The Perfect Server - OEL 5.4 [ISPConfig 3] - Page 5
On this page
6 Install Email server
On computer email.netbck.com we will install:
Postfix with quota support
Dovecot
Amavis
Spamassassin
Clamav
Mysql
Fail2ban
and Rkhunter.
We install MySQL because it is needed by ISPConfig. Webmail will be installed later on computer http.netbck.com.
Install Mysql
To install MySQL and set the root password, we must do:
yum install gcc openssl-devel mysql-server
chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start
mysqladmin -u root password xxxx
Install postfix with quota support
Install some required packages:
yum install rpm-build db4-devel openldap-devel mysql-devel
We need to install a special configuration of postfix. So, we need to install from sources:
Get postfix source code:
cd /usr/src
wget http://ftp.wl0.org/official/2.5/SRPMS/postfix-2.5.6-1.src.rpm
rpm -ivh postfix-2.5.6-1.src.rpm
Get quota patch:
cd /usr/src/redhat/SOURCES
wget http://vda.sourceforge.net/VDA/postfix-2.5.6-vda-ng.patch.gz
Configure postfix:
cd /usr/src/redhat/SOURCES vi make-postfix.spec
At the begining of file, add the following variable definitions:
POSTFIX_MYSQL_REDHAT=1 POSTFIX_SMTPD_MULTILINE_GREETING=1 POSTFIX_TLS=1 POSTFIX_VDA=1 POSTFIX_DOVECOT=1 POSTFIX_LDAP=0 POSTFIX_SASL=2
Postfix can be configured for RedHat systems, but can't be installed on OEL systems.
We need to edit some configuration files to allow the compilation of packages on an OEL environment.
cd /usr/src/redhat/SOURCES
vi make-postfix.spec
Arround the line 110, you can see:
distro_info=$(sh ${sourcedir}/postfix-get-distribution --distro-info)
fullname=$(echo "$distro_info" | cut -d" " -f5)
releasename=$(echo "$distro_info" | cut -d" " -f1)
major=$(echo "$distro_info" | cut -d" " -f3)
minor=$(echo "$distro_info" | cut -d" " -f4)
After those lines, add some lines to simulate a RedHat system. The added lines look like:
.... distro_info=$(sh ${sourcedir}/postfix-get-distribution --distro-info) fullname=$(echo "$distro_info" | cut -d" " -f5) releasename=$(echo "$distro_info" | cut -d" " -f1) major=$(echo "$distro_info" | cut -d" " -f3) minor=$(echo "$distro_info" | cut -d" " -f4) # # begin added lines # releasename=rhel major=5 minor=4 # # end added lines # ....
Now, we can create the config file /usr/src/redhat/SPECS/postfix.spec:
cd /usr/src/redhat/SOURCES
chmod +x make-postfix.spec
./make-postfix.spec
Creating Postfix spec file: /usr/src/redhat/SPECS/postfix.spec
Checking rpm database for distribution information...
- if the script gets stuck here:
check and remove /var/lib/rpm/__db.00? files
Distribution is: to (rhel-5.4)
enabling MySQL support (RedHat mysql* packages) in spec file
enabling Cyrus SASL v2 support in spec file
enabling Dovecot SASL support in spec file
enabling TLS support in spec file by default (disable with POSTFIX_TLS=0)
enabling VDA support in spec file
We need to edit the file /usr/src/redhat/SOURCES/postfix-get-distribution to simulate a RedHat system:
vi /usr/src/redhat/SOURCES/postfix-get-distribution
Around the line 150, the original file says:
else
# give up if we can not proceed
echo "ERROR: $myname - unable to determine distribution, exiting"
exit 1
fi
Change it to:
... else pkg_name=redhat-release-es # give up if we can not proceed #echo "ERROR: $myname - unable to determine distribution, exiting" #exit 1 fi ...
Also, around the line 190, the original file says:
redhat-release-es|redhat-release-as)
name=rhel
version=$(echo "$version" | sed -e 's;[A-Z]$;;')
;;
Change it to:
... redhat-release-es|redhat-release-as) name=rhel version=$(echo "$version" | sed -e 's;[A-Z]$;;') version=5.4 ;; ...
