Ubuntu Email Server
-
Upload
dian-s-aji -
Category
Documents
-
view
51 -
download
1
description
Transcript of Ubuntu Email Server
-
4/8/2015 UbuntuEmailServer
http://webmodelling.com/webbits/ubuntu/ubuntuemailserver.aspx#ubuntumailserverbasictest 1/18
Articlestutorialsetc.
Projectswebsites
Downloadsscripts&stuff.
IamadanishprogrammerlivinginBangkok.Readmoreaboutme@rasmus.rummel.dk.
WebmodellingHome>UbuntuEmailServerhowto
UbuntuEmailServer10Feb2012.ThistutorialisastepbystephowtomakeUbuntuintoapowerfulemailserverusingPostfix,Dovecot,MySQLandSquirrelmail.
Tomakeiteasy,Ihavemadeanemailserverinstallationscriptwhichallowsyoutochooseoneofthe3followingscenarios:
Youwanttoinstallastandalonefullfledgedemailserverinstallationscriptoption1.YouwanttoenhanceyourLAMPstackwithanemailserverinstallationscriptoption2.Youwanttounderstandhowtoinstallanemailserverinstallationscriptoption3willholdyourhandwhilefollowingthistutorial.
Installmailserverstepbystep:1. Install&configurebasicmailserver(test)2. Configurevirtualdomains(test)3. Installspamcontrolunderconstruction4. ConfigureSASL(test)5. ConfigureTLS(test)6. InstallSquirrelmail(test)
Appendixes:Appendix:AccessSquirrelmailonmultiplecustomurlsAppendix:Management&DebuggingCommandsAppendix:BasicConceptsifyouarenewtoemailconcepts,skimthisfirstAppendix:RelevantlinksAppendix:SquirrelmailinthaiAppendix:Commonerrors&solutionsComments
Toomuchtalkingalready
InstallbasicmailcomponentsAnEmailserverisaboutlettingaMailUserAgent(MUA)alsocalledanemailclient,eg.OutlookExpressorThunderbird,sendingandreceivingemailmessages.Aminimalworkingemailserverconsistsof2components:
AMailTransferAgent(MTA):wewillusePostfix:basicallyresponsibleforlettingaMUAsendanemailmessage.AMailDeliveryAgent(MDA):wewilluseDovecot:basicallyresponsibleforlettingaMUAreceiveanemailmessage.
BasicmailcomponentsinstallPostfix(alternativelyexecuteemailserverinstallationscriptstep3>1)
1. Logontoyourserverasroot(orlogonasyournormaluserandthenswitchusertoroot:shell>suroot).2. shell>aptgetupdate:alwaysstartwithupdatingpackageinformation.3. InstallPostfix:
1. shell>aptgetyinstallpostfixpostfixdoc:postfix:MTAmailserverpostfixdoc:documentationforPostfix,notnecessarybutnicetohave.Installingthepostfixpackagewillpromptyoufor:
1. generaltype:youshouldchooseinternetsite.
2. Systemmailname:youinternetdomainnameusedtoqualifyyouremails,[email protected],thenthevalueshouldbewebmodelling.com
4. ConfigurePostfix:(postconfeisaconvenientwaytosetconfigurationpropertiesin/etc/postfix/main.cf)1. shell>postconfe'myhostname=host.example.tld':changehost.example.tldtoyourownserversFQDN(FullyQualifiedDomainName),eg.
web1.webmodelling.comormaybejustwebmodelling.com.2. shell>postconfe'mydomain=example.tld':standardistouseyourserversinternetdomainwithoutthehostname.IfyourFQDNis
host.example.tld,thenyoushouldonlyhaveexample.tldhere.3. shell>postconfe'mydestination=$mydomain,localhost,localhost.localdomain':listofdomainsthatPostfixshoulddeliverlocally.If
mydestinationissettowebmodelling.com,[email protected](andallotheremailmessageswillbeforwardedtoanotherMTA).Herethevalueissetto$mydomainandlocalhostetc.
4. shell>postconfe'mynetworks=127.0.0.0/8[::ffff:127.0.0.0]/104[::1]/128':listoftrustednetworksfromwhichSMTPclients(MUAs&otherMTAs)havemorepriviledges,typicalltrustedSMTPclientsareallowedtorelayemailmessageswhilenontrustedarenot.
5. shell>postconfe'inet_interfaces=all':whatinterfacestoreceiveemailon,eitherspecifycommaseperatedIPaddressesorspecifyall.6. shell>postconfe'home_mailbox=Maildir/':setmailboxformattoMaildir(eachemailmessageinitsownfile).7. shell>postconfe'smtpd_sasl_auth_enable=no':whiledocumentationstatesthisvaluesisdefaultsettono,actuallyitseemsdefaulttobe
yesandsincewedonotwanttoenablesaslauthyet,wesetitexplicitlytonohere.8. shell>/etc/init.d/postfixrestart:restartPostfixtoapplythechangedconfiguration.
BasicmailcomponentsinstallDovecot(alternativelyexecuteemailserverinstallationscriptstep3>2)
1. Logontoyourserverasroot(orlogonasyournormaluserandthenswitchusertoroot:shell>suroot).2. InstallDovecot:
1. shell>aptgetyinstalldovecotcommondovecotimapddovecotpop3ddovecotpostfixdovecotcommon:MDA(MailDeliveryAgent).Isresponsibleforstoringfinalreceivedemailmessages(typicallyonharddrive).Alsodovecotpop3danddovecotimapdependsonthispackage.dovecotimapd:AllowsMUAs(MailUserAgents)todownloademailmessagesusingtheIMAPprotocol.dovecotpop3d:AllowsMUAs(MailUserAgents)todownloademailmessagesusingthePOP3protocol.dovecotpostfix:MailstackdeliveryintegrationIhavenottestedit,butIguessthepackagewilltrytosetupPostfixtouseDovecotLDAaswellasinstallSieve.
Dogood Suka Tweet
-
4/8/2015 UbuntuEmailServer
http://webmodelling.com/webbits/ubuntu/ubuntuemailserver.aspx#ubuntumailserverbasictest 2/18
DovecotLDAaswellasinstallSieve.3. ConfigureDovecot:
Dovecotmainconfigurationfile/etc/dovecot/dovecot.confnowincludeslotsofseparateconfigurationfilesunder/etc/dovecot/conf.d/fordefaultconfigurationsettings.Themostimportantoftheseis/etc/dovecot/conf.d/01mailstackdelivery.conf.
1. shell>dovecotn|headn1:displayspathtoDovecotmainconfigfileshouldbe/etc/dovecot/dovecot.conf.2. shell>nano/etc/dovecot/dovecot.conf:loadDovecotmainconfigurationfileinthenanoeditorandbesureitcontainsthefollowinglines
(exceptthosestrikedthrough).protocols=pop3imap:notnecessarytoset,alreadysetinconf.d/01mailstackdelivery.conf.mail_location=maildir:~/Maildir/:notnecessarytoset,alreadysetinconf.d/01mailstackdelivery.conf.pop3_client_workarounds=outlooknonulsoenseoh:notnecessarytoset,alreadysetinconf.d/01mailstackdelivery.conf.Workaroundsforemailclientbugs.Outlook&OutlookExpresshangsifmailcontainsNULcharacters.outlooknonulsreplacesNULswith0x80.OutlookExpressandNetscapeMailbreaksifendofheaderslineismissing.oenseohsendsendofheaderslineifit'smissing.!includeconf.d/*.conf:loadallconfigurationfiles.pop3_uidl_format=%08Xu%08Xv:formatofPOP3uniquemailidentifier.log_timestamp="%Y%m%d%H:%M:%S":prefixforeachlinewrittentologfile.imap_client_workarounds=delaynewmailoutlookidlenetscapeeoh:thisisalsosetinconf.d/01mailstackdelivery.conf,howeverthevalueisnotcorrect,soweoverwriteithere.Workaroundsforemailclientbugs.namespace{:namespaceisnotstrictlyrequiredasadefaultnamespacewillbecreatedifyoudon'tcreateityourself.type=private:thisnamespacecontainsonlytheusersownmailboxes.(therearealsosharedandpublictypes).separator=.:charforseparatingchildfolders,eg.work.designorwork.programming.prefix=INBOX.inbox=yes:thisnamespacecontainstheinbox(thereareonlyoneinbox).}
3. shell>/etc/init.d/dovecotstop&&sleep5&&/etc/init.d/dovecotstart:restarttheDovecotservertoenabletheconfigurationchanges(wait5secondsbetweenstopandstartquatheansilchildprocessbug).
BasicmailserverTestitworks
Logontoyourserverasroot(orlogonasyournormaluserandthenswitchusertoroot:shell>suroot).Testthatserversareontherightports:
1. shell>nmaplocalhost:showsallportsonwhichserversarelisteningusingwhichprotocolyoushouldhaveatleast:25/tcpopensmtp110/tcpopenpop3143/tcpopenimap993/tcpopenimaps995/tcpopenpop3s
TestthatPostfixworks:(manuallysendinganemailthroughPostfix)1. shell>telnetlocalhost25:probetheserveronport25(Postfix)tobesurePostfixislistening.
1. Trying127.0.0.1...Connectedtolocalhost.Escapecharacteris'^]'.220Your.Domain.NameESMTPPostfix(Ubuntu)
2. helolocalhost:(moreinfowithehlolocalhost)3. 250your.domain.name4. mailfrom:root@localhost5. 2502.1.0Ok6. rcptto:rasmus@localhost:useavaliduserdifferentfromroot(theuserneedtohaveapassword,otherwisetheusercannotretrieve
mail)7. 2502.1.5Ok8. data:beginthedatasection.9. 354Enddatawith.
10. Subject:myfirstsubject11. Myfirstbody12. .:adotonanewlinefollowedbyEnterwillendthedatasection.13. 2502.0.0Ok:queuedas3141010228614. quit:15. 2212.0.0Bye
Connectionclosedbyforeignhost.2. shell>lsl/home/rasmus/Maildir/new:listtheemailmessagetoseethatithavebeenlocallydelivered(besuretochangerasmustoyour
ownuser)3. shell>cat/home/rasmus/Maildir/new/*:youcanalsoreadtheemailmessage.4. shell>telnetyour.server.domain25:shouldgivethesameresultastelnetlocalhost25andconfirmsthatyouhaveindeedusedthecorrect
FQDNforPostfixmyhostnameabove.TestthatDovecotworks:(retrievingtheemailusingDovecotpop3justsentthroughPostfixabove)
1. shell>telnetlocalhostpop31. Trying127.0.0.1...
Connectedtolocalhost.Escapecharacteris'^]'.+OKDovecotready.
2. userrasmus:theuser3. +OK4. passPASSWORD:insertthepasswordfortherasmususer.5. +OKLoggedin.6. list7. +OK1messages:
1420.
8. retr19. +OK420octets
ReturnPath:XOriginalTo:rasmus@localhostDeliveredTo:rasmus@localhostReceived:fromlocalhost(localhost[127.0.0.1])byyour.server.domain(Postfix)withSMTPid31410102286forWed,7Dec201119:58:25+0700(ICT)Subject:myfirstsubjectMessageId:Date:Wed,7Dec201119:58:25+0700(ICT)From:root@localhost
Myfirstbody.
