Tuesday, September 7, 2010

Email Services : Linux Ubuntu Server 10.04 Chapter 5

The process of getting an email from one person to another over a network or the Internet involves many systems working together. Each of these systems must be correctly configured for the process to work. The sender uses a Mail User Agent (MUA), or email client, to send the message through one or more Mail Transfer Agents (MTA), the last of which will hand it off to a Mail Delivery Agent (MDA)
for delivery to the recipient's mailbox, from which it will be retrieved by the recipient's email client, usually via a POP3 or IMAP server.


1. POSTFIX
Postfix is the default Mail Transfer Agent (MTA) in Ubuntu. It attempts to be fast and easy to administer and secure. It is compatible with the MTA sendmail. This section explains how to install and configure postfix. It also explains how to set it up as an SMTP server using a secure connection(for sending emails securely).
To install postfix run the following command:
yoyok@yoyok-server:~$ sudo apt-get install postfix

To configure postfix, run the following command:
yoyok@yoyok-server:~$ sudo dpkg-reconfigure postfix
The user interface will be displayed. On each screen, select the following values:
• Internet Site
• mail.example.com
• steve
• mail.example.com, localhost.localdomain, localhost
• No
• 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24
• 0
• +
• all

By default Postfix will use mbox for the mailbox format. Rather than editing the configuration file directly, you can use the postconf command to configure all postfix parameters. The configuration parameters will be stored in /etc/postfix/main.cf file. Later if you wish to re-configure a particular parameter, you can either run the command or change it manually in the file.
To configure the mailbox format for Maildir:
sudo postconf -e 'home_mailbox = Maildir/'

SMTP Authentication
SMTP-AUTH allows a client to identify itself through an authentication mechanism (SASL).
Transport Layer Security (TLS) should be used to encrypt the authentication process. Once authenticated the SMTP server will allow the client to relay mail.
1. Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_sasl_type = dovecot'
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_sasl_path = private/auth-client'
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_sasl_local_domain ='
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
yoyok@yoyok-server:~$ sudo postconf -e 'broken_sasl_auth_clients = yes'
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_sasl_auth_enable = yes'
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_sudo postconf -e 'inet_interfaces = all'


yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_tls_auth_only = no'
yoyok@yoyok-server:~$ sudo postconf -e 'smtp_use_tls = yes'
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_use_tls = yes'
yoyok@yoyok-server:~$ sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_tls_loglevel = 1'
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_tls_received_header = yes'
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
yoyok@yoyok-server:~$ sudo postconf -e 'tls_random_source = dev:/dev/urandom'
yoyok@yoyok-server:~$ sudo postconf -e 'myhostname = mail.example.com'
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'


The postfix initial configuration is complete. Run the following command to restart the postfix daemon:
yoyok@yoyok-server:~$ sudo /etc/init.d/postfix restart
To see if SMTP-AUTH and TLS work properly, run the following command:
telnet mail.example.com 25
After you have established the connection to the postfix mail server, type:
ehlo mail.example.com
If you see the following lines among others, then everything is working perfectly. Type quit to exit.
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME

No comments:

Post a Comment