Create the rpm distribution:
cd /usr/src/redhat/SOURCES
wget ftp://ftp.cuhk.edu.hk/pub/packages/mail-server/postfix/official/postfix-2.5.6.tar.gz
chmod +x make-postfix.rpm
./make-postfix.rpm -cf /usr/src/redhat/SPECS/postfix.spec
ls -l /usr/src/redhat/RPMS/i386
total 4556
-rw-r--r-- 1 root root 4652243 Apr 3 23:11 postfix-2.5.6-1.mysql.sasl2.dovecot.vda.rhel5.i386.rpm
Install postfix:
cd /usr/src/redhat/RPMS/i386
rpm -ivh postfix-2.5.6-1.mysql.sasl2.dovecot.vda.rhel5.i386.rpm
By default, sendmail is started, so, we must stop sendmail and start postfix:
chkconfig --levels 235 sendmail off
chkconfig --levels 235 postfix on
/etc/init.d/sendmail stop
/etc/init.d/postfix start
Install amavisd, spamassassin and clamav
We can install all the packages, and some additional ones, by executing:
yum install getmail amavisd-new spamassassin clamav clamd postgresql-libs php php-mysql
This will install about 60 packages.
All emails processed by amavis contains a header line saying that the mail as been processed. By default, this header says:
X-Virus-Scanned: amavisd-new at example.com
To change example.com to your domain name, it is needed to change the file /etc/amavisd.conf:
vi /etc/amavisd.conf
Change the line
$mydomain = 'exmaple.com'; # a convenient default for other settings
to
$mydomain = 'netbck.com'; # a convenient default for other settings
And, finally, you must execute some commands:
mkdir /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db
chown amavis /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db
sa-update # initialize amavis
chkconfig --levels 235 amavisd on
chkconfig --levels 235 clamd on
/usr/bin/freshclam # Update clamav virus DataBase
/etc/init.d/amavisd start
/etc/init.d/clamd start
Install fail2ban and rkhunter
Simply, execute:
yum install fail2ban rkhunter
chkconfig --levels 235 fail2ban on
/etc/init.d/fail2ban start
Install Dovecot
If we install Dovecot using yum install dovecot, we will install the version 1.0.7
With the following commands, we will install the version 1.2.10:
cd /tmp
wget http://dl.atrpms.net/all/dovecot-1.2.10-2_107.el5.i386.rpm
rpm -ivh dovecot-1.2.10-2_107.el5.i386.rpm
Them, install the Sieve plugin:
cd /tmp
wget http://dl.atrpms.net/all/dovecot-sieve-0.1.15-4.el5.i386.rpm
rpm -ivh dovecot-sieve-0.1.15-4.el5.i386.rpm
And start Dovecot:
chkconfig --levels 235 dovecot on
service dovecot restart
Grant MySQL Privileges on mysql.netbck.com conmputer
All those actions must be done on mysql.netbck.com computer
Before we install ISPConfig, we need to allow logins to the ispconfig database on mysql.netbck.com from the email.netbck.com computer.
We must execute the following SQL sentences:
mysql -u root -p
GRANT ALL PRIVILEGES ON *.* TO root@'192.168.1.213' IDENTIFIED BY 'xxxx' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO root@'email.netbck.com' IDENTIFIED BY 'xxxx' WITH GRANT OPTION;
flush privileges;
The whole session must look like:
mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8274
Server version: 5.0.77 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> GRANT ALL PRIVILEGES ON *.* TO root@'192.168.1.213' IDENTIFIED BY 'xxxx' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON *.* TO root@'email.netbck.com' IDENTIFIED BY 'xxxx' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
mysql> Bye
End of actions to be done on mysql.netbck.com computer.
From now, all actions must be done on email.netbck.com computer.
Install ISPConfig
On a distributed configuration, it is needed to install and configure ISPConfig on all computers. The configuration of ISPConfig on this computer must join the ISPConfig on computer mysql.netbck.com.