10. quit
-
4/8/2015 UbuntuEmailServer
http://webmodelling.com/webbits/ubuntu/ubuntuemailserver.aspx#ubuntumailserverbasictest 3/18
10. quit2. shell>lsl/home/rasmus/Maildir/new:afterretrievingtheemailusingpop3,theemailmessagehavebeenremovedfromthenewfolder...3. shell>lsl/home/rasmus/Maildir/cur:...tothecurfolder.
Ifyoupassedthetests,younowhaveabasicemailserverthatactuallyworks.
ConfigurePostfixforvirtualdomainsusingMySQL(alternativelyexecuteemailserverinstallationscriptstep3>3)MostemailserversneedtobefinalMTArecipientformultiplevirtualdomainsandmanymanyemailaddresses.These2tasksarebyfarmosteasilyhandledusingaMySQLdatabase.
WhilewestorevirtualdomainsandvirtualemailaddressesinaMySQLdatabase,westillstoretheactualemailmessagesonstandardstorage(harddrive).Alsowewilluseonesystemaccount,vmail,inwhichhomefolderwewillwriteafolder,email_box,foreachemailaddress.
Ifwedidnotusevirtualdomainsandthereforevirtualmailboxes,defaultistostoreemailmessagesinthesystemusershomedirectory.However,sinceourusersarevirtual,weinsteadhaveavirtual_mailbox_base,wewilluse/home/vmail,andthensubfoldersforeachvirtual_mailbox_domain.
1. shell>aptgetyinstallmysqlclientmysqlserverpostfixmysqldovecotmysql:ifyoualreadyhaveMySQLinstalled,thenjustinstallthepostfixmysql&dovecotmysqlpackages.
mysqlserver:theactualmysqlserverthatenablesyoutocreatedatabases.mysqlclient:thisisthemysqlCLIthatallowsyoutoaccessandmanagemysqlserveranddatabasesusingthecommandline(aGUIalternativeisphpMyAdmin).postfixmysql:addsMySQLmapssupporttoPostfix.MakesitpossibletoconfigurePostfixtouseMySQLtostoreuseraccountsandrelateddata.dovecotmysql:addsMySQLdriversupporttoDovecot.Installingthemysqlserverpackagewillpromptyoufor:
1. rootuserpassword:createapasswordforMySQLrootuser(notUbunturootuser).
2. confirmrootuserpassword.2. CreatethePostfixMySQLdatabase:
1. shell>mysqlurootpRootPassword:usemysqlclienttologontoMySQL.BesuretochangePasswordtothecorrectpassword(noticethereisnospacebetweenpandPassword).
2. mysql>CREATEDATABASEPostfix;:3. mysql>GRANTSELECT,INSERT,UPDATE,DELETEONPostfix.*TO'mail_admin'@'localhost'IDENTIFIEDBY'MailAdminPassword';:Youmakeupthe
MailAdminPasswordyourself.4. mysql>GRANTSELECT,INSERT,UPDATE,DELETEONPostfix.*TO'mail_admin'@'localhost.localdomain'IDENTIFIEDBY'MailAdminPassword';:5. mysql>USEPostfix;:6. mysql>CREATETABLEdomains(domainvarchar(50)NOTNULL,PRIMARYKEY(domain));:7. mysql>CREATETABLEforwardings(sourcevarchar(80)NOTNULL,destinationTEXTNOTNULL,PRIMARYKEY(source));:8. mysql>CREATETABLEusers(emailvarchar(80)NOTNULL,passwordvarchar(20)NOTNULL,PRIMARYKEY(email));:9. mysql>CREATETABLEtransport(domainvarchar(128)NOTNULLdefault'',transportvarchar(128)NOTNULLdefault'',UNIQUEKEYdomain(domain));:
10. mysql>quit:Postfixdatabaseschemaisfinished.11. shell>sedie"s/^[\t#]*bindaddress.*$/bindaddress=127.0.0.1/"/etc/mysql/my.cnf:uncommenttheMySQLlocalbindaddresstogetMySQL
tobindtolocalhostsothatthePostfixmail_adminusercanconnect(ifyouneedtouseanotherIP,youwillneed1)tocreateamail_adminuseronthatIPinsteadoflocalhostand2)changethehostvalueofthemysqlmapfilesbelow).
12. shell>servicemysqlrestart:reloadMySQLconfigurationfile.3. WritePostfix/MySQLmapfiles:4filesthatdefineshowPostfixmapsdomains,mailboxes,forwardingsandaccountstotablesintheabove
PostfixMySQLdatabase:(Anaturalplacetosavethe4filesisin/etc/postfix.Alsonotethatthefilesdifferonlywithrespecttothequeryline)
1. shell>cd/etc/postfix:changelocationtotheplacetherethe4filesshouldbecreated.2. shell>nanomysqlvirtual_domains.cf:createafilecalledmysqlvirtual_domains.cf
user=mail_adminpassword=MailAdminPassword:besuretosubstituteMailAdminPasswordwiththepasswordyoucreatedformail_admin@localhostabove.dbname="postfix"query=SELECTdomainASvirtualFROMdomainsWHEREdomain='%s'hosts=127.0.0.1
3. shell>nanomysqlvirtual_mailboxes.cf:createafilecalledmysqlvirtual_mailboxes.cfuser=mail_adminpassword=MailAdminPassworddbname="postfix"query=SELECTCONCAT(SUBSTRING_INDEX(email,'@',1),'/',SUBSTRING_INDEX(email,'@',1),'/')FROMusersWHEREemail='%s'hosts=127.0.0.1
4. shell>nanomysqlvirtual_forwardings.cf:createafilecalledmysqlvirtual_forwardings.cfuser=mail_adminpassword=MailAdminPassworddbname="postfix"query=SELECTdestinationFROMforwardingsWHEREsource='%s'hosts=127.0.0.1
5. shell>nanomysqlvirtual_email2email.cf:createafilecalledmysqlvirtual_email2email.cfuser=mail_adminpassword=MailAdminPassworddbname="postfix"query=SELECTemailFROMusersWHEREemail='%s'hosts=127.0.0.1
6. shell>chmodo=/etc/postfix/mysqlvirtual_*.cf:changeaccessfortheabove4mappingfiles.7. shell>chgrppostfix/etc/postfix/mysqlvirtual_*.cfchangethegroupfortheabove4mappingfiles.
4. Createthesystemgroupanduserthatvirtualdomainemailmessagefilesbelongsto:1. shell>groupaddg5000vmail:createagroupcalledvmailwithGroupID=5000(g)2. shell>useraddgvmailu5000s/sbin/nologinvmaild/home/vmailm:createausercalledvmailwithUserID=5000(u)belongingtothe
vmailgroup(g)withoutashelllogin(s)andwithhomedirectory/home/vmail(d).If/home/vmaildoesnotexist,thenmakeit(m).3. shell>chmod770/home/vmail:giveownerandgroupfullaccessandothersnoaccess.
5. ConfigurePostfixvirtualdomains:(usingtheabovefilestomapdomainslistandemailaccountslisttoMySQL):1. shell>postconfe'virtual_alias_domains=':
Avirtualaliasdomainisadomainonwhichemailaccountsaremappedtosystemusers,eg.ifexample.tldisspecifiedasavirtualaliasdomainthencontact@example.tldcouldbemappedtoasystemusercalledrasmustherebygivingthatsystemuseraccesstohavingemailaccountsonmultipledomains.However,Ithinkthissettingisdeprecatedespeciallyitdoesnotallowanyonetohaveanemailaddresswithoutalsohavingasystemaccount,aproblemsolvedwithvirtual_mailbox_domains.NEVERlistavirtualaliasdomainasamydestinationdomain.
2. shell>postconfe'virtual_alias_maps=proxy:mysql:/etc/postfix/mysqlvirtual_forwardings.cf,mysql:/etc/postfix/mysqlvirtual_email2email.cf':listofdomainaliasesandemailaddressaliases.Eg.example.tldcouldbeanaliasforwebmodelling.com,[email protected]@webmodelling.com.
-
4/8/2015 UbuntuEmailServer
http://webmodelling.com/webbits/ubuntu/ubuntuemailserver.aspx#ubuntumailserverbasictest 4/18
[email protected]. shell>postconfe'virtual_mailbox_domains=proxy:mysql:/etc/postfix/mysqlvirtual_domains.cf':
Sameasmydestination,thatis:allthedomainsforwhichPostfixshoulddeliverlocallyandinthe/etc/vmailfoldertherewillbecreatedasubfolderforeachofthesedomainstosaveemailmessagesreceived,eg.anemailmessagetorasmus@webmodelling.comwillbesavedinthewebmodelling.commailboxfolder(itisthevirtualdeliveryagentthatdeliversdomainsinvirtual_mailbox_domains,whileIthinkitisthelocaldeliveryagentthatdeliversdomainsinmydestination).ifnotusingMySQL,wecouldwritethisinstead:postconfe'virtual_mailbox_domains=webmodelling.comanother.domainathird.domain'orwecouldcreateafileandthenreferencethefilelike:postconfe'virtual_mailbox_domains=/etc/postfix/virtual_mailboxes'(virtual_mailboxeswouldthenhaveonedomainperline)NEVERlistavirtualmailboxdomainasamydestinationdomain.
4. shell>postconfe'virtual_mailbox_maps=proxy:mysql:/etc/postfix/mysqlvirtual_mailboxes.cf':Mapseachandeveryvirtualemailaddresstoamailboxfile,eg.rasmus@webmodelling.commustbemappedtothefolderwebmodelling.com/rasmus,themappingshouldnotcontainthevirtual_mailbox_base,onlythemailboxfolderandtheuserfile/folder.IfusingMaildirformat,thevirtual_mailbox_mapsfilemustappendaforwardslashtothepathnamelike:[email protected]/rasmus/.
5. shell>postconfe'virtual_mailbox_base=/home/vmail':Virtual_mailbox_baseisjustafoldertherethemailboxeswillbecreated.Thevirtuallocaldeliveryagentwillprefixvirtual_mailbox_basetoallpathnamesfromvirtual_mailbox_mapstokeepmailboxesinthevirtual_mailbox_basefolder.
6. shell>postconfe'virtual_uid_maps=static:5000':SpecifiesthesystemuserthatPostfixusesthendeliveringvirtualmailboxfiles(allfilesmustbelongtoasystemuser,herevmailwithUserID=5000).
7. shell>postconfe'virtual_gid_maps=static:5000':SpecifiesthesystemgroupthatPostfixusesthendeliveringvirtualmailboxfiles(allfilesmustalsobelongtoasystemgroup,herevmailwithGroupID=5000).
