Email is critical to the success of an organization in today's times.
Red Hat Linux comes bundled with two email server softwares, Sendmail and Postfix.
An organization can implement mail in one of 2 possible ways:
They
can either host their mail server at their own location or they can get
it hosted by a web hosting provider. If mail is hosted at the clients'
location itself then incoming email will come in directly to the mail
server. There will not be a need for a pop download utility to pull mail
from the internet mailboxes. This chapter concentrates on a mail
scenario in which an organization has hosted its mail server at a web
hosting provider's data center.
After
choosing a domain name by which it would host its mail and web related
services the organisation now has to decide the kind of email access it
would be offering its designated email users.
Users can be given access to email in two possible ways, pop access and aliased access.
With
pop access each designated user of email will have a mailbox assigned
to him on the internet mail server. Separate pop accounts will be
created for each user, the user will use the username and password
assigned to him to retrieve his email. The advantage of this type of
access is that the user will have access to his mail from anywhere in
the world. He could be at a cybercafe or elsewhere, he would only need a
connection to the internet, all he has to do is to open up his web
browser access the webmail service provided by the web hosting provider
enter his username and password and he would be able to view all his
messages.
Each
user mailbox would have to be assigned a certain amount of space hence
careful planning will have to done before opting for a mail server space
usage plan. Pop access is therefore more suited to roaming users or
those users who are constantly on the move.
The
other type of email access is aliased access. Here there is only one
pop box configured called a catchall account. Each designated user will
not be assigned a separate mailbox for his use, instead each user will
have an aliased account created. Mail addressed to any of the aliased
accounts will be stored in the pop box of the catch all account. Aliased
users will be able to access their email only when they are at office,
not otherwise. Hence this type of email access is more suited to those
users who do not travel.
Irrespective
of the type of email access, the organisation needs to setup a mail
server within its premises to download all the email that is being sent
to the internet mail server. All client host computers that need access
to email will configure their email clients (Outlook Express, Outlook,
Pegasus Mail, Mozilla Mail etc.) to send and recieve mail via this Linux
based mail server. Outgoing external email sent by each users will be
stored in the outgoing mail queue.
This
office mail server will be configured to connect to the internet at
regular intervals in time, download all incoming mail stored on the
internet mail server and send out all the queued outgoing email.
This
chapter teaches you to install and configure the Sendmail and Postfix
mail servers to get email up and running at your organisation.
SENDMAIL
For POP users:
The organization `Lansmart Technologies' has registered a domain
name,`Lansmartindia.net', for its use. POP accounts have been configured
for the users ryan, santosh, shaji, rhea etc.
To install Sendmail we need the following rpms :
sendmail-8.12.10-1.1.1
sendmail-cf-8.12.10-1.1.1
sendmail-devel-8.12.10-1.1.1
To configure sendmail :
Edit the file sendmail.cf
[root@akhisar root]# vi /etc/mail/sendmail.cf
# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM # Line No.95
# "Smart" relay host (may be null)
DS # Line No.100
# avoid connecting to "expensive" mailers on initial submission?
O HoldExpensive=False # Line No.191
O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA # Line No.264
Make the following changes to the Line Nos. shown above in the sendmail.cf file.
Line No.95 -> Change this to the name of the domain name under which you
receive mail for your organization.
Djlansmartindia.net
Line No.100 -> If you wish to relay all external outgoing mail through a mail
relay host, for eg, your ISP's mail server, then enter the FQDN or the IP address
of that relay host, for eg:
DSsmtp.vsnl.net # To relay all outgoing mail through VSNL's smtp server.
Line No.191 -> If you use a dial up connection to the internet it is
considered to be an expensive connection. If you use broadband or a leased
line it is considered as inexpensive.
Hence if you use a dialup modem to connect to the internet change value to
True.
Line No.264 -> The Port No. and IP address on which your mail server is
listening
on for SMTP requests. Enter the IP address of all network cards in your
mail server on which the mail server is listening for SMTP requests.
Copy and paste this Line No.264 to Line No.265 and change the value of
Addr=127.0.0.1 to the Ip address of the ethernet card in your sendmail server.
O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA
O DaemonPortOptions=Port=smtp,Addr=192.0.2.171, Name=MTA
# (Where 192.0.2.171 is the IP address of the ethernet card in the sendmail
# server).
Configure the file local-host-names :
[root@akhisar root]# vi /etc/mail/local-host-names
localhost.localdomain
lansmart.com
This file will contain the domain names for which the sendmail server will
receive mail. Mail addressed to any other domain name will be rejected unless
the sender IP address has been allowed to relay mail through the sendmail
server. Relay access restrictions are defined in the file
/etc/mail/relay-domains as shown below:
[root@akhisar root]# vi /etc/mail/relay-domains
192.0.2
Here we allow relay access to our internal network, no other IP address will be
allowed
to relay mail through our server. An ISP however cannot deny relay
access by IP addressing for the simple reason that the IP addresses of
dialup clients will be unknown to the ISP. An ISP will instead make use
of SMTP Authentication. This topic is however not in the scope of this
book.
Configure POP3 and IMAP access to our mail server :
For POP3 access :
POP3 is controlled by the xinetd super server. Enabling this would access to
mail from POP3 email clients like Outlook Express, Microsoft Outlook, Pegasus
Mail, Netscape Mail, Mozilla Mail etc.
[root@akhisar root]# vi /etc/xinetd.d/ipop3
disable = yes
Change this line to :
disable = no
Restart the xinetd server service :
[root@akhisar root]# service xinetd restart
For IMAP access :
IMAP affords us a way to access our email and at the same time allow our mail
to remain on the server. IMAP too is controlled by the xinetd super service.
[root@akhisar root]# vi /etc/xinetd.d/imap
disable = yes
Change this line to :
disable = no
Restart the xinetd server service :
[root@akhisar root]# service xinetd restart
We have now configured our mail server to send internal as well as outgoing
mail. Our mail server now has to be configured to fetch the incoming mail
accumulating on the internet mail server space and have it redistributed to
the respective users on our office mail server.
To do this we use a utility called fetchmail. Fetchmail needs to be configured
for all users that have pop accounts configured on our internet mail server.
All designated email users can now connect to this mail server to send and
receive email. All mail sent by these users to the addresses lansmart.com and
localhost.localdomain will be routed internally to the recipient user's
mailbox. All mail sent to external email addresses will be spooled in the
outgoing mail queue. This queued email will be flushed out when the mail
server connects to the internet.
To flush outgoing mail (when the mail server connects to the internet) :
[root@akhisar root]# sendmail -q -v
(-q -> flush queued outgoing email
-v -> verbose, displays whatever is happening in the background)
Configuring fetchmail :
We need the following rpm :
fetchmail-6.2.0-3
Change to the home folder of the user having a pop account, for eg, the user
ryan, and create the file .fetchmailrc.
[root@akhisar root]# cd /home/ryan
[root@akhisar ryan]# vi .fetchmailrc
poll mail.lansmartindia.net with protocol POP3
user ryan is * here
password ryan123
Change ownership on the .fetchmailrc file.
[root@akhisar ryan]# chown ryan.ryan .fetchmailrc
Change the permissions on .fetchmailrc
[root@akhisar ryan]# chmod 700 .fetchmailrc
(This allows only the user ryan to execute his .fetchmailrc file).
Here mail.lansmartindia.net is our internet pop mail server. The next two
lines indicate that the user ryan on the internet mail server is the same user
ryan on our office mail server. Fetchmail connects to the user ryan's pop
mailbox
on the internet mail server (when the server is connected to the
internet), collects all the accumulated incoming email and downloads it
to the user ryan's mailbox on the internal office mail server. `ryan123'
is the password of the user ryan on the office mail server.
Configure fetchmail in an identical fashion (substitute ryan for the
respective user names of the other pop users) for all other users who have pop accounts configured on
the internet mail server.
To execute fetchmail :
Login as the user.
[ryan@akhisar ryan]$ fetchmail -a -v
(-a -> all mail
-v -> verbose)
For aliased users:
There is only one pop catchall account configured on the internet mail server.
Mail addressed to all users is directed to this mailbox. We need to configure
fetchmail for only one user account on the office mail server which will pull
all the email from the catchall account on the internet mail server.
The downloaded email will then need to be distributed to the respective users
on the office mail server. The mail thus needs to be filtered with a mail
filtering utility like procmail.
Procmail filters all the mail downloaded into the pop account mailbox on the
office server with the help of `recipes'. These recipes defines what actions
are taken on each email stored in the pop user's mailbox.
Consider our scenario in which lansmartindia.net is our catchall account
created on our internet mail server. Create a user account `lansmartindia' on
the office mail server. Create a .fetchmailrc file for lansmartindia as shown
above and change the ownership and permissions accordingly.
[root@akhisar root]# cd /home/lansmartindia
[root@akhisar lansmartindia]# vi .fetchmailrc
poll mail.lansmartindia.net with protocol POP3
user lansmartindia is * here
password lansmartindia123
Change ownership on the .fetchmailrc file.
[root@akhisar lansmartindia]# chown lansmartindia.lansmartindia .fetchmailrc
Change the permissions on .fetchmailrc
[root@akhisar lansmartindia]# chmod 700 .fetchmailrc
(This allows only the user lansmartindia to execute his .fetchmailrc file).
Email addressed to all users will now be downloaded to the mailbox of the user
lansmartindia on the office mail server. To filter the emails with procmail
create .procmailrc file in the home folder of lansmartindia.
[root@akhisar lansmartindia]# vi .procmailrc
:0 Wh: msgid.lock
| formail –D 8192 msgid.cache
SHELL=/bin/sh
MAILDIR=/var/spool/mail
LOGFILE=${MAILDIR}/procmail.log
VERBOSE=yes
#Recipes
:0
* ^TO_ryan@lansmartindia.net
! ryan@localhost.localdomain
:0
* ^TO_santosh@lansmartindia.net
! santosh@localhost.localdomain
:0
* ^TO_shaji@lansmartindia.net
! shaji@localhost.localdomain
:0
* ^TO_rhea@lansmartindia.net
! rhea@localhost.localdomain
The first two lines of the .procmailrc
file help in eliminating duplicate messages. The id of every incoming
email message is stored in an 8KB cache. ID numbers of all incoming
messages are compared to the existing ids already present in cache. An
incoming email with the same id number is considered to be a duplicate
message and is dropped immediately. Thus no duplicate mail can get
through the procmail filter.
The first part of the .procmailrc file defines the shell interpreter as the
sh shell, the user mailbox directory as /var/spool/mail, the log file as
procmail.log, to be stored in this dirtectory and a verbose option to be
enabled.
The second part is the `Recipes' which is the heart of procmail. Here, for
eg, in the case of the user ryan, any mail from external internet users
addressed to the mail address ryan@lansmartindia.net will be redirected to the
local mailbox of the user ryan on the office mail server. The same explanation
holds true for the users santosh, shaji and rhea.
Change the ownership and permissions on the file .procmailrc.
[root@akhisar lansmartindia]# chown lansmartindia.lansmartindia .procmailrc
Change the permissions on the file .procmailrc
[root@akhisar lansmartindia]# chmod 664 .procmailrc
Create
the procmail.log file in the `/var/spool/mail’ folder. Give read and
write access permissions on this file to the user root and group
lansmartindia.
[root@akhisar lansmartindia]# cd /var/spool/mail
[root@akhisar mail]# touch procmail.log
[root@akhisar mail]# chown root.lansmartindia procmail.log
[root@akhisar mail]# chmod 664 procmail.log
Sendmail has now been configured to send and receive email for all designated
users but the process is not automated. For outgoing email to be sent the root
user needs to login, connect to the internet and then execute the command
sendmail -q -v. For the users to receive their mail each user has to login and
execute the command fetchmail -a -v.
The above scenario is just not practical in a real world scenario.
To fully automate this process perform the following steps :
Login as root user and create a file for eg,/root/mail.
[root@akhisar root]# vi mail
#!/bin/bash
su ryan -c fetchmail
su santosh -c fetchmail
su shaji -c fetchmail
su rhea -c fetchmail
Change the permissions on the file to executable.
[root@akhisar root]# chmod 755 mail
This file enables the root user to execute fetchmail on behalf of all other
users, the other users hence do not need to login individually to download
their email.
In the case of aliased users the file /root/mail will contain only a single
line for the lansmartindia user.
[root@akhisar root]# vi mail
#!/bin/bash
su lansmartindia -c fetchmail
However, to connect to the internet, the root user has to manually execute
`wvdial'.
To send the queued outgoing mail the root user has to execute
`sendmail -q -v'. To automate this as well,
Create a file ip-up.local in the folder /etc/ppp.
[root@akhisar root]# vi /etc/ppp/ip-up.local
#!/bin/bash
sendmail -q -v
/root/mail
/usr/bin/killall pppd
/usr/bin/killall wvdial
Make the file executable.
[root@akhisar root]# chmod 755 /etc/ppp/ip-up.local
This file will send all queued outgoing email, download all incoming email for
the users specified in the file /root/mail, after this the pppd daemon is killed
and so is the wvdial connection to the internet (The last two commands in this
file assume that you will be using a dialup connection to the internet and
will not want the telephone line to remain connected to the internet
throughout the day for obvious reasons. For a broadband or a leased line
internet connection the last two lines will not be required).
This file will automatically be executed once a connection has been
established to the internet.
To automate the wvdial connection to the internet you could configure crontab
to periodically schedule a wvdial connection to the internet at absolute or
repetitive intervals in time.
Here we setup crontab to schedule wvdial to connect to the internet every 30
mins.
[root@akhisar root]# crontab -e
0-59/30 * * * * wvdial
Sendmail has now been fully automated. It will connect to the internet every
30 minutes, will send queued outgoing mail and download all
incoming mail stored on the internet mail server.
Test :
Designated email users can now test the newly configured server by connecting
to it from their POP3 and IMAP mail clients.
POSTFIX MAIL SERVER
Postfix
is a relatively newer MTA than sendmail. It is considered to be faster
and more secure than sendmail. Security has always been an issue with
Sendmail, the creator of sendmail has done his best to fix the security
loopholes in it, but nothing short of a complete redesign will eliminate
the existing security flaws.
Postfix
is known for its speed and reliability. This too is a free, open source
MTA which comes bundled with the Red Hat installation CDs.
To install Postfix we need the following rpms:
postfix-1.1.11-11.i386.rpm
To switch from Sendmail to Postfix use the following command :
[root@akhisar root]# redhat-switch-mail
From the menu that appears choose postfix.
Shutdown the sendmail MTA and disable it from starting at the next boot sequence by executing the following command:
[root@akhisar root]# chkconfig sendmail off
To configure Postfix :
[root@akhisar root]# vi /etc/postfix/main.cf
# INTERNET HOST AND DOMAIN NAMES
#
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#
myhostname = akhisar.lansmart.com # Line No.68
# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
mydomain = lansmart.com # Line No.76
# SENDING MAIL
#
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites. If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# user@that.users.mailhost.
#
myorigin = lansmartndia.net # Line No.87
# RECEIVING MAIL
# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on. By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
#
#inet_interfaces = localhost # Line No.97
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for. That includes
# Sendmail-style virtual domains hosted on this machine.
# Continue long lines by starting the next line with whitespace.
#
mydestination = localhost, localhost.localdomain, localhost.lansmart.com, akhisar. lansmart.com, lansmartindia.net # Line No.125
#mydestination = $myhostname, localhost.$mydomain $mydomain
#mydestination = $myhostname, localhost.$mydomain, $mydomain,
#mail.$mydomain, www.$mydomain, ftp.$mydomain
# TRUST AND RELAY CONTROL
# The mynetworks parameter specifies the list of "trusted" SMTP
# clients that have more privileges than "strangers".
#
# In particular, "trusted" SMTP clients are allowed to relay mail
# through Postfix. See the smtpd_recipient_restrictions parameter
# in file sample-smtpd.cf.
#
# You can specify the list of "trusted" network addresses by hand
# or you can let Postfix do it for you (which is the default).
mynetworks = 192.0.2.0/24, 127.0.0.0/8 # Line No.171
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
# INTERNET OR INTRANET
# The relayhost parameter specifies the default host to send mail to
# when no entry is matched in the optional transport(5) table. When
# no relayhost is given, mail is routed directly to the destination.
#relayhost = $mydomain # Line No.221
# ALIAS DATABASE
#
# The alias_maps parameter specifies the list of alias databases used
# by the local delivery agent. The default list is system dependent.
# On systems with NIS, the default is to search the local alias
# database, then the NIS alias database. See aliases(5) for syntax
# details.
#
# If you change the alias database, run "postalias /etc/aliases" (or
# wherever your system stores the mail alias file), or simply run
# "newaliases" to build the necessary DBM or DB file.
#
# It will take a minute or so before changes become visible. Use
# "postfix reload" to eliminate the delay.
#
#alias_maps = dbm:/etc/aliases
alias_maps = hash:/etc/postfix/aliases # Line No.298
# mailbox_command = /some/where/procmail # Line No.359
# mailbox_command = /some/where/procmail –a “$EXTENSION” # Line No.360
defer_transports = smtp # Line No.542
always_bcc = mailadmin # Line No.543
Explanation for the Line Nos. mentioned in the postfix main.cf configuration file
Line No.68
The `myhostname' parameter defines the hostname of your postfix mail server.
Line No.76
The `mydomain'
parameter specifies the name of the internal domain you have configured
your DNS with. In this case we have chosen our internal domain name to
be `lansmart.com'.
Line No.87
The `myorigin'
directive specifies the name of your internet mail space. This is the
name that we have registered our internet domain with. In this case we
have chosen lansmartindia.net to be our internet domain name. Mail for
all users in the organization `Lansmart' will now be addressed to <user>@lansmartindia.net.
Line No.97
The
lines nos.97-100 define the network interfaces on which the Postfix
mail server is going to listen to for smtp requests. By default Line No.
97 is left uncommented, which means that by default the postfix mail
server will function only if smtp requests are made from the mail server
itself i.e. from 127.0.0.1. We naturally would want to enable the
postfix server to listen for smtp requests from all network interfaces
present in it. Hence the best thing to do is to either comment out Line
No.97 and leave the rest of the lines as they are, or comment out Line
No.97 and uncomment Line No.98 (inet_interfaces = all). Leaving all
lines commented achieves the same functionality as uncommenting Line
No.98,it enables the postfix server to listen for smtp requests on all
interfaces.
Line No.125
This
line defines the domain names or destinations for which the postfix
mail server will receive mail. Mail addressed to any domain that is not
in this list will be rejected unless the sender IP address has been
allowed to relay mail through the postfix server. Here we have also
included the hostname localhost.lansmart.com which at first glance might
not seem necessary. However this is needed to distribute incoming email
to the respective users' mailboxes.
Line No.171
This
line prevents your mail server from being an open relay. An open relay
allows any sender of email to relay his mail through your mail server.
Open relays are found out and exploited very quickly by spammers to send
thousands of unsolicited messages to third parties. This is a very
serious offence, a mail server known to be an open relay will soon find
itself in the Realtiem Blackhole List (RBL) and will be isolated form
other mail servers on the internet.
Here we specify that only users on our internal office network (192.0.2.0/24) will be allowed to relay mail through our server.
Line No.221
If
you wish to relay all external outgoing mail through another mail
server for eg, your ISP's smtp server, then, mention the IP address or
the FQDN of that smtp server in this field.
For eg:
relayhost = mail.lansmartindia.net
(where mail.lansmartindia.net is the FQDN of your webhosting provider's smtp server)
Line No.298
With
the help of the aliases directive incoming mail addressed to a
particular user can be directed to another user or group of users.
Aliases are configured in the file /etc/postfix/aliases. After making a
change to this file execute the `newaliases' command:
[root@akhisar root]# vi /etc/postfix/aliases
ryan: ryan,santosh
Here any mail addressed to the user ryan will also be sent to the user santosh.
[root@akhisar root]# cd /etc/postfix
[root@akhisar postfix]# newaliases
The new aliases command converts the aliases file to the hashed database format, i.e. the .db format.
# Line Nos.359 & 360
These
lines define the name and location of the mail filtering utility used
with postfix. Procmail is the utility used to filter mail and it is made
use of by both Sendmail as well as Postfix.
Uncomment
these lines and edit them to point to the actual location of the
procmail executable i.e. /usr/bin. After editing , the lines should read
as follows :
# mailbox_command = /usr/bin/procmail
# mailbox_command = /usr/bin/procmail –a “$EXTENSION”
Line No.542
This
line should be used only if you are on a slow dialup connection to the
internet that is not permanently on. This directive will cause all
outgoing email to be deferred in the mail queue (/var/spool/postfix)
until a connection has been established to the internet.
If you are using a broadband or internet leased line connection this line should not be configured.
Line No.543
Postfix
offers us the facility to send a copy of every outgoing as well as
incoming mail to an administrative mail account. Here we mark a bcc to a user account called mailadmin.
A copy of every message sent to an internal user or to an external
address as well as every incoming message will now be sent to the
mailadmin mail acount.
The rest of the configuration procedure is identical to that for Sendmail.
Follow the steps outlined in the chapter on Sendmail to configure POP3 and IMAP mail access, fetchmail and procmail.
Testing :
Users
can now connect to the postfix mail server from their mail clients like
Outlook Express, Microsoft Outlook, Mozilla Mail etc. and test their
sending and receiving of email.
No comments:
Post a Comment