Also, every computer must have its MySQL database. So, when configuring ISPConfig, first we must answer about the local MySQL database, then say that we want to join an existing ISPConfig configuration and answer about the remote MySQL database. Synchonization between databases is done automatically by the system.
To install and configure ISPConfig, we must do the following:
cd /tmp
wget http://downloads.sourceforge.net/ispconfig/ISPConfig-3.0.2.1.tar.gz?use_mirror=
tar xvfz ISPConfig-3.0.2.1.tar.gz
cd ispconfig3_install/install/
php -q install.php
--------------------------------------------------------------------------------
_____ ___________ _____ __ _
|_ _/ ___| ___ \ / __ \ / _(_)
| | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _
| | `--. \ __/ | | / _ \| '_ \| _| |/ _` |
_| |_/\__/ / | | \__/\ (_) | | | | | | | (_| |
\___/\____/\_| \____/\___/|_| |_|_| |_|\__, |
__/ |
|___/
--------------------------------------------------------------------------------
>> Initial configuration
Operating System: Redhat or compatible, unknown version.
Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with <ENTER>.
Tap in "quit" (without the quotes) to stop the installer.
Select language (en,de) [en]: <---- ENTER
Installation mode (standard,expert) [standard]: expert <---- expert
Full qualified hostname (FQDN) of the server, eg server1.domain.tld [email.netbck.com]: <---- ENTER
MySQL server hostname [localhost]: <---- ENTER
MySQL root username [root]: <---- ENTER
MySQL root password []: xxxx <---- mysql root's password at localhost
MySQL database to create [dbispconfig]: <---- ENTER
MySQL charset [utf8]: <---- ENTER
Shall this server join an existing ISPConfig multiserver setup (y,n) [n]: y <---- y (join an existing ISPConfig multiserver setup)
MySQL master server hostname []: mysql.netbck.com <---- mysql.netbck.com
MySQL master server root username [root]: <---- ENTER
MySQL master server root password []: xxxx <---- mysql root's password at mysql.netbck.com
MySQL master server database name [dbispconfig]: <---- ENTER
Adding ISPConfig server record to database.
Configure Mail (y,n) [y]: <---- ENTER
Configuring Postfix
Generating a 2048 bit RSA private key
......+++
........................................+++
writing new private key to 'smtpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:XX <---- Answer according your site
State or Province Name (full name) [Berkshire]: xxxx <---- Answer according your site
Locality Name (eg, city) [Newbury]: xxxx<---- Answer according your site
Organization Name (eg, company) [My Company Ltd]: xxxx<---- Answer according your site
Organizational Unit Name (eg, section) []: xxxx <---- Answer according your site
Common Name (eg, your name or your server's hostname) []: xxxx<---- Answer according your site
Email Address []:[email protected] <---- Answer according your site
Configuring SASL
Configuring PAM
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
Stopping saslauthd: [FAILED]
Starting saslauthd: [ OK ]
Shutting down Mail Virus Scanner (amavisd): [FAILED]
Starting Mail Virus Scanner (amavisd): [ OK ]
sh: /etc/init.d/clamd.amavisd: No such file or directory
sh: /etc/init.d/courier-authlib: No such file or directory
sh: /etc/init.d/courier-imap: No such file or directory
sh: /etc/init.d/courier-imap: No such file or directory
sh: /etc/init.d/courier-imap: No such file or directory
sh: /etc/init.d/courier-imap: No such file or directory
Stopping Dovecot Imap: [FAILED]
If you have trouble with authentication failures,
enable auth_debug setting. See http://wiki.dovecot.org/WhyDoesItNotWork
This message goes away after the first successful login.
Starting Dovecot Imap: [ OK ]
Configure Jailkit (y,n) [y]: <---- ENTER
Configuring Jailkit
Configure FTP Server (y,n) [y]: n <---- n
Configure DNS Server (y,n) [y]: n <---- n
Hint: If this server shall run the ispconfig interface, select 'y' in the 'Configure Apache Server' option.
