Mailserver

or Setting up a Virtual Mail System using Postfix, MySQL, SpamAssassin, (ClamAV,) Amavis, Sieve, Roundcube, Dovecot and Mailman.

Introduction

I always wanted to have my own mailserver in a secure and easy to maintain manner, avoiding as much SPAM as possible and pushing the problem of SPAM back to the sender, instead of filtering it and storing in a dedicated folder. I was running postfix for quite a while already, when I started to think about a a new clean and easy setup along with good howto pages. The following book pages shall guide you through the whole setup process from postfix to roundcube installation, tested and used on an ubuntu 8.04 LTS / ubuntu 10.04.4 LTS / ubuntu 12.04.5 LTS server.

I talked to some friends of mine - some hobby mailserver admins, some pro’s - for good configuration ideas and came up with the following requirements. Of course, they will not be the same for everybody, but maybe can be used as a starting point. But first some features, to help you decide if you want to read it.

Features

  • Preferably Use Postfix (was installed already)
  • Use Greylisting to Lock Out Spammers
  • Apply Spamassassin During SMTP to Reject Spam Before Delivery
  • Maintain a MySQL User Database instead of local users
  • Provide IMAP and POP3 Mail Fetching
  • Require TLS Authentication for All, IMAP/POP3/SMTP
  • Add Sieve Scripts to Apply Filtering on Server Side
  • Scan Messages for Malware on Server Side
  • Administrating Mailing Lists

I hope, the guide helps you setting up your mailserver and maybe you have some additional notes regarding the documentation. If so, please don’t hesitate to write a comment and I will be happy to update and/or correct the text.

Flattr: 

Common Definitions

This page contains some common definitions which will be used through the guide in several places. Note, that this section is most important as errors from this document will propagate through the whole guide and may cause different major problems, which will be difficult to solve.

First of all, we need to create a specific user for all mail processing. For security reasons and to get dovecot running as the local delivery agent (LDA) for postfix later, we are not allowed to use the postfix user id! Our dedicated system mail user is created as follows.

sudo adduser --system -ingroup mail vmail

The command creates the user vmail, adds it to the group mail and prints out the user id and group id of the newly created user. For the scope of this document, the values are as follows.

uid=118(vmail) gid=8(mail)

Note, that your ids might differ from above and you will need to substitute above values by yours whenever noted in the text. Do not forget to add your postfix user to the mail group as well! Otherwise you will get into access problems with the SASL socket!
The server hostname used in this document is

yourdomain.com

As a general note: in case of odd things happening, you should go for the mailer logfiles, especially for /var/log/mail.info - e. g. by using the following command.

sudo tail -f /var/log/mail.info

Now, you can forward to the actual mail server installation.
Cheers, iss.

Flattr: 

Postfix Mailserver - the Base System

First of all, we need to install the postfix mailserver. All you need is to invoke the following command and postfix will be setup automatically. Anyhow, some further configurations steps will be neccessary afterwards - of course.

sudo aptitude install postfix

The installation process will ask for some general information, which you can restart by invoking dpkg-reconfigure postfix. After that, you should set some general settings to postfix using the following commands

sudo postconf -e 'home_mailbox = Maildir/'
sudo postconf -e 'mailbox_command ='

Now, its a good idea to disable to chroot the smptd and the rewrite process in the configuration file. This is important for both MySQL support and later spamassassin filtering. Additionally, you should insert the dovecot LDA line, which will be referred to later in the dovecot section. These lines relate to the virtual_transport field in /etc/postfix/main.cf and are placed inside /etc/postfix/master.cf:

smtp      inet  n       -       n      -       -       smtpd
rewrite   unix  -       -       n      -       -       trivial-rewrite

# Dovecot LDA
dovecot   unix  -       n       n      -       -       pipe
  flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -d ${recipient}

Create some certificates for secure authentication over TLS, using openssl. The following listing shows the creation process for a certificate to be used for SMTP authentication.

touch smtpd.key
chmod 600 smtpd.key
openssl genrsa 1024 > smtpd.key
openssl req -new -key smtpd.key -x509 -days 3650 -out smtpd.crt
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
sudo mv smtpd.key /etc/ssl/private/
sudo mv smtpd.crt /etc/ssl/certs/
sudo mv cakey.pem /etc/ssl/private/
sudo mv cacert.pem /etc/ssl/certs/</pre>

Tell postfix to use the certificate, by adding/modifying these lines to/in /etc/postfix/main.cf:

# TLS parameters
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

# set smtpd restrictions
smtpd_recipient_restrictions = permit_sasl_authenticated,
                               permit_mynetworks,
                               reject_unauth_destination</pre>

That’s it for now. Further changes will be done after MySQL user database installation.

Cheers, iss.

Flattr: 

User Configuration Using MySQL And Postfixadmin

AttachmentSize
Plain text icon postfixadmin.txt5.2 KB

MySQL mapping seemed to be the most flexible way for user administration for the postfix mailserver. A major advantage is the independency from system users and easyily maintainable user setups using web interfaces. Additionally, non administrator users can modify they preferences, aliases and passwords using a dedicated web interface without interaction by the mailserver admin. MySQL mapping is provided under ubuntu by the package named postfix-mysql and the MySQL server mysql-server. Both can be installed using the following command (as root)

sudo aptitude install postfix-mysql mysql-server

You will be asked to the MySQL root password. Choose a real secure one here, but remeber it! You can reset it using the following command (as root - I don’t think sudo works with this one):

mysqladmin password yoursecret

Don’t forget to change ‘yoursecret’ with your real secure password! You also should add a MySQL user for access by postfix and others. Hence, connect to you mysql server.

mysql -u root -p

Now you need to setup the tables for the addresses, domains and aliases. The following commands creates a database which will be filled with the domain addresses later, add a user and grant it access to the table.

CREATE DATABASE mailserver;
      GRANT ALL PRIVILEGES ON mailserver.* TO mailuser@localhost IDENTIFIED BY 'mailuserpassword';

For the actual database creation and further administration, I installed a tool called postfixadmin, which is hosted on sourceforge. I installed it using the debian package file available from the download area. Additionally, I had to install php5-imap support. Both tasks are accomplished using the following.

sudo dpkg -i postfixadmin_xxx.deb
sudo aptitude install php5-imap

For the sake of security, I prefered the installation on my TLS pages, hence I cut the line

Alias /postfixadmin /usr/share/postfixadmin

from /etc/apache2/conf.d/postfixadmin and inserted it in my ssl-page configuration file.

Before the web interface can run on all four, you need to modify the postfixadmin configuration file. For our database example, the MySQL section looks like the following - don’t forget to change the password entry!
/etc/postfixadmin/config.inc.php:

// Database Config
// mysql = MySQL 3.23 and 4.0, 4.1 or 5
// mysqli = MySQL 4.1+
// pgsql = PostgreSQL
$CONF['database_type'] = 'mysql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'mailuser';
$CONF['database_password'] = 'mailuserpassword';
$CONF['database_name'] = 'mailserver';
$CONF['database_prefix'] = '';

And enable the setup.php script by setting the following entry. /etc/postfixadmin/config.inc.php:

$CONF['configured'] = true;

And set an installation password by changing the following line.

$CONF['setup_password'] = 'yourpassword';

I recently found a bug in my postfixadmin installation. To fix it, open the configuration file /etc/postfixadmin/config.inc.php and edit the string header(“Location:…”) - line 21 in my installation, so that it states the following. Note, that the location depends on your installation directory of course. Mine is simply postfixadmin.

header("Location: /postfixadmin/login.php");

Now point your browser to the setup page (https://yourdomain.com/postfixadmin/setup.php) and fill the appropriate values into the form; (use the installation password set above) and add the hashed password, printed at the end of the form by postfixadmin to config.inc.php. After that the administration page should be available under https://yourdomain.com/postfixadmin.

