Difference between revisions of "Configure mail server"
(trying just spam assassin alone rather then within OpenProtect) |
(→Spam Assassin: install ''spamassassin'' and ''spamc'' packages) |
||
| Line 111: | Line 111: | ||
== Spam Assassin == | == Spam Assassin == | ||
We can't get OpenProtect going, so here's some instructions on getting just Spam Assassin working. | We can't get OpenProtect going, so here's some instructions on getting just Spam Assassin working. | ||
| + | *install ''spamassassin'' and ''spamc'' packages | ||
*http://www.win.tue.nl/~martijna/Debianstuff/ | *http://www.win.tue.nl/~martijna/Debianstuff/ | ||
Revision as of 03:07, 13 December 2008
|
Configure mail server Organic Design procedure |
Contents
Exim4 (MTA & MDA)
Exim4 is the default mail transfer and delivery agent for Debian, but it's only the light version which is insufficient for running a mail server, so the organicdesign-server package includes the exim4-daemon-heavy package which will replace the light version. Exim is designed to move messages from one e-mail server to another and to deliver messages to local users mailboxes. It has nothing to do with POP3 or IMAP as those are protocols relating to the retrieval of the mail by a user and their mail client software. The default Exim configuration allows the server to send mail, but if you plan on running an IMAP or POP3 server on your server, then other configuration.
First, run through the standard Exim4 configuration script, say no to splitting the configuration files, set general mail configuration to "internet". For all the rest, just keep any non-self-explanatory settings as default.
dpkg-reconfigure exim4-config
Next Exim must be told to use the maildir method of local delivery so that it matches our POP3/IMAP settings. Edit the /etc/exim4/update-exim4.conf.conf and append the following line:
dc_localdelivery='maildir_home'
Restart the mail server:
/etc/init.d/exim4 restart
Handling multiple domains
You may want to handle mail for a few domains on one server, in which case some generic usernames like "accounts" will conflict with the local user names, or with the same names used by other domains. This is based on Blair Harrison's method from this Waikato LUG article which adds virtual domain support to Exim4. This allows any incoming email address to be mapped to any other internal user mailbox, or external email address.
Change the local_domains settings in /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
domainlist local_domains = @ : @[] : localhost : partial-lsearch;/etc/exim4/virtual.domains
Edit /etc/exim4/exim4.conf.template, go to the section starting with "real_local" and add a new section as follows (if in split configuration, this section should be added in a new file called /etc/exim4/conf.d/router/300_exim4-config_virtual)
virtual:
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part@$domain}lsearch*@{/etc/exim4/virtual.users}}
domains = partial-lsearch;/etc/exim4/virtual.domains
retry_use_local_part
Now you will need file called /etc/exim4/virtual.domains that is simply a list of all the domains for which you accept mail, and another called /etc/exim4/virtual.users with a table of users in the format:
/etc/exim4/virtual.domains:
example.com example.net
/etc/exim4/virtual.users:
regularuser@example.com : localuser@localhost forwardinguser@example.com : someuser@example.org foo@example.com : :fail: Foo no longer lives here. bar@example.com : :blackhole: *@example.com : catchall1@localhost
regularuser@example.net : localuser2@localhost forwardinguser@example.net : someuser2@example.org *@example.net : catchall2@localhost
DoveCot (IMAP & POP3)
The organicdesign-server package installs DoveCot, an IMAP and POP3 server. DoveCot responds to mail client requests by retrieving the mails from file and returning them to the client. It does not deal with the receiving the mails or storing them to disk.
We go with a configuration which is as close to default as possible and gives us both POP3 and IMAP services which both work with either TLS or SSL but not plain text. The users are by default the native linux users and passwords on the system. The minimal configuration necessary is a couple of edits to /etc/dovecot/dovecot.conf.
