Recipe 20.2. Building a POP3 Mail Server
| < Day Day Up > |
20.2.1 ProblemYou want to set up a POP3 mail server nothing fancy, just a basic server for Internet mail for a single domain, with TLS/SSL support for more secure logins. 20.2.2 SolutionHere are the requirements:
Install or upgrade OpenSSL and famd first. Next, remove any installed MTAs and POP/IMAP servers. Look first for Sendmail, as it is still the default on a lot of installations. Go ahead and break dependencies, because Postfix will satisfy them. Then stop any running processes belonging to the old MTA: $ ps ax | grep sendmail root 10204 0.0 0.7 5296 1980 ? S 19:27 0:00 sendmail:accepti $ su # kill 10204 Now install Postfix. If you build from sources, be sure to compile in SASL support. (See the SASL_README in the tarball.) After installing Postfix, make a backup copy of /etc/postfix/main.cf: # cp /etc/postfix/main.cf /etc/postfix/main.cf-oldErase everything in the original, and copy in these lines. Be sure to enter filepaths and host/domain names appropriate for your system: command_directory = /usr/sbin mail_owner = postfix default_privs = nobody # enter your domain name here mydomain = tuxcomputing.com # enter your own fully-qualified domain name here myhostname = windbag.tuxcomputing.com myorigin = $mydomain alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases inet_interfaces = all mydestination = $myhostname, localhost.$mydomain $mydomain mynetworks_style = subnet # very important! Courier must have maildirs, not mbox home_mailbox = Maildir/ mail_spool_directory = /var/mail mtpd_banner = $myhostname ESMTP $mail_name mailbox_size_limit = 0 recipient_delimiter = + Create aliases for root and postmaster in /etc/aliases: # See man 5 aliases for format root:foober@test.net postmaster:root Then create the alias database: # newaliasesand run the built-in syntax checker: # postfix checkSome distributions start Postfix automatically after installation. To start it manually, use the postfix command: # postfix startIf Postfix is already running, restart it: # postfix reload postfix/postfix-script: refreshing the Postfix mail systemThen verify that Postfix is running: $ ps ax | grep postfix 26342 ? Ss 0:00 /usr/lib/postfix/masterNext, verify that the smtp daemon is working: $ telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. 220 windbag.test.net ESMTP Postfix (Libranet/GNU) EHLO windbag.test.net 250-windbag.test.net 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-XVERP 250 8BITMIME ^] telnet> quit Connection closed. Now install Courier-IMAP. To install from RPMs, you'll need courier-imap-common and courier-imap-pop3. If you build from sources, be sure to read 00README.NOW.OR.SUFFER. After installation, generate the POP3 TLS/SSL certificate. First, edit /etc/courier/pop3d.cnf, entering your own site information: [ req_dn ] C=US ST=NM L=Albuquerque O=mailserver OU=Automatically-generated POP3 SSL key CN=Windbag emailAddress=postmaster@tuxcomputing.com Now generate the key: # mkpop3dcert Generating a 1024 bit RSA private key ..........................................++++++..++++++ writing new private key to '/usr/lib/courier/pop3d.pem'----- 1024 semi-random bytes loaded Generating DH parameters, 512 bit long safe prime, generator 2 This is going to take a long time .....+.......+........+............+...+.......................................+.......... ... subject= /C=US/ST=NM/L=Albuquerque/O=Courier Mail Server/OU=Automatically-generated POP3 SSL key/CN=windbag/emailAddress=postmaster@tuxcomputing.com notBefore=May 20 18:08:13 2004 GMT notAfter=May 20 18:08:13 2005 GMT MD5 Fingerprint=D4:A5:53:48:09:65:C4:F0:11:8F:31:9E:FB:9F:EB:8A # Some distributions start Courier automatically after installation. Use these commands to start Courier manually, if necessary: # /etc/init.d/courier-pop3d start # /etc/init.d/courier-pop3d-ssl start Verify the filenames, as they vary on different distributions. Now you have a fully functioning POP3 mail server. 20.2.3 DiscussionThe various Linux distributions customize Postfix and Courier in their own weird little ways, so be sure to verify filepaths and filenames. If you're used to having mail queued in /var/spool, you're going to find that Courier is different. The mail queues are in each user's home directory: # ls /home/foober Desktop Maildir # ls /home/foober/Maildir courierimapkeywords courierimapuiddb cur tmp courierimapsubscribed courierpop3dsizelist new New mail sits in /Maildir/new until the user retrieves it. This is configured in Postfix, in main.cf: home_mailbox = Maildir/ A POP3 mail server can be any old Pentium, or even a 486. It's best to put a mail server on its own dedicated box. A mail server must be exposed to untrusted networks, so anything on the same machine is exposed to some risk. Also, because this configuration of Postfix uses system passwords, giving it its own box means that email accounts will have their own separate passwords. You don't want users to have the same passwords for email as for logging into their workstations or LANs, because that's a big security hole. When you generate the Courier SSL certificate, it is self-signed, which means no "trusted" third party vouches for the authenticity of your certificate. This is perfectly okay for most uses. If you think you need a genuine, signed, commercially generated SSL certificate from a vendor such as VeriSign or Thawte, it will cost you several hundred dollars per year. An alternative is to check with your ISP or web host to see if they offer lower-cost shared certificates. 20.2.4 See Also
|
| < Day Day Up > |
