How to set-up Mail server in Linux using Postfix with SquirrelMail as web-based client

Visit reference site for more info:

 

   Figure 1:  Shows an example of a web based mail client using squirrel mail.

The following are the step-by-step instructions on how to Install and Configure a mail server with squirrel mail as a Client tool

1. Postfix SMTP Server Setup Howto for RHEL/CentOS 5

Reference site: http://www.linuxmail.info/postfix-smtp-server-howto-centos-5/

Installing and setting up Postfix SMTP Server in Red Hat Enterprise Linux 5 or CentOS 5 is easy. Postfix has secure default settings so we just need to open it up a bit.

Install Postfix

# yum install postfix

Stop sendmail service if its already running to avoid conflict with postfix.

#/etc/init.d/sendmail stop

Configure Postfix

  1. Open a terminal and configure postfix by typing the following command.

#vi /etc/postfix/main.cf

Make sure to add/uncomment(if the lines are existing) the following lines.

inet_interfaces = all

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

home_mailbox = Maildir/

In main.cf, lines starting with # are comments. Save the file after completing your changes.

Make sure that all mail_spool_directory lines are commented out. Otherwise, it will override the setting in the home_mailbox line above.

  1. Restart the postfix service.

#/etc/init.d/postfix restart

Test Postfix

  1. Open a terminal and type the following commands.

Sample postfix session. Replace johndoe with any valid user account. The dot after the line test is a command that should be typed in.

[root@mail ~]# telnet localhost smtp

Trying 127.0.0.1…

Connected to localhost.localdomain (127.0.0.1).

Escape character is ‘^]’.

220 mail.acme.local ESMTP Postfix

ehlo localhost

250-mail.acme.local

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

mail from:<johndoe>

250 2.1.0 Ok

rcpt to:<johndoe>

250 2.1.5 Ok

data

354 End data with <CR><LF>.<CR><LF>

test

.

250 2.0.0 Ok: queued as 9729067C17

quit

221 2.0.0 Bye

Connection closed by foreign host.

[root@mail ~]#

 

To check if the mail indeed exists

[root@mail ~]# cd /home/johndoe/Maildir/new

[root@mail new]# ls

1185669817.Vfd00I18012M795756.mail.acme.local

[root@mail new]# cat 1185669817.Vfd00I18012M795756.mail.acme.local

Don’t worry, you don’t have to type in the whole filename above. Just type in the first few characters say 118 then press Tab to activate automatic completion.

From johndoe@mail.acme.local  Thu Feb 22 21:48:28 2007

Return-Path: <johndoe@mail.acme.local>

X-Original-To: johndoe

Delivered-To: johndoe@mail.acme.local

Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])

        by mail.acme.local (Postfix) with SMTP id 9729067C17

        for <johndoe>; Thu, 22 Feb 2007 21:48:26 -0500 (EST)

Message-Id: <20070222134827.9729067C17@mail.acme.local>

Date: Thu, 22 Feb 2007 21:48:26 -0500 (EST)

From: johndoe@mail.acme.local

To: undisclosed-recipients:;

 

test

 

[root@mail mail]#

If you encounter any problems, check the log file at /var/log/maillog.

Review your Postfix aliases configuration file. There are some predefined email aliases that might conflict with your existing mail accounts like sales, marketing, info, etc.

 

2. Dovecot POP3/IMAP Server Setup Howto for RHEL/CentOS 5

Reference site: http://www.linuxmail.info/install-setup-dovecot-centos-5/

Installing and setting up Dovecot in Red Hat Enterprise Linux 5 or CentOS 5 is easy. All we have to do is to enable the services we would like to provide and we are good to go.

Install Dovecot

# yum install dovecot

Configure Dovecot

  1. Edit the configuration file of dovecot

# vi /etc/dovecot.conf

Make sure to add/uncomment(if existing) the lines below.

 

protocols = pop3 pop3s imap imaps

mail_location = maildir:~/Maildir/

pop3_uidl_format = %08Xu%08Xv

imap_client_workarounds = delay-newmail outlook-idle netscape-eoh

pop3_client_workarounds = outlook-no-nuls oe-ns-eoh

For 64-bit users: Add the line login_process_size = 64 in the file /etc/dovecot.conf.

Lines starting with # are comments. The last two line enables workarounds for various client bugs. Save the file after completing your changes.

  1. Start the dovecot service

# /etc/init.d/dovecot start

Test Dovecot

  1. 1.       Open a terminal. In the Terminal window, type in the highlighted commands below.

Sample dovecot session. Replace johndoe and password with any valid user name and password.

[root@mail ~]# telnet localhost pop3

+OK dovecot ready.

user johndoe

+OK

pass password

+OK Logged in.

list

+OK 1 messages:

1 622

.

retr 1

+OK 622 octets

Return-Path: <johndoe@mail.acme.local>

X-Original-To: johndoe

Delivered-To: johndoe@mail.acme.local

Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])

        by mail.acme.local (Postfix) with SMTP id 9729067C17

        for <johndoe>; Thu, 22 Feb 2007 09:06:37 -0500 (EST)

Message-Id: <20070222140640.9729067C17@mail.acme.local>

Date: Thu, 22 Feb 2007 09:06:37 -0500 (EST)

From: johndoe@mail.acme.local

To: undisclosed-recipients:;

X-IMAPbase: 1172153557 1

Status: O

X-UID: 1

Content-Length: 5

X-Keywords:

 

 

test

.

quit

+OK Logging out.

Connection closed by foreign host.

[root@mail ~]#

3. Postfix SMTP Authentication and Dovecot SASL

SMTP Authentication (SMTP Auth) provides an access control mechanism that can be used to allow legitimate users to relay mail while denying relay service to unauthorized users, such as spammers.

Thanks to the new SASL support in Dovecot 1.0 and the new Dovecot SASL support in Postfix 2.3, setting up SMTP authentication is now easier. Instead of setting up two separate authentication for Postfix and Dovecot, we can now just setup the authentication in Dovecot and just let Postfix talk to Dovecot.

Configure Postfix and Dovecot

1. Edit the file /etc/dovecot.conf and make sure your auth default section has the lines below.

auth default {

  socket listen {

    client {

          path = /var/spool/postfix/private/auth

          mode = 0660

          user = postfix

          group = postfix

    }

  }    

  mechanisms = plain login

}

 

2. Edit /etc/postfix/main.cf, find the keys below and change its values as follows or add it at the bottom of the file if the key (the word before the = sign) cannot be found.

mynetworks = 127.0.0.0/8

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/auth

smtpd_sasl_auth_enable = yes

smtpd_recipient_restrictions =  permit_mynetworks,

    permit_sasl_authenticated, reject_unauth_destination

broken_sasl_auth_clients = yes

 

The first line says trust only localhost, meaning only localhost can send email outside the network (relay). The last line is there to support old clients like Microsoft Outlook Express 4.0 and Microsoft Exchange 5.0 just in case someone is still using it.

 

Lines starting with # are comments. Save the file after completing your changes.

 

3. Restart the Dovecot and Postfix service. But if you installed MailScanner, restart MailScanner instead of Postfix.

 

Test Postfix

In a Terminal window, type in the highlighted commands below.

Sample postfix session

[root@mail ~]# telnet mail smtp

Replace mail with the name of your server. We should not use localhost since localhost is a trusted client ip address. And make sure the domain name you specified does not resolve to 127.0.0.1 which is the IP address of localhost.

Trying 192.168.0.1…

Connected to mail.acme.local (192.168.0.1).

Escape character is ‘^]’.

220 mail.acme.local ESMTP Postfix

ehlo localhost

250-mail.acme.local

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-AUTH LOGIN PLAIN

250-AUTH=LOGIN PLAIN

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

Note the new 250-AUTH lines. See the old SMTP Telnet Test.

mail from:<johndoe>

250 2.1.0 Ok

rcpt to:<test@example.com>

554 5.7.1 <test@example.com>: Relay access denied

It works, now to check if we can send it after authenticating.

auth plain AGpvaG5kb2UAcGFzc3dvcmQ=

235 2.0.0 Authentication successful

rcpt to:<test@example.com>

250 2.1.5 Ok

quit

221 2.0.0 Bye

Connection closed by foreign host.

[root@mail ~]#

You can send to email addresses belonging to your domain without authentication. This is normal as it enables you to receive mail from the outside.

The gibberish text after AUTH PLAIN is the base64 encoded value of the user name johndoe and password password. You can generate your own base64 text using the form below.

Top of Form

User Name:
Password:

Result:

Bottom of Form

If you encounter any problems, check the log file at /var/log/maillog.

4. SquirrelMail Webmail Setup Howto for RHEL/CentOS 5

Reference: http://www.linuxmail.info/squirrelmail-webmail-setup-howto-in-centos-5/

 

SquirrelMail is an open source standards-based webmail package written in PHP. When installed, SquirrelMail is ready out of the box. All it needs is an installed web server like Apache, SMTP server like Postfix, and IMAP server like Dovecot.

Here are the installation guides for Postfix and Dovecot.

Installing Web server

#yum install httpd

Starting the Web Server(make sure its running)

#/etc/init.d/httpd start

Installing Squirrelmail

#yum install squirrelmail

Configuring SquirrelMail

1. From a Terminal window, type in /usr/share/squirrelmail/config/conf.pl and press Enter. This will launch the SquirrelMail Configuration utility.

If your Terminal window has a white background, make sure that the colors are off by looking for the command Turn color on. If the command is Turn color off, type in C and press Enter to turn the colors off. This will ensure that you will be able to read all of the text.

2. Type in 2 and press Enter to select the Server Settings menu.

3. Type in 1 and press Enter to select the Domain menu. Type in your domain name and press Enter. Save your changes when you are done.

I recommend installing the Retrieve User Data plugin so the user’s name will appear whenever he or she sends an email in SquirrelMail.

Testing SquirrelMail

1. Click the globe icon at the top near the System menu to launch the Firefox web browser.

 

If an error occurs, you probably did not install the Graphical Internet package. You can add it now using the Package Manager tool.

2. In the address box, type in http://localhost/webmail and press Enter. Type in a valid username and password and click Login.

3. That’s it, it’s working.

If you encounter any problems, check the log file at /var/log/maillog.

 

Relocating SquirrelMail into the domain root

By default, SquirrelMail is located in the /webmail of your domain. If you prefer to access SquirrelMail from the root of your domain, follow the steps below.

1. Create the file /etc/httpd/conf.d/sqroot.conf containing the lines below.

<VirtualHost *:80>

DocumentRoot /usr/share/squirrelmail

</VirtualHost>

If you are using SSL and you want to force users to use SSL, add the Redirect directive inside the VirtualHost section to redirect browsers to the secured version. See the example below.

redirect permanent / https://mail.acme.local

2. Restart the httpd service.

3. Now try browsing http://localhost

 

Related Pages

How to customize the login page.

How to secure SquirrelMail using SSL.

How to add a password change utility.

How to add Active Directory/LDAP into the SquirrelMail Addressbook.

5. MailScanner, Postfix, ClamAV and SpamAssassin Setup Howto for RHEL/CentOS 5

Reference: http://www.linuxmail.info/mailscanner-postfix-clamav-spamassassin-howto-centos-5/

 

This page will guide you in configuring MailScanner, ClamAV and SpamAssassin to work in Postfix. Before proceeding, please make sure that all of the above components are already installed.

SpamAssassin is included in Red Hat Enterprise Linux 5 and CentOS 5 and it’s ready to go out of the box. Just add it using the Package Manager tool if you haven’t done so during installation.

Configuring MailScanner

1. Edit the file /etc/MailScanner/MailScanner.conf

Find the following keys and change the values as follows

%org-name% = your organization name

%org-long-name% = your full organization name

Run As User = postfix

Run As Group = postfix

Incoming Queue Dir = /var/spool/postfix/hold

Outgoing Queue Dir = /var/spool/postfix/incoming

Incoming Work Group = clamav

Incoming Work Permissions = 0640

MTA = postfix

Virus Scanners = clamd

Clamd Socket = /var/run/clamav/clamd.sock

Use SpamAssassin = yes

SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

 

2.Go to the directory of mailspool for mailscanner

#cd /var/spool/MailScanner

  1. Create  spamassassin folder

#mkdir –p spamassassin

  1. 4.       Change user and group owners of the folders inside /var/spool/MailScanner

#chown postfix incoming; chgroup clamav incoming;chmod ug+rwx  incoming

# chown postfix spamassassin; chgroup clamav spamassassin;chmod ug+rwx spamassassin

# chown postfix quarantine; chgroup clamav quarantinen;chmod ug+rwx quarantine

 

5.       From a terminal window, type in

#ln -s /usr/bin/freshclam /usr/local/bin/freshclam

 

MailScanner will be looking for freshclam in the /usr/local/bin directory so we’ll create a symbolic link to it in that directory.

Integrating MailScanner into Postfix

1. Edit the file /etc/postfix/main.cf and remove the # in front of the line below

header_checks = regexp:/etc/postfix/header_checks

2. Edit the file /etc/postfix/header_checks and add the line below to the bottom of the file

/^Received:/ HOLD

This will now place all incoming mail into the holding area until released by MailScanner.

3. MailScanner should now be the one to start the Postfix service. Stop the Postfix service and start the Clamd and MailScanner service in that order. Learn how to stop and start services here.

4. Test if Postfix is still working. See Test Postfix using Telnet.

If you encounter any problems, check the log file at /var/log/maillog.

Congratulations

Congratulations, your mails are now checked for spam and viruses. Each mail you send or receive will now contain the lines below to indicate that MailScanner is doing its job.

This message has been scanned for viruses and

dangerous content by MailScanner, and is

believed to be clean.

The English language message templates used in MailScanner is stored in /etc/MailScanner/reports/en and can even be configured to add a disclaimer message to outgoing mails.

INSTALLING AND SETTING UP SPAM ASSASIN

A.  Install spamassassin

[root@localhost ~]#  yum -y install spamassassin

B.  Edit /etc/MailScanner/spam.assassin.prefs.conf

Change:

#bayes_path /etc/MailScanner/bayes/bayes

# bayes_file_mode 0770

To:

bayes_path /var/spool/MailScanner/spamassassin/

bayes_file_mode 0770

And modify the directory permissions:

[root@localhost ~]# chown postfix:apache /var/spool/MailScanner/spamassassin/

[root@localhost ~]# chown postfix:apache /var/spool/MailScanner/spamassassin/bayes_*

[root@localhost ~]# chmod g+rws /var/spool/MailScanner/spamassassin/

[root@localhost ~]# chmod g+rw /var/spool/MailScanner/spamassassin/bayes_*

[root@localhost ~]# spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf –lint

You should see lines like the following in the output:

dbg: config: using “/etc/MailScanner/spam.assassin.prefs.conf” for user prefs file

dbg: bayes: tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_toks

dbg: bayes: tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_seen

dbg: bayes: found bayes db version 3

dbg: config: score set 0 chosen.

#starting clam antivirus for Mail

/etc/init.d/clamd

#Testing clam antivirus for Mail

clamscan

#Updating clam antivirus for Mail

freshclam

#Check mail scanner if there’s error

check_MailScanner

#Checking Mailscanner’s settings

MailScanner –lint

#Clam version

clamscan –version

#Starting Spam assassin

/etc/init.d/spamassassin restart

#testing spam assasssin

spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf –lint

spamassassin -D /usr/share/doc/spamassassin-3.3.1/sample-spam.txt

#Example spam assassin directory

/usr/share/doc/spamassassin-3.3.1