Project Abandoned
A few years ago I managed to setup a basic mail-server for myself. It wasn't something I ended up using in the long term. I have found some of my notes on the setup and am putting them here for reference. The notes are not guaranteed to be correct, complete or in any sort of order. The notes are in reference to a Gentoo Linux system around 2008.
[20/04/2008] Email - Anti-Virus & Anti-Spam
The easiest way to virus scan incoming/outgoing email is to setup Postfix and Amavis. In addition to this the setup for spam filtering with this method is very easy.
In terms of a simple email solution the above approach of setting up a mailserver is the wrong direction to go in. On the other hand it brings with it many more possibilities for user interaction from remote locations.
FQDN - Fully Qualified Domain Name
Domain - example.com
Machine 1 - 192.168.0.1 [mach1]
Machine 2 - 192.168.0.2 [mach2]
Machine 1 FQDN - mach1.example.com
Machine 2 FQDN - mach2.example.com
Add details to /etc/hosts
Mailserver - Assume host without an real internet hostname (using a madeup/fantasy hostname)
Postfix - The core bit
Dovecot - IMAP server
Procmail - Proceses incomming mail & sorts it into folders
Fetchmail - Grabs email from POP3/IMAP accounts into local repository
Stage 1: Install Postfix
If ssmtp is blocking then remove it with
Set the folllowing only: pam,ssl,sasl,-dovecot-sasl
(dovecot-sasl - not compiled in at the beginning as it is not yet installed/configured)
myhostname = Core.workgroup mydomain = workgroup mydestination = $myhostname localhost.$mydomain localhost $mydomain myorigin = $mydomain mynetworks = 127.0.0.0/8 192.168.0.0/24 mynetworks_style = host relay_domains = relayhost = <specific details to follow> newaliases_path=/usr/bin/newaliases alias_maps = hash:/etc/mail/aliases #Reports problems #notify_classes = bounce, 2bounce, delay, policy, protocol, resource, software inet_interfaces = all smtp_generic_maps = </specific><specific details to follow> queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/lib64/postfix mail_owner = postfix unknown_local_recipient_reject_code = 450 alias_database = hash:/etc/mail/aliases home_mailbox = maildir/ mailbox_command = /usr/bin/procmail local_destination_concurrency_limit = 2 default_destingation_concurrency_limit = 2 debug_peer_level = 2 debugger_command = <as default> sendmail_Path = /usr/bin/sendmail mailq_path = /usr/bin/mailq setgid_group = postdrop
Stage 2: Configure Postfix
DNSDOMAIN="Workgroup"
Because we are using a fantasy domain name we need to replace it with something a little more official before sending email over the internet.
smtp_generic_maps = hash:/etc/postfix/generic
bob@workgroup bob.smith@example.com @workgroup bob.smith2@example.com
postmaster: bob root: bob operator: bob
Stage 3: Enable SASL authentication in the postfix SMTP Client
smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/saslpass smtp_sasl_type = cyrus relayhost = [<insert isp smtp server>] #Alternative form: #relayhost = [</insert><insert isp smtp server>]:submission smtp_sasl_security_options = noanonymous smtpd_sasl_local_domain = broken_sasl_auth_clients = yes smtpd_client_restrictions = permit_sasl_authenticated, reject_unauth_destination
[</insert><insert isp smtp server>] bob.smith:password [</insert><insert isp smtp server>]:submission bob.smith:password
If you use an explicit destination port in main.cf then you must use the same form in the smtp_sasl_password_maps file.
pwcheck_method:saslauthd mech_list:plan login
SASLAUTH_MECH = shadow SASL_RIMAP_HOSTNAME="" SASLAUTHD_OPTS="-a${SASLAUTH_MECH}"
Stage 4: Postfix TLS Support
smtpd_use_tls = yes smtp_tls_auth_only = yes smtpd_tls_key_file = /etc/ssl/postfix/server.key smtpd_tls_cert_file = /etc/ssl/postfix/server.crt smtpd_tls_CAfile = /etc/ssl/postfix/server.pem smtpd_tls_loglevel = 3 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom
--should auto start