Installing A Mail Server

From Nearline Storage
Revision as of 21:22, 10 May 2020 by Dlk (talk | contribs) (Created page with "=Installing A Mail Server= ==Postfix, Dovecot, MariaDB, Amavis, SpamAssassin, Clamav, Roundcube, and PostfixAdmin on Fedora 31== I started with [https://www.systempandit.com...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Installing A Mail Server

Postfix, Dovecot, MariaDB, Amavis, SpamAssassin, Clamav, Roundcube, and PostfixAdmin on Fedora 31

I started with this cookbook written by Shrinivas Gundu on the SystemPandit web site and updated it as I went along.

Introduction

First things first. If you are a novice at linux I recommend that you should get help with setting this up. This is an advanced email server configuration. This configuration will allow you to serve multiple domains on one server. This howto will allow you to setup a server that is one of four mail server types:

  • Mail server with spam and virus checking (Most people. Do everything in the howto)
  • Mail server w/o spam and virus checking (Someone else is doing email filtering for you)
  • Backup MX / spam and virus filtering server (you want to divide things up)
  • Backup MX (You want to receive and hold mail while your main server is down)

You will get the following features:

  • Postfix: the workhorse behind the mail receiving and sending
    • SMTP authentication
    • secure smtp using TLS
  • Dovecot: imap and pop3 mailbox service
    • secure imap and pop3
    • server side filtering of flagged spam to a spam folder
  • mysql: handle all the virtual domains and users
  • PostfixAdmin: GUI for domain administration
  • Roundcube: web mail access
  • spam/virus filtering using amavisd-new, spamassassin and clamav

Installing The Software

We’ll start with distribution packages:

 $ sudo dnf install roundcubemail dovecot dovecot-mysql dovecot-pigeonhole cyrus-sasl-devel cyrus-sasl-sql subversion perl-MailTools perl-MIME-EncWords perl-MIME-Charset perl-Email-Valid perl-Test-Pod perl-TimeDate perl-Mail-Sender perl-Log-Log4perl imapsync offlineimap amavisd clamav clamd clamav-update perl-Convert-BinHex php-imap postfix postfix-mysql postfix-pcre unrar lz4

Postfix.Admin isn't part of the distribution. Download and install the RPM from https://sourceforge.net/projects/postfixadmin/files/postfixadmin/postfixadmin-3.2/ The RPM tries to use the user and group http2 for the httpd server user. This is incorrect on Fedora. Make sure you change all file ownership to apache:apache in the usershare/postfixadmin and /etc/postfixadmin directories.

Configuring The Server

Obtain An SSL Certificate

If you have no other source then use LetsEncrypt.com's certbot tool to obtain a free SSL certificate for your server.

Setup the Virtual Mail User

Next we’ll configure the mail store directory. We put it in the /home directory to make backups and other item easy. So type the following.

 $ sudo mkdir /home/vmail
 $ sudo chmod 770 /home/vmail
 $ sudo useradd -r -u 101 -g mail -d /home/vmail -s /sbin/nologin vmail
 $ sudo chown vmail:mail /home/vmail

Configuring Postfix Admin

Create the apache config file for postfixadmin, /etc/httpd/conf.d/postfixadmin.conf:

 alias /mailadmin /usr/share/postfixadmin
 <Directory "/usr/share/postfixadmin">
     AllowOverride AuthConfig
 </Directory>
 

The restart apache:

 $ service httpd restart

Now we need to setup the mysql database for postfixadmin. We only need to create the database and user. The setup file will create the rest.

 $ mysql -u root -p -e “CREATE DATABASE postfix;”

Now its time to setup the config file. Don’t forget to set your password.

