The process of getting an email from one person to another over a network or the Internet involves many systems working together. Each of these systems must be correctly configured for the process to work. The sender uses a Mail User Agent (MUA), or email client, to send the message through one or more Mail Transfer Agents (MTA), the last of which will hand it off to a Mail Delivery Agent (MDA) for delivery to the recipient's mailbox, from which it will be retrieved by the recipient's email client, usually via a POP3 or IMAP server.
Postfix is the default Mail Transfer Agent (MTA) in Ubuntu. It attempts to be fast and easy to administer and secure. It is compatible with the MTA sendmail. This section explains how to install and configure postfix. It also explains how to set it up as an SMTP server using a secure connection (for sending emails securely).
To install postfix with SMTP-AUTH and Transport Layer Security (TLS), run the following command:
sudo apt-get install postfix
Simply press return when the installation process asks questions, the configuration will be done in greater detail in the next stage.
To configure postfix, run the following command:
sudo dpkg-reconfigure postfix
The user interface will be displayed. On each screen, select the following values:
Ok
Situs Internet
TAK ADA
mail.contoh.com
mail.contoh.com, localhost.localdomain, localhost
No
127.0.0.0/8
Yes
0
+
all
Replace mail.example.com with your mail server hostname.
The next steps are to configure
postfix to use SASL for SMTP
AUTH. Rather than editing the configuration file directly,
you can use the postconf command to configure
all postfix parameters. The
configuration parameters will be stored in
/etc/postfix/main.cf
file. Later if you
wish to re-configure a particular parameter, you can either
run the command or change it manually in the file.
Configure Postfix to do SMTP AUTH using SASL (saslauthd):
postconf -e 'smtpd_sasl_local_domain =' postconf -e 'smtpd_sasl_auth_enable = yes' postconf -e 'smtpd_sasl_security_options = noanonymous' postconf -e 'broken_sasl_auth_clients = yes' postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination' postconf -e 'inet_interfaces = all' echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf
Next, configure the digital certificate for TLS. When asked questions, follow the instructions and answer appropriately.
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 chmod 600 smtpd.key openssl req -new -key smtpd.key -out smtpd.csr openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt openssl rsa -in smtpd.key -out smtpd.key.unencrypted mv -f smtpd.key.unencrypted smtpd.key openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 mv smtpd.key /etc/ssl/private/ mv smtpd.crt /etc/ssl/certs/ mv cakey.pem /etc/ssl/private/ mv cacert.pem /etc/ssl/certs/
You can get the digital certificate from a certificate authority. Alternatively, you can create the certificate yourself. Refer to “Creating a Self-Signed Certificate” for more details.
Configure Postfix to do TLS encryption for both incoming and outgoing mail:
postconf -e 'smtpd_tls_auth_only = no' postconf -e 'smtp_use_tls = yes' postconf -e 'smtpd_use_tls = yes' postconf -e 'smtp_tls_note_starttls_offer = yes' postconf -e 'smtpd_tls_key_file = /etc/ssl/private/smtpd.key' postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt' postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem' postconf -e 'smtpd_tls_loglevel = 1' postconf -e 'smtpd_tls_received_header = yes' postconf -e 'smtpd_tls_session_cache_timeout = 3600s' postconf -e 'tls_random_source = dev:/dev/urandom' postconf -e 'myhostname = mail.example.com'
After you run all the commands, the SMTP AUTH is configured with postfix. The self-signed cerficiate is created for TLS and it is configured with postfix.
Now, the file /etc/postfix/main.cf
should look like this.
The postfix initial configuration is complete. Run the following command to start postfix daemon:
sudo /etc/init.d/postfix start
Now the postfix daemon is installed, configured and run successfully. Postfix supports SMTP AUTH as defined in RFC2554. It is based on SASL. However it is still necessary to set up SASL authentication before you can use SMTP.
