Mail server HOWTO

From openSUSE

The task of setting up a mail server can be seen as complicated because there are many different options and configurations available. Many times there are numerous ways to achieve the same thing. As this page describes many different options, depending on your needs you may decide to use some parts and not use others.

Server

Inbound

The main types of connections for inbound mail are:

• POP or IMAP - these are client protocols and mostly used by user mail clients, but a mail server can also retrieve mail using these protocols.
• SMTP - Simple Mail Transfer Protocol is the main protocol used by mail server to, well, transfer mail.

POP & IMAP

If you want to fetch mail from more than one mailbox, fetchmail is the tool to use. It will get mail from various servers with various protocols and from various people.

First see that fetchmail is installed. Next you need to configure /etc/fetchmailrc. Open it with your favourite editor as root. Each mailbox needs to be configured separately. Things you need to know is:

• local user id
• remote server
• remote user id
• remote password

Now for each remote mailbox write:

poll remote.example.com
     proto auto
     user "remote_userid"
     pass "remote_password"
     is local_userid

This will put the mail from the mailbox remote_userid@example.com in the mbox for user local_userid Do this for any and all remote mailboxes. See that /etc/fetchmailrc is chmod 700.

Read man fetchmail for more info. Also there is a program fetchmailconf which could be used.

Now you want to do this automatically. As root you type

# rcfetchmail start

See that it automatically starts when booting the machine. This will get the mail every 10 minutes. You can change this by changing FETCHMAIL_POLLING_INTERVAL=600 to any other time interval.

Do NOT set this lower than 600 seconds (10 Minutes), as it will load the provider's mail server, unecessarily, and may even be against their Terms of Service

FETCHMAIL_POLLING_INTERVAL and other parameters can be changed either by editing /etc/sysconfig/fetchmail or by using YaST's sysconfig Editor (System -> /etc/sysconfig Editor): choose Network -> Mail -> Fetchmail.

Configure your client to get mail via mbox

SMTP

If you would like, you can have mail sent right to your server! But you need the following:

• Domain name
• Fixed IP address or Dynamic DNS
• Correct MX records

If you want dynamic DNS, you might not want to use this as your primary email (Because the Reverse DNS turns out wrong?) So, it would be best if you had a fixed IP, which could cost more, but you typically get it with your ISP's business plan, which allows you to do this to begin with.

First see that postfix is running. This can be done by a telnet session:

# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 example.com ESMTP Postfix

• Next see that the outside world is able to connect to port 25 by opening this in your firewall with YaST and in your router. test it with This site.
• Edit /etc/postfix/main.cf and read it first before you do any changes. The changes should be done at the end.Three things should be added and/or changed:

myhostname = hostname.example.com
mydomain = example.com
mydestination = $myhostname, $mydomain, localhost.$mydomain

Leave the rest alone

Now restart postfix with rcpostfix restart. You will now be able to recieve mail for logins on example.com Configure your client to get mail via mbox

Aliases

Mail will be put in /var/spool/mail/user_login. Most of the time you might want to receive mail under something else then your login. If your login is user, you probably would like an email address like firstname.lastname@example.com You then link an alias to a user with the name firstname.lastname. This can be done by editing /etc/aliases. Add the following at the end of the file:

firstname.lastname:    user_login

Note: Default groups and users will already be listed in the Aliases file.

Commonly, distribution email lists are used to assign a group of users to a single email address. If you work for a company that uses sales@example.com for an email address, you can assign sales@example.com to users who are required to respond to that message. For example, if john.smith, jane.miller and thomas.heller are users of the Sales group and they need to be able to receive mail from sales@example.com, then you would configure the aliases file to read:

sales:	john.smith, \jane.miller, \thomas.heller

When you are done modifying the aliases file you will need to save it and run "newaliases" and "rcpostfix restart" in order to implement and use the new changes that were made.

Configure your client to get mail via mbox

Outgoing

This will be about all the mail that goes from you to the Internet.

Pointing your Email program

To be able to send your email to others, you need to hand over your mail to a server at your provider. Most of the time this will be an SMTP server. Sometimes you need a login and password. Read the documentation of your email-client on how to configure this

Sending mail via the provider for all

You can get mail directly send to your server. Standard you can start sending email directly the moment postfix is running. Just point your email clients SMTP to localhost. Some emaillists require you to edit the envelop_from to yes. See your email clients manual on how to do this.

Need info on how to do this in postfix

Sometimes you are forced to use your providers server or some servers will not accept your mail directly. In that case edit in /etc/postfix/main.cf the line that starts with relayhost. e.g.:

relayhost = smtp.example.net

In the above case postfix will lookup smtp.example.net via an MX-record in the DNS. If an MX-record is not available postfix will not use the A-record and you must put square brackets around the name to force the A-record lookup as follows:

relayhost = [smtp.example.net]

Restart postfix with rcpostfix restart and configure your email client to point the SMTP server to localhost.

Sending mail with your own domain

You can send mail directly from your mail server if you host your own domain. For this you need several things:

   * Domain name
   * Fixed IP address or Dynamic DNS
   * Correct MX records 

If you have a Dynamic DNS, seriously reconsider if you want this for your regular email. If you do: get a fixed DNS. Some SMTP servers look up the reversed DNS settings and these settings are only possible if you have a fixed DNS. First see that postfix is running. This can be done by a telnet session:

# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 example.com ESMTP Postfix

• Next see that the outside world is able to connect to port 25 by opening this in your firewall with YaST and in your router. Test it with this site.
• Edit /etc/postfix/main.cf and read it first before you do any changes. The changes should be done at the end. Three things should be added and/or changed:

myhostname = hostname.example.com
mydomain = example.com
mydestination = $myhostname, $mydomain, localhost.$mydomain

Leave the rest alone

Now restart postfix with rcpostfix restart. You will now be able to send mail with example.com. Configure your client send via localhost

Filtering

Spam filtering, virus filtering, ... Adding signatures, headers and what not and removing binaries.

Spam

• SpamAsassin
• ASSP (Anti-Spam SMTP Proxy)

Virus

Client

Pointing your Email program

• To be able to read mail from your provider, you need to know where it is. If you get mail from your provider, you will most likely use IMAP or POP3. With IMAP the mail stays with the provider, with POP3, you take the mail from your provider to your PC.

Read the documentation of your email-client on how to configure this

• By default, all local mail will be placed in /var/spool/mail/user_login. So mail handled with "postfix" will end up in that location.

The protocol is mbox, which will be usable by many mail programs in SUSE. To test this, you can run the following command:

# mailx user_login
Subject: test or whatever
Something you like to write
.

Do not forget to add the last . (dot). To see if the mail has arrived, use your mailclient or just type mail (q to quit)

Read the documentation of your email-client on how to configure this.

Filtering

Mainly procmail

Extras

All other things that can be done with mail that is not covered in the above

Webmail

Squirrelmail

Squirrelmail is a nice lightweight tool for using PHP to provide a web interface to email.

There some issues lately; in 10.1 it's been inexplicably ommitted from the distro, perhaps because they retired php 4? Runs fine with php5 also.

A longer standing issue is that to get it running in openSUSE, you have to understand that the openSUSE IMAP requires you to use encryption. Cleartext logins are not available.

Fixing it is pretty simple and there's a good knowledgebase article about it that still applies. You can use YaST->Network Services->Network Services (xinetd). You have to enable xinetd and toggle the service imaps to on. YaST may need to install the software which will be done. In /etc/xinetd.d/ you will find a file called imap with o.a. the following:

# imaps - imap mail daemon with ssl
service imaps
{
      socket_type     = stream
      protocol        = tcp
      wait            = no
      user            = root
      server          = /usr/sbin/imapd
      flags           = IPv4
}
#

Then I created a new ssl certificate with:

openssl req -new -x509 -nodes -out imapd.pem -keyout imapd.pem -days 365

You will be prompted for some information. The resulting file is called imapd.pem which I then copied to /etc/ssl/certs. See also the file /usr/share/doc/packages/imap/README.SuSE which contains:

As the Common Name you must either enter the DNS name or the IP address of your mail server. Note that a certificate is only valid for a limited time.

And bingo authentication worked.

If I can find the remainder of this I'll come back and give a better pointer. But anyone searching the KB ought to have this pop up under squirrelmail!!!

See Also

Kolab, kolab provides an integrated email environment resulting in a full blown groupware system, including virus-, and spam spam scanning. A wizard helps you to set up the system.