Email Server using Postfix, Dovecot, Squirrelmail, Spamassassin, ClamAV and Amavisd

[nephila]

I noticed a number of people have questions regarding these setups, I'm no expert on email systems or the programs described here, but I do have an email server running on Fedora Core 2 that serves about 30 users and its working quite well so here's what I have learnt in setting up and maintaining that server.

This howto will explain how to go about setting up an email server on Fedora Core 3 using Postfix, Dovecot, Squirrelmail, Spamassassin, ClamAV and Amavisd. I have also done a similar setup on Fedora Core 2. My best advice is to set this up first on a workstation and test it thoroughly before setting up on a server and going live with it!

This howto does not go into much detail, if you are looking for a full explanation of what is going on then read the documentation for each progarm. This is merely a step by step guide to get you up and running. You may use apt / yum to install software. I do not use these programs so these instructions do not include the use of them, feel free to adjust these
instructions as you see fit.

STEPS

* Assume a clean install of fedora core 3.
* Commands run as root.

1. Run System Settings > Add/Remove Applications
Under the Email Server sections select Spamassassin,
Postfix, Squirrelmail and Dovecot then click ok and update the system.

2. Run the command:

Code:

system-switch-mail

and choose postfix as the default MTA.

3. Configure postfix by changing the following in /etc/postfix/main.cf

Code:

myhostname = ~YOUR IP ADDRESS OR DOMAIN NAME~
	myorigin = $mydomain
	inet_interfaces = $myhostname, localhost
	mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
	home_mailbox = Maildir/

4. Start Postfix and Test
Run

Code:

/etc/rc.d/init.d/postfix start

If it doesn't start check /var/log/maillog for specific errors
Run:

Code:

echo "hello" | mail root

Check /root/Maildir/new for a message. You can read the message
with the less command or any text editor you prefer.

5. Configure Dovecot by changing the following in /etc/dovecot.conf

Code:

protocols = imap pop3

6. Start Dovecot and Test
Run

Code:

echo "hello" | mail ~NON ROOT USER~

Run

Code:

/etc/rc.d/init.d/httpd restart

Run

Code:

/etc/rc.d/init.d/dovecot start

Browse http://localhost/webmail
Login with the non root user's username and password
You should have an email with the message "hello"

7. Setup Thunderbird mail to use pop3 and check for email.
Use your IP address as the server and log in using the same
non root user. You should get the same email with the message
"hello".

You now have a usable email system running but you should set up postfix so
that it isn't an open relay by making it require authentication on SMTP
transactions. you also want to setup virus scanners and spam filters, so lets
get to it...

8. Enable SMTP Authentication
8.1 Check that Cyrus SASL is installed
Run as root:

Code:

rpm -qa | grep sasl

You should get:

Code:

            cyrus-sasl-2.1.19-3
            cyrus-sasl-devel-2.1.19-3
            cyrus-sasl-plain-2.1.19-3
            cyrus-sasl-md5-2.1.19-3

there may be a few others, that's ok.
If these are not installed, find the rpms on your distro cdroms and
install them.
8.2 Edit /etc/postfix/main.cf and add the following to the bottom of the file:

Code:

smtpd_sasl_auth_enable = yes
        smtpd_sasl_security_options = noanonymous
        smtpd_sasl_local_domain = $myhostname
        broken_sasl_auth_clients = yes
        smtpd_recipient_restrictions =
           permit_sasl_authenticated,
           check_relay_domains

8.3 Start the saslauthd by running

Code:

/etc/rc.d/init.d/saslauthd start

8.4 Reload postfix by running

Code:

/etc/rc.d/init.d/postfix restart

8.5 Try sending mail to yourself using a pop3 client. You must have
the right settings in your mail client, be sure to use SMTP auth!

Check http://postfix.state-of-mind.de/patr...etter/smtpauth
for more information on this.

9. Install ClamAv from RPM
Run:

Code:

rpm -Uvh clamav-0.83-1.i386.rpm

Finally we install amavisd-new and configure it appropriately.

10. Install Required Programs and Packages
Get the following rpms from
http://dag.wieers.com/packages/
http://dries.studentenweb.org/apt/
http://freshrpms.net/packages/
http://rpmfind.net/linux/RPM/fedora/...4-40.i386.html

arc
cabextract
freeze
lzo
lzop
ncompress
nomarch
unarj
unrar
zoo

perl-Archive-Zip-1.09-0.1.fc3.rf.noarch.rpm
perl-BerkeleyDB-0.26-1.1.fc3.rf.i386.rpm
perl-Convert-BinHex-1.119-1.1.fc3.rf.noarch.rpm
perl-Convert-TNEF-0.17-2.1.fc3.rf.noarch.rpm
perl-Convert-UUlib-1.03-1.1.fc3.rf.i386.rpm
perl-IO-stringy-2.109-1.1.fc3.rf.noarch.rpm
perl-MailTools-1.66-1.1.fc3.rf.noarch.rpm
perl-MIME-tools-5.415-1.1.fc3.test.noarch.rpm
perl-Net-Server-0.86-0.1.fc3.rf.noarch.rpm
perl-TimeDate-1.16-1.1.fc3.rf.noarch.rpm
perl-Unix-Syslog-0.100-0.1.fc3.rf.i386.rpm

