Introduction
This page describes site-specific configure of various mail services. The actual installation of postfix, etc is covered by MDI.
Procedure
SMTP
- On all systems, complete the following general sub-procedure:
Edit /etc/dovecot/dovecot.conf and set:
protocols = none #log_path = ...
Run:
service dovecot restart
Edit /etc/postfix/main.cf to contain only:
#mynetworks = ... # mynetworks is limited to this host itself (mynetworks defines priviliged clients) mynetworks_style = host # what NICs do I listen for client connections on? inet_interfaces = loopback-only # this will affect message IDs myhostname = <fully-qualified-hostname> # this will affect what's on the right of '@' in unqualified From: addresses myorigin = /etc/mailname smtpd_recipient_restrictions = reject smtpd_helo_required = yes smtpd_helo_restrictions = reject local_header_rewrite_clients = permit_inet_interfaces masquerade_classes = envelope_sender, header_sender, header_recipient alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mailbox_size_limit = 0
Run:
service postfix restart
(This is needed if inet_interfaces changes.)
- To configure delivery of all email to go to a smart host on the local network, complete the following sub-procedure:
Add the following to /etc/postfix/main.cf:
# this is needed so upstream masquerader recognises our mails as to be masqueraded append_dot_mydomain = yes #smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem #smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key #smtpd_use_tls = yes #smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache #smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # don't accept anything for local delivery mydestination = relayhost = <fully-qualified-hostname-of-smart-host>Run:
postfix reload
Test by running:
tail -f /var/log/mail.info & date | mailx <remote-address>
- To configure direct delivery of internet-bound email, complete the following sub-procedure:
Add the following to /etc/postfix/main.cf:
# I'm not sure if this is needed or not - will confirm later #append_dot_mydomain = no #smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem #smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key #smtpd_use_tls = yes #smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache #smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # mails to this host will be delivered locally mydestination = localhost, $myhostname # everything else will go direct, not via a relayRun:
postfix reload
- To configure delivery of internet-bound email to go via a remote smart host, complete the following sub-procedure:
Add the following to /etc/postfix/main.cf:
# next line not verified append_dot_mydomain = no smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = # mails to this host will be delivered locally mydestination = localhost, $myhostname # everything else to be relayed via here relayhost = <fully-qualified-hostname-of-smart-host>
Edit /etc/postfix/sasl_passwd and add an entry of the format:
<name-of-upstream-mail-relay> <login>:<password>
"Compile" the config file by running:
postmap hash:/etc/postfix/sasl_passwd
- Edit /etc/mailname and put your publicly meaningful hostname in there.
Run:
postfix reload
Test by running:
tail -f /var/log/mail.info & date | mailx <remote-address>
- To configure reception of email from the internet, but only for delivery into local mailboxes, complete the following sub-procedure:
- Install the following packages and their prerequisites:
- postgrey
Edit /etc/default/postgrey and change the definition of POSTGREY_OPTS as below:
POSTGREY_OPTS="--inet=127.0.0.1:10023"
Run:
service postgrey restart
Add the following to /etc/postfix/main.cf:
mailbox_command = /usr/lib/dovecot/deliver
Change the following in /etc/postfix/main.cf:
inet_interfaces = all smtpd_recipient_restrictions = reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, check_policy_service inet:127.0.0.1:10023, permit smtpd_helo_restrictions = reject_invalid_helo_hostname, reject_unknown_helo_hostname mydestination = ..., <fully-qualified-hostname-of-this-machines-name-as-seen-by-the-internet>
(There are already definitions for 'smtpd_recipient_restrictions' and 'smtpd_helo_restrictions'; change the entire lines. There is already a definition for 'mydestination'; just add the specified value to it.)Run:
service postfix restart
(This is needed if inet_interfaces changes.)
Test by running:
tail -f /var/log/mail.info & ssh <remote-machine> date | mailx <local-address>
Mails should bounce but only because delivery into local mailboxes is not configured, not because the mail is not accepted.
- Install the following packages and their prerequisites:
- To configure reception of email from authenticated email clients (be they local or remote, be they for delivery into local mailboxes or for relaying), complete the following sub-procedure:
Add the following to /etc/postfix/main.cf:
smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes
Change the following in /etc/postfix/main.cf:
smtpd_recipient_restrictions = permit_sasl_authenticated, ... smtpd_helo_restrictions = permit_sasl_authenticated, ...
Note that these 'permit' values must appear first in the list of values on the right hand side of the '=', otherwise other 'reject' values may be applied first (e.g. 'reject_unauth_destination').Run:
postfix reload
Edit /etc/dovecot/dovecot.conf, locate the block:
auth default { ... }and insert inside it:
mechanisms plain login ... socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } }Run:
service dovecot restart
- Test by sending a mail from a remote client, with the SMTP server defined as this one. (Beware that firewall policies on the machine you are sending from may mean that your server is not reachable on port 25.) Mails should bounce but only because delivery into local mailboxes is not configured, not because the mail is not accepted.
