• Uncategorized

Installation of mail system on Ubuntu

I assume that you have installed system with basic configuration and SSH running. After login to system we can install dovecot-postfix package, which is described as fully functional mail server:

drfugazi@charr:~% sudo aptitude install dovecot-postfix
[sudo] password for drfugazi:
Reading extended state information
Initializing package states... Gotowe
The following NEW packages will be installed:
  dovecot-common{a} dovecot-imapd{a} dovecot-pop3d{a} dovecot-postfix
0 packages upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 7957kB of archives. After unpacking 15,1MB will be used.
Do you want to continue? [Y/n/?] y
...
Configuring dovecot-common (1:1.2.9-1ubuntu6.1) ...
Creating config file /etc/dovecot/dovecot.conf with new version
Creating config file /etc/dovecot/dovecot-ldap.conf with new version
Creating config file /etc/dovecot/dovecot-sql.conf with new version

Now we should check if Dovecot is running and we can connect to IMAP server on localhost:

drfugazi@charr:~% ps axu|grep dovecot
root     13772  0.0  0.0   2320   700 ?        Ss   Nov19   0:00 /usr/sbin/dovecot -c /etc/dovecot/dovecot.conf
root     13775  0.0  0.2  10208  2536 ?        S    Nov19   0:00 dovecot-auth
...
drfugazi@charr:~% telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
a LOGOUT
* BYE Logging out
a OK Logout completed.
Connection closed by foreign host.

If you can connect to localhost then you can try from outside:

drfugazi@neptun:~% telnet example.com 143
Trying 212.106.X.X...
telnet: Unable to connect to remote host: Connection timed out

Lets check on which interface Dovecot is listening for connections:

drfugazi@charr:~% netstat -an|grep 143
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN

All interfaces, so you need to check firewall and add a rule to allow connections to IMAP port 143:

sudo iptables -I INPUT -i eth0 -p tcp --syn --dport 143 -d 212.106.X.X -j ACCEPT

Try once more:

drfugazi@neptun:~% telnet example.com 143
Trying 212.106.X.X...
Connected to example.com.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS LOGINDISABLED] Dovecot ready.
a LOGOUT
* BYE Logging out
a OK Logout completed.
Connection closed by foreign host.

Looks good. Now we can take a closer look to SMTP server, Postfix. Look at master.cf file:

drfugazi@charr:~% cd /etc/postfix
drfugazi@charr:/etc/postfix% sudo vi master.cf
[sudo] password for drfugazi:

We are especially interested smtps and submission sections, we need to enable them in master.cf. By the way, we can check if the port numbers are in /etc/services:

drfugazi@charr:/etc/postfix% grep submis /etc/services
submission      587/tcp                         # Submission [RFC4409]
submission      587/udp
drfugazi@charr:/etc/postfix% grep smtps /etc/services
ssmtp           465/tcp         smtps           # SMTP over SSL

Looks good, lets check main.cf file, there should be lines added by dovecot-postfix package:

mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/conf.d/01-dovecot-postfix.conf -n -m "${EXTENSION}"
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions = reject_unknown_sender_domain
smtp_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom

We can leave this as is and restart Postfix. Note: you need to stop and start Postfix server to get new settings from master.cf file:

drfugazi@charr:/etc/postfix% sudo service postfix stop
 * Stopping Postfix Mail Transport Agent postfix                                                                 [ OK ]
drfugazi@charr:/etc/postfix% sudo service postfix start
 * Starting Postfix Mail Transport Agent postfix                                                                 [ OK ]

Lets check if postfix listening on submission (587) and smtps (465) ports:

drfugazi@charr:/etc/postfix% netstat -an|egrep "(:587|:465)"
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN

Ports are open, lets try to connect from localhost:

drfugazi@charr:/etc/postfix% telnet localhost 587
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 charr ESMTP Postfix (Ubuntu)
ehlo localhost
250-charr
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
starttls
220 2.0.0 Ready to start TLS
^]
telnet> quit
Connection closed.

We will not try to connect to smtps (465) port, because there is SSL needed to talk. Lets try to connect from outside, iptables needs to allow connections of course:

drfugazi@charr:/etc/postfix% sudo iptables -L -n|egrep "(:465|:587)"
drfugazi@charr:/etc/postfix% sudo iptables -I INPUT -i eth0 -p tcp --syn --dport 587 -d 212.106.X.X -j ACCEPT
drfugazi@charr:/etc/postfix% sudo iptables -I INPUT -i eth0 -p tcp --syn --dport 465 -d 212.106.X.X -j ACCEPT
drfugazi@charr:/etc/postfix% sudo iptables -L -n|egrep "(:465|:587)"
ACCEPT     tcp  --  0.0.0.0/0            212.106.X.X     tcp dpt:465 flags:0x17/0x02
ACCEPT     tcp  --  0.0.0.0/0            212.106.X.X     tcp dpt:587 flags:0x17/0x02

drfugazi@charlie:~% telnet example.com 587
Trying 212.106.X.X...
Connected to example.com.
Escape character is '^]'.
220 charr ESMTP Postfix (Ubuntu)
ehlo test
250-charr
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
starttls
220 2.0.0 Ready to start TLS
^]
telnet> quit
Connection closed.

Now I suggest you to configure mail client software like Thunderbird or Outlook and try to login with use of configured system user. Finally we want to have virtual domains and users with LDAP of course, but it is better to do some checkpoints. If you have a problem with login please check log files for errors and try to eliminate them.

My Thunderbird automagically configured itself for IMAP with TLS on port 143, and for SMTP with TLS on port 587. This is very good configuration. If your mail client can not do that, you can configure IMAP with SSL on 993 or POP3/SSL on 995 and SMTP with SSL on port 465 or… change mail client 😉

Now you should try to send mail, preferably to your external account. Next step is to reply to this mail. This will show whether mail is sent back and forth. If something is wrong, check your logs and try to fix.

If all of above works, we have mail system configured to send and deliver mail and authenticate user with use of files. Now we can go for more challenging tasks like installation and configuration of LDAP directory service:

There is quite good description on HowtoForge. I used this, here is my session transcript: installation-and-configuration-openldap.

You may also like...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.