Email System Build

From Bottleneck.org

Contents 1 Notes 2 Software Installation 2.1 OS Pre-Requisites 2.2 Dovecot 2.2.1 Build and Install 2.2.2 Configuration 2.2.3 Startup and Shutdown 2.3 Postfix 2.3.1 Build and Install 2.3.2 Configure for Sending 2.3.3 Add listening port 2.3.4 Configure for Receiving 2.3.5 Configure anti-spam measures (MTA) 2.3.6 Remove qmail and update alternatives 2.3.7 Edit startup/shutdown scripts 2.4 Procmail 2.4.1 Build and Install 2.4.2 Integrate with Postfix 2.5 Spam Assassin 2.5.1 Build and Install 2.5.2 Configure 2.5.3 Configure Procmail 2.6 RoundCube 2.6.1 Build and Install 2.6.2 Configuration 2.6.3 Web Alias 3 Bugs 3.1 Outlook 2003 hangs on connection to Dovecot IMAP

Notes

• All software is installed as user _sys
• Tarballs are held in ~_sys/tarballs
• Compiles are performed in ~_sys/compiles
• All software is installed under /opt/local/software-<version> and a symlink /opt/local/software is created to point to the current version.

Software Installation

OS Pre-Requisites

• Install libdb4.4 and development tools

apt-get install libdb4.4 libdb4.4-dev

• Install libpam-dev

apt-get install libpam-dev

Dovecot

Build and Install

• Log in as _sys
• Extract the tarball:

gunzip -c dovecot-1.2.2.tar.gz | tar -xvf -

• Configure

cd dovecot-1.2.2
./configure --prefix=/opt/local/dovecot-1.2.2 --with-pam

• Build and install

make && make install

• Create symlink

cd /opt/local
ln -s dovecot-1.2.2 dovecot

Configuration

• Create /var/run/dovecot and set permissions, as root:

mkdir /var/run/dovecot
cd /var/run
chown :local dovecot && chmod g+w dovecot

• Create /var/run/dovecot/login as _sys:

cd dovecot
mkdir login

• Create _dovecot user, as a member of a group to which only it has access, as root:

groupadd _dovecot
useradd -c "Dovecot process user" -g _dovecot -s /bin/false _dovecot

• A standard /etc/pam.d/imap should exist, containing the follwing:

#%PAM-1.0

@include common-auth
@include common-account
@include common-session

Create a symlink to this file called pop3

• Edit /opt/local/dovecot/etc/dovecot.conf to reflect the following configuration (from dovecot -n):

# 1.2.2: /opt/local/dovecot-1.2.2/etc/dovecot.conf
# OS: Linux 2.6.9-023stab048.6-enterprise i686 Ubuntu 6.06.1 LTS 
base_dir: /var/run/dovecot/
protocols: imap
ssl: no
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable: /opt/local/dovecot/libexec/dovecot/imap-login
login_user: _dovecot
login_processes_count: 1
login_max_processes_count: 32
max_mail_processes: 64
verbose_proctitle: yes
first_valid_uid: 1000
first_valid_gid: 100
mail_privileged_group: mail
mail_location: mbox:~/Mail:INBOX=/var/mail/%u
mail_executable: /opt/local/dovecot/libexec/dovecot/imap
imap_client_workarounds: delay-newmail netscape-eoh
lda:
  postmaster_address: postmaster@example.com
auth default:
  mechanisms: plain login
  executable: /opt/local/dovecot/libexec/dovecot/dovecot-auth
  worker_max_count: 16
  passdb:
    driver: pam
    args: %Ls
  userdb:
    driver: passwd
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 432
      user: _postfix
      group: _postfix

N.B. Support for SSL will be added later.

