The Perfect Server - OEL 5.4 [ISPConfig 3] - Page 5

Want to support HowtoForge? Become a subscriber!
 
Submitted by josepcols (Contact Author) (Forums) on Wed, 2010-04-28 15:41. ::

6 Install Email server

On computer email.netbck.com we will install:

Postfix with quota support
Dovecot
Amavis
Spamassassin
Clamav
Mysql
Fail2ban
and Rkhunter.

We install MySQL because it is needed by ISPConfig. Webmail will be installed later on computer http.netbck.com.

 

Install Mysql

To install MySQL and set the root password, we must do:

yum install gcc openssl-devel mysql-server
chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start
mysqladmin -u root password xxxx

 

Install postfix with quota support

Install some required packages:

yum install rpm-build db4-devel openldap-devel mysql-devel

We need to install a special configuration of postfix. So, we need to install from sources:

Get postfix source code:

cd /usr/src
wget http://ftp.wl0.org/official/2.5/SRPMS/postfix-2.5.6-1.src.rpm
rpm -ivh postfix-2.5.6-1.src.rpm

Get quota patch:

cd /usr/src/redhat/SOURCES
wget http://vda.sourceforge.net/VDA/postfix-2.5.6-vda-ng.patch.gz

Configure postfix:

cd /usr/src/redhat/SOURCES vi make-postfix.spec

At the begining of file, add the following variable definitions:

POSTFIX_MYSQL_REDHAT=1
POSTFIX_SMTPD_MULTILINE_GREETING=1
POSTFIX_TLS=1
POSTFIX_VDA=1
POSTFIX_DOVECOT=1
POSTFIX_LDAP=0
POSTFIX_SASL=2

Postfix can be configured for RedHat systems, but can't be installed on OEL systems.
We need to edit some configuration files to allow the compilation of packages on an OEL environment.

cd /usr/src/redhat/SOURCES
vi make-postfix.spec

Arround the line 110, you can see:

distro_info=$(sh ${sourcedir}/postfix-get-distribution --distro-info)
fullname=$(echo "$distro_info" | cut -d" " -f5)
releasename=$(echo "$distro_info" | cut -d" " -f1)
major=$(echo "$distro_info" | cut -d" " -f3)
minor=$(echo "$distro_info" | cut -d" " -f4)

After those lines, add some lines to simulate a RedHat system. The added lines look like:

....
distro_info=$(sh ${sourcedir}/postfix-get-distribution --distro-info)
fullname=$(echo "$distro_info" | cut -d" " -f5)
releasename=$(echo "$distro_info" | cut -d" " -f1)
major=$(echo "$distro_info" | cut -d" " -f3)
minor=$(echo "$distro_info" | cut -d" " -f4)
#
# begin added lines
#
releasename=rhel
major=5
minor=4
#
# end added lines
#
....

Now, we can create the config file /usr/src/redhat/SPECS/postfix.spec:

cd /usr/src/redhat/SOURCES
chmod +x make-postfix.spec
./make-postfix.spec

Creating Postfix spec file: /usr/src/redhat/SPECS/postfix.spec
 Checking rpm database for distribution information...
  - if the script gets stuck here:
   check and remove /var/lib/rpm/__db.00? files
  Distribution is: to (rhel-5.4)

  enabling MySQL support (RedHat mysql* packages) in spec file
  enabling Cyrus SASL v2 support in spec file
  enabling Dovecot SASL support in spec file
  enabling TLS support in spec file by default (disable with POSTFIX_TLS=0)
 enabling VDA support in spec file

We need to edit the file /usr/src/redhat/SOURCES/postfix-get-distribution to simulate a RedHat system:

vi /usr/src/redhat/SOURCES/postfix-get-distribution

Around the line 150, the original file says:

else
    # give up if we can not proceed
    echo "ERROR: $myname - unable to determine distribution, exiting"
    exit 1
fi

Change it to:

...
else
    pkg_name=redhat-release-es
    # give up if we can not proceed
    #echo "ERROR: $myname - unable to determine distribution, exiting"
    #exit 1
fi
...

Also, around the line 190, the original file says:

redhat-release-es|redhat-release-as)
    name=rhel
    version=$(echo "$version" | sed -e 's;[A-Z]$;;')
    ;;

Change it to:

...
redhat-release-es|redhat-release-as)
    name=rhel
    version=$(echo "$version" | sed -e 's;[A-Z]$;;')
    version=5.4
    ;;
...