Configure Apache Server (y,n) [y]: n <---- n
Configure Firewall Server (y,n) [y]: n <---- n
Configuring Firewall
Install ISPConfig Web-Interface (y,n) [y]: n <---- n
Configuring DBServer
Installing Crontab
no crontab for root
no crontab for getmail
Stopping httpd: [FAILED]
Starting httpd: [ OK ]
Installation completed.
Log into ISPConfig at http://mail.netbck.com and allow the email.netbck.com server only the installed options: Mail
If you want to use another disk or partition for email storage, mount it at /var/vmail owned by vmail:vmail
Start some processes
We need to start spamassasin and restart Dovecot:
chkconfig --levels 235 spamassassin on
/etc/init.d/spamassassin start
/etc/init.d/dovecot restart
Enable Dovecot quotas
It is needed to edit 2 files to allow Dovecot a proper configuration.
The file /etc/dovecot.conf must contain (without comments):
# # allow only if you have NFS storage mounted on /var/vmail # #mmap_disable = yes #mail_nfs_storage = yes #mail_nfs_index = yes # # # protocols = imap imaps pop3 pop3s disable_plaintext_auth = no log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = maildir:/var/vmail/%d/%n/Maildir first_valid_uid = 5000 last_valid_uid = 5000 first_valid_gid = 5000 last_valid_gid = 5000 protocol imap { mail_executable = /usr/libexec/dovecot/rawlog /usr/libexec/dovecot/imap mail_plugins = quota imap_quota mail_plugin_dir = /usr/lib/dovecot/imap/ } protocol pop3 { mail_executable = /usr/libexec/dovecot/rawlog /usr/libexec/dovecot/pop3 pop3_uidl_format = %08Xu%08Xv mail_plugins = quota mail_plugin_dir = /usr/lib/dovecot/pop3 } protocol managesieve { } protocol lda { postmaster_address = [email protected] mail_plugins = sieve quota mail_plugin_dir = /usr/lib/dovecot/lda auth_socket_path = /var/run/dovecot/auth-master } auth default { mechanisms = plain login passdb pam { } passdb sql { args = /etc/dovecot-sql.conf } userdb passwd { } userdb sql { args = /etc/dovecot-sql.conf } user = root socket listen { master { path = /var/run/dovecot/auth-master mode = 0600 user = vmail } client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } } dict { } plugin { quota = maildir quota_rule = *:storage=1G sieve_dir=~/sieve }
Also, on file /etc/dovecot-sql.conf, you must change the last two (very long) lines that define the password_query and the user_query.
Original:
password_query = SELECT password FROM mail_user WHERE email = '%u' AND disable%Ls = 'n'
user_query = SELECT email as user, maildir as home, CONCAT(maildir, '/Maildir') as mail, uid, gid, CONCAT('maildir:storage=', quota) AS quota, CONCAT(maildir, '/.sieve') as sieve FROM mail_user WHERE email = '%u' AND disable%Ls = 'n'
Must be:
password_query = SELECT email as user, password, uid as userdb_uid, gid as userdb_gid, concat('*:bytes=', quota) as userdb_quota_rule FROM mail_user WHERE email = '%u' AND disable%Ls = 'n'
user_query = SELECT email as user, maildir as home, CONCAT(maildir, '/Maildir') as mail, uid, gid, CONCAT('*:bytes=', quota) AS quota_rule, CONCAT(maildir, '/.sieve') as sieve FROM mail_user WHERE email = '%u' AND disable%Ls = 'n'
And restart Dovecot:
service dovecor restart
How to access mail
From now, you can create email domains and email users using the ISPConfig interface. You can access email accounts using any IMAP or POP client specifying:
POP/IMAP
Server: email.netbck.com
Port: Default and depends on Security options
Security: The configuration accepts unsecured connections, TLS connections and SSL connections.
SMTP
Server: email.netbck.com
Port: Default and depends on Security options
Security: The configuration accepts unsecured connections, TLS connections and SSL connections. If you want to send emails outside your email domain, you must authentificate on SMTP connection.
To authentificate on the email system, you must use your user and domain. Example: [email protected].