- To configure reception of email from the local network (using qualified or unqualified addresses, be they for delivery into local mailboxes or for relaying), complete the following sub-procedure:
Add the following to /etc/postfix/main.cf:
masquerade_domains = $mydomain
Change the following in /etc/postfix/main.cf:
mynetworks_style = subnet # accept for local delivery emails with To: address user@anything.my.domain mydestination = ..., $mydomain local_header_rewrite_clients = permit_mynetworks smtpd_recipient_restrictions = ... permit_mynetworks ... smtpd_help_restrictions = ... permit_mynetworks ... masquerade_classes = ... envelope_recipient, ...
Note that these 'permit' values must appear first in the list of values on the right hand side of the '=', otherwise other 'reject' values may be applied first (e.g. 'reject_unauth_destination').Run:
postfix reload
- Test by sending a mail from a local client, with the SMTP server defined as this one and deliberately not providing any authentication. Mails should bounce but only because delivery into local mailboxes is not configured, not because the mail is not accepted.
- To configure the handling of email for local mailboxes by dovecot, complete the following sub-procedure:
Change the following in /etc/dovecot/dovecot.conf:
mail_location = maildir:/var/mail/maildir/%u:INDEX=/var/mail/indexes/%u
- If you need to allocate storage for this then do so now.
Edit /etc/dovecot/dovecot.conf, locate the block:
#protocol lda { ... #}and uncomment it and the following elements in it:
protocol lda { postmaster_address = alexis@dione.no-ip.org auth_socket_path = /var/run/dovecot/auth-master }Edit /etc/dovecot/dovecot.conf, locate the block:
auth default { socket listen { ... } }and insert inside it:
master { path = /var/run/dovecot/auth-master mode = 0600 user = group = }Run:
service dovecot restart
Add the following to /etc/postfix/main.cf:
mailbox_command = /usr/lib/dovecot/deliver
Run:
postfix reload
If necessary run:
mkdir -p /var/mail/{maildir,indexes} chmod 1777 /var/mail/{maildir,indexes}- Test by sending a mail and verify it arrives in /var/mail/{maildir,indexes}. (You still will not be able to use an IMAP mail client to read your mail as IMAP access has not yet been enabled.)
Edit /etc/aliases and add a suitable for root and then run:
newaliases
IMAP
- To configure retrieval of emails from local mailboxes via IMAP, complete the following sub-procedure:
If the IMAP server will access mailbox files via NFS then change the following in /etc/dovecot/dovecot.conf:
mmap_disable = yes fsync_disable = no mail_nfs_storage = yes mail_nfs_index = yes
Change the following in /etc/dovecot/dovecot.conf:
protocols = imaps
Run:
service dovecot restart
- Test by accessing the mailboxes via IMAP.
Mailman
Much of this is taken from http://www.debian-administration.org/articles/108.
Run:
apt-get install mailman
This will generate the following output:
Site list for mailman missing (looking for list named 'mailman'). (warning). Please create it; until then, mailman will refuse to start. (warning).
The above errors are because installation of mailman does not create the any mailing lists but one specific list is required. Create this now by running:
newlist mailman
and when prompted enter your own email address as list admin and set a password for the list. A list of aliases will be written to standard output, like this:
## mailman mailing list mailman: "|/var/lib/mailman/mail/mailman post mailman" mailman-admin: "|/var/lib/mailman/mail/mailman admin mailman" ...
Copy that entire alias list into /etc/aliases and run:
newaliases
Now mailman can be started successfully by running:
service mailman start
Check that the web interface is accessible by visiting http://<your-mail-server>/cgi-bin/mailman/listinfo.
Migrating mailing lists from an old mail server
On the old mail server run:
cd /var/lib/mailman tar cf /tmp/old.tar archive lists
Copy the tar file over to the new system and run:
cd /var/lib/mail mv archive archive.old mv lists lists.old tar xf /tmp/old.tar
Creating mailing lists
The procedure above was to install mailman. This procedure is for creating mailing lists.
- Determine the following:
- name of the list to create,
- email address of the list administrator (this is probably the address of the person requesting creation of the list),
the hostname part of the mailman access URL; this might be <your-web-server> or <your-mail-server> or some 'dyndns' hostname, depending on your local setup (e.g. for me this is dione.no-ip.org). We'll refer to this as <web-server-hostname>,
the hostname part of the email addresses for the lists; this might be <your-domain> or some 'dyndns' hostname, depending on your local setup (e.g. for me this is dione.no-ip.org). We'll refer to this as <mail-server-hostname>.
Create a mailing list by running:
newlist --urlhost=<web-server-hostname> --emailhost=< <list-name>
and when prompted enter the email address of the list admin and set a password for the list. A list of aliases will be written to standard output, like this:
## foo mailing list foo: "|/var/lib/mailman/mail/mailman post foo" foo-admin: "|/var/lib/mailman/mail/mailman admin foo" ...
Copy the entire alias list into /etc/aliases and run:
newaliases
Visit http://<web-server-hostname>/cgi-bin/mailman/admin/<list-name> and adjust the privacy options.
Miscellaneous
- If the mail server is a replacement, then compare the mail configuration with the old system's mail configuration.