Professional Documents
Culture Documents
How To Set Up A Mail Server On A GNU / Linux System
How To Set Up A Mail Server On A GNU / Linux System
Flurdy. (2008, 03 05). How to set up a mail server on a GNU / Linux system.
Retrieved 03 05, 2008, from Flurdy: http://flurdy.com/docs/postfix/
Easy to follow how to on setting up a mail server with unlimited users and domains, with
IMAP/Pop access, anti-spam, anti-virus, secure authentication, encrypted traffic, web mail
interface and more.
postfix
5th edition
Contact / Discuss
Contents
• Editions
• Introduction
o Aim
o Requirements
o Research
o Author
• Software
1
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
• Install
o Distro
o Base
o Repositories
o Packages
o Procedure
• Configure
Post install, what to configure for each section, with full command examples.
o OS (Ubuntu)
o MTA (Postfix)
o Database (MySQL)
o IMAP (Courier)
o Content Checks (amavisd-new)
Anti Virus (ClamAV)
Anti Spam (SpamAssassin)
o Policy (Postgrey)
o Authentication (SASL)
o Encryption (TLS)
o Webmail (SquirrelMail)
o Admin (phpMyAdmin)
o DNS
• Data
Creating the basic stub of data, and how to add your own.
• Extend
2
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
o Auto Reply
o Block Addresses
o Throttle Output
o Mail Lists
o Admin software
• Appendix
o References
o Software Links
o Difference between Ubuntu versions
o Downloads
o Contact
o Todo
o Change Log
Return to top.
Editions
Edition State Started Updated Description
Further details available in the change log and below in the introduction.
3
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
Return to top.
Notice
This document evolves with every ubuntu release. It may have some old incorrect
references. if you encounter any, please let me know.
Introduction
• Aim
• Requirements
• Research
• Author
Aim
This is a step by step howto guide to set up a mail server on a GNU / Linux system. It is
easy to follow, but you end up with a powerfull secure mail server.
The server accepts unlimited domains and users, and all mail can be read via your
favourite clients, or via web mail.
It is secure, traffic can encrypted and it will block virtually all spam and viruses.
Return to top.
Requirements
Hardware: A computer to be the server. Processor and memory requirements are low. Disk
space is relevant to what mail you expect to keep, Range between <1Gb to 200GB. Need
network acces direct to the outside world or ports forwarded through to it.
Skills: You do not need to be a guru, as it is not advanced. However some linux skills is
desired, and knowledge of the risks of leaving ports exposed to the outside world.
Return to top.
Research
Dont take my word for it! Research others opinions and methods. Look at my references,
look at Postfix.org's howtos, read the excellent books available (E.g. Kyle's or
Hildebrandt's), search the web or read the proper documentation.
If you refer to this howto in your own document, or find usefull links, then let me know.
4
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
Author
I am Ivar Abrahamsen, a 29 year old software engineer from Norway, but based in
Manchester. I use Linux a lot, though I am not a guru. My general intrests are sports,
technology and my better half.
Why have I written this how to? I set up my mail server in 2003, and then did the same for
a few friends and collegues. Soon I was getting more request, and being a lazy programmer,
I thought.. "Why don't I write a howto and let them do it themselves..." Soon it was listed
on postfix.org and I was getting thousends of hits and lots of emails. (blessing in disguise)
See the contact section for how to discuss this howto and how to contact me. Send me a note
if you found this usefull. If you use this for commercial purposes, then why not donate a
few quid? (Remember to respect the licenses involved)
Return to top.
Software
Ubuntu
postfix
Courier IMAP
MySQL
amavisd-new
ClamAV
SpamAssassin
SquirrelMail
admin SPF
GnuPG SASL
Ah the age old distro argument... Thankfully this set up should work on most
distros. I used to base this howto on Mandrake(now Mandriva), and I started this
new edition on a Gentoo box. But I don't have the patience for Gentoo, nor the
money to stay with Mandriva Power editions. Why Ubuntu? Its free, simple and
slick. As Ubuntu is derived from debian the installations used here will be apt-get
based. Please refer to my other editions for details on RPM or source based
installations.
• MTA: Postfix
www.postfix.org
5
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
Simple, free and slick. Yup I am a sucker for anything that works easily. Postfix is
powerfull, well established, but not too bloated, and is security concious from the
start.
www.courier-mta.org/imap/
My first mail server installtion was with Courier. I have not found a reason to
change this as again it is simple, and free.
• Database: MySQL
www.mysql.com
www.ijs.si/software/amavisd/
• Anti-Spam: SpamAssassin
spamassassin.apache.org
• Anti-Virus: ClamAV
www.clamav.net
Free virus scanner that can be trusted and includes update daemon.
• PostGrey
isg.ee.ethz.ch/tools/postgrey/
Postgrey is an excellent little script to stop 99% of all spam. All it does is on first
contact for specific from-to combinations, tells the sender server to try again in a
6
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
little while, which most spammers cant afford to do. When proper servers try again
after a few minutes it lets it through.
• Encryption: TLS
www.ietf.org/html.charters/tls-charter.html
Secure and trusted crypthography technology for encryption of SMTP traffic. Not
too be confused with client encryption technology like GnuPG and S/MIME. They
are covered in the extend section. Formerly referenced as SSL.
• WebMail: SquirrelMail
www.squirrelmail.org
Please see software links appendix for further information about these software packages.
In that section there is more links to documentation or forums, and viable alternatives,
downloadable packages, versions details etc.
Install
• Distro
• Base
• Repositories
• Packages
• Procedure
Distro
This section is different for every distribution and for every version.
This howto is based on Ubuntu and its base of debian which uses apt-get. Therefor this
section uses apt packages to its fullest.
For other installation method please refer to the software and the software links and your
own distribution for the documention for other ways of installing. My 2nd
edition(outdated) has instructions for Mandriva, general RPM and tarball compiling.
7
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
To follow the rest of this howto, you need to ensure all your packages have been installed
with the same modules, E.g MySQL lookup on postfix and sasl, php in apache etc.
I have set up mail servers using the 32bit and 64bit x86 platforms, however if all the
packages are available then other, E.g. Mac platforms should work too.
Return to top.
Base
Upon installing Ubuntu you have a choice of which base system to install.
The default, ie the one chosen when you just hit enter when promted right at the start, is
the basic desktop flavour.
Another useful one is the server base. It only includes the absolute minimum of packages,
so is quite usefull if you are only to use it remotely. Since Breezy it also available as a
smaller iso download, or by using the normal cd by hitting F1 instead of enter and writing
server on the prompt.
This howto have been used with both bases, the server base will need some more
dependancy packages thats all.
Return to top.
Repositories
When the base system is up and running you need to check your package repositories, ie
where the system retrieves new software.
The install procedure usually leaves you with a /etc/apt/sources.list that includes the cd and
the main and restricted and updates repositories.
That is fine for the absolute core packages involved in this mail server, however a full
install requires the universal, and you might as well also include the multiverse and
backports as well.
You will have to find a repository mirror close to your location from the archives, replace
mine gb.archive.ubuntu.com with your choice.
#deb cdrom:[Ubuntu 6.06 _Dapper Drake_ - Release i386 (20060601)]/ dapper main restricted
deb http://gb.archive.ubuntu.com/ubuntu dapper main restricted multiverse universe deb-src
http://gb.archive.ubuntu.com/ubuntu dapper main restricted multiverse universe deb
http://gb.archive.ubuntu.com/ubuntu dapper-updates main restricted multiverse universe deb-src
http://gb.archive.ubuntu.com/ubuntu dapper-updates main restricted multiverse universe deb
8
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
Packages
Here is a list of packages needed, and what they provide. Some are required by several of
the software, some might not be needed if you are not fully following this howto. Please
note the extended section require further packages.
OS
• shorewall
• openssh-client
• openssh-server
Ive included the Shorewall firewall. A firewall is not required, but recommended.
Obviously you can use another firewall, but Ill assume you have chosen Shorewall. A SSH
server is not required either, but essential if you need to administer or test the server
remotely.
MySQL
• mysql-common
• mysql-client
• mysql-server
• libmysqlclient12
TLS
• openssl
SASL
• libsasl2
• libsasl2-modules
• libsasl2-modules-sql
• libauthen-sasl-cyrus-perl
• libauthen-sasl-perl
• libgsasl7
9
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
The SASL packages have changed for Breezy. Im investigating the differences. The *
packages I have from hoary repositories.
Postfix
• postfix
• postfix-tls
• postfix-mysql
postfix-tls is as of breezy part of the postfix package, however if you are not using breezy
then you must install postfix with included tls features.
Courier-IMAP
• courier-base
• courier-authdaemon
• courier-authmysql
• courier-imap
• courier-imap-ssl
• courier-ssl
If you require pop access then you'd want to install the pop packages as well.
amavis-new
• amavisd-new
Spam Assassin
• spamassassin
• spamc
ClamAV
• clamav-base
• libclamav1
• clamav-daemon
• clamav-freshclam
Postgrey
• postgrey
There is also a postfix-gld however I am using the postgrey one till I fully tested the other.
SquirrelMail
10
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
• squirrelmail
• squirrelmail-locales
• apache2
• libapache2-mod-php4
• php4-mysql
• php4-pear
• php4-cli
SquirrelMail webmail require a working apache web server, with php with mysql support.
Note these web packages uses PHP4.
phpMyAdmin
• phpmyadmin
Procedure
Now you might not want to install all the packages in one go, perhaps better to group them
by each software or a few together.
If you want to find additional packages, you can do a quick command line search for
packages, by useing this command:
Please note you should run most of these commands via sudo. I just havent prepended all
the commands with it.
# add -s to do a test run # or -d if you just want to download the packages and do the install later
apt-get install package-name, another-package-name, etc
Postfix will ask you what type of server to create. I just say "Internet Site" as we will be
changing most configs anyway. It will also ask for the fully qualified name of your server.
The clamav installation may ask whether to create directories etc. Courier will ask to
11
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
install web admin, which I dont't need, and that it will install TLS encryption which is
good.
Many of the packages also require further dependant packages. So the final package list is
quite large.
Return to top.
Configure
Now everything is installed it is time to configure each of the core applications used.
• OS (Ubuntu)
• MTA (Postfix)
• Database (MySQL)
• IMAP (Courier)
• Content Checks (amavisd-new)
o Anti Virus (ClamAV)
o Anti Spam (SpamAssassin)
• Policy (Postgrey)
• Authentication (SASL)
• Encryption (TLS)
• Webmail (SquirrelMail)
• Admin (phpMyAdmin)
• DNS
OS: Ubuntu
The most important setting, security wise, is to configure the firewall. This off course varies
between firewalls, your usage. Shorewall main config files in /etc/shorewall that we are
concerned with, are interfaces, hosts, zones, policy and rules.
#zone display comment loc Local Local network net Net Tinternet
loc eth0:192.168.0.0/24
fw loc ACCEPT fw net ACCEPT loc all DROP info net all DROP info all all REJECT info
12
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
AllowPing loc fw AllowSSH loc fw #AllowSMTP loc fw #ACCEPT loc fw tcp 465,587 -
#AllowIMAP loc fw #AllowPing net fw #AllowSSH loc fw #AllowSMTP net fw #ACCEPT net
fw tcp 465,587 - #AllowIMAP net fw
SMTP access from everywhere is commented out, untill we are confident everything is
working and secure. Also commented out for now is IMAP and TLS SMTP traffic untill we
need it. You might enable SSH from the tinternet if you want.
MTA: Postfix
Postfix resides in /etc/postfix. Postfix is by default set up in a chroot jail. This is a security
procedure and is very good feature.
However when setting up the server the chroot may be a problem, so keep it in mind if
someting don't work. In master.cf there is a column which decides which modules are run
within the jail restrictions. Hopefully you don't have to change these settings.
In main.cf you define how Postfix shall operate. Each distribution have different defaults
for these settings, however most are similar, so you should not need to worry, but be aware
of it. These default are defined in the postfix installation folder, which probably is
somewhere in /usr. Most distributions also set up some suggested defaults in the main.cf.
Edit this file, note the suggestions and then comment them out.
First set your server name, this must match what you put in your domains DNS MX
records.
myhostname = server.yourdomain.com
Then decide what the greeting text will be. Enough info so it is usefull, but not divelge
everything to potential hackers.
Next you need to decide whether to send all outgoing mail via another SMTP server, or
send them yourself. I send via my ISP's server, so it has to worry about the queing etc. If
you send it yourself then you are not reliant on 3rd party server. But you may risk more
13
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
exposure and accidentally be blocked by spam blockers. And it is more work for your
server. Also many servers block dynamic dns hosts, so you may find your server gets
rejected. However choose whichever you are confortable with.
Next is network details. You will accept connection from anywhere, and you only trust this
machine
Next you can masquerade some outgoing addresses. Say your machine's name is
"mail.domain.com". You may not want outgoing mail to come from
username@mail.domain.com, as you'd prefer username@domain.com. You can also state
which domain not to masquerade. E.g. if you use a dynamic dns service, then your server
address will be a subdomain. You can also specify which users not to masquerade.
local_recipient_maps = mydestination =
Now we can specify some restrictions. Be carefull that each setting is on one line only.
14
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
In my client restrictions I specify some spam detection servers. These are call RBL: Real-
time blackhole list. They check if the connecting server is a known open relay used by
spammers. Some argue these should not be used in the postfix configuration, as there are
some false positives. And SpamAssassin uses rbl checking, but as part of its scoring system,
so it is not all black and white. I added som warn_if_reject parameters. They basically dont
reject the email but warm if they would normally have. Which makes it a nice way to test
features.
Further restrictions:
# require proper helo at connections smtpd_helo_required = yes # waste spammers time before
rejecting them smtpd_delay_reject = yes disable_vrfy_command = yes
Next we need to set some maps and lookups for the virtual domains.
# not sure of the difference of the next two # but they are needed for local aliasing alias_maps =
hash:/etc/postfix/aliases alias_database = hash:/etc/postfix/aliases # this specifies where the
virtual mailbox folders will be located virtual_mailbox_base = /var/spool/mail/virtual # this is for
the mailbox location for each user virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
# and their user id virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf # and group id
virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf # and this is for aliases virtual_alias_maps =
mysql:/etc/postfix/mysql_alias.cf # and this is for domain lookups virtual_mailbox_domains =
mysql:/etc/postfix/mysql_domains.cf # this is how to connect to the domains (all virtual, but the
option is there) # not used yet # transport_maps = mysql:/etc/postfix/mysql_transport.cf
You need to set up an alias file. This is only used locally, and not by your own mail domains.
cp /etc/aliases /etc/postfix/aliases # may want to view the file to check if ok. # especially that the
final alias, eg root goes # to a real person postalias /etc/postfix/aliases
Next you need to set up the folder where the virtual mail will be stored. This may have
already been done by the apt-get. And also create the user whom will own the folders.
# to add if there is not a virtual user mkdir /var/spool/mail/virtual groupadd virtual -g 5000
useradd virtual -u 5000 -g 5000 chown -R virtual:virtual /var/spool/mail/virtual # to modify if a
virtual user is already set groupmod -g 5000 virtual usermod -g virtual -u 5000 virtual chown -R
virtual:virtual /var/spool/mail/virtual
Next we need to set up the files to access the lookups via the database. We will only set up a
few now, and the rest later when/if needed:
Edit(create) /etc/postfix/mysql_mailbox.cf
15
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
Edit /etc/postfix/mysql_uid.cf
Edit /etc/postfix/mysql_gid.cf
Edit /etc/postfix/mysql_alias.cf
Edit /etc/postfix/mysql_domains.cf
As you can see the 3 first are very similar, only the select_field changes. If you specify an ip
in hosts, (as opposed to 'localhost') then it will communicate over tcp and not the mysql
socket. (chroot restriction)
Return to top.
Database: MySQL
First you need to create a user to use in MySQL. Then you need to create the database. And
unless you already have done this, make sure you have set a password for the root user!
# If not already done... mysqladmin -u root password new_password # log in as root mysql -u
root -p # then enter password for the root account when prompted Enter password: # then we
create the mail database create database maildb; # then we create a new user: "mail" GRANT
SELECT,INSERT,UPDATE,DELETE,CREATE,DROP ON maildb.* TO 'mail'@'localhost'
IDENTIFIED by 'apassword'; GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
ON maildb.* TO 'mail'@'%' IDENTIFIED by 'apassword'; exit;
• aliases
16
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
• domains
• users
We will create more later on for further extensions, but only these are relevant now.
# log in to mysql as the new mail user mysql -u mail -p maildb # enter the newly created
password Enter password: #then run this commands to create the tables; CREATE TABLE
`aliases` ( `pkid` smallint(3) NOT NULL auto_increment, `mail` varchar(120) NOT NULL
default '', `destination` varchar(120) NOT NULL default '', `enabled` tinyint(1) NOT NULL
default '1', PRIMARY KEY (`pkid`), UNIQUE KEY `mail` (`mail`) ) ; CREATE TABLE
`domains` ( `pkid` smallint(6) NOT NULL auto_increment, `domain` varchar(120) NOT NULL
default '', `transport` varchar(120) NOT NULL default 'virtual:', `enabled` tinyint(1) NOT NULL
default '1', PRIMARY KEY (`pkid`) ) ; CREATE TABLE `users` ( `id` varchar(128) NOT NULL
default '', `name` varchar(128) NOT NULL default '', `uid` smallint(5) unsigned NOT NULL
default '5000', `gid` smallint(5) unsigned NOT NULL default '5000', `home` varchar(255) NOT
NULL default '/var/spool/mail/virtual', `maildir` varchar(255) NOT NULL default 'blah/',
`enabled` tinyint(3) unsigned NOT NULL default '1', `change_password` tinyint(3) unsigned
NOT NULL default '1', `clear` varchar(128) NOT NULL default 'ChangeMe', `crypt`
varchar(128) NOT NULL default 'sdtrusfX0Jj66', `quota` varchar(255) NOT NULL default '',
`procmailrc` varchar(128) NOT NULL default '', `spamassassinrc` varchar(128) NOT NULL
default '', PRIMARY KEY (`id`), UNIQUE KEY `id` (`id`) ) ;
The last few fields are not required, but usefull if you extend later.
