LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 04-07-2008, 06:49 AM   #1
<Ol>Origy
Member
 
Registered: Aug 2003
Location: Slovenia
Distribution: Arch, Debian, Embedded
Posts: 136

Rep: Reputation: 15
Linux email server considerations


I've recently set up a forum on my LAMP webserver and now I need something that I can use to send and receive email. The forum should also be able to use this SMTP to send emails. I have a static IP and a domain, which we will call "mydomain.com" for now. All email sent by the forum should appear to be from "info@mydomain.com". This is configurable in the forum settings, but I'd also like to have an inbox for this address, should someone decide to reply.

Since setting up a mail server is rather a new topic to me, I thought I'd first consider the possibilities and later ask some technical questions, however, I do need some suggestions here.

Thanks in advance.
 
Old 04-07-2008, 07:45 AM   #2
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 4&5, Fedora 10, CentOS 5.4, IPCop
Posts: 569

Rep: Reputation: 55
You have two common choices - sendmail and postfix. I've installed both, and now only recommend postfix. Postfix is just so much easier to configure and maintain. Sendmail has many fans, and to them I tip my hat. It is too much like hard work for me.
 
Old 04-07-2008, 08:40 AM   #3
<Ol>Origy
Member
 
Registered: Aug 2003
Location: Slovenia
Distribution: Arch, Debian, Embedded
Posts: 136

Original Poster
Rep: Reputation: 15
Yeah, postfix was my primary choice. The fact is I've already installed it, but I'm currently stuck at its configuration. I do have some technical questions about postfix and stuff, but I'll ask those a bit later.

Suppose I wish to access my mail server by using a webmail (eg. mail.mydomain.com, port 80). I figured this should be easy to set up since I'm already running LAMP. The question I have is what software packages do I have to install and configure to run webmail along with postfix?

Regards
 
Old 04-07-2008, 08:43 AM   #4
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 4&5, Fedora 10, CentOS 5.4, IPCop
Posts: 569

Rep: Reputation: 55
I use squirrelmail, but there are others. The interface is usually found at http://www.yourdomain.com/webmail.

What problems have you got with Postfix?
 
Old 04-07-2008, 09:14 AM   #5
<Ol>Origy
Member
 
Registered: Aug 2003
Location: Slovenia
Distribution: Arch, Debian, Embedded
Posts: 136

Original Poster
Rep: Reputation: 15
I don't actually have any problems with postfix *yet*, I'm rather unsure how to properly configure it. I was going to make a new thread about this, but probably won't hurt to ask in here. I do have some rather newbie questions. Let me brainstorm them...
  • Could you list a few webmail clients for me?
  • The webmail and the applications on the server will be the only things to use the email service. Should I be worried about security? Do I need to setup sasl?
  • I take it I have to open port 25 to receive mail from internet. If true, then anyone will be able to telnet to that port and freely do all kinds of stuff. How do I prevent that?
  • Are courier-imap/pop needed to access the mail via webmail?
  • I've noticed postfix will automatically drop any email into /home/(username)/maildir. So technically someone can write mails to any linux user by specifying his name in the email like (username)@mydomain.com. Is there a way I can limit this to only certain users that I handpick? How?

There, I hope those aren't too much fuzz to answer.

Regards
 
Old 04-07-2008, 10:20 AM   #6
3rods
Member
 
Registered: Mar 2008
Posts: 70

Rep: Reputation: 16
Quote:
Originally Posted by <Ol>Origy View Post
I don't actually have any problems with postfix *yet*, I'm rather unsure how to properly configure it. I was going to make a new thread about this, but probably won't hurt to ask in here. I do have some rather newbie questions. Let me brainstorm them...
  • Could you list a few webmail clients for me?
  • The webmail and the applications on the server will be the only things to use the email service. Should I be worried about security? Do I need to setup sasl?
  • I take it I have to open port 25 to receive mail from internet. If true, then anyone will be able to telnet to that port and freely do all kinds of stuff. How do I prevent that?
  • Are courier-imap/pop needed to access the mail via webmail?
  • I've noticed postfix will automatically drop any email into /home/(username)/maildir. So technically someone can write mails to any linux user by specifying his name in the email like (username)@mydomain.com. Is there a way I can limit this to only certain users that I handpick? How?

There, I hope those aren't too much fuzz to answer.

