Email Services | SUSE LINUX Enterprise Server 9 Administrators Handbook

If you are familiar with any one of the Unix distributions, such as SunOS or BSD, you will know about Sendmail (http://www.sendmail.org), the de facto email application for Unix platforms for so many years. Sendmail has been ported to many non-Unix operating systems, including OpenVMS, Windows, and Macintosh OS X. However, this is not to say that Sendmail is ideal software because it is fairly complicated to implement correctly and configure. It relies on obscure syntax invoked in text-based configuration files that are run through a macro processor. It's also closely tied to Unix conventions and standards, necessitating a significant knowledge base in both.

TIP

If you plan on tackling Sendmail, you'll want to make sure you have a good resource for installing and configuring the server. The sendmail book (ISBN 1-56592-222-0) from O'Reilly & Associates, coauthored by Sendmail developer Eric Allman, is considered to be the definitive guide on the subject.

SLES 9 ships with several mail servers, among them Sendmail and Postfix. Developed by Dr. Wietse Venema of IBM's Thomas J. Watson Research Center (Yorktown Heights, New York), Postfix attempts to be a fast, easy-to- administer, and secure replacement for Sendmail. SLES 9 installs Postfix by default, even for a base system configuration. Therefore, the discussion in this section is about Postfix.

NOTE

Two other favored email server software packages (commonly referred to as Message Transfer Agents or MTAs) among the Linux/Unix community are Qmail (http://www.qmail.org) and Exim (http://www.exim.org). However, they are not included with SLES.

WARNING

The Postfix package conflicts with those of Sendmail and Exim. Therefore, if you have Postfix installed, it must first be uninstalled before installing Sendmail or Exim. (If you install, for instance, Sendmail via YaST, the dependencies check will warn you of the conflict and permit you to specify a resolution action.)

One of the best things about Postfix is that it can be set up quickly and easily without sacrificing security. The following steps lead you to a Postfix quick-start:

1.	Install the Postfix package (using YaST or `rpm`) if it is not already installed. You can find it on your SLES CD1 or download the latest version from http://www.postfix.org. NOTE If you are installing Postfix from the source tarball, you should be aware that the `INSTALL` file and many of the `readme` files (in the `README FILES` directory) use backspace characters to emulate bold text. Depending on your terminal's setting, you may see text similar to `P^Hpo^Gos^Hst^Htf^Hfi^Hix^Hx` instead of `Postfix`, and so on. You will definitely see these characters if you open the file in a text editor, such as `vi`. Instead, you can point your browser to the `html` directory for the HTML version of the same files.
2.	Open `/etc/postfix/main.cf` with a text editor and set the parameter `myhostname` to the fully qualified domain name (FQDN, in DNS-speak, which is your server's hostname plus the domain name) of your host, as shown in this example: myhostname = Athena.UniversalExport.CA NOTE The `main.cf` file provides a decent amount of documentation, and often you only need to read the description to get an understanding of the configuration parameter. But if you need more information, a full set of documentation is located in `/usr/share/doc/packages/postfix`. When you are adding or modifying a parameter, first scroll to the end of the file to see whether it is already defined there. The installation procedure puts many of the default settings there instead of spreading them throughout the file.
3.	Set the parameter `myorigin` to the name of your domain because it specifies the domain that locally posted mail appears to come from. Enter the following line verbatim: myorigin = $mydomain where `$mydomain` contains the value of `myhostname` minus the first component, which will be `UniversalExport.ca` in our example here. If not defined, `myhostname` will be used instead.
4.	Set the parameter `mydestination` as follows (enter this line verbatim): mydestination = $myhostname, localhost.$mydomain, $mydomain This line specifies a list of domains for which this server considers itself the final destination; that is, it will not relay mail addresses to those domains elsewhere.
5.	Unless your mail server is a top-level server with access to the Internet, you will want to set the `relayhost` parameter to point to an appropriate mail relay. The relay is typically the next one up the chain toward getting out to the Internet. You can use either an IP address or DNS name, but using an IP address is safer in the case of a DNS outage. A typical format would look like this: relayhost = 10.0.0.1 There is no default for this parameter. CAUTION You should do some careful planning prior to using the relay features of any MTA. For instance, to reduce email spam, most MTAs have restrictions on whom they will relay mail for.
6.	Save and close `main.cf`.
7.	Edit or create `/etc/aliases` with a text editor and add these lines: root: peter postmaster: root mailer-daemon: postmaster The last two entries redirect mail destined for both mailer-daemon and postmaster and forward it to root. You can optionally redirect root's mail to an unprivileged account. TIP RFC 2142 specifies a list of standard email addresses that should be implemented; some of them are abuse, hostmaster, and security. You should add these to your `/etc/aliases` file and redirect the email to the appropriate party. In addition, any system accounts found in `/etc/passwd` should have their email redirected to root for security purposes.
8.	After updating the aliases file, execute the command `/usr/sbin/postalias hash:/etc/aliases` to update the Postfix alias database.
9.	Start the Postfix daemon using either the command `/etc/init.d/postfix start` or `/sbin/rcpostfix start`.

