View previous topic :: View next topic |
Author |
Message |
patrix_neo Guru


Joined: 08 Jan 2004 Posts: 519 Location: The Maldives
|
Posted: Wed May 12, 2004 12:50 pm Post subject: HOWTO: Sendmail and pop3 with procmail |
|
|
How I made my gentoo-server act like a true mailserver
This wont be a deep article, but a quick "refcard" on how you can setup a sendmail and pop3-server.
I started with successfully compile the sendmail package:
USE settings and emerge:
Code: |
USE="-X -qt -pdflib -gtk -gnome php mysql apache2 proftpd sendmail xml2 mbox sasl distcc" emerge sendmail |
This made the sasl-library to compile allso, among other stuffs. So it may take a while. I am lucky to follow a guide on www.gentoo.org about setting up the distccd package so I could use my other computer's cpu as well. It did help alot when the CPU-fan was broken, and I had to strangle the MHz for the CPU in BIOS. So! After that was gone, I mangled a sendmail.mc that have the following layout:
/etc/mail/sendmail.mc
Code: |
divert(-1)
#
# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
divert(0)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
define(`confDEF_USER_ID',``8:12'')dnl
VERSIONID(`$Id: sendmail-procmail.mc,v 1.1 2003/04/24 21:18:58 avenj Exp $')dnl
OSTYPE(linux)dnl
undefine(`UUCP_RELAY')dnl
undefine(`BITNET_RELAY')dnl
define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT',`1m')dnl
define(`confTRY_NULL_MX_LIST',`true')dnl
define(`confDONT_PROBE_INTERFACES',`true')dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS',`/etc/mail/aliases')dnl
define(`STATUS_FILE',`/etc/mail/statistics')dnl
define(`UUCP_MAILER_MAX',`20000000')dnl
define(`confUSERDB_SPEC',`/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAG',`authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS',`A')dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(`local_procmail',`/usr/bin/procmail')
FEATURE(`access_db',`hash -o /etc/mail/access.db')dnl
FEATURE('blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
FEATURE(`accept_unresolvable_domains')dnl
MAILER(smtp)dnl
MAILER(`procmail')
Cwlocalhost.localdomain
Cwmailhost.lanhostname **OBS!! Your PC **
|
Don't know if Cwmailhost.lanhostname (=CwYOUR_$HOST)is needed here. If someone can clarify this for me I would be pleased.
Run this file through the m4-utility that came with sendmail, or do as I did, use webmin for this. I dont know exactly how to do these files without the 'gui' of Webmin.
I have to confess that the gentoo-package for queueing the mails are a bit messy when it comes to restrictions, and group bellongings. We will discuss this particular matter next... Next: Sendmail Options>>
Make very sure that you have the group smmsp to all your users that wanna mail, just in case. I have not tried without. Anyways, these are the catalogues/folders and binary settings I have working:
drwxr-xr-x 2 smmsp smmsp 72 Apr 21 15:58 /var/spool/clientmqueue
drwxr-xr-x 2 root smmsp 72 Apr 21 16:11 /var/spool/mail
drwxr-xr-x 2 root smmsp 72 Apr 21 18:47 /var/spool/mqueue
And the binary settings for /usr/bin/procmail:
-r-xr-sr-x 1 root smmsp 633396 Apr 21 15:52 /usr/sbin/sendmail
To set bits & owners in binaries and folders, use chmod for bits, and chown for owner-rights. An example is:
Code: | chown root.smmsp /usr/sbin/sendmail |
Another for chmod is:
Code: | chmod ugo+r /usr/sbin/sendmail +[-r--r--r--] |
make sure user smmsp is part of group mail:
Code: | usermod -U smmsp -G users,mail |
There. Now I hope we are all set with sendmail so far. We still have one little thing to think about. That is the sendmail main configuration. How often will it queue, what's the restrictions, who can and cannot mail, relaying, aliases, etc. This is what I have for settings in webmin - sendmail::moduleconfig
Sendmail - module configuration: /etc/mail/submit.mc
Code: |
Seconds to wait for refreshing the mailqueue: 30
