Fedora 8 / 9
MyFedora
Life with Fedora 8 (Werewolf)
MyRpms Download
This is my review: please note it is not complete
|
Installation |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Howto: ISP-style Email Server with Fedora 9 and Postfix, Dovecot, and MySQLWhen you are done with the setup your server will be able to...
The intention of this document is rather to make you understand the different components that you are using. In the end you will be skilled enough to debug problems yourself. The configuration described here is not very complicated but still needs to be done carefully. You are expected to have at least basic knowledge of:
· SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. To use SASL, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating protection of subsequent protocol interactions. If its use is negotiated, a security layer is inserted between the protocol and the connection.
o Dovecot-IMAP/POP3/POP3s/IMAPs. Dovecot is an alternative IMAP server, known to perform a lot better than Courier, especially with clients like thunderbird and mail.app. It is also slightly easier to configure, and works well with the virtual users setup.
o Configuration of ClamAv, Spam Assassin, MailScanner. Basic Understanding of how the setup works: Virtual Domains in a DatabaseInternet Service providers maintain mail for thousands of domains they host. These domains are not necessarily keyed in in the /etc/postfix/main.cf file. Postfix offers a better way to handle such domains and accounts by means of virtual domains and virtual users.In addition to local users (those being listed in your /etc/passwd) Postfix can handle any number of virtual users on virtual domains. Virtual users cannot log into your computer and they have neither a user ID nor a home directory. They just exist in the database. But if you connect Postfix to the database those users can suddenly receive emails. Postfix can work on a list of those virtual users and deliver emails to any directory you like. This would look like:
Postfix looks for the mapping of virtual users to virtual mailboxes in the virtual_mailbox_maps setting. The left-hand side (LHS) of the mapping is the email address and the right-hand side (RHS) is the location of the mailbox or maildir on your harddisk. You also need to tell Postfix which virtual domains you want to use. If a domain is not used on your system then Postfix will reject emails. This would be a list of domains: virtual_mailbox_domains Postfix checks which virtual domains you want to receive mail for by looking at the virtual_mailbox_domains list. Since Postfix just has a notion of mappings (two columns) a list is (ab)using a mapping where the right-hand side (RHS) just contains any string.
You have now seen that a mapping assigns one value to another. If you query a database you need to tell Postfix which two columns you mean. This is done through 'cf' files as documented at http://www.postfix.org/MYSQL_README.html or through "man 5 mysql_table". Example file: # Information on how to connect to your MySQL serveruser = someonepassword = some_passwordhosts = 127.0.0.1 # The database name on the servers.dbname = mailserver # The SQL query template.query = SELECT destination FROM virtual_aliases WHERE source='%s' This file defines the way that Postfix can access data from your database. It would be suitable for a virtual_alias_maps mapping. Imagine you saved the above lines into a file /etc/postfix/mysql-virtual-alias-maps.cf. Then the following line in your main.cf would make Postfix query the database: virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf How does this work? Imagine that Postfix is about to send an email to john@doe.net and wants to check the virtual alias map. Postfix then opens up a connection to the MySQL server at the IP address 127.0.0.1 and authenticates to the MySQL server with the username someone and the password some_password. It selects the database mailserver and finally runs a query: SELECT destination FROM virtual_aliases WHERE source='john@doe.net' Let us assume this query returns several results: That would be equal if you used a text file with aliases like this: john@doe.net jack@example.com, jeff@example.com, kerstin@example.com So much as a quick introduction on how mappings