Difference between revisions of "Set up a mail server"

From LinuxIntro
Jump to: navigation, search
(mail aliases)
 
(14 intermediate revisions by 3 users not shown)
Line 38: Line 38:
 
We will use the postfix software for the MTA service. We use its default configuration, so every operating system user will get an e-Mail-address in the form ''username''@''domain''.
 
We will use the postfix software for the MTA service. We use its default configuration, so every operating system user will get an e-Mail-address in the form ''username''@''domain''.
  
Install postfix:
+
* Install postfix:
 
  yast -i postfix
 
  yast -i postfix
Should it already be installed, no matter. Now run it:
+
* Should it already be installed, no matter. Now run it:
 
  /etc/init.d/postfix start
 
  /etc/init.d/postfix start
As a test, send yourself a mail:
+
* Find out your ''hostname''. The server will only accept mails for addresses @''hostname'':
  sendmail -t root@127.0.0.1 << EOF
+
cat /etc/postfix/main.cf | grep "myhostname *="
 +
myhostname = ''linuxintro.org''
 +
: in this case you must send mails to ''user''@''linuxintro.org''
 +
* As a test, send yourself a mail:
 +
  sendmail -t <abbr title="your user name">root</abbr>@<abbr title="myhostname as defined in /etc/postfix/main.cf">127.0.0.1</abbr> << EOF
 
  this is test mail number 1
 
  this is test mail number 1
 
  EOF
 
  EOF
See if the mail has arrived:
+
* See if the mail has arrived:
 
  cat /var/spool/mail/root
 
  cat /var/spool/mail/root
 
  [...]
 
  [...]
Line 63: Line 67:
 
   
 
   
 
  --09AAC18BAC06A.1217966943/whatever.dedicated.blah.de--
 
  --09AAC18BAC06A.1217966943/whatever.dedicated.blah.de--
To see if this has really changed something, we stop postfix now and see if it still works:
+
* Now let's provoke an error. We stop postfix now and see if it still works:
 
  /etc/init.d/postfix stop
 
  /etc/init.d/postfix stop
 +
* We send a mail
 +
sendmail -t <abbr title="your user name">root</abbr>@<abbr title="myhostname as defined in /etc/postfix/main.cf">127.0.0.1</abbr> << EOF
 +
this is test mail number 1
 +
EOF
 +
* and look if it has arrived:
 
  cat /var/spool/mail/root
 
  cat /var/spool/mail/root
It has not arrived. To see that the mail is still in the mail queue, issue the command mailq and see the result:
+
* It has not arrived. To see that the mail is still in the mail queue, issue the command mailq and see the result:
 
  tweedleburg:~ # mailq
 
  tweedleburg:~ # mailq
 
  postqueue: warning: Mail system is down -- accessing queue directly
 
  postqueue: warning: Mail system is down -- accessing queue directly
Line 76: Line 85:
 
As you see, the mail is still in the mail queue and you get a warning "Mail system is down".
 
As you see, the mail is still in the mail queue and you get a warning "Mail system is down".
  
A server is a background program listening on a network port. What was smtp's port again?
+
* A server is a background program listening on a network port. What was smtp's port again?
 
  tweedleburg:~ # cat /etc/services | grep smtp
 
  tweedleburg:~ # cat /etc/services | grep smtp
 
  smtp            25/tcp    mail        # Simple Mail Transfer
 
  smtp            25/tcp    mail        # Simple Mail Transfer
It was 25. Let's see if postfix listens there, first install nmap:
+
* It is 25. Let's see if postfix listens there, first install nmap:
 
  yast -i nmap
 
  yast -i nmap
 
  nmap localhost
 
  nmap localhost
no port 25. Start postfix again:
+
* no port 25. Start postfix again:
 
  /etc/init.d/postfix start
 
  /etc/init.d/postfix start
And see:
+
* And see:
 
  tweedleburg:~ # nmap localhost
 
  tweedleburg:~ # nmap localhost
 
   
 
   
Line 110: Line 119:
 
  This is the 2nd test mail.
 
