imported>ThorstenStaerk |
imported>WikiSysop |
Line 1: |
Line 1: |
− | = Overview =
| + | This article shows how to set up webmail. We use the software [http://en.wikipedia.org/wiki/Squirrelmail Squirrelmail]. |
− | When you have [[set up a mail server]] you can by default send mails within your own domain (e.g. linuxintro.org) but not to the outside. What you probably want is that internet users can connect via a mail client, e.g. Thunderbird to your mail server. If they know a valid username and password, they are allowed to read and send mails.
| |
| | | |
− | = Configure it =
| + | Download SquirrelMail from http://www.SquirrelMail.org. |
− | Authentication is done by saslauthd. So install saslauthd, in this case for SUSE Linux:
| + | Unpack it: |
− | [[yast]] -i cyrus-sasl-saslauthd
| + | tar xvzf squirrelmail-''1.4.15''.tar.gz |
− | Start the service:
| + | Configure it: |
− | /etc/init.d/saslauthd start
| + | cd squirrelmail-''1.4.15'' |
− | Make sure your authentication service is running:
| + | ./configure |
− | /etc/init.d/saslauthd status
| + | Install it: |
− | has to deliver
| + | cd |
− | running
| + | mv squirrelmail* /srv/www/htdocs/mail |
− | Make sure the service starts on boot
| |
− | chkconfig saslauthd on
| |
− | In /etc/postfix/main.cf, set
| |
− | smtpd_sasl_auth_enable = yes
| |
− | In /etc/postfix/main.cf, add permit_sasl_authenticated to smtpd_recipient_restrictions. The resulting line may look like this:
| |
− | smtpd_recipient_restrictions = permit_mynetworks,
| |
− | permit_sasl_authenticated,
| |
− | reject_unauth_destination,
| |
− | check_policy_service inet:127.0.0.1:60000
| |
− | | |
− | Restart Postfix
| |
− | /etc/init.d/postfix restart
| |
− | | |
− | = Test it =
| |
− | To test it, find out your plain authentication string. To do this, [[open a console]] and do a base64 encoding of your username (''myuser'' in this example) and your password (''mypassword'' in this example):
| |
− | # perl -MMIME::Base64 -e 'print encode_base64("''myuser''\0''myuser''\0''mypassword''");' | |
− | You get a string that we will need again soon, it looks like
| |
− | ''bXl1c2VyAG15dXNlcgBteXBhc3N3b3Jk''
| |
− | Now connect to your mail server (in this example linuxintro.org):
| |
− | # telnet ''linuxintro.org'' 25
| |
− | The server responds:
| |
− | Trying ''108.166.126.74''...
| |
− | Connected to ''linuxintro.org''.
| |
− | Escape character is '^]'. | |
− | 220 ''mail.linuxintro.org'' ESMTP Postfix
| |
− | If you are missing the response "Connected to...", your internet provider is probably blocking port 25. In this case read [[setting up a mail server on port 587]]. Otherwise you write
| |
− | EHLO hostname
| |
− | Now the server responds like
| |
− | 250-mail.linuxintro.org | |
− | 250-PIPELINING
| |
− | 250-SIZE
| |
− | 250-VRFY
| |
− | 250-ETRN
| |
− | 250-AUTH LOGIN PLAIN
| |
− | 250-ENHANCEDSTATUSCODES
| |
− | 250-8BITMIME
| |
− | 250 DSN
| |
− | Now you write
| |
− | AUTH PLAIN ''bXl1c2VyAG15dXNlcgBteXBhc3N3b3Jk''
| |
− | The server writes
| |
− | 235 2.7.0 Authentication successful
| |
− | This means it has worked. So write
| |
− | QUIT
| |
− | And you see the response
| |
− | 221 2.0.0 Bye
| |
− | Connection closed by foreign host.
| |
− | | |
− | = TroubleShooting =
| |
− | | |
− | == Authentication not enabled ==
| |
− | ;Symptom:
| |
− | You get
| |
− | Sending failed: Your SMTP server does not support authentication. The server responded: "5.5.1 Error: authentication not enabled"
| |
− | | |
− | ;Solution:
| |
− | You will need to modify /etc/postfix/main.cf, set
| |
− | smtp_sasl_auth_enable = yes
| |
− | smtpd_sasl_auth_enable = yes
| |
− | and restart postfix:
| |
− | /etc/init.d/postfix restart
| |
− | | |
− | == generic failure ==
| |
− | ;Symptom:
| |
− | You get
| |
− | Sending failed. Most likely the password is wrong. The server responded: "5.7.8 Error: authentication failed: generic failure"
| |
− | | |
− | ;Solution:
| |
− | You need to make sure your authentication service has been started:
| |
− | /etc/init.d/saslauthd status | |
− | has to deliver
| |
− | running
| |
− | | |
− | == no authentication mechanism available ==
| |
− | ;Symptom:
| |
− | You get
| |
− | Sending failed: Your SMTP server does not support The server responded: "5.7.8 Error: authentication failed: no mechanism available"
| |
− | | |
− | ;Reson:
| |
− | You may have
| |
− | * plain
| |
− | * digest-md5
| |
− | * cram-md5
| |
− | as authentication method in kmail.
| |
− | | |
− | ;Solution:
| |
− | Change this to Login.
| |
− | | |
− | == no worthy mechanisms found ==
| |
− | ;Symptom:
| |
− | You get
| |
− | Sending failed: An error occurred during authentication: SASL(-4):no mechanism available: No worthy mechs found | |
− | | |
− | ;Reason:
| |
− | You may have
| |
− | * GSSAPI
| |
− | as authentication method in kmail.
| |
− | | |
− | ;Solution:
| |
− | Change this to Login.
| |
− | | |
− | == no mail is sent ==
| |
− | ;Symptom:
| |
− | Nothing happens and no mail is sent
| |
− | | |
− | ;Reason:
| |
− | You may have
| |
− | * NTLM
| |
− | as authentication method in kmail.
| |
− | | |
− | ;Solution:
| |
− | Change this to Login.
| |
− | | |
− | = See also =
| |
− | * [[Set_up_a_mail_server_on_port_587]]
| |
− | * http://samcaldwell.net/index.php/technical-articles/3-how-to-articles/15-creating-tls-certificate-using-openssl | |
− | * http://www.adomas.org/2006/08/postfix-dovecot/
| |