method is very easy.
In terms of a simple email solution the above approach of setting up a mailserver is the wrong direction to go in. On the other hand it brings with it many more possibilities for user interaction from remote locations.

FQDN - Fully Qualified Domain Name

Domain - example.com
Machine 1 - 192.168.0.1 [mach1]
Machine 2 - 192.168.0.2 [mach2]

Machine 1 FQDN - mach1.example.com
Machine 2 FQDN - mach2.example.com

Add details to /etc/hosts

Mailserver - Assume host without an real internet hostname (using a madeup/fantasy hostname)

Postfix - The core bit
Dovecot - IMAP server
Procmail - Proceses incomming mail & sorts it into folders
Fetchmail - Grabs email from POP3/IMAP accounts into local repository

Stage 1: Install Postfix

#emerge -pv postfix

If ssmtp is blocking then remove it with

#emerge -C ssmtp

postfix USE Flags
Set the folllowing only: pam,ssl,sasl,-dovecot-sasl
(dovecot-sasl - not compiled in at the beginning as it is not yet installed/configured)

emerge postfix

/etc/postfix/main.cf Run 'postfix reload' after editing to update a running system
myhostname = Core.workgroup
mydomain = workgroup
mydestination = $myhostname localhost.$mydomain localhost $mydomain
myorigin = $mydomain
mynetworks = 127.0.0.0/8 192.168.0.0/24
mynetworks_style = host
relay_domains =  
relayhost = <specific details to follow>
newaliases_path=/usr/bin/newaliases
alias_maps = hash:/etc/mail/aliases #Reports problems
#notify_classes = bounce, 2bounce, delay, policy, protocol, resource, software
inet_interfaces = all
smtp_generic_maps = </specific><specific details to follow>
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib64/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 450
alias_database = hash:/etc/mail/aliases
home_mailbox = maildir/
mailbox_command = /usr/bin/procmail
local_destination_concurrency_limit = 2
default_destingation_concurrency_limit = 2
debug_peer_level  = 2
debugger_command = <as default>
sendmail_Path = /usr/bin/sendmail
mailq_path = /usr/bin/mailq
setgid_group = postdrop

Stage 2: Configure Postfix

/etc/conf.d/domainname Setup your fantasy domain name
DNSDOMAIN="Workgroup"

Because we are using a fantasy domain name we need to replace it with something a little more official before sending email over the internet.

/etc/postfix/main.cf Add this line to point to the map file
smtp_generic_maps = hash:/etc/postfix/generic
/etc/postfix/generic Customise as required
bob@workgroup bob.smith@example.com
@workgroup  bob.smith2@example.com
Execute "postmap /etc/postfix/generic" whenever you change the generic table. Do this now if following steps.

postmap /etc/postfix/generic
/etc/mail/aliases Assume user called bob
    
postmaster: bob
root: bob
operator: bob

Stage 3: Enable SASL authentication in the postfix SMTP Client

/etc/postfix/main.cf
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_type = cyrus
relayhost = [<insert isp smtp server>]
#Alternative form:
#relayhost = [</insert><insert isp smtp server>]:submission
smtp_sasl_security_options = noanonymous
smtpd_sasl_local_domain = 
broken_sasl_auth_clients = yes
smtpd_client_restrictions = permit_sasl_authenticated, reject_unauth_destination
/etc/postfix/saslpass
[</insert><insert isp smtp server>] bob.smith:password
[</insert><insert isp smtp server>]:submission bob.smith:password

The submission destination port tells postfix to send the mail via TCP/587 which is normally reserved for email clients. Default is to send mail to the "SMTP" destination port TCP/25.
If you use an explicit destination port in main.cf then you must use the same form in the smtp_sasl_password_maps file.

/etc/sasl2/smtpd.conf
pwcheck_method:saslauthd
mech_list:plan login
/etc/conf.d/saslauthd
SASLAUTH_MECH = shadow
SASL_RIMAP_HOSTNAME=""
SASLAUTHD_OPTS="-a${SASLAUTH_MECH}"

Stage 4: Postfix TLS Support

/etc/postfix/main.cf
smtpd_use_tls = yes
smtp_tls_auth_only = yes
smtpd_tls_key_file = /etc/ssl/postfix/server.key
smtpd_tls_cert_file = /etc/ssl/postfix/server.crt
smtpd_tls_CAfile = /etc/ssl/postfix/server.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
Run "postfix check" to spot any error in the config

/etc/init.d/postfix check
/etc/init.d/saslauthd start
/etc/init.d/postfix start
rc-update add saslauthd default
rc-update add postfix default
/etc/init.d/courier-imap-ssl start

--should auto start

/etc/init.d/courier-authlib