Howto: Setup a home mailserver

So the first thing is to understand the setup:

 an "email server" can be made up of various bits, the bit that sends
 emails out it called the mail transfer agent or MTA

 fetchmail gets email from your ISP and delivers to local MTA
 local MTA saves in /var/mail (or /home/user/Mail)
 dovecot serves /var/mail and /home/user/Mail via POP3 and/or IMAP
 roundcube web application talks IMAP to dovecot to view emails and
 talks to the local MTA to send emails

This mailserver was configured on Ubuntu server 6.06 with a standard LAMP setup.
This mailserver was configured on Ubuntu Edgy Eft server with a standard LAMP setup.
please add additional versions here.

Example server setup consists of the following applications

Fetchmail Postfix Dovecot Roundcube

Some of which can be installed with sudo apt-get install

Step one

Howto: Configure Fetchmail client program to fetch emails

Fetchmail is a utility or command for Linux systems used to retrieve e-mail from a remote POP3, IMAP, ETRN or ODMR mail server to the user’s local system.

From fetchmail site, “Fetchmail is a one-stop solution to the remote mail retrieval problem for Unix machines, quite useful to anyone with an intermittent or dynamic-IP connection to a remote mailserver, SLIP or PPP dialup, or leased line when SMTP isn’t desired. Fetchmail can collect mail using any variant of POP or IMAP and forwards to a the local SMTP (via TCP socket) or LMTP (via TCP or Unix socket) listener or into an MDA program, enabling all the normal forwarding/filtering/aliasing mechanisms that would apply to local mail or mail arriving via a full-time TCP/IP connection.” How do I install fetchmail?

  1. sudo apt-get install fetchmailconf

Configuration file name

The user configuration file is stored in your home directory i.e. /home/you/.fetchmailrc

How do I configure fetchmail to retrieve mail from ISP mail server?

Create the fetchmail file,
Modify the file permissions
Open the .fetchmailrc file:

So from the console type the following
$ cd; touch .fetchmailrc
$ chmod 600 .fetchmailrc
$ sudo vi .fetchmailrc

Append following text:

poll pop3.net4india.com with proto POP3 user d12356 there with password “password” is “vivek” here

Where,

    * pop3.net4india.com - <enter your POP3 server details here>
    * proto POP3 – If you are using POP3 protocol
    * d12356 - POP3 username
    * “password” - POP3 password
    * “vivek” - Local user mailbox name

To fetch mail from your ISP or to run fetchmail type command:

$ fetchmail
or
$ fetchmail -v ## is useful to diagnose errors

If all is well you should see
$fetchmail: normal termination, status 0

If not please recheck servername, protocol type, username, password

For more information please see offical fetchmail web site. Note that the /.fetchmailrc file has passwords in plain text in it. This file should be set to mode 600 to avoid snooping eyes.

It is possible to configure fetchmail to get messages from a single ISP mailbox and distribute the results to several local mailboxes, a process known as multidrop. The fetchmail man pages contain a description of how to do this.

You could use Mutt at this time to read the emails if required, $ sudo apt-get install mutt

$ mutt

If you can read your emails satisfactorily it would be ideal if the mailserver checked for new mail regularly, every 15 mins for example.

Crontab Entries

Fetchmail essentially polls your ISP's POP3 server to see if there is anything worth downloading. In theory, you can run fetchmail as a daemon and have it regularly poll for incoming mail.

The simplest solution is to simply set up cron entries to check for mail at regular points. Sample crontab entries are:

$crontab -e

where <username> is your own username

This should check for new mail every 15 minutes

Testing Fetchmail

So send an email to the newly setup account and fetchmail should retreive it.

If this is working its time to go to the next step

Step two Howto: Mailserver Postfix

sudo apt-get install postfix

Postfix Introduction

Contents

   1. Introduction
   2. Installation
   3. Configuration
   4. Authentication
   5. Testing
   6. Other Postfix Guides

Postfix is a Mail Transfer Agent (MTA) which is the default MTA for Ubuntu. It is in Ubuntu's main repository, which means that it receives security updates. This guide explains how to install and configure postfix and set it up as an SMTP server using a secure connection. Installation

In order to install Postfix with SMTP-AUTH and TLS do the following steps:

apt-get install postfix libsasl2 sasl2-bin libsasl2-modules libdb3-util procmail

Configuration

Run:

dpkg-reconfigure postfix

Insert the following details when asked (replacing server1.example.com with your domain name if you have one):