are used with databases. Virtual domains versus local domainsIt is important to understand the three different kinds of domains that Postfix knows. Most of the "it does not work" emails result from people mixing virtual and local domains. A domain is either a...local domainAll domains listed as mydestination in your main.cf are treated as local domains. Your default domain (/etc/defaultdomain) is usually configured as a local domain. Emails for local domains are delivered to system users (those you list in /etc/passwd). The mails will be delivered to /var/mail by default. You should consider using at least "localhost" as a local domain so that you can always receive mails for root@localhost. Imagine your database server has problems and sends that to your root account but your root account is on a virtual domain. Think of it as a safety net.virtual alias domainDomains listed as virtual_alias_domains can be used for forwarding ("aliasing") email from an email address to another email address (or multiple addresses). Virtual alias domains do not receive email for any users. They only forward mail somewhere else.The virtual_alias_maps mapping contains forwardings (source, destination) of users or domains to other email addresses or whole domains. Incidentally virtual_alias_maps also works for local email addresses, too. So you do not really need virtual alias domains as you can declare all domains as virtual mailbox domains and use virtual alias maps for aliases. virtual mailbox domainThe most interesting domain type in this tutorial is the virtual mailbox domain. Such domains are listed in virtual_mailbox_domains and they will receive email for virtual users and store the email to mailboxes on your hard disk.The virtual_mailbox_maps parameter tells Postfix where the mailbox directory is located on the hard disk for a certain user. The path is relative to the virtual_mailbox_base directory which is unset by default. Note A domain must only be listed in one of these three categories. Getting this wrong will lead to warnings and unpredictable behavior. If you want to declare all domains as virtual mailbox domains you may wonder what you still need local domains for. You may at least want to set: mydestination = localhost so that you can send email to root@localhost for example. We recommend you also betimes read the upstream documentation on virtual domains also known as the VIRTUAL_README. Pre-Configuration Requirements:Editing /etc/hostsBecome root on your server and make sure that your /etc/hostname contains the host name without the domain part. The file /etc/mailname is supposed to contain the fully-qualified host name with the domain part.# gedit /etc/hosts 1. Hostname server1.muraya.net with IP address (192.168.0.100) to eth0. (You can assign an IP address and hostname of your choice.) 2. Create an alias eth0:Copy0. Assign IP address (192.168.0.103). (You can assign an IP address of your choice.) 3. Make entries of your hostname and IP in /etc/hosts . In my case my /etc/hosts file shows 127.0.0.1 localhost.localdomain localhost192.168.0.100 server1.muraya.net server1192.168.0.103 mail.muraya.net mail Run hostname -fqdn. # hostname -fqdn and see if you get the fully-qualified hostname. If you just get the hostname without the domain please check that your /etc/hosts file has the fully-qualified hostname first in the list. Wrong: 192.168.0.100 server1 server1.muraya.net Right: 192.168.0.100 server1.muraya.net server1 Installing the required packages: # yum update 1. Begin by installing Postfix: # yum install postfix 2. Install MySql # yum install mysql 3. Install Dovecot # yum install dovecot-mysql 4. Then you are ready to install the non-free packages: # yum install unrar 5. OpenSSL Install the OpenSSL package so that you can later create a proper SSL certificate letting your users use your mail server securely: # yum install openssl 6. Squirrelmail Since we are going to offer a webmail service to enable users to view their mails I recommend the Squirellmail package. It will automatically install an Apache server if you do not yet have one installed. Type: # yum install squirrelmail 7. PhpMyAdmin As your control information for Postfix will be stored in a MySQL database you may want to install the PhpMyAdmin software that