Startup and Shutdown

• Create a startup script under /opt/local/init.d/S20dovecot containing:

#!/bin/sh
/opt/local/dovecot/sbin/dovecot

• Create a shutdown script under /opt/local/init.d/K80dovecot containing:

#!/bin/sh
kill `cat /var/run/dovecot/master.pid`

Postfix

Build and Install

• Clean the source tree and configure for a configuration file under /opt/local

make tidy && make -f Makefile.init makefiles CCARGS='-DDEF_CONFIG_DIR=\"/opt/local/postfix\" -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\"dovecot\"'

• Build a basic postfix

make

• Add necessary users and groups

groupadd _postfix
groupadd _postdrop
useradd -c "Postfix process user" -g _postfix -s /bin/false _postfix

• Create installation directories and symlinks as root

cd /opt/local
mkdir postfix-2.6.3
ln -s postfix-2.6.3 postfix

• Install postfix as root

make install

Specify the following:

• install_root: [/] /
• tempdir: [/home/srp/compile/postfix-2.6.3] /tmp
• config_directory: [/opt/local/postfix] /opt/local/postfix
• command_directory: [/usr/sbin] /opt/local/postfix/sbin
• daemon_directory: [/usr/libexec/postfix] /opt/local/postfix/libexec
• data_directory: [/var/lib/postfix] /var/run/postfix
• html_directory: [no] /opt/local/postfix/html
• mail_owner: [postfix] _postfix
• mailq_path: [/usr/bin/mailq] /opt/local/postfix/bin/mailq
• manpage_directory: [/usr/local/man] /opt/local/postfix/man
• newaliases_path: [/usr/bin/newaliases] /opt/local/postfix/bin/newaliases
• queue_directory: [/var/spool/postfix] /var/spool/postfix
• readme_directory: [no] /opt/local/postfix/README
• sendmail_path: [/usr/sbin/sendmail] /opt/local/postfix/sbin/sendmail
• setgid_group: [postdrop] _postdrop

• Create directory /opt/local/postfix/maps/

Configure for Sending

• Edit /opt/local/postfix/main.cf and set the following parameters
  • myorigin = bottleneck.org
  • mynetworks_style = host
  • alias_maps = hash:/opt/local/postfix/maps/aliases
  • alias_database = hash:/opt/local/postfix/maps/aliases
  • smtpd_sasl_auth_enable = yes
  • smtpd_recipient_restrictions =

  permit_mynetworks

  permit_sasl_authenticated

  reject_unauth_destination

  • broken_sasl_auth_clients = yes
  • smtpd_sasl_type = dovecot
  • smtpd_sasl_path = private/auth
• Edit /opt/local/postfix/maps/aliases accoringly, and run /opt/local/postfix/bin/newalises

Add listening port

• Add a listening port on 2525 to circumvent firewalls by editing master.cf and duplicating the "smtp" line accordingly:

smtp      inet  n       -       n       -       -       smtpd
2525      inet  n       -       n       -       -       smtpd

Configure for Receiving

• Set bottleneck.org as a virtual domain by editing these lines in main.cf

virtual_alias_domains = bottleneck.org
virtual_alaias_maps = hash:/opt/local/postfix/maps/virtual

• Edit /opt/local/postfix/maps/virtual accordingly
• Run this command to update the hash map

/opt/local/postfix/sbin/postmap /opt/local/postfix/maps/virtual

• Run this command to reload main.cf

/opt/local/postfix/sbin/postfix reload

Configure anti-spam measures (MTA)

• Edit /opt/local/postfix/main.cf and set the following parameters:
  • smtpd_recipient_restrictions =

    permit_mynetworks

    permit_sasl_authenticated

    reject_unauth_destination

    check_recipient_access hash:/opt/local/postfix/maps/recipient.access

  • smtpd_sender_restrictions =

    check_sender_access hash:/opt/local/postfix/maps/sender.access

    reject_unknown_sender_domain

    reject_non_fqdn_sender

  • header_checks = regexp:/opt/local/postfix/maps/header.checks
  • body_checks = regexp:/opt/local/postfix/maps/body.checks

Remove qmail and update alternatives

• /etc/init.d/qmail stop
• mv /etc/rc2.d/S20qmail /etc/rc2.d/K01qmail
• update-alternatives --install /usr/sbin/sendmail mta /opt/local/postfix/sbin/sendmail 1
• update-alternatives --config mta

Edit startup/shutdown scripts

• Create /opt/local/init.d/S20postfix containing the following:

#!/bin/sh
/opt/local/postfix/sbin/postfix start

• Create /opt/local/init.d/K80postfix containing the following:

 #!/bin/sh
/opt/local/postfix/sbin/postfix stop

Procmail

Build and Install

• Log in as _sys
• Extract the tarball:

gunzip -c procmail-3.22.tar.gz | tar -xvf -

• Edit Makefile

cd procmail-3.22
vi Makefile

• • Set BASENAME to /opt/local/procmail-3.22
  • Set VISIBLE_BASENAME to /opt/local/procmail
• Build and install

make install

• As root, perform suid install

su
make install-suid

• Create symlinks

cd /opt/local
ln -s procmail-3.22 procmail
cd /etc
ln -s /opt/local/procmail/procmailrc procmailrc
touch /opt/local/procmail/procmailrc

Integrate with Postfix

• Log in as root
• Edit /opt/local/postfix/main.cf and add the following line

mailbox_command = /opt/local/procmail/bin/procmail

• Reload postfix

Spam Assassin

Build and Install

• Log in as root
• Install libssl-dev

apt-get install libssl-dev

• Install Mail::SpamAssassin using CPAN:

perl -MCPAN -e shell
cpan> o conf prerequisites_policy ask
cpan> install Mail::SpamAssassin
cpan> quit

(Note, you may also need to install pre-requisite modules when notified of their absence during the install attempt)

• Run sa-update to set up SpamAssassin rules
• Add an sa-update script to /etc/cron.daily

#!/bin/sh
/usr/local/bin/sa-update

Configure

• Edit /etc/mail/spamassassin/bottleneck.cf and add the following line

report_safe 0

Configure Procmail

• Edit /opt/local/procmail/procmailrc and add the following rule

DROPPRIVS=yes

:0fw: spamassassin.lock
* < 1024000
| /usr/local/bin/spamassassin

RoundCube

Build and Install

• Log in as _mysql and create an empty database for Roundcube

CREATE DATABASE bn_roundcube;
CREATE USER bn_roundcube IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON bn_roundcube.* to bn_roundcube;

• Log in as _www and untar the Roundcube tarball to an appropriate place under DocumentRoot

gunzip -c roundcubemail-0.3.1.tar.gz | tar -xvf -

• cd into this directory and import Roundcube schema into this database

/opt/local/mysql/bin/mysql -ubn_roundcube -p bn_roundcube <SQL/mysql.initial.sql

• As root, change permissions on Roundcube directories

chown :apache temp logs && chmod g+w temp logs

Configuration

• Open the Roundcube configuration script in a web browser http://bottleneck.org/roundcubemail-0.3.1/installer/

• Set the following settings
  • product_name = bottleneck.org Webmail
  • temp_dir = temp/
  • ip_check = (not checked)
  • des_key = (default)
  • enable_caching = (not checked)
  • enable_spellcheck = (not checked)
  • spellcheck_engine = (default)
  • identities_level = Many identities with possibility to edit all params
  • debug_level = Log errors
  • log_driver = syslog
  • log_dir = (default)
  • syslog_id = roundcube
  • syslog_facility = mail subsystem
  • Database Type = MySQL
  • Database server = localhost
  • Database name = bn_roundcube
  • Database user = bn_roundcube
  • Database password = (password)
  • default_host = imap.bottleneck.org
  • default_port = 143
  • username_domain = (blank)
  • auto_create_user = (checked)
  • sent_mbox = Sent Items
  • trash_mbox = Deleted Items
  • drafts_mbox = Drafts
  • junk_mbox = Junk E-mail
  • smtp_server = (blank, means use local mail)
  • smtp_port = (default)
  • smtp_user / smtp_pass = (blank)
  • Use the current IMAP username and password for SMTP authentication = (unchecked)
  • smtp_log = (checked)
  • language = (blank, means auto-detect)
  • skin = (default)
  • pagesize = 100
  • prefer_html = (checked)
  • preview_pane = (checked)
  • html_editor = (unchecked)
  • Save Compose Message Every = 1 min
  • mdn_requests = Ask the User
  • mime_param_folding = (default)

• Download the two configuration files and install them under the config/ directory
• Proceed and send a test email/perform a test login
• Delete the "installer" directory completely

Web Alias

• Edit /home/_www/bottleneck/httpd.conf and add a suitable alias for Roundcube

Alias /webmail /home/_www/bottleneck/content/roundcubemail-0.3.1/

• Restart Apache

Bugs

Outlook 2003 hangs on connection to Dovecot IMAP

• Experienced when first installed, tried multiple things, including deprecated outlook-idle parameter, various lock and permissions settings - nothing seemed to help. Then the problem just went away - might yet return (or might have been an Outlook client issue that's fixed now?)