Configuring Linux Mail Servers
Content
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
Home1urchase 1%FsForums-&ou! Home
219 More
Quick HOWTO : Ch21 : Configuring Linux Mail Servers
From Linux Home e!"orking
Con!en!s
1 #n!ro$uc!ion 2 %e&ian ' (&un!u %ifferences ) Configuring Sen$mail )*1 Ho" Sen$mail Works )*1*1 #ncoming Mail )*1*2 Ou!going Mail )*1*) Sen$mail Macros )*2 #ns!alling Sen$mail )*) Managing !he sen$mail Server )*+ Ho" To ,es!ar! Sen$mail -f!er .$i!ing /our Configura!ion Files )*0 The 'e!c'mail'sen$mail*mc File )*0*1 Ho" !o 1u! Commen!s in sen$mal*mc )*2 Configuring % S for sen$mail )*2*1 Configure /our Mail Server3s ame #n % S )*2*2 Configure The 'e!c'resolv*conf File )*2*) The 'e!c'hos!s File )*4 Ho" To Configure Linux Sen$mail Clien!s )*5 Conver!ing From a Mail Clien! !o a Mail Server )*5*1 - 6eneral 6ui$e To (sing The sen$mail*mc File )*5*2 The 'e!c'mail'rela78$omains File )*9 The 'e!c'mail'access File )*9*1 The 'e!c'mail'local8hos!8names File )*1: Which (ser Shoul$ ,eall7 ,eceive The Mail; )*1:*1 The 'e!c'mail'vir!user!a&le file )*1:*2 The 'e!c'aliases File )*11 Sen$mail Mas<uera$ing .x=laine$ )*11*1 Configuring mas<uera$ing )*11*2 Tes!ing Mas<uera$ing )*11*) O!her Mas<uera$ing o!es )*12 (sing Sen$mail !o Change !he Sen$er3s .mail -$$ress )*1) Trou&leshoo!ing Sen$mail )*1)*1 Tes!ing TC1 connec!ivi!7 )*1)*2 Fur!her Tes!ing of TC1 connec!ivi!7 )*1)*) The 'var'log'maillog File )*1)*+ Common .rrors %ue To #ncom=le!e ,1M #ns!alla!ion )*1)*0 #ncorrec!l7 Configure$ 'e!c'hos!s Files + Figh!ing S1-M +*1 (sing 1u&lic S1-M >lacklis!s Wi!h Sen$mail +*2 S=amassassin +*2*1 %o"nloa$ing -n$ #ns!alling S=amassassin +*2*2 Managing !he s=amassassin Server +*2*) Configuring =rocmail for s=amassassin +*2*+ Configuring S=amassassin +*2*0 Tes!ing s=amassassin +*2*2 Tuning s=amassassin +*2*4 (=$a!ing S=amassassin?s >uil!8in ,ules +*) (sing 6re7lis!ing +*)*1 %o"nloa$ing an$ #ns!alling mil!er8gre7lis! +*)*2 Configuring mil!er8gre7lis! +*)*) Configuring mil!er8gre7lis! +*+ - Sim=le 1.,L Scri=! To Hel= S!o= S1-M 0 Configuring /our %oveco! 1O1 ' #M-1 Mail Server 0*1 #ns!alling %oveco! 0*2 S!ar!ing %oveco! 0*) %oveco! Configura!ion Files 0*+ Choice of 1ro!ocols 0*+*1 @ersion 1*x 0*+*2 @ersion 2*x an$ e"er 0*0 @erifi7ing Whe!her %oveco! is Lis!ening 0*2 Configuring SSL Cer!ifica!es for 1O1)S an$ #M-1S 0*2*1 Configuring SSL Cer!ifica!es for 1O1)S an$ #M-1S 0*4 %oveco! Mail&oxes 0*4*1 Configuring %oveco! for m&ox
Linux DMin!E can3! access Fe$ora Server DLinux LH Linux Forums 8 La!es! Threa$s #n!ro$uc!ion !o e!"orking Linux e!"orking Sim=le e!"ork Trou&leshoo!ing Trou&leshoo!ing Linux "i!h S7slog #ns!alling Linux Sof!"are The Linux >oo! 1rocess Configuring !he %HC1 Server Linux (sers an$ su$o Win$o"sA Linux an$ Sam&a Sharing ,esources "i!h Sam&a Sam&a Securi!7 an$ Trou&leshoo!ing Linux Wireless e!"orking Linux Fire"alls (sing i=!a&les Linux FT1 Server Se!u= Telne!A TFT1 an$ xine!$ Secure ,emo!e Logins an$ File Co=7ing Configuring % S %7namic % S The -=ache We& Server Configuring Linux Mail Servers Moni!oring Server 1erformance -$vance$ M,T6 For Linux The T1 Server e!"ork8>ase$ Linux #ns!alla!ion Linux Sof!"are ,-#% .x=an$ing %isk Ca=aci!7 Managing %isk (sage "i!h Quo!as ,emo!e %isk -ccess "i!h FS Configuring #S Cen!raliBe$ Logins (sing L%-1 an$ ,-%#(S Con!rolling We& -ccess "i!h S<ui$ Mo$if7ing !he Cernel !o #m=rove 1erformance >asic M7SQL Configura!ion O!her Linux Home e!"orking To=ics
EMC Cloud Advisory
Learn How Pitney Bowes Lowered Costs & Improved Productivity w/EMC by EMC on YouTube
1 of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
0*4*2 Configuring %oveco! for mail$ir 0*5 Configuring /our Mail Clien!s 0*9 Ho" !o han$le overla==ing email a$$resses* 0*1: Trou&leshoo!ing %oveco! Mail 0*1:*1 -l"a7s S!ar! "i!h Logging 2 Conclusion
8 Har$"areA e!"orking O Securi!7E # have a fresh LinuxMin! D(&un!u varian!E ins!all on m7 la=!o=A an$ nee$ !o access !he music files on m7 @or!ex&ox a==liance running Fe$ora* # can*** 1ro&lem "i!h Cisco .HW#C8+.S6 D6eneral Cha!E Pus! "on$ering if !he .HW#C8+.S6 D(,L &e use$ in a Cisco 5:: rou!er*# "an! !o a$$ a! leas! one*** (&un!u 12*:+ LTS Se!!ing (= e!"ork
#n!ro$uc!ion
.mail is an im=or!an! =ar! of an7 We& si!e 7ou crea!e* #n a home environmen!A a free "e& &ase$ email service ma7 &e sufficien!A &u! if 7ou are running a &usinessA !hen a $e$ica!e$ mail server "ill =ro&a&l7 &e re<uire$* This cha=!er "ill sho" 7ou ho" !o use sen$mail !o crea!e a mail server !ha! "ill rela7 7our mail !o a remo!e user3s mail&ox or incoming mail !o a local mail &ox* /ou3ll also learn ho" !o re!rieve an$ sen$ mail via 7our mail server using a "i!h mail clien! such as Ou!look .x=ress or .volu!ion*
&e!"een K='4 an$ (&un!u 12*:+LTS DLinux 8 Har$"areA e!"orking O Securi!7E i am a -&solu!e e"&ie a! Linux i "oul$ like !o have i! "here !he "in$o"s com=u!ers see an$ !ransfer files "i!h !he linux &ox an$ see an$ !ransfer*** Cisco Ca!al7s! 292:K .!herne! S"i!ch D6eneral Cha!E G# "an! !o &u7 Ca!al7s! 292:8K series s"i!ches like WS8C292:K82+1S8LAWS8C292:K8 2+1%8LA &u7 #3m no! ver7 "ell kno" a&ou! c292:x series* Can someone*** Linux v=n clien! DLinux 8 Sof!"areA -==lica!ions O 1rogrammingE Our com=an7 has one v=n serverAi! is C#SCO29:1'C9 rou!er* We can conn!ec! i! "i!h cisco v=n !ools in "in$o"s machine*>u! a&ou! linux clien!A "e have*** orihan Tali& HereQ D6eneral Cha!E Hello .ver7one m7 name is orihan Tali& i Roine$ !his forum !o make ne" connec!ions on frien$s see 7ou all on !he &oar$s 1eni=u %r* O&ai$ >usi! Legal Consul!an!sQ ne" mem&er =os!** D6eneral Cha!E Hello !o all forum mem&ers**** # am %r* O&ai$ >usi! ne" mem&er hereQ Ho=e ever7one is fine an$ enRo7 &eing hereQ ,egar$s %r* O&ai$ >usi! hani $al<amouni hereQ D6eneral Cha!E hello ever7&o$7Q i am hani $al<amouni*** i am ne" !o !his forum ann$ i am ha==7 !o Roin here !o mee! ne" frien$s an$ !o sahre in!eres!s "i!h 7ou*** >es! "a7 !o kno" Cisco Ca!al7s! 2+81or! e!"ork S"i!ch WS8C292:82+TC8L DLinux 8 Har$"areA e!"orking O Securi!7E Cisco 292:8S s"i!ches are !he lea$ing fixe$8 configura!ion La7er 2 e$ge access s"i!ches an$ 292:8S mos! =or!s are 6.*The Ca!al7s! 292:8S Series*** hello**,o&er! %i$iana here** D6eneral Cha!E iam gla$ !o &e a =ar! of !his forum i! seems like a =re!!7 cool communi!7 !ha! is ran here an$ # can !ell !here3s goo$ a$minis!ra!ion Rus! &7*** Pack ,afael 6oro$eBk7 Mirsk7 ne"&ie hereQ D6eneral Cha!E M7 name is Pack ,afael 6oro$eBk7 as 7ou can see i am a ne" mem&er of !he forum* # am in!eres!e$ !o mee! ne" like
%e&ian ' (&un!u %ifferences
This cha=!er focuses on Fe$ora ' Cen!OS ' ,e$Ha! for sim=lici!7 of ex=lana!ion* Whenever !here is a $ifference in !he re<uire$ comman$s for %e&ian ' (&un!u varia!ions of Linux i! "ill &e no!e$* The universal $ifference is !ha! !he comman$s sho"n are $one &7 !he Fe$ora ' Cen!OS ' ,e$Ha! roo! user* Wi!h %e&ian ' (&un!u 7ou "ill ei!her have !o &ecome roo! using !he Gsu$o su HG comman$ or 7ou can !em=oraril7 increase 7our =rivilege level !o roo! using !he Gsu$o Icomman$JG comman$* Here is an exam=le of ho" !o =ermanen!l7 &ecome roo!:
user@ubuntu:~$ sudo su [sudo] password for peter: root@ubuntu:~#
Here is an exam=le of ho" !o !em=oraril7 &ecome roo! !o run a s=ecific comman$* The firs! a!!em=! !o ge! a $irec!or7 lis!ing fails $ue !o insufficien! =rivileges* The secon$ a!!em=! succee$s "hen !he su$o ke7"or$ is inser!e$ &efore !he comman$*
user@ubuntu:~$ ls -l /var/lib/mysql/mysql ls: cannot access /var/lib/mysql/mysql: Permission denied user@ubuntu:~$ sudo ls -l /var/lib/mysql/mysql [sudo] password for peter: total 964 -rw-rw---- 1 mysql mysql 8820 2010-12-19 23:09 columns_priv.frm -rw-rw---- 1 mysql mysql 0 2010-12-19 23:09 columns_priv.MYD -rw-rw---- 1 mysql mysql 4096 2010-12-19 23:09 columns_priv.MYI -rw-rw---- 1 mysql mysql 9582 2010-12-19 23:09 db.frm ... ... ... user@ubuntu:~$
o" !ha! 7ou have go! !his s!raigh!A le!?s con!inue "i!h !he $iscussion*
Configuring Sen$mail
One of !he !asks in se!!ing u= % S for 7our $omain Dm78si!e*comE is !o use !he MK recor$ in !he configura!ion Bone file !o s!a!e !he hos!name of !he server !ha! "ill han$le !he mail for !he $omain* The mos! =o=ular (nix mail !rans=or! agen! is sen$mailA &u! o!hersA such as =os!fix an$ <mailA are also gaining =o=ulari!7 "i!h Linux* The s!e=s use$ !o conver! a Linux &ox in!o a sen$mail mail server "ill &e ex=laine$ here*
Ho" Sen$mail Works
-s s!a!e$ &eforeA sen$mail can han$le &o!h incoming an$ ou!going mail for 7our $omain* Take a closer look*
min$e$ =eo=le Cin$ regar$sA***
#ncoming Mail
(suall7 each user in 7our home has a regular Linux accoun! on 7our mail server* Mail sen! !o each of !hese users DusernameLm78si!e*comE even!uall7 arrives a! 7our mail server an$ sen$mail !hen =rocesses i! an$ $e=osi!s i! in !he mail&ox file of !he user3s Linux accoun!* Mail isn3! ac!uall7 sen! $irec!l7 !o !he user3s 1C* (sers re!rieve !heir mail from !he mail server using clien! sof!"areA such as Microsof!3s Ou!look or Ou!look .x=ressA !ha! su==or!s ei!her !he 1O1 or #M-1 mail re!rieval =ro!ocols* Linux users logge$ in!o !he mail server can rea$ !heir mail $irec!l7 using a !ex!8&ase$ clien!A such as mailA or a 6(# clien!A such as .volu!ion* Linux "orks!a!ion users can use !he same =rograms !o access !heir mail remo!el7*
Ou!going Mail
The =rocess is $ifferen! "hen sen$ing mail via !he mail server* 1C an$ Linux "orks!a!ion users configure !heir e8mail sof!"are !o make !he mail server !heir ou!&oun$ SMT1 mail server* #f !he mail is $es!ine$ for a local user in !he m7si!e*com $omainA !hen sen$mail =laces !he message in !ha! =erson3s mail&ox so !ha! !he7 can re!rieve i! using one of !he me!ho$s a&ove* #f !he mail is &eing sen! !o ano!her $omainA sen$mail firs! uses % S !o ge! !he MK recor$ for !he o!her $omain* #! !hen a!!em=!s !o rela7 !he mail !o !he a==ro=ria!e $es!ina!ion mail server using !he Sim=le Mail Trans=or! 1ro!ocol DSMT1E* One of !he main a$van!ages of mail rela7ing is !ha! "hen a 1C user - sen$s mail !o user > on !he #n!erne!A !he 1C of user - can $elega!e !he SMT1 =rocessing !o !he mail server* o!e: #f mail rela7ing is no! configure$ =ro=erl7A !hen 7our mail server coul$ &e comman$eere$ !o rela7 s=am* Sim=le sen$mail securi!7 "ill &e covere$ la!er*
Sen$mail Macros
When mail =asses !hrough a sen$mail server !he mail rou!ing informa!ion in i!s hea$er is anal7Be$A an$ some!imes mo$ifie$A accor$ing !o !he $esires of !he s7s!ems a$minis!ra!or* (sing a series of highl7 com=lica!e$ regular ex=ressions lis!e$ in !he 'e!c'mail'sen$mail*cf fileA sen$mail ins=ec!s !his hea$er an$ !hen ac!s accor$ingl7* #n recogni!ion of !he com=lexi!7 of !he 'e!c'mail'sen$mail*cf fileA a much sim=ler file name$ 'e!c'sen$mail*mc "as crea!e$A an$ i! con!ains more un$ers!an$a&le ins!ruc!ions for s7s!ems a$minis!ra!ors !o use* These are !hen in!er=re!e$ &7 a num&er of macro rou!ines !o crea!e !he sen$mail*cf file* -f!er e$i!ing sen$mail*mcA 7ou mus! al"a7s run !he macros an$ res!ar! sen$mail for !he changes !o !ake effec!* .ach sen$mail*mc $irec!ive s!ar!s "i!h a ke7"or$A such as %OM-# A F.-T(,.A or OST/1.A follo"e$ &7 a su&$irec!ive an$ in some cases argumen!s* - !7=ical exam=le is* -s s!a!e$ &eforeA sen$mail can han$le &o!h incoming an$ ou!going mail for 7our $omain* Take a closer look*
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
The ke7"or$s usuall7 $efine a su&$irec!or7 of 'usr'share'sen$mail8cf in "hich !he macro ma7 &e foun$ an$ !he su&$irec!ive is usuall7 !he name of !he macro file i!self* So in !he exam=leA !he macro name is 'usr'share'sen$mail8cf'fea!ure'vir!user!a&le*m+A an$ !he ins!ruc!ion MN hash 8o 'e!c'mail'vir!user!a&le*$&3 is &eing =asse$ !o i!* o!ice !ha! sen$mail is sensi!ive !o !he <uo!a!ion marks use$ in !he m+ macro $irec!ives* The7 o=en "i!h a grave mark an$ en$ "i!h a single <uo!e*
FEATURE(`masquerade_envelope')dnl
2 of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
Some ke7"or$sA such as $efine for !he $efini!ion of cer!ain sen$mail varia&les an$ M-SQ(.,-%.F%OM-# A have no corres=on$ing $irec!ories "i!h ma!ching macro files* The macros in !he 'usr'share'sen$mail8cf'm+ $irec!or7 $eal "i!h !hese* Once 7ou finish e$i!ing !he sen$mail*mc fileA 7ou can !hen execu!e !he make comman$ "hile in !he 'e!c'mail $irec!or7 !o regenera!e !he ne" sen$mail*cf file*
[root@bigboy tmp]# cd /etc/mail [root@bigboy mail]# make
#f !here have &een no changes !o !he files in 'e!c'mail since !he las! !ime make "as runA !hen 7ou3ll ge! an error like !his:
[root@bigboy mail]# make make: Nothing to be done for `all'. [root@bigboy mail]#
The make comman$ ac!uall7 genera!es !he sen$mail*cf file using !he m+ comman$* The m+ usage is sim=leA 7ou Rus! s=ecif7 !he name of !he macro file as !he argumen!A in !his case sen$mail*mcA an$ re$irec! !he ou!=u!A "hich "oul$ normall7 go !o !he screenA !o !he sen$mail*cf file "i!h !he GJG re$irec!or s7m&ol*
[root@bigboy tmp]# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
#3ll $iscuss man7 of !he fea!ures of !he sen$mail*mc file la!er in !he cha=!er*
#ns!alling Sen$mail
Mos! ,e$Ha! an$ Fe$ora Linux sof!"are =ro$uc! =ackages are availa&le in !he ,1M forma!A "hereas %e&ian an$ (&un!u Linux use %.> forma! ins!alla!ion files* When searching for !hese =ackages remem&er !ha! !he filename usuall7 s!ar!s "i!h !he sof!"are =ackage name an$ is follo"e$ &7 a version num&erA as in sen$mail85*12*1:81*1*1*i)52*r=m* DFor hel= on $o"nloa$ing an$ ins!alling !he re<uire$ =ackagesA see Cha=!er 2A #ns!alling Linux Sof!"areE* o!e: /ou "ill nee$ !o make sure !ha! !he sen$mailA sen$mail8cfA an$ m+ =ackages are ins!alle$*
Managing !he sen$mail Server
Managing !he sen$mail $aemon is eas7 !o $oA &u! !he =roce$ure $iffers &e!"een Linux $is!ri&u!ions* Here are some !hings !o kee= in min$* 1* Firs!l7A $ifferen! Linux $is!ri&u!ions use $ifferen! $aemon managemen! s7s!ems* .ach s7s!em has i!s o"n se! of comman$s !o $o similar o=era!ions* The mos! commonl7 use$ $aemon managemen! s7s!ems are S7s@ an$ S7s!em$* 2* Secon$l7A !he $aemon name nee$s !o &e kno"n* #n !his case !he name of !he $aemon is sen$mail* sen$mail -rme$ "i!h !his informa!ion 7ou can kno" ho" !o: 1* S!ar! 7our $aemons au!oma!icall7 on &oo!ing 2* S!o=A s!ar! an$ res!ar! !hem la!er on $uring !rou&leshoo!ing or "hen a configura!ion file change nee$s !o &e a==lie$* For more $e!ails on !hisA =lease !ake a look a! !he GManaging %aemonsG sec!ion of Cha=!er 2 G#ns!alling Linux Sof!"areG o!e: o!e ,emem&er !o configure 7our $aemon !o s!ar! au!oma!icall7 u=on 7our nex! re&oo!*
Ho" To ,es!ar! Sen$mail -f!er .$i!ing /our Configura!ion Files
#n !his cha=!erA 7ou3ll see !ha! sen$mail uses a varie!7 of configura!ion files !ha! re<uire $ifferen! !rea!men!s for !heir comman$s !o !ake effec!* This li!!le ac!iva!e8sen$mail*sh scri=! enca=sula!es all !he re<uire$ =os! configura!ion s!e=s*
# # Script: /usr/local/bin/activate-sendmail.sh # #!/bin/bash cd /etc/mail /usr/bin/make /usr/bin/newaliases systemctl restart sendmail.service systemctl restart spamassassin.service
#! firs! runs !he make comman$A "hich crea!es a ne" sen$mail*cf file from !he sen$mail*mc file an$ com=iles su==or!ing configura!ion files in !he 'e!c'mail $irec!or7 accor$ing !o !he ins!ruc!ions in !he file 'e!c'mail'Makefile* #! !hen genera!es ne" e8mail aliases "i!h !he ne"aliases comman$A D!his "ill &e covere$ la!erEA an$ !hen res!ar!s sen$mail* The scri=! also res!ar!s s=amassassinA a =ackage !ha! "ill &e $iscusse$ la!er* (se !his comman$ !o make !he scri=! execu!a&le*
[root@bigboy tmp]# chmod 700 /usr/local/bin/activate-sendmail.sh
/ou3ll nee$ !o run !he scri=! each !ime 7ou change an7 of !he sen$mail configura!ion files $escri&e$ in !he sec!ions !o follo"*
[root@bigboy tmp]# /usr/local/bin/activate-sendmail.sh
#n a =ro$uc!ion s7s!em 7ou ma7 "an! !o &e more selec!ive an$ onl7 res!ar! !he s=ecific a==lica!ions on "hich 7ou are "orking* # inclu$e$ all of !hem in !he scri=! so 7ou $on3! forge!*
The 'e!c'mail'sen$mail*mc File
/ou can $efine mos! of sen$mail3s configura!ion =arame!ers in !he 'e!c'mail'sen$mail*mc fileA "hich is !hen use$ &7 !he m+ macros !o crea!e !he 'e!c'mail'sen$mail*cf file* Configura!ion of !he sen$mail*mc file is much sim=ler !han configura!ion of sen$mail*cfA &u! i! is s!ill of!en vie"e$ as an in!imi$a!ing !ask "i!h i!s series of s!ruc!ure$ $irec!ive s!a!emen!s !ha! ge! !he Ro& $one* For!una!el7A in mos! cases 7ou "on3! have !o e$i! !his file ver7 of!en*
Ho" !o 1u! Commen!s in sen$mal*mc
#n mos! Linux configura!ion files a S s7m&ol is use$ a! !he &eginning of a line conver! i! in!o a commen! line or !o $eac!iva!e an7 comman$s !ha! ma7 resi$e on !ha! line* The sen$mail*mc file $oesn3! use !his charac!er for commen!ingA &u! ins!ea$ uses !he s!ring G$nlG* Here are some vali$ exam=les of commen!s use$ "i!h !he sen$mail*mc configura!ion file: These s!a!emen!s are $isa&le$ &7 $nl commen!ing*
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA') dnl # DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
This s!a!emen! is incorrec!l7 $isa&le$:
# DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
This s!a!emen! is ac!ive:
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
o!e: ,emem&er !o run !he ac!iva!e8sen$mail*sh scri=! !o ac!iva!e an7 configura!ion changes*
Configuring % S for sen$mail
) of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
,emem&er !ha! 7ou "ill never receive mail unless 7ou have configure$ % S for 7our $omain !o make 7our ne" Linux &ox mail server !he !arge! of !he % S $omain3s MK recor$* See ei!her Cha=!er 15A GConfiguring % SGA or Cha=!er 19A G%7namic % SGA for $e!ails on ho" !o $o !his*
Configure /our Mail Server3s ame #n % S
/ou firs! nee$ !o make sure !ha! 7our mail server3s name resolves in % S correc!l7* For exam=leA if 7our mail server3s name is &ig&o7 an$ i! 7ou in!en$ for i! !o mos!l7 han$le mail for !he $omain m78si!e*comA !hen &ig&o7*m78si!e*com mus! correc!l7 resolve !o !he #1 a$$ress of one of !he mail server3s in!erfaces* /ou can !es! !his using !he hos! comman$:
[root@smallfry tmp]# host bigboy.my-site.com bigboy.my-site.com has address 192.168.1.100 [root@smallfry tmp]#
/ou "ill nee$ !o fix 7our % S server3s en!ries if !he resolu!ion isn3! correc!*
Configure The 'e!c'resolv*conf File
The sen$mail =rogram ex=ec!s % S !o &e configure$ correc!l7 on !he % S server* The MK recor$ for 7our $omain mus! =oin! !o !he #1 a$$ress of !he mail server* The =rogram also ex=ec!s !he files use$ &7 !he mail server3s % S clien! !o &e configure$ correc!l7* The firs! one is !he 'e!c'resolv*conf file in "hich !here mus! &e a $omain $irec!ive !ha! ma!ches one of !he $omains !he mail server is ex=ec!e$ !o han$le mail for* Finall7A sen$mail ex=ec!s a nameserver $irec!ive !ha! =oin!s !o !he #1 a$$ress of !he % S server !he mail server shoul$ use !o ge! i!s % S informa!ion* For exam=leA if !he mail server is han$ling mail for m78si!e*com an$ !he #1 a$$ress of !he % S server is 192*125*1*1::A !here mus! &e $irec!ives !ha! look like !his:
domain my-site.com nameserver 192.168.1.100
-n incorrec!l7 configure$ resolv*conf file can lea$ !o errors "hen running !he m+ comman$ !o =rocess !he informa!ion in 7our sen$mail*mc file*
WARNING: local host name (smallfry) is not qualified; fix $j in config file
The 'e!c'hos!s File
The 'e!c'hos!s file also is use$ &7 % S clien!s an$ also nee$s !o &e correc!l7 configure$* Here is a &rief exam=le of !he firs! line 7ou shoul$ ex=ec! !o see in i!:
127.0.0.1 bigboy.my-site.com localhost.localdomain localhost bigboy
The en!r7 for 124*:*:*1 mus! al"a7s &e follo"e$ &7 !he full7 <ualifie$ $omain name DFQ% E of !he server* #n !he case a&ove i! "oul$ &e &ig&o7*m78si!e*com* Then 7ou mus! have an en!r7 for localhos! an$ localhos!*local$omain* Linux $oes no! func!ion =ro=erl7 if !he 124*:*:*1 en!r7 in 'e!c'hos!s $oesn3! also inclu$e localhos! an$ localhos!*local$omain* Finall7 7ou can a$$ an7 o!her aliases 7our hos! ma7 have !o !he en$ of !he line*
Ho" To Configure Linux Sen$mail Clien!s
-ll Linux mail clien!s in 7our home or com=an7 nee$ !o kno" "hich server is !he mail server* This is configure$ in !he sen$mail*mc file &7 se!!ing !he SM-,TFHOST s!a!emen! !o inclu$e !he mail server* #n !he exam=le &elo"A !he mail server has &een se! !o mail*m78si!e*comA !he mail server for !he m78si!e*com $omain*
define(`SMART_HOST',`mail.my-site.com')
#f 7ou $on3! have a mail server on 7our ne!"orkA 7ou can ei!her crea!e oneA or use !he one offere$ &7 7our #S1* Once !his is $oneA 7ou nee$ !o =rocess !he sen$mail*mc file an$ res!ar! sen$mail* To $o !hisA run !he res!ar!ing scri=! "e from earlier in !he cha=!er* #f !he sen$mail server is a Linux serverA !hen !he 'e!c'hos!s file "ill also have !o &e correc!l7 configure$ !oo* o!e: ,emem&er !o run !he ac!iva!e8sen$mail*sh scri=! sho"n a! !he &eginning of !he cha=!er !o ac!iva!e an7 configura!ion changes*
Conver!ing From a Mail Clien! !o a Mail Server
-ll Linux s7s!ems have a vir!ual loo=&ack in!erface !ha! lives onl7 in memor7 "i!h an #1 a$$ress of 124*:*:*1* -s mail mus! &e sen! !o a !arge! #1 a$$ress even "hen !here is no #C in !he &oxA sen$mail !herefore uses !he loo=&ack a$$ress !o sen$ mail &e!"een users on !he same Linux server* To &ecome a mail serverA an$ no! a mail clien!A sen$mail nee$s !o &e configure$ !o lis!en for messages on #C in!erfaces as "ell* 1E %e!ermine "hich #Cs sen$mail is running on* /ou can see !he in!erfaces on "hich sen$mail is lis!ening "i!h !he ne!s!a! comman$* >ecause sen$mail lis!ens on TC1 =or! 20A 7ou use ne!s!a! an$ gre= for 20 !o see a $efaul! configura!ion lis!ening onl7 on #1 a$$ress 124*:*:*1 Dloo=&ackE:
[root@bigboy tmp]# netstat -an | grep :25 | grep tcp tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN [root@bigboy tmp]#