8. shell>postconfe'proxy_read_maps=$local_recipient_maps$mydestination$virtual_alias_maps$virtual_alias_domains$virtual_mailbox_maps$virtual_mailbox_domains$relay_recipient_maps$relay_domains$canonical_maps$sender_canonical_maps$recipient_canonical_maps$relocated_maps$transport_maps$mynetworks$virtual_mailbox_limit_maps':
9. SpecifytouseDovecotLDAforlocaldelivery(insteadofPostfixvirtualdeliveryagent):1. shell>postconfevirtual_transport=dovecot::2. shell>postconfedovecot_destination_recipient_limit=1:notethatyouhavetowritedovecot_destination_recipient_limitinsteadofthe
generictransport_destination_recipient_limit.3. shell>nano/etc/postfix/master.cf:openPostfixmaster.cffileandregisterDovecotLDAservicebyaddingthefollowingline:
dovecotunixnnpipeflags=DRhuuser=vmail:vmailargv=/usr/lib/dovecot/deliverf${sender}d${recipient}10. shell>postconf#mydomain:outcommentmydomain,otherwiseDovecotLDAwilltrytodelivermailtothatdomaintosystemaccounts
andnotvirtualaccounts,eg.ifmydomainisexample.comandpostfixsendsanemailtorasmus@example.comtoDovecotLDA,thenDovecotLDAwilltrytodeliverthemailtoarasmussystemaccounteg./home/rasmus/Maildir/newresultinginanerroriftherasmussystemaccountdoesnotexist.
11. shell>postconfe'mydestination=localhost,localhost.localdomain':tobesurewealsobetterremove$mydomainfrommydestination.12. shell>servicepostfixreload:reloadPostfixconfigurationtomakethechangesactive.
6. ConfigureDovecotvirtualdomains:1. shell>nano/etc/dovecot/dovecot.conf:opendovecot.confinthenanoeditorandmakeitlooklikethefollowing:(newpropertiesin
Fuchsia)!includeconf.d/*.confpop3_uidl_format=%08Xu%08Xvlog_timestamp="%Y%m%d%H:%M:%S"imap_client_workarounds=delaynewmailoutlookidlenetscapeeohmail_location=maildir:/home/vmail/%d/%n/Maildir:overwritethedefaultmail_locationvalue.%disdomain,%nisaccount.([email protected]/home/vmail/example.com/rasmus/Maildir)disable_plaintext_auth=no:otherwiseIcannotgetGmailPOP3integrationtowork.namespace{type=private:thisnamespacecontainsonlytheusersownmailboxes.(therearealsosharedandpublictypes).separator=.:charforseparatingchildfolders,eg.work.designorwork.programming.prefix=INBOX.inbox=yes:thisnamespacecontainstheinbox(thereareonlyoneinbox).}protocollda{:weneedtooverwritetheprotocolldasettinginconf.d/01mailstackdelivery.confauth_socket_path=/var/run/dovecot/authmaster:UNIXsocketpathtoDovecotLDA.postmaster_address=root@localhost:hereitmaybebettertouseyourownemailaddressmail_plugins=sievelog_path=/home/vmail/dovecotdeliver.logdeliver_log_format=msgid=%m:%$rejection_reason=Yourmessagetowasautomaticallyrejected:%n%r}authdefault{user=rootpassdbsql{args=/etc/dovecot/dovecotsql.conf}userdbstatic{args=uid=5000gid=5000home=/home/vmail/%d/%nallow_all_users=yes}socketlisten{master{:mastersocketgivesaccesstouserdbinformationtypicallysotheDovecotLDAcanfindmailboxlocationspath=/var/run/dovecot/authmastermode=0600user=vmail}
}}
2. shell>nano/etc/dovecot/dovecotsql.conf:open/createdovecotsql.confinthenanoeditorandaddthefollowing:driver=mysqlconnect=host=127.0.0.1dbname=Postfixuser=mail_adminpassword=MailAdminPassword:thesameMailAdminPasswordasthenyoucreatedthemail_adminuserforthePostfixdatabaseabove.default_pass_scheme=PLAINpassword_query=SELECTemailASuser,passwordFROMusersWHEREemail='%u'
3. shell>chmod600/etc/dovecot/dovecotsql.conf:besureonlyrootcanaccessthefilesinceitcontainsyourMailAdminPassword.4. shell>/etc/init.d/dovecotstop&&sleep5&&/etc/init.d/dovecotstart:restarttheDovecotservertoenabletheconfigurationchanges(as
usuallywait5secondsbetweenstopandstartquatheansilchildprocessbug).
VirtualdomainsTestitworks
Youremailserverisnowreadytohandlehugeamountsofdomainsandemailaddresses,howeverwebettertestsomeofitbeforewecontinuetoenhancetheemailserverwithspamcontrolandsecurity.
-
4/8/2015 UbuntuEmailServer
http://webmodelling.com/webbits/ubuntu/ubuntuemailserver.aspx#ubuntumailserverbasictest 5/18
enhancetheemailserverwithspamcontrolandsecurity.
1. shell>mysqlurootpPassword:logontoMySQLserver.2. mysql>USEPostfix;3. mysql>INSERTINTOdomains(domain)VALUES('example.com');4. mysql>INSERTINTOusers(email,password)VALUES('[email protected]','abc');5. mysql>quit6. shell>postmapqexample.commysql:/etc/postfix/mysqlvirtual_domains.cf:ifthatcommandoutputsexample.com,thenPostfixvirtualdomainsworks
usingMySQL.7. shell>[email protected]:/etc/postfix/mysqlvirtual_email2email.cf:[email protected],thenPostfix
virtualusersworksusingMySQL.8. shell>echo"127.0.0.1example.com">>/etc/hosts:resolveexample.comtolocalhost.9. TestPostfix:
1. shell>telnetlocalhost25:probetheserveronport25(Postfix)tobesurePostfixislistening.1. Trying127.0.0.1...
Connectedtolocalhost.Escapecharacteris'^]'.:noticetheescapecharacter,ctrl+],shouldyougetinanytroublehere220Your.Domain.NameESMTPPostfix(Ubuntu)
2. helolocalhost:(moreinfowithehlolocalhost)3. 250your.domain.name4. mailfrom:root@localhost5. 2502.1.0Ok6. rcptto:[email protected]. 2502.1.5Ok8. data:beginthedatasection.9. 354Enddatawith.
10. Subject:Mysecondsubject11. Mysecondbody12. .:adotonanewlinefollowedbyEnterwillendthedatasection.13. 2502.0.0Ok:queuedasB58B210247814. quit:15. 2212.0.0Bye
Connectionclosedbyforeignhost.10. TestDovecotLDA:(registeredin/etc/postfix/master.cf,sinceitisPostfixthatdecideswhatagentisresponsibleforlocaldelivery)
1. shell>lsl/home/vmail/example.com/rasmus/Maildir/new:thereshouldbeoneemailmessagefile,whichconfirmsthatDovecotLDAisactivatedforlocaldelivery,thatitfunctionsandthatthepathiscorrect(thepathisdefinedusingmail_locationin/etc/dovecot/dovecot.conf).
11. TestDovecot:(hereusingimapinsteadofpop3justforfun)1. shell>telnetlocalhostimap
1. Trying127.0.0.1...Connectedtolocalhost.Escapecharacteris'^]'.*OK[CAPABILITYIMAP4rev1LITERAL+SASLIRLOGINREFERRALSIDENABLEIDLESTARTTLSAUTH=PLAINAUTH=LOGIN]Dovecotready.
2. [email protected]:everycommandneedtostartwithanumber3. 1OK[CAPABILITYIMAP4rev1LITERAL+SASLIRLOGINREFERRALSIDENABLEIDLESORTSORT=DISPLAY
THREAD=REFERENCESTHREAD=REFSMULTIAPPENDUNSELECTCHILDRENNAMESPACEUIDPLUSLISTEXTENDEDI18NLEVEL=1CONDSTOREQRESYNCESEARCHESORTSEARCHRESWITHINCONTEXT=SEARCHLISTSTATUS]Loggedin:notethattheanswerstartswiththesamenumberasthecommand.
4. 2list"""*":[email protected]. *LIST(\HasChildren)".""INBOX"
2OKListcompleted.6. 3select"INBOX":selecttheINBOXfolder.Asyoucanseebelow,Ihave15emailsofwhich1isnew(theoneIjustsentabove).7. *FLAGS(\Answered\Flagged\Deleted\Seen\Draft)
*OK[PERMANENTFLAGS(\Answered\Flagged\Deleted\Seen\Draft\*)]Flagspermitted.*15EXISTS*1RECENT*OK[UNSEEN4]Firstunseen.*OK[UIDVALIDITY1323581618]UIDsvalid*OK[UIDNEXT16]PredictednextUID*OK[HIGHESTMODSEQ1]Highest3OK[READWRITE]Selectcompleted.
8. 4fetch1all:fetchthefirstemailmessage.9. *1FETCH(FLAGS()INTERNALDATE"12Dec201112:22:00+0700"RFC822.SIZE394ENVELOPE("Mon,12Dec2011
12:21:37+0700(ICT)""Mysecondsubject"((NILNIL"root""localhost"))((NILNIL"root""localhost"))((NILNIL"root""localhost"))NILNILNILNIL""))4OKFetchcompleted.
10. 5fetch1body[]:thebodyneedstobefetchedexplicitly.11. *1FETCH(FLAGS(\Seen)BODY[]{394}
ReturnPath:DeliveredTo:[email protected]:fromlocalhost(localhost[127.0.0.1])byyour.server.domain(Postfix)withSMTPidB06DC101AB3forMon,12Dec201112:21:37+0700(ICT)Subject:MysecondsubjectMessageId:Date:Mon,12Dec201112:21:37+0700(ICT)From:root@localhost
Mysecondbody)5OKFetchcompleted.
12. 6logout13. *BYELoggingout
6OKLogoutcompleted.Connectionclosedbyforeignhost.
Ifyoupassedthetests,younowhaveanemailserverthatcanhandleemailaddressesonmultipledomains.AlsoyouareusingMySQLtostorethedomainsandaddresseswhichmakescreatingnewdomainsandemailaddressesabreezeandservesforeasyintegrationwithotherprograms,egthePostfixAdminprogramthatamongotherthingswillgiveyouawebbasedtooltohandledomainsandemailaccountsthroughMySQL.
ConfigureSASL(alternativelyexecuteemailserverinstallationscriptstep3>5)Currentlywerelyontrustednetworks(specifiedin/etc/postfix/main.cfmynetworksproperty)todecidewhetherPostfixwillallowrelayingan
-
4/8/2015 UbuntuEmailServer
http://webmodelling.com/webbits/ubuntu/ubuntuemailserver.aspx#ubuntumailserverbasictest 6/18
Currentlywerelyontrustednetworks(specifiedin/etc/postfix/main.cfmynetworksproperty)todecidewhetherPostfixwillallowrelayinganemailmessage,howeverinsteadwewanttoconfigurePostfixtouseaccountauthenticationtodecidewhethertoallowrelayinganemailmessageratherthanwhethertheIPoftheemailclientiswithinourtrustednetworks.
SASL(SimpleAuthenticationandSecurityLayer)isanauthenticationprotocolandPostfixcanuseSASLtoauthenticateemailclients(MUA's)thentheyconnecttoPostfixtoforward(relay)anemailmessage,thatisthenanemailclientasktorelayanemailmessageusingSMTP.
IfwedidNOTconfigurePostfixtouseSASLforSMTPauthentication,wewouldhavetorelyontrustednetworkslikethis:
AnyMUAsendinganemailfromanIPbelongingtothetrustednetworksareALLOWEDtosend.AnyMUAsendinganemailfromanIPNOTbelongingtothetrustednetworksareREJECTEDtosend.