First, specify which protocols to use (you may like to only allow imaps and pop3s for extra security).
protocols = imap pop3 imaps pop3s
Next, add a section defining the ports for each protocol as follows (you may like to change to non-standard ports for extra security):
protocol imap {
listen = *:143
ssl_listen = *:993
}
protocol pop3 {
listen = *:110
ssl_listen = *:995
}
Finally, scroll down to the Mailbox locations and namespaces section and uncomment the first example which says the following:
mail_location = maildir:~/Maildir
Client setup
Any standard mail client such as Thinderbird or Outlook should connect with no trouble, but our procedure doesn't yet include a the generation of a valid SSL certificate, so you'll get a warning initially which you can specify to be ignored for subsequent connections.
POP3 & IMAP together
It is possible to use both POP3 and IMAP together for the same account because both are simply different protocols for accessing the same mail. There's probably no useful purpose to do that, but if you do then make sure the client settings for the POP setup is configured to leave the messages on the server, otherwise any messages downloaded from the inbox will be removed and will therefore no be available from the IMAP inbox folder either. Note that any messages that have been moved out of the inbox and into another folder using the IMAP protocol will no longer be available for download by the POP3 protocol because it only interacts with the inbox folder which is the root mailbox.
Domain setup
NZ domains
Our NZ domains are handled through WebDrive. The main setup is done from the associated domain template.Assign a primary and secondary MX record with a subdomain each. Both subdomains must explicitly exist as A records in the template.
Other domains
Our non .co.nz domains are handled through NameCheap, so I'll cover the setup for them, but it should be easy to adjust to any name hosting service. In the all host records page for your domain, go to mail settings at the bottom, and set it to "User Simplified" then click save changes.
Now scroll to the bottom of the page again and fill in the "User Simplified" form, set HOST NAME to "mail" (this setting seems to be superfluous), fill in the MAILSERVER IP and set the MX PREF to 1, then click save changes.
RoundCube (IMAP-only webmail)
We need to have access to our IMAP folder structures from a browser, we use the RoundCube wenmail application for this purpose.
First ensure that the sub-domains which should have webmail access have a rule in the web-server configuration mapping it to the roundcube code base which can be downloaded from here and should be saved to /var/www/domains/webmail. See set up a new domain name for details on mapping a sub-domain to a web application code-base.
Next, go to your.domain/installer and follow their installation procedure. Use localhost for the server addresses (you may need to use ssl://localhost if non-ssl is denied by the server). You'll need to manually create the MySQL database:
create database roundcubemail;
The installer tests whether the database exists and is writable, then allows you to initialise it with a button. At this point you can also test the IMAP login and SMTP sending. Once all these are working, go to the root of the webmail domain and login.
SMTP server for authenticated clients
We may want to allow use of our own server instead of using ISP's so that we can keep the same set up no matter where we're connecting from.
Spam Assassin
We can't get OpenProtect going, so here's some instructions on getting just Spam Assassin working.
- install spamassassin and spamc packages
- http://www.win.tue.nl/~martijna/Debianstuff/
OpenProtect (not working yet)
OpenProtect is an e-mail filter providing antivirus,antispam and content filtering capabilities to sendmail,postfix,exim,qmail based linux e-mail servers. It provides protection against viruses/phishing and Spam mails. 100% virus protection assured.
Download from here, unpack and run the installer:
./openprotect-install
Type "y" to all the questions except for the one about DNS caching which you may want to answer "n" to if you're on a server with fast DNS server. Answer "exim" to the MTA question and it will also ask about paths to exim which are as follows:
- configuration: /etc/exim4/exim4.conf.template (don't know how to do this if using Exim's split configuration)
- binary: /usr/sbin/exim
- spool: /var/spool/exim4
- exim user/group: Debian-exim
- init file: /etc/init.d/exim4
After successful installation, the idea is to start and stop openprotect from init.d not exim4 directly. However, for me this is not working yet, after OpenProtect is running, Exim doesn't run and or receive any mail.
- OpenProtect handbook
- OpenProtect had trouble installing Net::DNS from CPAN, so best to install the libnet-dns-perl package first (we have it in organicdesign-server)
See also
- Mail Server Overview - in DoveCot manual