2E .$i! sen$mail*mc !o make sen$mail lis!en on all in!erfaces* #f sen$mail is lis!ening on !he loo=&ack in!erface onl7A 7ou shoul$ commen! ou! !he $aemonFo=!ions line in !he 'e!c'mail 'sen$mail*mc file "i!h $nl s!a!emen!s* #! is also goo$ =rac!ice !o !ake =recau!ions agains! s=am &7 no! acce=!ing mail from $omains !ha! $on3! exis! &7 commen!ing ou! !he acce=!Funresolva&leF$omains fea!ure !oo* See !he four!h an$ nex! !o las! lines in !he exam=le*
dnl dnl dnl dnl dnl dnl dnl ... ... ... dnl dnl dnl dnl dnl dnl dnl dnl
This changes sendmail to only listen on the loopback device 127.0.0.1 and not on any other network devices. Comment this out if you want to accept email over the network. DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
We strongly recommend to comment this one out if you want to protect yourself from spam. However, the laptop and users on computers that do not have 24x7 DNS do need this. FEATURE(`accept_unresolvable_domains')dnl FEATURE(`relay_based_on_MX')dnl
o!e: /ou nee$ !o &e careful "i!h !he acce=!Funresolva&leFnames fea!ure* #n !he sam=le ne!"orkA &ig&o7 !he mail server $oes no! acce=! e8mail rela7e$ from an7 of !he o!her 1Cs on 7our ne!"ork if !he7 are no! in % S* Cha=!er 15A GConfiguring % SGA sho"s ho" !o crea!e 7our o"n in!ernal $omain Rus! for !his =ur=ose* o!e: #f 7our server has mul!i=le #Cs an$ 7ou "an! i! !o lis!en !o one of !hemA !hen 7ou can uncommen! !he localhos! %-.MO FO1T#O S en!r7 an$ a$$ ano!her one for !he #1 a$$ress of !he #C on "hich !o "ish !o acce=! SMT1 !raffic* )E Commen! ou! !he SM-,TFHOST .n!r7 in sen$mal*mc* The mail server $oesn3! nee$ a SM-,TFHOST en!r7 in i!s sen$mail*mc file* Commen! !his ou! "i!h a $nl a! !he &eginning*
dnl define(`SMART_HOST',`mail.my-site.com')
+E ,egenera!e !he sen$mail*cf fileA an$ res!ar! sen$mail* -gainA 7ou can $o !his "i!h !he ac!iva!e8sen$mail*sh scri=! from !he &eginning of !he cha=!er* 0E Make sure sen$mail is lis!ening on all in!erfaces D:*:*:*:E*
[root@bigboy tmp]# netstat -an | grep :25 | grep tcp tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN [root@bigboy tmp]#
/ou have no" com=le!e$ !he firs! =hase of conver!ing 7our Linux server in!o a sen$mail server &7 ena&ling i! !o lis!en !o SMT1 !raffic on i!s in!erfaces* The follo"ing sec!ions "ill sho" 7ou
+ of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
ho" !o $efine "ha! !7=e of mail i! shoul$ han$le an$ !he various "a7s !his mail can &e =rocesse$*
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
- 6eneral 6ui$e To (sing The sen$mail*mc File
The sen$mail*mc file can seem Rum&le$* To make i! less clu!!ere$ # usuall7 crea!e !"o easil7 i$en!ifia&le sec!ions in i! "i!h all !he cus!om comman$s #3ve ever a$$e$* The firs! sec!ion is near !he !o= "here !he F.-T(,. s!a!emen!s usuall7 areA an$ !he secon$ sec!ion is a! !he ver7 &o!!om* Some!imes sen$mail "ill archive !his file "hen 7ou $o a version u=gra$e* Having easil7 i$en!ifia&le mo$ifica!ions in !he file "ill make =os! u=gra$e reconfigura!ion much easier* Here is a sam=le:
dnl ***** Customised section 1 start ***** dnl dnl FEATURE(delay_checks)dnl FEATURE(masquerade_envelope)dnl FEATURE(allmasquerade)dnl FEATURE(masquerade_entire_domain)dnl dnl dnl dnl ***** Customised section 1 end *****
The 'e!c'mail'rela78$omains File
The 'e!c'mail'rela78$omains file is use$ !o $e!ermine $omains from "hich i! "ill rela7 mail* The con!en!s of !he rela78$omains file shoul$ &e limi!e$ !o !hose $omains !ha! can &e !rus!e$ no! !o origina!e s=am* >7 $efaul!A !his file $oes no! exis! in a s!an$ar$ ,e$Ha! ' Fe$ora ins!all* #n !his caseA all mail sen! from m78su=er8$u=er8si!e*com an$ no! $es!ine$ for !his mail server "ill &e for"ar$e$:
my-super-duper-site.com
One $isa$van!age of !his file is !ha! con!rols mail &ase$ on !he source $omain onl7A an$ source $omains can &e s=oofe$ &7 s=am e8mail servers* The 'e!c'mail'access file has more ca=a&ili!iesA such as res!ric!ing rela7ing &7 #1 a$$ress or ne!"ork range an$ is more commonl7 use$* #f 7ou $ele!e 'e!c'mail'rela78$omainsA !hen rela7 access is full7 $e!ermine$ &7 !he 'e!c'mail'access file* o!e: >e sure !o run ac!iva!e8sen$mail*sh scri=! from !he &eginning of !he cha=!er for !hese changes !o !ake effec!*
The 'e!c'mail'access File
/ou can make sure !ha! onl7 !rus!e$ 1Cs on 7our ne!"ork have !he a&ili!7 !o rela7 mail via 7our mail server &7 using !he 'e!c'mail'access file* Tha! is !o sa7A !he mail server "ill rela7 mail onl7 for !hose 1Cs on 7our ne!"ork !ha! have !heir e8mail clien!s configure$ !o use !he mail server as !heir ou!going SMT1 mail server* D#n Ou!look .x=ressA 7ou se! !his using: ToolsJ-ccoun!sJ1ro=er!iesJServersE #f 7ou $on3! !ake !he =recau!ion of using !his fea!ureA 7ou ma7 fin$ 7our server &eing use$ !o rela7 mail for s=am e8mail si!es* Configuring !he 'e!c'mail'access file "ill no! s!o= s=am coming !o 7ouA onl7 s=am flo"ing !hrough 7ou* The 'e!c'mail'access file has !"o columns* The firs! lis!s #1 a$$resses an$ $omains from "hich !he mail is coming or going* The secon$ lis!s !he !7=e of ac!ion !o &e !aken "hen mail from !hese sources or $es!ina!ions is receive$* Ce7"or$s inclu$e ,.L-/A ,.P.CTA OC Dno! -CC.1TEA an$ %#SC-,%* There is no !hir$ column !o s!a!e "he!her !he #1 a$$ress or $omain is !he source or $es!ina!ion of !he mailA sen$mail assumes i! coul$ &e ei!her an$ !ries !o ma!ch &o!h* -ll o!her a!!em=!e$ rela7e$ mail !ha! $oesn3! ma!ch an7 of !he en!ries in !he 'e!c'mail'access fileA sen$mail "ill reRec!* %es=i!e !hisA m7 ex=erience has &een !ha! con!rol on a =er e8mail a$$ress &asis is much more in!ui!ive via !he 'e!c'mail'vir!user!a&le file* The sam=le file !ha! follo"s allo"s rela7ing for onl7 !he server i!self D124*:*:*1A localhos!EA !"o clien! 1Cs on 7our home 192*125*1*K ne!"orkA ever7one on 7our 192*125*2*K ne!"orkA an$ ever7one =assing e8mail !hrough !he mail server from servers &elonging !o m78si!e*com* ,emem&er !ha! a server "ill &e consi$ere$ a =ar! of m78si!e*com onl7 if i!s #1 a$$ress can &e foun$ in a % S reverse Bone file:
localhost.localdomain localhost 127.0.0.1 192.168.1.16 192.168.1.17 192.168.2 my-site.com RELAY RELAY RELAY RELAY RELAY RELAY RELAY
o!e: /ou3ll no" have !o conver! !his !ex! file in!o a sen$mail rea$a&le $a!a&ase file name$ 'e!c'mail'access*$&* The ac!iva!e8sen$mail*sh scri=! "e configure$ a! !he &eginning of !he cha=!er $oes !his for 7ou !oo* ,emem&er !ha! !he rela7 securi!7 fea!ures of !his file ma7 no! "ork if 7ou $on3! have a correc!l7 configure$ 'e!c'hos!s file*
The 'e!c'mail'local8hos!8names File
When sen$mail receives mailA i! nee$s a "a7 of $e!ermining "he!her i! is res=onsi&le for !he mail i! receives* #! uses !he 'e!c'mail'local8hos!8names file !o $o !his* This file has a lis! of hos!names an$ $omains for "hich sen$mail acce=!s res=onsi&ili!7* For exam=leA if !his mail server "as !o acce=! mail for !he $omains m78si!e*com an$ ano!her8si!e !hen !he file "oul$ look like !his:
my-site.com another-site.com
#n !his caseA remem&er !o mo$if7 !he MK recor$ of !he ano!her8si!e*com % S Bonefile =oin! !o m78si!e*com* Here is an exam=le D,emem&er each G*G is im=or!an!E:
; Primary Mail Exchanger for another-site.com another-site.com. MX 10 mail.my-site.com.
o!e: >e sure !o run !he ac!iva!e8sen$mail*sh scri=! from !he &eginning of !he cha=!er for !hese changes !o !ake effec!*
Which (ser Shoul$ ,eall7 ,eceive The Mail;
-f!er checking !he con!en!s of !he vir!user!a&leA sen$mail checks !he aliases files !o $e!ermine !he ul!ima!e reci=ien! of mail*
The 'e!c'mail'vir!user!a&le file
The 'e!c'mail'vir!user!a&le file con!ains a se! of sim=le ins!ruc!ions on "ha! !o $o "i!h receive$ mail* The firs! column lis!s !he !arge! email a$$ress an$ !he secon$ column lis!s !he local user3s mail &oxA a remo!e email a$$ressA or a mailing lis! en!r7 in !he 'e!c'aliases file !o "hich !he email shoul$ &e for"ar$e$* #f !here is no ma!ch in !he vir!user!a&le fileA sen$mail checks for !he full email a$$ress in !he 'e!c'aliases file*
[email protected] @another-site.com [email protected] [email protected] [email protected] @my-site.com webmasters marc [email protected] paul paul error:nouser User unknown
#n !his exam=leA mail sen! !o: "e&mas!erLano!her8si!e*com "ill go !o local user Dor mailing lis!E "e&mas!ersA all o!her mail !o ano!her8si!e*com "ill go !o local user marc* sales a! m78si!e*com "ill go !o !he sales $e=ar!men! a! m78o!hersi!e*com* =aul an$ finance a! m78si!e*com goes !o local user Dor mailing lis!E =aul -ll o!her users a! m78si!e*com receive a &ounce &ack message s!a!ing G(ser unkno"nG*
0 of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
o!e: >e sure !o run !he ac!iva!e8sen$mail*sh scri=! from !he &eginning of !he cha=!er for !hese changes !o !ake effec!*
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
The 'e!c'aliases File
/ou can !hink of !he 'e!c'aliases file as a mailing lis! file* The firs! column has !he mailing lis! name Dsome!imes calle$ a vir!ual mail&oxEA an$ !he secon$ column has !he mem&ers of !he mailing lis! se=ara!e$ &7 commas* To s!ar!A sen$mail searches !he firs! column of !he file for a ma!ch* #f !here is no ma!chA !hen sen$mail assumes !he reci=ien! is a regular user on !he local server an$ $e=osi!s !he mail in !heir mail&ox* #f i! fin$s a ma!ch in !he firs! columnA sen$mail no!es !he nickname en!r7 in !he secon$ column* #! !hen searches for !he nickname again in !he firs! column !o see if !he reci=ien! isn3! on 7e! ano!her mailing lis!* #f sen$mail $oesn3! fin$ a $u=lica!eA i! assumes !he reci=ien! is a regular user on !he local server an$ $e=osi!s !he mail in !heir mail&ox* #f !he reci=ien! is a mailing lis!A !hen sen$mail goes !hrough !he =rocess all over again !o $e!ermine if an7 of !he mem&ers is on 7e! ano!her lis!A an$ "hen i! is all finishe$A !he7 all ge! a co=7 of !he e8mail message* #n !he exam=le !ha! follo"sA 7ou can see !ha! mail sen! !o users &inA $aemonA l=A shu!$o"nA a=acheA name$A an$ so on &7 s7s!em =rocesses "ill all &e sen! !o user Dor mailing lis!E roo!* #n !his caseA roo! is ac!uall7 an alias for a mailing lis! consis!ing of user marc an$ "e&mas!erLm78si!e*com*
# Basic system aliases -- these MUST be present. mailer-daemon: postmaster postmaster: root # General redirections for pseudo accounts. bin: root daemon: root ... ... abuse: root # trap decode to catch security attacks decode: root # Person who should get root's mail root: marc,[email protected]
o!ice !ha! !here are no s=aces &e!"een !he mailing lis! en!ries for roo!: /ou "ill ge! errors if 7ou a$$ s=aces* o!e: The $efaul! 'e!c'aliases file ins!alle$ "i!h ,e$Ha! ' Fe$ora has !he las! line of !his sam=le commen!e$ ou! "i!h a SA 7ou ma7 "an! !o $ele!e !he commen! an$ change user marc !o ano!her user* -lso af!er e$i!ing !his fileA 7ou3ll have !o conver! i! in!o a sen$mail rea$a&le $a!a&ase file name$ 'e!c'aliases*$&* Here is !he comman$ !o $o !ha!:
[root@bigboy tmp]# newaliases
#n !his sim=le mailing lis! exam=leA mail sen! !o roo! ac!uall7 goes !o user accoun! marc an$ "e&mas!erLm78si!e*com* >ecause aliases can &e ver7 usefulA here are a fe" more lis! exam=les for 7our 'e!c'aliases file* Mail !o G$irec!orsLm78si!e*comG goes !o users G=e!erGA G=aulG an$ Gmar7G*
# Directors of my SOHO company directors: peter,paul,mary
Mail sen! !o Gfamil7Lm78si!e*comG goes !o users Ggran$maGA G&ro!herG an$ Gsis!erG
# My family family:
grandma,brother,sister
Mail sen! !o a$min8lis! ge!s sen! !o all !he users lis!e$ in !he file 'home'mailings'a$min8lis!*
# My mailing list file admin-list: ":include:/home/mailings/admin-list"
The a$van!age of using mailing lis! files is !ha! !he a$min8lis! file can &e a file !ha! !rus!e$ users can e$i!A user roo! is onl7 nee$e$ !o u=$a!e !he aliases file* %es=i!e !hisA !here are some =ro&lems "i!h mail reflec!ors* One is !ha! &ounce messages from faile$ a!!em=!s !o &roa$cas! go !o all users* -no!her is !ha! all su&scri=!ions an$ unsu&scri=!ions have !o &e $one manuall7 &7 !he mailing lis! a$minis!ra!or* #f ei!her of !hese are a =ro&lem for 7ouA !hen consi$er using a mailing lis! managerA such as maRor$omo* One im=or!an! no!e a&ou! !he 'e!c'aliases file: >7 $efaul! 7our s7s!em uses sen$mail !o mail s7s!em messages !o local user roo!* When sen$mail sen$s e8mail !o a local userA !he mail has no To: in !he e8mail hea$er* #f 7ou !hen use a mail clien! "i!h a s=am mail fil!ering rule !o reRec! mail "i!h no To: in !he hea$erA such as Ou!look .x=ress or .volu!ionA 7ou ma7 fin$ 7ourself $um=ing legi!ima!e mail* To ge! aroun$ !hisA !r7 making roo! have an alias for a user "i!h a full7 <ualifie$ $omain nameA !his forces sen$mail !o inser! !he correc! fiel$s in !he hea$erT for exam=le:
# Person who should get root's mail root: [email protected]
o!e: >e sure !o run !he ne"aliases comman$ for !hese changes !o !ake effec!*
Sen$mail Mas<uera$ing .x=laine$
#f 7ou "an! 7our mail !o a==ear !o come from userLm7si!e*com an$ no! userL&ig&o7*m7si!e*comA !hen 7ou have !"o choices: Configure 7our email clien!A such as Ou!look .x=ressA !o se! 7our email a$$ress !o userLm7si!e*com* D#3ll ex=lain !his in !he GConfiguring /our 1O1 Mail ServerG sec!ion*E* Se! u= mas<uera$ing !o mo$if7 !he $omain name of all !raffic origina!ing from an$ =assing !rough 7our mail server*
Configuring mas<uera$ing
#n !he % S configura!ionA 7ou ma$e &ig&o7 !he mail server for !he $omain m78si!e*com* /ou no" have !o !ell &ig&o7 in !he sen$mail configura!ion file sen$mail*mc !ha! all ou!going mail origina!ing on &ig&o7 shoul$ a==ear !o &e coming from m78si!e*comT if no!A &ase$ on our se!!ings in !he 'e!c'hos!s fileA mail "ill a==ear !o come from mail*m78si!e*com* This isn3! !erri&leA &u! 7ou ma7 no! "an! 7our We& si!e !o &e remem&ere$ "i!h !he "or$ GmailG in fron! of i!* #n o!her "or$s 7ou ma7 "an! 7our mail server !o han$le all email &7 assigning a consis!en! re!urn a$$ress !o all ou!going mailA no ma!!er "hich server origina!e$ !he email* /ou can solve !his &7 e$i!ing 7our sen$mail*mc configura!ion file an$ a$$ing some mas<uera$ing comman$s an$ $irec!ives:
FEATURE(always_add_domain)dnl FEATURE(`masquerade_entire_domain')dnl FEATURE(`masquerade_envelope')dnl FEATURE(`allmasquerade')dnl MASQUERADE_AS(`my-site.com')dnl MASQUERADE_DOMAIN(`my-site.com.')dnl MASQUERADE_DOMAIN(localhost)dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
The resul! is !ha!: The M-SQ(.,-%.F-S $irec!ive makes all mail origina!ing on &ig&o7 a==ear !o come from a server "i!hin !he $omain m78si!e*com &7 re"ri!ing !he email hea$er* The M-SQ(.,-%.F%OM-# $irec!ive makes mail rela7e$ via &ig&o7 from all machines in !he ano!her8si!e*com an$ local$omain $omains a==ear !o come from !he M-SQ(.,-%.F-S $omain of m78si!e*com* (sing % SA sen$mail checks !he $omain name associa!e$ "i!h !he #1 a$$ress of !he mail rela7 clien! sen$ing !he mail !o hel= i! $e!ermine "he!her i! shoul$ $o mas<uera$ing or no!* F.-T(,. mas<uera$eFen!ireF$omain makes sen$mail mas<uera$e servers name$ Um78si!e*comA an$ Uano!her8si!e*com as m78si!e*com* #n o!her "or$sA mail from sales*m78si!e*com "oul$ &e mas<uera$e$ as m78si!e*com* #f !his "asn3! selec!e$A !hen onl7 servers name$ m78si!e*com an$ m78o!hersi!e*com "oul$ &e mas<uera$e$* (se !his "i!h cau!ion "hen 7ou are sure 7ou have !he necessar7 au!hori!7 !o $o !his* F.-T(,. allmas<uera$e makes sen$mail re"ri!e &o!h reci=ien! a$$resses an$ sen$er a$$resses rela!ive !o !he local machine* #f 7ou cc: 7ourself on an ou!going mailA !he o!her
2 of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
reci=ien! sees a cc: !o an a$$ress he kno"s ins!ea$ of one on localhos!*local$omain* o!e: (se F.-T(,. allmas<uera$e "i!h cau!ion if 7our mail server han$les email for man7 $ifferen! $omains an$ !he mail&oxes for !he users in !hese $omains resi$e on !he mail server* The allmas<uera$e s!a!emen! causes all mail $es!ine$ for !hese mail&oxes !o a==ear !o &e $es!ine$ for users in !he $omain $efine$ in !he M-SQ(.,-%.F-S s!a!emen!* #n o!her "or$sA if M-SQ(.,-%.F-S is m78si!e*com an$ 7ou use allmas<uera$eA !hen mail for =e!erLano!her8si!e*com en!ers !he correc! mail&ox &u! sen$mail re"ri!es !he To:A making !he e8mail a==ear !o &e sen! !o =e!erLm78s!e*com originall7* F.-T(,. al"a7sFa$$F$omain al"a7s mas<uera$es email a$$ressesA even if !he mail is sen! from a user on !he mail server !o ano!her user on !he same mail server* F.-T(,. mas<uera$eFenvelo=e re"ri!es !he email envelo=e Rus! as M-SQ(.,-%.F-S re"ro!e !he hea$er* Mas<uera$ing is an im=or!an! =ar! of an7 mail server configura!ion as i! ena&les s7s!ems a$minis!ra!ors !o use mul!i=le ou!&oun$ mail serversA each =rovi$ing onl7 !he glo&al $omain name for a com=an7 an$ no! !he full7 <ualifie$ $omain name of !he server i!self* -ll email corres=on$ence !hen has a uniform email a$$ress forma! !ha! com=lies "i!h !he com=an73s &ran$ marke!ing =olicies* o!e: .8mail clien!sA such as Ou!look .x=ressA consi$er !he To: an$ From: s!a!emen!s as !he e8mail hea$er* When 7ou choose ,e=l7 or ,e=l7 -ll in Ou!look .x=ressA !he =rogram au!oma!icall7 uses !he To: an$ From: in !he hea$er* #! is eas7 !o fake !he hea$erA as s=ammers of!en $oT i! is $e!rimen!al !o e8mail $eliver7A ho"everA !o fake !he envelo=e* The e8mail envelo=e con!ains !he To: an$ From: use$ &7 mailservers for =ro!ocol nego!ia!ion* #! is !he envelo=e3s From: !ha! is use$ "hen e8mail reRec!ion messages are sen! &e!"een mail servers* o!e: >e sure !o run !he ac!iva!e8sen$mail*sh scri=! from !he &eginning of !he cha=!er for !hese changes !o !ake effec!*
Tes!ing Mas<uera$ing
The &es! "a7 of !es!ing mas<uera$ing from !he Linux comman$ line is !o use !he Gmail 8v usernameG comman$* # have no!ice$ !ha! Gsen$mail 8v usernameG ignores mas<uera$ing al!oge!her* /ou shoul$ also !ail !he 'var'log'maillog file !o verif7 !ha! !he mas<uera$ing is o=era!ing correc!l7 an$ check !he envelo=e an$ hea$er of !es! email receive$ &7 !es! email accoun!s*
O!her Mas<uera$ing o!es
>7 $efaul!A user Groo!G "ill no! &e mas<uera$e$* To remove !his res!ric!ion use:
EXPOSED_USER(`root')dnl
comman$ in 'e!c'mail'sen$mail*mc* /ou can commen! !his ou! if 7ou like "i!h a G$nlG a! !he &eginning of !he line an$ running !he sen$mail s!ar! scri=!*
(sing Sen$mail !o Change !he Sen$er3s .mail -$$ress
Some!imes mas<uera$ing isn3! enough* -! !imes 7ou ma7 nee$ !o change no! onl7 !he $omain of !he sen$er &u! also !he username =or!ion of !he sen$er3s e8mail a$$ress* For exam=leA =erha=s 7ou &ough! a =rogram for 7our SOHO office !ha! sen$s ou! no!ifica!ions !o 7our s!affA &u! !he =rogram inser!s i!s o"n a$$ress as sen$er3s a$$ressA no! !ha! of !he #T =erson* We&8&ase$ C6# scri=!s !en$ !o run as user a=ache an$A !hereforeA sen$ mail as user a=ache !oo* Of!en 7ou "on3! "an! !hisA no! onl7 &ecause a=ache3s e8mail a$$ress ma7 no! &e a sui!a&leA &u! also &ecause some an!i8s=am =rograms check !o ensure !ha! !he From:A or source e8mail a$$ressA ac!uall7 exis!s as a real user* #f 7our vir!user!a&le file allo"s e8mail !o onl7 =re$efine$ usersA !hen <ueries a&ou! !he a=ache user "ill failA an$ 7our vali$ e8mail ma7 &e classifie$ as &eing s=am* Wi!h sen$mailA 7ou can change &o!h !he $omain an$ username on a case8&78case &asis using !he generics!a&le fea!ure: 1E -$$ !hese s!a!emen!s !o 7our 'e!c'mail'sen$mail*mc file !o ac!iva!e !he fea!ure:
FEATURE(`genericstable',`hash -o /etc/mail/genericstable.db')dnl GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl
2E Crea!e a 'e!c'mail'generics8$omains file !ha! is Rus! a lis! of all !he $omains !ha! shoul$ &e ins=ec!e$* Make sure !he file inclu$es 7our server3s canonical $omain nameA "hich 7ou can o&!ain using !he comman$:
sendmail -bt -d0.1 </dev/null
Here is a sam=le 'e!c'mail'generics8$omains file:
my-site.com another-site.com bigboy.my-site.com
)E Crea!e 7our 'e!c'mail'generics!a&le file* Firs! sen$mail searches !he 'e!c'mail'generics8$omains file for a lis! of $omains !o reverse ma=* #! !hen looks a! !he 'e!c'mail'generics!a&le file for an in$ivi$ual email a$$ress from a ma!ching $omain* The forma! of !he file is
linux-username [email protected]
/our e8mails from linux8username shoul$ no" a==ear !o come from usernameLne"8$omain*com* Here are some o!her exam=les:
alert peter apache [email protected] [email protected] [email protected]
o!e: >e sure !o run !he ac!iva!e8sen$mail*sh scri=! from !he &eginning of !he cha=!er for !hese changes !o !ake effec!*
Trou&leshoo!ing Sen$mail
There are a num&er of "a7s !o !es! sen$mail "hen i! $oesn3! a==ear !o "ork correc!l7* Here are a fe" me!ho$s 7ou can use !o fix some of !he mos! common =ro&lems*
Tes!ing TC1 connec!ivi!7
The ver7 firs! s!e= is !o $e!ermine "he!her 7our mail server is accessi&le on !he sen$mail SMT1 TC1 =or! 20* Lack of connec!ivi!7 coul$ &e cause$ &7 a fire"all "i!h incorrec! =ermi!A -TA or =or! for"ar$ing rules !o 7our mail server* Failure coul$ also &e cause$ &7 !he sen$mail =rocess &eing s!o==e$* #! is &es! !o !es! !his from &o!h insi$e 7our ne!"ork an$ from !he #n!erne!* Cha=!er +A GSim=le e!"ork Trou&leshoo!ingGA covers !rou&leshoo!ing "i!h T.L .T*
Fur!her Tes!ing of TC1 connec!ivi!7
/ou can also mimic a full mail session using T.L .T !o make sure ever7!hing is "orking correc!l7* #f 7ou ge! a G0:: Comman$ no! recogniBe$G error message along !he "a7A !he cause is =ro&a&l7 a !7=ogra=hical error* Follo" !hese s!e=s carefull7* 1E Telne! !o !he mail server on =or! 20* /ou shoul$ ge! a res=onse "i!h a 22: s!a!us co$e*
[root@bigboy tmp]# telnet mail.my-site.com 25 Trying mail.my-site.com... Connected to mail.my-site.com. Escape character is '^]'. 220 mail.my-site.com ESMTP server ready
#f !his &asic s!e= failsA 7ou =ro&a&l7 have a connec!ion =ro&lem !ha! coul$ &e !he resul! of !7=ical ne!"ork issues ou!line$ in Cha=!er +A GSim=le e!"ork Trou&leshoo!ingG* ,evie" !his cha=!er if 7ou fin$ 7ourself having =ro&lems rela!e$ !o &asic connec!ivi!7*
4 of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
2E (se !he hello comman$ !o !ell !he mail server !he $omain 7ou &elong !o* /ou shoul$ receive a message "i!h a successful s!a!us 20: co$e a! !he &eginning of !he res=onse*
helo another-web-site.org 250 mail.my-site.com Hello c-24-4-97-110.client.comcast.net [24.4.97.110], pleased to meet you.