Ifweallowedeveryonetosend,thenourmailserverwouldbeanopenrelayandfastblacklistedbyotherMTA's.
IfwewanttoallowpeopleonmanydifferentIPstosendemailmessagesthroughourserver,wehavethefollowingsolutions:
AddingtheIPtoourtrustednetworkseachandeverytimeanewpersonwanttosendemail:thatisjusttooheavymaintenance.UsingtheSMTPafterPOPmethod,whichrequiresaMUAtoPOPbeforeSMTPtotemporarilyaddtheIPtotrustednetworks:thatisnotsupportedbyallMUA's,itisasecurityissueespeciallyondynamicIP'sanditisjustplainawkward.UsingSASLtoauthenticatetheMUAallowingtheMUAtoforwardemailmessagesevenifit'sIPisnotinthetrustednetworks:thisiseasytoimplement,wellsupportedbyMUA'sandtheindustrystandardoftoday.
Postfixsupports2SASLplugins:CyrusSASLandDovecotSASL,wewilluseDovecotSASLbecausewealreadyuseDovecotforMDAandforLDAandbecausewehavealreadyinstalledallnecessarypackagesandbecausetheconfigurationismoreeasythanforCyrusSASL.
Let'sgettoit:
1. ConfigureDovecottoprovideSASLauthentication:1. shell>nano/etc/dovecot/dovecot.conf:loadtheDovecotconfigurationfileinthenanoeditorandmaketheauthdefaultsectionlooklike
this:(newpropertiesinFuchsia)!includeconf.d/*.confpop3_uidl_format=%08Xu%08Xvlog_timestamp="%Y%m%d%H:%M:%S"imap_client_workarounds=delaynewmailoutlookidlenetscapeeohmail_location=maildir:/home/vmail/%d/%n/Maildirnamespace{type=privateseparator=.prefix=INBOX.inbox=yes}protocollda{auth_socket_path=/var/run/dovecot/authmasterpostmaster_address=root@localhostmail_plugins=sievelog_path=/home/vmail/dovecotdeliver.logdeliver_log_format=msgid=%m:%$rejection_reason=Yourmessagetowasautomaticallyrejected:%n%r}authdefault{user=rootmechanisms=plainlogin:plainisthestandardverbforunencrypted(OutlookExpressexpectslogininstead).passdbsql{args=/etc/dovecot/dovecotsql.conf}userdbstatic{args=uid=5000gid=5000home=/home/vmail/%d/%nallow_all_users=yes}socketlisten{master{path=/var/run/dovecot/authmastermode=0600user=vmail}client{path=/var/spool/postfix/private/auth:tellsDovecotwheretocommunicatewithPostfixauthentication.mode=0660:tellsDovecotthatthereareread&writeaccess.user=postfix:tellsDovecottousethepostfixuserforaccess.group=postfix:tellsDovecotusethepostfixgroupforaccess.}}}
2. shell>/etc/init.d/dovecotstop&&sleep5&&/etc/init.d/dovecotstart:restarttheDovecotservertoenabletheconfigurationchanges(asusuallywait5secondsbetweenstopandstartquatheansilchildprocessbug).
2. ConfigurePostfixtousetheSASLauthenticationprovidedbyDovecot:1. shell>postconfe'smtpd_sasl_type=dovecot':specifytheSASLplugintouse,hereDovecotSASL(asopposedtoCyrusSASLwhichis
default).2. shell>postconfe'smtpd_sasl_path=private/dovecotauth':thispathisrelativeto/var/spool/postfix(notethatprivate/authwas
automaticallychangedtoprivate/dovecotauththeninstallingthedovecotpostfixpackage.AlsoItriedtochangeitbackto
private/authbutIwouldthengetfatal:noSASLauthenticationmechanismsin/var/log/mail.errandalsotelnetlocalhost25woulddisconnect).
3. shell>postconfe'smtpd_sasl_auth_enable=yes':enabletheuseofSASL.Ifthisvalueisno(default),thenonlyMUA'sontrustednetworkswillbeabletorelayemailmessages.
4. shell>postconfe'smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination':herewespecifytopermitrelayforMUA'sthatareeitherauthenticatedusingSASLorisonourtrustednetworksandtorejectallotherMUA'storelay.
5. shell>postconfe'broken_sasl_auth_clients=yes':supportforolderMUA'slikeOutlookuptoversion2003andOutlookExpressuptoversion6withanobsoleteversionoftheAUTHcommand.Defaultvalueisno,howeverIguessthereisnosecurityriskinvolved.
6. shell>postconfe'smtpd_tls_auth_only=no':wehavenotconfiguredTLSyet,soifthissettingissettoyes,theSASLauthenticationwouldfail.
7. shell>servicepostfixreload:reloadtheconfiguration.
SASLTestitworks
Whatweneedtotestis:
ThatweareNOTallowedtorelayemailmessageswithoutloggingin.
-
4/8/2015 UbuntuEmailServer
http://webmodelling.com/webbits/ubuntu/ubuntuemailserver.aspx#ubuntumailserverbasictest 7/18
ThatweareNOTallowedtorelayemailmessageswithoutloggingin.ThatweCANloginandthatwearethenallowedtorelayemailmessages.
Torunthistest,youneedtotelnetfromaremoteboxashelloneg.yourWindowsorUbuntubox.DONOTtrytotelnetfromthesameOSthathostyourmailserver,theideaistogetanIPoutsideofthePostfixtrustednetworks.(Ifyourunthewholetutorialonyourdevmachine,youcanuseeg.VirtualBoxtofastsetupavirtualmachinetotestfrom).
1. FirstconfirmthatPostfixannouncestheSASLcapabilityandthatyoucansendemailthatdoesnotneedtoberelayed:1. remoteshell>telnetMailServerIP25
1. Trying127.0.0.1...Connectedtolocalhost.Escapecharacteris'^]'.220Your.Domain.NameESMTPPostfix(Ubuntu)
2. ehlolocalhost3. 250your.server.domain
250PIPELINING250SIZE10240000250VRFY250ETRN250AUTHPLAINLOGIN:Postfixannouncesthatitsupportsauthenticationusingplainorloginmechanisms250AUTH=PLAINLOGIN:Postfixannouncesittwicebecausebroken_sasl_auth_clientsissettoyes.250ENHANCEDSTATUSCODES2508BITMIME250DSN
4. mailfrom:root@localhost5. 2502.1.0Ok6. rcptto:[email protected]:[email protected](rememberweaddedthisdomainandemailaddressabove
thentestingvirtualdomains).7. 2502.1.5Ok8. data9. 354Enddatawith.
10. Subject:subremote111. bodyremote112. .13. quit14. 2212.0.0Bye
Connectionclosedbyforeignhost.2. localshell>lsl/home/vmail/example.com/rasmus/Maildir/new:checkthemailhasarrived(thiscommandshouldbeexecutedonthesameOS
thathostyourmailserver).2. Secondconfirmthatyoucannotrelayanemailmessagewithoutloggingin:
1. remoteshell>telnetMailServerIP251. Trying127.0.0.1...
Connectedtolocalhost.Escapecharacteris'^]'.:noticetheescapecharacter,ctrl+],youaregoingtoneedit220Your.Domain.NameESMTPPostfix(Ubuntu)
2. mailfrom:root@localhost3. 2502.1.0Ok4. rcptto:[email protected]:[email protected]. 5545.7.1:Relayaccessdenied:indeedPostfixcorrectlyrejectedtorelaytheemailmessage.6. ctrl+]:pressctrl+]toescape,itisnotpossibletocontinue.7. ^]8. telnet>quit9. Connectionclosed.
3. ThirdconfirmthatyoucanlogonandthatPostfixaccepttorelaythemessage:1. shell>aptgetinstallopenssl:installopenssltobase64encodeyouremailcredentials.2. shell>printf'\0%s\0%s''username''password'|opensslbase64:createabase64encodedvalueofyourusernameandpasswordtousefor
SASLauthenticationbelow.3. remoteshell>telnetMailServerIP25:again,besuretousearemoteshell.
1. Trying127.0.0.1...Connectedtolocalhost.Escapecharacteris'^]'.220Your.Domain.NameESMTPPostfix(Ubuntu)
2. AUTHPLAINAHJhc211c0BleGFtcGxlLmNvbQBhYmM=:'AHJhc211c0BleGFtcGxlLmNvbQBhYmM='[email protected](Iuseabcforpassword)besuretocreateyourownbase64encodingofthelocalemailaccountyouwillusetosendfrom.
3. 2352.7.0Authenticationsuccessful:ThereyougotitSASLworks!4. mailfrom:[email protected]. 2502.1.0Ok6. rcptto:[email protected]:useoneofyourownemailaccounts.7. 2502.1.5Ok8. data9. 354Enddatawith.
10. Subject:subremote111. bodyremote112. .13. quit14. 2212.0.0Bye
Connectionclosedbyforeignhost.4. Confirmthatyouhavereceivedtheemail([email protected]).
ConfigureTLS(alternativelyexecuteemailserverinstallationscriptstep3>6)WhileSASLprovidesamechanismtoauthenticateremoteusersbyusernameandpasswordthentheytryrelayanemailmessagethroughtheemailserver,bothusernameandpasswordaresentinplaintextandcouldbeeasilyinterceptedandstolen.
UsingTLS(TransportLayerSecurity)wecanencryptthecommunicationbetweentheemailclientandtheemailserver,sothatifthecommunicationisintercepted,thecredentialswillnotbeinplaintext.
Thereare2waystosecureaprotocolwithTLS:
Theclientconnecttoaserverssecureportemailtypically993(imaps)or995(pop3s)andimmediatelybeginanencryptedhandshake.Theclientconnecttoaserversplaintextportemailtypically25(smtp),110(pop3)or143(imap)andbeginanunencryptedhandshake.IftheserverrespondtheSTARTTLScapability,thenthesubsequentcommunicationcanbeencryptedwhichincludestheauthenticationprocess(whereusernameandpasswordaresent).
-
4/8/2015 UbuntuEmailServer
http://webmodelling.com/webbits/ubuntu/ubuntuemailserver.aspx#ubuntumailserverbasictest 8/18
process(whereusernameandpasswordaresent).
RegardlessofwhichTLSmethodisapplied,theservermustsentapublickeytotheclient,whichtheclientwillthenusetoencrypttherestofthesession.Onlytheserverthathavethecorrespondingprivatekeywillbeabletodecrypt.However,theclientwillneedtotrustthatitisconnectedtotherightserver,thereforetheserverdisplaysasignedcertificate,whichtheclientwillautomaticallyacceptifthesigningisdonebyatrustedauthority,whileifitisaselfsignedcertificate(whichwewilldo)thentheclientwillasktheuserwhethertotrustit.