The libsasl2, sasl2-bin and libsasl2-modules are necessary to enable SMTP AUTH using SASL. You can install these applications if you have not installed them already.
apt-get install libsasl2 sasl2-bin
A few changes are necessary to make it work properly. Because Postfix runs chrooted in /var/spool/postfix
, SASL needs to be configured to run in the false root (/var/run/saslauthd
becomes /var/spool/postfix/var/run/saslauthd
):
mkdir -p /var/spool/postfix/var/run/saslauthd rm -rf /var/run/saslauthd
To activate saslauthd, edit the file /etc/default/saslauthd
, and change or add the START variable. In order to configure saslauthd to run in the false root, add the PWDIR, PIDFILE and PARAMS variables. Finally, configure the MECHANISMS variable to your liking. The file should look like this:
# This needs to be uncommented before saslauthd will be run # automatically START=yes PWDIR="/var/spool/postfix/var/run/saslauthd" PARAMS="-m ${PWDIR}" PIDFILE="${PWDIR}/saslauthd.pid" # You must specify the authentication mechanisms you wish to use. # This defaults to "pam" for PAM support, but may also include # "shadow" or "sasldb", like this: # MECHANISMS="pam shadow" MECHANISMS="pam"
If you prefer, you can use shadow instead of pam. This will use MD5 hashed password transfer and is perfectly secure. The username and password needed to authenticate will be those of the users on the system you are using on the server.
Next, update the dpkg "state" of /var/spool/portfix/var/run/saslauthd
. The saslauthd init script uses this setting to create the missing directory with the appropriate permissions and ownership:
dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd
SMTP AUTH configuration is complete. Now it is time to start and test the setup. You can run the following command to start the SASL daemon:
sudo /etc/init.d/saslauthd start
To see if SMTP-AUTH and TLS work properly, run the following command:
telnet mail.example.com 25
After you have established the connection to the postfix mail server, type:
ehlo mail.example.com
If you see the following lines among others, then everything is working perfectly. Type quit to exit.
250-STARTTLS 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250 8BITMIME
Exim4 is is another Message Transfer Agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the internet. Exim can be installed in place of sendmail, although the configuration of exim is quite different to that of sendmail.
To install exim4, run the following command:
sudo apt-get install exim4 exim4-base exim4-config
To configure exim4, run the following command:
sudo dpkg-reconfigure exim4-config
The user interface will be displayed. The user interface lets you configure many parameters. For example, In exim4 the configuration files are split among multiple files. If you wish to have them in one file you can configure accordingly in this user interface.
All the parameters you configure in the user interface are
stored in
/etc/exim4/update-exim4.conf.conf
file.
If you wish to re-configure, either you re-run the
configuration wizard or manually edit this file
using your favourite editor. Once you configure, you can run
the following command to generate the master configuration
file:
sudo update-exim4.conf
The master configuration file, is generated and
it is stored in
/var/lib/exim4/config.autogenerated
.
At any time, you should not edit the master configuration
file,
/var/lib/exim4/config.autogenerated
manually. It is updated automatically every time you run
update-exim4.conf
You can run the following command to start exim4 daemon.
sudo /etc/init.d/exim4 start
TODO: This section should cover configuring SMTP AUTH with exim4.
Dovecot is a Mail Delivery Agent, written with security primarily in mind. It supports the major mailbox formats: mbox or Maildir. This section explain how to set it up as an imap or pop3 server.
To install dovecot, run the following command in the command prompt:
sudo apt-get install dovecot-common dovecot-imapd dovecot-pop3d
To configure dovecot, you can edit the file
/etc/dovecot/dovecot.conf
. You can
choose the protocol you use. It could be pop3, pop3s (pop3
secure), imap and imaps (imap secure). A description of these protocols is beyond the scope of this guide. For further information, refer to the wikipedia articles on POP3 and
IMAP.
IMAPS and POP3S are more secure that the simple IMAP and
POP3 because they use SSL encryption to connect. Once you
have chosen the protocol, amend the following line in the file
/etc/dovecot/dovecot.conf
:
protocols = pop3 pop3s imap imaps
It enables the protocols when dovecot is started. Next, add the following line in pop3 section in the file /etc/dovecot/dovecot.conf
:
pop3_uidl_format = %08Xu%08Xv
Next, choose the mailbox you use. Dovecot supports maildir and mbox formats. These are the most commonly used mailbox formats. They both have their own benefits and they are discussed on the dovecot website.
