Mailserver

Date

2013-05-24 22:42

Project Abandoned
A few years ago I managed to setup a basic mail-server for myself. It wasn’t something I ended up using in the long term. I have found some of my notes on the setup and am putting them here for reference. The notes are not guaranteed to be correct, complete or in any sort of order. The notes are in reference to a Gentoo Linux system around 2008.
[20/04/2008] Email - Anti-Virus & Anti-Spam
The easiest way to virus scan incoming/outgoing email is to setup Postfix and Amavis. In addition to this the setup for spam filtering with this method is very easy.
In terms of a simple email solution the above approach of setting up a mailserver is the wrong direction to go in. On the other hand it brings with it many more possibilities for user interaction from remote locations.

FQDN - Fully Qualified Domain Name

Domain - example.com
Machine 1 - 192.168.0.1 [mach1]
Machine 2 - 192.168.0.2 [mach2]
Machine 1 FQDN - mach1.example.com
Machine 2 FQDN - mach2.example.com

Add details to /etc/hosts

Mailserver - Assume host without an real internet hostname (using a madeup/fantasy hostname)

  • Postfix - The core bit

  • Dovecot - IMAP server

  • Procmail - Proceses incomming mail & sorts it into folders

  • Fetchmail - Grabs email from POP3/IMAP accounts into local repository

Setup

Stage 1: Install Postfix

emerge -pv postfix

If ssmtp is blocking then remove it with

emerge -C ssmtp

Note

postfix USE Flags Set the folllowing only: pam,ssl,sasl,-dovecot-sasl (dovecot-sasl - not compiled in at the beginning as it is not yet installed/configured)

emerge postfix

/etc/postfix/main.cf Run ‘postfix reload’ after editing to update a running system
 1myhostname = Core.workgroup
 2mydomain = workgroup
 3mydestination = $myhostname localhost.$mydomain localhost $mydomain
 4myorigin = $mydomain
 5mynetworks = 127.0.0.0/8 192.168.0.0/24
 6mynetworks_style = host
 7relay_domains =
 8relayhost = <specific details to follow>
 9newaliases_path=/usr/bin/newaliases
10alias_maps = hash:/etc/mail/aliases #Reports problems
11#notify_classes = bounce, 2bounce, delay, policy, protocol, resource, software
12inet_interfaces = all
13smtp_generic_maps = </specific><specific details to follow>
14queue_directory = /var/spool/postfix
15command_directory = /usr/sbin
16daemon_directory = /usr/lib64/postfix
17mail_owner = postfix
18unknown_local_recipient_reject_code = 450
19alias_database = hash:/etc/mail/aliases
20home_mailbox = maildir/
21mailbox_command = /usr/bin/procmail
22local_destination_concurrency_limit = 2
23default_destingation_concurrency_limit = 2
24debug_peer_level = 2
25debugger_command = <as default>
26sendmail_Path = /usr/bin/sendmail
27mailq_path = /usr/bin/mailq
28setgid_group = postdrop

Stage 2: Configure Postfix

/etc/conf.d/domainname Setup your fantasy domain name
DNSDOMAIN="Workgroup"

Because we are using a fantasy domain name we need to replace it with something a little more official before sending email over the internet.

/etc/postfix/main.cf Add this line to point to the map file
smtp_generic_maps = hash:/etc/postfix/generic
/etc/postfix/generic Customise as required
bob@workgroup bob.smith@example.com
@workgroup bob.smith2@example.com

Important

Execute “postmap /etc/postfix/generic” whenever you change the generic table.

postmap /etc/postfix/generic

/etc/mail/aliases Assume user called bob
postmaster: bob
root: bob
operator: bob

Stage 3: Enable SASL authentication in the postfix SMTP Client

/etc/postfix/main.cf
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_type = cyrus
relayhost = [<insert isp smtp server>]
#Alternative form:
#relayhost = [</insert><insert isp smtp server>]:submission
smtp_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_client_restrictions = permit_sasl_authenticated, reject_unauth_destination
/etc/postfix/saslpass
[<insert isp smtp server>] bob.smith:password
[<insert isp smtp server>]:submission bob.smith:password

Note

The submission destination port tells postfix to send the mail via TCP/587 which is normally reserved for email clients. Default is to send mail to the “SMTP” destination port TCP/25. If you use an explicit destination port in main.cf then you must use the same form in the smtp_sasl_password_maps file.

/etc/sasl2/smtpd.conf
pwcheck_method:saslauthd
mech_list:plan login
/etc/conf.d/saslauthd
SASLAUTH_MECH = shadow
SASL_RIMAP_HOSTNAME=""
SASLAUTHD_OPTS="-a${SASLAUTH_MECH}"

Stage 4: Postfix TLS Support

/etc/postfix/main.cf
smtpd_use_tls = yes
smtp_tls_auth_only = yes
smtpd_tls_key_file = /etc/ssl/postfix/server.key
smtpd_tls_cert_file = /etc/ssl/postfix/server.crt
smtpd_tls_CAfile = /etc/ssl/postfix/server.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

Important

Run “postfix check” to spot any errors in the config

/etc/init.d/postfix check

/etc/init.d/saslauthd start

/etc/init.d/postfix start

rc-update add saslauthd default

rc-update add postfix default

/etc/init.d/courier-imap-ssl start

–should auto start

/etc/init.d/courier-authlib