Sendmail / IMAP email server setup
Until recently, On Ensemble’s email server lived in my apartment. By using all Free Software, we have been able to host the OnEnsemble.org website and email for the group on recycled computers, for only the cost of my internet connection. The software is top-notch… the only limitation is knowing how to set up and administer everything. I often need some guidance and help understanding the software.
This is where the gnu/linux community comes in, and my friends in the Los Angeles Linux Users Group. We meet in an IRC chatroom called #lalugs, helping each other out. You too can hang out here and ask questions: download Xchat or Colloquy, join the server irc.freenode.net, and join the #lalugs channel. My nickname there is “xuxa”.
My most recent challenge was to move On Ensemble’s email server services to the new server. For this, mail master Stu Sheldon helped me out at the SCLUG meeting.
The following step-by-step assumes you have a base installation of debian that is up-to-date (apt-get update, apt-get upgrade). If you need help getting to this stage, please contact me.
You can see my finished sendmail.mc config file here.
good source for help: mirror.actusa.net/pub/sample-files/
Intro / overview – 00:00:00
Sendmail installation – 00:07:20
Become root, then:
apt-get install sendmail
Change MSP_MODE from “Cron” to “daemon”
Sendmail configuration – 00:10:25
(enter your mail domain name)
-- for us, OnEnsemble.org (use your domain)
Null client forward host? (leave blank)
Smart host? (leave blank)
Disable address canonification (N)
Masquerade envelopes (Y)
All masquerade (N)
Don't masquerade local (N)
Always add domain (N)
Accept mail for [your domain] (Y)
Alternate names (leave as default)
Trusted users? root
Enable redirect option (Y)
Enable UUCP addressing? (N)
Enable sticky host option? (N)
Enable DNS? (Y)
Assume best MX is local (N)
Enable the mailer table feature (Y)
Use the sendmail restricted shell (Y)
Message timeouts? (leave as default: 4h/5d)
(N) to restart
Everything above is explained in cf.readme.gz from sendmail-doc package. (To get it “apt-get install sendmail-doc”, then read with “zless /path/to/cf.readme.gz”.)
Editing sendmail.mc – 00:19:54
cp sendmail.mc sendmail.mc.old
Find the DAEMON_OPTIONS line containing “Port=smtp”. Remove the following bit, as well as the comma that proceeds it:
Find the confPRIVACY_FLAGS bit and remove all the privacy flags, adding only `goaway’. When you’re done, it should look like this:
Find the confCONNECTION_RATE_THROTTLE line and change “15” to “25”. Change the next line, the confCONNECTION_RATE_WINDOW_SIZE from “10m” to “2m”.
We now want to delete the sections dealing with dialup connections. The first lines of the dialup section should look something like this:
dnl # If you're on a dialup link, you should enable this - so sendmail
dnl # will not bring up the link (it will queue mail for later)
Run sendmailconfig to rebuild the configuration and implement the changes:
(Y) to reload
In the output of the “ps” command above, you should see two sendmail processes listed.
telnet localhost 25
If the above outputs a lit of things, we have verified that sendmail is up and running.
Configuring authentication – 00:27:38
Some of the following steps were required because my server had postfix installed previously.
Change auto_transition to “false”.
QUESTIONFORSTU: this is “true” in my Sendmail.conf file
Find the line called mech_list and remove everything except “LOGIN PLAIN”
System was previously setup to run postfix so Stu did:
telnet localhost 25
Enable SASL for sendmail – 00:31:00
Reload the running sendmail
"To enable sendmail to use STARTTLS, you need to..."
We want to do the three steps it describes.
Copy the suggested line.
Insert the line at the bottom, right after “MAILER(smtp)dnl”
We also need another include for SASL, so immediately after the line you pasted, also add:
This time you should get no warning.
telnet localhost 25
In the output here, you should see “auth” and “starttls”.
Dovecot installation and configuration – 00:37:00
At this point, we should be able to send and receive email at a server to server level. sendmail requires a Local Delivery Agent to put the messages in a particular inbox so a user can access it. procmail is the default. We want our users to be able to get their email through an IMAP connection, so we’ll be using dovecot.
apt-get install dovecot-imapd dovecot-pop3d
Find the “protocols” line (relatively near the top) and edit it to look like this:
protocols = imap imaps pop3 pop3s
Find the disable_plaintext_auth line and set it to “no” so it looks like this:
disable_plaintext_auth = no
The output should show “dovecot”, “pop”, “imap”, and “sasl”.
Maildir configuration – 00:42:32
Next we need to set up maildir so that mail will live in users’ home directories.
mirror.actusa.net/pub/sample-files/ and look for the file: procmail.maildir.sample
Copy the contents of that file to a procmailrc config file in /etc/.
(paste and save)
We now want to create the default mail directory in the /root directory and then set things up so that new users get that Maildir folder automatically.
cp -Rpv Maildir /etc/skel/
ClamAV installation and configuration – 00:53:24
We now have a server that can send and receive mail and that mail is now being delivered to user inboxes. Next we need to add antivirus and spam blocking. “clamav” runs as a sendmail filter or ‘milter’.
apt-get install clamav clamav-milter arj unzoo daemon
failed! Because sendmail.cf hasn’t been configured yet to use clamav.
Paste the following line into sendmail.mc, after the “include” lines we added before. (This line is copied from Stu’s website sample files, specifically, the “sendmail.mc.sample” file.)
INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clamav-milter.ctl, F=T, T=S:4m;R:4m')dnl
The freshclam command should show clamav is up to date.
SpamAssassin installation and configuration – 1:03:55
We now have antivirus software installed and running. We need spamassassin to check and filter the incoming mail.
apt-get install spamassassin spamc libmail-spf-query-perl libnet-dns-perl, libio-string-perl libnet-ident-perl libio-socket-ssl-perl
Enable the spamassassin daemon by setting the ENABLED line to “1”.
(save the file)
We now need to enable spamassassin for all users. We’ll get procmailrc.spamc.sample from Stu’s site.
cd /home/(your user name)
mv procmailrc.maildir.sample /etc/skel/.procmailrc
Need Debian volatile repositories
Add the following Debian volatile repos to /etc/apt/sources.list (from stu’s debian-sources.list)
# Debian Volatile
deb http://mirror.actusa.net/debian-volatile stable/volatile main contrib non-free
deb http://debian.actusa.net/debian-volatile stable/volatile-sloppy main non-free contrib
The “ps” command should show clamav is running.
Email testing – 1:22:10
Now for testing…
Use the “ifconfig” command to check the local IP address of the current machine (192.168.1.112 in my case).
telnet 192.168.1.112 25 (change IP to be your machine's local IP address)
MAIL FROM: firstname.lastname@example.org (use an outside email address - email@example.com, for example)
RCPT TO: firstname.lastname@example.org (use the email address you're currently setting up)
hiya! This is a test email!
telnet localhost 110
user xuxa (use your user name)
pass bozo (use your password)
The “retr 1” command should show the email message you just sent.
The “stat” command should show clamav running. QUESTIONFORSTU! But no spamassassin yet.
SpamAssassin testing – 1:28:00
Now we figure out why spamassassin wasn’t there…
Double-check that spamassassin is enabled “ENABLED=1”
“spamd” should show up in the output of the ps command.
Try sending mail again. Stu copied the body of a spam message to see that spamassassin would catch it.
telnet localhost 25
If we want to route multiple email addresses to a single user, we need to set up “virtusertable”.
input the aliases you would like in the format:
email@example.com (tab) username
Mine looks something like:
Note, however that you cannot do something like this in virtusertable:
To re-send emails outside the system, you would need to do this in virtusertable:
And then in your aliases file:
Next, enable the virtusertable file in /etc/mail/sendmail.mc. Toward the end of the file, add “FEATURE(`virtusertable’)dnl” to the LOCAL_CONFIG section. Mine looks like this:
Transfering old mail to new server
imapsync –authmech1 PLAIN –authmech2 PLAIN –host1 localhost –user1 xuxa –passfile1 /etc/passfile1 –host2 jikatabi –user2 xuxa –passfile2 /etc/passfile1
Allowing local network machines to send mail through server
I was able to immediately connect with mutt to the new server but received an error message when trying to send messages. The server complained that it could not verify the IP address of my workstation. I needed to uncomment the following in my /etc/mail/access file:
Then run “make” as root in the /etc/mail/ directory.