Regards
Web email clients: Squirrelmail (I like best), Horde and Neomail

Security: You should look in to a self-signed SSL cert if you don't want to shell out the $20 to buy one and you're concerned. I buy the $20/year one because I like it being recognized in my mail clients (Thunderbird/Outlook) without hassle. There is a company that offers SSL certs for free, but the name escapes me at the moment.

Port 25: Yes, you'll have to use port 25 for mail, but chances are your ISP will block mail traffic out of the network or you'll need to connect to another server that sends mail for the network (aka smarthost). If you have this issue (like on comcast's network) just use their SMTP server. You shouldn't need a user/pass to send mail through it because your IP will be recognized as coming from inside the network. (This is what I do for my home server)

Courier: Yes, you'll need to setup courier or something for your webmail to connect to.

Email Routing: You should be able to control this with the valiases file (/etc/valiases/whateverdomain.com) If you don't want to recieve mail for a user you can set it to fail (and bounce) or /dev/null and go to never-never land. (I'm sure there is a better way, but this is all I know.)

Take these with a grain of salt; I'm a n00b at this too.

BTW, I use exim instead of sendmail and it works ok. The config is pretty easy.
 
Old 04-07-2008, 12:22 PM   #7
<Ol>Origy
Member
 
Registered: Aug 2003
Location: Slovenia
Distribution: Arch, Debian, Embedded
Posts: 136

Original Poster
Rep: Reputation: 15
Webmail clients:
Found a nice page that lists some of the webmail clients. I will compare their features in the future, but I'll probably go for Squirrelmail anyhow.
http://en.wikipedia.org/wiki/Compari...e-mail_clients

Security:
Your suggestion about certificates makes sense. I've read part of some tutorial about setting up sasl for postfix and making a certificate with OpenSSL (ssl command), but that's as far as I got. I'm afraid I don't quite understand the concept of sasl. Where exactly is sasl used. Like is it used when my board (on localhost) connects to the mail service via SMTP (on localhost), or when my mail service (MTA) on mydomain.com connects with another MTA such as gmail?

Port 25:
My ISP does not seem to block this port. I have successfully configured postfix to send/receive mail. I was able to receive an email sent by my gmail account as well as send an email back by using the board mail. However, for some reason gmail decided to put this email into spambox.

Courier: Huh? Are you serious about this? I always thought imap/pop were only necessary when using MUA's (Thunderbird, Outlook). I do not plan to use those, a webmail should suffice.

Routing:I'm not sure if this solution is a proper one. It effectively means that an admin will always have to make new aliases when a new user account appears on the system. I was hoping for something like allow/deny table eg. allow (username), deny everything else.

regards
 
Old 04-07-2008, 01:27 PM   #8
3rods
Member
 
Registered: Mar 2008
Posts: 70

Rep: Reputation: 16
Security:
The SSL is used between the server and client. (i.e. mail.yourdomain.com and thunderbird). I don't think there is anyway to use it to send email to other servers; in theroy, these servers would have to support the protocol to accept mail. This is why PGP exists to encrypt messages. I needed a SSL cert to connect to send mail (exim) and recieve mail (courier). Both services needed to know where the key and the crt file were to serve SSL/TLS connections.

Port 25:
Gmail marked it as spam because your IP is blacklisted (or grey-listed or whatever). Gmail can tell if your IP is within a certain block, like IP's that are issued for home use from you ISP. A lot of spam gets sent this way, so most mailservers mark it as spam since it's not a "real/known" email server.

Courier: I could be wrong, but I'm pretty sure squirrelmail (and other webmail apps) need to connect to a server just like any other MUA. Of course, I've really only used Squirrelmail. Hoarde or something could be different.

From Squirrelmail's site:
Quote:
There are only two requirements for SquirrelMail:

A web server with PHP installed. PHP needs to be at least 4.1.0.
Access to an IMAP server which supports IMAP 4 rev 1.
Looks like you need IMAP for squirrelmail.

Routing: If you have alias emails, then this is usually controled at the mailserver level (courier will do this, but I forget where the config is). But even if you have an alias, there is a "real" user on the server the account is tied to. So, Rick might be a "real" user on the server and have his own directory (/home/rick/mail). Rick's email is rick@home.net. Rick could have a virtual user under him - Bobby. His email is bobby@home.net, but Bobby doesn't have a shell account. Bobby's email is actually stored under Rick's home directory.