If you prefer to install only the database part and not postfixadmin, you can either uninstall postfixadmin or use the attached SQL script and run it as user ‘mailuser’.

After postfixadmin setup, you should create the directories for the virtual mailboxes using the following commands and do not forget to change the username and group to your ones!

sudo mkdir /var/spool/postfix/virtual
sudo chown vmail:mail /var/spool/postfix/virtual
sudo chmod a+rwx /var/spool/postfix/virtual

Now tell postfix, where to access the user data. Hence, add the following lines to your main.cf, but don’t forget to change the uid and gid to your values! Make sure the home_mailbox-entry is before these lines and mydestination (as well as /etc/mailname) does not contain any of the virtual domains, as they will occur in the MySQL DB.
/etc/postfix/main.cf

# get password from dovecot - no idea how to do that directly 
smtpd_sasl_local_domain =
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/spool/postfix/private/auth-client
smtpd_sasl_auth_enable = yes

# virtual mailbox settings
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
virtual_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf

# change uid to postfix uid
virtual_minimum_uid = 118
virtual_uid_maps = static:118

# change gid to postfix gid
virtual_gid_maps = static:8
virtual_mailbox_base = /var/spool/postfix/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_limit = 51200000

Now, create the MySQL .cf files, to tell postfix how to access the MySQL database correctly. Hence, add the files
/etc/postfix/mysql_virtual_alias_maps.cf:

user = mailuser
password = mailuserpassword
hosts = 127.0.0.1
dbname = mailserver
table = alias
select_field = goto
where_field = address

/etc/postfix/mysql_virtual_domains_maps.cf:

user = mailuser
password = mailuserpassword
hosts = 127.0.0.1
dbname = mailserver
table = domain
select_field = description
where_field = domain

/etc/postfix/mysql_virtual_mailbox_maps.cf:

user = mailuser
password = mailuserpassword
hosts = 127.0.0.1
dbname = mailserver
table = mailbox
select_field = maildir
where_field = username

/etc/postfix/mysql_relay_domains_maps.cf:

user = mailuser
password = mailuserpassword
hosts = 127.0.0.1
dbname = mailserver
table = domain
select_field = domain
where_field = domain
additional_conditions = and backupmx = '1'

Do not forget to change all password entries in above files! By the way, it is important to write 127.0.0.1 and NOT localhost, don’t ask me why. Now restart postfix and cross your fingers ;)

Cheers, iss.

Flattr: 

Dovecot IMAP, POP Server, LDA And Sieve Configuration

If you use Ubuntu 10.04 LTS, read the child section regarding Dovecot 1.2.
If you use Ubuntu 12.04 LTS, read the child section regarding Dovecot 2.

Kind version: Please refer to the appropriate sub-page in the listing below to get the corresponding description after checking your Ubuntu and Dovecot version.

Cheers,

iss

Flattr: 

Dovecot IMAP, POP Server, LDA, and Sieve configuration Version 1.2

This page explains installation and configuration of dovecot 1.2 as shipped with Ubuntu 10.04LTS. For the installation of dovecot 2, e. g. on Ubuntu 12.04LTS, please check this page.

Dovecot IMAP and POP3 services are installed using the following command.

sudo aptitude install dovecot-imapd dovecot-pop3d

To tell dovecot to use MySQL tables for user authentication and do some further settings, modify the following for your installation. The listing was derived using the postfixadmin documentation (for dovecot) and taken from /etc/dovecot/dovecot-sql.conf:

driver = mysql
connect = host=127.0.0.1 port=3306 user=mailuser password=mailuserpassword dbname=mailserver

# depends on postfixadmin config
default_pass_scheme = MD5-CRYPT

# taken from postfixadmin docs
password_query = SELECT username as user, password, concat('/var/spool/postfix/virtual/', maildir) as userdb_home, concat('maildir:/var/spool/postfix/virtual/', maildir) as userdb_mail, 118 as userdb_uid, 8 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'