Create the rpm distribution:

cd /usr/src/redhat/SOURCES
wget ftp://ftp.cuhk.edu.hk/pub/packages/mail-server/postfix/official/postfix-2.5.6.tar.gz
chmod +x make-postfix.rpm
./make-postfix.rpm -cf /usr/src/redhat/SPECS/postfix.spec

ls -l /usr/src/redhat/RPMS/i386

total 4556
-rw-r--r-- 1 root root 4652243 Apr 3 23:11 postfix-2.5.6-1.mysql.sasl2.dovecot.vda.rhel5.i386.rpm

Install postfix:

cd /usr/src/redhat/RPMS/i386
rpm -ivh postfix-2.5.6-1.mysql.sasl2.dovecot.vda.rhel5.i386.rpm

By default, sendmail is started, so, we must stop sendmail and start postfix:

chkconfig --levels 235 sendmail off
chkconfig --levels 235 postfix on
/etc/init.d/sendmail stop
/etc/init.d/postfix start

 

Install amavisd, spamassassin and clamav

We can install all the packages, and some additional ones, by executing:

yum install getmail amavisd-new spamassassin clamav clamd postgresql-libs php php-mysql

This will install about 60 packages.

All emails processed by amavis contains a header line saying that the mail as been processed. By default, this header says:

X-Virus-Scanned: amavisd-new at example.com

To change example.com to your domain name, it is needed to change the file /etc/amavisd.conf:

vi /etc/amavisd.conf

Change the line

$mydomain = 'exmaple.com'; # a convenient default for other settings

to

$mydomain = 'netbck.com'; # a convenient default for other settings

And, finally, you must execute some commands:

mkdir /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db
chown amavis /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db
sa-update # initialize amavis
chkconfig --levels 235 amavisd on
chkconfig --levels 235 clamd on
/usr/bin/freshclam # Update clamav virus DataBase
/etc/init.d/amavisd start
/etc/init.d/clamd start

 

Install fail2ban and rkhunter

Simply, execute:

yum install fail2ban rkhunter
chkconfig --levels 235 fail2ban on
/etc/init.d/fail2ban start

 

Install Dovecot

If we install Dovecot using yum install dovecot, we will install the version 1.0.7

With the following commands, we will install the version 1.2.10:

cd /tmp
wget http://dl.atrpms.net/all/dovecot-1.2.10-2_107.el5.i386.rpm
rpm -ivh dovecot-1.2.10-2_107.el5.i386.rpm

Them, install the Sieve plugin:

cd /tmp
wget http://dl.atrpms.net/all/dovecot-sieve-0.1.15-4.el5.i386.rpm
rpm -ivh dovecot-sieve-0.1.15-4.el5.i386.rpm

And start Dovecot:

chkconfig --levels 235 dovecot on
service dovecot restart

 

Grant MySQL Privileges on mysql.netbck.com conmputer

All those actions must be done on mysql.netbck.com computer

Before we install ISPConfig, we need to allow logins to the ispconfig database on mysql.netbck.com from the email.netbck.com computer.

We must execute the following SQL sentences:

mysql -u root -p
GRANT ALL PRIVILEGES ON *.* TO root@'192.168.1.213' IDENTIFIED BY 'xxxx' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO root@'email.netbck.com' IDENTIFIED BY 'xxxx' WITH GRANT OPTION;
flush privileges;

The whole session must look like:

mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8274
Server version: 5.0.77 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> GRANT ALL PRIVILEGES ON *.* TO root@'192.168.1.213' IDENTIFIED BY 'xxxx' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON *.* TO root@'email.netbck.com' IDENTIFIED BY 'xxxx' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)

mysql> Bye

End of actions to be done on mysql.netbck.com computer.

From now, all actions must be done on email.netbck.com computer.

 

Install ISPConfig

On a distributed configuration, it is needed to install and configure ISPConfig on all computers. The configuration of ISPConfig on this computer must join the ISPConfig on computer mysql.netbck.com.

Also, every computer must have its MySQL database. So, when configuring ISPConfig, first we must answer about the local MySQL database, then say that we want to join an existing ISPConfig configuration and answer about the remote MySQL database. Synchonization between databases is done automatically by the system.