Install the Following from the CDROM distros
perl-Archive-Tar-1.08-3.noarch.rpm
perl-Compress-Zlib-1.33-6.i386.rpm

These are all required by amavisd-new

11. Install the amavisd-new rpm
Run:

Code:

rpm -Uvh amavisd-new-2.2.0-3.1.fc3.rf.i386.rpm

12. Test amavisd-new
Run:

Code:

/etc/rc.d/init.d/amavisd start

Run:

Code:

telnet localhost 10024

you should be greeted by amavisd-new.

13. Configure postfix
add the following to /etc/postfix/master.cf at the bottom

Code:

smtp-amavis unix -	-	y/n	-	2  smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes

127.0.0.1:10025 inet n	-	y/n	-	-  smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

test it by doing the following:
Run:

Code:

telnet localhost 10025

you should be greeted by postfix

Run:

Code:

postconf -e 'content_filter=smtp-amavis:[127.0.0.1]:10024'

14. Test
Run:

Code:

echo "hello" | mail ~NON ROOT USER~

check mail for the non root user, you should have recieved mail.

15. Configure ClamAV
Run:

Code:

mkdir /var/run/amavis
    chown amavis /var/run/amavis
    chown amavis /var/run/clamav

Edit /etc/clamd.conf making the following changes:

Code:

LocalSocket /var/run/amavis/clamd.ctl
    #TCPSocket 3310 -- comment this out!!
    User amavis

Run:

Code:

/etc/rc.d/init.d/clamd restart

Check /var/log/maillog and make sure that clamd has no errors

16. Configure Amavisd
Edit /etc/amavisd.conf making the following changes

Code:

$sa_tag_level_deflt  = 0.0; 
    ...
     ['ClamAV-clamd',
       \&ask_daemon, ["CONTSCAN {}\n", "/var/run/amavis/clamd.ctl"],
       qr/\bOK$/, qr/\bFOUND$/,
       qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

restart amavisd:

Code:

/etc/rc.d/init.d/amavisd restart

17. Test again
Run:

Code:

echo "this is a test" | mail ~NON ROOT USER~

log in as the non root user, read the email and view the full
headers, you should see that the message passes through amavisd.


That's all folks! Play around with the configuration settings and tweak it to your tatse!
If I screwed up something somewhere please let me know. Also if you find this helpful let me know too.

[snurckle]

Awesome Post, this helped me alot.

I started with a new install of Fedora Core 3, and for the most part it was easy to do (with the aid of your howto).

I did have a few problems though. When installing clamd, I had to edit my yum.conf file to add [DAG]. I also had to import the keys for the it as well.

You didn't go through any spamassassin setup, just an install.

Thanks for the post, it was VERY HELPFUL.

[nephila]

Glad it helped! A lot of spamassin conf is done through amavis so tweaking that will tweak sa. There's also a lot of doc on the web, the goal of the howto was to get readers up and running! I dont use yum or apt or anything else, so I didn't include any info about that, sorry that you had issues with that.

[sportq]

nephila,

I've followed the guide and everything happens as expected until I get to the stage where the filters are added to /etc/postfix/master.cf (I restart postfix although the procedure doesn't say I should).

When I try this test....

Code:

telnet localhost 10025

I get nothing.

Peter

[snurckle]

were you able to Telnet before? to port 10024?

If so, your problem lies within SpamAssassin/Amavisd-new

Suggest trying the following command.

Code:

service amavisd restart;service spamassassin restart;service postfix restart

additionally, you may want to adjust IPTABLES, you may have the port shut down.

to test to see if your firewall (IPTABLES) is the problem-

Code:

service iptables stop

then try to:

Code:

telnet localhost 10025

turn IPTABLES BACK ON, don't leave yourself open for intruders-

I haven't messed with IPTABLES YET, but you need to add/edit it to open the ports, they are shutdown by default.

There are a few things the original poster forgot to mention about doing this with a clean install of Fedora. But essentially he was right now, you just need to adjust things on your server to allow it to open the 10024/25 ports.

[snurckle]

Quote:

Originally Posted by nephila

Glad it helped! A lot of spamassin conf is done through amavis so tweaking that will tweak sa. There's also a lot of doc on the web, the goal of the howto was to get readers up and running! I dont use yum or apt or anything else, so I didn't include any info about that, sorry that you had issues with that.