# taken from postfixadmin docs
user_query = SELECT concat('/var/spool/postfix/virtual/', maildir) as home, concat('maildir:/var/spool/postfix/virtual/',maildir) as mail, 118 AS uid, 8 AS gid FROM mailbox WHERE username = '%u' AND active='1'

And in the main entry configuration file, make sure to have the following settings. Don’t forget to modify the first_valid_uid to your values! /etc/dovecot/dovecot.conf:

protocols = imaps imap pop3s pop3

userdb sql {
 args = /etc/dovecot-sql.conf
}

passdb sql {
 args = /etc/dovecot-sql.conf
}

# set this to the mail user-id
first_valid_uid = 118
# as it has been set in postfix
mail_location = maildir:/var/spool/postfix/virtual/%u/

# LDA specific settings
protocol lda {
  # Address to use when sending rejection mails.
  postmaster_address = postmaster@yourdomain.com
  # Hostname to use in various parts of sent mails, eg. in Message-Id.
  # Default is the system's real hostname.
  hostname = yourdomain.com
  # Enabling Sieve plugin for server-side mail filtering
  mail_plugins = cmusieve
}

# It's possible to export the authentication interface to other programs:
socket listen {
  master {
    # Master socket provides access to userdb information. It's typically
    # used to give Dovecot's local delivery agent access to userdb so it
    # can find mailbox locations.
    path = /var/run/dovecot/auth-master
    mode = 0600
    # Default user/group is the one who started dovecot-auth (root)
    user = vmail
    group = mail
  }

  # for SMTP passwords
  client {
    # The client socket is generally safe to export to everyone. Typical
    # use is to export it to your SMTP server so it can do SMTP AUTH
    # lookups using it.
    path = /var/spool/postfix/private/auth-client
    mode = 0660
    user = postfix
    group = postfix
  }
}

Additionally, you can change the local delivery for the local users as well. You do this by modifying the following lines in your /etc/postfix/main.cf:

mailbox_command = /usr/lib/dovecot/deliver
mailbox_transport = dovecot

The only problem remaining with sieve is, that I have not found a nice filter managment GUI for all users, even without a ssh account on the server. For now, I need to maintain my sieve files by vim. As soon, as I found a nice user friendly management software, I’ll update this post. Now restart dovecot, reload postfix and check your mail!

Cheers, iss.

Flattr: 

Dovecot IMAP, POP Server, LDA, And Sieve Configuration Version 2

This page explains installation and configuration of dovecot 2 as shipped with Ubuntu 12.04LTS. For the installation of dovecot 1.2, e. g. on Ubuntu 10.04LTS, please check this page.

Dovecot IMAP, POP3, and Sieve services along with MySQL support are installed using the following command.

sudo aptitude install dovecot-imapd dovecot-pop3d dovecot-sieve dovecot-mysql dovecot-managesieved

In contrast to Dovecot version 1.2, where most configuration was done in the file /etc/dovecot/dovecot.conf, the configuration of version 2 is distributed over several files with dedicated purpose, located under /etc/dovecot/conf.d. I will step through the required changes by each necessary file in the following paragraphs.

Authorization using MySQL

The authorization settings are configured in 10-auth.conf. I almost left everything as is, just added the following line to the include section at the very end of the file

!include auth-sql.conf.ext

This tells dovecot to include the file auth-sql.conf.ext, which has yet to be created. Therefore, add the following lines to the file /etc/dovecot/conf.d/auth-sql-conf.ext:

passdb {
  driver = sql 

  # Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
  args = /etc/dovecot/dovecot-sql.conf.ext
}

userdb {
  driver = sql 
  args = /etc/dovecot/dovecot-sql.conf.ext
}

Now make sure to have the following settings within the file /etc/dovecot/dovecot-sql.conf.ext:

driver = mysql
connect = host=127.0.0.1 port=3306 user=mailuser password=mailuserpassword dbname=mailserver