To install and configure ISPConfig, we must do the following:

cd /tmp
wget http://downloads.sourceforge.net/ispconfig/ISPConfig-3.0.2.1.tar.gz?use_mirror=
tar xvfz ISPConfig-3.0.2.1.tar.gz
cd ispconfig3_install/install/
php -q install.php


--------------------------------------------------------------------------------
 _____ ___________   _____              __ _
|_   _/  ___| ___ \ /  __ \            / _(_)
  | | \ `--.| |_/ / | /  \/ ___  _ __ | |_ _  __ _
  | |  `--. \  __/  | |    / _ \| '_ \|  _| |/ _` |
 _| |_/\__/ / |     | \__/\ (_) | | | | | | | (_| |
 \___/\____/\_|      \____/\___/|_| |_|_| |_|\__, |
                                              __/ |
                                             |___/
--------------------------------------------------------------------------------


>> Initial configuration

Operating System: Redhat or compatible, unknown version.

    Following will be a few questions for primary configuration so be careful.
    Default values are in [brackets] and can be accepted with <ENTER>.
    Tap in "quit" (without the quotes) to stop the installer.


Select language (en,de) [en]: <---- ENTER

Installation mode (standard,expert) [standard]: expert <---- expert

Full qualified hostname (FQDN) of the server, eg server1.domain.tld [email.netbck.com]: <---- ENTER

MySQL server hostname [localhost]: <---- ENTER

MySQL root username [root]: <---- ENTER

MySQL root password []: xxxx <---- mysql root's password at localhost

MySQL database to create [dbispconfig]: <---- ENTER

MySQL charset [utf8]: <---- ENTER

Shall this server join an existing ISPConfig multiserver setup (y,n) [n]: y <---- y (join an existing ISPConfig multiserver setup)

MySQL master server hostname []: mysql.netbck.com <---- mysql.netbck.com

MySQL master server root username [root]: <---- ENTER

MySQL master server root password []: xxxx <---- mysql root's password at mysql.netbck.com

MySQL master server database name [dbispconfig]: <---- ENTER

Adding ISPConfig server record to database.

Configure Mail (y,n) [y]: <---- ENTER

Configuring Postfix
Generating a 2048 bit RSA private key
......+++
........................................+++
writing new private key to 'smtpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:XX <---- Answer according your site
State or Province Name (full name) [Berkshire]: xxxx <---- Answer according your site
Locality Name (eg, city) [Newbury]: xxxx<---- Answer according your site
Organization Name (eg, company) [My Company Ltd]: xxxx<---- Answer according your site
Organizational Unit Name (eg, section) []: xxxx <---- Answer according your site
Common Name (eg, your name or your server's hostname) []: xxxx<---- Answer according your site
Email Address []:xxxx@xxxx.xxx <---- Answer according your site
Configuring SASL
Configuring PAM
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Shutting down postfix:                                   [ OK ]
Starting postfix:                                    [ OK ]
Stopping saslauthd:                                        [FAILED]
Starting saslauthd:                                        [ OK ]
Shutting down Mail Virus Scanner (amavisd):                [FAILED]
Starting Mail Virus Scanner (amavisd):                     [  OK  ]
sh: /etc/init.d/clamd.amavisd: No such file or directory
sh: /etc/init.d/courier-authlib: No such file or directory
sh: /etc/init.d/courier-imap: No such file or directory
sh: /etc/init.d/courier-imap: No such file or directory
sh: /etc/init.d/courier-imap: No such file or directory
sh: /etc/init.d/courier-imap: No such file or directory
Stopping Dovecot Imap:                                     [FAILED]
If you have trouble with authentication failures,
enable auth_debug setting. See http://wiki.dovecot.org/WhyDoesItNotWork
This message goes away after the first successful login.
Starting Dovecot Imap:                                     [ OK ]
Configure Jailkit (y,n) [y]: <---- ENTER

Configuring Jailkit
Configure FTP Server (y,n) [y]: n <---- n

Configure DNS Server (y,n) [y]: n <---- n


Hint: If this server shall run the ispconfig interface, select 'y' in the 'Configure Apache Server' option.

