Howto: set up a mail server in Ubuntu

[spezticle]

check your software sources.
http://flurdy.com/docs/postfix/#install_repos
which packages can't you find?

I seem to be having trouble with installing some of the packages.

A fair few have come back with "Couldn't find any package whose name of description matched "packagenamehere"

I am using Ubuntu 11.10, does that make a difference?

[Solitary_]

My sources.list is showing main, universe, restricted and multiverse, in ubuntu 9.04 and later they are all enabled by default.

The following are packages it stated "Couldn't find any package whose name or description matched "packagenamehere"

libgsasl7 libauthen-sasl-cyrus-perl
postgrey
ShoreWall
Courier



The Entire command line for ClamAV says "No packages will be installed, upgraded, or removed", the same for amavis & spamassassin.

[Solitary_]

Any help would be greatly appreciated

[WinterWren]

Outlook and self-signed certificates

These are the steps I took to stop the annoying pop up from MS Outlook constantly asking to allow the security certificate from my email server. Warning: I am a novice user so please verify that these steps are secure before using them on your system.

First, I create a working directory. I use a directory in the home path but you may want to place them somewhere else. I am the only user/administrator of my server so I consider this directory secure.

Code:

cd ~
mkdir certs
cd certs
sudo chmod 700 .

Generate a key file. This will ask you to create a password. You will only need to remember this password for the next two steps.

Code:

sudo openssl genrsa -des3 -out server.key 1024

Sample output:
Generating RSA private key, 1024 bit long modulus
.................................................+ +++++
.++++++
e is 65537 (0x10001)
Enter pass phrase for server.key: somepass
Verifying - Enter pass phrase for server.key: somepass

Create your self-signed certificate file. This will ask for the password that you used in the last step along with some other questions about your location. For "Common Name (eg, YOUR name) []:" you must enter your server's FQDN.

Code:

sudo openssl req -new -x509 -nodes -sha256 -days 3650 -key server.key -out server.crt

Sample output:
Enter pass phrase for server.key: somepass
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:WI
Locality Name (eg, city) []:Milwaukee
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Some Company
Organizational Unit Name (eg, section) []:IT Department
Common Name (eg, YOUR name) []:mail.domain.com (this must be the FQDN)
Email Address []:postmasters@domain.com

Remove the password from "server.key"

Code:

cp server.key server.key.orig
sudo openssl rsa -in server.key.orig -out server.key

Sample output:
Enter pass phrase for server.key.orig: somepass
writing RSA key

Generate a public file for clients. This will prompt for a password. If you want your clients to have to enter a password when they install this certificate enter something here. If not, leave it blank.

Code:

sudo openssl pkcs12 -export -in server.crt -inkey server.key -out Outlook.p12

Sample output:
Enter Export Password: clientpassword
Verifying - Enter Export Password: clientpassword

I'm certain there is a better way to do this next step but I couldn't figure out the correct switch for the openssl command so I did this to create the certificate in pem format.

Code:

cp server.crt server.pem
cat server.key >> server.pem

I then modified main.cf to use the new certificates.

Code:

sudo vi /etc/postfix/main.cf

Code:

smtpd_tls_cert_file = /home/username/certs/server.crt
smtpd_tls_key_file = /home/username/certs/server.key

Also modified imapd-ssl to use the same certificates.

Code:

sudo vi /etc/courier/imapd-ssl

Code:

TLS_CERTFILE=/home/username/certs/server.pem
TLS_TRUSTCERTS=/home/username/certs

You must restart affected services for the changes to take place on your server.

Provide the file "Outlook.p12" to your clients. They should be able to start installation of this certificate by double clicking or right click and install. If you used a password to create Outlook.p12 you must provide it to your clients and they must enter it when they install the certificate. The certificate must be stored in the "Trusted Root Certification Authorities" during the installation of the certificate (choose "Place certs in following store" not "Automatic ....")

It would be nice if Outlook would allow this file to be sent in an email but it doesn't. You will have to zip it to send or set it up on some web/ftp server somewhere.

[duceduc]

I successfully setup the mail server and am able to send and receive via the telnet test. However, I cannot setup my mail client (thunderbird) to send outgoing mails. I can receive just fine. It maybe my smtp settings are incorrect.