*Mailmessages to display per page: 20
*Width to wrap mail messages at: 80
Sort tables by: Order in file
Send mail via connection to: sendmail executable
When reading mail start at: Latest
Wrapping mode in mail textarea: Default
Keep track of read/unread emails: No
Show To: address in mailboxes?: Yes
*Maxiumum number of records to show in tables: 200
*Show buttons at top for: Mailboxes & mails
*Headers to show in mail queue: Date,From,To,Size,Status
Sort mailbox list by: Mailbox size
Sort mail queue by: Queue ID
Show size of mail queue on main page?: Yes
Minimum mail file size to index: 1000000
Confirm before deleting messages?: Yes
Full path to sendmail.cf: /etc/mail/sendmail.cf
Sendmail M4 base directory: /usr/share/sendmail-cf
Full path to M4 config file: /etc/mail/sendmail.mc
Full path to sendmail pid file: /var/run/sendmail.pid
Command to start sendmail in server mode: /etc/init.d/sendmail start
Command to stop sendmail: /etc/init.d/sendmail stop
Makemap comand: /usr/bin/makemap
Sendmail command: /usr/lib/sendmail
Full path to sendmail aliases file: automatic
Source file for virtusers database: Same as DBM
Source file for mailertable database: ame as DBM
Source file for generics database: Same as DBM
Source file for the access database: Same as DBM
Source file for the domains database: Same as DBM
User mail file location: File under home directory
Mail file in home directory: mbox
Mail file directory style: mail/username
SMRSH directory: /etc/smrsh **
Extra mail queue directories: /var/spool/clientmqueue
|
* = Webmin's own option
** = A directory YOU have to make.
Sendmail - Options section
Code: |
Send outgoing mail via host: Deliver directly
Forward unqualified usernames to host: Deliver directly
Forward mail for local users to host: Deliver directly
Delivery mode: Background
SMTP port options: Name=MTA
Max load average for sending: Default
Max child processes: Default
Min time before retrying send: Default
Max load average for receiving: Default
Max connections / second: Default
Maximum queue size: Default
Time before sending warning: 4h
Time before giving up: 5d
Mail queue directory: /var/spool/mqueue
Send error messages to: Postmaster
Forward messages with quoting?: Yes
User forward files: $z/.forward.$w:$z/.forward
Min free disk space: 100 [blocks]
Max message size: Default
Log level: 9
MIME-encode bounce messages?: Yes
Accept mail for users' real names?: Yes
Maximum mail hop count: Default
File security options: Default |
There is som other files to make/configure too. Like alias, virtusertable, local-host-names, access, etc, etc. But those I did in webmin as well, so how to 'hash' those files into .cf files (a macro format), you have to figure out on your own, sorry.
Mailalias (/etc/mail/aliases): one entity per mailer/server-user:
Code: |
userlogin_name: userlogin_name@myhost.ispdomain.net
|
Access-policy: /etc/mail/access:
Code: |
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY |
/etc/mail/local-host-names (no hash needed):
Code: |
myhost.ispdomain.net
myweb.dyndns.org
overlord
localhost.localdomain
localhost |
All names my sendmail-server host is known by.
/etc/mail/trusted-users: (No hash needed)
Code: | root
daemon
uucp
userlogin_name
userlogin_name2
,,,
userlogin_name[n+2] |
virtusertable:
Code: | userlogin_name@myhost.ispdomain.net userlogin_name |
You can also choose to hash them in webmin by enter the right module and press save.
Now your sendmail is ready to rock. Try /etc/init.d/sendmail start. If everything is ok: rc-update add sendmail default
Next up is how to make external mailclients to work with sendmail: Procmail ->>
Now sendmail is queueing all incomming mails to /var/spool/mqueue. And here comes procmail in to action! Procmail will redirect mails for users to their own mailfiles - mbox and from. These you can direct either to /var/spool/mail/user/ or $HOME/.