 $ cd /usr/share/postfixadmin
 $ sudo vi config.local.php


<?php /**

* Contains configuration options that override the default config file
*/

/*****************************************************************

*  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 
* You have to set $CONF['configured'] = true; before the
* application will run!
* Doing this implies you have changed this file as required.
* i.e. configuring database etc; specifying setup.php password etc.
*/

$CONF['configured'] = true;

// In order to setup Postfixadmin, you MUST specify a hashed password here. // To create the hash, visit setup.php in a browser and type a password into the field, // on submission it will be echoed out to you as a hashed value. $CONF['setup_password'] = 'changeme'; $CONF['postfix_admin_url'] = '/mailadmin'; $CONF['database_type'] = 'mysqli'; $CONF['database_host'] = 'localhost'; $CONF['database_user'] = 'postfix'; $CONF['database_password'] = 'changeme'; $CONF['database_name'] = 'postfix'; $CONF['admin_email'] = 'postmaster@change-this-to-your.domain.tld'; $CONF['encrypt'] = 'md5crypt'; $CONF['dovecotpw'] = "/usr/sbin/dovecotpw"; $CONF['min_password_length'] = 6; $CONF['page_size'] = '20'; $CONF['domain_path'] = 'YES'; $CONF['domain_in_mailbox'] = 'NO'; $CONF['aliases'] = '50'; $CONF['mailboxes'] = '50'; $CONF['maxquota'] = '100'; $CONF['quota'] = 'YES'; $CONF['quota_multiplier'] = '1024000'; $CONF['transport'] = 'YES'; $CONF['transport_options'] = array (

   'virtual',  // for virtual accounts
   'local',    // for system accounts
   'relay'     // for backup mx

); $CONF['transport_default'] = 'virtual'; $CONF['vacation'] = 'YES'; $CONF['vacation_domain'] = 'autoreply.change-this-to-your.domain.tld'; $CONF['vacation_control'] ='YES'; $CONF['vacation_control_admin'] = 'YES'; $CONF['special_alias_control'] = 'YES'; $CONF['user_footer_link'] = "http://change-this-to-your.domain.tld/main"; $CONF['show_footer_text'] = 'YES'; $CONF['footer_text'] = 'Return to change-this-to-your.domain.tld'; $CONF['footer_link'] = 'http://change-this-to-your.domain.tld'; $CONF['create_mailbox_subdirs']=array('Drafts','Spam','Sent','Trash'); $CONF['create_mailbox_subdirs_host']='localhost'; $CONF['create_mailbox_subdirs_prefix']=; $CONF['used_quotas'] = 'YES'; $CONF['new_quota_table'] = 'YES'; // $CONF['create_mailbox_subdirs_hostoptions']=array('notls'); $CONF['create_mailbox_subdirs_hostoptions']=array('novalidate-cert','norsh');

// // END OF CONFIG FILE // Next we need to run the setup.php script in a web browser. Enter the url in your browser. Ex. http://yourdomain.tld/mailadmin/setup.php

If everything shows OK then create the admin user using the form displayed. Follow the instructions for setting the setup password.

Log into the web interface and follow the directions. http://yourdomain.tld/mailadmin/

Configuring Postfix Here we go with more config files. You’ll have to be sure to change some settings to match your host. The config files will have sections commented out. Don’t worry about it. These sections are for spam/virus/sympa configuration. Just copy and past to create the config files. What ever you see here replaces what already exists.

The main postfix config files. /etc/postfix/main.cf


  1. postfix config file
  1. uncomment for debugging if needed
  2. soft_bounce=yes
  1. postfix main

mail_owner = postfix setgid_group = postdrop delay_warning_time = 4

  1. postfix paths

html_directory = no command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix queue_directory = /var/spool/postfix sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man

  1. network settings:/html_dir

inet_interfaces = all mydomain = yourdomain.com myhostname = host.yourdomain.com mynetworks = $config_directory/mynetworks mydestination = $myhostname, localhost.$mydomain, localhost relay_domains = proxy:mysql:/etc/postfix/mysql-relay_domains_maps.cf

  1. mail delivery

recipient_delimiter = +

  1. mappings

alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases transport_maps = hash:/etc/postfix/transport

  1. local_recipient_maps =
  1. virtual setup

virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf,

                    regexp:/etc/postfix/virtual_regexp

virtual_mailbox_base = /home/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains_maps.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf

virtual_minimum_uid = 101 virtual_uid_maps = static:101 virtual_gid_maps = static:12 virtual_transport = dovecot dovecot_destination_recipient_limit = 1

  1. debugging

debug_peer_level = 2 debugger_command =

        PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
        xxgdb $daemon_directory/$process_name $process_id & sleep 5
  1. authentication

smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth

  1. tls config

smtp_use_tls = yes smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache

  1. Change mail.example.com.* to your host name

smtpd_tls_key_file = /etc/pki/tls/private/mail.example.com.key smtpd_tls_cert_file = /etc/pki/tls/certs/mail.example.com.crt

  1. smtpd_tls_CAfile = /etc/pki/tls/root.crt
  1. rules restrictions

smtpd_client_restrictions = smtpd_helo_restrictions = smtpd_sender_restrictions = smtpd_recipient_restrictions = permit_sasl_authenticated,

       permit_mynetworks, 
       reject_unauth_destination,
       reject_non_fqdn_sender,
       reject_non_fqdn_recipient, 
       reject_unknown_recipient_domain
  1. uncomment for realtime black list checks
  2. ,reject_rbl_client zen.spamhaus.org
  3. ,reject_rbl_client bl.spamcop.net
  4. ,reject_rbl_client dnsbl.sorbs.net

smtpd_helo_required = yes unknown_local_recipient_reject_code = 550 disable_vrfy_command = yes smtpd_data_restrictions = reject_unauth_pipelining

  1. Other options
  2. email size limit ~20Meg

message_size_limit = 204800000 /etc/postfix/master.cf


  1. Postfix master process configuration file. For details on the format
  2. of the file, see the Postfix master(5) manual page.
  3. ***** Unused items removed *****
  4. ==========================================================================
  5. service type private unpriv chroot wakeup maxproc command + args
  6. (yes) (yes) (yes) (never) (100)
  7. ==========================================================================

smtp inet n - n - - smtpd

  1. -o content_filter=smtp-amavis:127.0.0.1:10024
  2. -o receive_override_options=no_address_mappings

submission inet n - n - - smtpd

 -o syslog_name=postfix/submission
 -o smtpd_tls_security_level=encrypt
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_sasl_type=dovecot
 -o smtpd_sasl_path=private/auth
 -o smtpd_sasl_security_options=noanonymous
 -o smtpd_sasl_local_domain=$myhostname
 -o smtpd_sasl_authenticated_header=no
 -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 -o smtpd_relay_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject

smtps inet n - n - - smtpd

 -o syslog_name=postfix/smtps
 -o smtpd_tls_wrappermode=yes
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_reject_unlisted_recipient=no
 -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

pickup fifo n - n 60 1 pickup

 -o content_filter= 
 -o receive_override_options=no_header_body_checks

cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr

  1. qmgr fifo n - n 300 1 oqmgr

tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp

  1. When relaying mail as backup MX, disable fallback_relay to avoid MX loops

relay unix - - n - - smtp

       -o fallback_relay=
  1. -o smtp_helo_timeout=5 -o smtp_connect_timeout=5

showq unix n - n - - showq error unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache

  1. ====================================================================
  2. Interfaces to non-Postfix software. Be sure to examine the manual
  3. pages of the non-Postfix software to find out what options it wants.
  4. ====================================================================

maildrop unix - n n - - pipe

 flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}

uucp unix - n n - - pipe

 flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

ifmail unix - n n - - pipe

 flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)

bsmtp unix - n n - - pipe

 flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
  1. spam/virus section

smtp-amavis unix - - y - 2 smtp

 -o smtp_data_done_timeout=1200
 -o disable_dns_lookups=yes
 -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - y - - smtpd

 -o content_filter=
 -o smtpd_helo_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o mynetworks=127.0.0.0/8
 -o smtpd_error_sleep_time=0
 -o smtpd_soft_error_limit=1001
 -o smtpd_hard_error_limit=1000
 -o receive_override_options=no_header_body_checks
 -o smtpd_helo_required=no
 -o smtpd_client_restrictions=
 -o smtpd_restriction_classes=
 -o disable_vrfy_command=no
 -o strict_rfc821_envelopes=yes
  1. Dovecot LDA

dovecot unix - n n - - pipe

 flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d ${recipient}
  1. Vacation mail

vacation unix - n n - - pipe

 flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}

/etc/postfix/mynetworks


  1. This specifies the list of subnets that Postfix considers as
  2. "trusted" SMTP clients that have more privileges than "strangers".
  3. In particular, "trusted" SMTP clients are allowed to relay mail
  4. through Postfix.
  5. Be sure to add your public ip address block if needed.

192.168.0.0/16 10.0.0.0/8 127.0.0.0/8 The postfix / mysql config files. /etc/postfix/mysql-virtual_alias_maps.cf


hosts = localhost user = postfix password = postfix dbname = postfix query = SELECT goto FROM alias WHERE address='%s' AND active = '1' /etc/postfix/mysql-virtual_domains_maps.cf


hosts = localhost user = postfix password = postfix dbname = postfix query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1' /etc/postfix/mysql-relay_domains_maps.cf


hosts = localhost user = postfix password = postfix dbname = postfix query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1' /etc/postfix/mysql-virtual_mailbox_maps.cf


hosts = localhost user = postfix password = postfix dbname = postfix query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1' /etc/postfix/mysql-virtual_mailbox_limit_maps.cf


hosts = localhost user = postfix password = postfix dbname = postfix query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1' We need to touch a file. So type the follwoing. > touch /etc/postfix/virtual_regexp

Configure Vacation Email Functionallity Lets finish the postfix configuration with vacation mail. Don’t forget to fill in your domain name where needed. Type the following: > > echo “autoreply.yourdomain.com vacation:” > /etc/postfix/transport > postmap /etc/postfix/transport > > echo “127.0.0.1 autoreply.yourdomain.com” >> /etc/hosts >

Create /etc/postfixadmin/vacation.conf with the following:


  1. ========== begin configuration ==========

$db_type = 'mysql'; $db_username = 'user'; $db_password = 'password'; $db_name = 'postfix'; $vacation_domain = 'autoreply.example.org'; Configuring Dovecot Now for the dovecot config file. Dovecot now uses multiple config files to break things up. We’re going to only use a couple config files. So cut and paste the following files. > mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.save > nano -w /etc/dovecot/dovecot.conf


    1. Dovecot config file

protocols = imap pop3 lmtp sieve auth_mechanisms = plain login passdb {

 driver = sql
 args = /etc/dovecot/dovecot-mysql.conf

} userdb {

 driver = prefetch

} userdb {

 driver = sql
 args = /etc/dovecot/dovecot-mysql.conf

} mail_location = maildir:/home/vmail/%d/%n first_valid_uid = 101

  1. last_valid_uid = 0

first_valid_gid = 12

  1. last_valid_gid = 0
  2. mail_plugins =

mailbox_idle_check_interval = 30 secs maildir_copy_with_hardlinks = yes service imap-login {

 inet_listener imap {
   port = 143
 }
 inet_listener imaps {
   port = 993
   ssl = yes
 }

} service pop3-login {

 inet_listener pop3 {
   port = 110
 }
 inet_listener pop3s {
   port = 995
   ssl = yes
 }

} service lmtp {

 unix_listener lmtp {
   #mode = 0666
 }

} service imap {

 vsz_limit = 256M

} service pop3 { } service auth {

 unix_listener auth-userdb {
   mode = 0666
   user = vmail
   group = mail
 }
 # Postfix smtp-auth
 unix_listener /var/spool/postfix/private/auth {
   mode = 0666
   user = postfix
   group = postfix
 }

} service auth-worker { } service dict {

 unix_listener dict {
   mode = 0666
   user = vmail
   group = mail
 }

} service managesieve-login {

 inet_listener sieve {
   port = 4190
 }
 service_count = 1
 process_min_avail = 0
 vsz_limit = 64M

} service managesieve { } service stats {

 unix_listener stats-writer {
   group = mail
   mode = 0660
   user = vmail
 }

}ssl = yes ssl_cert = </etc/pki/tls/certs/your-server.your-domain.tld.crt ssl_key = </etc/pki/tls/private/your-server.your-domain.tld.key ssl_verify_client_cert = no

  1. ssl_ca =

lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes protocol lda {

 mail_plugins = quota sieve
 postmaster_address = postmaster@your-domain.tld

} protocol imap {

 mail_plugins = quota imap_quota trash
 imap_client_workarounds = delay-newmail

} lmtp_save_to_detail_mailbox = yes protocol lmtp {

 mail_plugins = sieve

} protocol pop3 {

 mail_plugins = quota
 pop3_client_workarounds = outlook-no-nuls oe-ns-eoh

} protocol sieve {

 managesieve_max_line_length = 65536
 managesieve_implementation_string = Dovecot Pigeonhole
 managesieve_max_compile_errors = 5

} dict {

 quotadict = mysql:/etc/dovecot/dovecot-dict-quota.conf

} plugin {

 quota = dict:user::proxy::quotadict
 acl = vfile:/etc/dovecot/acls
 trash = /etc/dovecot/trash.conf
 sieve_global_path = /home/sieve/globalfilter.sieve
 sieve = ~/dovecot.sieve
 sieve_dir = ~/sieve
 sieve_global_dir = /home/sieve/
 #sieve_extensions = +notify +imapflags
 sieve_max_script_size = 1M
 #sieve_max_actions = 32
 #sieve_max_redirects = 4

} Now for trash.conf > nano -w /etc/dovecot/trash.conf


1 Spam

  1. Uncomment if you want trash as well
  2. 2 Trash

Next we configure Dovecot to access mysql. Create the following file. NOTE: password_query and user_query were formatted to fit on the webpage. Each one should only be one line in the file. /etc/dovecot/dovecot-mysql.conf


driver = mysql connect = host=localhost dbname=postfix user=postfix password=yourpassword default_pass_scheme = MD5-CRYPT

  1. following should all be on one line.

password_query = SELECT username as user, password, concat('/home/vmail/', maildir) as userdb_home, concat('maildir:/home/vmail/', maildir) as userdb_mail, 101 as userdb_uid, 12 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'

  1. following should all be on one line

user_query = SELECT concat('/home/vmail/', maildir) as home, concat('maildir:/home/vmail/', maildir) as mail, 101 AS uid, 12 AS gid, CONCAT('*::bytes=', quota) as quota_rule FROM mailbox WHERE username = '%u' AND active = '1' and /etc/dovecot/dovecot-dict-quota.conf


connect = host=localhost dbname=postfix user=postfix password=password map {

 pattern = priv/quota/storage
 table = quota2
 username_field = username
 value_field = bytes

} map {

 pattern = priv/quota/messages
 table = quota2
 username_field = username
 value_field = messages

} Finally set Dovecot to boot at startup.

Now Create the sieve filter for SPAM filtering. > mkdir /home/sieve > nano -w /home/sieve/globalfilter.sieve > chown -R vmail:mail /home/sieve


require "fileinto";

 if exists "X-Spam-Flag" {
         if header :contains "X-Spam-Flag" "NO" {
         } else {
         fileinto "Spam";      
         stop;
         }
 }
 if header :contains "subject" ["***SPAM***"] {
   fileinto "Spam";      
   stop;
 }

Configuring Roundcube mail Edit the roundcube apache config file to look like the following: >nano -w /etc/httpd/conf.d/roundcubemail.conf


  1. Round Cube Webmail is a browser-based multilingual IMAP client
  1. Force https here instead of in Round Cube

RewriteEngine On

  1. This checks to make sure the connection is not already HTTPS

RewriteCond %{HTTPS} !=on

  1. These rules will redirect all users who are using any part of /secure/ to the same location but using HTTPS.
  2. i.e. http://www.example.com/secure/ to https://www.example.com/secure/

RewriteRule ^/?roundcubemail/(.*) https://%{SERVER_NAME}/roundcubemail/$1 [R,L] RewriteRule ^/?webmail/(.*) https://%{SERVER_NAME}/webmail/$1 [R,L]

Alias /roundcubemail /usr/share/roundcubemail Alias /webmail /usr/share/roundcubemail

<Directory /usr/share/roundcubemail/>

       Order Deny,Allow
       Deny from all
       Allow from all
       php_value suhosin.session.encrypt Off 

</Directory> Create the database for roundcube. > mysql -u root -p -e “CREATE DATABASE roundcubemail;” > mysql -u root -p -e “GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost IDENTIFIED BY ‘password’;”

Create the tables. > mysql -u root -p roundcubemail < /usr/share/doc/roundcubemail-0.5.4/SQL/mysql.initial.sql

Edit /etc/roundcubemail/db.inc.php and find the line:


$rcmail_config['db_dsnw'] = 'mysql://roundcube:pass@localhost/roundcubemail'; Change ‘pass’ to your passowrd.

Edit /etc/roundcubemail/main.inc.php and find the lines and make the changes below:

find:


$rcmail_config['default_host'] = ; change to:


$rcmail_config['default_host'] = 'localhost'; find:


$rcmail_config['smtp_server'] = ; change to:


$rcmail_config['smtp_server'] = 'localhost'; find:


$rcmail_config['force_https'] = false; change to:


$rcmail_config['force_https'] = true; find:


$rcmail_config['plugins'] = array(); change to:


$rcmail_config['plugins'] = array('managesieve'); find:


$rcmail_config['quota_zero_as_unlimited'] = false; change to:


$rcmail_config['quota_zero_as_unlimited'] = true; Restart apache. > service httpd restart

Configuring the Little Things That Drive You MAD Be sure your /etc/hosts looks similar to the following.


  1. Do not remove the following line, or various programs
  2. that require network functionality will fail.

127.0.0.1 localhost 192.168.11.21 host.domain.com Preparing and Testing the Postoffice First things first. Reboot the system. If everything went well we all should be at the same point.

No errors? Lets keep going.

Setup a test domain and account. Setup your favorit mail client and send some test emails.

Setting up Spam and Virus Filtering (Optional) Lets cover installing and configuring spam and virus filtering. Optional? Huh? Some people use a 3rd party or use a seperate server for filtering.


Update and restart clamav: > freshclam >

Configuring Amavisd

You need to edit /etc/amavisd/amavisd.conf Here is a list of items you should change. just scroll through the file to find each item.

$mydomain = ‘example.com’; # set to your domain name

$log_level = 1; # set the log leve to one

$sa_tag_level_deflt = -99; # i want to see the headers so change to -99

$sa_tag2_level_deflt = 5.0; # start with 5

$sa_kill_level_deflt = 9; # change to 9

$sa_dsn_cutoff_level = 9; # change to 9

$sa_quarantine_cutoff_level = 50; # remove the starting # and change to 50

$myhostname = ‘lightning.campworld.net’; # remove the starting # and enter your host name

$notify_method = ‘smtp:[127.0.0.1]:10025’; # uncomment the line

$forward_method = ‘smtp:[127.0.0.1]:10025’; # uncomment the line

$final_banned_destiny = D_DISCARD; # change to D_DISCARD

Now enable clamav: Change the following:


  1. ### http://www.clamav.net/
  2. ['ClamAV-clamd',
  3. \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
  4. qr/\bOK$/m, qr/\bFOUND$/m,
  5. qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],

to


### http://www.clamav.net/
['ClamAV-clamd',
  \&ask_daemon, ["CONTSCAN {}\n", "/var/clamd.amavisd/clamd.sock"],
  qr/\bOK$/m, qr/\bFOUND$/m,
  qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],

Now update spamassassin and start amavisd-new. > sa-update > service amavisd-new start

Be sure to set amavisd-new to start at boot.

Telling Postfix to Start Filtering SPAM To get postfix going we need to un-comment a couple lines in /etc/postfix/master.cf Find:


smtp inet n - n - - smtpd

  1. -o content_filter=smtp-amavis:127.0.0.1:10024
  2. -o receive_override_options=no_address_mappings

Change to:


smtp inet n - n - - smtpd

 -o content_filter=smtp-amavis:127.0.0.1:10024
 -o receive_override_options=no_address_mappings

Restart postfix and you’re done.

Using The Roundcubemail Password Plugin (Optional) Let your users change their password using roundcubemail instead of postfixadmin.

Edit /etc/roundcubemail/main.inc.php and find the lines and make the changes below:

find:


$rcmail_config['plugins'] = array('managesieve'); change to:


$rcmail_config['plugins'] = array('managesieve','password'); Now lets configure the password plugin. > cd /usr/share/roundcubemail/plugins/password/ > cp config.inc.php.dist config.inc.php

Edit config.inc.php

find:


$rcmail_config['password_db_dsn'] = ; change to:


$rcmail_config['password_db_dsn'] = 'mysql://postfix:your-postfixadmin-password@localhost/postfix'; find:


$rcmail_config['password_query'] = 'SELECT update_passwd(%c, %u)'; change to:


$rcmail_config['password_query'] = 'UPDATE mailbox SET password=%c WHERE username=%u limit 1;'; Restart apache. > service httpd restart

Categories: linux, Mail Server

Comments are closed.