allows you to administer the database and its data in your web browser: # yum install phpmyadmin 8. Telnet You may want to test the mail server with the simple "telnet" client later: # yum install telnet The console-based mutt email client lets you read mail from mailboxes directly from the hard disk. It will be helpful for testing the configuration. And it's even a very powerful IMAP email client that many people user as their main mail program. Maybe you start to like it, too. You should install it: # yum install mutt Configuration: 1. MySQL: If you just installed your MySQL server you will be able to login as user 'root' with an empty password. Set a new password for that account now. In the shell you need to run: # mysqladmin password mailserver2008 Else you can set a password for the administrative user. See the MySQL documentation for more information. # mysqladmin -u root password "mailserver2008" Please replace the password "mailserver2008" with a password of your choice. The next step is creating the MySQL database and its tables. If you are experienced in using MySQL you can enter SQL statements on the 'mysql >' command line. Alternatively you may use PhpMyAdmin by pointing your browser at http://yourmailserver/phpmyadmin. By default this should be http://127.0.0.1/phpmyadmin Creating the database: Mailserver Then create the database. Call it 'mailserver' # yum mysqladmin -p create mailserver You will be prompted to enter the password you have just chosen. For security reasons you will want to create another less privileged MySQL user account that your mail server will use. Connect to your database: # mysql -p When you see the mysql> prompt enter the following SQL statement to grant the appropriate privileges: mysql>GRANT SELECT ON mailserver.* TO mailuser@localhost IDENTIFIED BY 'mailuser2008'; mysql> quit This will create a user called 'mailuser' that has only the privilege to select/read data from the database but not to alter it. If you want to add or alter data in the database either use the 'root' account or create another account for that purpose. The password 'mailuser2008 is just an example. Please replace it by a more appropriate password. Create the database tables 1. Create the domain table. mysql > CREATE TABLE domain ( domain varchar(255) NOT NULL default '', description varchar(255) NOT NULL default '', aliases int(10) NOT NULL default '0', mailboxes int(10) NOT NULL default '0', maxquota int(10) NOT NULL default '0', transport varchar(255) default NULL, backupmx tinyint(1) NOT NULL default '0', created datetime NOT NULL default '0000-00-00 00:00:00', modified datetime NOT NULL default '0000-00-00 00:00:00', active tinyint(1) NOT NULL default '1', PRIMARY KEY (domain), KEY domain (domain)) TYPE=MyISAM COMMENT=' Virtual Domains'; Domain - ‘Virtual domains'
2. Second most important table is mailbox, so create mailbox. mysql> CREATE TABLE mailbox ( username varchar(255) NOT NULL default '', password varchar(255) NOT NULL default '', name varchar(255) NOT NULL default '', maildir varchar(255) NOT NULL default '', quota int(10) NOT NULL default '0', domain varchar(255) NOT NULL default '', created datetime NOT NULL default '0000-00-00 00:00:00', modified datetime NOT NULL default '0000-00-00 00:00:00', active tinyint(1) NOT NULL default '1', PRIMARY KEY (username), KEY username (username)) TYPE=MyISAM COMMENT='Virtual Mailboxes'; Mailbox - ‘Virtual Mailboxes'
3. Create the alias table. mysql>CREATE TABLE alias ( address varchar(255) NOT NULL default '', goto text NOT NULL, domain varchar(255) NOT NULL default '', created datetime NOT NULL default '0000-00-00 00:00:00', modified datetime NOT NULL default '0000-00-00 00:00:00', active tinyint(1) NOT NULL default '1', PRIMARY KEY (address), KEY address (address) ) TYPE=MyISAM COMMENT='Virtual Aliases'; Alias-"Virtual Aliases"