I prefere to set them in $HOME/.
Emerge procmail if you dont have it. Just make sure procmail is built for mailfolders [USE="mbox"].:
Code: | USE="mbox" emerge procmail |
When you are well done and set. sendmail will execute procmail each time the queue is flushed to /var/spool/mqueue. (set by option sendmail -q[Xnumberof][min/hours/seconds]). You will have to define two files for procmail: /etc/procmailrc and $HOME/.procmailrc
The .procmailrc have to be executeable for that user.(chmod u+x $HOME/.procmailrc)
[/b]/etc/procmailrc:
Code: |
DEFAULT=$HOME/.maildir #-- redirects fron mqueue |
[b]$HOME/.procmailrc:
Code: | #!/bin/sh invokes sh
PATH=/bin:/usr/bin:/usr/sbin #-- Set paths for procmail
MAILDIR=$HOME #-- Parameter to use
DEFAULT=$MAILDIR/mbox #-- actual mailfile
LOGFILE=$MAILDIR/from #-- Sent from headers |
The only thing left to do is setting up a pop3 server for your mailclients to connect to and recieving their emails with. This is done through a combination of letting the pop3-server run through xinetd. So we need both xinetd and pop3 programs.
Setting up your pop3-server
You need to emerge xinetd _first_! Watch out for versions 2.3.12 and 2.3.13.Install it by:
Code: | emerge =sys-apps/xinetd-your.version.nr |
No USE vars needed this time. Now you will have a new etc-config file (/etc/xinetd.conf) and a new etc-cat (/etc/xinetd.d). xinetd will serve us well later. We let it be for a while, as we get in to the actual pop-ings. You do that part by emerge:
Code: | USE="mbox ssl" emerge uw-imap |
Now you have new files under /etc/xinetd.d/ , namely ipop3, imap, pop3 etc.
What else is needed is making your /etc/pam.d/pop modified to work. My look like this:
/etc/pam.d/pop:
Code: | #%PAM-1.0
# $Header: /home/cvsroot/gentoo-x86/net-mail/uw-imap/files/uw-imap.pam-system-auth,v 1.1 2002/06/07 02:01:38 woodchip Exp $
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth |
Your emerged ipop3 file should look something like this:
/etc/xinetd.conf:
Code: | defaults{
instances = 60
cps = 25 30
log_type = FILE /var/log/xinetd 500000
log_on_success = HOST PID
log_on_failure = HOST
}
includedir /etc/xinetd.d |
/etc/xinetd.d/ipop3:
Code: | service pop-3{
disable = no
log_on_success += USERID
log_on_failure += USERID
socket_type = stream
protocol = tcp
user = root [b] (create a shell-less non-root user?) [/b]
server = /usr/sbin/ipop3d
wait = no
} |
now you can start the xinetd service and include it to the boot-up process by:
Code: | /etc/init.d/xinetd start && rc-update add xinetd default |
user=root may not be the securest. Try start it with another user without a shellaccount if you can.
Now all _should_ be set and done. Try it out by mailing and receiveing a mail to your self. I have my $ISP_HOSTNAME as mailserver info and it works fine. I havent tried the SSL-options. But just may do that in the future.
Any errors or other abnormalities encountered is appreciated that you report here or by sending me an email: patrich([at])loke.shacknet([dot])nu
Happy mailing!
Patrich Björklund 2004-04-25
Updated: 2004-11-05: Syntax errors +spellcheck.
Updated: 2004-05-12: New in gentoo-Documentation, Tips & Tricks
Updated: 2004-05-13:Option for Sort mailbox by parameter not set.[/b] _________________ Life is a fog where some thinks to know where to go
To make an error is human, letting it be is the error.
Deus Vult |
|
Back to top |
|
 |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|