This was probably the best HOWTO for this setup I've seen. I went off of it, almost entirely. Deviated a little to set up TLS, but very good.

Thanks for posting it. The only thing I don't like is how amavisd-new and spamassassin talk, but perhaps it's better than spamassassin hogging resources.

Your setup doesn't send ALL email through spamassassin, it does if the email is HTML encoded, and if it's 'suspected' of being SPAM. Perhaps it only adds a header entry if it hits a certain number of points. Not sure what is going on, but I'll research and see if I can adjust it a little.

I receive a log entry about spamassassin to connected, but I suspect this is normal, and spamassassin just doesn't have the control it's used to when running behind amavisd-new. Almost switched to MIME-Defang because of this, but realized spamassassin was doing what it shoud, and backed off.

Thanks again!

[tmdii2005]

Thanks, nephila,

Your post helps me a lot in building my mail server. I started with a new install of Fedora Core 3, and now I have some questons:

1. I can use 'mail' or 'echo' to send mail to myself. But I can't send mail to myself using squirrelmail's webmail page or any pop3 mail client.

2. I can't receive mails from my yahoo or other mail account.

I'm quite a newbie about Fedora. Can you or any one give me some suggestions?

Thanks a lot.

[snurckle]

POP3 and IMAP are ran using dovecot (in this configuration)

First question I have is- Is Dovecot running?

to check-

service dovecot status

If it is running, restart it, and check the /var/log/messages and /var/log/maillog for an error.
Usually dovecot will stop if there is an error. A good thing to do, in troubleshooting a problem is to open up 2 terminal windows, type:

tail -f /var/log/messages
and
tail -f /var/log/maillog (in the other terminal)

service dovecot restart

and see if either on of those kick out an error on the tail -f xxxx

post your error, and I'll try to help more.

Try trying to connect with your POP3 client as well, if there is a problem connecting, the error will show up as well. You may want to look at your firewall, make sure the port for POP3 or IMAP are open to receive your traffic.

[tmdii2005]

dovecot is running ok. I restarted dovecot, and tried to send a mail to myself in webmail, and got some messages like below.

1. for /var/log/messages:

Mar 26 21:47:13 Server dovecot: dovecot shutdown succeeded
Mar 26 21:47:14 Server dovecot: dovecot startup succeeded
Mar 26 21:49:30 Server kernel: audit(1111891770.517:0): avc: denied { read } for pid=5336 exe=/usr/sbin/httpd name=sh dev=hda2 ino=3342445 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:bin_t tclass=lnk_file

2. for /var/log/maillog:

Mar 26 21:47:13 Server dovecot: Killed with signal 15
Mar 26 21:47:14 Server dovecot: Dovecot starting up
Mar 26 21:47:48 Server imap-login: Login: me [127.0.0.1]
Mar 26 21:49:11 Server imap-login: Login: me [127.0.0.1]
Mar 26 21:52:49 Server last message repeated 5 times
Mar 26 21:57:50 Server imap-login: Login: me [127.0.0.1]

I don't know what was wrong. Please give me some advice. Thanks alot.

[snurckle]

Try using Thunderbird or some other POP3/IMAP client to send yourself a message.

/var/log/maillog should have reported getting a message if you sent yourself one. On top of that, I don't see postfix in either of the logs, so it may be something simple- like you didn't start Postfix, or--there was an error when it started so it is locked.

do the tail -f /var/log/maillog and tail -f /var/log/messages (in seperate windows)

just to make sure everything is running copy the following line, and execute on your commandline:

Code:

service dovecot restart;service amavisd restart;service spamassassin restart;service postfix restart

I put the postfix at the end, because I think that's where your problem is. If you send yourself a test message, and it isn't getting back to you...or in this case- you logged in, sent yourself a message, and it didn't show up in /var/log/maillog I suspect postfix has a problem.

post the logfile messages.

[basketkase999]

This a great Walkthrough. I was wondering however if we have to do any dns/bind stuff on the box for the domain name i want to use?

[snurckle]

of course you do. But that's easy as well. Let me know if you need help

[basketkase999]

I had an old email server on RHL 9 before I upgraded to Fedora 3. I based my server off of the following: http://www.netikus.net/documents/Lin...stallation.pdf . I assume that the section on configuring dns will apply the same to this email server. I'm still a noob so I am still not 100% sure. If you have any specific guides on how to setup the dns stuff I would greatly appreciated it! Thanks in advance!

[basketkase999]

Also, I have the same problem sportq had. I tried all the fixes snurckle suggested but it still didn't work. Any suggestions, as i don't see a follow up about it?

[basketkase999]

Another problem: I try to restart postfix, and it says its starts ok. But when i run "service postfix status", I get "master is stopped". Any ideas?