Configure Apache Server (y,n) [y]: n <---- n

Configure Firewall Server (y,n) [y]: n <---- n

Configuring Firewall
Install ISPConfig Web-Interface (y,n) [y]: n <---- n

Configuring DBServer
Installing Crontab
no crontab for root
no crontab for getmail
Stopping httpd:                                            [FAILED]
Starting httpd:                                            [ OK ]
Installation completed.

Log into ISPConfig at http://mail.netbck.com and allow the email.netbck.com server only the installed options: Mail

If you want to use another disk or partition for email storage, mount it at /var/vmail owned by vmail:vmail

 

Start some processes

We need to start spamassasin and restart Dovecot:

chkconfig --levels 235 spamassassin on
/etc/init.d/spamassassin start
/etc/init.d/dovecot restart

 

Enable Dovecot quotas

It is needed to edit 2 files to allow Dovecot a proper configuration.

The file /etc/dovecot.conf must contain (without comments):

#
# allow only if you have NFS storage mounted on /var/vmail
#
#mmap_disable = yes
#mail_nfs_storage = yes
#mail_nfs_index = yes
#
#
#
protocols = imap imaps pop3 pop3s
disable_plaintext_auth = no
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_location = maildir:/var/vmail/%d/%n/Maildir
first_valid_uid = 5000
last_valid_uid = 5000
first_valid_gid = 5000
last_valid_gid = 5000

protocol imap {
  mail_executable = /usr/libexec/dovecot/rawlog /usr/libexec/dovecot/imap
  mail_plugins = quota imap_quota
  mail_plugin_dir = /usr/lib/dovecot/imap/
}

protocol pop3 {
  mail_executable = /usr/libexec/dovecot/rawlog /usr/libexec/dovecot/pop3
  pop3_uidl_format = %08Xu%08Xv
  mail_plugins = quota
  mail_plugin_dir = /usr/lib/dovecot/pop3
}

protocol managesieve {
}

protocol lda {
  postmaster_address = postmaster@example.com
  mail_plugins = sieve quota
  mail_plugin_dir = /usr/lib/dovecot/lda
  auth_socket_path = /var/run/dovecot/auth-master
}

auth default {
  mechanisms = plain login
  passdb pam {
  }
  passdb sql {
    args = /etc/dovecot-sql.conf
  }

  userdb passwd {
  }

  userdb sql {
    args = /etc/dovecot-sql.conf
  }

  user = root
  socket listen {
        master {
      path = /var/run/dovecot/auth-master
      mode = 0600
      user = vmail
    }
    client {
      path = /var/spool/postfix/private/auth
      mode = 0660
      user = postfix
      group = postfix
    }
  }
}

dict {
}

plugin {
  quota = maildir
  quota_rule = *:storage=1G
  sieve_dir=~/sieve
}

Also, on file /etc/dovecot-sql.conf, you must change the last two (very long) lines that define the password_query and the user_query.

Original:

password_query = SELECT password FROM mail_user WHERE email = '%u' AND disable%Ls = 'n'
user_query = SELECT email as user, maildir as home, CONCAT(maildir, '/Maildir') as mail, uid, gid, CONCAT('maildir:storage=', quota) AS quota, CONCAT(maildir, '/.sieve') as sieve FROM mail_user WHERE email = '%u' AND disable%Ls = 'n'

Must be:

password_query = SELECT email as user, password, uid as userdb_uid, gid as userdb_gid, concat('*:bytes=', quota) as userdb_quota_rule FROM mail_user WHERE email = '%u' AND disable%Ls = 'n'
user_query = SELECT email as user, maildir as home, CONCAT(maildir, '/Maildir') as mail, uid, gid, CONCAT('*:bytes=', quota) AS quota_rule, CONCAT(maildir, '/.sieve') as sieve FROM mail_user WHERE email = '%u' AND disable%Ls = 'n'

And restart Dovecot:

service dovecor restart

 

How to access mail

From now, you can create email domains and email users using the ISPConfig interface. You can access email accounts using any IMAP or POP client specifying:

POP/IMAP
Server: email.netbck.com
Port: Default and depends on Security options
Security: The configuration accepts unsecured connections, TLS connections and SSL connections.

SMTP
Server: email.netbck.com
Port: Default and depends on Security options
Security: The configuration accepts unsecured connections, TLS connections and SSL connections. If you want to send emails outside your email domain, you must authentificate on SMTP connection.

To authentificate on the email system, you must use your user and domain. Example: myname@example.com.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.