# depends on postfixadmin config
default_pass_scheme = MD5-CRYPT

# taken from postfixadmin docs
password_query = SELECT username as user, password, concat('/var/spool/postfix/virtual/', maildir) as userdb_home, concat('maildir:/var/spool/postfix/virtual/', maildir) as userdb_mail, 118 as userdb_uid, 8 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'

# taken from postfixadmin docs
user_query = SELECT concat('/var/spool/postfix/virtual/', maildir) as home, concat('maildir:/var/spool/postfix/virtual/',maildir) as mail, 118 AS uid, 8 AS gid FROM mailbox WHERE username = '%u' AND active='1'

Set the First Valid UID

This is really a quick one: Just open the file /etc/dovecot/conf.d/10-mail.conf and make sure to set the first_valid_uid to the UID of your mail user. Mine is 113 - and make sure to set the authentication socket path:

first_valid_uid = 113
auth_socket_path = /var/run/dovecot/auth-userdb

Configure the Mail Service

Now add your user names, groups to the file /etc/dovecot/conf.d/10-master.conf. I have added the following contents (with a little context):

service auth {
  # auth_socket_path points to this userdb socket by default. It's typically
  # used by dovecot-lda, doveadm, possibly imap process, etc. Its default
  # permissions make it readable only by root, but you may need to relax these
  # permissions. Users that have access to this socket are able to get a list
  # of all usernames and get results of everyone's userdb lookups.
  unix_listener auth-userdb {
    #mode = 0600
    user = vmail
    group = mail
  }

  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }

  # Auth process is run as this user.
  #user = $default_internal_user
}

SSL Configuration

If you provide SSL support, which I would highly recommend, you can add your key, vert and the certification authority to the file /etc/dovecot/conf.d/10-ssl.conf:

# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = yes 

# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
ssl_cert = </etc/ssl/certs/nesono.crt
ssl_key = </etc/ssl/private/nesono.key
ssl_ca = </etc/ssl/private/ca.pem

Configure the Local Delivery Agent (LDA)

I simply added the postmaster address and hostname to the file /etc/dovecot/conf.d/15-lda.conf as well as added sieve as a mail plugin, which is the whole reason why I am using Dovecot LDA at all:

#postmaster_address =
postmaster_address = postmaster@nesono.com

# Hostname to use in various parts of sent mails, eg. in Message-Id.
# Default is the system's real hostname.
hostname = nesono.com

protocol lda {
  # Space separated list of plugins to load (default is global mail_plugins).
  #mail_plugins = $mail_plugins
  mail_plugins = $mail_plugins sieve
}

Additionally, you have to tell postfix to forward the local delivery dovecot. You do this by modifying the following lines in your /etc/postfix/main.cf:

mailbox_command = /usr/lib/dovecot/deliver
mailbox_transport = dovecot

Sieve Configuration

In the file /etc/dovecot/conf.d/90-sieve.conf I have the following lines uncommented:

plugin {
  # The path to the user's main active script. If ManageSieve is used, this the
  # location of the symbolic link controlled by ManageSieve.
  sieve = ~/.dovecot.sieve

  # Directory for :personal include scripts for the include extension. This
  # is also where the ManageSieve service stores the user's scripts.
  sieve_dir = ~/sieve
}

Fine

One final note: To configure sieve, you can use roundcube, which no longer seems to have the file size limitation of the sieve script, which drove me up the wall in the days of roundcube version 0.5.

Now restart dovecot, reload postfix and check your mail!

Cheers, iss.

Flattr: 

Add iptables Rules for Postfix to Support Ports 465 and 587

As I could not convince postfix to listen to different ports than 25 for local mail delivery AND use dovecote as the LDA, I decided to add iptables rules to forward all incoming connections to standard ports 465 and 587 to my primary port 25. Note that port 587 makes TLS mandatory and due to the fact that I suppress non-TLS I don’t run into problems here.