Allinallwethereforeneed:
AprivatekeyAsignedpublickeycertificate(createdfromtheprivatekey)
Createthe2TLSkeyfiles
Dovecotmaylikelyalreadyhavecreatedthe2keysin/etc/ssl/certs/dovecot.pem&/etc/ssl/private/dovecot.pem,howeverwewanttocreateourown
1. shell>cd$HOME:changecurrentdirectorytoyourhomedirectorytomakethekeyfilesthere.2. shell>opensslgenrsades3outserver.key1024:useopensslgenrsatogenerateatripleDES(des3)encryptedprivatekeyfile(server.key).You
willbepromptedforapassphraseforthetripleDESencryption.3. Unencrypttheprivatekey:(OtherwisewewouldhavetomanuallywritethepassphraseeachtimePostfixstartsup,whichisnotpractical)
1. shell>opensslrsainserver.keyoutserver.insecure:useopensslrsatocreateanunencryptedversionoftheprivatekey.2. shell>mvserver.keyserver.key.secure:storetheencryptedprivatekeyasserver.key.secure.3. shell>mvserver.key.insecureserver.key:renametheunencryptedprivatekeytoserver.key.
4. shell>opensslreqnewkeyserver.keyoutserver.csr:useopensslreqtogenerateaCertificateSigningRequestfile(server.csr)usingtheprivatekey(server.key).Youwillbepromptedforrelevantinformationtobeincorporatedintoyourcertificatesigningrequest:(youdon'tneedtoanswerthemall)
1. CountryName(2lettercode)[TH]:TH:THforThailand(whereIlive).2. StateorProvinceName(fullname)[SomeState]:Nonthaburi:morepreciselyIliveinNonthaburi.3. LocalityName(eg,city)[]::Idon'tanswer.4. OrganizationName(eg,company)[InternetWidgitsPtyLtd]:FD:FDforFavouriteDesign.5. OrganizationalUnitName(eg,section)[]::Idon'tanswer.6. CommonName(eg,YOURname)[]:your.server.domain:thisisthemostimportantquestiontoanswer.7. EmailAddress[]:[email protected]. Achallengepassword[]::Idon'tanswer.9. Anoptionalcompanyname[]::mygood,thenwillitend.
5. shell>opensslx509reqdays365inserver.csrsignkeyserver.keyoutserver.crt:useopensslx509tocreatea(self)signedcertificatefile(server.crt)thatisvalidfor365daysusingthesigningrequestfile(server.csr)containingyourorganizationsinformationandusing(server.key)
Signatureoksubject=/C=TH/ST=Nonthaburi/O=FD/CN=RasmusRummelGettingPrivatekey
6. shell>mvserver.key/etc/ssl/private/:movetheprivatekeyfileto/etc/ssl/private/.7. shell>mvserver.crt/etc/ssl/certs/:movethecertificatefileto/etc/ssl/certs/.8. shell>chownroot:root/etc/ssl/private/server.key:setfullownershiptorootfortheprivatekeyfile.9. shell>chmod600/etc/ssl/private/server.key:besurethatonlyroothaveaccesstotheprivatekeyfile(sinceitisnotencrypted).
ConfigurePostfixtoofferTLS
1. shell>postconfe'smtp_tls_security_level=may':securitylevelfortheSMTPclient.'may'meansthatPostfixwilluseTLSiftheremoteSMTPserversupportsit(othervaluesare'none','encrypt''fingerprint','verify'and'secure').
2. shell>postconfe'smtpd_tls_security_level=may':'securitylevelfortheSMTPserver.may'meansthatPostfixwillannounceSTARTTLScapabilitytoclients,butnotrequirethatclientsuseTLS(othervaluesare'none'and'encrypt',encryptwillrequiretheclienttouseTLS).
3. shell>postconfe'smtpd_tls_auth_only=no':thiswillallowemailclientstologonwithoutencrypting.Ifyouwanttoforceemailclientstoenableencrypting,youneedtosetthisvaluetoyesandehlolocalhostwillnotanylongershowtheAUTHPLAINcapability(bepreparedtohelppeoplewithemailaccountsonyourservertosetupencryptionintheiremailclients).
4. shell>postconfe'smtpd_tls_key_file=/etc/ssl/private/server.key':5. shell>postconfe'smtpd_tls_cert_file=/etc/ssl/certs/server.crt':6. shell>postconfe'smtpd_tls_loglevel=1':loglevelsrunfrom0(verylittlelogging)to4(extremelogging).7. shell>postconfe'smtpd_tls_session_cache_timeout=3600s':defineaTLSsessioncachetoavoidmultiplerelativelyexpensivekeyexchangesand
clearthecacheeveryhour.8. shell>postconfe'tls_random_source=dev:/dev/urandom':
TLSTestitworks
1. shell>telnetMailServerIP25:again,besuretousearemoteshell.1. Trying127.0.0.1...
Connectedtolocalhost.Escapecharacteris'^]'.220Your.Domain.NameESMTPPostfix(Ubuntu)
2. ehlolocalhost3. 250mail6.example.tld
250PIPELINING250SIZE10240000250VRFY250ETRN250STARTTLS:PostfixannouncesSTARTTLScapability250AUTHPLAINLOGIN250AUTH=PLAINLOGIN
250ENHANCEDSTATUSCODES2508BITMIME250DSN
4. quit:it'stoodifficulttoencryptonthecommandline,sojustquit.5. 2212.0.0Bye
Connectionclosedbyforeignhost.2. Letstestwitharealemailclientonaremotemachine,eg.yourWindowsorUbuntudevbox
1. Onyourdevbox,mapourtestdomain,example.com,toyouremailserversIPusingthedevboxhostsfile:OnanUbuntudevbox:
1. devboxshell>echoe"\nYouEmailServerIPexample.com">>/etc/hosts:thee"\n"istostartonanewline.2. devboxshell>pingexample.com:besureyougetYourEmailServerIP.
1. OnaWindows7devbox:1. OpenC:\Windows\System32\drivers\etc\hostsinyourfavouritetexteditorandaddthefollowingline:
YourEmailServerIPexample.com:eg.formeitis192.168.1.72example.com2. devboxshell>pingexample.com:besureyougetYourEmailServerIP.
2. Onyourdevboxopenanemailclient,eg.OutlookExpressorThunderbird.
-
4/8/2015 UbuntuEmailServer
http://webmodelling.com/webbits/ubuntu/ubuntuemailserver.aspx#ubuntumailserverbasictest 9/18
2. Onyourdevboxopenanemailclient,eg.OutlookExpressorThunderbird.3. SetyouremailclienttouseSTARTTLS:(hereThunderbird)
2. AddMailAccount.
3. MailAccountSetup
4. IMAP&SMTPareautomaticallyconfiguredtouseSTARTTLS.
5. PresstheCreatebuttonandwaitforThunderbirdtotestthepassword.
6. Successaccountcreated.AlsonotetheOutgoingServerisexample.comusingrasmus@example.comforauthentication.
4. Useyouremailclienttofetch(usingIMAP)emailmessagesfromyouremailserver:(hereThunderbird)1. IntheleftpanelselectthenewaccountandthenintherightpanelclickonReadMessages.
2. Acceptthecertificate(thisistheDovecotdefaultcertificate).
3. SuccessearliertestmailsfetchedusingTLS.5. Useyouremailclienttorelayanemailmessagethroughyouremailserverfromyourtestaddress([email protected])
tooneofyourrealemailaddresses([email protected]):(hereThunderbird)1. Writeanemailtooneofyourrealemailaddresses.
2. Dreadfulunknownerrorhoweverthereasonisthemissingcertificate.
3. Acceptthecertificateagain(actuallythisisanewcertificate,theonewemadeforSMTP).
4. SuccessmailrelayedusingTLS(noteyourtestservercannotsenddirectlytogmailbecausegmailrefusestoreceiveemailmessagesifsendersIPaddressanddomainnamedoesnotmatch,seemorehere(thisproblemwillgoawaythenyoupublishyouremailserverforproductionwithdomainnamesacknowledgedbypublicdns)).
Ifyoupassedthetests,younowhaveasecurefullworkingemailserver,congratulations.
InstallspamcontrolUNDERCONSTRUCTION
InstallSquirrelmailSquirrelmailisamongthemost,ifnotthemost,popularwebmailprogramsforlinuxmachines(andcanalsobeinstalledonwindows).
InstallApache(alternativelyexecuteemailserverinstallationscriptstep3>7)
Webmailneedstorunontopofawebserver,thereforeweneedtoinstallApachefirst(ifyoualreadyhaveApacheonyoursystem,eg.ifyouhaveaLAMPstack,youshouldskipthisstep).
1. shell>aptgetinstallapache2:installApache.2. shell>/etc/init.d/apache2restart:restartApache.
Thatwaskindofeasy!
InstallSquirrelmail(alternativelyexecuteemailserverinstallationscriptstep3>8)
1. shell>aptgetinstallsquirrelmailsquirrelmailcompatibilityphppearphpdbsquirrelmail:thewebmailprogramwithsupportforIMAP&SMTP.squirrelmailcompatibility:supportforplugins.phppear:MAYBEnecessaryforSquirrelmailtorunonApache(SquirrelmailisaPHPprogram).phppearisnecessaryforphpdbthough.phpdb:MAYBEnecessaryforSquirrelmailtorun(thoughIthinkSquirrelmaildonotaccessMySQLonlyPostfix&Dovecot)
2. shell>lns/etc/squirrelmail/apache.conf/etc/apache2/conf.d/squirrelmail.conf:SquirrelmailcomeswithapredefinedApacheconfigurationfilewhichwesymlinkto/etc/apache2/conf.dthatwillenableApachetoloadtheconfiguration.
3. shell>/etc/init.d/apache2restart:restartApachetostarttheSquirrelmailweb.
NotethatSquirrelmailisnotusingSASLandthereforedependson:
BeinginstalledonthesameserverasPostfix./etc/postfix/main.cfsmtpd_recipient_restrictionsMUSTincludepermit_mynetworks.
OtherwiseyouwillgetTransactionfailed5545.7.1:RelayaccessdeniedeverytimeyoutrytosendanemailfromSquirrelmail.
WebmailTestitworks
1. Openabrowseronaremotemachineandputinthefollowingurl:http://YouEmailServerIP/squirrelmail:youshouldseetheloginpage.2. Loginwiththeuserwehaveusedthroughoutthetutorial([email protected]):youshouldnowcometo
yourinboxanditshouldshowtheemailmessageswehavetestsendearlier.3. Composeatestemailinsquirrelmailandsendittooneofyourownemailaddresses([email protected]):aftersome
timeyoushouldreceivetheemail(ifithavenotarrivedwithinhalfanhour,itislikelynottoarrive).
Ifyoupassedthetest,congratulationsyouwebmailisfunctioning.
AppendixAccessSquirrelmailonmultiplecustomurlsSincethisemailserversupportsvirtualdomains,youmaywanttoaccessSquirrelmailondifferentcustomurls,herewewillconfigureSquirrelmailtobeaccessibleon2testdomains:
http://webmail.test1.comhttp://webmail.test2.com
Alsoweneed2machinesforthetest:
-
4/8/2015 UbuntuEmailServer
http://webmodelling.com/webbits/ubuntu/ubuntuemailserver.aspx#ubuntumailserverbasictest 10/18
Youremailservermachine.Aremotemachine,eg.yourWindowsorUbuntudevbox,onwhichtheabovedomainswillresolvetoYourEmailServerIP.