    *

      Local
    *

      NONE
    *

      localhost
    *

      localhost
    *

      No
    *

      127.0.0.0/8
    *

      Yes
    *

      0
    *

      +
    *

      all

Then run the following commands:

  1. Configure Postfix to do SMTP AUTH using SASL (saslauthd)

sudo postconf -e 'smtpd_sasl_local_domain ='
sudo postconf -e 'smtpd_sasl_auth_enable = yes'
sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
sudo postconf -e 'broken_sasl_auth_clients = yes'
sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
sudo postconf -e 'inet_interfaces = all'
sudo echo 'pwcheck_method: saslauthd' /etc/postfix/sasl/smtpd.conf
sudo echo 'mech_list: plain login' /etc/postfix/sasl/smtpd.conf

  1. Generate certificates to be used for TLS encryption and/or certificate Authentication

sudo mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
sudo openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

      245 semi-random bytes loaded<<BR>>
       Generating RSA private key, 1024 bit long modulus
        ......++++++
         .++++++
          e is 65537 (0x10001)
           Enter pass phrase for smtpd.key: <password here
            Verifying - Enter pass phrase for smtpd.key: <password here

sudo chmod 600 smtpd.key sudo openssl req -new -key smtpd.key -out smtpd.csr

Enter pass phrase for smtpd.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.


Country Name (2 letter code) [AU]:en State or Province Name (full name) [Some-State]: Locality Name (eg, city) []:Gosport Organization Name (eg, company) Widgits Pty Ltd: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []: Email Address []:d123456net4india.com

Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:“password” An optional company name []:

Restart the postfix daemon like this:

$ sudo /etc/init.d/postfix reload

Testing

To see if SMTP-AUTH and TLS work properly now run the following command:

telnet localhost 25

After you have established the connection to your postfix mail server type

ehlo localhost

If you see the lines

250-STARTTLS 250-AUTH

Escape character is '^]'. 220 raytracer ESMTP Postfix (Ubuntu)

$ ^] $ telnet> quit Connection closed.

Step Three

Dovecot

sudo apt-get update
sudo apt-get install dovecot
sudo apt-get install dovecot-common

Note: dovecot is not started by default on our servers. So you will need to take this step.

start Dovecot with

$ sudo /etc/init.d/dovecot start

 how do i check its running
$ netstat -pant

 and look for something on 143 or 993 (143=imap, 993=imaps)
if you see this
$ netstat -pant
(No info could be read for "-p": geteuid()=1000 but you should be root.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN     -
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN     -
tcp6       0      0 :::80                   :::*                    LISTEN     -
tcp6       0      0 :::22                   :::*                    LISTEN     -
tcp6       0      0 ::1:25                  :::*                    LISTEN     -
tcp6       0     52 ::ffff:192.168.1.162:22 ::ffff:192.168.1.1:1094 ESTABLISHED-

its not listening so on to the next step

alternatively check if dovecot was listening for anyone requesting IMAP information.

$ netstat -pant |grep 143

 (143=imap port).

$ netstat -pant |grep 993

  repeating with 993 (secure IMAP - aka IMAPS) 

Retry starting dovecot

$ sudo /etc/init.d/dovecot start

If nothing, then its time to debug it

$ sudo bash -x /etc/init.d/dovecot

  This showed that it was doing a grep protocols /etc/dovecot/dovecot.conf"

The next step is to look at $ /etc/init.d/dovecot

 to read the code and see it was looking for pop3 or imap.

Edit dovecot.conf $sudo vi /etc/dovecot/dovecot.conf

to uncomment "protocols = imap imaps" and comment out "protocols ="

 Retry starting dovecot

If the debug is looking for

 /usr/lib/dovecot/imap which didn't exist.

 "aptitude search dovecot" showed that dovecot-common was installed,
 but not dovecot-imapd, 

obviously we need to install dovecot-imapd

$ sudo apt-get install dovecot-imapd

so recheck if its listening

$ netstat -pant (No info could be read for "-p": geteuid()=1000 but you should be root.) Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN - tcp6 0 0 :::80 :::* LISTEN - tcp6 0 0 :::22 :::* LISTEN - tcp6 0 0 ::1:25 :::* LISTEN - tcp6 0 52 ::ffff:192.168.1.162:22 ::ffff:192.168.1.1:1094 ESTABLISHED-

so we've installed that and hey presto - ports 143

 and 993 are now being listened on.

We then did a quick imap test by hand (I've marked typed stuff with ###):

 ###telnet localhost 143
 4 * OK Dovecot ready.
 ###1 login username password
 1 OK Logged in.
 ###1 list * *
 * LIST (\Unmarked) "/" "INBOX"
 1 OK List completed.
 ###banana select INBOX
 * FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
 * OK [[PERMANENTFLAGS|(\Answered \Flagged \Deleted \Seen \Draft \*)]]
 Flags permitted.
 * 9 EXISTS
 * 0 RECENT
 * OK [[UIDVALIDITY|1158264619]] UIDs valid
 * OK [[UIDNEXT|13]] Predicted next UID
 banana OK [READ-WRITE] Select completed.
 ###1 logout
 * BYE Logging out
 1 OK Logout completed.

 The "9 exists" shows that it can see 9 emails which is good.

Step Four RoundCube Webmail

 is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. [[RoundCube]] Webmail is written in PHP and requires the [[MySQL]] database. The user interface is fully skinnable using XHTML and CSS 2.

Download Roundcube from http://www.roundcube.net/?p=downloads

Installation instructions here

http://trac.roundcube.net/trac.cgi/wiki/Howto_Install

login with username = d12356 password = “password”

open

theres a file in the roundcube file you downlaoded which has the extension .SQL this has to be inserted into your databse via phpmyadmin found in cpanel in the mysql databses section at the bottom. When your there select the database you want roundcube to use from the drop down menu. when thats all loaded to the right click the SQL tab at the top. then copy the content of mysql_inital.sql into the box provided and click ok. If all goes to plan it should say its successful.

roundcube wouldn't send any emails, looking at /var/log/mail.log there

 were SASL (email authentication) errors.  Since we are only talking
 locally, I made the security decision to turn off sasl and commented
 out all the bits in /etc/postfix/main.cf (and reloaded postfix).
 Still no joy.  After alot of hunting around and reading code, it
 turned out that we had to comment out from roundcube's main.inc.php
 the "smtp_user" and "smtp_pass" lines.

 Finally we had to setup postfix to rewrite the sender as otherwise
 emails would be sent from "d123456@net4india.com - a bad address.

 I edited /etc/postfix/main.cf and added:
 # send all email as d123456@net4india.com
 sender_canonical_maps=regexp:/etc/postfix/canonical

 Then created /etc/postfix/canonical:
 /.*@net4india.com/ d123456@net4india.com
 /.*@localhost/ d123456@net4india.com

 and reloaded postfix.

 NB: originally I just rewrote .*@net4india.com, but some emails were being
 sent at @localhost so I added the second line.

 Really, I should write a guide on howto setup postfix properly:
 - with SASL/TLS authentication
 - with proper rewriting - for multiple users for example
 - and with fetchmail for multiple people
 - with anti-spam....

Troubleshooting

error 1

SERVICE CURRENTLY NOT AVAILABLE!

Set the Debug-Level in the main.inc.php to 4

$rcmail_config['debug_level'] = 4;

If you get an error like "could not connect to database" (i don't remember it exactly), try to login to the db on the commandline

eg. mysql -u rc_user -p rc_db

with your password. if that fails, you should give the following a try

log into the db as root or a privileged user

and do a

FLUSH PRIVILEGES;

error 2

DB Error in /home/riponcom/public_html/mail/program/include/rcube_db.inc (105): DB Error: connect failed SERVICE CURRENTLY NOT AVAILABLE! DB Error: connect failed

It hasn't seem to have logged the error in the logs. I ran a SQL query on the database? I wasn't sure if that's what I was supposed to do. I recieved this error

"SQL query:

FLUSH PRIVILEGES ;

MySQL said:

#1227 - Access denied; you need the RELOAD privilege for this operation "

I logged presumably into phpMyAdmin as root.

error 3

IMAP Error: Could not connect to imap.domain.com at port 143:

Warning: Cannot modify header information - headers already sent in /var/www/roundcubemail-0.1beta2/program/include/rcube_shared.inc on line 132

LinuxHints/Mailserver (last edited 2009-02-25 21:25:55 by 81)