Like this:

Code:
rick@home.net [~/mail]# ls -l
total 1944
drwxrwx---  14 rick rick   4096 Feb 13 15:23 ./
drwx--x--x  32 rick rick   4096 Apr  7 09:42 ../
drwx------   6 rick rick   4096 Jan 14  2007 .Drafts/
drwx------   6 rick rick   4096 Jan 14  2007 .Sent/
drwx------   6 rick rick   4096 Jan 14  2007 .Trash/
lrwxrwxrwx   1 rick rick     14 Feb  7 18:01 .bill\@home_com -> home.net/bill/
lrwxrwxrwx   1 rick rick     15 Nov 25 03:08 .alice\@home_com -> home.net/alice/
lrwxrwxrwx   1 rick rick     14 Nov 25 03:09 .bobby\@home_com -> home.net/bobby/
drwxr-x---  11 rick rick   4096 Feb 13 15:23 home.net/
drwxr-xr-x   2 rick rick   4096 Jan 15  2007 courierimaphieracl/
drwxr-xr-x   2 rick rick   4096 Jan 14  2007 courierimaphieracl_bak/
drwxrwx---   2 rick rick 442368 Apr  7 11:45 courierimapkeywords/
-rw-r--r--   1 rick rick     42 Nov 26 16:27 courierimapsubscribed
-rw-r--r--   1 rick rick 434573 Apr  7 11:35 courierimapuiddb
-rw-r--r--   1 rick rick 182321 Mar 22  2007 courierpop3dsizelist
drwx------   2 rick rick 839680 Apr  7 11:48 cur/
drwx--x---   2 rick rick   4096 Jan 15  2007 mail.home.net/
-rw-------   1 rick rick   1425 Apr  7 11:35 maildirsize
drwx------   2 rick rick  16384 Apr  7 11:35 new/
drwx--x---   2 rick rick   4096 Jan 15  2007 proxy.home.net/
drwx------   2 rick rick   4096 Apr  7 12:21 tmp/
Bill, Bobby and Alice are all virtual users under rick's account. None of them have a shell account on the server. proxy.home.net holds accounts for users with the *@proxy.home.net emails.

When rick logs in to the server, he doesn't really need the "@home.net" as part of his username; bobby, alice and bill will need the "@home.net" part so the server knows where to find the mail. In fact, if there is another domain that points to that server, Rick can recieve mail to it as well (rick@hishouse.org). Rick is a real user, so the server knows that mail is in his home directory. When Rick logs in he can also see everyone else's mail because the folders are under his mail folder and he has permissions to them.


I dunno. Hope that helps some. Cpanel helps me figure out all this, otherwise I'd be pretty lost.
 
Old 04-07-2008, 02:50 PM   #9
<Ol>Origy
Member
 
Registered: Aug 2003
Location: Slovenia
Distribution: Arch, Debian, Embedded
Posts: 136

Original Poster
Rep: Reputation: 15
This definitely clarifies a lot of things.

Security:
Okay. So if I understand correctly, I, technically, do not have to setup sasl because all the things that use this mail service (via SMTP) are also located on the same computer (localhost). And since webmail uses apache, I can easily route it over https.

Still, I'm not quite convinced about port 25 security. When I telnet to my port 25 from outside, it returns this line "220 mydomain.com ESMTP Postfix (Ubuntu)" and then I can enter whatever command I want. I'm a bit worried about this behavior. I mean, shouldn't there be at least some kind username/password before someone can enter commands like that? My personal favorite would be totally disabling telnet access to this port, but still allowing incoming mail.

Courier:
Oh, well. I guess I'm into installing imap then.

Routing:
Yeah, I understand this situation, but I was talking about a bit different scenario.
Suppose there are two shell accounts present. Bill and Bobby. These users both have their own mail accounts on the server. And mister Joe is very happy because he can use his gmail account to email both employees by using their names as part of the email address (billy@mydomain.com and bobby@mydomain.com respectively). However, one day Alice appears in the office for just a few days. She has been given her shell account, but isn't supposed to receive any mail directed to her. Even if mister Joe emails her to alice@mydomain.com, he will get a delivery error, telling him that no such account exists. This is becuse the system is configured to block all mail directed to all users, who are not on the allowed list, regardles whether a shell account with the same name actually exists on the system.

So the question is how do I configure it like that. Let's say I want people to be able to mail me at info@mydomain.com. I also have my account called "origy" on the system, but I don't want any users to be able to email me to origy@mydomain.com. Instead, they should receive the same delivery error. That also goes for all the shell accounts that I get to create in the future. They should be blocked automatically, unless I add them to the allowed list.