Next is to edit the my.cnf file. In Ubuntu/debian this is created by default. In Mandrake I
had to manually create a blank one in /etc. In ubuntu edit /etc/mysql/my.cnf
## In Hoary you needed to comment out this line #skip-networking ## however in breezy this
has changed to bind-address = 127.0.0.1 ## which is fine ## Make sure this is set log =
/var/log/mysql/mysql.log ## Then in a few weeks comment it out ## when everything is
working, as it slows mysql down
By this you have enable net access to MySQL, but you still control whom connects to it with
your firewall and user settings in MySQL. You may be able to just connect straight to the
socket which is more secure.
# restart MySQL to make sure # its picking up the new settings. sudo /etc/init.d/mysql restart
Return to top.
authmodulelist="authmysql"
17
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
Edit authmysqlrc and make sure these setting lines are set correctly. Empty spaces at the
end of lines are a common mistake.
Edit imapd
# set how many connections to use per person. Easy to underestimate if you have 6 mailboxes set
up. MAXPERIP=20 # high debug to start with DEBUG_LOGIN=2 IMAPDSTART=YES
Then edit the same in the pop and ssl options, if you are going to use them.
If you have followed these steps properly, you should now have a working mail server. You
can skip down to the data and then test stage to see if your server works as intended. It is
not secure and is suceptable to spam, so do follow the other steps soon, but it is nice to find
out that it works!
Return to top.
As of dapper release this is now seperated across several config files in /etc/amavis/conf.d. If
you have an old setup, rename /etc/amavis/amavis.conf to eg amavis.conf.disabled Quick edit
is to add your changes to a 50user file within /etc/amavis/conf.d. Thanks to Donald
Goodman for the 50-user tip. More information in the wiki
The important configurations are:
Then in av_scanner section you enable/disable the virus scanners you are going to use. We
will be using ClamAV, so comment out all lines between @av_scanners( and its closing
bracket. Do the same for @av_scanners_backup. Then in @av_scanner uncomment Clam
lines, (maybe lines 1232 to 1235).
18
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
Then you need to check that the $TEMPBASE folder exists and is ownder by the
$daemon_user. The same goes for the virusfolder.
# You may have to do this cd /var/lib/amavis mkdir tmp chown virtual:virtual tmp chown
virtual:virtual virusmails # and maybe this chown -R virtual:virtual /var/run/amavis
The init script for amavis insist on the ownership of these being the "proper" amavis user
and group. As we need it to be the virtual pair, we need to edit the /etc/init.d/amavis script.
(Unless someone has a sweeter, more correct way.)
Edit master.cf in /etc/postfix, The changes I have made from the default master.cf is
modifying two lines then addding three more services. (Please note lines starting with -o
needs to be either tabbed or double spaced as they belong to line above it. )
Anti-Virus: ClamAV
ClamAV do not need a lot of setting up. You need to make sure it is run by the same user as
the amavisd-new. And then you may configure the fresclam option, which makes sure you
have the latest virus definitions.
Edit /etc/clamav/clamd.conf and change the user to the amavisd-new user or the other way
round.
19
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
Edit freshclam.conf
# how frequent per day. default is once an hourwhich is a bit excesive. # once per day should do.
Checks 1
Return to top.
Anti-Spam: Spamassassin
SpamAssassin's default settings were fine, but you can tweak them at
/etc/spamassassin/local.cf and review the defauls at /usr/share/spamassassin/. E.g. you can
in/decrease the levels needed before emails are marked as spam and before rejections.
Once you have a collection of spam and non spam (200+ of each), you can train the Bayes
filter in SpamAssassin with these emails. Review this on the SpamAssassin web site.
If you notice too much spam is being let through, then do more tweaking. If you get too
many false postives, ie real emails marked as spam, loosen the set up slightly. A properly
configured SpamAssassin should catch 97% of all spam. With probably 1 in 1000 false
positives.
The SpamAssassin site has a lot of information on setting it up. It is worth a good read
through. Some usefull tips are automatic learning, cronjobs to learn user marked spam and
ham, etc.
Return to top.
PostGrey
Adding Postgrey to this mail set up is a breeze. Thanks for the emails I got on postgreys
benefits and integration.
20
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
Ubuntu's extended repositories has a postgrey module, which installs the scripts and sets
up a /etc/postgrey whitelist configuration. You can edit these files, but I don't bother. You
may want to any back up mx server you use, if you do.
You can modify the default time before a server can try again. The default is 300 seconds, ie
5 minutes. I have mine set to 1 minute. Edit /etc/default/postgrey
If the postgrey method becomes very popular, perhaps spammers will start to comply with
it. However that will be years untill they do, if ever.
Authentication
Cyrus SASL provide a secure method of authenticating users. This type of authentication is
required by two methods, one is by postfix when sending email and the other is by Courier
when reading emails.
First we wil will deal with postfix. Add these lines to main.cf
# May already exist mkdir /etc/postfix/sasl # Then create the conf file. vi
/etc/postfix/sasl/smtpd.conf pwcheck_method: auxprop auxprop_plugin: sql mech_list: plain
21
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
In Ubuntu all this was preset so the only line I needed to modify / confirm in
/etc/courier/imapd is:
Encryption
SASL is secure authentication, but all the traffic is still in plain text. Enter encryption and
TLS. TLS, an evolution of SSL, encrypts the traffic between the server and your email
client for sending via postfix and reading via courier.
TLS is not client encryption, ie encrypting the content all the way between sender and
recipient. For this type look up GNuPG and S/MIME in extensions.
First you need to create a certificate for postfix and one for courier. In postfix you need to
do this for 3 year certificate:
cd /etc/postfix openssl req -new -outform PEM \ -out postfix.cert -newkey rsa:2048 -nodes
-keyout postfix.key -keyform PEM -days 999 -x509
# these may already be present in your file, # however I usually have to add them # also, this
specific line used to use fifo, it now needs to use unix type tlsmgr unix - - n 300 1 tlsmgr smtps
inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes 587 inet n -
n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
22
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
These ports are required for clients not able to use the STARTTLS option on plain port 25.
Port 465 (the smtps line) is an unofficial workaround, so clients E.g. Novel Evolution, uses
it untill they fix their software to work with STARTTLS.
The debian packages in Ubuntu creates certificate for courier for you. Otherwise do this (in
case server name is not same as machine name):
openssl req -x509 -newkey rsa:1024 -keyout imapd.pem \ -out imapd.pem -nodes -days 999
Then edit /etc/courier/imapd-ssl and make sure this is path to the certificate.
TLS_CERTFILE=/etc/courier/imapd.pem
This will enable secure traffic of emails via your clients and the server. As these are not
signed certificates, some may be prompted to accept license. You could get people to import
your certificates, if only a few is accessing you imap/smtp server, or purchase a signed one
if you have a large number of users, especially if corporate. Outlook is known as stuburn to
accept the certificates.
There are some issues with using SALS and TLS at the same time. Since all the traffic is
encrypted with TLS, then the need for SASL is less when enforcing TLS.
Return to top.
Webmail: SquirrelMail
The squirrel is php module from sourceforge. Once installed in a web root somewhere go to
its parent folder. E.g. /var/www/. In Ubuntu it is installed in /usr/share, so do this first.
ln -s /usr/share/squirrelmail /var/www/squirrelmail
Next thing is to set up a url to access squirrel mail. You can either have it as a subfolder in
an existing web site, or as I prefer as virtual host for itself. Edit wherever your specify
virtual hosts on your system, ( e.g. /etc/httpd/conf/vhosts/ ). In Ubuntu edit this file:
/etc/apache2/sites-available/webmail
ln -s /etc/apache2/sites-available/webmail /etc/apache2/sites-enabled/810-webmail # or as
Florent recommends, use: a2ensite webmail # then activate the changes /etc/init.d/apache2 reload
23
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
The config folder is actually symblinked to /etc/squirrelmail so if you run several instances
of squirrelmail you might want to create copies of it.
config.php overrides the defaults. Do not edit this one either as it is created by the conf.pl
perl script.
/var/www/squirrelmail/config/conf.pl
It is menu driven, and powerfull so be carefull. Also make sure there are no extra spaces
before or after any settings. Chose option 9 from the menu, the database option. Then 1 to
edit the dns for address book.
mysql://username:password@127.0.0.1/database
There is also a global address option if you choose to use it. Press s to save the settings, and
r to return to main menu. Press q to exit.
24
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
Then you need to create these database tables, My previous editions included the
squirrelmail specific tables in the main mail database. However I believe a cleaner setup is
to have seperate squirrel user and database for its settings.
First create a new squirrel database user, or reuse the mail user. See the MySQL section for
user creation details.
Then create a squirrel database or reuse the mail database. Make sure the user created
above has usage access to this database. Again refer to the MySQL section.
mysql -u username -p database # Then enter the password CREATE TABLE `address` ( `owner`
varchar(128) NOT NULL default '', `nickname` varchar(16) NOT NULL default '', `firstname`
varchar(128) NOT NULL default '', `lastname` varchar(128) NOT NULL default '', `email`
varchar(128) NOT NULL default '', `label` varchar(255) default NULL, PRIMARY KEY
(`owner`,`nickname`), KEY `firstname` (`firstname`,`lastname`) ) ; CREATE TABLE `userprefs`
( `user` varchar(128) NOT NULL default '', `prefkey` varchar(50) NOT NULL default '',
`prefval` varchar(255) default NULL, `modified` timestamp(14) NOT NULL, PRIMARY KEY
(`user`,`prefkey`) ) ; CREATE TABLE `global_abook` ( `owner` varchar(128) NOT NULL
default '', `nickname` varchar(16) NOT NULL default '', `firstname` varchar(128) NOT NULL
default '', `lastname` varchar(128) NOT NULL default '', `email` varchar(128) NOT NULL
default '', `label` varchar(255) default NULL, PRIMARY KEY (`owner`,`nickname`), KEY
`firstname` (`firstname`,`lastname`) );
Right then, as the squirrelmail suggested, you can try of this works later on by going to
http://your-squirrelmail-location/src/configtest.php ( Please note you may not have any
data or mail to test it with yet. so perhaps wait till test section. )
Return to top.
phpMyAdmin
# cd into web root where phpMyAdmin is installed, e.g. /var/www # Again in Ubuntu a soft link
is needed to /usr/share # this time however the apt-get has done it for you. (check though) # If the
folder contains the version in its name. # do this for ease of access and if later upgrading ln -s
phpMyAdmin1.6.2 phpMyAdmin
First of all once you have installed phpMyAdmin is the create a .htaccess file in its folder.
Otherwise every Tom, Dick and Harry can mess your system up.
25
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
# either reuse an old .htpasswd file # or as below , create one when you add the first user
htpasswd2 -c /path/to/htpasswd/file/outside/www/.htpasswd ausername # then enter desired
passwd
Next you need to either create a .htaccess file or modify one, as Ubuntu comes with one
included. I add these settings to my apache virtual host config file, but that is not
neccessary. Make sure the apache config for this host has AllowOverrid All in its settings.
Add these to /path/to/phpmyadmin/.htaccess. You may need to comment out some existing
settings as well, but see which causes errors.
AuthType Basic AuthName "A Bit Hush and all that" AuthUserFile
"/path/to/htpasswd/file/outside/www/.htpasswd" require valid-user
DNS
For a mail server to be used, people/machines will have to know how and where to connect
to deliver mail for your domains.
You need to edit the MX records of your domains DNS. Whether you run your owm DNS
server, or use a free DNS service. they mostly act the same, even though some has been
fluffed up with a nice GUI.
domain.tld IN MX 10 your.mailserver.name.tld
Return to top.
Data
• Add users and domains
• Common SQL
So we got a fully set up mail server... Well no, there is no users, domains, no nothing!
26
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
Okay, first you need add some default data, some which are required, some which make
sense.
# Use phpMyAdmin or command line mysql INSERT INTO domains (domain) VALUES
('localhost'), ('localhost.localdomain');
Then some default aliases. Some people say these are not needed, but I'd include them.
Now lets add some proper data. Say you want this machine to handle data for the fictional
domains of "blobber.org", "whopper.nu" and "lala.com". Then say this machine's name is
"mail.blobber.org". You also have two users called "Xandros" and "Vivita". You want all
mail for whooper to go to xandros. There is also a "Karl" user, but he does want all mail
forwarded to an external account.
So what does each of these lines do? Well the domains are pretty straight forward. The
users are as well, it requires four fields. ID is the email address of the user, and also its
username when loggin in, described later on. NAME is optional description of the user.
MAILDIR is the name of the folder inside /var/spool/mail/virtual. It must end in a /,
otherwise it wont be used as a unix maildir format. CLEAR is the clear text password to
use.
27
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
The alises are the interesting part. Lets start from a top down view. Say an email arrives
addressed to "john@whopper.nu". Postfix looks up aliases and searches for a row where
the mail field matches "john@whopper.nu". None does so it next searches for
"@whopper.nu", which is the way to specify catch all others for that domain. It finds one
row and its destination is "xandros@blobber.org". It then searches for
"xandros@blobber.org" and finds one, which destination is the same as the mail, therefor
it is the final destination. It then tries to deliver this mail. The look up says blobber.org is a
local mail so it looks up users for a matching id and delivers it to its maildir.
Lets try "julian.whippit@lala.com". First lookup does not find this user, but the next finds
the catchall "@lala.com". But its destination is another catchall, "@blobber.org". This
means Postfix will look for "julian.whippit@blobber.org". This address is not found either,
nor is a catchall for blobber.org. Therefor this address is not valid and the message will be
bounced.
I also added the required aliases of postmaster and abuse to blobber.org and whopper.nu.
The catchall for lala.com means they are not required for that domain. You can add them
though if you do not want xandros to get the admin emails. Another usefull alias to add is
root, as often you get admin mail from e.g cron jobs within those domains etc. Other often
used aliases are info, sysadmin, support, sales, webmaster, mail, contact and all. But they
are also honeypots for spam, so just include the ones you think you will need.
Common SQL
A selection of useful sql statements, if you are not using an admin/manager program to
maintain your email domains and users.
#Remember some might be disabled SELECT dom.domain FROM domains dom LEFT JOIN
aliases al ON CONCAT( '@', dom.domain ) = al.mail WHERE al.mail is null OR al.enabled = 0
ORDER BY dom.domain ASC
Test
This is a small and simple section, but this will be the one you spend the longest on!
There will be spelling errors(by you and me), difference in setups, external factors etc, so
this server is guaranteed not to work first time. Great eh?
But don't worry, we can quickly track down which section is at fault, and solve the issues
one by one.
I hope you blocked external acces to your SMTP port (25) in your firewall setting.
Otherwise you might have become an open relay for spammers. (Okay unlikely unless you
have been running exposed for a few weeks). You will have to unblock it soon, but not yet.
Lets first be 100% sure the system works, so only local access to SMTP should be allowed
for now.
We will test each section bit by bit to black box certify each bit. First test that postfix
delivery works (by exluding content checks and ignoring courier). We will check if it can
connect to MySQL for its lookups, if maildir are created and if it can send messages. Then
we'll re-enable content checks to see if they work. Then we start testing courier, see if it can
access MySQL and if it shows the right mailboxes.
29
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
The easiest way to do the testing is with telnet. Turn on full debuggon, tail a few logs a lets
get started.
#content_filter = amavis:[127.0.0.1]:10024
Then we'll tail the mysql and postfix logs. (Paths might differ). It helps being in X windows,
or ssh in from another machine, if no X server. Or just using different sessions (ctrl+alt+f1-
6), as we will be tailling and editing in many sessions at once.
First we will telnet in and try and send a message to a local user.
# Lets try and send a message to xandros@lala.com # (replace with your own user in this setup,
or use postmaster@localhost) telnet localhost 25 # reponse back: > > > # then open the hand
shake with ehlo and the server name you are connecting from... EHLO mail.domain.tld > > > #
then say who is the sender of this email MAIL FROM: <your@address.com> > 250 Ok # then
say who the mail is for RCPT TO: <xandros@lala.com> > 250 Ok data > 354 End data with
<CR><LF>.<CR><LF></LF></CR></LF></CR> # enter message bodyand end with a line with
only a full stop. blah blah blah more blah . > 250 Ok; queued as QWKJDKASAS # end the
connection with quit > 221 BYE
The postfix log should then start showing up what is happening. If something happens in
the mysql log, it means that connection if working.
30
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
You must use a valid domain name and address when connecting via telnet.
When all these test are working fine, re-enable the content checks and try them all the tests
again. This time you might have to tail the syslog as well. Possible problems can be:
Make sure its the same user which runs amavisd-new and ClamAV.
Again tail the maillog, syslog and mysql log. Turn on DEBULEVEL in /etc/courier/imap to
2.
31
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
debug_peer_list = 127.0.0.1
Now if all okay internally, then you need to edit the firewall rules and re-enable smtp access
from the net. Test from an external server if you have ssh access. Proper telnet testing will
let you know quickly if something is wrong. When that process works okay, it is time to test
with proper emails. Either use an external webmail service, e.g. gmail, or forward via
external mail forwarding services.
Doing a full reboot to test if everything comes up as desired is probably a good idea as well.
Congratulations, you have a working mail server! Now send me a note to let me know
about it.
Return to top.
Test
New test section in development, please use other.
• Start
• Firewall (Shorewall)
• Database (MySQL)
• Plain MTA (Postfix)
• IMAP (Courier)
• Policy (Postgrey)
• Content Checks (Amavisd-new)
• Authentication (SASL)
• Encryption (TLS)
• WebMail (SquirrelMail)
• Common Problems
Start
Testing eh, it is virtually guaranteed no project works on the first go. But we need to box it
off and find out if each section works one by one.
So first we stop everything, to then bring it up one by one as each test passes.
In theory nothing should be running, but some of the install packages might be started
automatically.
32
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
ps aux | more
Return to top.
Firewall (Shorewall)
If you setup the firewall as I advised in the configure chapter, then your box is pretty
blocked off from the outside. If not then you might have been an open relay for spammers,
but hopefully not.
Now we need to open up access the local network so you can test locally and remotely.
However it is not ready for net access yet.
# uncomment these lines AllowPing loc fw AllowSMTP loc fw ACCEPT loc fw tcp 465,587 -
AllowIMAP loc fw AllowWeb loc fw
shorewall restart
Return to top.
Database (MySQL)
However as we go through the other sections, it is very usefull to tail the mysql query log
file throught all the tests. This is an easy way to see if each application has its database
settins configured correctly.
The full configured Postfix is overstuffed with features. We need to disable all this to test
the basics.
You should are already tailing the mysql log in one window, but now we need to tail the
mail log file as well.
33
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
tail -f /var/log/mail.log
Basically we are reversing to the postfix config from the config section before we added the
content checks, encryption etc.
I am not modifying /etc/postfix/master.cf, however you can comment out the lines we added
in there as well.
However in main.cf:
## comment out this line # content_filter = amavis:[127.0.0.1]:10024 ## then replace these lines
#smtpd_helo_restrictions = permit_mynetworks, # warn_if_reject reject_non_fqdn_hostname,
reject_invalid_hostname, permit #smtpd_sender_restrictions = permit_sasl_authenticated,
permit_mynetworks, # reject_non_fqdn_sender, reject_unknown_sender_domain, #
reject_unauth_pipelining, permit #smtpd_client_restrictions = reject_rbl_client
sbl.spamhaus.org, # reject_rbl_client relays.ordb.org, reject_rbl_client blackholes.easynet.nl, #
reject_rbl_client dnsbl.njabl.org #smtpd_recipient_restrictions = reject_unauth_pipelining, #
permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, #
reject_unknown_recipient_domain, reject_unauth_destination, # check_policy_service
inet:127.0.0.1:60000, permit ## with these smtpd_helo_restrictions = permit_mynetworks,
warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender,
reject_unknown_sender_domain, reject_unauth_pipelining, permit smtpd_client_restrictions =
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks,
reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit
## comment out these lines #broken_sasl_auth_clients = yes #smtpd_sasl_auth_enable = yes
#smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2 #smtpd_sasl_security_options = noanonymous
#smtpd_sasl_local_domain = #smtp_use_tls = yes #smtp_tls_cert_file = /etc/postfix/postfix.cert
#smtp_tls_key_file = /etc/postfix/postfix.key #smtpd_use_tls = yes #smtpd_tls_cert_file =
/etc/postfix/postfix.cert #smtpd_tls_key_file = /etc/postfix/postfix.key #smtpd_data_restrictions
= reject_unauth_pipelining
Return to top.
IMAP (Courier)
Return to top.
Policy (PostGrey)
Return to top.
Authentication (SASL)
34
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
Return to top.
Encryption (TLS)
Return to top.
Webmail (SquirrelMail)
Return to top.
Common Problems
Return to top.
Return to top.
Extend
By now you should have a fully working system. No point extending and complicating it
untill then. What next? There are many ways to extend the server, to create your own
powerfull customized version.
Some of these sections can be brief as they are not core to this howto.
Normally if someone sends an email destined for you, their server will try and connect to
your server. If it can't reach your server for whatever reason ( it is down, dns issues, there
is network problems, or just too busy ), the other server will back off and try again in a bit.
35
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
How many and for how long it will try again is determined by the sending server. Some of
them are not very patience, and it will report undelivered after only a few attempts. So you
would have lost that email.
If you had specified a backup MX, this email may not have been lost. Upon first failure to
connect to your server, the sender would see if there is any alternative server to send to. So
it connects to your backup mx server. This server spools and queues your message and will
try at intervals to send the message to you. It too will though eventually give up.
What is the difference? Simple, you (or whoever controls the backup mx ) is in control how
long and often to try connecting to your machine. So if you have a reasonable values and
your server is not down for weeks, no mail is lost.
How to implement it? First edit the DNS records again, and add a backup mx with a higher
value.
Now presuming the other backup mx is a postfix server identical to this, or you are
backuing up someone else's server; Go into mysql and create this tables:
Then still on the backup server, edit main.cf and add these:
You may choose to have this as the last line in the file, as you may use small cron jobs to
modify this ip address, if you don't have a permanent static address. It should contain your
IP addres, hence if you do not have a very static IP address, that you need to automatic
editing if the postfix file.
proxy_interfaces = 1.2.3.4
36
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
You noticed I added a transport lookup. This is a field in both the domain and the backup
tables. In domains it is used to determine how to deliver the email, ie either virtual (correct)
or local (not used in this howto). When backing up servers, your also need to specify in the
transport field how to connect to the correct servers.
Say you are backiup for a friends server, mail.friend.com, for the domains of friend1.com
and friend2.com. So you should insert this into your backup table.
The :[] tells to connect directly to this server, not doing any more look ups for valid MX
servers.
This shouls now work fine. Further tweaking of the queue values, review these and modify
as appropiate. Shorter warning times are good for the sender, so that they realise the email
has not arrived yet, but may also be annoying. Tradeoffs.. Look in the first main.cf
configurations for ways to do so.
Return to top.
Here is rough backup script to backup your configurations and mail folders. You may want
to backup the folders seperatly as they can quickly grow to GBs. Adding this to a cronjob
automates this process. Be aware that you should stop postfix and courier while backing up
the mail folders. And that if they have grown large, that this may take some time.
You may combine a full backup with a intermediate update of what has changed recently
only.
37
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
todo
Further security features is using Microsoft's Sender ID or Pobox's SPF. I'd use SPF as
there is much argument over Sender ID.
spf.pobox.com/
www.microsoft.com/mscorp/safety/technologies/senderid/
While SPF should limit who can send mail on behalf of your domains, ( so basically less
spoofed spam addresses ), I do have some technical issues with SPF as the design of it is a
bit iffy. That is because of the limitation of DNS and that it has to fit inside the limited
TEXT part. No nice XML config file....
While Microsoft is not always entirely evil, as sometimes they do nice things and make
some usefull software, I would prefer not to be locked into their Sender ID technology.
Return to top.
Spam reporting
todo
Reporting spam to Pyzor, Razor and SpamCop, for collaboration in spam fighting.
http://pyzor.sourceforge.net/
http://razor.sourceforge.net/
Return to top.
White/Black Lists
todo
You can implement white and black lists to explicitly allow or block domains and users.
You have already visited the option of a blackhole list of known open relays in the postfix
configuration.
You can implement further lists inside Postfix or SpamAssassin. Amavisd-new already has
a few well known white/black listed items in its config files. SpamAssissin also as a feture to
automaticly learn white lists.