mysql> quit; 2. Self-signed server certificate: # mkdir -p /etc/postfix/ssl # cd /etc/postfix/ssl # openssl genrsa 1024 > mail-key.pem # chmod 400 mail-key.pem # openssl req -new -x509 -nodes -sha1 -days 3650 -key mail-key.pem > mail-cert.pem Private keys and certificates have been created. Later on we will tell postfix to use them 3. Postfix Configuring main.cf First you need to deal with file system permissions. For security reasons it is suggested you create a new system user that will own all virtual mailboxes. The following shell commands will create a system group "vmail" with GID (group ID) 5000 and a system "user" with UID (user ID) 5000. (Make sure that UID and GID is not yet used or choose another - the number can be anything between 1000 and 65000 that is not yet used): # groupadd -g 5000 vmail # useradd -r -u 5000 -g vmail -d /var/vmail -s /sbin/nologin -c "Virtual Mailbox" vmail The above command means that user vmail is a member of the "vmail" group with default home at /var/vmail. Then create the directory and change ownership: # mkdir -p /var/vmail # chmod 770 /var/vmail # chown vmail:vmail /var/vmail/ We now configure the /etc/postfix/main.cfYou can use the postconf -e command to enter the following lines to the main.cf file(The postconf -e command conveniently adds configuration lines to your /etc/postfix/main.cf file. It also activates the new setting instantly so you do not have to reload the Postfix process.)Eg. # postconf -e virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf Else use your favourite editor :nano, vim, gedit etc. I will use gedit # gedit /etc/postfix/main.cf Edit the lines to look like this: myhostname = mail.muraya.net mydomain = muraya.net myorigin = $mydomain inet_interfaces = all mydestination = localhost mynetworks = 192.168.0.100/24, 127.0.0.0/8 relay_domains = $mydestination smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination permit smtpd_sasl_auth_enable = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_type = dovecot smtpd_sasl_path = /var/run/dovecot/auth-client smtpd_tls_cert_file = /etc/postfix/ssl/mail-cert.pem smtpd_tls_key_file = /etc/postfix/ssl/mail-key.pem smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache smtpd_tls_security_level = may smtpd_tls_received_header = yes smtpd_tls_loglevel = 1 smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom # -------Virtual mailbox settings----------- virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:5000 virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 51200000 virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 5000 virtual_transport = virtual virtual_uid_maps = static:5000 For quota support, add the following lines to the main.cf file. This may be necessary to keep the keep the mailboxes to a reasonable size of your choice(the size is picked from the mailbox table). # Additional for quota support virtual_create_maildirsize = yes virtual_mailbox_extended = yes virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later. virtual_overquota_bounce = yes Editing the files main.cf is using. Postfix needs to know where and how it can look up all mailbox related information. We therefore edit the following files under the /etc/postfix directory 1. We now edit the mysql_virtual_alias_maps.cf#gedit /etc/postfix/ mysql_virtual_alias_maps.cfuser = mailuserpassword = mailuser2008hosts = localhostdbname = mailservertable = aliasselect_field = goto where_field = address 2. We then edit mysql_virtual_domains_maps.cf#gedit /etc/postfix/ mysql_virtual_domains_maps.cfuser = mailuser password = mailuser2008 hosts = localhost dbname = mailserver table = domain select_field = domain where_field = domain 3. Edit mysql_virtual_mailbox_maps.cf#gedit /etc/postfix/mysql_virtual_mailbox_maps.cfuser = mailuser password = mailuser2008 hosts = localhost dbname = mailserver table = mailbox select_field = maildir where_field = username #additional_conditions = and active = '1' 4. Edit mysql_virtual_mailbox_limit_maps.cf#gedit /etc/postfix/mysql_virtual_mailbox_limit_maps.cfuser = postfix password = postfix hosts = localhost dbname = postfix table = mailbox select_field = quota where_field = username #additional_conditions = and active = '1' 5. Edit mysql_relay_domains_maps.cf#gedit /etc/postfix/ mysql_relay_domains_maps.cfuser = postfix password = postfix hosts = localhost dbname = postfix table = domain select_field = domain where_field = domain #additional_conditions = and backupmx = '1' 4. DovecotDovecot is an IMAP/POP3 server that is very easy to configure and performs much faster than Courier-IMAP (an alternative IMAP server). Let us configure Dovecot which provides both a POP3 and an IMAP service.1. The configuration file for Dovecot