As far as google nows, Ubuntu has no default configuration file for iptable rules. Therefore, I decided to add the rule set from scratch by hand (which was not difficult anyway). I simply added the following script to a new file /etc/init.d/iptables:


#!/usr/bin/env bash
# add redirect rules for ports 465 and 587 (to let postfix run on different ports)
iptables -t nat -A PREROUTING -p tcp --dport 465 -j REDIRECT --to-ports 25
iptables -t nat -A PREROUTING -p tcp --dport 587 -j REDIRECT --to-ports 25

Then, make the script executable:

sudo chmod 755 /etc/init.d/iptables

And finally add it to the startup rules:


cd /etc/rcS.d
ln -s ../init.d/iptables S60iptables

If you want to enable the rules without rebooting, simply call

/etc/init.d/iptables

That’s it again.
Cheers,
iss

Flattr: 

Postgrey - the Postfix Greylisting Implementation

The installation process is really simple. All you need is the package named postgrey, which can be installed using the following command.

sudo aptitude install postgrey

Now, you can optionally configure the postgrey daemon using the file /etc/default/postgrey. I am using the default values (did not touch the file) and everything runs fine as it seems. By the way, right after installation, the server should be up and running alreay. Do not forget to restart it, after re-configuration (/etc/init.d/postgrey restart).

Now we need to tell postfix to use postgrey accordingly. Therefore, you need to change the configuration file to the following lines.
/etc/postfix/main.cf:

smtpd_recipient_restrictions = permit_sasl_authenticated,
                               permit_mynetworks,
                               reject_unauth_destination,
                               check_policy_service inet:127.0.0.1:60000

You should check the connection address and port (maybe using ps ax | grep postgrey) and change it accordingly - although, if you are using the default setup, it should be the very same setting. Save and close the file and reload the mail server configuration by invoking

sudo postfix reload

That’s it. The SPAM flow should be ended :)
Cheers, iss

Flattr: 

Spamass-Milter for Rejecting SPAM Before Queueing

Another technique, I was font of was to integrate spamassassin as a SMTP milter, which are filters run before the messages are added to the queue and therefore can result in rejection of SPAM mails. I decided to put the problem back to the sender and don’t permit the SPAM to be stored on my hard disk. All you need to rejecting SPAM to the sender is the ubuntu packet spamass-milter. Install it using the following command.

sudo aptitude install spamass-milter

Now you need to tell postfix, to use it and where it can be found. Put the following line somewhere in your configuration file and make sure you do not chroot, set in /etc/postfix/master.cf:

smtpd_milters = unix:/var/spool/postfix/spamass/spamass.sock

After an obligatory postfix reload, the mailserver should run and parse all mails it receives. This includes adding the common spamassassin headers into the mails, which you can use for filtering in your mail client.

Anyhow, if you really want to ‘reject’ mails using a specific score threshold, you will need to edit the file /etc/default/spamass-milter, to meet your requirements. The value of the -r option specifies the threshold. You should adjust it to your needs. For completeness, I post an example: /etc/default/spamass-milter:

# Default, use the nobody user as the default user, ignore messages
# from localhost
OPTIONS='-u spamass-milter -r 8 -i 127.0.0.1'

Of course, you will need to restart the spamass-milter daemon using

/etc/init.d/spamass-milter restart

Cheers and enjoy, iss

Flattr: 

Spamassassin Filter Customized Per User With Automatic SPAM Learning

After obvious spam has been rejected before queuing using the Spamass-Milter, we can now proceed to check for spam specifically for each user. The automation is based on each mail account having a Junk folder in its top directory - just as most mail clients already prepare at first start. Note that the name of the folder is case-sensitive and you need the capital ‘J’ if you use the following scripts and configuration entries.

First of all, we need to maintain a separate spam database for each mail account. I create a directory tree and populate the bayes database using the following script, saved as spam_learn_mail_cron.sh inside /etc/cron.daily.

#!/bin/sh
# script to create a directory under /vhome/users for each mail account,
# populate the spam db with sa-learn, and fix the dir's permissions.

# get all mail accounts
for dir in /var/spool/postfix/virtual/*; do
  mailaccount=${dir##*/}
  echo "creating dir for $mailaccount"
  spamdbpath=/vhome/users/${mailaccount}/spamassassin/
  mkdir -p ${spamdbpath}

  junkfolder=${dir}/.Junk
  if [ -d ${junkfolder} ]; then
    echo "learning spam from ${junkfolder} for user ${mailaccount}"
    sa-learn --spam --dbpath ${spamdbpath}/bayes --progress ${junkfolder}
    sa-learn --sync
  else
    echo "no Junk folder in top level - skipping"
  fi

  hamfolder=${dir}/.Archive
  if [ -d ${hamfolder} ]; then
    echo "learning ham from ${hamfolder} for user ${mailaccount}"
    sa-learn --ham --dbpath ${spamdbpath}/bayes --progress ${hamfolder}
    sa-learn --sync
  else
    echo "no Archive folder in top level - skipping"
  fi
done

echo "fix permissions for whole vhome"
chown -R vmail:mail /vhome
chmod -R 700 /vhome

This script is automatically run every day, which should be frequent enough for most purposes.

Then, we need to configure spamd, which is done in the file /etc/default/spamassassin. I simply change the OPTIONS variable to the following line.

OPTIONS="--create-prefs --max-children 5 --helper-home-dir --virtual-config-dir=/vhome/users/%u/spamassassin -x -u vmail"

The option virtual-config-dir tells spamd to check for user databases in the virtual home directory tree instead of real user home directories. The x and u options are mandatory for setting the virtual-config-dir and I set them to the appropriate values.

Now we need to tell postfix to use spamc and specify the name of the mail account for spamc invokation. Therefore, I change the delivery agent line in /etc/postfix/master.cf to:

# Dovecot LDA
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:mail argv=/usr/bin/spamc -u ${recipient} -e /usr/lib/dovecot/deliver -f ${sender} -d ${recipient}

Then don’t forget to reload spamassassin, dovecot and postfix to enable the changes to the configuration files:

/etc/init.d/spamassassin restart
/etc/init.d/dovecot restart
/etc/init.d/postfix restart

That’s it again :)
If you are unsure whether your setup really works, you should check the log using tail -f /var/log/mail.info and send yourself a message.

Cheers,
iss

Flattr: 

Roundcube Webmailer With Managesieve

A really nice AJAX using webmailer is roundcube. I installed it on top of apache2 and secure access using TLS (https). It can be easily installed using the package from the roundcube homepage. Simply unpack the tarball into /var and add something like the following to your apache SSL configuration file:

Alias /roundcube /var/roundcube-x.y

And reload apache. Now open the INSTALL file to make sure, that the following steps are still valid ;)

  1. Make sure that all files are readable by your webserver (chown -R www-data:www-data /var/roundcube-x.y)
  2. Open the installer in your browser (https://your.domain.com/roundcube/installer)
  3. Follow the instructions of the installer with particular notion of
    1. IMAP standard server
    2. SMTP standard server
    3. Standard user domain
    4. Database settings (if you want to use a relative path, use ./sqlite.db for example)
  4. The let the installer create your configuration files
  5. Copy the files into the config subdirectory
  6. Test the configuration with the installer
  7. Remove the installer directory

Now you can connect to your new webmailer by connecting to https://your.domain.com/roundcube/

If you want to use additional plugins, e. g., Managesieve to edit your server side mail filters, you need to add them to your config/main.inc.php. I added both the managesieve and archive plugin using the following line:

$rcmail_config['plugins'] = array('managesieve','archive');

To get manage sieve working, you need to adjust the default port in the plugins configuration file. Therefore, go into plugins/managesieve, copy the default config file to become active:

cp config.inc.php.dist config.inc.php

Open the file and change the port to 4190, which was adopted by IANA as the default Managesieve port:

// managesieve server port
$rcmail_config['managesieve_port'] = 4190;

That’s it again. Now you should be able to log into roundcube and edit your server side filters in Settings → Filters.