1. Onyouremailservereditthesquirrelmail.conffiletomaptowebmail.test1.comandwebmail.test2.com:1. shell>nano/etc/apache2/conf.d/squirrelmail.conf:loadsquirrelmail.confinthenanoeditorandaddthefollowing:
:*meansthatthisvirtualhostisdefinedforallIPaddresses.ServerNamewebmail.test1.com:thisvirtualhostmapstowebmail.test1.comServerNamewebmail.test2.com:thisvirtualhostmapstowebmail.test1.comDocumentRoot/usr/share/squirrelmail:thisvirtualhosthavedocumentrootin/urs/share/squirrelmail
2. Pressctrl+xandthenytosaveandreturntoprompt.3. shell>/etc/init.d/apache2restart:restartApachetoloadthechangedconfiguration.
2. Onyourdevboxmapourtestdomains,test1.com&test2.com,toyouremailserversIPaddressbyaddingthetestdomainstothedevboxhostsfile:
OnaWindows7devbox:1. OpenC:\Windows\System32\drivers\etc\hostsinyourfavouritetexteditorandaddthefollowinglines:
YourEmailServerIPwebmail.test1.com:eg.formeitis192.168.1.72test1.comYourEmailServerIPwebmail.test2.com:eg.formeitis192.168.1.72test2.com
2. devboxshell>pingwebmail.test1.com:besureyouseeYourEmailServerIP(inmycase192.168.1.72)OnanUbuntudevbox:
1. devboxshell>echoe"\nYourEmailServerIPwebmail.test1.com">>/etc/hosts:echoe"\n"willinsertanewline.2. devboxshell>echo"YourEmailServerIPwebmail.test2.com">>/etc/hosts3. devboxshell>pingwebmail.test1.com:besureyouseeYourEmailServerIP(inmycase192.168.1.72)
3. Startawebbrowseronyourdevboxandnavigatetowebmail.test1.com:youshouldseeSquirrelmailloginpage.4. Navigatethesamewebbrowsertowebmail.test2.com:youshouldagainseeSquirrelmailloginpage.
Appendix:Management&DebuggingCommandsThefollowingisasmallcollectionofcommandstoempoweryousomewhatincaseofproblemseg.ifunderattack.
shell>tail30/var/log/mail.log:displaythelast30linesinthemaillog.shell>tail30/var/log/mail.err:displaythelast30linesinthemailerrorlog.shell>tail1000/var/log/mail.log|grepi':to=,'|less:focusthelogondeliveriestowebmodelling.com.shell>tail1000/var/log/mail.log|grepi':from=,'|less:focusthelogonemailssendbywebmodelling.com.
Workingwiththemailqueue
ThepostfixmailqueueisaqueueofmailmessagesthatPostfixhavenotyetdelivered.Thepostfixmailqueueisactuallyconsistingofseveralsubqueues.Messagesaremovedbetweenthesesubqueuesbythequeuemanagerthatalsoisresponsiblefordeliveringthemessages:
incomingqueue:thenamessagearrivesatthepostfixserver,thecleanupservicewillwritethemessagetoafileownedbythepostfixuserandmaskit0600.Thenthemessageisfinishedwrittentofile,thecleanupservicechangethefilemaskto0700.Iftheactivequeueisnotfull,thequeuemanagerwillperiodicallyscantheincomingqueue(allthenewmessagefiles)andmovefileswithmask0700totheactivequeue.Ifmailsarecominginfasterthanthequeuemanagercanmovethemfromincomingtoactive,theincomingqueuewillgrow.activequeue:messagesintheactivequeuearereadytobesent(runable)butnotnecessarilyintheprocessofbeingsent(running).Whiletheincoming,deferred,maildropandholdqueuesareonlyfilesondisknotoccupyingmemory,theactivequeueisalsoadatastructureinmemoryownedbythequeuemanagerprocess.Becausemessagesintheactivequeuearerepresentedinmemory,thereisalimittohowmanymessagescanbeholdintheactivequeueatwhichpointthequeuemanagerstopscanningtheincomingandthedeferredqueues(sincenomoremessagescanbemovedtotheactivequeue).deferredqueue:ifdeliveryfailedforoneormorerecipientsofamessage(eg.arecipientaddresscouldnotbevalidated),themessagewillbemovedtothedeferredqueueandassignedacoolofftime(betweenminimal_backup_timeandmaximum_backoff_time)beforewhichthequeuemanagerwillnotmovethemessagebackintotheactivequeue.holdqueue:theadministratorcancreaterules(eg.basedoncontentinheadersorbody)thatwillmovemessagestotheholdqueueoutsideofnormalprocessing.Amessageinholdisnothandledbythequeuemanagerbutneedstobemanuallymovedtoanotherqueue.postsuperrwillmovemessagesfromholdtomaildrop,whilepostsuperHwillmovemessagesfromholdtodeferred.maildropqueue:containerformessageslocallysubmittedusingpostfixsendmail.Themaildropqueueisnotconsideredpartofthepostfixmainqueueasmessageshavenotyetbeencheckedandrewrittenbythecleanupservice.Messagesaremovedtoincomingqueuebythepickupservicefromwhichpointonthecleanupserviceistakingover.
NotethatthequeuemanagerismainlysloweddownbyI/Ooperations(movingthemessagesbetweenqueues)andbytransportlookupqueries.
shell>mailq:listallmailsinthemailqueue(maildrop,incoming,active&deferred).shell>mailq|grep"webmodelling.com":displayallmessagescontaining"webmodelling.com".Folderactions:
shell>lsl/var/spool/postfix:listallfoldersinvolvedwiththemailqueue.shell>find/var/spool/postfixtypef|wcl:veryfastwaytoapprocimatelycountfilesinahugemailqueue(theresultisnotprecisebecauseotherfoldersthanthe4mainqueuefoldersarecounted).shell>find/var/spool/postfix/deferredtypef|wcl:countmessagesinthedeferredqueue.shell>grep"webmodelling.com"/var/spool/postfix/deferred/*|wcl:countmessagesinthedeferredqueuecontaining"webmodelling.com".
postsupershell>postsuperdMESSAGEID:deleteamessagebyit'smessageID.shell>postsuperdALL:deleteallmailsinthequeue(typicallyusedthenyourqueueisfloodedwitheg.spam).shell>postsuperdAlldeferred:deleteallmailsinthedeferredqueue.
shell>postsuperhMESSAGEID:movemessagewithID=MESSAGEIDfromincomingqueuetoholdqueue.shell>postsuperrMESSAGEID:requeuemessagewithID=MESSAGEIDfromanyqueuetoincomingqueue.shell>postsuperhALL:moveallmessagesfromincomingqueuetoholdqueue.shell>postsuperrALL:requeueallmessagesfromanyqueuetoincomingqueue.Deletemessagesfromaspecificdomainoruserormessagescontainingaspecifictext:
shell>mailq|grep'webmodelling.com'|awk'{print$1}'|postsuperd:deleteallmessagescontaining'webmodelling.com'.shell>mailq|grep'webmodelling.com'|awk'{printsubstr($1,0,12)}'|postsuperd:sometimesthemessageIDfieldhaveastar(*)appended,whichmustberemovedbeforepostsuperwillrecognisethemessageIDfield.
postqueue:shell>postqueuepshell>postqueuef:flushallmailsinthedeferredqueue,thatis:moveallmessagestotheactivequeuetotrytodeliverallmailsimmediately.Thisismostoftenabadideaasmailsinthedeferredqueuearetherebecauseofdeliverytrouble,soiftryingtodeliverthemallatonce,theactivequeuemayeasilybecomecongestedandmessagesintheincomingqueuemaywaitalongtimebeforetheycanbedelivered.
postcat:shell>postcatqMESSAGEID:readallheadersofathemessagewithID=MESSAGEID.Thisisveryusefultoidentifythereasonwhya
-
4/8/2015 UbuntuEmailServer
http://webmodelling.com/webbits/ubuntu/ubuntuemailserver.aspx#ubuntumailserverbasictest 11/18
shell>postcatqMESSAGEID:readallheadersofathemessagewithID=MESSAGEID.Thisisveryusefultoidentifythereasonwhyamessageisinthedeferredqueue.
qshape:(qshapetutorial)shell>qshape:showspostfixqueuecontentinatabularformorderingdestinationdomainsafteroccurrenceontheverticalaxisandqueueagealongthehorizontalaxis.shell>qshapes:showssenderdomainsinsteadofdestinationdomainsusefultoidentifyfromwhichdomainsspamarebeingsent.shell>qshapedeferred:showswhichdestinationshavebeenunabletobedelivered.shell>qshapeactive:showswhichdestinationsareintheprocessoftryingtobedelivered.
shell>postconfemaximal_queue_lifetime=1d:settingthequeuelifetimeto1day,whichmeansthatamessageundeliverableafter1daywillbereturnedtosenderwithan"undelivered"notice.Thedefaultqueuelifetimeis5days.Thequeuelifetimevaluecanbesetinseconds(s),minutes(m),hours(h),days(d)andweeks(w).(reloadpostfixaftersettingthispropertyservicepostfixreload).
MailLog
Logfiles:(Postfixlogsthroughsyslog,/etc/syslog.conf,onUbuntuthisisdefaultto/var/log)
/var/log/mail.log:PostfixsendsALLlogmessagestothisfile./var/log/mail.err:Postfixalsosendserrormessagestothisfile(becauseitcanbedifficulttofindtheerrormessagesinmail.log)/var/log/mail.warn:Postfixalsosendswarningmessagestothisfile.
Usethetailcommandtoviewthelogfiles:
shell>tail30/var/log/mail.log:printthelast30messagestoscreen.shell>tailf/var/log/mail.log:keepprintingnewmessagestoscreeninrealtime.
Postfixlogformat:(Postfixconsistofseveralcomponentsthateachlogstomail.logintheirownformat,howeverallentriesconsistof4elementaryparts:
1. Datetime:eg.Mar1312:54:07.2. Hostname:eg.mail1.3. ComponentID:eg.postfix/smtpd[27559]:(otherexamplesarepostfix/master[932]:orDovecot:oramavis[2021]:).4. Message:thisisverydifferentdependingonthecomponent(Iamnotsureifthesamecomponentalwayshavethesameformat)
Elementsofthepostfix/smtpdcomponentlog:
delaysa/b/c/d:a:timebeforequeuemanager,includingmessagetransmission.b:timeinqueuemanager.c:connectionsetupincludingDNS,HELOandTLS.d:messagetransmissiontime.
Myemailserverissendingalotofspamhelp
Ifyouremailserverstartstosendalotofspam,youremailserverwillbeblacklistedbydifferentemailblacklistserversandyoucannotanylongersendemailtoanyoneusingtheseblacklistservers.
Tofighttheproblem,youcanamongotherstryto:
Testthatyouremailserverisnotanopenrelay:Gotohttp://abuse.netMakeanaccountandtestifyouremailservercanbeusedasanopenrelay
SetyourlogleveltomaximumFocusonacertainlog
Ifyouhostmanywebsites,itcanbeverydifficult,eg.ifthereareanoldversionofJoomla,Mambo,Wordpressetc.,someonemaybeabletobreakinanduploadamailsendingscript.
