If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
Mail server HOWTO
The task of setting up a mail server can be seen as complicated because there are many different options and configurations available. Many times there are numerous ways to achieve the same thing. As this page describes many different options, depending on your needs you may decide to use some parts and not use others.
- 1 Server
- 2 Client
- 3 Extras
The main types of connections for inbound mail are:
- POP or IMAP - these are client protocols and mostly used by user mail clients, but a mail server can also retrieve mail using these protocols.
- SMTP - Simple Mail Transfer Protocol is the main protocol used by mail server to, well, transfer mail.
POP & IMAP
If you want to fetch mail from more than one mailbox, fetchmail is the tool to use. It will get mail from various servers with various protocols and various people.
First see that fetchmail is installed. Next you need to configure /etc/fetchmailrc. Open it with your favourite editor as root. Each mailbox needs to be configured separately. Things you need to know is:
- local user id
- remote server
- remote user id
- remote password
Now for each remote mailbox write:
poll remote.example.com proto auto user "remote_userid" pass "remote_password" is local_userid
This will deliver the mail from the mailbox email@example.com via the SMTP server (MTA) on localhost in the mailbox for user local_userid, wherever that mailbox is configured in the MTA. Do this for any and all remote mailboxes. See that /etc/fetchmailrc is chmod 700.
Read man fetchmail for more info. Also there is a program fetchmailconf which could be used.
Now you want to do this automatically. As root you type
# systemctl enable fetchmail.service
This will automatically start fetchmail when booting the machine. To start it immediately type
# systemctl start fetchmail.service
This will get the mail every 10 minutes. You can change this by changing FETCHMAIL_POLLING_INTERVAL=600 to any other time interval.
FETCHMAIL_POLLING_INTERVAL and other parameters can be changed either by editing /etc/sysconfig/fetchmail or by using YaST's sysconfig Editor (System -> /etc/sysconfig Editor): choose Network -> Mail -> Fetchmail.
Configure your client to get mail via mbox in case your MTA uses the simplest method of delivery.
Alternative for fetchmail
The recommended way is to configure POP and/or IMAP accounts in the email client of each user.
You can get mail directly sent to your server. For this you need several things:
- Domain name
- Fixed IP address or Dynamic DNS
- Correct MX records
If you have a Dynamic DNS, seriously reconsider if you want this for your regular email. If you do: get a fixed IP address.
First see that an unaltered postfix is running. This can be done by a telnet session:
# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 example.com ESMTP Postfix
Use quit to exit.
- Next see that the outside world is able to connect to port 25 by opening this in your firewall with YaST and in your router. Test it with This site.
- Edit /etc/postfix/main.cf and read it first before you do any changes. The changes should be done at the end; postconf will do that. Three things should be added and/or changed; use the recommended way with the command postconf:
postconf -e "myhostname = hostname.example.com" postconf -e "mydomain = example.com" postconf -e "mydestination = $myhostname, $mydomain, localhost.$mydomain"
Now restart postfix with systemctl restart postfix.service. You will now be able to receive mail for login accounts on example.com Configure your client to get mail via mbox, because this is the default delivery location of postfix.
Mail will be put in /var/spool/mail/user_login. Most of the time you might want to receive mail under something else then your login. If your login is user, you probably would like an email address like firstname.lastname@example.org You then link an alias to user with the name firstname.lastname This can be done by editing /etc/aliases. Add the following at the end of the file:
You will see some there already. If you want a generic address like email@example.com and that to be received by several people, add the following line:
sales: user_1, \user_2, \user_3
After each addition, you need to run newaliases and systemctl restart postfix.service.
Configure your client to get mail via mbox
This will be about all the mail that goes from you to the Internet.
Pointing your Email program
The simplest way to send your email to others, is to hand over your email to a server at your provider. Most of the time this will be an SMTP server. Most likely you need a login name and password. Read the documentation of your email-client on how to configure this.
In case you or co-users of your computer need to send email from an application or script it will be more easy to send it to the MTA (in this article postfix) of your machine.
Sending email via the local server to/via the provider for all
The standard for postfix is that it will send email directed to an address outside address directly to the server of that address. So if you point your email clients to send email to localhost, postfix will send this. However most receiving email servers have restrictions on accepting messages from somewhere, so it is likely that your email is not accepted. A safe method is to send all your outgoing email to the server of your provider. Postfix uses relayhost for that purpose. Most likely your ISP requires a username and password and often not the standard access port (25) is used, but the submission port (587). So if your ISP does not use access control and the standard port, use:
postconf -e "relayhost = smtp.example.net"
postconf -e "relayhost = [smtp.example.net]:587" postconf -e "smtp_sasl_password_maps = lmdb:/etc/postfix/sasl_passwd"
As you can see this requires the file /etc/postfix/sasl_passwd, in which you enter:
After that you give the command:
Both files should be properly protected; owned by root:root and "chmod 0600". Restart postfix with systemctl restart postfix.service and configure your email client to point to the SMTP server at localhost.
Sending mail with your own domain
You can send mail directly from your server if you have your own domain. For this you need several things:
* Domain name * Fixed IP address * MX records and PTR record
With the above setup you will be able to send email without a relay. HOWEVER you need to enable several security features before you really do.
Filtering incoming email
There are two entry points for email, smtp (port 25) and submission (port 587). Both use different checks which are configured in the file /etc/postfix/master.cf. The main entry point is smtp, which can be accessed from anywhere. The other access point, submission, needs less checks, because all users are authenticated. The most important feature is access checks. This means that any email with a destination not explicitly configured should be denied. This is done in this HOWTO only with the parameter smtpd_recipient_restrictions. The parameters we use here are configured with:
postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination, reject_rbl_client zen.spamhaus.org,check_policy_service unix:private/policy"
An incoming messages is tested according to the sequence in these parameters.
- When a user sends credentials that are properly authenticated, permit_sasl_authenticed allows access.
- When a user sends a message from a IP address in mynetworks access is allowed.
- When the IP address of the sending host is mentioned in the DNS of zen.spamhaus.org it will be denied access.
- When a message fulfills the requirements of the mentioned policy_service it is allowed access. This service does the so-called SPF checks. Is the IP address of the sender allowed to send email with a specific sender domain. If there is no SPF information for the sender domain or the check is positive, the message is allowed.
TO BE CONTINUED
Postfix provides support for several types of filtering, like spam and virus filtering, ... Other security features for incoming Adding signatures, headers and what not and removing binaries.
- ASSP (Anti-Spam SMTP Proxy)
Pointing your Email program
- To be able to read mail from your provider, you need to know where it. If you get mail from your provider, you will most likely use IMAP or POP3. With IMAP the mail stays with the provider, with POP3, you take the mail from your provider to your PC.
Read the documentation of your email-client on how to configure this
- Local mail will as a standard come in /var/spool/mail/user_login, so mail handled with postfix will end up at that location.
The protocol is mbox, which will be usable by many mail programs in SUSE. To test this, you can run the following command:
# mailx user_login Subject: test or whatever Something you like to write .
Do not forget to add the last . (dot). To see if the mail has arrived, use your mailclient or just type mail (q to quit)
Read the documentation of your email-client on how to configure this.
All other things that can be done with ail that is not covered in the above