Once you have chosen your mailbox type, edit the file
/etc/dovecot/dovecot.conf
and change
the following line:
default_mail_env = maildir:~/Maildir # (for maildir) or default_mail_env = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)
You should configure your Mail Trasport Agent (MTA) to transfer the incoming mail to this type of mailbox if it is different from the one you have configured.
Once you have configured dovecot, start the dovecot daemon in order to test your setup:
sudo /etc/init.d/dovecot start
If you have enabled imap, or pop3, you can also try to log in with the commands telnet localhost pop3 or telnet localhost imap2. If you see something like the following, the installation has been successful:
bhuvan@rainbow:~$ telnet localhost pop3 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. +OK Dovecot ready.
To configure dovecot to use SSL, you can edit the file
/etc/dovecot/dovecot.conf
and amend
following lines:
ssl_cert_file = /etc/ssl/certs/dovecot.pem ssl_key_file = /etc/ssl/private/dovecot.pem ssl_disable = no disable_plaintext_auth = no
The cert and key files are created automatically by dovecot when you install it. Please note that these keys are not signed and will give "bad signature" errors when connecting from a client. To avoid this, you can use commercial certificates, or even better, you can use your own SSL certificates.
Mailman is an open source program for managing electronic mail discussions and e-newsletter lists. Many open source mailing lists (including all the Ubuntu mailing lists) use Mailman as their mailing list software. It is powerful and easy to install and maintain.
Mailman provides a web interface for the administrators and users. So, it requires apache with mod_perl support. Mailman uses an external mail server to send and receive emails. It works perfectly with the following mail servers:
Postfix
Exim
Sendmail
Qmail
We will see how to install mailman, the apache web server and the Exim mail server. If you wish to install mailman with a different mail server, please refer to the references section.
Untuk menginstal apache2 silakan lihat di “Instalasi”.
To install Exim4 you run the following commands at a terminal prompt:
sudo apt-get install exim4 sudo apt-get install exim4-base sudo apt-get install exim4-config
Once exim4 is installed, the configuration files are stored in
the /etc/exim4
directory. In ubuntu, by default, the exim4 configuration files are
split across different files. You can change this behavior by changing
the following variable in the /etc/exim4/update-exim4.conf
file:
dc_use_split_config='true'
To install Mailman, run following command at a terminal prompt:
sudo apt-get install mailman
It copies the installation files in /var/lib/mailman directory. It installs the CGI scripts in /usr/lib/cgi-bin/mailman directory. It creates list linux user. It creates the list linux group. The mailman process will be owned by this user.
This section assumes you have successfully installed mailman, apache2, and exim4. Now you just need to configure them.
Once apache2 is installed, you can add the following lines in
the /etc/apache2/apache2.conf
file:
Alias /images/mailman/ "/usr/share/images/mailman/" Alias /pipermail/ "/var/lib/mailman/archives/public/"
Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts
are installed in the /usr/lib/cgi-bin/mailman
directory. So, the mailman url will be
http://hostname/cgi-bin/mailman/. You can make changes to the
/etc/apache2/apache2.conf
file if you wish to
change this behavior.
Once Exim4 is installed, you can start the Exim server using the following command from a terminal prompt:
sudo apt-get /etc/init.d/exim4 start
In order to make mailman work with exim4, you need to configure exim4. As mentioned earlier, by default, exim4 uses multiple configuration files of different types. For details, please refer to the Exim website. To run mailman, we should add new a configuration file to the following configuration types:
Main
Transport
Router
Exim creates a master configuration file by sorting all these mini configuration files. So, the order of these configuration files is very important.