  This is the 2nd test mail.
 
Now you can use kmail to read your mails.
 
Now you can use kmail to read your mails.
 +
 +
== Set mydestination ==
 +
Let's assume you want to receive mails for info@venus.org. As long as postfix does not know it is supposed to accept mails for the destination venus.org it will not do it. To tell postfix to accept mails for venus.org, set the variable mydestination in /etc/postfix/main.cf like this:
 +
mydestination = $myhostname, localhost.$mydomain, venus.org
  
 
== mail aliases ==
 
== mail aliases ==
Maybe you want webmaster@yourdomain and info@yourdomain to be delivered to yourname@yourdomain. In this case, install webmin and choose Servers -> Postfix -> Mail aliases like shown below:
+
Maybe you want webmaster@yourdomain and info@yourdomain to be delivered to yourname@yourdomain. In this case:
[[Image:Snapshot-postfix-config-mailalias.png]]
+
* edit /etc/aliases to read like:
 +
# See man 5 aliases for format
 +
postmaster:   root
 +
dev:    thorsten
 +
: in this case we have inserted the alias ''dev'' to redirect mail to ''thorsten''. So mail to dev@yourdomain will be delivered to thorsten@yourdomain.
 +
* check if /etc/aliases.db contains the new alias:
 +
# strings /etc/aliases.db
 +
root
 +
postmaster
 +
UNKNOWN
 +
YP_MASTER_NAME
 +
1430749783
 +
YP_LAST_MODIFIED
 +
: it does not
 +
* create the new /etc/aliases.db with the command
 +
newaliases
 +
* check /etc/aliases.db contains the new alias:
 +
# strings /etc/aliases.db
 +
root
 +
postmaster
 +
staerk.de
 +
YP_MASTER_NAME
 +
1449995676
 +
YP_LAST_MODIFIED
 +
thorsten
  
 
== TroubleShooting ==
 
== TroubleShooting ==
Line 168: Line 205:
 
In this case, ''92.15.221.77'' will be replaced by your IP address.
 
In this case, ''92.15.221.77'' will be replaced by your IP address.
  
== Using Spamhaus/Greylisting for blocking ==
+
= Using Spamhaus/Greylisting for blocking =
  
 
Adding Spamhaus to smtpd_recipient_restrictions:
 
Adding Spamhaus to smtpd_recipient_restrictions:
Line 184: Line 221:
  
 
* [[set up an imap service]] - so you can finally read your mail
 
* [[set up an imap service]] - so you can finally read your mail
* [[set up sender verification]] - so only you can send mail
+
* [[set up your mail server for sending]] - so authenticated users can send mail
 
* [[set up webmail]] - so you can write and read mail from any internet cafe (using a browser)
 
* [[set up webmail]] - so you can write and read mail from any internet cafe (using a browser)
 
* [[set up a web calendar]] - you want a calendar to accompany your webmail
 
* [[set up a web calendar]] - you want a calendar to accompany your webmail
 +
* [[fight spam]] - now it's time to fight spam
 +
* [[collect mails from other accounts]]

Latest revision as of 08:44, 13 December 2015

Contents

Understand what you are doing

To set up a mail server, you must first be clear about

  • what an MTA is
  • what a MUA is
  • what imap is
  • what pop is
  • what smtp is
  • what an MX record is
  • what sendmail is

To explain all this, here is a little story how Alice and Bob communicate via mail: Alice wants to write a mail to Bob. Alice uses kmail as mail program. kmail is her mail user agent, her MUA. She writes to Bob whose address is bob@home.org. Of course, the content of her mail is secret so we won't tell it here. After she clicks "send", her MUA transmits the mail to Alice's outgoing mail server. This server has a little program on it called sendmail. This program looks up home.org's MX record. You can do this on your own using the command

dig -t mx home.org

It uses the IP address that it gets and, using the IP protocol, sends Alice's mail there.

Ok, and at this IP address, the message transfer agent of home.org can be reached. This is a server that "speaks" the simple mail transfer protocol SMTP. It can receive mails, and also send them. It has also run on Alice's outgoing mail server. The smtp server receives the mail for Bob and puts it into his mailbox. Bob is asleep at the moment.