In the thunderbird smtp settings. I have the following.

server name: mail.mydomain.com
port: 25
connection security: starttls
authentication method: no authentication
user name: somename@mydomain.com

When I try to send a test mail, I get the following errors.

error from thunderbird.

An error occurred while sending mail. The mail server responded: 5.7.1 <somename@yahoo.com>: Relay access denied. Please check the message recipient someone@yahoo.com and try again.

error log in my mail.log

May 20 10:34:54 revomix postfix/smtpd[19016]: connect from unknown[192.168.1.1]
May 20 10:34:54 revomix postfix/smtpd[18991]: disconnect from unknown[192.168.1.1]
May 20 10:34:54 revomix postfix/smtpd[19016]: setting up TLS connection from unknown[192.168.1.1]
May 20 10:34:54 revomix postfix/smtpd[19016]: Anonymous TLS connection established from unknown[192.168.1.1]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
May 20 10:34:54 revomix postfix/smtpd[19016]: NOQUEUE: reject: RCPT from unknown[192.168.1.1]: 554 5.7.1 <somename@yahoo.com>: Relay access denied; from=<somename@mydomain.com> to=<somename@yahoo.com> proto=ESMTP helo=<[127.0.0.1]>

[darkspook]

Thank you for this tutorial.

http://flurdy.com/docs/postfix/

Its about a year since I started following this tutorial.
At first it seems like it will not work coz you will got lots of errors. But after several tailing/testing/telnet I finally built an impregnable mail server. And since then I haven't encounter any problem.

I'm in your debt. Cheers!

[darkspook]

Hey, i'm following your guide,but i'm concerned with the following code in the mysql database section

Code:

CREATE TABLE `users` (
`id` varchar(128) NOT NULL default '',
`name` varchar(128) NOT NULL default '',
`uid` smallint(5) unsigned NOT NULL default '5000',
`gid` smallint(5) unsigned NOT NULL default '5000',
`home` varchar(255) NOT NULL default '/var/spool/mail/virtual',
`maildir` varchar(255) NOT NULL default 'blah/',
`enabled` tinyint(3) unsigned NOT NULL default '1',
`change_password` tinyint(3) unsigned NOT NULL default '1',
`clear` varchar(128) NOT NULL default 'ChangeMe',
`crypt` varchar(128) NOT NULL default 'sdtrusfX0Jj66',
`quota` varchar(255) NOT NULL default '',
`procmailrc` varchar(128) NOT NULL default '',
`spamassassinrc` varchar(128) NOT NULL default '',
PRIMARY KEY  (`id`),
UNIQUE KEY `id` (`id`)
) ;

specifically:

Code:

`clear` varchar(128) NOT NULL default 'ChangeMe',

and

Code:

`maildir` varchar(255) NOT NULL default 'blah/',

What is this blah/ and ChangeMe
Should I change these to something else?

`maildir` varchar(255) NOT NULL default 'blah/',

You have to change blah/ with a proper directory name.

What I did is:
emailadd@example.com - this is my email address
emailadd/ - this is the name of directory.

You have to change it all the time when you create new account/user.

`clear` varchar(128) NOT NULL default 'ChangeMe',

-- I just ignore this, leave it as is.

[theluli]

l have same problem , l am unable to login at squirrelmail
Any one has idea ?

[sprior]

Back in reply# 223 Villu was nice enough to post instructions on getting maildrop to work with Flurdy's guide. I think I've found a minor correction. I'm setting up the mailserver on Ubuntu 12.04.

After I made the maildrop changes I could no longer receive mail which had been working before. I think that in the maildrop line added to master.cf the part at the end:

-d ${recipient}

Only works when the to address of the email matches the userid in the user table - if the to address is redirected by an alias to a different userid I think this would fail.
I changed it to:

-d ${user}

and things stated working again. In my case this was necessary because in my user table I don't use a full email address for the userid, I just use a simple username (I had to made config changes elsewhere to account for this), however this pointed out to me that the previous config wasn't being translated through the aliases table.

[sprior]

Just FYI is anyone is trying to follow the Flurdy guide with Ubuntu 11.* to 12.04, there is one change I noticed that needed to be made to the section on setting up SASL.

In the file:
/etc/postfix/sasl/smtpd.conf

the line:
auxprop_plugin: mysql

needs to be changed to:
auxprop_plugin: sql