Hope I didn't sound too hostile with that
Regards
 
Old 04-07-2008, 04:26 PM   #10
3rods
Member
 
Registered: Mar 2008
Posts: 70

Rep: Reputation: 16
Sorry, the only way I know how to do that is by the /etc/valiases file for that domain. If I wanted info and not origy then I would edit the /etc/valiases/mydomain.com file and put thie in there:

Code:
info@mydomain.com: whateverlocalusername
origy@mydomain.com: :fail: no such user
mike@mydomain.com: mikeylikesit@yahoo.com
*:fail    <--- or could be local user account and be catch-all address.

Emails to info@mydomain.com will get delivered to a local user (whichever one you put there).

Emails to origy@mydomain.com will bounce and reply with a "no such user".

Email to mike@mydomain.com will be forwarded to mikeylikesit@yahoo.com

All other emails to ****@mydomain.com will fail. (No bounce.)


That's the only way I know how to do it. That's all I got.

I think this is what you're looking for, but it's kind of opposite to the way you're thinking.

Last edited by 3rods; 04-07-2008 at 04:27 PM.
 
Old 04-07-2008, 04:33 PM   #11
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 4&5, Fedora 10, CentOS 5.4, IPCop
Posts: 569

Rep: Reputation: 55
You can't enter "any command you like" on port 25. You can only enter SMTP data and if you enter anything else then Postfix will reject it as a bad command. Hacker's can't easily (if at all) take control of your server via port 25. Postfix is a mature product and not prone to many vulnerabilities.

Test it out with your ISP. Use "telnet mail.your.isp.com 25" and see what you can do - not much is the answer. You can send an email, but that's about all. So chill about having port 25 open - it's not like you're running Exchange!!!

For what its worth, I use Postfix, Cyrus-IMAP and SquirrelMail, but I'm thinking of replacing Cyrus with Dovecot.

Last edited by blacky_5251; 04-07-2008 at 04:34 PM.
 
Old 04-08-2008, 03:15 AM   #12
<Ol>Origy
Member
 
Registered: Aug 2003
Location: Slovenia
Distribution: Arch, Debian, Embedded
Posts: 136

Original Poster
Rep: Reputation: 15
blacky_5251: Haha, well perhaps I wasn't being too clear with "any command I want". I meant SMTP commands, yeah. I wasn't quite concerned about hackers actually taking over the server via port 25, I just wanted to disallow random people from telneting to that port and freely using the service. :s
My ISP blocks telnet on their mail server, port 25.

3rods: Interesting, I'll try that out.

Well I've definitely learned a lot in this thread and now I can happily go back to configuring my server with much greater confidence. Thank you both for your time.
 
Old 04-08-2008, 04:43 AM   #13
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 4&5, Fedora 10, CentOS 5.4, IPCop
Posts: 569

Rep: Reputation: 55
There are steps you need to take to protect port 25 from being used as a relay. Specify the "mynetworks" option. This parameter specifies the list of networks that are local to this machine. The list is used by the anti-UCE software to distinguish local clients from strangers. See permit_mynetworks and smtpd_recipient_restrictions in the SMTP configuration.

The default is a list of all networks attached to the machine: a complete class A network (X.0.0.0/8), a complete class B network (X.X.0.0/16), and so on. If you want stricter control, specify a list of network/mask patterns, where the mask specifies the number of bits in the network part of a host address. You can also specify the absolute pathname of a pattern file instead of listing the patterns here.

While port 25 is open, outsiders should only be able to deliver mail to your recipients.

Sorry for the misunderstanding about port 25
 
  


Reply

Tags
email, linux, possibilities, server


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
email system using linux server and ms exchange server tenzan Linux - General 1 12-08-2006 11:47 PM
Migrating Windows Email Server to Linux Server fredidehen Linux - Newbie 3 09-05-2006 10:18 PM
Migrating from Lotus Domino Email Server 6.5 to Linux email Server sailu_mvn Linux - Software 0 08-23-2006 12:04 AM
Email Server for Linux itmike Linux - Software 1 05-16-2005 02:59 PM
Linux email server and some HTTP server questions Steven6282 Linux - General 7 02-19-2003 04:39 PM


All times are GMT -5. The time now is 09:35 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration