Asterisk Voip

How to set up a mail server on a GNU / Linux system (part 2)



Now let’s configure Courier.
I like to provide both IMAP and POP3 support, although personally I only use IMAP. In addition, we’ll be provide SSL support for securing authentication requests.
mv /etc/courier/authdaemonrc{,.default}
vi /etc/courier/authdaemonrc
Copy/paste the following (no changes required):
authmodulelist="authmysql"
authmodulelistorig="authuserdb authpam authpgsql authldap authmysql authcustom authpipe"
daemons=5
authdaemonvar=/var/run/courier/authdaemon
DEBUG_LOGIN=0
DEFAULTOPTIONS=""
LOGGEROPTS=""
mv /etc/courier/authmysqlrc{,.default}
vi /etc/courier/authmysqlrc
Copy/paste the following (change mailuserpassword):
MYSQL_SERVER localhost
MYSQL_USERNAME mail
MYSQL_PASSWORD mailuserpassword
MYSQL_PORT 0
MYSQL_DATABASE mail
MYSQL_USER_TABLE user
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD 5000
MYSQL_GID_FIELD 5000
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD "/var/spool/mail/virtual"
MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
MYSQL_NAME_FIELD name
MYSQL_QUOTA_FIELD quota
mv /etc/courier/imapd{,.default}
vi /etc/courier/imapd
Copy/paste the following (no changes required):
ADDRESS=0
PORT=143
MAXDAEMONS=40
MAXPERIP=20
PIDFILE=/var/run/courier/imapd.pid
TCPDOPTS="-nodnslookup -noidentlookup"
LOGGEROPTS="-name=imapd"
IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT 
THREAD=REFERENCES SORT QUOTA IDLE"
IMAP_KEYWORDS=1
IMAP_ACL=1
IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT 
THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE"
IMAP_PROXY=0
IMAP_PROXY_FOREIGN=0
IMAP_IDLE_TIMEOUT=60
IMAP_MAILBOX_SANITY_CHECK=1
IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"
IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN"
IMAP_DISABLETHREADSORT=0
IMAP_CHECK_ALL_FOLDERS=0
IMAP_OBSOLETE_CLIENT=0
IMAP_UMASK=022
IMAP_ULIMITD=65536
IMAP_USELOCKS=1
IMAP_SHAREDINDEXFILE=/etc/courier/shared/index
IMAP_ENHANCEDIDLE=0
IMAP_TRASHFOLDERNAME=Trash
IMAP_EMPTYTRASH=Trash:7
IMAP_MOVE_EXPUNGE_TO_TRASH=0
SENDMAIL=/usr/sbin/sendmail
HEADERFROM=X-IMAP-Sender
IMAPDSTART=YES
MAILDIRPATH=Maildir
mv /etc/courier/imapd-ssl{,.default}
vi /etc/courier/imapd-ssl
Copy/paste the following (change mail.example.com):
SSLPORT=993
SSLADDRESS=0
SSLPIDFILE=/var/run/courier/imapd-ssl.pid
SSLLOGGEROPTS="-name=imapd-ssl"
IMAPDSSLSTART=YES
IMAPDSTARTTLS=YES
IMAP_TLS_REQUIRED=0
COURIERTLS=/usr/bin/couriertls
TLS_KX_LIST=ALL
TLS_COMPRESSION=ALL
TLS_CERTS=X509
TLS_CERTFILE=/etc/ssl/private/mail.example.com.pem
TLS_TRUSTCERTS=/etc/ssl/certs
TLS_VERIFYPEER=NONE
TLS_CACHEFILE=/var/lib/courier/couriersslcache
TLS_CACHESIZE=524288
MAILDIRPATH=Maildir
mv /etc/courier/pop3d{,.default}
vi /etc/courier/pop3d
Copy/paste the following (no changes required):
PIDFILE=/var/run/courier/pop3d.pid
MAXDAEMONS=40
MAXPERIP=4
POP3AUTH="LOGIN"
POP3AUTH_ORIG="PLAIN LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256"
POP3AUTH_TLS="LOGIN PLAIN"
POP3AUTH_TLS_ORIG="LOGIN PLAIN"
POP3_PROXY=0
PORT=110
ADDRESS=0
TCPDOPTS="-nodnslookup -noidentlookup"
LOGGEROPTS="-name=pop3d"
POP3DSTART=YES
MAILDIRPATH=Maildir
mv /etc/courier/pop3d-ssl{,.default}
vi /etc/courier/pop3d-ssl
Copy/paste the following (change mail.example.com):
SSLPORT=995
SSLADDRESS=0
SSLPIDFILE=/var/run/courier/pop3d-ssl.pid
SSLLOGGEROPTS="-name=pop3d-ssl"
POP3DSSLSTART=YES
POP3_STARTTLS=YES
POP3_TLS_REQUIRED=0
COURIERTLS=/usr/bin/couriertls
TLS_STARTTLS_PROTOCOL=TLS1
TLS_KX_LIST=ALL
TLS_COMPRESSION=ALL
TLS_CERTS=X509
TLS_CERTFILE=/etc/ssl/private/mail.example.com.pem
TLS_TRUSTCERTS=/etc/ssl/certs
TLS_VERIFYPEER=NONE
TLS_CACHEFILE=/var/lib/courier/couriersslcache
TLS_CACHESIZE=524288
MAILDIRPATH=Maildir
We need to create SSL certificates for Courier to use when authenticating using SSL/TLS.
You can either purchase these (to prevent “invalid” certificate warnings) or generate a self-signed certificate
which is just as secure, and free.
Run the following (change mail.example.com):
# Remove default certificates
rm -f /etc/courier/imapd.cnf
rm -f /etc/courier/imapd.pem
rm -f /etc/courier/pop3d.cnf
rm -f /etc/courier/pop3d.pem

# Generate a new PEM certificate (valid for 10 years)
openssl req -x509 -newkey rsa:1024 -keyout "/etc/ssl/private/mail.example.com.pem"
-out "/etc/ssl/private/mail.example.com.pem" -nodes -days 3650

# Generate a new CRT certificate (valid for 10 years)
openssl req -new -outform PEM -out "/etc/ssl/private/mail.example.com.crt"
-newkey rsa:2048 -nodes -keyout "/etc/ssl/private/mail.example.com.key" -keyform PEM -days 3650 -x509

chmod 640 /etc/ssl/private/mail.example.com.*
chgrp ssl-cert /etc/ssl/private/mail.example.com.*
You will be prompted to input some information about the certificates you create.
You can enter any information you want here except Common Name (CN) which must be your mailname (e.g.mail.example.com).
Next we’ll configure Amavis, the software that ties together SpamAssassin and ClamAV with Postfix.
adduser clamav amavis
cat /dev/null > /etc/amavis/conf.d/15-content-filter-mode
vi /etc/amavis/conf.d/15-content-filter-mode
Copy/paste the following (no changes required):
use strict;

@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

1;
cat /dev/null > /etc/amavis/conf.d/50-user
vi /etc/amavis/conf.d/50-user
Copy/paste the following (no changes required):
use strict;

@local_domains_acl = qw(.);
$log_level = 1;
$syslog_priority = 'info';
$sa_kill_level_deflt = 6.5;
$final_spam_destiny = D_DISCARD;
$pax = 'pax';

1;
mv /etc/default/spamassassin{,.default}
vi /etc/default/spamassassin
Copy/paste the following (no changes required):
ENABLED=1
OPTIONS="--create-prefs --max-children 5 --helper-home-dir"
PIDFILE="/var/run/spamd.pid"
CRON=0
dpkg-reconfigure clamav-freshclam
ClamAV configuration wizard
Choose OK
ClamAV configuration wizard
Choose daemon
ClamAV configuration wizard
Choose a mirror closest to you.
ClamAV configuration wizard
Enter your proxy, if required. Usually you will leave this blank.
ClamAV configuration wizard
By default, ClamAV updates every hour. That’s excessive. Bring that down to once a day.
ClamAV configuration wizard
Choose No
Now restart everything.
/etc/init.d/saslauthd restart
/etc/init.d/postfix restart
/etc/init.d/courier-authdaemon restart
/etc/init.d/courier-imap restart
/etc/init.d/courier-imap-ssl restart
That’s it, you’re done!
You can test your setup by configuring your mail client to connect to your new mail server using admin@example.com as your username and the password you chose (“changeme” in the guide).
Errors will usually show up in /var/log/mail.log
For more information regarding the mail database, testing using Telnet,and more information regarding how all these services are stitched together,
please see Flurdy’s guide.




Title Post: How to set up a mail server on a GNU / Linux system (part 2)
Rating:
5/5 5

: We on G+

Thanks for read this post.

Post a Comment

 
Return to top of page Copyright © 2013