Return to top.
38
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
This is not implemented on the postfix server side, as this totally a client side option.
However SquirrelMail has a GnuPG option. It is a plugin that can be downloaded from
their website. Which can then be enabled via SquirrelMail's config script.
# check you have not already got a key gpg --list-keys # then create one gpg --gen-key
To import GnuPG into Evolution; in your settings/preferences edit your account settings
and add you private key under the security tab. The private key is found via listing the
GnuPG keys as above, then it is the 8 characters after the "sub 1024g/" bit of you key.
S/MIME is another way to encrypt and/or sign messages. You can create you own
certificate or use known organizations like Thawte. (Thawte was originally set up by the
Ubuntu founder)
Return to top.
Relocation notice
If people change addresses, a bounced message stating so if people send email to the old
address is quite usefull. To implement this in postfix, frst create a lookup table in the
database.
relocated_maps = mysql:/etc/postfix/mysql_relocated.cf
39
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
If anyone sends an email to pete@domain.com, they will get a message back stating he has
changed address to pete.jones@another.org.
Return to top.
Pop-before-SMTP
If SASL didn't work, or you are using clients which dont support it, the Pop-Before-SMTP
is an easy way around that issue, so that people externally can still securly send mail via
your server.
Admin software
todo
Trying out a few admin software might make you life easier, if phpMyAdmin gets to crude.
Quick search
Auto Reply
todo
Postfix have now features to auto reply to an email, while still delivering it to its alias.
Return to top.
Block Addresses
If you use catch alls, which are usefull for some domains, then eventually some addresses
will be target for spam. You can then either stop the catch all, or stop indivdual addresses.
check_recipient_access mysql:/etc/postfix/mysql_block_recip.cf,
40
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
Beware of the order is important here, if any options says ok before check_recipient_access
it will ignore it.
Next create mysql_block_recip.cf to lookup addresses. Either create a another table, or add
a blocked field to aliases table.
Return to top.
Throttle Output
todo
For some users with restrictions on bandwidth, you may wish to control how much mail is
sendt out. Postfix has long refused to implement these features, out of ideolocial beliefs that
mail servers should not be restricted. However there are some ways around this. More to
come later.
Return to top.
Mail Lists
Rich Brown has written a howto on adding Mailman, a mail list program, to my howto.
Click here to read it.
Do note it is not part of my howto, so do not contact me regarding it. And although I think
it is fine, I can't guarantee it will work.
If you do need assistance or need to talk about it, contact Rich via his howto or use the
forums for this howto.
If you want a simple mailling list, it can be implemented by simply seperating aliases in the
destination field in the aliases table with a comma.
Suggestions?
If you have any suggestions to other ways of extending a postfix server, then fire off a mail
to me via the contact form further down.
Return to top.
41
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
Appendix
• References
• Software Links
• Difference between Ubuntu versions
• Download
• Contact
• Todo
• Change Log
References
• Postfix howtos
• Kyle's book
• John Locke on TechRepublic
• Hildebrandt's book
• Hildebrandt's website
• List-Petersen
• Genco Yilmaz
• Christop Haas
• Nenzel & Peet
• Peters
• Matthews
• Stepanov
• Andy "Besy"
• Meta Consultancy
Return to top.
Software Links
• MTA
o Postfix
Main website
o QMail
o MS Exchange
o Courier-MTA
Main Website
o Exim
o Sendmail
42
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
• Pop/IMAP
o Courier IMAP
Main Website
o Cyrus IMAP
• Content Checking
o amavisd-new
Main website
o amavis
Main website
o ClamAV
Main website
Windows version
o SpamAssassin
Main website
Milter Plugin
Vipul's Razor
• Lookups
o MySQL
Main Website
o Firebird
Main website
IBPhoenix
o LDAP
Open LDAP
o Postgres
• Crypthography
o SASL
o TLS
o PGP
GnuPG
OpenPGP
PGP
Return to top.
Here are the differences for this howto if you are using Ubuntu 5.04, 5.10 or 6.04. (Hoary,
Breezy or Dapper)
This edition is based on Hoary while in development, however will be based on Breezy
when finished.
The repositories used are hoary and not breezy. Version has changed, otherwise the same.
Downloads
Here is a list of config files to assist you and some batch shell scripts to try and do the
install steps for you.
Please note, they are not guaranteed to work. You should review them to make sure they
will work for you, and that I am not doing something bad, or misspelt or forgot something,
and so that you understand how they work.
Return to top.
Contact
If you problems, questions, comments regarding this howto, postfix or mail servers in
general use either one of these forum threads:
• Dapper
• Breezy
• Hoary
44
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
If you have written extensions or can recommend links then I would like to hear from you.
I also do like to hear from people who are happy with this howto. Please then use the form
below.
It is nice to hear from people, however I only check that mailbox once a month, if that,
so please dont't expect a reply, especially not a very quick reply.
If you really felt this howto was usefull, then here is my wish list:
wishlist.sf.net/users/flurdy/.
Or use the Paypal donation button in the introduction.
Please note this document is free, as in beer and speech, using an open source license, and I
am not expecting many, if any, donations.
Form removed due to too much spam, and people ignoring my request to ask question in the
forum and not by mail.
It may be reinstated once I've implemented a better form spam catcher.
Use this form if you have to, but questions will still be ignored... :)
Return to top.
Todo
Task that needs to be done for this howto. And what state they are at.
Outstanding
• High: find out if/why catchalls are sometimes not resolved untill after content checks. which is too
late as cant reject non existant users.
• Med: Split install and extend sections into: core, extended and further, by moving webmail to
extended and half from extended into further.
45
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
Started
Partly done
Nearly done
Done recently
Return to top.
Change Log
• 2006-06-17
• 2006-06-07
46
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *
How to set up a mail server in Ubuntu 2008
• 2006-06-05
• 2006-06-01
• 2006-05-25
• 2004-02
Started edition 1
Return to top.
Plans
more links to admin programs
may include my mail web app
may include more quota details
may include simple setup script
weed out breezy references
to wiki it or not.
flurdy
47
• By CyBerNe7 * Visit WwW.cyberfun.ro * thank you *