The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/

Mail server HOWTO

Jump to: navigation, search

The task of setting up a mail server can be seen as complicated because there are many different options and configurations available. Many times there are numerous ways to achieve the same thing. As this page describes many different options, depending on your needs you may decide to use some parts and not use others.

Server

Inbound

The main types of connections for inbound mail are:

  • POP or IMAP - these are client protocols and mostly used by user mail clients, but a mail server can also retrieve mail using these protocols.
  • SMTP - Simple Mail Transfer Protocol is the main protocol used by mail server to, well, transfer mail.

POP & IMAP

If you want to fetch mail from more than one mailbox, fetchmail is the tool to use. It will get mail from various servers with various protocols and various people.

First see that fetchmail is installed. Next you need to configure /etc/fetchmailrc. Open it with your favourite editor as root. Each mailbox needs to be configured separately. Things you need to know is:

  • local user id
  • remote server
  • remote user id
  • remote password

Now for each remote mailbox write:

poll remote.example.com
     proto auto
     user "remote_userid"
     pass "remote_password"
     is local_userid

This will deliver the mail from the mailbox remote_userid@remote.example.com via the SMTP server (MTA) on localhost in the mailbox for user local_userid, wherever that mailbox is configured in the MTA. Do this for any and all remote mailboxes. See that /etc/fetchmailrc is chmod 700.

Read man fetchmail for more info. Also there is a program fetchmailconf which could be used.

Now you want to do this automatically. As root you type

# systemctl enable fetchmail.service

This will automatically start fetchmail when booting the machine. To start it immediately type

# systemctl start fetchmail.service

This will get the mail every 10 minutes. You can change this by changing FETCHMAIL_POLLING_INTERVAL=600 to any other time interval.

Do NOT set this lower than 600 seconds (10 Minutes), as it will load the provider's mail server, unecessarily, and may even be against their Terms of Service

FETCHMAIL_POLLING_INTERVAL and other parameters can be changed either by editing /etc/sysconfig/fetchmail or by using YaST's sysconfig Editor (System -> /etc/sysconfig Editor): choose Network -> Mail -> Fetchmail.

Configure your client to get mail via mbox in case your MTA uses the simplest method of delivery.

Alternative for fetchmail

The recommended way is to configure POP and/or IMAP accounts in the email client of each user.

SMTP

You can get mail directly sent to your server. For this you need several things:

  • Domain name
  • Fixed IP address or Dynamic DNS
  • Correct MX records

If you have a Dynamic DNS, seriously reconsider if you want this for your regular email. If you do: get a fixed IP address.

First see that an unaltered postfix is running. This can be done by a telnet session:

# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 example.com ESMTP Postfix

Use quit to exit.

  • Next see that the outside world is able to connect to port 25 by opening this in your firewall with YaST and in your router. Test it with This site.
Warning: Do this only for a small amount of time, because at this moment you don't know if your email server is protected against being a spam relay.
  • Edit /etc/postfix/main.cf and read it first before you do any changes. The changes should be done at the end; postconf will do that. Three things should be added and/or changed; use the recommended way with the command postconf:
postconf -e "myhostname = hostname.example.com"
postconf -e "mydomain = example.com"
postconf -e "mydestination = $myhostname, $mydomain, localhost.$mydomain"

Now restart postfix with systemctl restart postfix.service. You will now be able to receive mail for login accounts on example.com Configure your client to get mail via mbox, because this is the default delivery location of postfix.

Aliasses

Mail will be put in /var/spool/mail/user_login. Most of the time you might want to receive mail under something else then your login. If your login is user, you probably would like an email address like firstname.lastname@example.com You then link an alias to user with the name firstname.lastname This can be done by editing /etc/aliases. Add the following at the end of the file:

firstname.lastname:    user_login

You will see some there already. If you want a generic address like sales@example.com and that to be received by several people, add the following line:

sales:                 user_1, \user_2, \user_3

After each addition, you need to run newaliases and systemctl restart postfix.service.

Configure your client to get mail via mbox

Outgoing

This will be about all the mail that goes from you to the Internet.

Pointing your Email program

The simplest way to send your email to others, is to hand over your email to a server at your provider. Most of the time this will be an SMTP server. Most likely you need a login name and password. Read the documentation of your email-client on how to configure this.

In case you or co-users of your computer need to send email from an application or script it will be more easy to send it to the MTA (in this article postfix) of your machine.

Sending email via the local server to/via the provider for all

The standard for postfix is that it will send email directed to an address outside address directly to the server of that address. So if you point your email clients to send email to localhost, postfix will send this. However most receiving email servers have restrictions on accepting messages from somewhere, so it is likely that your email is not accepted. A safe method is to send all your outgoing email to the server of your provider. Postfix uses relayhost for that purpose. Most likely your ISP requires a username and password and often not the standard access port (25) is used, but the submission port (587). So if your ISP does not use access control and the standard port, use:

postconf -e "relayhost = smtp.example.net"

else use:

postconf -e "relayhost = [smtp.example.net]:587"
postconf -e "smtp_sasl_password_maps = lmdb:/etc/postfix/sasl_passwd"

As you can see this requires the file /etc/postfix/sasl_passwd, in which you enter:

smtp.example.net username:password

After that you give the command:

postmap /etc/postfix/sasl_passwd

Both files should be properly protected; owned by root:root and "chmod 0600". Restart postfix with systemctl restart postfix.service and configure your email client to point to the SMTP server at localhost.

The square brackets around smtp.example.net indicate that the system should not use MX records of that name to send the email to, but directly to the A or AAAA records of that name. If these brackets are not used messages are send to the servers mentioned in the MX records of that name.

Sending mail with your own domain

You can send mail directly from your server if you have your own domain. For this you need several things:

   * Domain name
   * Fixed IP address
   * MX records and PTR record

With the above setup you will be able to send email without a relay. HOWEVER you need to enable several security features before you really do.

Filtering incoming email

There are two entry points for email, smtp (port 25) and submission (port 587). Both use different checks which are configured in the file /etc/postfix/master.cf. The main entry point is smtp, which can be accessed from anywhere. The other access point, submission, needs less checks, because all users are authenticated. The most important feature is access checks. This means that any email with a destination not explicitly configured should be denied. This is done in this HOWTO only with the parameter smtpd_recipient_restrictions. The parameters we use here are configured with:

postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,
 reject_rbl_client zen.spamhaus.org,check_policy_service unix:private/policy"

An incoming messages is tested according to the sequence in these parameters.

  • When a user sends credentials that are properly authenticated, permit_sasl_authenticed allows access.
  • When a user sends a message from a IP address in mynetworks access is allowed.
  • When the IP address of the sending host is mentioned in the DNS of zen.spamhaus.org it will be denied access.
  • When a message fulfills the requirements of the mentioned policy_service it is allowed access. This service does the so-called SPF checks. Is the IP address of the sender allowed to send email with a specific sender domain. If there is no SPF information for the sender domain or the check is positive, the message is allowed.

TO BE CONTINUED

Postfix provides support for several types of filtering, like spam and virus filtering, ... Other security features for incoming Adding signatures, headers and what not and removing binaries.

Spam

Virus

Client

Pointing your Email program

  • To be able to read mail from your provider, you need to know where it. If you get mail from your provider, you will most likely use IMAP or POP3. With IMAP the mail stays with the provider, with POP3, you take the mail from your provider to your PC.

Read the documentation of your email-client on how to configure this

  • Local mail will as a standard come in /var/spool/mail/user_login, so mail handled with postfix will end up at that location.

The protocol is mbox, which will be usable by many mail programs in SUSE. To test this, you can run the following command:

# mailx user_login
Subject: test or whatever
Something you like to write
.

Do not forget to add the last . (dot). To see if the mail has arrived, use your mailclient or just type mail (q to quit)

Read the documentation of your email-client on how to configure this.


Filtering

Mainly procmail

Extras

All other things that can be done with ail that is not covered in the above

Webmail

Squirrelmail

Icon-expand.png This article is a stub!
This article needs to be expanded. You are welcome to help in line with the Style Guidelines.