Email Services
Predchádzajúci
Nasledujúci

Email Services

The process of getting an email from one person to another over a network or the Internet involves many systems working together. Each of these systems must be correctly configured for the process to work. The sender uses a Mail User Agent (MUA), or email client, to send the message through one or more Mail Transfer Agents (MTA), the last of which will hand it off to a Mail Delivery Agent (MDA) for delivery to the recipient's mailbox, from which it will be retrieved by the recipient's email client, usually via a POP3 or IMAP server.

Postfix

Postfix is the default Mail Transfer Agent (MTA) in Ubuntu. It attempts to be fast and easy to administer and secure. It is compatible with the MTA sendmail. This section explains how to install and configure postfix. It also explains how to set it up as an SMTP server using a secure connection (for sending emails securely).

Installation

To install postfix with SMTP-AUTH and Transport Layer Security (TLS), run the following command:

sudo apt-get install postfix

Simply press return when the installation process asks questions, the configuration will be done in greater detail in the next stage.

Basic Configuration

To configure postfix, run the following command:

sudo dpkg-reconfigure postfix

The user interface will be displayed. On each screen, select the following values:

  • Ok

  • Internet Site

  • NONE

  • mail.example.com

  • mail.example.com, localhost.localdomain, localhost

  • No

  • 127.0.0.0/8

  • Yes

  • 0

  • +

  • all

Poznámka

Replace mail.example.com with your mail server hostname.

SMTP Authentication

The next steps are to configure postfix to use SASL for SMTP AUTH. Rather than editing the configuration file directly, you can use the postconf command to configure all postfix parameters. The configuration parameters will be stored in /etc/postfix/main.cf file. Later if you wish to re-configure a particular parameter, you can either run the command or change it manually in the file.

  1. Configure Postfix to do SMTP AUTH using SASL (saslauthd):

    postconf -e 'smtpd_sasl_local_domain ='
    postconf -e 'smtpd_sasl_auth_enable = yes'
    postconf -e 'smtpd_sasl_security_options = noanonymous'
    postconf -e 'broken_sasl_auth_clients = yes'
    postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
    postconf -e 'inet_interfaces = all'
    echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
    echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf
    

  2. Next, configure the digital certificate for TLS. When asked questions, follow the instructions and answer appropriately.

    openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
    chmod 600 smtpd.key
    openssl req -new -key smtpd.key -out smtpd.csr
    openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
    openssl rsa -in smtpd.key -out smtpd.key.unencrypted
    mv -f smtpd.key.unencrypted smtpd.key
    openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
    mv smtpd.key /etc/ssl/private/
    mv smtpd.crt /etc/ssl/certs/
    mv cakey.pem /etc/ssl/private/
    mv cacert.pem /etc/ssl/certs/
    

    Poznámka

    You can get the digital certificate from a certificate authority. Alternatively, you can create the certificate yourself. Refer to “Creating a Self-Signed Certificate” for more details.

  3. Configure Postfix to do TLS encryption for both incoming and outgoing mail:

    postconf -e 'smtpd_tls_auth_only = no'
    postconf -e 'smtp_use_tls = yes'
    postconf -e 'smtpd_use_tls = yes'
    postconf -e 'smtp_tls_note_starttls_offer = yes'
    postconf -e 'smtpd_tls_key_file = /etc/ssl/private/smtpd.key'
    postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt'
    postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
    postconf -e 'smtpd_tls_loglevel = 1'
    postconf -e 'smtpd_tls_received_header = yes'
    postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
    postconf -e 'tls_random_source = dev:/dev/urandom'
    postconf -e 'myhostname = mail.example.com'
    

Poznámka

After you run all the commands, the SMTP AUTH is configured with postfix. The self-signed cerficiate is created for TLS and it is configured with postfix.

Now, the file /etc/postfix/main.cf should look like this.

The postfix initial configuration is complete. Run the following command to start postfix daemon:

            
              
                sudo /etc/init.d/postfix start
              
            
          

Now the postfix daemon is installed, configured and run successfully. Postfix supports SMTP AUTH as defined in RFC2554. It is based on SASL. However it is still necessary to set up SASL authentication before you can use SMTP.

Configuring SASL

The libsasl2, sasl2-bin and libsasl2-modules are necessary to enable SMTP AUTH using SASL. You can install these applications if you have not installed them already.

apt-get install libsasl2 sasl2-bin

A few changes are necessary to make it work properly. Because Postfix runs chrooted in /var/spool/postfix, SASL needs to be configured to run in the false root (/var/run/saslauthd becomes /var/spool/postfix/var/run/saslauthd):

mkdir -p /var/spool/postfix/var/run/saslauthd
rm -rf /var/run/saslauthd

To activate saslauthd, edit the file /etc/default/saslauthd, and change or add the START variable. In order to configure saslauthd to run in the false root, add the PWDIR, PIDFILE and PARAMS variables. Finally, configure the MECHANISMS variable to your liking. The file should look like this:

# This needs to be uncommented before saslauthd will be run
# automatically
START=yes

PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"

# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"

MECHANISMS="pam"

Poznámka

If you prefer, you can use shadow instead of pam. This will use MD5 hashed password transfer and is perfectly secure. The username and password needed to authenticate will be those of the users on the system you are using on the server.

Next, update the dpkg "state" of /var/spool/portfix/var/run/saslauthd. The saslauthd init script uses this setting to create the missing directory with the appropriate permissions and ownership:

dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd

Testing

SMTP AUTH configuration is complete. Now it is time to start and test the setup. You can run the following command to start the SASL daemon:

            
              
                sudo /etc/init.d/saslauthd start
              
            
          

To see if SMTP-AUTH and TLS work properly, run the following command:

            
              
                telnet mail.example.com 25
              
            
          

After you have established the connection to the postfix mail server, type:

ehlo mail.example.com

If you see the following lines among others, then everything is working perfectly. Type quit to exit.

250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME

Exim4

Exim4 is is another Message Transfer Agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the internet. Exim can be installed in place of sendmail, although the configuration of exim is quite different to that of sendmail.

Installation

To install exim4, run the following command:

sudo apt-get install exim4 exim4-base exim4-config

Configuration

To configure exim4, run the following command:

sudo dpkg-reconfigure exim4-config

The user interface will be displayed. The user interface lets you configure many parameters. For example, In exim4 the configuration files are split among multiple files. If you wish to have them in one file you can configure accordingly in this user interface.

All the parameters you configure in the user interface are stored in /etc/exim4/update-exim4.conf.conf file. If you wish to re-configure, either you re-run the configuration wizard or manually edit this file using your favourite editor. Once you configure, you can run the following command to generate the master configuration file:

sudo update-exim4.conf

The master configuration file, is generated and it is stored in /var/lib/exim4/config.autogenerated.

Varovanie

At any time, you should not edit the master configuration file, /var/lib/exim4/config.autogenerated manually. It is updated automatically every time you run update-exim4.conf

You can run the following command to start exim4 daemon.

sudo /etc/init.d/exim4 start

TODO: This section should cover configuring SMTP AUTH with exim4.

Dovecot Server

Dovecot is a Mail Delivery Agent, written with security primarily in mind. It supports the major mailbox formats: mbox or Maildir. This section explain how to set it up as an imap or pop3 server.

Installation

To install dovecot, run the following command in the command prompt:

sudo apt-get install dovecot-common dovecot-imapd dovecot-pop3d

Configuration

To configure dovecot, you can edit the file /etc/dovecot/dovecot.conf. You can choose the protocol you use. It could be pop3, pop3s (pop3 secure), imap and imaps (imap secure). A description of these protocols is beyond the scope of this guide. For further information, refer to the wikipedia articles on POP3 and IMAP.

IMAPS and POP3S are more secure that the simple IMAP and POP3 because they use SSL encryption to connect. Once you have chosen the protocol, amend the following line in the file /etc/dovecot/dovecot.conf:

protocols = pop3 pop3s imap imaps

It enables the protocols when dovecot is started. Next, add the following line in pop3 section in the file /etc/dovecot/dovecot.conf:

pop3_uidl_format = %08Xu%08Xv

Next, choose the mailbox you use. Dovecot supports maildir and mbox formats. These are the most commonly used mailbox formats. They both have their own benefits and they are discussed on the dovecot website.

Once you have chosen your mailbox type, edit the file /etc/dovecot/dovecot.conf and change the following line:

default_mail_env = maildir:~/Maildir # (for maildir)
or
default_mail_env = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)

Poznámka

You should configure your Mail Trasport Agent (MTA) to transfer the incoming mail to this type of mailbox if it is different from the one you have configured.

Once you have configured dovecot, start the dovecot daemon in order to test your setup:

            
              
                sudo /etc/init.d/dovecot start
              
            
          

If you have enabled imap, or pop3, you can also try to log in with the commands telnet localhost pop3 or telnet localhost imap2. If you see something like the following, the installation has been successful:

bhuvan@rainbow:~$ telnet localhost pop3
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
+OK Dovecot ready.

Dovecot SSL Configuration

To configure dovecot to use SSL, you can edit the file /etc/dovecot/dovecot.conf and amend following lines:

ssl_cert_file = /etc/ssl/certs/dovecot.pem
ssl_key_file = /etc/ssl/private/dovecot.pem
ssl_disable = no
disable_plaintext_auth = no

The cert and key files are created automatically by dovecot when you install it. Please note that these keys are not signed and will give "bad signature" errors when connecting from a client. To avoid this, you can use commercial certificates, or even better, you can use your own SSL certificates.

Firewall Configuration for an Email Server

To access your mail server from another computer, you must configure your firewall to allow connections to the server on the necessary ports.

  • IMAP - 143

  • IMAPS - 993

  • POP3 - 110

  • POP3S - 995

Mailman

Mailman is an open source program for managing electronic mail discussions and e-newsletter lists. Many open source mailing lists (including all the Ubuntu mailing lists) use Mailman as their mailing list software. It is powerful and easy to install and maintain.

Installation

Mailman provides a web interface for the administrators and users. So, it requires apache with mod_perl support. Mailman uses an external mail server to send and receive emails. It works perfectly with the following mail servers:

  • Postfix

  • Exim

  • Sendmail

  • Qmail

We will see how to install mailman, the apache web server and the Exim mail server. If you wish to install mailman with a different mail server, please refer to the references section.

Apache2

To install apache2 you refer to “Installation”.

Exim4

To install Exim4 you run the following commands at a terminal prompt:

sudo apt-get install exim4
sudo apt-get install exim4-base
sudo apt-get install exim4-config

Once exim4 is installed, the configuration files are stored in the /etc/exim4 directory. In ubuntu, by default, the exim4 configuration files are split across different files. You can change this behavior by changing the following variable in the /etc/exim4/update-exim4.conf file:

  • dc_use_split_config='true'

Mailman

To install Mailman, run following command at a terminal prompt:

sudo apt-get install mailman 

It copies the installation files in /var/lib/mailman directory. It installs the CGI scripts in /usr/lib/cgi-bin/mailman directory. It creates list linux user. It creates the list linux group. The mailman process will be owned by this user.

Configuration

This section assumes you have successfully installed mailman, apache2, and exim4. Now you just need to configure them.

Apache2

Once apache2 is installed, you can add the following lines in the /etc/apache2/apache2.conf file:

Alias /images/mailman/ "/usr/share/images/mailman/"
Alias /pipermail/ "/var/lib/mailman/archives/public/"

Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are installed in the /usr/lib/cgi-bin/mailman directory. So, the mailman url will be http://hostname/cgi-bin/mailman/. You can make changes to the /etc/apache2/apache2.conf file if you wish to change this behavior.

Exim4

Once Exim4 is installed, you can start the Exim server using the following command from a terminal prompt:

sudo apt-get /etc/init.d/exim4 start

In order to make mailman work with exim4, you need to configure exim4. As mentioned earlier, by default, exim4 uses multiple configuration files of different types. For details, please refer to the Exim website. To run mailman, we should add new a configuration file to the following configuration types:

  • Main

  • Transport

  • Router

Exim creates a master configuration file by sorting all these mini configuration files. So, the order of these configuration files is very important.

Main

All the configuration files belonging to the main type are stored in the /etc/exim4/conf.d/main/ directory. You can add the following content to a new file, named 04_exim4-config_mailman:

# start
# Home dir for your Mailman installation -- aka Mailman's prefix
# directory.
# On Ubuntu this should be "/var/lib/mailman"
# This is normally the same as ~mailman
MM_HOME=/var/lib/mailman
#
# User and group for Mailman, should match your --with-mail-gid
# switch to Mailman's configure script.  Value is normally "mailman"
MM_UID=list
MM_GID=list
#
# Domains that your lists are in - colon separated list
# you may wish to add these into local_domains as well
domainlist mm_domains=hostname.com
#
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
#
# These values are derived from the ones above and should not need
# editing unless you have munged your mailman installation
#
# The path of the Mailman mail wrapper script
MM_WRAP=MM_HOME/mail/mailman
#
# The path of the list config file (used as a required file when
# verifying list addresses)
MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck
# end

Transport

All the configuration files belonging to transport type are stored in the /etc/exim4/conf.d/transport/ directory. You can add the following content to a new file named 40_exim4-config_mailman:

  mailman_transport:
   driver = pipe
   command = MM_WRAP \
               '${if def:local_part_suffix \
                     {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
                     {post}}' \
               $local_part
    current_directory = MM_HOME
    home_directory = MM_HOME
    user = MM_UID
    group = MM_GID

Router

All the configuration files belonging to router type are stored in the /etc/exim4/conf.d/router/ directory. You can add the following content in to a new file named 101_exim4-config_mailman:

  mailman_router:
   driver = accept
   require_files = MM_HOME/lists/$local_part/config.pck
   local_part_suffix_optional
   local_part_suffix = -bounces : -bounces+* : \
                       -confirm+* : -join : -leave : \
                       -owner : -request : -admin
   transport = mailman_transport

Varovanie

The order of main and transport configuration files can be in any order. But, the order of router configuration files must be the same. This particular file must appear before the 200_exim4-config_primary file. These two configuration files contain same type of information. The first file takes the precedence. For more details, please refer to the references section.

Mailman

Once mailman is installed, you can run it using the following command:

sudo /etc/init.d/mailman start

Once mailman is installed, you should create the default mailing list. Run the following command to create the mailing list:

sudo /usr/sbin/newlist mailman

  Enter the email address of the person running the list: bhuvan at ubuntu.com
  Initial mailman password:
  To finish creating your mailing list, you must edit your /etc/aliases (or
  equivalent) file by adding the following lines, and possibly running the
  `newaliases' program:

  ## mailman mailing list
  mailman:              "|/var/lib/mailman/mail/mailman post mailman"
  mailman-admin:        "|/var/lib/mailman/mail/mailman admin mailman"
  mailman-bounces:      "|/var/lib/mailman/mail/mailman bounces mailman"
  mailman-confirm:      "|/var/lib/mailman/mail/mailman confirm mailman"
  mailman-join:         "|/var/lib/mailman/mail/mailman join mailman"
  mailman-leave:        "|/var/lib/mailman/mail/mailman leave mailman"
  mailman-owner:        "|/var/lib/mailman/mail/mailman owner mailman"
  mailman-request:      "|/var/lib/mailman/mail/mailman request mailman"
  mailman-subscribe:    "|/var/lib/mailman/mail/mailman subscribe mailman"
  mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"

  Hit enter to notify mailman owner...

  # 

We have configured exim to recognize all emails from mailman. So, it is not mandatory to make any new entries in /etc/aliases. If you have made any changes to the configuration files, please ensure that you restart those services before continuing to next section.

Administration

We assume you have a default installation. The mailman cgi scripts are still in /usr/lib/cgi-bin/mailman/ directory. Mailman provides a web based administration facility. To access this page, point your browser to the following url:

http://hostname/cgi-bin/mailman/admin

The default mailing list, mailman, will appear in this screen. If you click the mailing list name, it will ask for your authentication password. If you enter the correct password, you will be able to change administrative settings of this mailing list. You can create a new mailing list using command line utility (/usr/sbin/newlist). Alternatively, you can create a new mailing list using web interface.

Users

Mailman provides a web based interface for users. To access this page, point your browser to the following url:

http://hostname/cgi-bin/mailman/listinfo

The default mailing list, mailman, will appear in this screen. If you click the mailing list name, it will display the subscription form. You can enter your email address, name (optional), and password to subscribe. An email invitation will be sent to you. You can follow the instructions in the email to subscribe.

Predchádzajúci
Nasledujúci
Domov