All the configuration files belonging to the main type are
stored in the
/etc/exim4/conf.d/main/
directory. You can add
the following content to a new file, named 04_exim4-config_mailman
:
# start # Home dir for your Mailman installation -- aka Mailman's prefix # directory. # On Ubuntu this should be "/var/lib/mailman" # This is normally the same as ~mailman MM_HOME=/var/lib/mailman # # User and group for Mailman, should match your --with-mail-gid # switch to Mailman's configure script. Value is normally "mailman" MM_UID=list MM_GID=list # # Domains that your lists are in - colon separated list # you may wish to add these into local_domains as well domainlist mm_domains=hostname.com # # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= # # These values are derived from the ones above and should not need # editing unless you have munged your mailman installation # # The path of the Mailman mail wrapper script MM_WRAP=MM_HOME/mail/mailman # # The path of the list config file (used as a required file when # verifying list addresses) MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck # end
All the configuration files belonging to transport type are stored in
the /etc/exim4/conf.d/transport/
directory. You
can add the following content to a new file named
40_exim4-config_mailman
:
mailman_transport: driver = pipe command = MM_WRAP \ '${if def:local_part_suffix \ {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \ {post}}' \ $local_part current_directory = MM_HOME home_directory = MM_HOME user = MM_UID group = MM_GID
All the configuration files belonging to router type are stored in the
/etc/exim4/conf.d/router/
directory. You can add the following content
in to a new file named 101_exim4-config_mailman
:
mailman_router: driver = accept require_files = MM_HOME/lists/$local_part/config.pck local_part_suffix_optional local_part_suffix = -bounces : -bounces+* : \ -confirm+* : -join : -leave : \ -owner : -request : -admin transport = mailman_transport
The order of main and transport configuration files can be in any order. But, the order of router configuration files must be the same. This particular file must appear before the 200_exim4-config_primary file. These two configuration files contain same type of information. The first file takes the precedence. For more details, please refer to the references section.
Once mailman is installed, you can run it using the following command:
sudo /etc/init.d/mailman start
Once mailman is installed, you should create the default mailing list. Run the following command to create the mailing list:
sudo /usr/sbin/newlist mailman
Enter the email address of the person running the list: bhuvan at ubuntu.com
Initial mailman password:
To finish creating your mailing list, you must edit your /etc/aliases
(or
equivalent) file by adding the following lines, and possibly running the
`newaliases' program:
## mailman mailing list
mailman: "|/var/lib/mailman/mail/mailman post mailman"
mailman-admin: "|/var/lib/mailman/mail/mailman admin mailman"
mailman-bounces: "|/var/lib/mailman/mail/mailman bounces mailman"
mailman-confirm: "|/var/lib/mailman/mail/mailman confirm mailman"
mailman-join: "|/var/lib/mailman/mail/mailman join mailman"
mailman-leave: "|/var/lib/mailman/mail/mailman leave mailman"
mailman-owner: "|/var/lib/mailman/mail/mailman owner mailman"
mailman-request: "|/var/lib/mailman/mail/mailman request mailman"
mailman-subscribe: "|/var/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe mailman"
Hit enter to notify mailman owner...
#
We have configured exim to recognize all emails from mailman. So, it is
not mandatory to make any new entries in
/etc/aliases
. If you have made any changes
to the configuration files, please ensure that you restart those
services before continuing to next section.
We assume you have a default installation. The mailman cgi scripts are still in /usr/lib/cgi-bin/mailman/ directory. Mailman provides a web based administration facility. To access this page, point your browser to the following url:
http://hostname/cgi-bin/mailman/admin
The default mailing list, mailman, will appear in this screen. If you click the mailing list name, it will ask for your authentication password. If you enter the correct password, you will be able to change administrative settings of this mailing list. You can create a new mailing list using command line utility (/usr/sbin/newlist). Alternatively, you can create a new mailing list using web interface.
Mailman provides a web based interface for users. To access this page, point your browser to the following url:
http://hostname/cgi-bin/mailman/listinfo
The default mailing list, mailman, will appear in this screen. If you click the mailing list name, it will display the subscription form. You can enter your email address, name (optional), and password to subscribe. An email invitation will be sent to you. You can follow the instructions in the email to subscribe.