Appendix:BasicConcepts
-
4/8/2015 UbuntuEmailServer
http://webmodelling.com/webbits/ubuntu/ubuntuemailserver.aspx#ubuntumailserverbasictest 12/18
MTA:MailTransferAgent:AnMTAreceivesandsendsoutmail.PostfixisthedefaultMTAonUbuntu(thoughExim4isalsointhemainrepository).MDA:MailDeliveryAgent:AnMDAmakesmessagesreceivedbyMTAavailablefordownloadusingeg.IMAPorPOP3.DovecotisthedefaultMDAonUbuntu(thoughCourierwithsupportforexternaldatabaseserverisalsointhemainrepository).SinceDovecotsupportsIMAP&POP3,DovecotisalsocalledanIMAP&POP3server.MUA:MailUserAgent:AMUAistheemailprogramyouusetocreateemailmessagesandtoreceiveandreadthem,eg.OutlookExpressorThunderbird.LDA:LocalDeliveryAgent:ThenanMTAdecidesthatitisitselfthefinalMTAdestinationforanemailmessage,theMTAinsteadofforwardingtheemailmessagetoyetanotherMTAneedstostoretheemailmessageonlocalstorage.PostfixcanstoreanemailmessageifthestorageformatiseithermboxorMaildir,howevertheMTAcanalsoletanLDAhandlethelocalstorage,eg.DovecotLDAisaPostfixpluginthathandlesdeliveringemailmessagesfromthePostfixservertothelocalstoragemedia.IMAP::HighbandwithprotocolforMUAtodownloademailmessagesfromMDA.TypicallyemailmessagesareonlycachedontheMUA(alsoothergoodstuff).POP3::LowbandwithprotocolforMUAtodownloademailmessagesfromMDA.TypicallyemailmessagesaredownloadedtotheMUAanddeletedontheserverbytheMDA.SMTP:SimpleMailTransferProtocol:ProtocolfortransferingemailmessagesfromMUAtoMTAandfromMTAtoanotherMTA.Mailbox:Amailboxisanemailmessagestorageformat.ThetwomostpopulararemboxandMaildir(bothsupportedbyPostfixfordirectlocaldeliverywithoutusinganLDA).mboxstoresemailmessagesinonebigfileforeachemailaccountwhileMaildirstoreseachemailmessageinitsownfile.SASL:SimpleAuthenticationandSecurityLayer:SASLisanSMTPAuthenticationprotocol/plugin.Postfixsupports2SASLimplementations,CyrusSASL&DovecotSASL.
Appendix:RelevantlinksPostfixmanualsDebianPackagedocumentationPostfixconfigurationproperties(main.cf)DovecotconfigurationpropertiesDovecotexplainedPostfixVirtualDomainHostingHowtoofficialandgoodHowtoconfigurePostfixforvirtualdomainsverygoodPostfixdocumentationforMySQLmapping
Appendix:SquirrelmailinthaiFirstoff:sorryforspammingwithanappendixthatiswithoutinterestforthemajority,howeverpartlyIalsousethispageaspersonaldocumentationandpartlythelogicisapplicableforotherlessprominentlanguagesaswell.
ConfigureSquirrelmailtodisplaythaicharacterscorrectthenemailisnotarrivinginutf8:
1. In/usr/share/squirrelmail/functions/i8n.php:1. ChangetheUScharsetfromiso88591totis620:(tis620isthethaicharacterset)
#$languages['en_US']['CHARSET']='iso88591':outcommentthisrecord.$languages['en_US']['CHARSET']='tis620';:insertthisrecordbelowtherecordjustoutcommented.
2. Thethailabeltranslationsaredefaultoutcommentedbecauselessthan50%istranslated,howeverwewanttousethem:Searchthei8n.phpfilefor$languages['th_TH']['NAME']anduncommentthe4recordsdefiningthethailanguage.
2. In/etc/squirrelmail/config.php:#$squirrelmail_default_language='en_US':outcommentthisrecord.#$default_charset='iso88591':outcommentthisrecord.$squirrelmail_default_language='th_TH';:insertthisrecordbelowthe2justoutcommentedrecords.$default_charset='tis620';:andtheninsertthisrecordalso.
Appendix:Commonerrorsandsolutions1. Dovecotunknowndatabasedrivermysql.
Reason:Ifyouhavetheaboveerror1,youhaveforgottoaddmysqlsupportfordovecot.
-
4/8/2015 UbuntuEmailServer
http://webmodelling.com/webbits/ubuntu/ubuntuemailserver.aspx#ubuntumailserverbasictest 13/18
Solution:Installthedovecotmysqlpackage:
1. shell>aptgetinstalldovecotmysql.
2. Dovecotfatal:pipe_command:execvp/usr/local/libexec/dovecot/deliver:Nosuchfileordirectory.
Reason:Ifyouhavetheaboveerror2,thenDovecotLDAisregisteredwithPostfixinmaster.cfbutwithawrongpath.Ithink/usr/local/libexec/dovecot/deliveristheoldpathtoDovecotLDAandthereforemanyguidesanddocumentationwillspecifythatpath.Thedovecotpostfixpackageversion2.0.13storesDovecotLDAin/usr/lib/dovecot/deliver.
Solution:RegisterDovecotLDAwiththerightpath:
1. shell>sedie"/\/usr\/local\/libexec\/dovecot/,s/local\/libexec/lib/"/etc/postfix/master.cf:changethepathtoDovecotLDA.(Youcanalsoopen/etc/postfix/master.cfinnanoandchangethepaththereifyoudon'tlikethesedcommand).
2. shell>/etc/init.d/postfixrestart:makethenewpathactive.
3. Dovecotdovecot:master:Error:service(anvil):Socketalreadyexists:/var/run/dovecot/anvil.
Reason:Thisisaknownbugindovecotcommon2.0.13,seehere,thattheanvilchildprocessisslowtocloseandthereforemayblockDovecotstartup.
Solution:IusethefollowingworkaroundthatinsteadofrestartingDovecot,IfirststopDovecotthenwait5secondsandthenstartDovecot(itseemstoworkeverytime).
1. shell>/etc/init.d/dovecotstop:stopthedovecotserverandWAIT5secondshopingthattheanvilchildprocessisalsostopping2. shell>/etc/init.d/dovecotstart:startthedovecotserver3. shell>nmaplocalhost:checkifpop3&imapareup,ifnotthenstopDovecotandagainwaitsometimebeforetryingtostartDovecot.
shell>/etc/init.d/dovecotstop&&sleep5&&/etc/init.d/dovecotstart:alternativelyyoucanexecutethewholeprocedureinonego.
4. Postfixpostfix/qmgr[6080]:warning:connecttotransportprivate/dovecot:Nosuchfileordirectory.
Reason:Ifyouhavetheaboveerror4,onereasoncouldbethatyouhaveenabledsaslauthforsmtpwithoutactuallyconfiguringsaslauth.Igotthiserrorwiththefollowingrelevantdefaultentriesin/etc/postfix/main.cf:
smtpd_sasl_auth_enable=yes:tellPostfixtousesaslauth.smtpd_sasl_type=dovecot:tellPostfixthatthesaslauthisdovecot.smtpd_sasl_path=private/dovecotauth:tellPostfixwheretofinddovecotsaslauthandindeedthispathisreplicatedintheerrormessage.
Solution:TellpostfixtoNOTusesaslauth:
1. shell>postconfe"smtpd_sasl_auth_enable=no
5. TryingtouseGmailsMailFetchertocheckmailusingPOP3errors:ServerdeniedPOP3accessforthegiveusernameandpassword.andServerreturnederror:"Plaintextauthenticationdisallowedonnonsecure(SSL/TLS)connections."
Reason:Dovecotdefaultdisablesplaintextauthenticationovernonsecureconnections.
Solution:ItwouldbebestifGmailMailFetchercouldworkoverasecureconnection(eg.POP3Sonport995),howeverIhavenotbeenabletomakethatwork.InsteadIsimplyconfigureDovecottoallowplaintextauthenticationalsoovernonsecureconnections:
1. emailservershell>nano/etc/dovecot/dovecot.conf:opentheDovecotmainconfigurationfileandaddthisrecord:disable_plaintext_auth=no
2. Pressctrl+xandthenytocloseandsavethehostsfile.3. emailservershell>/etc/init.d/dovecotstop&&sleep5&&/etc/init.d/dovecotstart:restartDovecotwaiting5secondsbetweenstopandstartto
bypasstheanvilchildprocessbuginDovecot2.0.13(andpossibleotherversionsaswell).
6. status=deferred(deliverytemporarilysuspended:connectto127.0.0.1[127.0.0.1]:10024:Connectionrefused)7. NOQUEUE:reject:RCPTfromunknown[]:5545.7.1:Relayaccessdeniedfrom=to=
proto=ESMTPhelo=
Reason:LasttimemyAmavisdnewwasdown,Igotthe2above6&7errormessages.ConfirmthatAmavisdnewisdown:
shell>nmaplocalhost:ifyoudon'tseeport10024inuse,thenlikelyAmavisdnewisnotlistening.shell>netstaptap:anotherwaytochecklisteningdaemons.
Solution1:RestartAmavisdnewandPostfix:
1. shell>/etc/init.d/amavisdnewrestart2. shell>servicepostfixrestart
Solution2:Restartthemailserver
6. amavis(!)ClamAVclamdavscannerFAILED:run_averror:Toomanyretriestotalkto/var/run/clamav/clamd.ctl(Can'tconnecttoUNIXsocket/var/run/clamav/clamd.ctl:Connectionrefused).
7. amavis(!!)WARN:allprimaryvirusscannersfailed,consideringbackups
Reason:Ifyouhavetheaboveerror6&7
Solution:
shell>psef|grepclam:testiftheclamdisrunning.shell>/etc/init.d/clamavdaemonstart:starttheclamd.
1. 4504.7.1:Recipientaddressrejected:SPFResult=webmodelling.com:'SERVFAIL'erroronDNS'SPF'lookupof'webmodelling.com'(inreplytoRCPTTOcommand))
Reason:
-
4/8/2015 UbuntuEmailServer
http://webmodelling.com/webbits/ubuntu/ubuntuemailserver.aspx#ubuntumailserverbasictest 14/18
Solution:
CommentsYoucancommentwithoutloggingin
Register username
Captcha
Nickname
Facebook
Save Cancel
uwilUsertype:StandardRegister:2013Feb22
Topics:1Replies:6
reportreply22Aug201319:58
hay..it'sawesomeguideandijustfollowthisguidestepbystep,butihaveprobleminstepvirtualdomain..
aftercommand>>postmapqexample.commysql:/etc/postfix/mysqlvirtual_domains.cf
outputwas>>postmap:warning:connecttomysqlserver127.0.0.1:Accessdeniedforuser'mail_admin'@'localhost'todatabase'"postfix"'postmap:fatal:tablemysql:/etc/postfix/mysqlvirtual_domains.cf:queryerror:Success
so,canyouhelpme?whatisupposedtodo??thanks
RasmusUsertype:AdminRegister:2012Dec21
Topics:0Replies:107
reportreply23Aug201311:18
Hiuwil
Myguessisthepasswordspecifiedformail_adminuserin/etc/dovecot/dovecotsql.confisnotidenticaltothepasswordspecifiedforthemail_adminuserin/etc/postfix/mysqlvirtual_domains.cfornotidenticaltothepasswordspecifiedforthemail_adminuserthenaddingmail_adminusertoMySql.
