Local Mail Server Setup

Discussion in 'Server Operation' started by petersfreeman, Jun 19, 2012.

  1. petersfreeman

    petersfreeman New Member

    [SOLVED] Local Mail Server Setup

    Background

    We now live in an area where our link to the internet is an expensive wireless connection using the cellular system.

    Members of our family email each other a lot, with large attachments such as videos, pictures, etc.

    Goal

    I want to set-up a LAN mail server that we can use for family members where the mail just stays within the LAN and does not go out onto the Internet.

    Progress

    I installed Ubuntu 12.04 LTS Server 64 bit on a spare machine following the guide at this web site:


    I registered the domain musgravelanding.net with hover and you can see the results at:


    Results

    Here is my /etc/hosts file:

    Code:
    127.0.0.1       localhost.localdomain   localhost
    192.168.241.80  server.musgravelanding.net      server
    
    # The following lines are desirable for IPv6 capable hosts
    ::1     ip6-localhost ip6-loopback
    fe00::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters
    And here is my /etc/hostname file:
    Code:
    server.musgravelanding.net
    My /etc/postfix/main.cf is:
    Code:
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    readme_directory = /usr/share/doc/postfix
    
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    
    myhostname = server.musgravelanding.net
    alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    myorigin = /etc/mailname
    mydestination = server.musgravelanding.net, localhost, localhost.localdomain
    relayhost =
    mynetworks = 127.0.0.0/8 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains =
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf, hash:/var/lib/mailman/data/virtual-mailman
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
    smtpd_tls_security_level = may
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    smtpd_client_message_rate_limit = 100
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = dovecot
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    owner_request_special = no
    dovecot_destination_recipient_limit = 1
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    The result of a test send is:
    Code:
    echo "Subject: Test" | /usr/lib/sendmail -v [email protected]
    Mail Delivery Status Report will be mailed to <peter>.
    Testing with netstat reveals:
    Code:
    [email protected]:~$ netstat -an | grep tcp | grep 25
    tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN
    tcp        0      0 127.0.0.1:3306          127.0.0.1:41625         ESTABLISHED
    tcp        0      0 127.0.0.1:41625         127.0.0.1:3306          ESTABLISHED
    tcp6       0      0 :::25                   :::*                    LISTEN
    You have new mail in /var/mail/peter
    And iptables:
    Code:
    [email protected]:~$ sudo iptables -nvL
    [sudo] password for peter:
    Chain INPUT (policy ACCEPT 34799 packets, 42M bytes)
     pkts bytes target     prot opt in     out     source               destination
      824 67412 fail2ban-dovecot-pop3imap  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 110,995,143,993
      263 14292 fail2ban-pureftpd  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 21
     2202  187K fail2ban-ssh  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22
    
    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination
    
    Chain OUTPUT (policy ACCEPT 21919 packets, 1686K bytes)
     pkts bytes target     prot opt in     out     source               destination
    
    Chain fail2ban-dovecot-pop3imap (1 references)
     pkts bytes target     prot opt in     out     source               destination
      818 67052 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    
    Chain fail2ban-pureftpd (1 references)
     pkts bytes target     prot opt in     out     source               destination
      263 14292 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    
    Chain fail2ban-ssh (1 references)
     pkts bytes target     prot opt in     out     source               destination
     2202  187K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    [email protected]:~$
    Checking with Telnet reveals:
    Code:
    [email protected]:~$ telnet localhost 25
    Trying 127.0.0.1...
    Connected to localhost.localdomain.
    Escape character is '^]'.
    220 server.musgravelanding.net ESMTP Postfix (Ubuntu)
    ehlo server
    250-server.musgravelanding.net
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    quit
    221 2.0.0 Bye
    Connection closed by foreign host.
    [email protected]:~$
    And a look at the logs:
    Code:
    [email protected]:~$ tail /var/log/mail.log
    Jun 18 14:49:36 server postfix/smtpd[8749]: disconnect from localhost.localdomain[127.0.0.1]
    Jun 18 14:49:40 server postfix/smtpd[8749]: connect from localhost.localdomain[127.0.0.1]
    Jun 18 14:50:01 server postfix/smtpd[8823]: connect from localhost.localdomain[127.0.0.1]
    Jun 18 14:50:01 server postfix/smtpd[8823]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
    Jun 18 14:50:01 server postfix/smtpd[8823]: disconnect from localhost.localdomain[127.0.0.1]
    Jun 18 14:50:01 server dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
    Jun 18 14:50:01 server dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
    Jun 18 14:50:17 server postfix/smtpd[8749]: disconnect from localhost.localdomain[127.0.0.1]
    Jun 18 14:50:21 server postfix/smtpd[8823]: connect from localhost.localdomain[127.0.0.1]
    Jun 18 14:50:28 server postfix/smtpd[8823]: disconnect from localhost.localdomain[127.0.0.1]
    [email protected]:~$
    At this point /var/log/mail.err is empty

    From my wife's computer using Thunderbird, she tried to send me a test email, but it gives a SMTP error when Thunderbird is set up as smtp.musgravelanding.net. When I change the settings in Thunderbird to give the server the explicit ipaddress 192.168.241.80 the mail is sent.



    Questions

    1. What do I need to do to get this working?
    2. I don't understand how to set the MX record if that is appropriate?
    3. Can you recommend links to further advice on this topic?

    Thank you,

    Peter
     
    Last edited: Jun 19, 2012
  2. petersfreeman

    petersfreeman New Member

    It appears that the mail system is working perfectly as my wife and I are able to send emails back and forth using Squirrel Mail. The problem seems to be how to set up Thunderbird with the right settings. I've already experimented at random with no success, so now I'll go in and approach it more systematically.

    Peter
     
  3. petersfreeman

    petersfreeman New Member

    I found the solution to my problem. In Thunderbird, I needed to specify the username as [email protected] instead of just peter

    My next project is to see if I can get it so I can use Squirrel Mail from outside of my LAN to access my mail.

    Cheers,

    Peter
     

Share This Page