)E #nform !he mail server from "hich !he !es! message is coming "i!h !he M-#L F,OM: s!a!emen!*
MAIL FROM:[email protected] 250 2.1.0 [email protected]... Sender ok
+E Tell !he mail server !o "hom !he !es! message is going "i!h !he G ,C1T TO:G s!a!emen!*
RCPT TO: [email protected] 250 2.1.5 [email protected]... Recipient ok
0E 1re=are !he mail server !o receive $a!a "i!h !he %-T- s!a!emen!
DATA 354 Enter mail, end with "." on a line by itself
2E T7=e !he s!ring Gsu&Rec!:G !hen !7=e a su&Rec!* T7=e in 7our !ex! messageA en$ing i! "i!h a single =erio$ on !he las! line* For exam=le*
Subject: Test Message Testing sendmail interactively . 250 2.0.0 iA75r9si017840 Message accepted for delivery
4E (se !he Q(#T comman$ !o en$ !he session*
QUIT 221 2.0.0 mail.my-site.com closing connection Connection closed by foreign host. [root@bigboy tmp]#
o" verif7 !ha! !he in!en$e$ reci=ien! receive$ !he messageA an$ check !he s7s!em logs for an7 mail a==lica!ion errors*
The 'var'log'maillog File
>ecause sen$mail "ri!es all i!s s!a!us messages in !he 'var'log'maillog fileA al"a7s moni!or !his file "henever 7ou are $oing changes* O=en !"o T.L .TA SSHA or console "in$o"s* Work in one of !hem an$ moni!or !he sen$mail s!a!us ou!=u! in !he o!her using !he comman$
[root@bigboy tmp]# tail -f /var/log/maillog
This !ac!ic "ill make i! much easier !o !rou&leshoo! an7 issues 7ou ma7 fin$ in sen$mail*
Common .rrors %ue To #ncom=le!e ,1M #ns!alla!ion
>o!h !he ne"aliases an$ m+ comman$s re<uire !he sen$mail8cf an$ m+ ,1M =ackages* These mus! &e ins!alle$* #f !he7 are no!A 7ou3ll ge! errors "hen running various sen$mail rela!e$ comman$s* Sam=le .rrors "hen running ne"aliases
[root@bigboy mail]# newaliases Warning: .cf file is out of date: sendmail 8.12.5 supports version 10, .cf file is version 0 No local mailer defined QueueDirectory (Q) option must be set [root@bigboy mail]#
Sam=le errors "hen =rocessing !he sen$mail*mc file
[root@bigboy mail]# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf /etc/mail/sendmail.mc:8: m4: Cannot open /usr/share/sendmail-cf/m4/cf.m4: No such file or directory [root@bigboy mail]#
Sam=le errors "hen res!ar!ing sen$mail
[root@bigboy mail]# systemctl restart sendmail.service Shutting down sendmail: [ OK ] Shutting down sm-client: [FAILED] Starting sendmail: 554 5.0.0 No local mailer defined 554 5.0.0 QueueDirectory (Q) option must be set [FAILED] Starting sm-client: [ OK ] [root@bigboy mail]#
#f !hese errors occurA make sure 7our m+A sen$mail an$ senmail8cf ,1M =ackages are ins!alle$ correc!l7*
#ncorrec!l7 Configure$ 'e!c'hos!s Files
>7 $efaul!A Fe$ora inser!s !he hos!name of !he server &e!"een !he 124*:*:*1 an$ !he localhos! en!ries in 'e!c'hos!s like !his:
127.0.0.1 bigboy localhost.localdomain localhost
(nfor!una!el7 in !his configura!ionA sen$mail "ill !hink !ha! !he server3s FQ% is &ig&o7A "hich i! "ill i$en!if7 as &eing invali$ &ecause !here is no ex!ension a! !he en$A such as *com or *ne!* #! "ill !hen $efaul! !o sen$ing e8mails in "hich !he $omain is localhos!*local$omain* The 'e!c'hos!s file is also im=or!an! for configuring mail rela7* /ou can crea!e =ro&lems if 7ou fail !o =lace !he server name in !he F%Q for 124*:*:*1 en!r7* Here sen$mail !hinks !ha! !he server3s F%Q "as m78si!e an$ !ha! !he $omain "as all of *com*
127.0.0.1 my-site.com localhost.localdomain localhost # (Wrong!!!)
The server "oul$ !herefore &e o=en !o rela7 all mail from an7 *com $omain an$ "oul$ ignore !he securi!7 fea!ures of !he access an$ rela78$omains files #3ll $escri&e la!er* -s men!ione$A a =oorl7 configure$ 'e!c'hos!s file can make mail sen! from 7our server !o !he ou!si$e "orl$ a==ear as if i! came from users a! localhos!*local$omain an$ no! &ig&o7*m78 si!e*com* (se !he sen$mail =rogram !o sen$ a sam=le e8mail !o someone in ver&ose mo$e* .n!er some !ex! af!er issuing !he comman$ an$ en$ 7our message "i!h a single =erio$ all &7 i!self on !he las! lineA for exam=le:
[root@bigboy tmp]# sendmail -v [email protected] test text test text . [email protected]... Connecting to mail.another-site.com. via esmtp... 220 ltmail.another-site.com LiteMail v3.02(BFLITEMAIL4A); Sat, 05 Oct 2002 06:48:44 -0400 >>> EHLO localhost.localdomain 250-mx.another-site.com Hello [67.120.221.106], pleased to meet you 250 HELP >>> MAIL From:<[email protected]> 250 <[email protected]>... Sender Ok >>> RCPT To:<[email protected]> 250 <[email protected]>... Recipient Ok >>> DATA 354 Enter mail, end with "." on a line by itself >>> . 250 Message accepted for delivery [email protected]... Sent (Message accepted for delivery) Closing connection to mail.another-site.com. >>> QUIT [root@bigboy tmp]#
5 of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
localhos!*local$omain is !he $omain !ha! all com=u!ers use !o refer !o !hemselvesA i! is !herefore an illegal #n!erne! $omain* Consi$er an exam=le: Mail sen! from com=u!er 1C1 !o 1C2 a==ears !o come from a user a! localhos!*local$omain on 1C1 an$ is reRec!e$* The reRec!e$ e8mail is re!urne$ !o localhos!*local$omain* 1C2 sees !ha! !he mail origina!e$ from localhos!*local$omain an$ !hinks !ha! !he reRec!e$ e8mail shoul$ &e sen! !o a user on 1C2 !ha! ma7 no! exis!* /ou en$ u= "i!h an error in 'var'log'maillog:
Oct 16 10:20:04 bigboy sendmail[2500]: g9GHK3iQ002500: SYSERR(root): savemail: cannot save rejected email anywhere Oct 16 10:20:04 bigboy sendmail[2500]: g9GHK3iQ002500: Losing ./qfg9GHK3iQ002500: savemail panic
/ou ma7 also ge! !his error if 7ou are using a s=am =reven!ion =rogramA such as a scri=! &ase$ on !he 1.,L mo$ule Mail::-u$i!* -n error in !he scri=! coul$ cause !his !7=e of message !oo* -no!her se! of !ell !ale errors cause$ &7 !he same =ro&lem can &e genera!e$ "hen !r7ing !o sen$ mail !o a user D!he exam=le uses roo!E or crea!ing a ne" alias $a!a&ase file* D#3ll ex=lain !he ne"aliases comman$ la!er*E
[root@bigboy tmp]# sendmail -v root WARNING: local host name (bigboy) is not qualified; fix $j in config file [root@bigboy tmp]# newaliases WARNING: local host name (bigboy) is not qualified; fix $j in config file [root@bigboy tmp]#
-n accom=an7ing error in 'var'log'maillog log file looks like !his:
Oct 16 10:23:58 bigboy sendmail[2582]: My unqualified host name (bigboy) unknown; sleeping for retry
When 7ou have go! sen$mail finall7 "orking i! "ill &e !ime !o focus 7our a!!en!ion on figh!ing un"an!e$ emailA or S1-M* This "ill &e covere$ nex!*
Figh!ing S1-M
(nsolici!e$ Commercial .mail D(C. or S1-ME can &e anno7ingA !ime consuming !o $ele!e an$ in some cases $angerous "hen !he7 con!ain viruses an$ "orms* For!una!el7 !here are "a7s 7ou can use 7our mail server !o com&a! S1-M*
(sing 1u&lic S1-M >lacklis!s Wi!h Sen$mail
There are man7 =u&licl7 availa&le lis!s of kno"n o=en mail rela7 servers an$ s=am genera!ing mail servers on !he #n!erne!* Some are main!aine$ &7 volun!eersA o!hers are manage$ &7 =u&lic com=aniesA &u! in all cases !he7 rel7 heavil7 on com=lain!s from s=am vic!ims* Some s=am &lacklis!s sim=l7 !r7 !o $e!ermine "he!her !he e8mail is coming from a legi!ima!e #1 a$$ress* The #1 a$$resses of offen$ers usuall7 remain on !he lis! for six mon!hs !o !"o 7ears* #n some casesA !o =rovi$e a$$i!ional =ressure on !he s=ammersA !he &lacklis!s inclu$e no! onl7 !he offen$ing #1 a$$ress &u! also !he en!ire su&ne! or ne!"ork &lock !o "hich i! &elongs* This =reven!s !he s=ammers from easil7 s"i!ching !heir servers3 #1 a$$resses !o !he nex! availa&le ones on !heir ne!"orks* -lsoA if !he s=ammer uses a =u&lic $a!a cen!erA i! is =ossi&le !ha! !heir ac!ivi!ies coul$ also cause !he #1 a$$resses of legi!ima!e e8mailers !o &e &lack lis!e$ !oo* #! is ho=e$ !ha! !hese legi!ima!e users "ill =ressure !he $a!a cen!er3s managemen! !o evic! !he s=amming cus!omer* /ou can configure sen$mail !o use i!s $ns&l fea!ure !o &o!h <uer7 !hese lis!s an$ reRec! !he mail if a ma!ch is foun$* Here are some sam=le en!ries 7ou can a$$ !o 7our 'e!c'sen$mail*mc fileT !he7 shoul$ all &e on one line* ,FC8#gnoran!: - vali$ #1 a$$ress checker*
FEATURE(`dnsbl', `ipwhois.rfc-ignorant.org',`"550 Mail from " $&{client_addr} " refused. Rejected for bad WHOIS info on IP of your SMTP server - see http://www.rfc-ignorant.org/"')
.as7ne!: -n o=en =rox7 lis!*
FEATURE(`dnsbl', `proxies.blackholes.easynet.nl', `"550 5.7.1 ACCESS DENIED to OPEN PROXY SERVER "$&{client_name}" by easynet.nl DNSBL (http://proxies.blackholes.easynet.nl/errors.html)"', `')dnl
S=amco=: - s=ammer &lacklis!*
FEATURE(`dnsbl', `bl.spamcop.net', `"450 Mail from " $`'&{client_addr} " refused - see http://spamcop.net/bl.shtml"')
S=amhaus: - s=ammer &lacklis!*
FEATURE(`dnsbl',`sbl.spamhaus.org',`Rejected - see http://spamhaus.org/')dnl
o!e: @isi! !he (,Ls lis!e$ in each F.-T(,. comman$ !o learn more a&ou! !he in$ivi$ual services* >e sure !o run !he ac!iva!e8sen$mail*sh scri=! from !he &eginning of !he cha=!er for !hese changes !o !ake effec!*
S=amassassin
Once sen$mail receives an e8mail messageA i! han$s !he message over !o =rocmailA "hich is !he a==lica!ion !ha! ac!uall7 =laces !he e8mail in user mail&oxes on !he mail server* /ou can make =rocmail !em=oraril7 han$ over con!rol !o ano!her =rogramA such as a s=am fil!er* The mos! commonl7 use$ fil!er is s=amassassin* s=amassassin $oesn3! $ele!e s=amA i! merel7 a$$s !he "or$ Gs=amG !o !he &eginning of !he su&Rec! line of sus=ec!e$ s=am e8mails* /ou can !hen configure !he e8mail fil!er rules in Ou!look .x=ress or an7 o!her mail clien! !o ei!her $ele!e !he sus=ec! message or s!ore i! in a s=ecial S=am fol$er*
%o"nloa$ing -n$ #ns!alling S=amassassin
Mos! ,e$Ha! an$ Fe$ora Linux sof!"are =ro$uc! =ackages are availa&le in !he ,1M forma!A "hereas %e&ian an$ (&un!u Linux use %.> forma! ins!alla!ion files* When searching for !hese =ackages remem&er !ha! !he filename usuall7 s!ar!s "i!h !he sof!"are =ackage name an$ is follo"e$ &7 a version num&erA as in s=amassassin82*2:82*i)52*r=m* DFor hel= $o"nloa$ingA see Cha=!er 2A G#ns!alling ,1M Sof!"areGE*
Managing !he s=amassassin Server
Managing !he s=amassassin $aemon is eas7 !o $oA &u! !he =roce$ure $iffers &e!"een Linux $is!ri&u!ions* Here are some !hings !o kee= in min$* 1* Firs!l7A $ifferen! Linux $is!ri&u!ions use $ifferen! $aemon managemen! s7s!ems* .ach s7s!em has i!s o"n se! of comman$s !o $o similar o=era!ions* The mos! commonl7 use$ $aemon managemen! s7s!ems are S7s@ an$ S7s!em$* 2* Secon$l7A !he $aemon name nee$s !o &e kno"n* #n !his case !he name of !he $aemon is s=amassassin* s=amassassin -rme$ "i!h !his informa!ion 7ou can kno" ho" !o: 1* S!ar! 7our $aemons au!oma!icall7 on &oo!ing 2* S!o=A s!ar! an$ res!ar! !hem la!er on $uring !rou&leshoo!ing or "hen a configura!ion file change nee$s !o &e a==lie$* For more $e!ails on !hisA =lease !ake a look a! !he GManaging %aemonsG sec!ion of Cha=!er 2 G#ns!alling Linux Sof!"areG o!e: o!e ,emem&er !o configure 7our $aemon !o s!ar! au!oma!icall7 u=on 7our nex! re&oo!*
Configuring =rocmail for s=amassassin
The 'e!c'=rocmailrc file is use$ &7 =rocmail !o $e!ermine !he =rocmail hel=er =rograms !ha! shoul$ &e use$ !o fil!er mail* This file isn3! crea!e$ &7 $efaul!* s=amassassin has a !em=la!e 7ou can use calle$ 'e!c'mail's=amassassin's=amassassin8s=amc*rc* Co=7 !he !em=la!e !o !he 'e!c $irec!or7*
9 of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
[root@bigboy tmp]# cp /etc/mail/spamassassin/spamassassin-spamc.rc /etc/procmailrc
This "ill ac!iva!e s=amassassin for all 7our mail users*
Configuring S=amassassin
The s=amassassin configura!ion file is name$ 'e!c'mail's=amassassin'local*cf* - full lis!ing of all !he o=!ions availa&le in !he local*cf file can &e foun$ in !he Linux man =ages using !he follo"ing comman$:
[root@bigboy tmp]# man Mail::SpamAssassin::Conf
/ou can cus!omiBe !his full7 commen!e$ sam=le configura!ion file !o mee! 7our nee$s*
################################################################### # See 'perldoc Mail::SpamAssassin::Conf' for # details of what can be adjusted. ################################################################### # # These values can be overridden by editing # ~/.spamassassin/user_prefs.cf (see spamassassin(1) for details) # # How many hits before a message is considered spam. The lower the # number the more sensitive it is. required_hits 5.0
# Whether to change the subject of suspected spam (1=Yes, 0=No) rewrite_subject 1
# Text to prepend to subject if rewrite_subject is used subject_tag *****SPAM*****
# Encapsulate spam in an attachment (1=Yes, 0=No) report_safe 1
# Use terse version of the spam report (1=Yes, 0=No) use_terse_report 0
# Enable the Bayes system (1=Yes, 0=No) use_bayes 1
# Enable Bayes auto-learning (1=Yes, 0=No) auto_learn 1
# Enable or disable network checks (1=Yes, 0=No) skip_rbl_checks 0 use_razor2 1 use_dcc 1 use_pyzor 1
# Mail using languages used in these country codes will not be marked # as being possibly spam in a foreign language. # - english ok_languages en
# Mail using locales used in these country codes will not be marked # as being possibly spam in a foreign language. ok_locales en
o!e: >e sure !o run !he ac!iva!e8sen$mail*sh scri=! from !he &eginning of !he cha=!er for !hese changes !o !ake effec!*
Tes!ing s=amassassin
/ou can !es! !he vali$i!7 of 7our local*cf file &7 using !he s=amassassin comman$ "i!h !he 88lin! o=!ion* This "ill lis! an7 s7n!ax =ro&lems !ha! ma7 exis!* #n !his exam=le !"o errors "ere foun$ an$ correc!e$ &efore !he comman$ "as run again*
[root@bigboy tmp]# spamassassin -d --lint Created user preferences file: /root/.spamassassin/user_prefs config: SpamAssassin failed to parse line, skipping: use_terse_report 0 config: SpamAssassin failed to parse line, skipping: auto_learn 1 lint: 2 issues detected. please rerun with debug enabled for more information. [root@bigboy tmp]# vi /etc/mail/spamassassin/local.cf ... ... ... [root@bigboy tmp]# spamassassin -d --lint [root@bigboy tmp]
Tuning s=amassassin
/ou can !une !he sensi!ivi!7 of s=amassassin !o !he !7=e of s=am 7ou receive &7 a$Rus!ing !he re<uire$Fhi!s value in !he local*cf file* This can &e ma$e easier &7 vie"ing !he score s=amassassin assigns a message in i!s hea$er* #n mos! 6(# &ase$ email clien!s !his can &e $one &7 looking a! !he email3s =ro=er!ies* #n !his caseA a igerian email scam s=am "as $e!ec!e$ an$ given a score of 2:*1 an$ marke$ as s=am*
X-Spam-Status: Yes, score=20.1 required=2.1 tests=DEAR_FRIEND, DNS_FROM_RFC_POST,FROM_ENDS_IN_NUMS,MSGID_FROM_MTA_HEADER,NA_DOLLARS, NIGERIAN_BODY1,NIGERIAN_BODY2,NIGERIAN_BODY3,NIGERIAN_BODY4, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SBL,RISK_FREE,SARE_FRAUD_X3, SARE_FRAUD_X4,SARE_FRAUD_X5,US_DOLLARS_3 autolearn=failed version=3.0.4 X-Spam-Report: * 0.5 FROM_ENDS_IN_NUMS From: ends in numbers * 0.2 RISK_FREE BODY: Risk free. Suuurreeee.... * 0.4 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN) * 0.8 DEAR_FRIEND BODY: Dear Friend? That's not very dear! * 2.2 NA_DOLLARS BODY: Talks about a million North American dollars * 1.8 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net * [Blocked - see <http://www.spamcop.net/bl.shtml?213.185.106.3>] * 1.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL * [213.185.106.3 listed in sbl-xbl.spamhaus.org] * 1.4 DNS_FROM_RFC_POST RBL: Envelope sender in postmaster.rfc-ignorant.org * 1.9 NIGERIAN_BODY3 Message body looks like a Nigerian spam message 3+ * 2.9 NIGERIAN_BODY1 Message body looks like a Nigerian spam message 1+ * 1.4 NIGERIAN_BODY4 Message body looks like a Nigerian spam message 4+ * 1.7 SARE_FRAUD_X5 Matches 5+ phrases commonly used in fraud spam * 0.5 NIGERIAN_BODY2 Message body looks like a Nigerian spam message 2+ * 1.7 SARE_FRAUD_X3 Matches 3+ phrases commonly used in fraud spam * 1.7 SARE_FRAUD_X4 Matches 4+ phrases commonly used in fraud spam * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay
#f S1-M sli=s !hrough 7our s=amassassin s7s!emA 7ou can use !his me!ho$ !o a$Rus! 7our rules !o re$uce !he risk in fu!ure*
(=$a!ing S=amassassin?s >uil!8in ,ules
The s=amassassin =ackage comes "i!h a fileA 'e!c'cron*$'sa8u=$a!eA "hich u=$a!es !he rule files in !he 'e!c'mail's=amassassin' $irec!or7 each $a7* This makes !he a$minis!ra!ion of 7our s7s!em much easier* Limi!ing 7our s=am figh!ing effor!s !o !he re<uire$Fhi!s value isn3! usuall7 a$e<ua!e* /ou "ill =ro&a&l7 nee$ a$$i!ional s=amassassin !ools !o &e more selec!ive an$ accura!e in 7our !es!s* This "ill &e covere$ nex!*
(sing 6re7lis!ing
To maximiBe !he effec! of !heir effor!sA s=ammers !r7 !o sen$ email as <uickl7 as =ossi&le* The7 !ake no!e of !he emails !ha! &ounceA so !ha! !he7 kno" "hich a$$resses !o remove from !heir lis!s !o make !heir nex! mailing more efficien!*
1: of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
When mail servers receive mail !oo ra=i$l7 for !hem !o han$leA !he7 can ask !he sen$er !o !r7 again la!er* S=ammers of!en vie" resen$ing emails !o vali$ a$$resses as a "as!e of com=u!ing !ime !ha! coul$ &e use$ !o sen$ mail !o &ran$ ne" a$$resses !ha! &elong !o fas!er mail servers* .mails !ha! nee$ !o &e resen! are usuall7 a&an$one$* Some emails nee$ relia&le $eliver7 !o &e effec!ive an$ !he sen$ers of !hese !7=es of messages are "illing !o resen$* These inclu$e &ank s!a!emen! no!ifica!ionsA ecommerce =urchase confirma!ionsA an$ su&scri=!ion ne"sle!!ers* #n a =revious sec!ion "e sa" "here s=amassassin al"a7s reRec!s emails from &lacklis!e$ sources* Wi!h gre7lis!ingA sources are Rus! aske$ !o resen$* One of !he mos! =o=ular gre7lis! mail fil!er Dmil!erE =ro$uc!s is !he mil!er8gre7lis! =ackage "hich also "orks seamlessl7 "i!h s=amassassin* #! is eas7 !o use an$ #?ll $iscuss ho" can &e configure$ on 7our mail server*
%o"nloa$ing an$ #ns!alling mil!er8gre7lis!
Mos! ,e$Ha! an$ Fe$ora Linux sof!"are =ro$uc! =ackages are availa&le in !he ,1M forma!A "hereas %e&ian an$ (&un!u Linux use %.> forma! ins!alla!ion files* When searching for !hese =ackages remem&er !ha! !he filename usuall7 s!ar!s "i!h !he sof!"are =ackage name an$ is follo"e$ &7 a version num&erA as in mil!er8gre7lis!8+*2*281+::*fc1+*x52F2+*r=m* DFor hel= on $o"nloa$ing an$ ins!alling !he re<uire$ =ackagesA see Cha=!er 2A #ns!alling Linux Sof!"areE* o!e: The mil!er8gre7lis! =ackage is a sen$mail a$$8on an$ $oes no! run as a $aemon* /ou $o have !o res!ar! sen$mail for !he se!!ings !o !ake effec!*
Configuring mil!er8gre7lis!
Configuring mil!er8gre7lis! re<uires !hese four <uick s!e=s: 1* -$$ !he mil!er8gre7lis! s!a!emen!s lis!e$ in !he ,.-%M. file !o 7our 'e!c'mail'sen$mail*mc file:
INPUT_MAIL_FILTER(`greylist',`S=local:/var/milter-greylist/milter-greylist.sock') define(`confMILTER_MACROS_CONNECT', `j, {if_addr}') define(`confMILTER_MACROS_HELO', `{verify}, {cert_subject}') define(`confMILTER_MACROS_ENVFROM', `i, {auth_authen}') define(`confMILTER_MACROS_ENVRCPT', `{greylist}')
2* The =revious s!e= reference$ !he file 'var'mil!er8gre7lis!'mil!er8gre7lis!*sock "hich no" has !o &e crea!e$ an$ o"ne$ &7 !he grmil!er user* /ou can $o !his &7 firs! searching for !he grmil!er user in 'e!c'=ass"$A !o $ou&le check !ha! !he user firs! exis!s an$ !ha! !he $irec!or7 is o"ne$ &7 !his user also* ex! crea!e !he file an$ change i!s o"nershi=* The me!ho$ can &e seen here*
[root@bigboy tmp]# grep grey /etc/passwd grmilter:x:495:494:Greylist-milter user:/var/lib/milter-greylist:/sbin/nologin [root@bigboy tmp]# touch /var/lib/milter-greylist/milter-greylist.sock [root@bigboy tmp]# chown grmilter:grmilter \ /var/lib/milter-greylist/milter-greylist.sock [root@bigboy tmp]# ll /var/lib/milter-greylist/milter-greylist.sock -rw-r--r-- 1 grmilter grmilter 0 Dec 12 00:26 /var/lib/milter-greylist/milter-greylist.sock [root@bigboy tmp]#
)* Configure 6re7lis! !o s!ar! au!oma!icall7 on re&oo!* Fe$ora ' Cen!OS ' ,e$Ha!
[root@bigboy tmp]# chkconfig spamassassin on
(&un!u ' %e&ian
user@ubuntu:~$ sudo sysv-rc-conf spamassassin on
+* .$i! !he 'e!c'mail'gre7lis!*conf configura!ion file* Here "e se! !he V!r7 again la!erW !o five minu!es an$ use !he "hi!elis! comman$ !o $eac!iva!e !he !imer for !rus!e$ ne!"orks so !ha! mail is $elivere$ imme$ia!el7*
# # File: /etc/mail/greylist.conf # # How long a client has to wait before we accept # the messages it retries to send. Here, 1 hour. # greylist 5m # # Whitelist addresses within my own home/office network # acl whitelist addr 192.168.0.0/16
0* ,un !he ac!iva!e8sen$mail*sh scri=! for !he ne" se!!ings !o !ake effec!* /our ne" s=am mi!iga!ion !ool shoul$ no" &e full7 func!ional* /ou are rea$7 !o goQ
Configuring mil!er8gre7lis!
o" !ha! "e have mil!er8gre7lis! ins!alle$A "e nee$ !o &e a&le !o $o some &asic !rou&leshoo!ing* The 'var'log'maillog file shoul$ &e use$ !o $e!ermine "ha! is ha==ening !o 7our mail* Here are !"o sam=les of "ha! !o ex=ec!:
Dec 24 00:32:31 bigboy sendmail[28847]: jBO8WVnG028847: Milter: to=<[email protected]>, reject=451 4.7.1 Greylisting in action, please come back in 00:05:00 Dec 23 20:40:21 bigboy milter-greylist: jBO4eF2m027418: addr 211.115.216.225 from <[email protected]> rcpt <[email protected]>: autowhitelisted for 24:00:00
#n !he firs! en!r7A !he email receive$ is given a !ag DR>O5W@n6:255+4E &ase$ on ke7 charac!eris!ics in !he mail hea$er an$ a re<ues! is sen! !o !he sen$er !o resen$ !he email in five minu!es* -n7 email !ha! is receive$ "i!h !he same calcula!e$ ke7 "i!hin !he au!o"hi!e =erio$ configure$ in !he gre7lis!*conf file "ill !hen &e au!oma!icall7 acce=!e$ "i!hou! $ela7* #n !he secon$ en!r7A !he email has &een resen! an$ imme$ia!el7 acce=!e$* -n7 o!her email from !ha! source "i!hin !he nex! 2+ hours "ill &e acce=!e$ "i!hou! $ela7* o!e: 6re7lis!ing is ver7 effec!iveA &u! 7ou "ill have !o !ne i!s o=era!ion !o make sure cri!ical emails are no! $ela7e$ a! all* One solu!on is !o se! !he au!o"hi!e =erio$ in 'e!c'mail'gre7lis!*conf !o sligh!l7 more !han 2+ hours es=eciall7 if 7ou ge! mail from cer!ain reci=ien!sA such as ne"sle!!ersA on a $ail7 &asis* This makes !hem arrive "i!hou! in!erru=!ion*
- Sim=le 1.,L Scri=! To Hel= S!o= S1-M
>lacklis!s "on3! s!o= ever7!hingA &u! 7ou can limi! !he amoun! of unsolici!e$ s=am 7ou receive &7 "ri!ing a small scri=! !o in!erce=! 7our mail &efore i! is "ri!!en !o 7our mail&ox* This is fairl7 sim=le !o $oA &ecause sen$mail al"a7s checks !he *for"ar$ file in 7our home $irec!or7 for !he name of !his scri=!* The sen$mail =rogram !hen looks for !he filename in !he $irec!or7 'e!c'smrsh an$ execu!es i!* >7 $efaul!A 1.,L $oesn3! come "i!h mo$ules !ha! are a&le !o check e8mail hea$ers an$ envelo=es so 7ou have !o $o"nloa$ !hem from C1- D"""*c=an*orgE* The mos! im=or!an! mo$ules are: MailTools #O8S!ring7 M#M.8!ools Mail8-u$i! # have "ri!!en a scri=! calle$ mail8fil!er*=l !ha! effec!ivel7 fil!ers ou! s=am e8mail for m7 home s7s!em* - fe" s!e=s are re<uire$ !o make !he scri=! "ork: 1* #ns!all 1.,L an$ !he 1.,L mo$ules 7ou $o"nloa$e$ from C1- * 2* 1lace an execu!a&le version of !he scri=! in 7our home $irec!or7 an$ mo$if7 !he scri=!3s XF#L.1-TH varia&le =oin! !o 7our home $irec!or7* )* (=$a!e file mail8fil!er*acce=!A "hich s=ecifies !he su&Rec!s an$ e8mail a$$resses !o acce=!A an$ file mail8fil!er*reRec!A "hich s=ecifies !hose !o reRec!* +* (=$a!e 7our *for"ar$ file an$ =lace an en!r7 in 'e!c'smrsh* Mail8fil!er firs! reRec!s all e8mail &ase$ on !he reRec! file an$ !hen acce=!s all mail foun$ in !he acce=! file* #! !hen $enies ever7!hing else* For a sim=le scri=! "i!h ins!ruc!ions on ho" !o ins!all !he 1.,L mo$ulesA see -==en$ix ##A GCo$esA Scri=!sA an$ Configura!ionsG*
11 of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
Configuring /our %oveco! 1O1 ' #M-1 Mail Server
.ach user on 7our Linux &ox "ill ge! mail sen! !o !heir accoun!3s mail fol$erA &u! sen$mail Rus! han$les mail sen! !o 7our m78si!e*com $omain* #f 7ou "an! !o re!rieve !he mail from 7our Linux &ox3s user accoun! using a mail clien! such as .volu!ionA Microsof! Ou!look or Ou!look .x=ressA !hen 7ou have a fe" more s!e=s* /ou3ll also have !o make 7our Linux &ox a 1O1 mail server* Linux comes "i!h !he eas7 !o use $oveco! #M-1'1O1 server =ackage "hich re<uires ver7 li!!le configura!ion af!er ins!alla!ion*
#ns!alling %oveco!
Mos! ,e$Ha! an$ Fe$ora Linux sof!"are =ro$uc! =ackages are availa&le in !he ,1M forma!A "hereas %e&ian an$ (&un!u Linux use %.> forma! ins!alla!ion files* When searching for !hese =ackages remem&er !ha! !he filename usuall7 s!ar!s "i!h !he sof!"are =ackage name an$ is follo"e$ &7 a version num&erA as in $oveco!8:*99*1181*FC)*+*i)52*r=m* DFor hel= on $o"nloa$ing an$ ins!alling !he re<uire$ =ackagesA see Cha=!er 2A #ns!alling Linux Sof!"areE*
S!ar!ing %oveco!
The me!ho$ologies var7 $e=en$ing on !he varian! of Linux 7ou are using as 7ou?ll see nex!* Fe$ora ' Cen!OS ' ,e$Ha! Wi!h !hese flavors of Linux 7ou can use !he chkconfig comman$ !o ge! $oveco! configure$ !o s!ar! a! &oo!:
[root@bigboy tmp]# chkconfig dovecot on
To s!ar!A s!o=A an$ res!ar! $oveco! af!er &oo!ing use !he service comman$:
[root@bigboy tmp]# service dovecot start [root@bigboy tmp]# service dovecot stop [root@bigboy tmp]# service dovecot restart
To $e!ermine "he!her $oveco! is running 7ou can issue ei!her of !hese !"o comman$s* The firs! "ill give a s!a!us message* The secon$ "ill re!urn !he =rocess #% num&ers of !he $oveco! $aemons*
[root@bigboy tmp]# service dovecot status [root@bigboy tmp]# pgrep spam
o!e: ,emem&er !o run !he chkconfig comman$ a! leas! once !o ensure $oveco! s!ar!s au!oma!icall7 on 7our nex! re&oo!* (&un!u ' %e&ian Wi!h !hese flavors of Linux !he comman$s are $ifferen!* Tr7 ins!alling !he s7sv8rc8conf an$ s7svini!8u!ils %.> =ackages as !he7 =rovi$e comman$s !ha! sim=lif7 !he =rocess* DFor hel= on $o"nloa$ing an$ ins!alling !he =ackagesA see Cha=!er 2A #ns!alling Linux Sof!"areE /ou can use !he s7sv8rc8conf comman$ !o ge! $oveco! configure$ !o s!ar! a! &oo!:
user@ubuntu:~$ sudo sysv-rc-conf dovecot on
To s!ar!A s!o=A an$ res!ar! $oveco! af!er &oo!ing !he service comman$ is !he same:
user@ubuntu:~$ sudo service dovecot start user@ubuntu:~$ sudo service dovecot stop user@ubuntu:~$ sudo service dovecot restart
To $e!ermine "he!her $oveco! is running 7ou can issue ei!her of !hese !"o comman$s* The firs! "ill give a s!a!us message* The secon$ "ill re!urn !he =rocess #% num&ers of !he $oveco! $aemons*
user@ubuntu:~$ sudo service dovecot status user@ubuntu:~$ pgrep dovecot
o!e: ,emem&er !o run !he s7sv8rc8conf comman$ a! leas! once !o ensure $oveco! s!ar!s au!oma!icall7 on 7our nex! re&oo!*
%oveco! Configura!ion Files
/ou can $efine mos! of %oveco!3s configura!ion =arame!ers in !he $oveco!*conf file "hich ma7 &e loca!e$ in ei!her !he 'e!c or 'e!c'$oveco! $irec!or7 $e=en$ing on 7our version of Linux* ,emem&er !o res!ar! %oveco! af!er 7ou make an7 changes !o 7our configura!ion files* This is !he onl7 "a7 !o ac!iva!e !he ne" se!!ings*
Choice of 1ro!ocols
/ou can selec! one of !"o =ro!ocols in 7our %oveco! configura!ion: #M-1 an$ 1O1)* Wi!h 1O1) 7our mail is $o"nloa$e$ !o 7our com=u!er so !ha! 7ou can "ork "i!h i! offline* #f 7ou access an$ re=l7 !o 1O1) mail from $ifferen! com=u!ers i! "ill &e $ifficul! !o ge! a com=le!e =ic!ure of some !hrea$s as !he re=lies sen! on one com=u!er "on?! &e visi&le on !he o!her* Wi!h #M-1 7our mail al"a7s remains on 7our mail server "hich elimina!es !his =ro&lem* #! also allo"s 7ou !o crea!e fol$ers for 7our email "hich makes i! eas7 !o organiBe 7our e8mail an$ access i! from an7"here* .ach of !hese =ro!ocols o=era!e on a $ifferen! TC1 =or! as sho"n in Ta&le 2181*
1ro!ocol TC1 1or! 1O1 1O1S #M-1 #M-1S 11: 990 1+) 99)
This informa!ion "ill &e re<uire$ for 7our configura!ion file as 7ou "ill soon see* /ou shoul$ also make sure 7our fire"all rules allo" !raffic !o access 7our server on !hese =or!s*
@ersion 1*x
#n !his versionA %oveco! "oul$ &7 $efaul! ac! as a server for #M-1A secure encr7=!e$ #M-1 D#M-1SEA 1O1 an$ secure encr7=!e$ 1O1 D1O1SE* /ou coul$ limi! !his lis! &7 e$i!ing !he =ro!ocols line in !he 'e!c'$oveco!*conf file an$ !hen res!ar!ing $oveco! for !he change !o !ake effec!*#n !he exam=le &elo" $oveco! is configure$ !o serve onl7 1O1)* o!e: (nfor!una!el7 !he 1O1) an$ #M-1 =ro!ocols sen$ 7our username an$ =ass"or$ unencr7=!e$ "hich ex=oses 7our users !o a!!acks* %oveco! ex=ec!s 7ou !o use !he more secure 1O1)S or #M-1S me!ho$s an$ !herefore $isa&les !he use of =lain !ex! =ass"or$s &7 $efaul!* To ena&le !he acce=!ance of =lain !ex! au!hen!ica!ion !he $isa&leF=lain!ex!Fau!h comman$ nee$s !o &e se! !o VnoWA as !he exam=le also sho"s*
# # File /etc/dovecot.conf sample # # Protocols we want to be serving imap imaps pop3 pop3s #protocols = imap imaps pop3 pop3s protocols = pop3 disable_plaintext_auth = no
/ou shoul$ al"a7s !r7 !o use secure 1O1)S or #M-1S for &e!!er =eace of min$* More $e!ails on ho" !o $o !his "i!h ne"er versions of %oveco! "ill &e covere$ nex!*
12 of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
@ersion 2*x an$ e"er
#n more recen! versionsA !he s7n!ax of !he $oveco!*conf s!a!emen!s use$ !o $efine =ro!ocols has change$* >o!h 1O1) an$ #M-1 se!!ings are configure$ in a service sec!ion an$ 7ou can $efine !he #1 a$$resses each shoul$ use an$ !he TC1 =or!s on "hich !he7 shoul$ lis!en* #n !his exam=leA "e have $isa&le$ #M-1S an$ 1O1) &7 se!!ing !heir ine!Flis!ener =or!s !o Bero* 1O1)S is "orking on a$$ress 192*125*1*1:: "hile #M-1 "orks on !he localhos! a$$ress 124*:*:*1* >o!h 1O1)S an$ #M-1 lis!en on !heir res=ec!ive TC1 =or!s*
# Required to make POPS / IMAPS to work with certificates ssl = yes
service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 995 address = 192.168.1.100 } } service imap-login { inet_listener imap { address = 127.0.0.1 port = 143 } inet_listener imaps { port = 0 } }
#M-1S an$ 1O1)S commonl7 rel7 on !he use of SSL cer!ifica!es for encr7=!ion* /ou make %oveco! a"are !ha! 7ou in!en$ !o use !his me!ho$ "i!h !he ssl comman$* This is also sho"n in !he exam=le* #! is an im=or!an! s!e=* o!e: -l"a7s remem&er !o res!ar! %oveco! in or$er for !hese se!!ings !o !ake effec!*
@erifi7ing Whe!her %oveco! is Lis!ening
/ou can !hen use !he ne!s!a! comman$ !o $o a sim=le =reliminar7 !es! !o make sure $oveco! is lis!ening on !he correc! =or!s* #n !his exam=le "e see !ha! #M-1 is lis!ening on localhos! an$ 1O1S is lis!ening on !he #C #1 a$$ress of server &ig&o7* #! =roof !ha! our configura!ion "orks*
[root@bigboy tmp]# netstat -ta | egrep -i 'pop|imap' tcp 0 0 localhost:imap *:* tcp 0 0 bigboy:pop3s *:* [root@bigboy tmp]#
LISTEN LISTEN
#! is of!en insufficien! !o use !his as 7our onl7 !es!* Tr7 using !he !elne! comman$ from ano!her loca!ion !o verif7 !ha! remo!e clien! can con!ac! 7our mail server on !he correc! =or!s* #f !he7 canno!A 7ou ma7 have a rou!ing or fire"all issueA or $oveco! ma7 no! &e running* #n !his exam=le "e are !es!ing on !he 1O1S =or!A 990*
[root@bigboy tmp]# telnet mail.my-site.com 995 Trying 192.168.1.100... Connected to mail.simiya.com. Escape character is '^]'. ^] telnet> quit Connection closed. [root@bigboy tmp]#
Connec!ion =ro&lems coul$ also &e !he resul! of !7=ical ne!"ork issues ou!line$ in Cha=!er +A GSim=le e!"ork Trou&leshoo!ingG* ,evie" !his cha=!er if 7ou fin$ 7ourself having =ro&lems rela!e$ !o &asic connec!ivi!7*
Configuring SSL Cer!ifica!es for 1O1)S an$ #M-1S
-s men!ione$ =reviousl7A "hen configuring 1O1)S an$ #M-1S 7ou nee$ !o le! %oveco! kno" "here 7our cer!ifica!es are* >7 $efaul! !he cer!ifica!es are name$ $oveco!*=em an$ references !o !hem shoul$ &e foun$ in 7our $oveco!*conf file or one of i!s $augh!er configura!ion files in !he 'e!c'$oveco!'conf*$ $irec!or7*The configura!ion shoul$ look like !his*
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem
/ou can verif7 !hese comman$s are lis!e$ in 7our %oveco! configura!ion file !ree* This can &e $one "i!h a sim=le recursive gre= comman$ "hich searches 'e!c'$oveco! an$ i!s su&$irec!ories for files "i!h !he s!ring $oveco!*=em in !hem* #n !his case !he s!a!emen!s are foun$ in !he 1:8ssl*conf file in !he 'e!c'$oveco!'conf*$ $irec!or7*
[root@bigboy tmp]# grep -ir dovecot.pem /etc/dovecot/ /etc/dovecot/conf.d/10-ssl.conf:ssl_cert = </etc/pki/dovecot/certs/dovecot.pem /etc/dovecot/conf.d/10-ssl.conf:ssl_key = </etc/pki/dovecot/private/dovecot.pem [root@bigboy tmp]#
-f!er fin$ing !he references 7ou shoul$ verif7 !ha! !he files exis!* This can &e $one "i!h !he loca!e comman$* Here "e see !he file loca!ions =reviousl7 lis!e$ in !he configura!ion file ma!ch files !ha! ac!uall7 resi$e in !he files7s!em*
[root@bigboy tmp]# locate dovecot.pem /etc/pki/dovecot/certs/dovecot.pem /etc/pki/dovecot/private/dovecot.pem [root@bigboy tmp]#
Wha! $o 7ou $o if 7ou $on?! have !hese files; %on?! "orr7A 7ou can easil7 crea!e !hem an$ !his "ill &e covere$ nex!*
Configuring SSL Cer!ifica!es for 1O1)S an$ #M-1S
Wha! $o 7ou $o if 7ou $on?! have !hese files; %on?! "orr7A 7ou can easil7 crea!e !hem an$ !his "ill &e covere$ nex!* The mkcer!*sh file "ill genera!e 7our %oveco! cer!ifica!es for 7ou using !he $a!a configure$ in !he $oveco!8o=enssl*cnf file* /ou can use !he loca!e comman$ !o fin$ &o!h files*
[root@bigboy tmp]# locate mkcert.sh /usr/libexec/dovecot/mkcert.sh [root@bigboy tmp]# locate dovecot-openssl.cnf /etc/pki/dovecot/dovecot-openssl.cnf [root@bigboy tmp]#
Though !he con!en!s of !he $oveco!8o=enssl*cnf file "ill &e sufficien! !o gen!era!e !he SSL cer!ifica!esA 7ou ma7 "an! !o cus!omiBe i! !o mee! !he nee$s of 7our organiBa!ion as seen here*
# # File: dovecot-openssl.cnf # [ req_dn ] # country (2 letter code) C=US # State or Province Name (full name) ST=California # Locality Name (eg. city) L=San Francisco # Organization (eg. company) O=My-Site Inc # Organizational Unit Name (eg. section) OU=My-Site IT Department # Common Name (*.example.com is also possible) CN=mail.my-site.com # E-mail contact [email protected]
The nex! s!e= is !o !un !he mkcer!*sh scri=! an$ make sure !he ke7s are in !he righ! loca!ion*
1) of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
[root@bigboy tmp]# /usr/libexec/dovecot/mkcert.sh Generating a 1024 bit RSA private key ...........++++++ ......................++++++ writing new private key to '/etc/pki/dovecot/private/dovecot.pem' ----subject= /OU=My-Site IT Department/CN=mail.my-site.com/[email protected] SHA1 Fingerprint=A0:F9:95:1B:90:21:B9:B2:45:5B:CC:DF:20:2C:9E:25:74:69:F1:DD [root@bigboy tmp]#
o" !ha! 7our cer!ifica!es have &een crea!e$ 7ou shoul$ &e rea$7 !o s!ar! serving secure email !o 7our users* %oveco! uses i!s o"n cer!ifica!es an$ !he me!ho$ $escri&e$ here sho"s 7ou ho" !o crea!e 7our o"n* #f 7ou are =ar! of an en!er=rise "i!h i!s o"n $omainA 7ou shoul$ inves! in ge!!ing 7our SSL cer!ifica!es crea!e$ &7 an official cer!ifica!e au!hori!7 like @erisign* -ll email clien!s recogniBe organiBa!ions like !hese an$ "ill o=era!e using 1O1S an$ #M-1S "i!hou! $is=la7ing an error message s!a!ing !ha! !he cer!ifica!e comes from an un!rus!e$ source* For a$$i!ional securi!7 7ou can ins!all a se=ara!e cer!ifica!e on all !he clien! com=u!ers an$ configure %oveco! !o onl7 in!erac! "i!h clien!s !hese kno"n cre$en!ials* Ho" $o !his is &e7on$ !he sco=e of !his &ookA &u! shoul$ &e inves!iga!e$ !o re$uce 7our securi!7 risk*
%oveco! Mail&oxes
Though sen$mail sen$s 7our email !o a local user accoun!A Linux ma7 s!ore !he con!en! of !he mail in one of man7 forma!s* T"o common me!ho$s are m&ox an$ mail$ir* %oveco! uses !he mailFloca!ion $irec!ive !o $efine !he !7=e of mail forma! an$ !he loca!ion of i!s files* This $irec!ive ma7 &e foun$ in ei!her 7our $oveco!*conf file or one of i!s $augh!er configura!ion files in !he 'e!c'$oveco!'conf*$ $irec!or7* #! ma7 also &e commen!e$ ou!* @erif7 !ha! !hese $irec!ives are lis!e$ in 7our %oveco! configura!ion file !ree* This can &e $one "i!h a sim=le recursive gre= comman$ "hich searches 'e!c'$oveco! an$ i!s su&$irec!ories for files "i!h !he s!ring mailFloca!ion in !hem* #n !his case !he s!a!emen!s are foun$ in !he 1:8mail*conf file in !he 'e!c'$oveco!'conf*$ $irec!or7*
[root@bigboy tmp]# grep -ir mail_location /etc/dovecot /etc/dovecot/conf.d/10-mail.conf:# mail_location = maildir:~/Maildir /etc/dovecot/conf.d/10-mail.conf:# mail_location = mbox:~/mail:INBOX=/var/mail/%u /etc/dovecot/conf.d/10-mail.conf:# mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n /etc/dovecot/conf.d/10-mail.conf:#mail_location = /etc/dovecot/conf.d/10-mail.conf:#mail_location = mbox:~/mail:INBOX=/var/mail/%u [root@bigboy tmp]#
#f 7ou look closel7A 7ou "ill no!ice !ha! !he references are all commen!e$ ou!* The follo"ing sec!ions "ill sho" 7ou ho" !o $e!ermine "hich me!ho$ !o use* #f 7ou selec! !he incorrec! me!ho$A !hen 7ou "on?! &e a&le !o $o"nloa$ 7our mailA &ecause %oveco! "ill &e looking for i! in !he "rong loca!ionQ
Configuring %oveco! for m&ox
M&ox mail is s!ore$ in !he $irec!or7 'var'mail* .ach user is assigne$ a single file !ha! con!ains all !heir mail an$ !he filename is !he same as Linux username* #f !here are files in 'var'mailA as seen &elo"A 7ou are mos! likel7 using !he m&ox me!ho$*
[root@bigboy tmp]# ls /var/mail/ user1 user2 user3 user4 user5 user6 user7 user8 user9 [root@bigboy tmp]#
The configura!ion for m&ox re<uires !he a$$i!ion of !his line !o 7our $oveco!*conf fileA or as in our caseA uncommen!ing a similar line from !he 1:8mail*conf file* .i!her me!ho$ "ill "ork*
mail_location = mbox:~/mail:INBOX=/var/mail/%u
o!e: ,emem&er !o res!ar! %oveco! for !his se!!ing !o &e ac!iva!e$* o" i! is !ime !o !ake a look a! !he mail$ir me!ho$*
Configuring %oveco! for mail$ir
Mail$ir mails are almos! al"a7s s!ore$ in a Y'Mail$ir' $irec!or7 in !he users? home $irec!or7* (nlike !he m&ox me!ho$A "i!h mail$ir each mail is s!ore$ in a se=ara!e file* To configure %oveco! for 7our mail$ir mailA use !his $irec!ive:
mail_location = maildir:~/Maildir
o!e: ,emem&er !o res!ar! %oveco! for !his se!!ing !o &e ac!iva!e$* /ou are $oneQ Tha! "as eas7* %ifferen! $is!ri&u!ions of Linux use $iffering me!ho$s of s!oring email* #f nei!her m&ox or mail$ir seems !o &e !he me!ho$ 7our s7s!em is using !hen check !he %oveco! "e&si!e a! $oveco!*org for fur!her $e!ails*
Configuring /our Mail Clien!s
>7 $efaul! 7our 1O1 ' #M-1 e8mail accoun!s "ill &e !he regular Linux user accoun!s in "hich sen$mail has $e=osi!e$ mail* /ou can no" configure 7our e8mail clien! !o use 7our use 7our ne" mail server <ui!e easil7* For exam=le !o configure 1O1S MailA se! 7our 1O1S mail server in !he clien! =rogram !o &e !he #1 a$$ress of 7our Linux mail server* (se 7our Linux user username an$ =ass"or$ "hen =rom=!e$* #f 7ou are using a self signe$ SSL cer!ifica!eA 7our mail clien! "ill give a "arning an ask "he!her !he cer!ifica!e shoul$ &e acce=!e$* /ou "ill have !o sa7 V7es?* ex!A se! 7our SMT1 mail server !o &e !he #1 a$$ress'$omain name of 7our Linux mail server*
Ho" !o han$le overla==ing email a$$resses*
#f 7ou have user overla=A such as Pohn Smi!h DRohnLm78si!e*comE an$ Pohn >ro"n DRohnLano!her8si!e*comEA &o!h users "ill ge! sen! !o !he Linux user accoun! Rohn &7 $efaul!* /ou have !"o o=!ions for a solu!ion: Make !he user =ar! of !he email a$$ress $ifferen!A Rohn1Lm78si!e*com an$ Rohn2Lano!her8si!e*com for exam=leA an$ crea!e Linux accoun!s Rohn1 an$ Rohn2* #f !he users insis! on overla==ing namesA !hen 7ou ma7 nee$ !o mo$if7 7our vir!user!a&le file* Crea!e !he user accoun!s Rohn1 an$ Rohn2 an$ =oin! vir!user!a&le en!ries for RohnLm78si!e*com !o accoun! Rohn1 an$ =oin! RohnLano!her8si!e*com en!ries !o accoun! Rohn2* The 1O1 configura!ion in Ou!look .x=ress for each user shoul$ re!rieve !heir mail via 1O1 using Rohn1 an$ Rohn2A res=ec!ivel7* Wi!h !his !rick 7ou3ll &e a&le !o han$le man7 users &elonging !o mul!i=le $omains "i!hou! man7 a$$ress overla= =ro&lems*
Trou&leshoo!ing %oveco! Mail
The ver7 firs! !rou&leshoo!ing s!e= is !o $e!ermine "he!her 7our server is accessi&le on !he correc! TC1 =or!s* For exam=leA "i!h 1O1 use TC1 =or! 11: or for 1O1S use =or! of 990* Lack of connec!ivi!7 coul$ &e cause$ &7 a fire"all "i!h incorrec! =ermi!A -TA or =or! for"ar$ing rules !o 7our server* Tes! !his from &o!h insi$e 7our ne!"ork an$ from !he #n!erne!* DTrou&leshoo!ing TC1 "i!h T.L .T is covere$ in Cha=!er +A GSim=le e!"ork Trou&leshoo!ingGE
-l"a7s S!ar! "i!h Logging
Whenever 7ou are in $ou&! !urn on %oveco!?s $e&ugging fea!ures !o reveal more a&ou! "ha! is ha==ening* #n more recen! versions of %oveco!A !he logging sec!ions in $oveco!*conf have &een move$ !o a logging configura!ion file in !he 'e!c'$oveco!'conf*$ $irec!or7* #n !his exam=le !he file is name$ 1:8logging*conf*
[root@bigboy tmp]# ls /etc/dovecot/conf.d/*log* /etc/dovecot/conf.d/10-logging.conf [root@bigboy tmp]#
1+ of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
The file has man7 sec!ions !ha! allo" 7ou !o !urn on ver7 ver&ose $e&ugging level messages for au!hen!ica!ionA SSLA an$ general messaging* #! is an invalua&le source of !rou&leshoo!ing informa!ion* %oveco! logs !o !he 'var'log'maillog file* For $e!ails on se!!ing u= Linux logging refer !o Cha=!er 0A GTrou&leshoo!ing "i!h s7slog*G Here are some goo$ exam=les: #n !his case !he Mail$ir mailFloca!ion me!ho$ "as incorrec!l7 chosen an$ !he ex=ec!e$ mail files "ere no! foun$
Dec Dec 5 20:49:47 bigboy dovecot: pop3(mail-user1): Debug: maildir: access(/home/users/mail-user1/Maildir, rwx): failed: No such file or directory 5 20:49:47 bigboy dovecot: pop3(mail-user1): Debug: maildir: couldn't find root dir
#n !his case %oveco!?s au!o$e!ec!ion me!ho$ faile$ !o $e!ermine !he correc! mailFloca!ion* The $irec!ive ha$ !o &e manuall7 a$$e$*
Dec 5 09:10:26 bigboy dovecot: pop3(mail-user2): Error: user lhn-mail: Initialization failed: mail_location not set and autodetection failed: Mail storage autodetection failed with home=/home/users/mail-user2
Whenever !here is an7 $ou&!A look for !he error message in !he log fileA !r7 !o un$ers!an$ "ha! i! means an$ "ha! coul$ &e $one !o fix !he =ro&lem* ,emem&erA fin$ing hel= for 7our =ro&lem on !he #n!erne! "ill &e much easier if 7ou search for ke7 =ar!s of 7our log message*
Conclusion
.8mail is an im=or!an! =ar! of an7 We& si!eA an$ 7ou nee$ !o =lan i!s configura!ion carefull7 !o make i! a seamless =ar! of !he We& ex=erience of 7our visi!ors* Wi!hou! i!A 7our We& si!e "on3! seem com=le!e* - full7 func!ioning We& si!e is Rus! !he &eginning* #! nee$s !o &e main!aine$ !o re$uce !he risk of failure an$ moni!ore$ !o hel= $e!ec! =o!en!ial =ro&lems* Cha=!er 22A G Moni!oring Server 1erformanceGA $iscusses man7 Linux8&ase$ !ools !ha! 7ou can &e use !o !rack !he heal!h of 7our Linux server* ,e!rieve$ from Gh!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h=;!i!leZQuickFHOWTOF:FCh21F:FConfiguringFLinuxFMailFServersOol$i$Z+))1G
This =age "as las! mo$ifie$ on 1: -ugus! 2:12A a! :2:29* Con!en! is availa&le un$er -!!ri&u!ion8 onCommercial8 o%erivs 2*0 *
10 of 10
15':+'2:1+ 0:14 1M
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
Home1urchase 1%FsForums-&ou! Home
219 More
Quick HOWTO : Ch21 : Configuring Linux Mail Servers
From Linux Home e!"orking
Con!en!s
1 #n!ro$uc!ion 2 %e&ian ' (&un!u %ifferences ) Configuring Sen$mail )*1 Ho" Sen$mail Works )*1*1 #ncoming Mail )*1*2 Ou!going Mail )*1*) Sen$mail Macros )*2 #ns!alling Sen$mail )*) Managing !he sen$mail Server )*+ Ho" To ,es!ar! Sen$mail -f!er .$i!ing /our Configura!ion Files )*0 The 'e!c'mail'sen$mail*mc File )*0*1 Ho" !o 1u! Commen!s in sen$mal*mc )*2 Configuring % S for sen$mail )*2*1 Configure /our Mail Server3s ame #n % S )*2*2 Configure The 'e!c'resolv*conf File )*2*) The 'e!c'hos!s File )*4 Ho" To Configure Linux Sen$mail Clien!s )*5 Conver!ing From a Mail Clien! !o a Mail Server )*5*1 - 6eneral 6ui$e To (sing The sen$mail*mc File )*5*2 The 'e!c'mail'rela78$omains File )*9 The 'e!c'mail'access File )*9*1 The 'e!c'mail'local8hos!8names File )*1: Which (ser Shoul$ ,eall7 ,eceive The Mail; )*1:*1 The 'e!c'mail'vir!user!a&le file )*1:*2 The 'e!c'aliases File )*11 Sen$mail Mas<uera$ing .x=laine$ )*11*1 Configuring mas<uera$ing )*11*2 Tes!ing Mas<uera$ing )*11*) O!her Mas<uera$ing o!es )*12 (sing Sen$mail !o Change !he Sen$er3s .mail -$$ress )*1) Trou&leshoo!ing Sen$mail )*1)*1 Tes!ing TC1 connec!ivi!7 )*1)*2 Fur!her Tes!ing of TC1 connec!ivi!7 )*1)*) The 'var'log'maillog File )*1)*+ Common .rrors %ue To #ncom=le!e ,1M #ns!alla!ion )*1)*0 #ncorrec!l7 Configure$ 'e!c'hos!s Files + Figh!ing S1-M +*1 (sing 1u&lic S1-M >lacklis!s Wi!h Sen$mail +*2 S=amassassin +*2*1 %o"nloa$ing -n$ #ns!alling S=amassassin +*2*2 Managing !he s=amassassin Server +*2*) Configuring =rocmail for s=amassassin +*2*+ Configuring S=amassassin +*2*0 Tes!ing s=amassassin +*2*2 Tuning s=amassassin +*2*4 (=$a!ing S=amassassin?s >uil!8in ,ules +*) (sing 6re7lis!ing +*)*1 %o"nloa$ing an$ #ns!alling mil!er8gre7lis! +*)*2 Configuring mil!er8gre7lis! +*)*) Configuring mil!er8gre7lis! +*+ - Sim=le 1.,L Scri=! To Hel= S!o= S1-M 0 Configuring /our %oveco! 1O1 ' #M-1 Mail Server 0*1 #ns!alling %oveco! 0*2 S!ar!ing %oveco! 0*) %oveco! Configura!ion Files 0*+ Choice of 1ro!ocols 0*+*1 @ersion 1*x 0*+*2 @ersion 2*x an$ e"er 0*0 @erifi7ing Whe!her %oveco! is Lis!ening 0*2 Configuring SSL Cer!ifica!es for 1O1)S an$ #M-1S 0*2*1 Configuring SSL Cer!ifica!es for 1O1)S an$ #M-1S 0*4 %oveco! Mail&oxes 0*4*1 Configuring %oveco! for m&ox
Linux DMin!E can3! access Fe$ora Server DLinux LH Linux Forums 8 La!es! Threa$s #n!ro$uc!ion !o e!"orking Linux e!"orking Sim=le e!"ork Trou&leshoo!ing Trou&leshoo!ing Linux "i!h S7slog #ns!alling Linux Sof!"are The Linux >oo! 1rocess Configuring !he %HC1 Server Linux (sers an$ su$o Win$o"sA Linux an$ Sam&a Sharing ,esources "i!h Sam&a Sam&a Securi!7 an$ Trou&leshoo!ing Linux Wireless e!"orking Linux Fire"alls (sing i=!a&les Linux FT1 Server Se!u= Telne!A TFT1 an$ xine!$ Secure ,emo!e Logins an$ File Co=7ing Configuring % S %7namic % S The -=ache We& Server Configuring Linux Mail Servers Moni!oring Server 1erformance -$vance$ M,T6 For Linux The T1 Server e!"ork8>ase$ Linux #ns!alla!ion Linux Sof!"are ,-#% .x=an$ing %isk Ca=aci!7 Managing %isk (sage "i!h Quo!as ,emo!e %isk -ccess "i!h FS Configuring #S Cen!raliBe$ Logins (sing L%-1 an$ ,-%#(S Con!rolling We& -ccess "i!h S<ui$ Mo$if7ing !he Cernel !o #m=rove 1erformance >asic M7SQL Configura!ion O!her Linux Home e!"orking To=ics
EMC Cloud Advisory
Learn How Pitney Bowes Lowered Costs & Improved Productivity w/EMC by EMC on YouTube
1 of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
0*4*2 Configuring %oveco! for mail$ir 0*5 Configuring /our Mail Clien!s 0*9 Ho" !o han$le overla==ing email a$$resses* 0*1: Trou&leshoo!ing %oveco! Mail 0*1:*1 -l"a7s S!ar! "i!h Logging 2 Conclusion
8 Har$"areA e!"orking O Securi!7E # have a fresh LinuxMin! D(&un!u varian!E ins!all on m7 la=!o=A an$ nee$ !o access !he music files on m7 @or!ex&ox a==liance running Fe$ora* # can*** 1ro&lem "i!h Cisco .HW#C8+.S6 D6eneral Cha!E Pus! "on$ering if !he .HW#C8+.S6 D(,L &e use$ in a Cisco 5:: rou!er*# "an! !o a$$ a! leas! one*** (&un!u 12*:+ LTS Se!!ing (= e!"ork
#n!ro$uc!ion
.mail is an im=or!an! =ar! of an7 We& si!e 7ou crea!e* #n a home environmen!A a free "e& &ase$ email service ma7 &e sufficien!A &u! if 7ou are running a &usinessA !hen a $e$ica!e$ mail server "ill =ro&a&l7 &e re<uire$* This cha=!er "ill sho" 7ou ho" !o use sen$mail !o crea!e a mail server !ha! "ill rela7 7our mail !o a remo!e user3s mail&ox or incoming mail !o a local mail &ox* /ou3ll also learn ho" !o re!rieve an$ sen$ mail via 7our mail server using a "i!h mail clien! such as Ou!look .x=ress or .volu!ion*
&e!"een K='4 an$ (&un!u 12*:+LTS DLinux 8 Har$"areA e!"orking O Securi!7E i am a -&solu!e e"&ie a! Linux i "oul$ like !o have i! "here !he "in$o"s com=u!ers see an$ !ransfer files "i!h !he linux &ox an$ see an$ !ransfer*** Cisco Ca!al7s! 292:K .!herne! S"i!ch D6eneral Cha!E G# "an! !o &u7 Ca!al7s! 292:8K series s"i!ches like WS8C292:K82+1S8LAWS8C292:K8 2+1%8LA &u7 #3m no! ver7 "ell kno" a&ou! c292:x series* Can someone*** Linux v=n clien! DLinux 8 Sof!"areA -==lica!ions O 1rogrammingE Our com=an7 has one v=n serverAi! is C#SCO29:1'C9 rou!er* We can conn!ec! i! "i!h cisco v=n !ools in "in$o"s machine*>u! a&ou! linux clien!A "e have*** orihan Tali& HereQ D6eneral Cha!E Hello .ver7one m7 name is orihan Tali& i Roine$ !his forum !o make ne" connec!ions on frien$s see 7ou all on !he &oar$s 1eni=u %r* O&ai$ >usi! Legal Consul!an!sQ ne" mem&er =os!** D6eneral Cha!E Hello !o all forum mem&ers**** # am %r* O&ai$ >usi! ne" mem&er hereQ Ho=e ever7one is fine an$ enRo7 &eing hereQ ,egar$s %r* O&ai$ >usi! hani $al<amouni hereQ D6eneral Cha!E hello ever7&o$7Q i am hani $al<amouni*** i am ne" !o !his forum ann$ i am ha==7 !o Roin here !o mee! ne" frien$s an$ !o sahre in!eres!s "i!h 7ou*** >es! "a7 !o kno" Cisco Ca!al7s! 2+81or! e!"ork S"i!ch WS8C292:82+TC8L DLinux 8 Har$"areA e!"orking O Securi!7E Cisco 292:8S s"i!ches are !he lea$ing fixe$8 configura!ion La7er 2 e$ge access s"i!ches an$ 292:8S mos! =or!s are 6.*The Ca!al7s! 292:8S Series*** hello**,o&er! %i$iana here** D6eneral Cha!E iam gla$ !o &e a =ar! of !his forum i! seems like a =re!!7 cool communi!7 !ha! is ran here an$ # can !ell !here3s goo$ a$minis!ra!ion Rus! &7*** Pack ,afael 6oro$eBk7 Mirsk7 ne"&ie hereQ D6eneral Cha!E M7 name is Pack ,afael 6oro$eBk7 as 7ou can see i am a ne" mem&er of !he forum* # am in!eres!e$ !o mee! ne" like
%e&ian ' (&un!u %ifferences
This cha=!er focuses on Fe$ora ' Cen!OS ' ,e$Ha! for sim=lici!7 of ex=lana!ion* Whenever !here is a $ifference in !he re<uire$ comman$s for %e&ian ' (&un!u varia!ions of Linux i! "ill &e no!e$* The universal $ifference is !ha! !he comman$s sho"n are $one &7 !he Fe$ora ' Cen!OS ' ,e$Ha! roo! user* Wi!h %e&ian ' (&un!u 7ou "ill ei!her have !o &ecome roo! using !he Gsu$o su HG comman$ or 7ou can !em=oraril7 increase 7our =rivilege level !o roo! using !he Gsu$o Icomman$JG comman$* Here is an exam=le of ho" !o =ermanen!l7 &ecome roo!:
user@ubuntu:~$ sudo su [sudo] password for peter: root@ubuntu:~#
Here is an exam=le of ho" !o !em=oraril7 &ecome roo! !o run a s=ecific comman$* The firs! a!!em=! !o ge! a $irec!or7 lis!ing fails $ue !o insufficien! =rivileges* The secon$ a!!em=! succee$s "hen !he su$o ke7"or$ is inser!e$ &efore !he comman$*
user@ubuntu:~$ ls -l /var/lib/mysql/mysql ls: cannot access /var/lib/mysql/mysql: Permission denied user@ubuntu:~$ sudo ls -l /var/lib/mysql/mysql [sudo] password for peter: total 964 -rw-rw---- 1 mysql mysql 8820 2010-12-19 23:09 columns_priv.frm -rw-rw---- 1 mysql mysql 0 2010-12-19 23:09 columns_priv.MYD -rw-rw---- 1 mysql mysql 4096 2010-12-19 23:09 columns_priv.MYI -rw-rw---- 1 mysql mysql 9582 2010-12-19 23:09 db.frm ... ... ... user@ubuntu:~$
o" !ha! 7ou have go! !his s!raigh!A le!?s con!inue "i!h !he $iscussion*
Configuring Sen$mail
One of !he !asks in se!!ing u= % S for 7our $omain Dm78si!e*comE is !o use !he MK recor$ in !he configura!ion Bone file !o s!a!e !he hos!name of !he server !ha! "ill han$le !he mail for !he $omain* The mos! =o=ular (nix mail !rans=or! agen! is sen$mailA &u! o!hersA such as =os!fix an$ <mailA are also gaining =o=ulari!7 "i!h Linux* The s!e=s use$ !o conver! a Linux &ox in!o a sen$mail mail server "ill &e ex=laine$ here*
Ho" Sen$mail Works
-s s!a!e$ &eforeA sen$mail can han$le &o!h incoming an$ ou!going mail for 7our $omain* Take a closer look*
min$e$ =eo=le Cin$ regar$sA***
#ncoming Mail
(suall7 each user in 7our home has a regular Linux accoun! on 7our mail server* Mail sen! !o each of !hese users DusernameLm78si!e*comE even!uall7 arrives a! 7our mail server an$ sen$mail !hen =rocesses i! an$ $e=osi!s i! in !he mail&ox file of !he user3s Linux accoun!* Mail isn3! ac!uall7 sen! $irec!l7 !o !he user3s 1C* (sers re!rieve !heir mail from !he mail server using clien! sof!"areA such as Microsof!3s Ou!look or Ou!look .x=ressA !ha! su==or!s ei!her !he 1O1 or #M-1 mail re!rieval =ro!ocols* Linux users logge$ in!o !he mail server can rea$ !heir mail $irec!l7 using a !ex!8&ase$ clien!A such as mailA or a 6(# clien!A such as .volu!ion* Linux "orks!a!ion users can use !he same =rograms !o access !heir mail remo!el7*
Ou!going Mail
The =rocess is $ifferen! "hen sen$ing mail via !he mail server* 1C an$ Linux "orks!a!ion users configure !heir e8mail sof!"are !o make !he mail server !heir ou!&oun$ SMT1 mail server* #f !he mail is $es!ine$ for a local user in !he m7si!e*com $omainA !hen sen$mail =laces !he message in !ha! =erson3s mail&ox so !ha! !he7 can re!rieve i! using one of !he me!ho$s a&ove* #f !he mail is &eing sen! !o ano!her $omainA sen$mail firs! uses % S !o ge! !he MK recor$ for !he o!her $omain* #! !hen a!!em=!s !o rela7 !he mail !o !he a==ro=ria!e $es!ina!ion mail server using !he Sim=le Mail Trans=or! 1ro!ocol DSMT1E* One of !he main a$van!ages of mail rela7ing is !ha! "hen a 1C user - sen$s mail !o user > on !he #n!erne!A !he 1C of user - can $elega!e !he SMT1 =rocessing !o !he mail server* o!e: #f mail rela7ing is no! configure$ =ro=erl7A !hen 7our mail server coul$ &e comman$eere$ !o rela7 s=am* Sim=le sen$mail securi!7 "ill &e covere$ la!er*
Sen$mail Macros
When mail =asses !hrough a sen$mail server !he mail rou!ing informa!ion in i!s hea$er is anal7Be$A an$ some!imes mo$ifie$A accor$ing !o !he $esires of !he s7s!ems a$minis!ra!or* (sing a series of highl7 com=lica!e$ regular ex=ressions lis!e$ in !he 'e!c'mail'sen$mail*cf fileA sen$mail ins=ec!s !his hea$er an$ !hen ac!s accor$ingl7* #n recogni!ion of !he com=lexi!7 of !he 'e!c'mail'sen$mail*cf fileA a much sim=ler file name$ 'e!c'sen$mail*mc "as crea!e$A an$ i! con!ains more un$ers!an$a&le ins!ruc!ions for s7s!ems a$minis!ra!ors !o use* These are !hen in!er=re!e$ &7 a num&er of macro rou!ines !o crea!e !he sen$mail*cf file* -f!er e$i!ing sen$mail*mcA 7ou mus! al"a7s run !he macros an$ res!ar! sen$mail for !he changes !o !ake effec!* .ach sen$mail*mc $irec!ive s!ar!s "i!h a ke7"or$A such as %OM-# A F.-T(,.A or OST/1.A follo"e$ &7 a su&$irec!ive an$ in some cases argumen!s* - !7=ical exam=le is* -s s!a!e$ &eforeA sen$mail can han$le &o!h incoming an$ ou!going mail for 7our $omain* Take a closer look*
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
The ke7"or$s usuall7 $efine a su&$irec!or7 of 'usr'share'sen$mail8cf in "hich !he macro ma7 &e foun$ an$ !he su&$irec!ive is usuall7 !he name of !he macro file i!self* So in !he exam=leA !he macro name is 'usr'share'sen$mail8cf'fea!ure'vir!user!a&le*m+A an$ !he ins!ruc!ion MN hash 8o 'e!c'mail'vir!user!a&le*$&3 is &eing =asse$ !o i!* o!ice !ha! sen$mail is sensi!ive !o !he <uo!a!ion marks use$ in !he m+ macro $irec!ives* The7 o=en "i!h a grave mark an$ en$ "i!h a single <uo!e*
FEATURE(`masquerade_envelope')dnl
2 of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
Some ke7"or$sA such as $efine for !he $efini!ion of cer!ain sen$mail varia&les an$ M-SQ(.,-%.F%OM-# A have no corres=on$ing $irec!ories "i!h ma!ching macro files* The macros in !he 'usr'share'sen$mail8cf'm+ $irec!or7 $eal "i!h !hese* Once 7ou finish e$i!ing !he sen$mail*mc fileA 7ou can !hen execu!e !he make comman$ "hile in !he 'e!c'mail $irec!or7 !o regenera!e !he ne" sen$mail*cf file*
[root@bigboy tmp]# cd /etc/mail [root@bigboy mail]# make
#f !here have &een no changes !o !he files in 'e!c'mail since !he las! !ime make "as runA !hen 7ou3ll ge! an error like !his:
[root@bigboy mail]# make make: Nothing to be done for `all'. [root@bigboy mail]#
The make comman$ ac!uall7 genera!es !he sen$mail*cf file using !he m+ comman$* The m+ usage is sim=leA 7ou Rus! s=ecif7 !he name of !he macro file as !he argumen!A in !his case sen$mail*mcA an$ re$irec! !he ou!=u!A "hich "oul$ normall7 go !o !he screenA !o !he sen$mail*cf file "i!h !he GJG re$irec!or s7m&ol*
[root@bigboy tmp]# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
#3ll $iscuss man7 of !he fea!ures of !he sen$mail*mc file la!er in !he cha=!er*
#ns!alling Sen$mail
Mos! ,e$Ha! an$ Fe$ora Linux sof!"are =ro$uc! =ackages are availa&le in !he ,1M forma!A "hereas %e&ian an$ (&un!u Linux use %.> forma! ins!alla!ion files* When searching for !hese =ackages remem&er !ha! !he filename usuall7 s!ar!s "i!h !he sof!"are =ackage name an$ is follo"e$ &7 a version num&erA as in sen$mail85*12*1:81*1*1*i)52*r=m* DFor hel= on $o"nloa$ing an$ ins!alling !he re<uire$ =ackagesA see Cha=!er 2A #ns!alling Linux Sof!"areE* o!e: /ou "ill nee$ !o make sure !ha! !he sen$mailA sen$mail8cfA an$ m+ =ackages are ins!alle$*
Managing !he sen$mail Server
Managing !he sen$mail $aemon is eas7 !o $oA &u! !he =roce$ure $iffers &e!"een Linux $is!ri&u!ions* Here are some !hings !o kee= in min$* 1* Firs!l7A $ifferen! Linux $is!ri&u!ions use $ifferen! $aemon managemen! s7s!ems* .ach s7s!em has i!s o"n se! of comman$s !o $o similar o=era!ions* The mos! commonl7 use$ $aemon managemen! s7s!ems are S7s@ an$ S7s!em$* 2* Secon$l7A !he $aemon name nee$s !o &e kno"n* #n !his case !he name of !he $aemon is sen$mail* sen$mail -rme$ "i!h !his informa!ion 7ou can kno" ho" !o: 1* S!ar! 7our $aemons au!oma!icall7 on &oo!ing 2* S!o=A s!ar! an$ res!ar! !hem la!er on $uring !rou&leshoo!ing or "hen a configura!ion file change nee$s !o &e a==lie$* For more $e!ails on !hisA =lease !ake a look a! !he GManaging %aemonsG sec!ion of Cha=!er 2 G#ns!alling Linux Sof!"areG o!e: o!e ,emem&er !o configure 7our $aemon !o s!ar! au!oma!icall7 u=on 7our nex! re&oo!*
Ho" To ,es!ar! Sen$mail -f!er .$i!ing /our Configura!ion Files
#n !his cha=!erA 7ou3ll see !ha! sen$mail uses a varie!7 of configura!ion files !ha! re<uire $ifferen! !rea!men!s for !heir comman$s !o !ake effec!* This li!!le ac!iva!e8sen$mail*sh scri=! enca=sula!es all !he re<uire$ =os! configura!ion s!e=s*
# # Script: /usr/local/bin/activate-sendmail.sh # #!/bin/bash cd /etc/mail /usr/bin/make /usr/bin/newaliases systemctl restart sendmail.service systemctl restart spamassassin.service
#! firs! runs !he make comman$A "hich crea!es a ne" sen$mail*cf file from !he sen$mail*mc file an$ com=iles su==or!ing configura!ion files in !he 'e!c'mail $irec!or7 accor$ing !o !he ins!ruc!ions in !he file 'e!c'mail'Makefile* #! !hen genera!es ne" e8mail aliases "i!h !he ne"aliases comman$A D!his "ill &e covere$ la!erEA an$ !hen res!ar!s sen$mail* The scri=! also res!ar!s s=amassassinA a =ackage !ha! "ill &e $iscusse$ la!er* (se !his comman$ !o make !he scri=! execu!a&le*
[root@bigboy tmp]# chmod 700 /usr/local/bin/activate-sendmail.sh
/ou3ll nee$ !o run !he scri=! each !ime 7ou change an7 of !he sen$mail configura!ion files $escri&e$ in !he sec!ions !o follo"*
[root@bigboy tmp]# /usr/local/bin/activate-sendmail.sh
#n a =ro$uc!ion s7s!em 7ou ma7 "an! !o &e more selec!ive an$ onl7 res!ar! !he s=ecific a==lica!ions on "hich 7ou are "orking* # inclu$e$ all of !hem in !he scri=! so 7ou $on3! forge!*
The 'e!c'mail'sen$mail*mc File
/ou can $efine mos! of sen$mail3s configura!ion =arame!ers in !he 'e!c'mail'sen$mail*mc fileA "hich is !hen use$ &7 !he m+ macros !o crea!e !he 'e!c'mail'sen$mail*cf file* Configura!ion of !he sen$mail*mc file is much sim=ler !han configura!ion of sen$mail*cfA &u! i! is s!ill of!en vie"e$ as an in!imi$a!ing !ask "i!h i!s series of s!ruc!ure$ $irec!ive s!a!emen!s !ha! ge! !he Ro& $one* For!una!el7A in mos! cases 7ou "on3! have !o e$i! !his file ver7 of!en*
Ho" !o 1u! Commen!s in sen$mal*mc
#n mos! Linux configura!ion files a S s7m&ol is use$ a! !he &eginning of a line conver! i! in!o a commen! line or !o $eac!iva!e an7 comman$s !ha! ma7 resi$e on !ha! line* The sen$mail*mc file $oesn3! use !his charac!er for commen!ingA &u! ins!ea$ uses !he s!ring G$nlG* Here are some vali$ exam=les of commen!s use$ "i!h !he sen$mail*mc configura!ion file: These s!a!emen!s are $isa&le$ &7 $nl commen!ing*
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA') dnl # DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
This s!a!emen! is incorrec!l7 $isa&le$:
# DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
This s!a!emen! is ac!ive:
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
o!e: ,emem&er !o run !he ac!iva!e8sen$mail*sh scri=! !o ac!iva!e an7 configura!ion changes*
Configuring % S for sen$mail
) of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
,emem&er !ha! 7ou "ill never receive mail unless 7ou have configure$ % S for 7our $omain !o make 7our ne" Linux &ox mail server !he !arge! of !he % S $omain3s MK recor$* See ei!her Cha=!er 15A GConfiguring % SGA or Cha=!er 19A G%7namic % SGA for $e!ails on ho" !o $o !his*
Configure /our Mail Server3s ame #n % S
/ou firs! nee$ !o make sure !ha! 7our mail server3s name resolves in % S correc!l7* For exam=leA if 7our mail server3s name is &ig&o7 an$ i! 7ou in!en$ for i! !o mos!l7 han$le mail for !he $omain m78si!e*comA !hen &ig&o7*m78si!e*com mus! correc!l7 resolve !o !he #1 a$$ress of one of !he mail server3s in!erfaces* /ou can !es! !his using !he hos! comman$:
[root@smallfry tmp]# host bigboy.my-site.com bigboy.my-site.com has address 192.168.1.100 [root@smallfry tmp]#
/ou "ill nee$ !o fix 7our % S server3s en!ries if !he resolu!ion isn3! correc!*
Configure The 'e!c'resolv*conf File
The sen$mail =rogram ex=ec!s % S !o &e configure$ correc!l7 on !he % S server* The MK recor$ for 7our $omain mus! =oin! !o !he #1 a$$ress of !he mail server* The =rogram also ex=ec!s !he files use$ &7 !he mail server3s % S clien! !o &e configure$ correc!l7* The firs! one is !he 'e!c'resolv*conf file in "hich !here mus! &e a $omain $irec!ive !ha! ma!ches one of !he $omains !he mail server is ex=ec!e$ !o han$le mail for* Finall7A sen$mail ex=ec!s a nameserver $irec!ive !ha! =oin!s !o !he #1 a$$ress of !he % S server !he mail server shoul$ use !o ge! i!s % S informa!ion* For exam=leA if !he mail server is han$ling mail for m78si!e*com an$ !he #1 a$$ress of !he % S server is 192*125*1*1::A !here mus! &e $irec!ives !ha! look like !his:
domain my-site.com nameserver 192.168.1.100
-n incorrec!l7 configure$ resolv*conf file can lea$ !o errors "hen running !he m+ comman$ !o =rocess !he informa!ion in 7our sen$mail*mc file*
WARNING: local host name (smallfry) is not qualified; fix $j in config file
The 'e!c'hos!s File
The 'e!c'hos!s file also is use$ &7 % S clien!s an$ also nee$s !o &e correc!l7 configure$* Here is a &rief exam=le of !he firs! line 7ou shoul$ ex=ec! !o see in i!:
127.0.0.1 bigboy.my-site.com localhost.localdomain localhost bigboy
The en!r7 for 124*:*:*1 mus! al"a7s &e follo"e$ &7 !he full7 <ualifie$ $omain name DFQ% E of !he server* #n !he case a&ove i! "oul$ &e &ig&o7*m78si!e*com* Then 7ou mus! have an en!r7 for localhos! an$ localhos!*local$omain* Linux $oes no! func!ion =ro=erl7 if !he 124*:*:*1 en!r7 in 'e!c'hos!s $oesn3! also inclu$e localhos! an$ localhos!*local$omain* Finall7 7ou can a$$ an7 o!her aliases 7our hos! ma7 have !o !he en$ of !he line*
Ho" To Configure Linux Sen$mail Clien!s
-ll Linux mail clien!s in 7our home or com=an7 nee$ !o kno" "hich server is !he mail server* This is configure$ in !he sen$mail*mc file &7 se!!ing !he SM-,TFHOST s!a!emen! !o inclu$e !he mail server* #n !he exam=le &elo"A !he mail server has &een se! !o mail*m78si!e*comA !he mail server for !he m78si!e*com $omain*
define(`SMART_HOST',`mail.my-site.com')
#f 7ou $on3! have a mail server on 7our ne!"orkA 7ou can ei!her crea!e oneA or use !he one offere$ &7 7our #S1* Once !his is $oneA 7ou nee$ !o =rocess !he sen$mail*mc file an$ res!ar! sen$mail* To $o !hisA run !he res!ar!ing scri=! "e from earlier in !he cha=!er* #f !he sen$mail server is a Linux serverA !hen !he 'e!c'hos!s file "ill also have !o &e correc!l7 configure$ !oo* o!e: ,emem&er !o run !he ac!iva!e8sen$mail*sh scri=! sho"n a! !he &eginning of !he cha=!er !o ac!iva!e an7 configura!ion changes*
Conver!ing From a Mail Clien! !o a Mail Server
-ll Linux s7s!ems have a vir!ual loo=&ack in!erface !ha! lives onl7 in memor7 "i!h an #1 a$$ress of 124*:*:*1* -s mail mus! &e sen! !o a !arge! #1 a$$ress even "hen !here is no #C in !he &oxA sen$mail !herefore uses !he loo=&ack a$$ress !o sen$ mail &e!"een users on !he same Linux server* To &ecome a mail serverA an$ no! a mail clien!A sen$mail nee$s !o &e configure$ !o lis!en for messages on #C in!erfaces as "ell* 1E %e!ermine "hich #Cs sen$mail is running on* /ou can see !he in!erfaces on "hich sen$mail is lis!ening "i!h !he ne!s!a! comman$* >ecause sen$mail lis!ens on TC1 =or! 20A 7ou use ne!s!a! an$ gre= for 20 !o see a $efaul! configura!ion lis!ening onl7 on #1 a$$ress 124*:*:*1 Dloo=&ackE:
[root@bigboy tmp]# netstat -an | grep :25 | grep tcp tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN [root@bigboy tmp]#
2E .$i! sen$mail*mc !o make sen$mail lis!en on all in!erfaces* #f sen$mail is lis!ening on !he loo=&ack in!erface onl7A 7ou shoul$ commen! ou! !he $aemonFo=!ions line in !he 'e!c'mail 'sen$mail*mc file "i!h $nl s!a!emen!s* #! is also goo$ =rac!ice !o !ake =recau!ions agains! s=am &7 no! acce=!ing mail from $omains !ha! $on3! exis! &7 commen!ing ou! !he acce=!Funresolva&leF$omains fea!ure !oo* See !he four!h an$ nex! !o las! lines in !he exam=le*
dnl dnl dnl dnl dnl dnl dnl ... ... ... dnl dnl dnl dnl dnl dnl dnl dnl
This changes sendmail to only listen on the loopback device 127.0.0.1 and not on any other network devices. Comment this out if you want to accept email over the network. DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
We strongly recommend to comment this one out if you want to protect yourself from spam. However, the laptop and users on computers that do not have 24x7 DNS do need this. FEATURE(`accept_unresolvable_domains')dnl FEATURE(`relay_based_on_MX')dnl
o!e: /ou nee$ !o &e careful "i!h !he acce=!Funresolva&leFnames fea!ure* #n !he sam=le ne!"orkA &ig&o7 !he mail server $oes no! acce=! e8mail rela7e$ from an7 of !he o!her 1Cs on 7our ne!"ork if !he7 are no! in % S* Cha=!er 15A GConfiguring % SGA sho"s ho" !o crea!e 7our o"n in!ernal $omain Rus! for !his =ur=ose* o!e: #f 7our server has mul!i=le #Cs an$ 7ou "an! i! !o lis!en !o one of !hemA !hen 7ou can uncommen! !he localhos! %-.MO FO1T#O S en!r7 an$ a$$ ano!her one for !he #1 a$$ress of !he #C on "hich !o "ish !o acce=! SMT1 !raffic* )E Commen! ou! !he SM-,TFHOST .n!r7 in sen$mal*mc* The mail server $oesn3! nee$ a SM-,TFHOST en!r7 in i!s sen$mail*mc file* Commen! !his ou! "i!h a $nl a! !he &eginning*
dnl define(`SMART_HOST',`mail.my-site.com')
+E ,egenera!e !he sen$mail*cf fileA an$ res!ar! sen$mail* -gainA 7ou can $o !his "i!h !he ac!iva!e8sen$mail*sh scri=! from !he &eginning of !he cha=!er* 0E Make sure sen$mail is lis!ening on all in!erfaces D:*:*:*:E*
[root@bigboy tmp]# netstat -an | grep :25 | grep tcp tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN [root@bigboy tmp]#
/ou have no" com=le!e$ !he firs! =hase of conver!ing 7our Linux server in!o a sen$mail server &7 ena&ling i! !o lis!en !o SMT1 !raffic on i!s in!erfaces* The follo"ing sec!ions "ill sho" 7ou
+ of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
ho" !o $efine "ha! !7=e of mail i! shoul$ han$le an$ !he various "a7s !his mail can &e =rocesse$*
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
- 6eneral 6ui$e To (sing The sen$mail*mc File
The sen$mail*mc file can seem Rum&le$* To make i! less clu!!ere$ # usuall7 crea!e !"o easil7 i$en!ifia&le sec!ions in i! "i!h all !he cus!om comman$s #3ve ever a$$e$* The firs! sec!ion is near !he !o= "here !he F.-T(,. s!a!emen!s usuall7 areA an$ !he secon$ sec!ion is a! !he ver7 &o!!om* Some!imes sen$mail "ill archive !his file "hen 7ou $o a version u=gra$e* Having easil7 i$en!ifia&le mo$ifica!ions in !he file "ill make =os! u=gra$e reconfigura!ion much easier* Here is a sam=le:
dnl ***** Customised section 1 start ***** dnl dnl FEATURE(delay_checks)dnl FEATURE(masquerade_envelope)dnl FEATURE(allmasquerade)dnl FEATURE(masquerade_entire_domain)dnl dnl dnl dnl ***** Customised section 1 end *****
The 'e!c'mail'rela78$omains File
The 'e!c'mail'rela78$omains file is use$ !o $e!ermine $omains from "hich i! "ill rela7 mail* The con!en!s of !he rela78$omains file shoul$ &e limi!e$ !o !hose $omains !ha! can &e !rus!e$ no! !o origina!e s=am* >7 $efaul!A !his file $oes no! exis! in a s!an$ar$ ,e$Ha! ' Fe$ora ins!all* #n !his caseA all mail sen! from m78su=er8$u=er8si!e*com an$ no! $es!ine$ for !his mail server "ill &e for"ar$e$:
my-super-duper-site.com
One $isa$van!age of !his file is !ha! con!rols mail &ase$ on !he source $omain onl7A an$ source $omains can &e s=oofe$ &7 s=am e8mail servers* The 'e!c'mail'access file has more ca=a&ili!iesA such as res!ric!ing rela7ing &7 #1 a$$ress or ne!"ork range an$ is more commonl7 use$* #f 7ou $ele!e 'e!c'mail'rela78$omainsA !hen rela7 access is full7 $e!ermine$ &7 !he 'e!c'mail'access file* o!e: >e sure !o run ac!iva!e8sen$mail*sh scri=! from !he &eginning of !he cha=!er for !hese changes !o !ake effec!*
The 'e!c'mail'access File
/ou can make sure !ha! onl7 !rus!e$ 1Cs on 7our ne!"ork have !he a&ili!7 !o rela7 mail via 7our mail server &7 using !he 'e!c'mail'access file* Tha! is !o sa7A !he mail server "ill rela7 mail onl7 for !hose 1Cs on 7our ne!"ork !ha! have !heir e8mail clien!s configure$ !o use !he mail server as !heir ou!going SMT1 mail server* D#n Ou!look .x=ressA 7ou se! !his using: ToolsJ-ccoun!sJ1ro=er!iesJServersE #f 7ou $on3! !ake !he =recau!ion of using !his fea!ureA 7ou ma7 fin$ 7our server &eing use$ !o rela7 mail for s=am e8mail si!es* Configuring !he 'e!c'mail'access file "ill no! s!o= s=am coming !o 7ouA onl7 s=am flo"ing !hrough 7ou* The 'e!c'mail'access file has !"o columns* The firs! lis!s #1 a$$resses an$ $omains from "hich !he mail is coming or going* The secon$ lis!s !he !7=e of ac!ion !o &e !aken "hen mail from !hese sources or $es!ina!ions is receive$* Ce7"or$s inclu$e ,.L-/A ,.P.CTA OC Dno! -CC.1TEA an$ %#SC-,%* There is no !hir$ column !o s!a!e "he!her !he #1 a$$ress or $omain is !he source or $es!ina!ion of !he mailA sen$mail assumes i! coul$ &e ei!her an$ !ries !o ma!ch &o!h* -ll o!her a!!em=!e$ rela7e$ mail !ha! $oesn3! ma!ch an7 of !he en!ries in !he 'e!c'mail'access fileA sen$mail "ill reRec!* %es=i!e !hisA m7 ex=erience has &een !ha! con!rol on a =er e8mail a$$ress &asis is much more in!ui!ive via !he 'e!c'mail'vir!user!a&le file* The sam=le file !ha! follo"s allo"s rela7ing for onl7 !he server i!self D124*:*:*1A localhos!EA !"o clien! 1Cs on 7our home 192*125*1*K ne!"orkA ever7one on 7our 192*125*2*K ne!"orkA an$ ever7one =assing e8mail !hrough !he mail server from servers &elonging !o m78si!e*com* ,emem&er !ha! a server "ill &e consi$ere$ a =ar! of m78si!e*com onl7 if i!s #1 a$$ress can &e foun$ in a % S reverse Bone file:
localhost.localdomain localhost 127.0.0.1 192.168.1.16 192.168.1.17 192.168.2 my-site.com RELAY RELAY RELAY RELAY RELAY RELAY RELAY
o!e: /ou3ll no" have !o conver! !his !ex! file in!o a sen$mail rea$a&le $a!a&ase file name$ 'e!c'mail'access*$&* The ac!iva!e8sen$mail*sh scri=! "e configure$ a! !he &eginning of !he cha=!er $oes !his for 7ou !oo* ,emem&er !ha! !he rela7 securi!7 fea!ures of !his file ma7 no! "ork if 7ou $on3! have a correc!l7 configure$ 'e!c'hos!s file*
The 'e!c'mail'local8hos!8names File
When sen$mail receives mailA i! nee$s a "a7 of $e!ermining "he!her i! is res=onsi&le for !he mail i! receives* #! uses !he 'e!c'mail'local8hos!8names file !o $o !his* This file has a lis! of hos!names an$ $omains for "hich sen$mail acce=!s res=onsi&ili!7* For exam=leA if !his mail server "as !o acce=! mail for !he $omains m78si!e*com an$ ano!her8si!e !hen !he file "oul$ look like !his:
my-site.com another-site.com
#n !his caseA remem&er !o mo$if7 !he MK recor$ of !he ano!her8si!e*com % S Bonefile =oin! !o m78si!e*com* Here is an exam=le D,emem&er each G*G is im=or!an!E:
; Primary Mail Exchanger for another-site.com another-site.com. MX 10 mail.my-site.com.
o!e: >e sure !o run !he ac!iva!e8sen$mail*sh scri=! from !he &eginning of !he cha=!er for !hese changes !o !ake effec!*
Which (ser Shoul$ ,eall7 ,eceive The Mail;
-f!er checking !he con!en!s of !he vir!user!a&leA sen$mail checks !he aliases files !o $e!ermine !he ul!ima!e reci=ien! of mail*
The 'e!c'mail'vir!user!a&le file
The 'e!c'mail'vir!user!a&le file con!ains a se! of sim=le ins!ruc!ions on "ha! !o $o "i!h receive$ mail* The firs! column lis!s !he !arge! email a$$ress an$ !he secon$ column lis!s !he local user3s mail &oxA a remo!e email a$$ressA or a mailing lis! en!r7 in !he 'e!c'aliases file !o "hich !he email shoul$ &e for"ar$e$* #f !here is no ma!ch in !he vir!user!a&le fileA sen$mail checks for !he full email a$$ress in !he 'e!c'aliases file*
[email protected] @another-site.com [email protected] [email protected] [email protected] @my-site.com webmasters marc [email protected] paul paul error:nouser User unknown
#n !his exam=leA mail sen! !o: "e&mas!erLano!her8si!e*com "ill go !o local user Dor mailing lis!E "e&mas!ersA all o!her mail !o ano!her8si!e*com "ill go !o local user marc* sales a! m78si!e*com "ill go !o !he sales $e=ar!men! a! m78o!hersi!e*com* =aul an$ finance a! m78si!e*com goes !o local user Dor mailing lis!E =aul -ll o!her users a! m78si!e*com receive a &ounce &ack message s!a!ing G(ser unkno"nG*
0 of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
o!e: >e sure !o run !he ac!iva!e8sen$mail*sh scri=! from !he &eginning of !he cha=!er for !hese changes !o !ake effec!*
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
The 'e!c'aliases File
/ou can !hink of !he 'e!c'aliases file as a mailing lis! file* The firs! column has !he mailing lis! name Dsome!imes calle$ a vir!ual mail&oxEA an$ !he secon$ column has !he mem&ers of !he mailing lis! se=ara!e$ &7 commas* To s!ar!A sen$mail searches !he firs! column of !he file for a ma!ch* #f !here is no ma!chA !hen sen$mail assumes !he reci=ien! is a regular user on !he local server an$ $e=osi!s !he mail in !heir mail&ox* #f i! fin$s a ma!ch in !he firs! columnA sen$mail no!es !he nickname en!r7 in !he secon$ column* #! !hen searches for !he nickname again in !he firs! column !o see if !he reci=ien! isn3! on 7e! ano!her mailing lis!* #f sen$mail $oesn3! fin$ a $u=lica!eA i! assumes !he reci=ien! is a regular user on !he local server an$ $e=osi!s !he mail in !heir mail&ox* #f !he reci=ien! is a mailing lis!A !hen sen$mail goes !hrough !he =rocess all over again !o $e!ermine if an7 of !he mem&ers is on 7e! ano!her lis!A an$ "hen i! is all finishe$A !he7 all ge! a co=7 of !he e8mail message* #n !he exam=le !ha! follo"sA 7ou can see !ha! mail sen! !o users &inA $aemonA l=A shu!$o"nA a=acheA name$A an$ so on &7 s7s!em =rocesses "ill all &e sen! !o user Dor mailing lis!E roo!* #n !his caseA roo! is ac!uall7 an alias for a mailing lis! consis!ing of user marc an$ "e&mas!erLm78si!e*com*
# Basic system aliases -- these MUST be present. mailer-daemon: postmaster postmaster: root # General redirections for pseudo accounts. bin: root daemon: root ... ... abuse: root # trap decode to catch security attacks decode: root # Person who should get root's mail root: marc,[email protected]
o!ice !ha! !here are no s=aces &e!"een !he mailing lis! en!ries for roo!: /ou "ill ge! errors if 7ou a$$ s=aces* o!e: The $efaul! 'e!c'aliases file ins!alle$ "i!h ,e$Ha! ' Fe$ora has !he las! line of !his sam=le commen!e$ ou! "i!h a SA 7ou ma7 "an! !o $ele!e !he commen! an$ change user marc !o ano!her user* -lso af!er e$i!ing !his fileA 7ou3ll have !o conver! i! in!o a sen$mail rea$a&le $a!a&ase file name$ 'e!c'aliases*$&* Here is !he comman$ !o $o !ha!:
[root@bigboy tmp]# newaliases
#n !his sim=le mailing lis! exam=leA mail sen! !o roo! ac!uall7 goes !o user accoun! marc an$ "e&mas!erLm78si!e*com* >ecause aliases can &e ver7 usefulA here are a fe" more lis! exam=les for 7our 'e!c'aliases file* Mail !o G$irec!orsLm78si!e*comG goes !o users G=e!erGA G=aulG an$ Gmar7G*
# Directors of my SOHO company directors: peter,paul,mary
Mail sen! !o Gfamil7Lm78si!e*comG goes !o users Ggran$maGA G&ro!herG an$ Gsis!erG
# My family family:
grandma,brother,sister
Mail sen! !o a$min8lis! ge!s sen! !o all !he users lis!e$ in !he file 'home'mailings'a$min8lis!*
# My mailing list file admin-list: ":include:/home/mailings/admin-list"
The a$van!age of using mailing lis! files is !ha! !he a$min8lis! file can &e a file !ha! !rus!e$ users can e$i!A user roo! is onl7 nee$e$ !o u=$a!e !he aliases file* %es=i!e !hisA !here are some =ro&lems "i!h mail reflec!ors* One is !ha! &ounce messages from faile$ a!!em=!s !o &roa$cas! go !o all users* -no!her is !ha! all su&scri=!ions an$ unsu&scri=!ions have !o &e $one manuall7 &7 !he mailing lis! a$minis!ra!or* #f ei!her of !hese are a =ro&lem for 7ouA !hen consi$er using a mailing lis! managerA such as maRor$omo* One im=or!an! no!e a&ou! !he 'e!c'aliases file: >7 $efaul! 7our s7s!em uses sen$mail !o mail s7s!em messages !o local user roo!* When sen$mail sen$s e8mail !o a local userA !he mail has no To: in !he e8mail hea$er* #f 7ou !hen use a mail clien! "i!h a s=am mail fil!ering rule !o reRec! mail "i!h no To: in !he hea$erA such as Ou!look .x=ress or .volu!ionA 7ou ma7 fin$ 7ourself $um=ing legi!ima!e mail* To ge! aroun$ !hisA !r7 making roo! have an alias for a user "i!h a full7 <ualifie$ $omain nameA !his forces sen$mail !o inser! !he correc! fiel$s in !he hea$erT for exam=le:
# Person who should get root's mail root: [email protected]
o!e: >e sure !o run !he ne"aliases comman$ for !hese changes !o !ake effec!*
Sen$mail Mas<uera$ing .x=laine$
#f 7ou "an! 7our mail !o a==ear !o come from userLm7si!e*com an$ no! userL&ig&o7*m7si!e*comA !hen 7ou have !"o choices: Configure 7our email clien!A such as Ou!look .x=ressA !o se! 7our email a$$ress !o userLm7si!e*com* D#3ll ex=lain !his in !he GConfiguring /our 1O1 Mail ServerG sec!ion*E* Se! u= mas<uera$ing !o mo$if7 !he $omain name of all !raffic origina!ing from an$ =assing !rough 7our mail server*
Configuring mas<uera$ing
#n !he % S configura!ionA 7ou ma$e &ig&o7 !he mail server for !he $omain m78si!e*com* /ou no" have !o !ell &ig&o7 in !he sen$mail configura!ion file sen$mail*mc !ha! all ou!going mail origina!ing on &ig&o7 shoul$ a==ear !o &e coming from m78si!e*comT if no!A &ase$ on our se!!ings in !he 'e!c'hos!s fileA mail "ill a==ear !o come from mail*m78si!e*com* This isn3! !erri&leA &u! 7ou ma7 no! "an! 7our We& si!e !o &e remem&ere$ "i!h !he "or$ GmailG in fron! of i!* #n o!her "or$s 7ou ma7 "an! 7our mail server !o han$le all email &7 assigning a consis!en! re!urn a$$ress !o all ou!going mailA no ma!!er "hich server origina!e$ !he email* /ou can solve !his &7 e$i!ing 7our sen$mail*mc configura!ion file an$ a$$ing some mas<uera$ing comman$s an$ $irec!ives:
FEATURE(always_add_domain)dnl FEATURE(`masquerade_entire_domain')dnl FEATURE(`masquerade_envelope')dnl FEATURE(`allmasquerade')dnl MASQUERADE_AS(`my-site.com')dnl MASQUERADE_DOMAIN(`my-site.com.')dnl MASQUERADE_DOMAIN(localhost)dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
The resul! is !ha!: The M-SQ(.,-%.F-S $irec!ive makes all mail origina!ing on &ig&o7 a==ear !o come from a server "i!hin !he $omain m78si!e*com &7 re"ri!ing !he email hea$er* The M-SQ(.,-%.F%OM-# $irec!ive makes mail rela7e$ via &ig&o7 from all machines in !he ano!her8si!e*com an$ local$omain $omains a==ear !o come from !he M-SQ(.,-%.F-S $omain of m78si!e*com* (sing % SA sen$mail checks !he $omain name associa!e$ "i!h !he #1 a$$ress of !he mail rela7 clien! sen$ing !he mail !o hel= i! $e!ermine "he!her i! shoul$ $o mas<uera$ing or no!* F.-T(,. mas<uera$eFen!ireF$omain makes sen$mail mas<uera$e servers name$ Um78si!e*comA an$ Uano!her8si!e*com as m78si!e*com* #n o!her "or$sA mail from sales*m78si!e*com "oul$ &e mas<uera$e$ as m78si!e*com* #f !his "asn3! selec!e$A !hen onl7 servers name$ m78si!e*com an$ m78o!hersi!e*com "oul$ &e mas<uera$e$* (se !his "i!h cau!ion "hen 7ou are sure 7ou have !he necessar7 au!hori!7 !o $o !his* F.-T(,. allmas<uera$e makes sen$mail re"ri!e &o!h reci=ien! a$$resses an$ sen$er a$$resses rela!ive !o !he local machine* #f 7ou cc: 7ourself on an ou!going mailA !he o!her
2 of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
reci=ien! sees a cc: !o an a$$ress he kno"s ins!ea$ of one on localhos!*local$omain* o!e: (se F.-T(,. allmas<uera$e "i!h cau!ion if 7our mail server han$les email for man7 $ifferen! $omains an$ !he mail&oxes for !he users in !hese $omains resi$e on !he mail server* The allmas<uera$e s!a!emen! causes all mail $es!ine$ for !hese mail&oxes !o a==ear !o &e $es!ine$ for users in !he $omain $efine$ in !he M-SQ(.,-%.F-S s!a!emen!* #n o!her "or$sA if M-SQ(.,-%.F-S is m78si!e*com an$ 7ou use allmas<uera$eA !hen mail for =e!erLano!her8si!e*com en!ers !he correc! mail&ox &u! sen$mail re"ri!es !he To:A making !he e8mail a==ear !o &e sen! !o =e!erLm78s!e*com originall7* F.-T(,. al"a7sFa$$F$omain al"a7s mas<uera$es email a$$ressesA even if !he mail is sen! from a user on !he mail server !o ano!her user on !he same mail server* F.-T(,. mas<uera$eFenvelo=e re"ri!es !he email envelo=e Rus! as M-SQ(.,-%.F-S re"ro!e !he hea$er* Mas<uera$ing is an im=or!an! =ar! of an7 mail server configura!ion as i! ena&les s7s!ems a$minis!ra!ors !o use mul!i=le ou!&oun$ mail serversA each =rovi$ing onl7 !he glo&al $omain name for a com=an7 an$ no! !he full7 <ualifie$ $omain name of !he server i!self* -ll email corres=on$ence !hen has a uniform email a$$ress forma! !ha! com=lies "i!h !he com=an73s &ran$ marke!ing =olicies* o!e: .8mail clien!sA such as Ou!look .x=ressA consi$er !he To: an$ From: s!a!emen!s as !he e8mail hea$er* When 7ou choose ,e=l7 or ,e=l7 -ll in Ou!look .x=ressA !he =rogram au!oma!icall7 uses !he To: an$ From: in !he hea$er* #! is eas7 !o fake !he hea$erA as s=ammers of!en $oT i! is $e!rimen!al !o e8mail $eliver7A ho"everA !o fake !he envelo=e* The e8mail envelo=e con!ains !he To: an$ From: use$ &7 mailservers for =ro!ocol nego!ia!ion* #! is !he envelo=e3s From: !ha! is use$ "hen e8mail reRec!ion messages are sen! &e!"een mail servers* o!e: >e sure !o run !he ac!iva!e8sen$mail*sh scri=! from !he &eginning of !he cha=!er for !hese changes !o !ake effec!*
Tes!ing Mas<uera$ing
The &es! "a7 of !es!ing mas<uera$ing from !he Linux comman$ line is !o use !he Gmail 8v usernameG comman$* # have no!ice$ !ha! Gsen$mail 8v usernameG ignores mas<uera$ing al!oge!her* /ou shoul$ also !ail !he 'var'log'maillog file !o verif7 !ha! !he mas<uera$ing is o=era!ing correc!l7 an$ check !he envelo=e an$ hea$er of !es! email receive$ &7 !es! email accoun!s*
O!her Mas<uera$ing o!es
>7 $efaul!A user Groo!G "ill no! &e mas<uera$e$* To remove !his res!ric!ion use:
EXPOSED_USER(`root')dnl
comman$ in 'e!c'mail'sen$mail*mc* /ou can commen! !his ou! if 7ou like "i!h a G$nlG a! !he &eginning of !he line an$ running !he sen$mail s!ar! scri=!*
(sing Sen$mail !o Change !he Sen$er3s .mail -$$ress
Some!imes mas<uera$ing isn3! enough* -! !imes 7ou ma7 nee$ !o change no! onl7 !he $omain of !he sen$er &u! also !he username =or!ion of !he sen$er3s e8mail a$$ress* For exam=leA =erha=s 7ou &ough! a =rogram for 7our SOHO office !ha! sen$s ou! no!ifica!ions !o 7our s!affA &u! !he =rogram inser!s i!s o"n a$$ress as sen$er3s a$$ressA no! !ha! of !he #T =erson* We&8&ase$ C6# scri=!s !en$ !o run as user a=ache an$A !hereforeA sen$ mail as user a=ache !oo* Of!en 7ou "on3! "an! !hisA no! onl7 &ecause a=ache3s e8mail a$$ress ma7 no! &e a sui!a&leA &u! also &ecause some an!i8s=am =rograms check !o ensure !ha! !he From:A or source e8mail a$$ressA ac!uall7 exis!s as a real user* #f 7our vir!user!a&le file allo"s e8mail !o onl7 =re$efine$ usersA !hen <ueries a&ou! !he a=ache user "ill failA an$ 7our vali$ e8mail ma7 &e classifie$ as &eing s=am* Wi!h sen$mailA 7ou can change &o!h !he $omain an$ username on a case8&78case &asis using !he generics!a&le fea!ure: 1E -$$ !hese s!a!emen!s !o 7our 'e!c'mail'sen$mail*mc file !o ac!iva!e !he fea!ure:
FEATURE(`genericstable',`hash -o /etc/mail/genericstable.db')dnl GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl
2E Crea!e a 'e!c'mail'generics8$omains file !ha! is Rus! a lis! of all !he $omains !ha! shoul$ &e ins=ec!e$* Make sure !he file inclu$es 7our server3s canonical $omain nameA "hich 7ou can o&!ain using !he comman$:
sendmail -bt -d0.1 </dev/null
Here is a sam=le 'e!c'mail'generics8$omains file:
my-site.com another-site.com bigboy.my-site.com
)E Crea!e 7our 'e!c'mail'generics!a&le file* Firs! sen$mail searches !he 'e!c'mail'generics8$omains file for a lis! of $omains !o reverse ma=* #! !hen looks a! !he 'e!c'mail'generics!a&le file for an in$ivi$ual email a$$ress from a ma!ching $omain* The forma! of !he file is
linux-username [email protected]
/our e8mails from linux8username shoul$ no" a==ear !o come from usernameLne"8$omain*com* Here are some o!her exam=les:
alert peter apache [email protected] [email protected] [email protected]
o!e: >e sure !o run !he ac!iva!e8sen$mail*sh scri=! from !he &eginning of !he cha=!er for !hese changes !o !ake effec!*
Trou&leshoo!ing Sen$mail
There are a num&er of "a7s !o !es! sen$mail "hen i! $oesn3! a==ear !o "ork correc!l7* Here are a fe" me!ho$s 7ou can use !o fix some of !he mos! common =ro&lems*
Tes!ing TC1 connec!ivi!7
The ver7 firs! s!e= is !o $e!ermine "he!her 7our mail server is accessi&le on !he sen$mail SMT1 TC1 =or! 20* Lack of connec!ivi!7 coul$ &e cause$ &7 a fire"all "i!h incorrec! =ermi!A -TA or =or! for"ar$ing rules !o 7our mail server* Failure coul$ also &e cause$ &7 !he sen$mail =rocess &eing s!o==e$* #! is &es! !o !es! !his from &o!h insi$e 7our ne!"ork an$ from !he #n!erne!* Cha=!er +A GSim=le e!"ork Trou&leshoo!ingGA covers !rou&leshoo!ing "i!h T.L .T*
Fur!her Tes!ing of TC1 connec!ivi!7
/ou can also mimic a full mail session using T.L .T !o make sure ever7!hing is "orking correc!l7* #f 7ou ge! a G0:: Comman$ no! recogniBe$G error message along !he "a7A !he cause is =ro&a&l7 a !7=ogra=hical error* Follo" !hese s!e=s carefull7* 1E Telne! !o !he mail server on =or! 20* /ou shoul$ ge! a res=onse "i!h a 22: s!a!us co$e*
[root@bigboy tmp]# telnet mail.my-site.com 25 Trying mail.my-site.com... Connected to mail.my-site.com. Escape character is '^]'. 220 mail.my-site.com ESMTP server ready
#f !his &asic s!e= failsA 7ou =ro&a&l7 have a connec!ion =ro&lem !ha! coul$ &e !he resul! of !7=ical ne!"ork issues ou!line$ in Cha=!er +A GSim=le e!"ork Trou&leshoo!ingG* ,evie" !his cha=!er if 7ou fin$ 7ourself having =ro&lems rela!e$ !o &asic connec!ivi!7*
4 of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
2E (se !he hello comman$ !o !ell !he mail server !he $omain 7ou &elong !o* /ou shoul$ receive a message "i!h a successful s!a!us 20: co$e a! !he &eginning of !he res=onse*
helo another-web-site.org 250 mail.my-site.com Hello c-24-4-97-110.client.comcast.net [24.4.97.110], pleased to meet you.
)E #nform !he mail server from "hich !he !es! message is coming "i!h !he M-#L F,OM: s!a!emen!*
MAIL FROM:[email protected] 250 2.1.0 [email protected]... Sender ok
+E Tell !he mail server !o "hom !he !es! message is going "i!h !he G ,C1T TO:G s!a!emen!*
RCPT TO: [email protected] 250 2.1.5 [email protected]... Recipient ok
0E 1re=are !he mail server !o receive $a!a "i!h !he %-T- s!a!emen!
DATA 354 Enter mail, end with "." on a line by itself
2E T7=e !he s!ring Gsu&Rec!:G !hen !7=e a su&Rec!* T7=e in 7our !ex! messageA en$ing i! "i!h a single =erio$ on !he las! line* For exam=le*
Subject: Test Message Testing sendmail interactively . 250 2.0.0 iA75r9si017840 Message accepted for delivery
4E (se !he Q(#T comman$ !o en$ !he session*
QUIT 221 2.0.0 mail.my-site.com closing connection Connection closed by foreign host. [root@bigboy tmp]#
o" verif7 !ha! !he in!en$e$ reci=ien! receive$ !he messageA an$ check !he s7s!em logs for an7 mail a==lica!ion errors*
The 'var'log'maillog File
>ecause sen$mail "ri!es all i!s s!a!us messages in !he 'var'log'maillog fileA al"a7s moni!or !his file "henever 7ou are $oing changes* O=en !"o T.L .TA SSHA or console "in$o"s* Work in one of !hem an$ moni!or !he sen$mail s!a!us ou!=u! in !he o!her using !he comman$
[root@bigboy tmp]# tail -f /var/log/maillog
This !ac!ic "ill make i! much easier !o !rou&leshoo! an7 issues 7ou ma7 fin$ in sen$mail*
Common .rrors %ue To #ncom=le!e ,1M #ns!alla!ion
>o!h !he ne"aliases an$ m+ comman$s re<uire !he sen$mail8cf an$ m+ ,1M =ackages* These mus! &e ins!alle$* #f !he7 are no!A 7ou3ll ge! errors "hen running various sen$mail rela!e$ comman$s* Sam=le .rrors "hen running ne"aliases
[root@bigboy mail]# newaliases Warning: .cf file is out of date: sendmail 8.12.5 supports version 10, .cf file is version 0 No local mailer defined QueueDirectory (Q) option must be set [root@bigboy mail]#
Sam=le errors "hen =rocessing !he sen$mail*mc file
[root@bigboy mail]# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf /etc/mail/sendmail.mc:8: m4: Cannot open /usr/share/sendmail-cf/m4/cf.m4: No such file or directory [root@bigboy mail]#
Sam=le errors "hen res!ar!ing sen$mail
[root@bigboy mail]# systemctl restart sendmail.service Shutting down sendmail: [ OK ] Shutting down sm-client: [FAILED] Starting sendmail: 554 5.0.0 No local mailer defined 554 5.0.0 QueueDirectory (Q) option must be set [FAILED] Starting sm-client: [ OK ] [root@bigboy mail]#
#f !hese errors occurA make sure 7our m+A sen$mail an$ senmail8cf ,1M =ackages are ins!alle$ correc!l7*
#ncorrec!l7 Configure$ 'e!c'hos!s Files
>7 $efaul!A Fe$ora inser!s !he hos!name of !he server &e!"een !he 124*:*:*1 an$ !he localhos! en!ries in 'e!c'hos!s like !his:
127.0.0.1 bigboy localhost.localdomain localhost
(nfor!una!el7 in !his configura!ionA sen$mail "ill !hink !ha! !he server3s FQ% is &ig&o7A "hich i! "ill i$en!if7 as &eing invali$ &ecause !here is no ex!ension a! !he en$A such as *com or *ne!* #! "ill !hen $efaul! !o sen$ing e8mails in "hich !he $omain is localhos!*local$omain* The 'e!c'hos!s file is also im=or!an! for configuring mail rela7* /ou can crea!e =ro&lems if 7ou fail !o =lace !he server name in !he F%Q for 124*:*:*1 en!r7* Here sen$mail !hinks !ha! !he server3s F%Q "as m78si!e an$ !ha! !he $omain "as all of *com*
127.0.0.1 my-site.com localhost.localdomain localhost # (Wrong!!!)
The server "oul$ !herefore &e o=en !o rela7 all mail from an7 *com $omain an$ "oul$ ignore !he securi!7 fea!ures of !he access an$ rela78$omains files #3ll $escri&e la!er* -s men!ione$A a =oorl7 configure$ 'e!c'hos!s file can make mail sen! from 7our server !o !he ou!si$e "orl$ a==ear as if i! came from users a! localhos!*local$omain an$ no! &ig&o7*m78 si!e*com* (se !he sen$mail =rogram !o sen$ a sam=le e8mail !o someone in ver&ose mo$e* .n!er some !ex! af!er issuing !he comman$ an$ en$ 7our message "i!h a single =erio$ all &7 i!self on !he las! lineA for exam=le:
[root@bigboy tmp]# sendmail -v [email protected] test text test text . [email protected]... Connecting to mail.another-site.com. via esmtp... 220 ltmail.another-site.com LiteMail v3.02(BFLITEMAIL4A); Sat, 05 Oct 2002 06:48:44 -0400 >>> EHLO localhost.localdomain 250-mx.another-site.com Hello [67.120.221.106], pleased to meet you 250 HELP >>> MAIL From:<[email protected]> 250 <[email protected]>... Sender Ok >>> RCPT To:<[email protected]> 250 <[email protected]>... Recipient Ok >>> DATA 354 Enter mail, end with "." on a line by itself >>> . 250 Message accepted for delivery [email protected]... Sent (Message accepted for delivery) Closing connection to mail.another-site.com. >>> QUIT [root@bigboy tmp]#
5 of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
localhos!*local$omain is !he $omain !ha! all com=u!ers use !o refer !o !hemselvesA i! is !herefore an illegal #n!erne! $omain* Consi$er an exam=le: Mail sen! from com=u!er 1C1 !o 1C2 a==ears !o come from a user a! localhos!*local$omain on 1C1 an$ is reRec!e$* The reRec!e$ e8mail is re!urne$ !o localhos!*local$omain* 1C2 sees !ha! !he mail origina!e$ from localhos!*local$omain an$ !hinks !ha! !he reRec!e$ e8mail shoul$ &e sen! !o a user on 1C2 !ha! ma7 no! exis!* /ou en$ u= "i!h an error in 'var'log'maillog:
Oct 16 10:20:04 bigboy sendmail[2500]: g9GHK3iQ002500: SYSERR(root): savemail: cannot save rejected email anywhere Oct 16 10:20:04 bigboy sendmail[2500]: g9GHK3iQ002500: Losing ./qfg9GHK3iQ002500: savemail panic
/ou ma7 also ge! !his error if 7ou are using a s=am =reven!ion =rogramA such as a scri=! &ase$ on !he 1.,L mo$ule Mail::-u$i!* -n error in !he scri=! coul$ cause !his !7=e of message !oo* -no!her se! of !ell !ale errors cause$ &7 !he same =ro&lem can &e genera!e$ "hen !r7ing !o sen$ mail !o a user D!he exam=le uses roo!E or crea!ing a ne" alias $a!a&ase file* D#3ll ex=lain !he ne"aliases comman$ la!er*E
[root@bigboy tmp]# sendmail -v root WARNING: local host name (bigboy) is not qualified; fix $j in config file [root@bigboy tmp]# newaliases WARNING: local host name (bigboy) is not qualified; fix $j in config file [root@bigboy tmp]#
-n accom=an7ing error in 'var'log'maillog log file looks like !his:
Oct 16 10:23:58 bigboy sendmail[2582]: My unqualified host name (bigboy) unknown; sleeping for retry
When 7ou have go! sen$mail finall7 "orking i! "ill &e !ime !o focus 7our a!!en!ion on figh!ing un"an!e$ emailA or S1-M* This "ill &e covere$ nex!*
Figh!ing S1-M
(nsolici!e$ Commercial .mail D(C. or S1-ME can &e anno7ingA !ime consuming !o $ele!e an$ in some cases $angerous "hen !he7 con!ain viruses an$ "orms* For!una!el7 !here are "a7s 7ou can use 7our mail server !o com&a! S1-M*
(sing 1u&lic S1-M >lacklis!s Wi!h Sen$mail
There are man7 =u&licl7 availa&le lis!s of kno"n o=en mail rela7 servers an$ s=am genera!ing mail servers on !he #n!erne!* Some are main!aine$ &7 volun!eersA o!hers are manage$ &7 =u&lic com=aniesA &u! in all cases !he7 rel7 heavil7 on com=lain!s from s=am vic!ims* Some s=am &lacklis!s sim=l7 !r7 !o $e!ermine "he!her !he e8mail is coming from a legi!ima!e #1 a$$ress* The #1 a$$resses of offen$ers usuall7 remain on !he lis! for six mon!hs !o !"o 7ears* #n some casesA !o =rovi$e a$$i!ional =ressure on !he s=ammersA !he &lacklis!s inclu$e no! onl7 !he offen$ing #1 a$$ress &u! also !he en!ire su&ne! or ne!"ork &lock !o "hich i! &elongs* This =reven!s !he s=ammers from easil7 s"i!ching !heir servers3 #1 a$$resses !o !he nex! availa&le ones on !heir ne!"orks* -lsoA if !he s=ammer uses a =u&lic $a!a cen!erA i! is =ossi&le !ha! !heir ac!ivi!ies coul$ also cause !he #1 a$$resses of legi!ima!e e8mailers !o &e &lack lis!e$ !oo* #! is ho=e$ !ha! !hese legi!ima!e users "ill =ressure !he $a!a cen!er3s managemen! !o evic! !he s=amming cus!omer* /ou can configure sen$mail !o use i!s $ns&l fea!ure !o &o!h <uer7 !hese lis!s an$ reRec! !he mail if a ma!ch is foun$* Here are some sam=le en!ries 7ou can a$$ !o 7our 'e!c'sen$mail*mc fileT !he7 shoul$ all &e on one line* ,FC8#gnoran!: - vali$ #1 a$$ress checker*
FEATURE(`dnsbl', `ipwhois.rfc-ignorant.org',`"550 Mail from " $&{client_addr} " refused. Rejected for bad WHOIS info on IP of your SMTP server - see http://www.rfc-ignorant.org/"')
.as7ne!: -n o=en =rox7 lis!*
FEATURE(`dnsbl', `proxies.blackholes.easynet.nl', `"550 5.7.1 ACCESS DENIED to OPEN PROXY SERVER "$&{client_name}" by easynet.nl DNSBL (http://proxies.blackholes.easynet.nl/errors.html)"', `')dnl
S=amco=: - s=ammer &lacklis!*
FEATURE(`dnsbl', `bl.spamcop.net', `"450 Mail from " $`'&{client_addr} " refused - see http://spamcop.net/bl.shtml"')
S=amhaus: - s=ammer &lacklis!*
FEATURE(`dnsbl',`sbl.spamhaus.org',`Rejected - see http://spamhaus.org/')dnl
o!e: @isi! !he (,Ls lis!e$ in each F.-T(,. comman$ !o learn more a&ou! !he in$ivi$ual services* >e sure !o run !he ac!iva!e8sen$mail*sh scri=! from !he &eginning of !he cha=!er for !hese changes !o !ake effec!*
S=amassassin
Once sen$mail receives an e8mail messageA i! han$s !he message over !o =rocmailA "hich is !he a==lica!ion !ha! ac!uall7 =laces !he e8mail in user mail&oxes on !he mail server* /ou can make =rocmail !em=oraril7 han$ over con!rol !o ano!her =rogramA such as a s=am fil!er* The mos! commonl7 use$ fil!er is s=amassassin* s=amassassin $oesn3! $ele!e s=amA i! merel7 a$$s !he "or$ Gs=amG !o !he &eginning of !he su&Rec! line of sus=ec!e$ s=am e8mails* /ou can !hen configure !he e8mail fil!er rules in Ou!look .x=ress or an7 o!her mail clien! !o ei!her $ele!e !he sus=ec! message or s!ore i! in a s=ecial S=am fol$er*
%o"nloa$ing -n$ #ns!alling S=amassassin
Mos! ,e$Ha! an$ Fe$ora Linux sof!"are =ro$uc! =ackages are availa&le in !he ,1M forma!A "hereas %e&ian an$ (&un!u Linux use %.> forma! ins!alla!ion files* When searching for !hese =ackages remem&er !ha! !he filename usuall7 s!ar!s "i!h !he sof!"are =ackage name an$ is follo"e$ &7 a version num&erA as in s=amassassin82*2:82*i)52*r=m* DFor hel= $o"nloa$ingA see Cha=!er 2A G#ns!alling ,1M Sof!"areGE*
Managing !he s=amassassin Server
Managing !he s=amassassin $aemon is eas7 !o $oA &u! !he =roce$ure $iffers &e!"een Linux $is!ri&u!ions* Here are some !hings !o kee= in min$* 1* Firs!l7A $ifferen! Linux $is!ri&u!ions use $ifferen! $aemon managemen! s7s!ems* .ach s7s!em has i!s o"n se! of comman$s !o $o similar o=era!ions* The mos! commonl7 use$ $aemon managemen! s7s!ems are S7s@ an$ S7s!em$* 2* Secon$l7A !he $aemon name nee$s !o &e kno"n* #n !his case !he name of !he $aemon is s=amassassin* s=amassassin -rme$ "i!h !his informa!ion 7ou can kno" ho" !o: 1* S!ar! 7our $aemons au!oma!icall7 on &oo!ing 2* S!o=A s!ar! an$ res!ar! !hem la!er on $uring !rou&leshoo!ing or "hen a configura!ion file change nee$s !o &e a==lie$* For more $e!ails on !hisA =lease !ake a look a! !he GManaging %aemonsG sec!ion of Cha=!er 2 G#ns!alling Linux Sof!"areG o!e: o!e ,emem&er !o configure 7our $aemon !o s!ar! au!oma!icall7 u=on 7our nex! re&oo!*
Configuring =rocmail for s=amassassin
The 'e!c'=rocmailrc file is use$ &7 =rocmail !o $e!ermine !he =rocmail hel=er =rograms !ha! shoul$ &e use$ !o fil!er mail* This file isn3! crea!e$ &7 $efaul!* s=amassassin has a !em=la!e 7ou can use calle$ 'e!c'mail's=amassassin's=amassassin8s=amc*rc* Co=7 !he !em=la!e !o !he 'e!c $irec!or7*
9 of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
[root@bigboy tmp]# cp /etc/mail/spamassassin/spamassassin-spamc.rc /etc/procmailrc
This "ill ac!iva!e s=amassassin for all 7our mail users*
Configuring S=amassassin
The s=amassassin configura!ion file is name$ 'e!c'mail's=amassassin'local*cf* - full lis!ing of all !he o=!ions availa&le in !he local*cf file can &e foun$ in !he Linux man =ages using !he follo"ing comman$:
[root@bigboy tmp]# man Mail::SpamAssassin::Conf
/ou can cus!omiBe !his full7 commen!e$ sam=le configura!ion file !o mee! 7our nee$s*
################################################################### # See 'perldoc Mail::SpamAssassin::Conf' for # details of what can be adjusted. ################################################################### # # These values can be overridden by editing # ~/.spamassassin/user_prefs.cf (see spamassassin(1) for details) # # How many hits before a message is considered spam. The lower the # number the more sensitive it is. required_hits 5.0
# Whether to change the subject of suspected spam (1=Yes, 0=No) rewrite_subject 1
# Text to prepend to subject if rewrite_subject is used subject_tag *****SPAM*****
# Encapsulate spam in an attachment (1=Yes, 0=No) report_safe 1
# Use terse version of the spam report (1=Yes, 0=No) use_terse_report 0
# Enable the Bayes system (1=Yes, 0=No) use_bayes 1
# Enable Bayes auto-learning (1=Yes, 0=No) auto_learn 1
# Enable or disable network checks (1=Yes, 0=No) skip_rbl_checks 0 use_razor2 1 use_dcc 1 use_pyzor 1
# Mail using languages used in these country codes will not be marked # as being possibly spam in a foreign language. # - english ok_languages en
# Mail using locales used in these country codes will not be marked # as being possibly spam in a foreign language. ok_locales en
o!e: >e sure !o run !he ac!iva!e8sen$mail*sh scri=! from !he &eginning of !he cha=!er for !hese changes !o !ake effec!*
Tes!ing s=amassassin
/ou can !es! !he vali$i!7 of 7our local*cf file &7 using !he s=amassassin comman$ "i!h !he 88lin! o=!ion* This "ill lis! an7 s7n!ax =ro&lems !ha! ma7 exis!* #n !his exam=le !"o errors "ere foun$ an$ correc!e$ &efore !he comman$ "as run again*
[root@bigboy tmp]# spamassassin -d --lint Created user preferences file: /root/.spamassassin/user_prefs config: SpamAssassin failed to parse line, skipping: use_terse_report 0 config: SpamAssassin failed to parse line, skipping: auto_learn 1 lint: 2 issues detected. please rerun with debug enabled for more information. [root@bigboy tmp]# vi /etc/mail/spamassassin/local.cf ... ... ... [root@bigboy tmp]# spamassassin -d --lint [root@bigboy tmp]
Tuning s=amassassin
/ou can !une !he sensi!ivi!7 of s=amassassin !o !he !7=e of s=am 7ou receive &7 a$Rus!ing !he re<uire$Fhi!s value in !he local*cf file* This can &e ma$e easier &7 vie"ing !he score s=amassassin assigns a message in i!s hea$er* #n mos! 6(# &ase$ email clien!s !his can &e $one &7 looking a! !he email3s =ro=er!ies* #n !his caseA a igerian email scam s=am "as $e!ec!e$ an$ given a score of 2:*1 an$ marke$ as s=am*
X-Spam-Status: Yes, score=20.1 required=2.1 tests=DEAR_FRIEND, DNS_FROM_RFC_POST,FROM_ENDS_IN_NUMS,MSGID_FROM_MTA_HEADER,NA_DOLLARS, NIGERIAN_BODY1,NIGERIAN_BODY2,NIGERIAN_BODY3,NIGERIAN_BODY4, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SBL,RISK_FREE,SARE_FRAUD_X3, SARE_FRAUD_X4,SARE_FRAUD_X5,US_DOLLARS_3 autolearn=failed version=3.0.4 X-Spam-Report: * 0.5 FROM_ENDS_IN_NUMS From: ends in numbers * 0.2 RISK_FREE BODY: Risk free. Suuurreeee.... * 0.4 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN) * 0.8 DEAR_FRIEND BODY: Dear Friend? That's not very dear! * 2.2 NA_DOLLARS BODY: Talks about a million North American dollars * 1.8 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net * [Blocked - see <http://www.spamcop.net/bl.shtml?213.185.106.3>] * 1.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL * [213.185.106.3 listed in sbl-xbl.spamhaus.org] * 1.4 DNS_FROM_RFC_POST RBL: Envelope sender in postmaster.rfc-ignorant.org * 1.9 NIGERIAN_BODY3 Message body looks like a Nigerian spam message 3+ * 2.9 NIGERIAN_BODY1 Message body looks like a Nigerian spam message 1+ * 1.4 NIGERIAN_BODY4 Message body looks like a Nigerian spam message 4+ * 1.7 SARE_FRAUD_X5 Matches 5+ phrases commonly used in fraud spam * 0.5 NIGERIAN_BODY2 Message body looks like a Nigerian spam message 2+ * 1.7 SARE_FRAUD_X3 Matches 3+ phrases commonly used in fraud spam * 1.7 SARE_FRAUD_X4 Matches 4+ phrases commonly used in fraud spam * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay
#f S1-M sli=s !hrough 7our s=amassassin s7s!emA 7ou can use !his me!ho$ !o a$Rus! 7our rules !o re$uce !he risk in fu!ure*
(=$a!ing S=amassassin?s >uil!8in ,ules
The s=amassassin =ackage comes "i!h a fileA 'e!c'cron*$'sa8u=$a!eA "hich u=$a!es !he rule files in !he 'e!c'mail's=amassassin' $irec!or7 each $a7* This makes !he a$minis!ra!ion of 7our s7s!em much easier* Limi!ing 7our s=am figh!ing effor!s !o !he re<uire$Fhi!s value isn3! usuall7 a$e<ua!e* /ou "ill =ro&a&l7 nee$ a$$i!ional s=amassassin !ools !o &e more selec!ive an$ accura!e in 7our !es!s* This "ill &e covere$ nex!*
(sing 6re7lis!ing
To maximiBe !he effec! of !heir effor!sA s=ammers !r7 !o sen$ email as <uickl7 as =ossi&le* The7 !ake no!e of !he emails !ha! &ounceA so !ha! !he7 kno" "hich a$$resses !o remove from !heir lis!s !o make !heir nex! mailing more efficien!*
1: of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
When mail servers receive mail !oo ra=i$l7 for !hem !o han$leA !he7 can ask !he sen$er !o !r7 again la!er* S=ammers of!en vie" resen$ing emails !o vali$ a$$resses as a "as!e of com=u!ing !ime !ha! coul$ &e use$ !o sen$ mail !o &ran$ ne" a$$resses !ha! &elong !o fas!er mail servers* .mails !ha! nee$ !o &e resen! are usuall7 a&an$one$* Some emails nee$ relia&le $eliver7 !o &e effec!ive an$ !he sen$ers of !hese !7=es of messages are "illing !o resen$* These inclu$e &ank s!a!emen! no!ifica!ionsA ecommerce =urchase confirma!ionsA an$ su&scri=!ion ne"sle!!ers* #n a =revious sec!ion "e sa" "here s=amassassin al"a7s reRec!s emails from &lacklis!e$ sources* Wi!h gre7lis!ingA sources are Rus! aske$ !o resen$* One of !he mos! =o=ular gre7lis! mail fil!er Dmil!erE =ro$uc!s is !he mil!er8gre7lis! =ackage "hich also "orks seamlessl7 "i!h s=amassassin* #! is eas7 !o use an$ #?ll $iscuss ho" can &e configure$ on 7our mail server*
%o"nloa$ing an$ #ns!alling mil!er8gre7lis!
Mos! ,e$Ha! an$ Fe$ora Linux sof!"are =ro$uc! =ackages are availa&le in !he ,1M forma!A "hereas %e&ian an$ (&un!u Linux use %.> forma! ins!alla!ion files* When searching for !hese =ackages remem&er !ha! !he filename usuall7 s!ar!s "i!h !he sof!"are =ackage name an$ is follo"e$ &7 a version num&erA as in mil!er8gre7lis!8+*2*281+::*fc1+*x52F2+*r=m* DFor hel= on $o"nloa$ing an$ ins!alling !he re<uire$ =ackagesA see Cha=!er 2A #ns!alling Linux Sof!"areE* o!e: The mil!er8gre7lis! =ackage is a sen$mail a$$8on an$ $oes no! run as a $aemon* /ou $o have !o res!ar! sen$mail for !he se!!ings !o !ake effec!*
Configuring mil!er8gre7lis!
Configuring mil!er8gre7lis! re<uires !hese four <uick s!e=s: 1* -$$ !he mil!er8gre7lis! s!a!emen!s lis!e$ in !he ,.-%M. file !o 7our 'e!c'mail'sen$mail*mc file:
INPUT_MAIL_FILTER(`greylist',`S=local:/var/milter-greylist/milter-greylist.sock') define(`confMILTER_MACROS_CONNECT', `j, {if_addr}') define(`confMILTER_MACROS_HELO', `{verify}, {cert_subject}') define(`confMILTER_MACROS_ENVFROM', `i, {auth_authen}') define(`confMILTER_MACROS_ENVRCPT', `{greylist}')
2* The =revious s!e= reference$ !he file 'var'mil!er8gre7lis!'mil!er8gre7lis!*sock "hich no" has !o &e crea!e$ an$ o"ne$ &7 !he grmil!er user* /ou can $o !his &7 firs! searching for !he grmil!er user in 'e!c'=ass"$A !o $ou&le check !ha! !he user firs! exis!s an$ !ha! !he $irec!or7 is o"ne$ &7 !his user also* ex! crea!e !he file an$ change i!s o"nershi=* The me!ho$ can &e seen here*
[root@bigboy tmp]# grep grey /etc/passwd grmilter:x:495:494:Greylist-milter user:/var/lib/milter-greylist:/sbin/nologin [root@bigboy tmp]# touch /var/lib/milter-greylist/milter-greylist.sock [root@bigboy tmp]# chown grmilter:grmilter \ /var/lib/milter-greylist/milter-greylist.sock [root@bigboy tmp]# ll /var/lib/milter-greylist/milter-greylist.sock -rw-r--r-- 1 grmilter grmilter 0 Dec 12 00:26 /var/lib/milter-greylist/milter-greylist.sock [root@bigboy tmp]#
)* Configure 6re7lis! !o s!ar! au!oma!icall7 on re&oo!* Fe$ora ' Cen!OS ' ,e$Ha!
[root@bigboy tmp]# chkconfig spamassassin on
(&un!u ' %e&ian
user@ubuntu:~$ sudo sysv-rc-conf spamassassin on
+* .$i! !he 'e!c'mail'gre7lis!*conf configura!ion file* Here "e se! !he V!r7 again la!erW !o five minu!es an$ use !he "hi!elis! comman$ !o $eac!iva!e !he !imer for !rus!e$ ne!"orks so !ha! mail is $elivere$ imme$ia!el7*
# # File: /etc/mail/greylist.conf # # How long a client has to wait before we accept # the messages it retries to send. Here, 1 hour. # greylist 5m # # Whitelist addresses within my own home/office network # acl whitelist addr 192.168.0.0/16
0* ,un !he ac!iva!e8sen$mail*sh scri=! for !he ne" se!!ings !o !ake effec!* /our ne" s=am mi!iga!ion !ool shoul$ no" &e full7 func!ional* /ou are rea$7 !o goQ
Configuring mil!er8gre7lis!
o" !ha! "e have mil!er8gre7lis! ins!alle$A "e nee$ !o &e a&le !o $o some &asic !rou&leshoo!ing* The 'var'log'maillog file shoul$ &e use$ !o $e!ermine "ha! is ha==ening !o 7our mail* Here are !"o sam=les of "ha! !o ex=ec!:
Dec 24 00:32:31 bigboy sendmail[28847]: jBO8WVnG028847: Milter: to=<[email protected]>, reject=451 4.7.1 Greylisting in action, please come back in 00:05:00 Dec 23 20:40:21 bigboy milter-greylist: jBO4eF2m027418: addr 211.115.216.225 from <[email protected]> rcpt <[email protected]>: autowhitelisted for 24:00:00
#n !he firs! en!r7A !he email receive$ is given a !ag DR>O5W@n6:255+4E &ase$ on ke7 charac!eris!ics in !he mail hea$er an$ a re<ues! is sen! !o !he sen$er !o resen$ !he email in five minu!es* -n7 email !ha! is receive$ "i!h !he same calcula!e$ ke7 "i!hin !he au!o"hi!e =erio$ configure$ in !he gre7lis!*conf file "ill !hen &e au!oma!icall7 acce=!e$ "i!hou! $ela7* #n !he secon$ en!r7A !he email has &een resen! an$ imme$ia!el7 acce=!e$* -n7 o!her email from !ha! source "i!hin !he nex! 2+ hours "ill &e acce=!e$ "i!hou! $ela7* o!e: 6re7lis!ing is ver7 effec!iveA &u! 7ou "ill have !o !ne i!s o=era!ion !o make sure cri!ical emails are no! $ela7e$ a! all* One solu!on is !o se! !he au!o"hi!e =erio$ in 'e!c'mail'gre7lis!*conf !o sligh!l7 more !han 2+ hours es=eciall7 if 7ou ge! mail from cer!ain reci=ien!sA such as ne"sle!!ersA on a $ail7 &asis* This makes !hem arrive "i!hou! in!erru=!ion*
- Sim=le 1.,L Scri=! To Hel= S!o= S1-M
>lacklis!s "on3! s!o= ever7!hingA &u! 7ou can limi! !he amoun! of unsolici!e$ s=am 7ou receive &7 "ri!ing a small scri=! !o in!erce=! 7our mail &efore i! is "ri!!en !o 7our mail&ox* This is fairl7 sim=le !o $oA &ecause sen$mail al"a7s checks !he *for"ar$ file in 7our home $irec!or7 for !he name of !his scri=!* The sen$mail =rogram !hen looks for !he filename in !he $irec!or7 'e!c'smrsh an$ execu!es i!* >7 $efaul!A 1.,L $oesn3! come "i!h mo$ules !ha! are a&le !o check e8mail hea$ers an$ envelo=es so 7ou have !o $o"nloa$ !hem from C1- D"""*c=an*orgE* The mos! im=or!an! mo$ules are: MailTools #O8S!ring7 M#M.8!ools Mail8-u$i! # have "ri!!en a scri=! calle$ mail8fil!er*=l !ha! effec!ivel7 fil!ers ou! s=am e8mail for m7 home s7s!em* - fe" s!e=s are re<uire$ !o make !he scri=! "ork: 1* #ns!all 1.,L an$ !he 1.,L mo$ules 7ou $o"nloa$e$ from C1- * 2* 1lace an execu!a&le version of !he scri=! in 7our home $irec!or7 an$ mo$if7 !he scri=!3s XF#L.1-TH varia&le =oin! !o 7our home $irec!or7* )* (=$a!e file mail8fil!er*acce=!A "hich s=ecifies !he su&Rec!s an$ e8mail a$$resses !o acce=!A an$ file mail8fil!er*reRec!A "hich s=ecifies !hose !o reRec!* +* (=$a!e 7our *for"ar$ file an$ =lace an en!r7 in 'e!c'smrsh* Mail8fil!er firs! reRec!s all e8mail &ase$ on !he reRec! file an$ !hen acce=!s all mail foun$ in !he acce=! file* #! !hen $enies ever7!hing else* For a sim=le scri=! "i!h ins!ruc!ions on ho" !o ins!all !he 1.,L mo$ulesA see -==en$ix ##A GCo$esA Scri=!sA an$ Configura!ionsG*
11 of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
Configuring /our %oveco! 1O1 ' #M-1 Mail Server
.ach user on 7our Linux &ox "ill ge! mail sen! !o !heir accoun!3s mail fol$erA &u! sen$mail Rus! han$les mail sen! !o 7our m78si!e*com $omain* #f 7ou "an! !o re!rieve !he mail from 7our Linux &ox3s user accoun! using a mail clien! such as .volu!ionA Microsof! Ou!look or Ou!look .x=ressA !hen 7ou have a fe" more s!e=s* /ou3ll also have !o make 7our Linux &ox a 1O1 mail server* Linux comes "i!h !he eas7 !o use $oveco! #M-1'1O1 server =ackage "hich re<uires ver7 li!!le configura!ion af!er ins!alla!ion*
#ns!alling %oveco!
Mos! ,e$Ha! an$ Fe$ora Linux sof!"are =ro$uc! =ackages are availa&le in !he ,1M forma!A "hereas %e&ian an$ (&un!u Linux use %.> forma! ins!alla!ion files* When searching for !hese =ackages remem&er !ha! !he filename usuall7 s!ar!s "i!h !he sof!"are =ackage name an$ is follo"e$ &7 a version num&erA as in $oveco!8:*99*1181*FC)*+*i)52*r=m* DFor hel= on $o"nloa$ing an$ ins!alling !he re<uire$ =ackagesA see Cha=!er 2A #ns!alling Linux Sof!"areE*
S!ar!ing %oveco!
The me!ho$ologies var7 $e=en$ing on !he varian! of Linux 7ou are using as 7ou?ll see nex!* Fe$ora ' Cen!OS ' ,e$Ha! Wi!h !hese flavors of Linux 7ou can use !he chkconfig comman$ !o ge! $oveco! configure$ !o s!ar! a! &oo!:
[root@bigboy tmp]# chkconfig dovecot on
To s!ar!A s!o=A an$ res!ar! $oveco! af!er &oo!ing use !he service comman$:
[root@bigboy tmp]# service dovecot start [root@bigboy tmp]# service dovecot stop [root@bigboy tmp]# service dovecot restart
To $e!ermine "he!her $oveco! is running 7ou can issue ei!her of !hese !"o comman$s* The firs! "ill give a s!a!us message* The secon$ "ill re!urn !he =rocess #% num&ers of !he $oveco! $aemons*
[root@bigboy tmp]# service dovecot status [root@bigboy tmp]# pgrep spam
o!e: ,emem&er !o run !he chkconfig comman$ a! leas! once !o ensure $oveco! s!ar!s au!oma!icall7 on 7our nex! re&oo!* (&un!u ' %e&ian Wi!h !hese flavors of Linux !he comman$s are $ifferen!* Tr7 ins!alling !he s7sv8rc8conf an$ s7svini!8u!ils %.> =ackages as !he7 =rovi$e comman$s !ha! sim=lif7 !he =rocess* DFor hel= on $o"nloa$ing an$ ins!alling !he =ackagesA see Cha=!er 2A #ns!alling Linux Sof!"areE /ou can use !he s7sv8rc8conf comman$ !o ge! $oveco! configure$ !o s!ar! a! &oo!:
user@ubuntu:~$ sudo sysv-rc-conf dovecot on
To s!ar!A s!o=A an$ res!ar! $oveco! af!er &oo!ing !he service comman$ is !he same:
user@ubuntu:~$ sudo service dovecot start user@ubuntu:~$ sudo service dovecot stop user@ubuntu:~$ sudo service dovecot restart
To $e!ermine "he!her $oveco! is running 7ou can issue ei!her of !hese !"o comman$s* The firs! "ill give a s!a!us message* The secon$ "ill re!urn !he =rocess #% num&ers of !he $oveco! $aemons*
user@ubuntu:~$ sudo service dovecot status user@ubuntu:~$ pgrep dovecot
o!e: ,emem&er !o run !he s7sv8rc8conf comman$ a! leas! once !o ensure $oveco! s!ar!s au!oma!icall7 on 7our nex! re&oo!*
%oveco! Configura!ion Files
/ou can $efine mos! of %oveco!3s configura!ion =arame!ers in !he $oveco!*conf file "hich ma7 &e loca!e$ in ei!her !he 'e!c or 'e!c'$oveco! $irec!or7 $e=en$ing on 7our version of Linux* ,emem&er !o res!ar! %oveco! af!er 7ou make an7 changes !o 7our configura!ion files* This is !he onl7 "a7 !o ac!iva!e !he ne" se!!ings*
Choice of 1ro!ocols
/ou can selec! one of !"o =ro!ocols in 7our %oveco! configura!ion: #M-1 an$ 1O1)* Wi!h 1O1) 7our mail is $o"nloa$e$ !o 7our com=u!er so !ha! 7ou can "ork "i!h i! offline* #f 7ou access an$ re=l7 !o 1O1) mail from $ifferen! com=u!ers i! "ill &e $ifficul! !o ge! a com=le!e =ic!ure of some !hrea$s as !he re=lies sen! on one com=u!er "on?! &e visi&le on !he o!her* Wi!h #M-1 7our mail al"a7s remains on 7our mail server "hich elimina!es !his =ro&lem* #! also allo"s 7ou !o crea!e fol$ers for 7our email "hich makes i! eas7 !o organiBe 7our e8mail an$ access i! from an7"here* .ach of !hese =ro!ocols o=era!e on a $ifferen! TC1 =or! as sho"n in Ta&le 2181*
1ro!ocol TC1 1or! 1O1 1O1S #M-1 #M-1S 11: 990 1+) 99)
This informa!ion "ill &e re<uire$ for 7our configura!ion file as 7ou "ill soon see* /ou shoul$ also make sure 7our fire"all rules allo" !raffic !o access 7our server on !hese =or!s*
@ersion 1*x
#n !his versionA %oveco! "oul$ &7 $efaul! ac! as a server for #M-1A secure encr7=!e$ #M-1 D#M-1SEA 1O1 an$ secure encr7=!e$ 1O1 D1O1SE* /ou coul$ limi! !his lis! &7 e$i!ing !he =ro!ocols line in !he 'e!c'$oveco!*conf file an$ !hen res!ar!ing $oveco! for !he change !o !ake effec!*#n !he exam=le &elo" $oveco! is configure$ !o serve onl7 1O1)* o!e: (nfor!una!el7 !he 1O1) an$ #M-1 =ro!ocols sen$ 7our username an$ =ass"or$ unencr7=!e$ "hich ex=oses 7our users !o a!!acks* %oveco! ex=ec!s 7ou !o use !he more secure 1O1)S or #M-1S me!ho$s an$ !herefore $isa&les !he use of =lain !ex! =ass"or$s &7 $efaul!* To ena&le !he acce=!ance of =lain !ex! au!hen!ica!ion !he $isa&leF=lain!ex!Fau!h comman$ nee$s !o &e se! !o VnoWA as !he exam=le also sho"s*
# # File /etc/dovecot.conf sample # # Protocols we want to be serving imap imaps pop3 pop3s #protocols = imap imaps pop3 pop3s protocols = pop3 disable_plaintext_auth = no
/ou shoul$ al"a7s !r7 !o use secure 1O1)S or #M-1S for &e!!er =eace of min$* More $e!ails on ho" !o $o !his "i!h ne"er versions of %oveco! "ill &e covere$ nex!*
12 of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
@ersion 2*x an$ e"er
#n more recen! versionsA !he s7n!ax of !he $oveco!*conf s!a!emen!s use$ !o $efine =ro!ocols has change$* >o!h 1O1) an$ #M-1 se!!ings are configure$ in a service sec!ion an$ 7ou can $efine !he #1 a$$resses each shoul$ use an$ !he TC1 =or!s on "hich !he7 shoul$ lis!en* #n !his exam=leA "e have $isa&le$ #M-1S an$ 1O1) &7 se!!ing !heir ine!Flis!ener =or!s !o Bero* 1O1)S is "orking on a$$ress 192*125*1*1:: "hile #M-1 "orks on !he localhos! a$$ress 124*:*:*1* >o!h 1O1)S an$ #M-1 lis!en on !heir res=ec!ive TC1 =or!s*
# Required to make POPS / IMAPS to work with certificates ssl = yes
service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 995 address = 192.168.1.100 } } service imap-login { inet_listener imap { address = 127.0.0.1 port = 143 } inet_listener imaps { port = 0 } }
#M-1S an$ 1O1)S commonl7 rel7 on !he use of SSL cer!ifica!es for encr7=!ion* /ou make %oveco! a"are !ha! 7ou in!en$ !o use !his me!ho$ "i!h !he ssl comman$* This is also sho"n in !he exam=le* #! is an im=or!an! s!e=* o!e: -l"a7s remem&er !o res!ar! %oveco! in or$er for !hese se!!ings !o !ake effec!*
@erifi7ing Whe!her %oveco! is Lis!ening
/ou can !hen use !he ne!s!a! comman$ !o $o a sim=le =reliminar7 !es! !o make sure $oveco! is lis!ening on !he correc! =or!s* #n !his exam=le "e see !ha! #M-1 is lis!ening on localhos! an$ 1O1S is lis!ening on !he #C #1 a$$ress of server &ig&o7* #! =roof !ha! our configura!ion "orks*
[root@bigboy tmp]# netstat -ta | egrep -i 'pop|imap' tcp 0 0 localhost:imap *:* tcp 0 0 bigboy:pop3s *:* [root@bigboy tmp]#
LISTEN LISTEN
#! is of!en insufficien! !o use !his as 7our onl7 !es!* Tr7 using !he !elne! comman$ from ano!her loca!ion !o verif7 !ha! remo!e clien! can con!ac! 7our mail server on !he correc! =or!s* #f !he7 canno!A 7ou ma7 have a rou!ing or fire"all issueA or $oveco! ma7 no! &e running* #n !his exam=le "e are !es!ing on !he 1O1S =or!A 990*
[root@bigboy tmp]# telnet mail.my-site.com 995 Trying 192.168.1.100... Connected to mail.simiya.com. Escape character is '^]'. ^] telnet> quit Connection closed. [root@bigboy tmp]#
Connec!ion =ro&lems coul$ also &e !he resul! of !7=ical ne!"ork issues ou!line$ in Cha=!er +A GSim=le e!"ork Trou&leshoo!ingG* ,evie" !his cha=!er if 7ou fin$ 7ourself having =ro&lems rela!e$ !o &asic connec!ivi!7*
Configuring SSL Cer!ifica!es for 1O1)S an$ #M-1S
-s men!ione$ =reviousl7A "hen configuring 1O1)S an$ #M-1S 7ou nee$ !o le! %oveco! kno" "here 7our cer!ifica!es are* >7 $efaul! !he cer!ifica!es are name$ $oveco!*=em an$ references !o !hem shoul$ &e foun$ in 7our $oveco!*conf file or one of i!s $augh!er configura!ion files in !he 'e!c'$oveco!'conf*$ $irec!or7*The configura!ion shoul$ look like !his*
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem
/ou can verif7 !hese comman$s are lis!e$ in 7our %oveco! configura!ion file !ree* This can &e $one "i!h a sim=le recursive gre= comman$ "hich searches 'e!c'$oveco! an$ i!s su&$irec!ories for files "i!h !he s!ring $oveco!*=em in !hem* #n !his case !he s!a!emen!s are foun$ in !he 1:8ssl*conf file in !he 'e!c'$oveco!'conf*$ $irec!or7*
[root@bigboy tmp]# grep -ir dovecot.pem /etc/dovecot/ /etc/dovecot/conf.d/10-ssl.conf:ssl_cert = </etc/pki/dovecot/certs/dovecot.pem /etc/dovecot/conf.d/10-ssl.conf:ssl_key = </etc/pki/dovecot/private/dovecot.pem [root@bigboy tmp]#
-f!er fin$ing !he references 7ou shoul$ verif7 !ha! !he files exis!* This can &e $one "i!h !he loca!e comman$* Here "e see !he file loca!ions =reviousl7 lis!e$ in !he configura!ion file ma!ch files !ha! ac!uall7 resi$e in !he files7s!em*
[root@bigboy tmp]# locate dovecot.pem /etc/pki/dovecot/certs/dovecot.pem /etc/pki/dovecot/private/dovecot.pem [root@bigboy tmp]#
Wha! $o 7ou $o if 7ou $on?! have !hese files; %on?! "orr7A 7ou can easil7 crea!e !hem an$ !his "ill &e covere$ nex!*
Configuring SSL Cer!ifica!es for 1O1)S an$ #M-1S
Wha! $o 7ou $o if 7ou $on?! have !hese files; %on?! "orr7A 7ou can easil7 crea!e !hem an$ !his "ill &e covere$ nex!* The mkcer!*sh file "ill genera!e 7our %oveco! cer!ifica!es for 7ou using !he $a!a configure$ in !he $oveco!8o=enssl*cnf file* /ou can use !he loca!e comman$ !o fin$ &o!h files*
[root@bigboy tmp]# locate mkcert.sh /usr/libexec/dovecot/mkcert.sh [root@bigboy tmp]# locate dovecot-openssl.cnf /etc/pki/dovecot/dovecot-openssl.cnf [root@bigboy tmp]#
Though !he con!en!s of !he $oveco!8o=enssl*cnf file "ill &e sufficien! !o gen!era!e !he SSL cer!ifica!esA 7ou ma7 "an! !o cus!omiBe i! !o mee! !he nee$s of 7our organiBa!ion as seen here*
# # File: dovecot-openssl.cnf # [ req_dn ] # country (2 letter code) C=US # State or Province Name (full name) ST=California # Locality Name (eg. city) L=San Francisco # Organization (eg. company) O=My-Site Inc # Organizational Unit Name (eg. section) OU=My-Site IT Department # Common Name (*.example.com is also possible) CN=mail.my-site.com # E-mail contact [email protected]
The nex! s!e= is !o !un !he mkcer!*sh scri=! an$ make sure !he ke7s are in !he righ! loca!ion*
1) of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
[root@bigboy tmp]# /usr/libexec/dovecot/mkcert.sh Generating a 1024 bit RSA private key ...........++++++ ......................++++++ writing new private key to '/etc/pki/dovecot/private/dovecot.pem' ----subject= /OU=My-Site IT Department/CN=mail.my-site.com/[email protected] SHA1 Fingerprint=A0:F9:95:1B:90:21:B9:B2:45:5B:CC:DF:20:2C:9E:25:74:69:F1:DD [root@bigboy tmp]#
o" !ha! 7our cer!ifica!es have &een crea!e$ 7ou shoul$ &e rea$7 !o s!ar! serving secure email !o 7our users* %oveco! uses i!s o"n cer!ifica!es an$ !he me!ho$ $escri&e$ here sho"s 7ou ho" !o crea!e 7our o"n* #f 7ou are =ar! of an en!er=rise "i!h i!s o"n $omainA 7ou shoul$ inves! in ge!!ing 7our SSL cer!ifica!es crea!e$ &7 an official cer!ifica!e au!hori!7 like @erisign* -ll email clien!s recogniBe organiBa!ions like !hese an$ "ill o=era!e using 1O1S an$ #M-1S "i!hou! $is=la7ing an error message s!a!ing !ha! !he cer!ifica!e comes from an un!rus!e$ source* For a$$i!ional securi!7 7ou can ins!all a se=ara!e cer!ifica!e on all !he clien! com=u!ers an$ configure %oveco! !o onl7 in!erac! "i!h clien!s !hese kno"n cre$en!ials* Ho" $o !his is &e7on$ !he sco=e of !his &ookA &u! shoul$ &e inves!iga!e$ !o re$uce 7our securi!7 risk*
%oveco! Mail&oxes
Though sen$mail sen$s 7our email !o a local user accoun!A Linux ma7 s!ore !he con!en! of !he mail in one of man7 forma!s* T"o common me!ho$s are m&ox an$ mail$ir* %oveco! uses !he mailFloca!ion $irec!ive !o $efine !he !7=e of mail forma! an$ !he loca!ion of i!s files* This $irec!ive ma7 &e foun$ in ei!her 7our $oveco!*conf file or one of i!s $augh!er configura!ion files in !he 'e!c'$oveco!'conf*$ $irec!or7* #! ma7 also &e commen!e$ ou!* @erif7 !ha! !hese $irec!ives are lis!e$ in 7our %oveco! configura!ion file !ree* This can &e $one "i!h a sim=le recursive gre= comman$ "hich searches 'e!c'$oveco! an$ i!s su&$irec!ories for files "i!h !he s!ring mailFloca!ion in !hem* #n !his case !he s!a!emen!s are foun$ in !he 1:8mail*conf file in !he 'e!c'$oveco!'conf*$ $irec!or7*
[root@bigboy tmp]# grep -ir mail_location /etc/dovecot /etc/dovecot/conf.d/10-mail.conf:# mail_location = maildir:~/Maildir /etc/dovecot/conf.d/10-mail.conf:# mail_location = mbox:~/mail:INBOX=/var/mail/%u /etc/dovecot/conf.d/10-mail.conf:# mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n /etc/dovecot/conf.d/10-mail.conf:#mail_location = /etc/dovecot/conf.d/10-mail.conf:#mail_location = mbox:~/mail:INBOX=/var/mail/%u [root@bigboy tmp]#
#f 7ou look closel7A 7ou "ill no!ice !ha! !he references are all commen!e$ ou!* The follo"ing sec!ions "ill sho" 7ou ho" !o $e!ermine "hich me!ho$ !o use* #f 7ou selec! !he incorrec! me!ho$A !hen 7ou "on?! &e a&le !o $o"nloa$ 7our mailA &ecause %oveco! "ill &e looking for i! in !he "rong loca!ionQ
Configuring %oveco! for m&ox
M&ox mail is s!ore$ in !he $irec!or7 'var'mail* .ach user is assigne$ a single file !ha! con!ains all !heir mail an$ !he filename is !he same as Linux username* #f !here are files in 'var'mailA as seen &elo"A 7ou are mos! likel7 using !he m&ox me!ho$*
[root@bigboy tmp]# ls /var/mail/ user1 user2 user3 user4 user5 user6 user7 user8 user9 [root@bigboy tmp]#
The configura!ion for m&ox re<uires !he a$$i!ion of !his line !o 7our $oveco!*conf fileA or as in our caseA uncommen!ing a similar line from !he 1:8mail*conf file* .i!her me!ho$ "ill "ork*
mail_location = mbox:~/mail:INBOX=/var/mail/%u
o!e: ,emem&er !o res!ar! %oveco! for !his se!!ing !o &e ac!iva!e$* o" i! is !ime !o !ake a look a! !he mail$ir me!ho$*
Configuring %oveco! for mail$ir
Mail$ir mails are almos! al"a7s s!ore$ in a Y'Mail$ir' $irec!or7 in !he users? home $irec!or7* (nlike !he m&ox me!ho$A "i!h mail$ir each mail is s!ore$ in a se=ara!e file* To configure %oveco! for 7our mail$ir mailA use !his $irec!ive:
mail_location = maildir:~/Maildir
o!e: ,emem&er !o res!ar! %oveco! for !his se!!ing !o &e ac!iva!e$* /ou are $oneQ Tha! "as eas7* %ifferen! $is!ri&u!ions of Linux use $iffering me!ho$s of s!oring email* #f nei!her m&ox or mail$ir seems !o &e !he me!ho$ 7our s7s!em is using !hen check !he %oveco! "e&si!e a! $oveco!*org for fur!her $e!ails*
Configuring /our Mail Clien!s
>7 $efaul! 7our 1O1 ' #M-1 e8mail accoun!s "ill &e !he regular Linux user accoun!s in "hich sen$mail has $e=osi!e$ mail* /ou can no" configure 7our e8mail clien! !o use 7our use 7our ne" mail server <ui!e easil7* For exam=le !o configure 1O1S MailA se! 7our 1O1S mail server in !he clien! =rogram !o &e !he #1 a$$ress of 7our Linux mail server* (se 7our Linux user username an$ =ass"or$ "hen =rom=!e$* #f 7ou are using a self signe$ SSL cer!ifica!eA 7our mail clien! "ill give a "arning an ask "he!her !he cer!ifica!e shoul$ &e acce=!e$* /ou "ill have !o sa7 V7es?* ex!A se! 7our SMT1 mail server !o &e !he #1 a$$ress'$omain name of 7our Linux mail server*
Ho" !o han$le overla==ing email a$$resses*
#f 7ou have user overla=A such as Pohn Smi!h DRohnLm78si!e*comE an$ Pohn >ro"n DRohnLano!her8si!e*comEA &o!h users "ill ge! sen! !o !he Linux user accoun! Rohn &7 $efaul!* /ou have !"o o=!ions for a solu!ion: Make !he user =ar! of !he email a$$ress $ifferen!A Rohn1Lm78si!e*com an$ Rohn2Lano!her8si!e*com for exam=leA an$ crea!e Linux accoun!s Rohn1 an$ Rohn2* #f !he users insis! on overla==ing namesA !hen 7ou ma7 nee$ !o mo$if7 7our vir!user!a&le file* Crea!e !he user accoun!s Rohn1 an$ Rohn2 an$ =oin! vir!user!a&le en!ries for RohnLm78si!e*com !o accoun! Rohn1 an$ =oin! RohnLano!her8si!e*com en!ries !o accoun! Rohn2* The 1O1 configura!ion in Ou!look .x=ress for each user shoul$ re!rieve !heir mail via 1O1 using Rohn1 an$ Rohn2A res=ec!ivel7* Wi!h !his !rick 7ou3ll &e a&le !o han$le man7 users &elonging !o mul!i=le $omains "i!hou! man7 a$$ress overla= =ro&lems*
Trou&leshoo!ing %oveco! Mail
The ver7 firs! !rou&leshoo!ing s!e= is !o $e!ermine "he!her 7our server is accessi&le on !he correc! TC1 =or!s* For exam=leA "i!h 1O1 use TC1 =or! 11: or for 1O1S use =or! of 990* Lack of connec!ivi!7 coul$ &e cause$ &7 a fire"all "i!h incorrec! =ermi!A -TA or =or! for"ar$ing rules !o 7our server* Tes! !his from &o!h insi$e 7our ne!"ork an$ from !he #n!erne!* DTrou&leshoo!ing TC1 "i!h T.L .T is covere$ in Cha=!er +A GSim=le e!"ork Trou&leshoo!ingGE
-l"a7s S!ar! "i!h Logging
Whenever 7ou are in $ou&! !urn on %oveco!?s $e&ugging fea!ures !o reveal more a&ou! "ha! is ha==ening* #n more recen! versions of %oveco!A !he logging sec!ions in $oveco!*conf have &een move$ !o a logging configura!ion file in !he 'e!c'$oveco!'conf*$ $irec!or7* #n !his exam=le !he file is name$ 1:8logging*conf*
[root@bigboy tmp]# ls /etc/dovecot/conf.d/*log* /etc/dovecot/conf.d/10-logging.conf [root@bigboy tmp]#
1+ of 10
15':+'2:1+ 0:14 1M
Quick HOWTO : Ch21 : Configuring Linux Mail Servers 8 Linux Ho***
h!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h='QuickFH***
The file has man7 sec!ions !ha! allo" 7ou !o !urn on ver7 ver&ose $e&ugging level messages for au!hen!ica!ionA SSLA an$ general messaging* #! is an invalua&le source of !rou&leshoo!ing informa!ion* %oveco! logs !o !he 'var'log'maillog file* For $e!ails on se!!ing u= Linux logging refer !o Cha=!er 0A GTrou&leshoo!ing "i!h s7slog*G Here are some goo$ exam=les: #n !his case !he Mail$ir mailFloca!ion me!ho$ "as incorrec!l7 chosen an$ !he ex=ec!e$ mail files "ere no! foun$
Dec Dec 5 20:49:47 bigboy dovecot: pop3(mail-user1): Debug: maildir: access(/home/users/mail-user1/Maildir, rwx): failed: No such file or directory 5 20:49:47 bigboy dovecot: pop3(mail-user1): Debug: maildir: couldn't find root dir
#n !his case %oveco!?s au!o$e!ec!ion me!ho$ faile$ !o $e!ermine !he correc! mailFloca!ion* The $irec!ive ha$ !o &e manuall7 a$$e$*
Dec 5 09:10:26 bigboy dovecot: pop3(mail-user2): Error: user lhn-mail: Initialization failed: mail_location not set and autodetection failed: Mail storage autodetection failed with home=/home/users/mail-user2
Whenever !here is an7 $ou&!A look for !he error message in !he log fileA !r7 !o un$ers!an$ "ha! i! means an$ "ha! coul$ &e $one !o fix !he =ro&lem* ,emem&erA fin$ing hel= for 7our =ro&lem on !he #n!erne! "ill &e much easier if 7ou search for ke7 =ar!s of 7our log message*
Conclusion
.8mail is an im=or!an! =ar! of an7 We& si!eA an$ 7ou nee$ !o =lan i!s configura!ion carefull7 !o make i! a seamless =ar! of !he We& ex=erience of 7our visi!ors* Wi!hou! i!A 7our We& si!e "on3! seem com=le!e* - full7 func!ioning We& si!e is Rus! !he &eginning* #! nee$s !o &e main!aine$ !o re$uce !he risk of failure an$ moni!ore$ !o hel= $e!ec! =o!en!ial =ro&lems* Cha=!er 22A G Moni!oring Server 1erformanceGA $iscusses man7 Linux8&ase$ !ools !ha! 7ou can &e use !o !rack !he heal!h of 7our Linux server* ,e!rieve$ from Gh!!=:''"""*linuxhomene!"orking*com'"iki'in$ex*=h=;!i!leZQuickFHOWTOF:FCh21F:FConfiguringFLinuxFMailFServersOol$i$Z+))1G
This =age "as las! mo$ifie$ on 1: -ugus! 2:12A a! :2:29* Con!en! is availa&le un$er -!!ri&u!ion8 onCommercial8 o%erivs 2*0 *
10 of 10
15':+'2:1+ 0:14 1M