NOTE

Notice that the rc version of /etc/init.d/postfix is located in /sbin and not in /usr/sbin, like many other packages.

In nine simple steps, you have installed, configured, and started the Postfix SMTP services for your SLES server and its local name domain. Your users can use it to send mail locally as well as out to the Internet. However, for inbound SMTP mail, you need to configure your DNS server to point your domain's MX record to this server. (See the "Network Name Services" section later in this chapter for details on how to do this.) It is a good idea to configure a valid "MX" record for your mail server so that your users can receive any bounced or undeliverable messages.

CAUTION

The preceding procedure is just enough to get Postfix working, but it probably isn't enough to secure this package fully, especially if you are connected to the Internet. Therefore, it behooves you to spend some time going over the various Postfix features, such as configuring access control for mail relaying, content inspection and "graylisting" for general spam and virus detection, TLS encryption and authentication, and address verification, in the Postfix documentation.

TIP

SpamAssassin (http://spamassassin.apache.org) is one of the most popular antispam packages available. You can find step-by-step instructions on how to get Postfix to use both SpamAssassin and Anomy Sanitizer (a virus blocking system) at http://advosys.ca/papers/postfix-filtering.html.

To set up Postfix to run automatically on server bootup, use the insserv command as follows:

 Athena:/home/admin # /sbin/insserv /etc/init.d/postfix

NOTE

To configure Postfix using YaST, make sure the yast2-mail, yast2-mail-aliases, and yast2-mail-server packages are installed. Also, you need to first enable the LDAP Support Active option in the YaST DNS Server module.

TIP

You can test your Postfix configuration using one of the included email clients, such as KMail or even mail (from a terminal session). For KMail, create an Outgoing account under the Network configuration, specify SMTP as the transport type, and use localhost for the hostname. If you use mail, no special configuration is required. To send a message using mail, simply use mail username, and you will be prompted for additional information, such as subject.

Telnet is often used to test mail servers (or other types of services, such as HTTP). The following illustrates how you can send a simple email message using Telnet:

 # telnet athena 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 Athena.UniversalExport.ca ESMTP Postfix EHLO ws1.UniversalExport.ca 250-Athena.UniversalExport.ca 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250 8BITMIME MAIL FROM: root 250 Ok RCPT TO: root 250 Ok DATA 354 End data with <CR><LF>.<CR><LF> TO: root, tasha FROM: root, tasha SUBJECT: Test mail via telnet This is a test mail sent via telnet. . 250 Ok: queued as 9C71D25D72 quit 221 Bye Connection closed by foreign host.

The resulting message as viewed using the mail program looks like this:

 From root@Athena.UniversalExport.ca  Mon Mar 14 06:28:52 2005 Return-Path: <root@Athena.UniversalExport.ca> X-Original-To: root Delivered-To: root@Athena.UniversalExport.ca Received: from ws1.UniversalExport.ca (localhost [10.20.4.1])  by Athena.UniversalExport.ca (Postfix) with ESMTP id 9C71D25D72  for <root>; Mon, 14 Mar 2005 06:28:19 -0500 (EST) To: root@Athena.UniversalExport.ca, tasha@Athena.UniversalExport.ca From: root@Athena.UniversalExport.ca, tasha@Athena.UniversalExport.ca SUBJECT: Test mail via telnet Message-Id: <20050314112819.9C71D25D72@Athena. UniversalExport.ca> Date: Mon, 14 Mar 2005 06:28:19 -0500 (EST) Status: RO This is a test mail sent via telnet.

One of the most common routes for (software) virus "distribution" is via email. Included with SLES 9 are AMaVIS (A Mail Virus Scanner, http://amavis.sourceforge.net) and AVMailGate (http://www.hbedv.com) to help you protect your system. The packages are called amavisd-new and avmailgate, respectively, on the SLES media and are automatically installed when you install Postfix. Note that AMaVIS requires you to have a virus scanner already installed; refer to /usr/share/doc/packages/amavisd-new for more details.

The following are some examples of commercial antivirus solutions that may meet your requirements:

BitDefender for Postfix (http://www.bitdefender.com)
Sophos Anti-Virus for Linux (http://www.sophos.com)
Kaspersky Anti-Virus Business Optimal (http://www.kaspersky.com)
F-Prot Antivirus for Linux (http://www.f-prot.com)