Skip to main content

How to set up a mail server on a GNU / Linux system (part 2)

Now let’s configure Courier.
I like to provide both IMAP and POP3 support, although personally I only use IMAP. In addition, we’ll be provide SSL support for securing authentication requests.
mv /etc/courier/authdaemonrc{,.default}
vi /etc/courier/authdaemonrc
Copy/paste the following (no changes required):
authmodulelist="authmysql"
authmodulelistorig="authuserdb authpam authpgsql authldap authmysql authcustom authpipe"
daemons=5
authdaemonvar=/var/run/courier/authdaemon
DEBUG_LOGIN=0
DEFAULTOPTIONS=""
LOGGEROPTS=""
mv /etc/courier/authmysqlrc{,.default}
vi /etc/courier/authmysqlrc
Copy/paste the following (change mailuserpassword):
MYSQL_SERVER localhost
MYSQL_USERNAME mail
MYSQL_PASSWORD mailuserpassword
MYSQL_PORT 0
MYSQL_DATABASE mail
MYSQL_USER_TABLE user
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD 5000
MYSQL_GID_FIELD 5000
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD "/var/spool/mail/virtual"
MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
MYSQL_NAME_FIELD name
MYSQL_QUOTA_FIELD quota
mv /etc/courier/imapd{,.default}
vi /etc/courier/imapd
Copy/paste the following (no changes required):
ADDRESS=0
PORT=143
MAXDAEMONS=40
MAXPERIP=20
PIDFILE=/var/run/courier/imapd.pid
TCPDOPTS="-nodnslookup -noidentlookup"
LOGGEROPTS="-name=imapd"
IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT 
THREAD=REFERENCES SORT QUOTA IDLE"
IMAP_KEYWORDS=1
IMAP_ACL=1
IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT 
THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE"
IMAP_PROXY=0
IMAP_PROXY_FOREIGN=0
IMAP_IDLE_TIMEOUT=60
IMAP_MAILBOX_SANITY_CHECK=1
IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"
IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN"
IMAP_DISABLETHREADSORT=0
IMAP_CHECK_ALL_FOLDERS=0
IMAP_OBSOLETE_CLIENT=0
IMAP_UMASK=022
IMAP_ULIMITD=65536
IMAP_USELOCKS=1
IMAP_SHAREDINDEXFILE=/etc/courier/shared/index
IMAP_ENHANCEDIDLE=0
IMAP_TRASHFOLDERNAME=Trash
IMAP_EMPTYTRASH=Trash:7
IMAP_MOVE_EXPUNGE_TO_TRASH=0
SENDMAIL=/usr/sbin/sendmail
HEADERFROM=X-IMAP-Sender
IMAPDSTART=YES
MAILDIRPATH=Maildir
mv /etc/courier/imapd-ssl{,.default}
vi /etc/courier/imapd-ssl
Copy/paste the following (change mail.example.com):
SSLPORT=993
SSLADDRESS=0
SSLPIDFILE=/var/run/courier/imapd-ssl.pid
SSLLOGGEROPTS="-name=imapd-ssl"
IMAPDSSLSTART=YES
IMAPDSTARTTLS=YES
IMAP_TLS_REQUIRED=0
COURIERTLS=/usr/bin/couriertls
TLS_KX_LIST=ALL
TLS_COMPRESSION=ALL
TLS_CERTS=X509
TLS_CERTFILE=/etc/ssl/private/mail.example.com.pem
TLS_TRUSTCERTS=/etc/ssl/certs
TLS_VERIFYPEER=NONE
TLS_CACHEFILE=/var/lib/courier/couriersslcache
TLS_CACHESIZE=524288
MAILDIRPATH=Maildir
mv /etc/courier/pop3d{,.default}
vi /etc/courier/pop3d
Copy/paste the following (no changes required):
PIDFILE=/var/run/courier/pop3d.pid
MAXDAEMONS=40
MAXPERIP=4
POP3AUTH="LOGIN"
POP3AUTH_ORIG="PLAIN LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256"
POP3AUTH_TLS="LOGIN PLAIN"
POP3AUTH_TLS_ORIG="LOGIN PLAIN"
POP3_PROXY=0
PORT=110
ADDRESS=0
TCPDOPTS="-nodnslookup -noidentlookup"
LOGGEROPTS="-name=pop3d"
POP3DSTART=YES
MAILDIRPATH=Maildir
mv /etc/courier/pop3d-ssl{,.default}
vi /etc/courier/pop3d-ssl
Copy/paste the following (change mail.example.com):
SSLPORT=995
SSLADDRESS=0
SSLPIDFILE=/var/run/courier/pop3d-ssl.pid
SSLLOGGEROPTS="-name=pop3d-ssl"
POP3DSSLSTART=YES
POP3_STARTTLS=YES
POP3_TLS_REQUIRED=0
COURIERTLS=/usr/bin/couriertls
TLS_STARTTLS_PROTOCOL=TLS1
TLS_KX_LIST=ALL
TLS_COMPRESSION=ALL
TLS_CERTS=X509
TLS_CERTFILE=/etc/ssl/private/mail.example.com.pem
TLS_TRUSTCERTS=/etc/ssl/certs
TLS_VERIFYPEER=NONE
TLS_CACHEFILE=/var/lib/courier/couriersslcache
TLS_CACHESIZE=524288
MAILDIRPATH=Maildir
We need to create SSL certificates for Courier to use when authenticating using SSL/TLS.
You can either purchase these (to prevent “invalid” certificate warnings) or generate a self-signed certificate
which is just as secure, and free.
Run the following (change mail.example.com):
# Remove default certificates
rm -f /etc/courier/imapd.cnf
rm -f /etc/courier/imapd.pem
rm -f /etc/courier/pop3d.cnf
rm -f /etc/courier/pop3d.pem

# Generate a new PEM certificate (valid for 10 years)
openssl req -x509 -newkey rsa:1024 -keyout "/etc/ssl/private/mail.example.com.pem"
-out "/etc/ssl/private/mail.example.com.pem" -nodes -days 3650

# Generate a new CRT certificate (valid for 10 years)
openssl req -new -outform PEM -out "/etc/ssl/private/mail.example.com.crt"
-newkey rsa:2048 -nodes -keyout "/etc/ssl/private/mail.example.com.key" -keyform PEM -days 3650 -x509

chmod 640 /etc/ssl/private/mail.example.com.*
chgrp ssl-cert /etc/ssl/private/mail.example.com.*
You will be prompted to input some information about the certificates you create.
You can enter any information you want here except Common Name (CN) which must be your mailname (e.g.mail.example.com).
Next we’ll configure Amavis, the software that ties together SpamAssassin and ClamAV with Postfix.
adduser clamav amavis
cat /dev/null > /etc/amavis/conf.d/15-content-filter-mode
vi /etc/amavis/conf.d/15-content-filter-mode
Copy/paste the following (no changes required):
use strict;

@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

1;
cat /dev/null > /etc/amavis/conf.d/50-user
vi /etc/amavis/conf.d/50-user
Copy/paste the following (no changes required):
use strict;

@local_domains_acl = qw(.);
$log_level = 1;
$syslog_priority = 'info';
$sa_kill_level_deflt = 6.5;
$final_spam_destiny = D_DISCARD;
$pax = 'pax';

1;
mv /etc/default/spamassassin{,.default}
vi /etc/default/spamassassin
Copy/paste the following (no changes required):
ENABLED=1
OPTIONS="--create-prefs --max-children 5 --helper-home-dir"
PIDFILE="/var/run/spamd.pid"
CRON=0
dpkg-reconfigure clamav-freshclam
ClamAV configuration wizard
Choose OK
ClamAV configuration wizard
Choose daemon
ClamAV configuration wizard
Choose a mirror closest to you.
ClamAV configuration wizard
Enter your proxy, if required. Usually you will leave this blank.
ClamAV configuration wizard
By default, ClamAV updates every hour. That’s excessive. Bring that down to once a day.
ClamAV configuration wizard
Choose No
Now restart everything.
/etc/init.d/saslauthd restart
/etc/init.d/postfix restart
/etc/init.d/courier-authdaemon restart
/etc/init.d/courier-imap restart
/etc/init.d/courier-imap-ssl restart
That’s it, you’re done!
You can test your setup by configuring your mail client to connect to your new mail server using admin@example.com as your username and the password you chose (“changeme” in the guide).
Errors will usually show up in /var/log/mail.log
For more information regarding the mail database, testing using Telnet,and more information regarding how all these services are stitched together,
please see Flurdy’s guide.


Labels:

Comments

  1. lorideliveriesApril 12, 2022 at 1:37 PM

    Excellent knowledge, I am very much thankful to you that you have shared good information with us about Courier To Dubai. Here I got some special kind of knowledge and it is helpful for everyone. Thanks for share it.

    ReplyDelete
  2. Alia parkerMay 2, 2023 at 12:09 AM

    A world data SIM card is a type of SIM card designed for use while traveling internationally that provides data connectivity in multiple countries around the world. It allows users to access cellular data services while traveling without having to worry about purchasing and switching between local SIM cards in each country.

    ReplyDelete

Post a Comment

Popular posts from this blog

Asterisk – CLI commands

Agent commands agent logoff  - Sets an agent offline agent show  - Show status of agents agent show online  - Show all online agents AGI commands agi dump html  - Dumps a list of AGI commands in HTML format agi exec  - Add AGI command to a channel in Async AGI agi set debug [on|off]  - Enable/Disable AGI debugging agi show commands [topic]  - List AGI commands or specific help dnsmgr refresh  - Performs an immediate refresh dnsmgr reload  - Reloads the DNS manager configuration dnsmgr status  - Display the DNS manager status Calendar commands calendar dump sched  - Dump calendar sched context calendar show calendar  - Display information about a calendar calendar show calendars  - Show registered calendars Channel commands channel originate  - Originate a call channel redirect  - Redirect a call channel request hangup  - Request a hangup on a given channel Cli commands cli check permissions  - Try a permissions config for a user cli reload permi
5 comments
Read more

Making video calls – Asterisk tutorial

sip.conf To be able to send video during a call, codec h263 and video support must be enabled. This is done by adding three lines in the sip.conf file (Location: /etc/asterisk/sip.conf). Add the following lines in the [general] tab of the file. videosupport = yes ; Enable video allow = h263 ; H.263 is our video codec allow = h263p ; H.263p is the enhanced video codec Reload Reload the sip.conf file by running the following command in the CLI console:  reload Config in Softphone  Click “Softphone”  Click “Preferences”    Click “Video Codecs”  Verify that h263 and h263+ are selected Click “OK”  Click the video (Webcam) icon to display the video  Dial the other sip phone (number 1002)  Click “Show Video” on the two sip phones. http://asteriskvoipsystem.org/making-video-calls-asterisk-tutorial/
11 comments
Read more

Step by step: Configure call recording - Asterisk tutorials

This article will cover enabling asterisk to record calls. You may want this to interview people over the phone, podcast, or some other purpose. In features.conf, under: [featuremap] uncomment the line that looks like this: automixmon => *3 ; One Touch Record a.k.a. Touch MixMonitor — Make sure to set the X and/or x option in the Dial() or    Queue() app call! Then, enable the X option for Dial() in your dialplan in extensions.conf: PLEASE NOTE:  change you need to make – add the X  your dial rule make look different with me. exten => s,n,Dial(SIP/100,60) make it this instead: exten => s,n,Dial(SIP/100,60,X) The X is what tells Asterisk to allow callers to dial *3 during a call to enable or disable recording. From the asterisk console (run asterisk -r), you should see a line like this appear when the user starts a recording: – User hit ‘*3′ to record call. filename: auto-xxxxx-EXTENSION-DIALEDNUMBER When the recording ends, un
15 comments
Read more