Totestifthemail_adminusercanconnect,dothefollowing:shell>mysqlumail_adminpMailAdminPassword:(thereisnospacebetweenpandMailAdminPassword).
Redothe"ConfigurePostfixforvirtualdomainsusingMySQL"sectionandpaycloseattentiontothepasswordeachtimeyouengagethemail_adminuser.
webfiddlerbynature
Anonymous
reportreply24Aug201303:39
hirasmus
thankforreply.Iguessin/etc/dovecot/dovecotsql.confisindentical,sameasin/etc/postfix/mysqlvirtual_domains.cfandMySQLusertoo
/etc/postfix/mysqlvirtual_domains.cfuser=mail_adminpassword=MailAdmindbname="Postfix"query=SELECTdomainASvirtualFROMdomainsWHEREdomain='%s'localhost=127.0.0.1
/etc/dovecot/dovecotsql.confdriver=mysqlconnect=host=127.0.0.1dbname=Postfixuser=mail_adminpassword=MailAdmindefault_pass_scheme=PLAINpassword_query=SELECTemailASuser,passwordFROMusersWHEREemail='%u'
mysqlmysql>CREATEDATABASEPostfixmysql>GRANTSELECT,INSERT,UPDATE,DELETEONPostfix.*TO'mail_admin'@'localhost'IDENTIFIEDBY'MailAdmin';
GRANTSELECT,INSERT,UPDATE,DELETEONPostfix.*TO'mail_admin'@'localhost.localdomain'IDENTIFIEDBY'MailAdmin';
please,correctmeifi'mwrong,islooksdifferent?
iusingubuntu12.04thankyou
reportreply24Aug201307:56
Hiuwil
Yourconfigurationlookscorrect,howeveryoudidnotwritewhetheryouhadtriedtomanually
Words:0 Chars:0 Charsleft:2000
B U I S Helvetica 3
-
4/8/2015 UbuntuEmailServer
http://webmodelling.com/webbits/ubuntu/ubuntuemailserver.aspx#ubuntumailserverbasictest 15/18
RasmusUsertype:AdminRegister:2012Dec21
Topics:0Replies:107
Yourconfigurationlookscorrect,howeveryoudidnotwritewhetheryouhadtriedtomanuallyconnecttothePostfixdatabaseandifyoudidwhetheryoucouldconnectornot:shell>mysqlumail_adminpMailAdminPassword
webfiddlerbynature
uwilUsertype:StandardRegister:2013Feb22
Topics:1Replies:6
reportreply24Aug201309:11
hi
oh,ihadtriedtomauanllyconnecttothePostfixdatabase,andiguessnotproblemhere..
shell>mysqlumail_adminpMailAdmin
outputcommandmysql>
anythingelse?igetstuckinthispart:(canyouhelpme,please
uwilUsertype:StandardRegister:2013Feb22
Topics:1Replies:6
reportreply24Aug201314:42
hi
goodnews,ijustwanttomakecorrection.theissuewasworkfinenow
in/etc/postfix/mysqlvirtual_domains.cfijustremoved""indbname.
/etc/postfix/mysqlvirtual_domains.cfuser=mail_adminpassword=MailAdmindbname=Postfixquery=SELECTdomainASvirtualFROMdomainsWHEREdomain='%s'localhost=127.0.0.1
postmapqexample.commysql:/etc/postfix/mysqlvirtual_domains.cf
outputcommand>>example.com
itsworkingnowthankyou:)
uwilUsertype:StandardRegister:2013Feb22
Topics:1Replies:6
reportreply24Aug201318:03
hirasmus
ihaveanotherissueagain..*sign*
afterinputcommand>>lsl/home/vmail/examples.com/uwil/Maildir/newoutputwas>>ls:cannotaccess/home/vmail/example.com/uwil/Maildir/new:Nosuchfileordirectory
iguessmail_locationwasrightin/etc/dovecot/dovecot.conf
and,whenitriedtelnetlocalhostimapshell>telnetlocalhostimapTrying127.0.0.1...Connectedtolocalhost.Escapecharacteris'^]'.*OKWaitingforauthenticationprocesstorespond..*BYEDisconnectedforinactivity.Connectionclosedbyforeignhost.
canyouhelpmeagain??plz
thankyou:)
RasmusUsertype:AdminRegister:2012Dec21
Topics:0Replies:107
reportreply26Aug201303:29
HiuwilItisalongtimesinceImanuallyworkedwithPostfix,howeverIthinkIcanrememberthatthedomainsarenotwrittento/home/vmailbeforethefirstuseronthatdomainreceivesanemailthismeansthattoseethefolder:/home/vmail/example.com/uwil/Maildir/new,[email protected],eg.usingtelnettosendtheemailthroughpostfixlike:shell>telnetlocalhost25.Iguessyouhavealreadytriedtousetelnettosendanemailtouwil@example.comthroughPostfixinwhichcasetheemailhavenotbeendeliveredcorrectly.
Reconfirmthat:
1. /etc/dovecot/dovecot.confcontainsthecorrectmail_location:mail_location=maildir:/home/vmail/%d/%n/Maildir
2. /etc/postfix/main.cfcontainsthecorrectvirtualtransport:virtual_transport=dovecot
-
4/8/2015 UbuntuEmailServer
http://webmodelling.com/webbits/ubuntu/ubuntuemailserver.aspx#ubuntumailserverbasictest 16/18
2. /etc/postfix/main.cfcontainsthecorrectvirtualtransport:virtual_transport=dovecot3. /etc/postfix/master.cfregisterthedovecotlda:dovecotunixnnpipeflags=DRhuuser=vmail:vmail
argv=/usr/lib/dovecot/deliverf${sender}d${recipient}4. Thatnoemailiswrittento/home/uwil/Maildir/new:ifthereisanemailthereafteryouusedtelnettosendan
[email protected],dovecotldawillsendemailtosystemaccountsinsteadvirtualaccounts.
5. Remembertorestartdovecot&postfixaftermakingchanges:1. shell>etc/init.d/dovecotstop&&sleep5&&/etc/init.d/dovecotstart2. shell>servicepostfixrestart
Youwillneedtoseeanemailin/home/vmail/example.com/uwil/Maildir/newbeforeitgivesmeaningtocontinuewithshell>telnetlocalhostimap
webfiddlerbynature
uwilUsertype:StandardRegister:2013Feb22
Topics:1Replies:6
reportreply26Aug201301:52
hirasmus
Iwanttoasksomethingaboutthemailserverthistutorial.ShouldweinstallandconfigureDNSserver(bind9)inubuntubeforewestarttheconfigurationofthemailserver?
RasmusUsertype:AdminRegister:2012Dec21
Topics:0Replies:107
reportreply26Aug201303:31
Hiuwil
ItisnotnecessarytoconfigureaDNSserverbeforeconfigurethemailserver(asIremember:thetutorialhaveonetestwithgmail(underTLSTestitworks)thatwillfailwithoutproperDNS,butthatshouldbeall)
webfiddlerbynature
Anonymous
reportreply29Aug201302:56
hirasmus
Iwanttoasksomethingaboutthemailserverthistutorial.ijustmakeconfigurationinSASLnow,yourelayingemailto'[email protected]',thatisnotlocaldomain?likeaccountingmail?
RasmusUsertype:AdminRegister:2012Dec21
Topics:0Replies:107
reportreply29Aug201303:50
HiAnonymous
Yes,rasmus@webmodelling.comisaremotedomainrelativetothecontextofthetutorialjustlikeyouraccountongmailwouldbe.IntheSASLsectionitisparamounttotestwitharemotedomain.
NotethoughthatgmailisnotgoodfortestingbecausegmailwillrefuseemailsifitcannotconfirmtheIPaddressofthesendingdomain(calledreverselookuporrDNS),eg.ifyousendfromexample.comonyourlocalmachine,thengmailwilllookupexample.comandreceiveanIPdifferentfromtheIPyouaresendingfrom.
webfiddlerbynature
uwilUsertype:StandardRegister:2013Feb22
Topics:1Replies:6
reportreply29Aug201304:10
hirasmus
thankforreplysorryi'mforgettologin,i'mpersonwhoaskthequestion
so,whatisupposedtodo,togetmaketestingiftheSASLTLSworkinginmymailserverasrelayingemaillikeyourtutorial.ihaveonlyaccountsgmailfortherealemail,andidon'thavedomainlike'webmodelling.com'asyou.
canyouadviceme?
RasmusUsertype:AdminRegister:2012Dec21
Topics:0Replies:107
reportreply29Aug201305:42
Hiuwil
Ihavecreatedanemailaddressforyou:[email protected],youcanaccessyouremailonlineatwebmail.webmodelling.comusinguwil@webmodelling.comforusernameandthepasswordIhavePM'edyou.
webfiddlerbynature
reportreply29Aug201307:45
hirasmus
-
4/8/2015 UbuntuEmailServer
http://webmodelling.com/webbits/ubuntu/ubuntuemailserver.aspx#ubuntumailserverbasictest 17/18
Anonymous
thankyousomuchforeverythingyourhelp..i'msopleasure
[email protected],butit'[email protected]:(
canhelpmeagain?thank
RasmusUsertype:AdminRegister:2012Dec21
Topics:0Replies:107
reportreply29Aug201311:36
Hiuwil
Inthe"SASLtestitworks"thereare3tests.Tellmeexactlywhatpartsofthetestsyoucanpassandwhatyoucannotpass.
webfiddlerbynature
uwilUsertype:StandardRegister:2013Feb22
Topics:1Replies:6
reportreply30Aug201304:58
"ThirdconfirmthatyoucanlogonandthatPostfixaccepttorelaythemessage"
[email protected],buticannotrecievethatemai..inboxstillempty..
beforethatiguessihavepassedtheAUTHPLAIN,andsuccess..
RasmusUsertype:AdminRegister:2012Dec21
Topics:0Replies:107
reportreply30Aug201314:47
Hiuwil
Ifyoupassed"SASLTestitworks"test3.3.3"2352.7.0Authenticationsuccessful",thenSASLshouldactuallyworkandlikelysomethingelseisprohibitingyoufromsendingmail.
Youshouldlookinthelogfiles:/var/log/mail.log&/var/log/mail.err.JustaftertryingoutSASLtest3,youshoulddothefollowing:
shell>tail50/var/log/mail.log:printthelast50recordsofmail.logtoscreen.shell>tail50/var/log/mail.errshell>mailq:seeifsomethingispendinginthemailqueue.
Hopefullyyouwillbeabletogetahintfromtheabove.
webfiddlerbynature
RasmusUsertype:AdminRegister:2012Dec21
Topics:0Replies:107
reportreply02Sep201303:02
Hiuwil,[email protected]@domain.comItakeityouhavemadeSASLwork?Inthatcase:congratulation
webfiddlerbynature
MostdownloadedC#UtilityFunctionsFlexCaptchaQueryString
PopularreadISPConfigsetupInstallOracleonSolarisUbuntuVirtualizationBacula
FavouriteProjectsfindthaifurniture.comfavouritebaker.commenulab.com
-
4/8/2015 UbuntuEmailServer
http://webmodelling.com/webbits/ubuntu/ubuntuemailserver.aspx#ubuntumailserverbasictest 18/18