Setting Up A Mail Server Using Exim4, Clamav, Dovecot, SpamAssassin And Many More On Debian Lenny - Page 3
These are secondary addresses for a mailbox. They must belong to the same domain as destination address. One Alias can be added to several mailboxes, in which case all the mailboxes receive mails sent to the alias address. In the sample data, firstname.lastname@example.org is an alias for email@example.com and firstname.lastname@example.org is an alias for both, email@example.com and firstname.lastname@example.org.
To add an alias to an existing mailbox just add a mailLocalAddress attribute with the mail address of the alias.
The file /etc/exim4/conf.d/router/070_mailMEO_alias is the router for such address: mailMEO_alias:
Forwarders are addresses that forward mails to one or several addresses. They are quite similar to aliases except that they can forward mails to addresses not belonging to their domains or even remote addresses. To create mail forwarders, create an LDAP entry under the domain entry following the template:
dn: uid=gmail,dc=middle.earth,ou=domains,dc=middle,dc=earth cn: %FWD_LOCALPART% mail: %DEST_MAILADDR% mailHost: %IPADDR_OF_MAILSTORE% mailRoutingAddress: %DEST_MAILADDR% objectClass: inetMailForwarder objectClass: inetOrgPerson objectClass: top sn: Alias address uid: %FWD_LOCALPART%
The file /etc/exim4/conf.d/router/071_mailMEO_fwd this kind of address:
Catchalls are kind of garbage mailboxes that will receive every mails sent to a domain whatever the localpart is. You can mix regular mailbox and catchall mailbox in a domain (of course only one catchall per domain is allowed). To add a catchaal address to a domain, add the posixAccount to the domain entry (and all the needed attributes), a mailLocalAddress and mailQuota attributes:
objectClass: posixAccount mailLocalAddress: %CATCHALL_ADDR% gidNumber: %gID% homeDirectory: %MAILDIR_PATH% uid: %CATCHALL_LOCALPART% uidNumber: %UID% userPassword:: %HASH_PASS_STR% mailQuota: %KB%
The file /etc/exim4/conf.d/router/079_mailMEO_catchall defines catchall routing:
The Virtual Users:
Well... It's the mailbox that users will check for mails! To create a user add an LDAP entry under the domain following this template:
dn: uid=%LOCALPART%,dc=%DOMAIN%,ou=domains,dc=middle,dc=earth cn: %SOMETHING_DESCRIPTIVE% displayName: %SOMETHING_DESCRIPTIVE% gidNumber: %GID% givenName: %SOMETHING_DESCRIPTIVE% homeDirectory: %MAILDIR_PATH% mail: %EMAIL_ADDR% mailHost: %IPADDR_OF_MAILSTORE% mailQuota: %KB% objectClass: inetLocalMailRecipient objectClass: inetOrgPerson objectClass: posixAccount objectClass: top sn: %SOMETHING_DESCRIPTIVE% uidNumber: %UID uid: %LOCALPART% userPassword:: %HASH_PASS_STR% mailLocalAddress: %EMAIL_ADDR%
Please note that the main email address *MUST* be set as a mailLocalAddress just like aliases.
Routing is done using the file /etc/exim4/conf.d/router/077_mailMEO_users:
Once done with the routers we have to add several transports.
The first one obvious, it delivers mails in the mailboxes of virtual users. To do so we will use the dovecot LDA because it's reliable and natively implements cool stuffs like quota or sieve filtering (Dovecot rules!).
This is a typical example as described on dovecot wiki and is in the file /etc/exim4/conf.d/transport/50_mailMEO_dovecot:
This router is used to check mails for spam using the spamassassin daemon.
The spamcheck transport is used to process mails in spamassassin daemon.
SA transport is configured in /etc/exim4/conf.d/transport/50_mailMEO_spamcheck:
Let's configure SpamAssassin while we are dealing with it.
Most of the config is stored in /etc/spamassassin/local.cf:
user_scores_dsn ldap://ldap.middle.earth/ou=domains,dc=middle,dc=earth?spamassassinUserPrefs?sub?(&(mailLocalAddress=__USERNAME__)(objectClass=inetLocalMailRecipient)) user_scores_ldap_username uid=exim,dc=middle,dc=earth
With this config you can have specific settings for each user, just use the spamassassinUserPrefs attribute using the form 'item value'.
We have to enable spamd in /etc/default/spamassassin:
... and start it.
sudo /etc/init.d/spamassassin restart
We can now restart exim as well:
sudo /etc/init.d/exim4 restart
At this point, mails can't be sent to the mailstore yet (dovecot must be configured... we'll do it later), and most of the security features are not implemented.
The MX server (faramir):
It's here where we will add security features.
As the MX server will do virus scanning too it needs to have volatile repository in the file /etc/apt/sources.list.d/volatile.list:
deb http://volatile.debian.org/debian-volatile lenny/volatile main
... and the backports for a newer dovecot version, in the /etc/apt/sources.list.d/backports.list:
deb http://backports.debian.org/debian-backports lenny-backports main
Update the apt database:
sudo apt-get update
We can now install the needed packages:
sudo apt-get install clamav-daemon clamav-freshclam exim4-daemon-heavy libmail-spf-query-perl
sudo apt-get -t lenny-backports install dovecot-imapd dovecot-pop3d
Proceed with exim4 installation just like for the relay server.
The file /etc/exim4/conf.d/main/04_mailMEOmacrodefs defines the macros we will use in other config files:
ldap_default_servers = ldap.middle.earth
CHECK_RCPT_SPF enabled SPF checking at SMTP time, and reject mail for which spf check failed.
CHECK_RCPT_IP_DNSBL enables DNSBL lookups. The blacklists used here are trustworthy and should not list smarthosts of big MSP. As a consequence, we will choose to reject mails based on thoose DNSBL instead of just warn (which is the default in exin4). Go to the file /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt and change:
We have to specify exim to accept the domains defined by mailMEO_domains in /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt: change
Now we enable virus scanning just like we did on the relay server in /etc/exim4/conf.d/main/02_exim4-config_options:
av_scanner = clamd:/var/run/clamav/clamd.ctl
Uncomment 3 lines in /etc/exim4/conf.d/acl/40_exim4-config_check_data:
Add user clamav to the Debian-exim group:
sudo adduser clamav Debian-exim
sudo /etc/init.d/clamav-daemon restart
The main purpose of the MX server is to route mails to the mailstore server where the mailbox is hosted.
In Exim, routing can be done using the manualroute driver, which will send mails to remote hosts using SMTP.
We will needed 2 drivers of this kind to handle users accounts, aliases and forwarders on one side and catchall accounts on the other side.
All is in /etc/exim4/conf.d/router/075_mailMEOroutes:
A quick explanation: this router first validate the domain is stored in ldap, then it checks that the address exists and at last requests the hostname of the mail server where the mailbox sits.
We don't need to do anything else for the MX concerning the MTA part. So we restart exim and will come back later for the dovecot part.
sudo /etc/init.d/exim4 restart