Cheers, iss

Flattr: 

Mailman - Mailing List Manager

It’s been too long on my todo list: a mailing list manager for my mail server! Anyhow, it’s been quite simple to install. The following command installs the standard package from ubuntu:

sudo aptitude install mailman

Now, you need to tell postfix, that your mailman is installed. Therefore, add the following lines to your /etc/postfix/main.cf:

# added for mailman - taken from /etc/mailman/postfix-to-mailman.py
relay_domains = mailman.example.com
transport_maps = hash:/etc/postfix/transport
mailman_destination_recipient_limit = 1

Now, create the file /etc/postfix/transport with the following content:

mailman.example.com mailman:

And call the following command:

postmap /etc/postfix/transport

After that, you need to make sure, that postfix knows about the mailman service. Hence, add the following lines to your /etc/postfix/master.cf:

# added for mailman - taken from /etc/mailman/postfix-to-mailman.py
mailman unix - n n - - pipe
  flags=FR user=list
  argv=/var/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${mailbox}

After I added these lines, I found a quite similar one above. But as the service ran anyways, I did not spent time to check, whether my addition was really mandatory for mailman. If you try, please drop me a comment.

Before you create new mailman lists, you should edit the file /etc/mailman/mm_cfg.py. Here are my modifcations:

DEFAULT_URL_PATTERN = 'https://%s/cgi-bin/mailman/'

#-------------------------------------------------------------
# Default domain for email addresses of newly created MLs
DEFAULT_EMAIL_HOST = 'mailman.example.com'

#-------------------------------------------------------------
# Default host for web interface of newly created MLs
DEFAULT_URL_HOST = 'mailman.example.com'

# (see /usr/share/doc/mailman/README.Exim4.Debian)
MTA=None

# Misnomer, suppresses alias output on newlist
# alias for postmaster, abuse and mailer-daemon
DEB_LISTMASTER = 'server-amdin@example.com'

Reload your postfix mailserver using

sudo postfix reload

Now you can create new mailing lists (e. g. mymailinglist) using the following command. Note, that you will get aliases presented when calling the newlist command, but you can ignore them savely as we configured our postfix mailing system to detect mailing lists automagically.

sudo newlist mymailinglist

If you want to add the mailing list archive and the web front end for all, users, admins and moderators, you can add the following lines to your apache configuration file:

# We can find mailman here:
ScriptAlias /cgi-bin/mailman/ /usr/lib/cgi-bin/mailman/

# And the public archives:
Alias /pipermail/ /var/lib/mailman/archives/public/

# Logos:
Alias /images/mailman/ /usr/share/images/mailman/

# Use this if you don't want the "cgi-bin" component in your URL:
# In case you want to access mailman through a shorter URL you should enable
# this:
#ScriptAlias /mailman/ /usr/lib/cgi-bin/mailman/
# In this case you need to set the DEFAULT_URL_PATTERN in
# /etc/mailman/mm_cfg.py to http://%s/mailman/ for the cookie
# authentication code to work. Note that you need to change the base
# URL for all the already-created lists as well.

<directory cgi-bin="" lib="" mailman="" usr="">
  AllowOverride None
  Options ExecCGI
  AddHandler cgi-script .cgi
  Order allow,deny
  Allow from all
</directory>

<directory archives="" lib="" mailman="" public="" var="">
  Options Indexes FollowSymlinks
  AllowOverride None
  Order allow,deny
  Allow from all
</directory>

<directory images="" mailman="" share="" usr="">
  AllowOverride None
  Order allow,deny
  Allow from all
</directory>

If you added mailman to your apache installation, don’t forget to reload apache. Happy mailmaning, everybody
Cheers, iss

Flattr: