Tag Archives: postfix

Setting up a mail server

On of the most difficult things to set up – in my experience – was a working mail server. It’s not that easy understanding the transport agents, sendmail applications, SMTP servers, IMAP server, etc.

I’ll try to describe all the steps to get a working server. This is largely based on The Perfect Debian Setup.

The first thing is to install and configure Postfix. Postfix is a mail transfer agent (MTA). It is the program that can send and receive mail from your server to any other server. However, it does not provide a way to access (read) that mail. It does provide the SMTP server for sending mail.

First, you need to install a bunch of stuff:
[code]aptitude install postfix libsasl2-2 sasl2-bin libsasl2-modules[/code]

When asked about the type of configuration, choose ‘Internet site’, and type your server’s name as the system mail name. After the installation is finished, you can do the actual configuration. Open the file /etc/postfix/main.cf and change the following settings (add the option if it is not already there):
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = vijge.net
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
myhostname = server.vijge.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = vijge.net, server.vijge.net, localhost.vijge.net, localhost
relayhost = [external SMTP server]
mynetworks = [::ffff:]/104 [::1]/128
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

This set how you can access the SMTP server, how the server should behave, and what it should do with mail it receives. The one thing you want to avoid is an open relay server. This is a server that anyone can access, and use to send mail from. Spammers use this, and if your server is an open relay server, some ISPs might block it. So pay attention to security. The setting smtpd_recipient_restrictions controls this.

  • permit_mynetworks means that anyone with an IP address listed in mynetworks can use the SMTP server without any login.
  • reject_unauth_destination means that mail to local users is always allowed. So anyone on the network can send mail to any other users on the network without authenticating.
  • However, sometimes you are outside your network, but still want to use the SMTP server. But only if a user logs in. I’m using a secure login for that, with the setting permit_sasl_authenticated. Other methods (reject_unauth_destination) are not allowed.

I set the option relayhost to the SMTP server of my ISP. All outgoing mail is send to this server first. You can also run it without this relay server. Then the SMTP server will try to contact the receiving mail server directly. Just leave it blank if you don’t want to use it.

Next, you have to start SASL, which takes care of the secure login. Edit the file /etc/default/saslauthd and set START=no to START=yes.

Start saslauthd with [code]/etc/init.d/saslauthd restart[/code] and restart postfix with [code]/etc/init.d/postfix restart[/code] You can test the connection with the command:
telnet localhost 25
ehlo localhost
That should output a list of the capabilities of the mail server. If you see 250-STARTTSL the secure login is available. If you see 250-AUTH PLAIN LOGIN the password-less login is also available (for local users).

Postfix is now configured, and you should be able to send mail. But of course you want to read your mail too. You use an e-mail program for that (such as Outlook, or Thunderbird). But the program needs a way of accessing the mail on your server. There are several options for that: the local mail spool, POP, or IMAP. I am using IMAP. It is supported by all (web) mail programs, and leaves the mail on the server (it doesn’t download the mail locally). Because the SqueezeBox is small, I wanted a lightweight mail server, so I choose Dovecot. You can install the IMAP part of Dovecot by running:
[code]aptitude install dovecot-imapd[/code]

Your server can receive e-mails (through postfix), but it does not yet know what to do with them. It needs to store them somewhere. This is the job of the local delivery agent (LDA). Dovecot includes an LDA, but it must be enabled in the configuration. You need to tell Dovecot where it must store new mail, and where it can find the mail if you make an IMAP connection to the server. Open the file /etc/dovecot/dovecot.conf and edit the following options:

  • protocols: a list of protocols that are enabled. Separate them with a space. I enabled IMAP, secure IMAP, and sieve, which be used to easily create message filters (more on that later).
    [code]protocols = imap imaps managesieve[/code]
  • ssl: set ssl to yes, to enable encrypted login through secure IMAP.
    [code]ssl = yes[/code]
  • Certificates and keys: a secure login need certificates and keys. Certificates are made automatically during the installation of Dovecot.
    [code]ssl_cert_file = /etc/ssl/certs/dovecot.pem
    ssl_key_file = /etc/ssl/private/dovecot.pem[/code]
  • Mail location: here you can configure where to store your mail, and in what format. Dovecot can use different formats, such as maildir and mbox. mbox uses a single file, whilst maildir stores everything in a directory. With Dovecot, maildir is supposed to be fast, so I have used that. I store the mail in the user’s home directory, under a hidden folder, but you can store it everywhere you like, and even make use of replacement variables.
    [code]mail_location = maildir:~/.mail[/code]
  • LDA: by default, Dovecot’s LDA is not enabled, so you need to uncomment that section. Just remove the # before the line [code]protocol lda {[/code]
    Find the closing } and remove the # before that too. I enabled to plugin sieve, so the LDA can filter messages [code]mail_plugin = sieve[/code]

Now you can restart Dovecot with
[code]/etc/init.d/dovecot restart[/code]

Now you need to create a mailbox directory for each user. You can do this with the command
[code]maildirmake.dovecot .mail[/code]
This assumes you are in the user’s home directory, and want to create a mailbox dir named .mail

Hopefully everything should work now. You can log in using a regular system user and access you mail via IMAP. You should also be able to send mail through your SMTP server.

In the next part of this tutorial, I’ll explain how to install some extra stuff, such a webmail, and an option to display new message when logging into the SSH shell.