The next morning, Bob wakes up and uses his kmail to check his mail. kmail must know how it gets Bob's mailbox. There are two possibilities for that. Either Bob has a pop service running on his server where his mailbox is. In this case, kmail just fetches all mails from the mailbox and (optionally) deletes them. Or Bob has an imap service running there. In this case, Bob gets all mails displayed in his kmail, but they remain on the server. First when Bob presses "delete" in his mail program, the mails are deleted from the mailbox.

Bob can also collect his mails from his various mail accounts around the net. This is where fetchmail comes into the game.

This little story explains:

  • an MTA is responsible for sending and receiving mail
  • a MUA is responsible for displaying mail
  • for a MUA to be able to display mail, you still need an imap or pop server

Know your options

  • Well-known MTAs are postfix and sendmail (both use the command sendmail to send mail)
  • Well-known MUAs include kmail and thunderbird
  • imap and pop can be done by courier and cyrus

In this tutorial we use

  • postfix as MTA
  • courier as imap server
  • kmail as MUA

Set up your MTA

We will use the postfix software for the MTA service. We use its default configuration, so every operating system user will get an e-Mail-address in the form username@domain.

  • Install postfix:
yast -i postfix
  • Should it already be installed, no matter. Now run it:
/etc/init.d/postfix start
  • Find out your hostname. The server will only accept mails for addresses @hostname:
cat /etc/postfix/main.cf | grep "myhostname *="
myhostname = linuxintro.org
in this case you must send mails to user@linuxintro.org
  • As a test, send yourself a mail:
sendmail -t root@127.0.0.1 << EOF
this is test mail number 1
EOF
  • See if the mail has arrived:
cat /var/spool/mail/root
[...]
--09AAC18BAC06A.1217966943/whatever.dedicated.blah.de
Content-Description: Undelivered Message
Content-Type: message/rfc822

Received: by whatever.dedicated.blah.de (Postfix, from userid 0)
        id 09AAC18BAC06A; Tue,  5 Aug 2008 22:09:03 +0200 (CEST)
Message-Id: <20080805200903.09AAC18BAC06A@whatever.dedicated.blah.de>
Date: Tue,  5 Aug 2008 22:09:03 +0200 (CEST)
From: root@whatever.dedicated.blah.de (root)
To: undisclosed-recipients:;

this is test mail number 1

--09AAC18BAC06A.1217966943/whatever.dedicated.blah.de--
  • Now let's provoke an error. We stop postfix now and see if it still works:
/etc/init.d/postfix stop
  • We send a mail
sendmail -t root@127.0.0.1 << EOF
this is test mail number 1
EOF
  • and look if it has arrived:
cat /var/spool/mail/root
  • It has not arrived. To see that the mail is still in the mail queue, issue the command mailq and see the result:
tweedleburg:~ # mailq
postqueue: warning: Mail system is down -- accessing queue directly
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
8BD931648935       88 Mon Aug  4 21:14:48  root
                                         root@127.0.0.1

-- 0 Kbytes in 1 Request.

As you see, the mail is still in the mail queue and you get a warning "Mail system is down".

  • A server is a background program listening on a network port. What was smtp's port again?
tweedleburg:~ # cat /etc/services | grep smtp
smtp             25/tcp    mail         # Simple Mail Transfer
  • It is 25. Let's see if postfix listens there, first install nmap:
yast -i nmap
nmap localhost
  • no port 25. Start postfix again:
/etc/init.d/postfix start
  • And see:
tweedleburg:~ # nmap localhost

Starting Nmap 4.20 ( http://insecure.org ) at 2008-08-05 06:19 CEST
Interesting ports on localhost (127.0.0.1):
Not shown: 1689 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
[...]

