Sendmail / IMAP email server setup

Until recently, On Ensemble’s email server lived in my apartment.  By using all Free Software, we have been able to host the OnEnsemble.org website and email for the group on recycled computers, for only the cost of my internet connection.  The software is top-notch… the only limitation is knowing how to set up and administer everything.  I often need some guidance and help understanding the software.

This is where the gnu/linux community comes in, and my friends in the Los Angeles Linux Users Group.  We meet in an IRC chatroom called #lalugs, helping each other out.  You too can hang out here and ask questions: download Xchat or Colloquy, join the server irc.freenode.net, and join the #lalugs channel.  My nickname there is “xuxa”.

My most recent challenge was to move On Ensemble’s email server services to the new server.  For this, mail master Stu Sheldon helped me out at the SCLUG meeting.

stu_sheldon

The following step-by-step assumes you have a base installation of debian that is up-to-date (apt-get update, apt-get upgrade). If you need help getting to this stage, please contact me.

You can see my finished sendmail.mc config file here.
good source for help: mirror.actusa.net/pub/sample-files/
audio file

Intro / overview – 00:00:00

Sendmail installation – 00:07:20

Become root, then:

apt-get install sendmail

cd /etc/mail
vi sendmail.conf

Change MSP_MODE from “Cron” to “daemon”

Sendmail configuration – 00:10:25

sendmailconfig
Y
N

(enter your mail domain name)
-- for us, OnEnsemble.org (use your domain)
Null client forward host? (leave blank)
Smart host? (leave blank)
Disable address canonification (N)
Masquerade envelopes (Y)
All masquerade (N)
Don't masquerade local (N)
Always add domain (N)
Accept mail for [your domain] (Y)
Alternate names (leave as default)
Trusted users?  root
Enable redirect option (Y)
Enable UUCP addressing? (N)
Enable sticky host option? (N)
Enable DNS? (Y)
Assume best MX is local (N)
Enable the mailer table feature (Y)
Use the sendmail restricted shell (Y)
Message timeouts? (leave as default: 4h/5d)
(N) to restart

Everything above is explained in cf.readme.gz from sendmail-doc package.  (To get it “apt-get install sendmail-doc”, then read with “zless /path/to/cf.readme.gz”.)

Editing sendmail.mc – 00:19:54

cp sendmail.mc sendmail.mc.old
vi sendmail.mc

Find the DAEMON_OPTIONS line containing “Port=smtp”. Remove the following bit, as well as the comma that proceeds it: Addr=127.0.0.1

Find the confPRIVACY_FLAGS bit and remove all the privacy flags, adding only `goaway’. When you’re done, it should look like this:
define(`confPRIVACY_FLAGS, `goaway')dnl

Find the confCONNECTION_RATE_THROTTLE line and change “15” to “25”. Change the next line, the confCONNECTION_RATE_WINDOW_SIZE from “10m” to “2m”.

We now want to delete the sections dealing with dialup connections. The first lines of the dialup section should look something like this:
dnl #
dnl # If you're on a dialup link, you should enable this - so sendmail
dnl # will not bring up the link (it will queue mail for later)

Run sendmailconfig to rebuild the configuration and implement the changes:

sendmailconfig
(Y) to reload
ps -ef

In the output of the “ps” command above, you should see two sendmail processes listed.

telnet localhost 25
ehlo test
quit

If the above outputs a lit of things, we have verified that sendmail is up and running.

Configuring authentication – 00:27:38

Some of the following steps were required because my server had postfix installed previously.

cd /usr/lib/sasl2/

vi Sendmail.conf

Change auto_transition to “false”.
QUESTIONFORSTU: this is “true” in my Sendmail.conf file
Find the line called mech_list and remove everything except “LOGIN PLAIN”

System was previously setup to run postfix so Stu did:

rm smtpd.conf
/etc/init.d/saslauthd restart
etc/init.d/sendmail restart

telnet localhost 25
ehlo test
quit

Enable SASL for sendmail – 00:31:00

cd /etc/mail/
sendmailconfig
(Y)
(Y)
Reload the running sendmail
(Y)
"To enable sendmail to use STARTTLS, you need to..."

We want to do the three steps it describes.

Copy the suggested line.

vi sendmail.mc

Insert the line at the bottom, right after “MAILER(smtp)dnl”

We also need another include for SASL, so immediately after the line you pasted, also add:
include (`/etc/mailsasl/sasl.m4')dnl

sendmailconfig
(Y)
(Y)

This time you should get no warning.

telnet localhost 25
ehlo test

In the output here, you should see “auth” and “starttls”.

quit

Dovecot installation and configuration – 00:37:00

At this point, we should be able to send and receive email at a server to server level. sendmail requires a Local Delivery Agent to put the messages in a particular inbox so a user can access it. procmail is the default. We want our users to be able to get their email through an IMAP connection, so we’ll be using dovecot.

apt-get install dovecot-imapd dovecot-pop3d

cd /etc/dovecot
vi dovecot.conf

Find the “protocols” line (relatively near the top) and edit it to look like this:

protocols = imap imaps pop3 pop3s

Find the disable_plaintext_auth line and set it to “no” so it looks like this:

disable_plaintext_auth = no

/etc/init.d/dovecot start

ps -ef

The output should show “dovecot”, “pop”, “imap”, and “sasl”.

Maildir configuration – 00:42:32

Next we need to set up maildir so that mail will live in users’ home directories.

Visit mirror.actusa.net/pub/sample-files/ and look for the file: procmail.maildir.sample

Copy the contents of that file to a procmailrc config file in /etc/.

cd /etc/
vi promailrc

(paste and save)

We now want to create the default mail directory in the /root directory and then set things up so that new users get that Maildir folder automatically.

cd
maildirmake.dovecot ~/Maildir
cp -Rpv Maildir /etc/skel/
cd /etc/skel/

ClamAV installation and configuration – 00:53:24

We now have a server that can send and receive mail and that mail is now being delivered to user inboxes. Next we need to add antivirus and spam blocking. “clamav” runs as a sendmail filter or ‘milter’.

apt-get install clamav clamav-milter arj unzoo daemon

failed! Because sendmail.cf hasn’t been configured yet to use clamav.

Paste the following line into sendmail.mc, after the “include” lines we added before.  (This line is copied from Stu’s website sample files, specifically, the “sendmail.mc.sample” file.)

INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clamav-milter.ctl, F=T, T=S:4m;R:4m')dnl

vi /etc/mail/sendmail.mc
(paste)

sendmailconfig
(Y)

/etc/init.d/clamav-milter stop
/etc/init.d/clamav-milter start

freshclam

The freshclam command should show clamav is up to date.

SpamAssassin installation and configuration – 1:03:55

We now have antivirus software installed and running. We need spamassassin to check and filter the incoming mail.

apt-get install spamassassin spamc libmail-spf-query-perl libnet-dns-perl, libio-string-perl libnet-ident-perl libio-socket-ssl-perl

cd /etc/default
vi spamassassin

Enable the spamassassin daemon by setting the ENABLED line to “1”.

ENABLED=1
(save the file)
/etc/init.d/spamassassin start

We now need to enable spamassassin for all users.  We’ll get procmailrc.spamc.sample from Stu’s site.

cd /home/(your user name)
wget http://mirror.actusa.net/pub/sample-files/procmailrc.maildir.sample
mv procmailrc.maildir.sample /etc/skel/.procmailrc

Need Debian volatile repositories

Add the following Debian volatile repos to /etc/apt/sources.list (from stu’s debian-sources.list)
# Debian Volatile
deb http://mirror.actusa.net/debian-volatile stable/volatile main contrib non-free
deb http://debian.actusa.net/debian-volatile stable/volatile-sloppy main non-free contrib

/etc/init.d/clamav-milter stop
apt-get update
apt-get dist-upgrade
/etc/init.d/sendmail start
ps -ef

The “ps” command should show clamav is running.

Email testing – 1:22:10

Now for testing…

ifconfig

Use the “ifconfig” command to check the local IP address of the current machine (192.168.1.112 in my case).

telnet 192.168.1.112 25 (change IP to be your machine's local IP address)
ehlo bob
MAIL FROM: stu@domain.com (use an outside email address - you@yahoo.com, for example)
RCPT TO: xuxa@myemail.com (use the email address you're currently setting up)
From:
To:
Subject:
hiya!  This is a test email!
.
telnet localhost 110
user xuxa (use your user name)
pass bozo (use your password)
retr 1

The “retr 1” command should show the email message you just sent.

stat

The “stat” command should show clamav running. QUESTIONFORSTU! But no spamassassin yet.

dele 1
quit

SpamAssassin testing – 1:28:00

Now we figure out why spamassassin wasn’t there…

cd /etc/default
vi spamassassin

Double-check that spamassassin is enabled “ENABLED=1”

/etc/init.d/spamassassin
ps -ef

“spamd” should show up in the output of the ps command.

Try sending mail again.  Stu copied the body of a spam message to see that spamassassin would catch it.

telnet localhost 25

Enabling virtusertable

If we want to route multiple email addresses to a single user, we need to set up “virtusertable”.

vi /etc/mail/virtusertable

input the aliases you would like in the format:

emailaddress@domain.com (tab)     username

Mine looks something like:

kris@domain.com           xuxa
kristofer@domain.com   xuxa
krisb@domain.com        xuxa

Note, however that you cannot do something like this in virtusertable:

feedback@domain.com          bob@gmail.com

To re-send emails outside the system, you would need to do this in virtusertable:

feedback@domain.com          bob

And then in your aliases file:

bob:bob@gmail.com

Next, enable the virtusertable file in /etc/mail/sendmail.mc.  Toward the end of the file, add “FEATURE(`virtusertable’)dnl” to the LOCAL_CONFIG section.  Mine looks like this:

LOCAL_CONFIG
FEATURE(`masquerade_envelope’)dnl
LOCAL_CONFIG
Cwonensemble.org
FEATURE(`virtusertable’)dnl
FEATURE(`use_cw_file’)dnl
Transfering old mail to new server

use imapsync

imapsync –authmech1 PLAIN –authmech2 PLAIN –host1 localhost –user1 xuxa –passfile1 /etc/passfile1 –host2 jikatabi –user2 xuxa –passfile2 /etc/passfile1

Allowing local network machines to send mail through server

I was able to immediately connect with mutt to the new server but received an error message when trying to send messages.  The server complained that it could not verify the IP address of my workstation.  I needed to uncomment the following in my /etc/mail/access file:

Connect:192.168                 RELAY

Then run “make” as root in the /etc/mail/ directory.

Tags: , , , ,

Leave a Reply

On Ensemble is proudly powered by WordPress
Entries (RSS) and Comments (RSS).