is /etc/dovecot.conf. Then we edit /etc/dovecot.conf. This configuration can be used, please make sure that first_valid_uid and first_valid_gid are set to those of postfix. Fill in the postmaster email address with a valid email address. Set the line protocols to: protocols = imap imaps pop3 pop3s so that Dovecot starts the IMAP and POP3 services and also its equivalents that work over an encrypted SSL (secure socket layer) connection. ssl_disable = no ssl_cert_file = /etc/postfix/ssl/mail-cert.pem ssl_key_file = /etc/postfix/ssl/mail-key.pem ssl_parameters_regenerate = 168 verbose_ssl = no mail_location = maildir:/var/vmail/%d/%u first_valid_uid = 5000 last_valid_uid = 5000 maildir_copy_with_hardlinks = yes protocol imap { mail_plugins = quota imap_quota imap_client_workarounds = outlook-idle delay-newmail netscape-eoh tb-extra-mailbox-sep } protocol pop3 { mail_plugins = quota pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } protocol lda { postmaster_address = postmaster@muraya.net mail_plugins = quota log_path = /var/log/maillog # Binary to use for sending mails. sendmail_path = /usr/lib/sendmail # UNIX socket path to master authentication server to find users. auth_socket_path = /var/run/dovecot/auth-master } auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ auth_debug = yes auth_verbose = yes auth default { passdb sql { args = /etc/dovecot-mysql.conf } userdb sql { args = /etc/dovecot-mysql.conf } } user = nobody socket listen { master { path = /var/run/dovecot/auth-master mode = 0660 user = vmail group = vmail } client { path = /var/run/dovecot/auth-client mode = 0660 user = postfix group = mail } } } dict { } plugin { } 2. And then we edit /usr/local/etc/dovecot-mysql.conf. #gedit /etc/dovecot-mysql.conf # Database driver: mysql, pgsql driver = mysql # Currently supported schemes include PLAIN, PLAIN-MD5, DIGEST-MD5, and CRYPT. default_pass_scheme = PLAIN-MD5 # Database options connect = host=127.0.0.1 dbname=mailserver user=mailuser password=password password_query = SELECT password FROM mailbox WHERE username = '%u' AND active = '1' user_query = SELECT maildir, 5000 AS uid, 5000 AS gid FROM mailbox WHERE username = '%u' AND active = '1' # eof Fill in your proper password, and make sure that · 5000 AS uid · 5000 AS gid contain the userid and group id of vmail. Testing your setupBelow are the basic telnet commands for testing your setup:SMTP: #telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 localhost.localdomain ESMTP Postfix > EHLO test.com 250-localhost.localdomain 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250 8BITMIME POP3 #telnet localhost pop3 +OK dovecot ready. user johndoe +OK pass password +OK Logged in. list Squirrelmail configuration:Go to squirrelmail config directory and run config.pl.cd /usr/share/squirrelmail/config/ /conf.pl It will show some selection like this: SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Main Menu -- 1. Organization Preferences 2. Server Settings 3. Folder Defaults 4. General Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9. Database 10. Languages D. Set pre-defined settings for specific IMAP servers C.Turn color on S Save data Q Quit Command >> At the command prompt type 1 and set Organization Preferences. Here my settings are shown. You can choose your own. 1. Organization Name : Muraya.net 2. Organization Logo : ../images/sm_logo.png 3. Org. Logo Width/Height : (308/111) 4. Organization Title : My Mail Server 5. Signout Page : http://mail.muraya.net 6. Top Frame : _top 7. Provider link : http://mail.muraya.net 8. Provider name : Muraya Save your settings and return to the main menu. Now at the command prompt type 2, and in server settings menu provide information. >>Command 2 mine is shown below. 1. Domain : mail.rnd 2. Invert Time : false 3. Sendmail or SMTP : SMTP A. Update IMAP Settings : mail.muraya.net:143 (uw) B. Update SMTP Settings : mail.muraya.net:25 Configuring squirrelmail is very easy as it is menu driven. Hope you will do it yourself. HTTP Section:To start using the mailserver web front end we will edit file /etc/httpd/conf/httpd.conf.vi /etc/httpd/conf/httpd.conf And append the statements given below to it. DocumentRoot /usr/share/squirrelmailServerName mail.muraya.net Save the configuration and exit. Common Errors: |