Set up Maildirs

We want to use Maildirs as special mailboxes. This is because courier can only handle those. So, change /etc/postfix/main.cf, replace

#home_mailbox = Maildir/

by

home_mailbox = Maildir/

and restart postfix:

/etc/init.d/postfix restart

Now look that you can receive mails:

sendmail -t testuser@localhost << EOF
This is the 2nd test mail.
EOF
cat /home/testuser/Maildir/new/*
[...]
This is the 2nd test mail.

Now you can use kmail to read your mails.

Set mydestination

Let's assume you want to receive mails for info@venus.org. As long as postfix does not know it is supposed to accept mails for the destination venus.org it will not do it. To tell postfix to accept mails for venus.org, set the variable mydestination in /etc/postfix/main.cf like this:

mydestination = $myhostname, localhost.$mydomain, venus.org

mail aliases

Maybe you want webmaster@yourdomain and info@yourdomain to be delivered to yourname@yourdomain. In this case:

  • edit /etc/aliases to read like:
# See man 5 aliases for format
postmaster:    root
dev:    thorsten
in this case we have inserted the alias dev to redirect mail to thorsten. So mail to dev@yourdomain will be delivered to thorsten@yourdomain.
  • check if /etc/aliases.db contains the new alias:
# strings /etc/aliases.db 
root
postmaster
UNKNOWN
YP_MASTER_NAME
1430749783
YP_LAST_MODIFIED
it does not
  • create the new /etc/aliases.db with the command
newaliases
  • check /etc/aliases.db contains the new alias:
# strings /etc/aliases.db 
root
postmaster
staerk.de
YP_MASTER_NAME
1449995676
YP_LAST_MODIFIED
thorsten

TroubleShooting

postfix dies

If you call

/etc/init.d/postfix status 

and get the message "dead", see /var/log/mail.err what happened. If you see something like

postfix/master[5573]: fatal: bind 127.0.0.1 port 25: Address already in use

use

lsof -i 

to find out what process is blocking the smtp port and kill this process using the command kill.

Set your MX record

If you want to receive mail that goes to the address whatever@domain.org, you need to set the MX record of domain.org. The MX record must be the ip address of the server where the MTA is running. To find out your current MX record, use dig:

tweedleburg:~ # dig -t mx linuxintro.org

; <<>> DiG 9.4.2-P1 <<>> -t mx linuxintro.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9367
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;linuxintro.org.                        IN      MX

;; ANSWER SECTION:
linuxintro.org.         86400   IN      MX      50 mx0.linuxintro.org.

;; ADDITIONAL SECTION:
mx0.linuxintro.org.     86400   IN      A       80.237.138.5

;; Query time: 59 msec
;; SERVER: 194.25.2.129#53(194.25.2.129)
;; WHEN: Sat Sep 20 14:43:23 2008
;; MSG SIZE  rcvd: 68

In this case, the MX record points to mx0.linuxintro.org whose ip address is 80.237.138.5

adapt "mydestination"

Before you set the MX record, all mails arriving were addressed to whatever@localhost. Now, say we are talking about mydomain.org, mails arriving can also be addressed to mydomain.org. We need to tell postfix to accept those. Modify /etc/postfix/main.cf:

mydestination = $myhostname, localhost.$mydomain, mydomain.org

and restart postfix:

/etc/init.d/postfix restart

adapt inet_interfaces

Next thing is that you tell your server to accept connections from the public internet. Modify /etc/postfix/main.cf:

inet_interfaces = localhost, mydomain.org

and restart postfix:

/etc/init.d/postfix restart 

verify the network is open to the outside:

netstat -putan | grep 25
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      18022/master
tcp        0      0 92.15.221.77:25        0.0.0.0:*               LISTEN      18022/master

In this case, 92.15.221.77 will be replaced by your IP address.

Using Spamhaus/Greylisting for blocking

Adding Spamhaus to smtpd_recipient_restrictions:

smtpd_recipient_restrictions = permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination,
        reject_rbl_client zen.spamhaus.org,  <- Spamhaus Blocklist
        check_policy_service inet:127.0.0.1:60000  <- Greylisting

Now strange users (i.e. users which cannot be identified with SASL) will be blocked, if they are listed in the Spamhaus Directory and are subject to Greylisting.

What comes next?