Debian GNU/Linux Mail Server

Dennis Leeuw

Versie 0.2.0

1. Mail User Agent

The MUA is the program that a user uses to read his or her mail. Some examples: pine, mutt or Netscape (on Windows Outlook). The MUA can use several protocols to fetch the mail. The most used services are POP3, IMAP, but SMTP is also possible.

1.1 popping mail:

All incoming mail for a user is stored in one file in /var/spool/mail/<username>. You could read your mail with more or less, but that is not very comfortable. The most secure way of using pop3 is by using pop3 over SSL. This way you get a SSH like pop3 system.

1.1.0.1 Installation

: apt-get install courier-pop-ssl

1.1.0.2 Configuration

The configuration can be found in /etc/courier/.

[META] needs more docu about interfaces to run on and protocols/ports to use.

2. Mail Transfer Agent

The MTA is a program that sends mail from one server to another. This is done through the SMTP protocol. On Debian the default MTA is Exim, however there are several GNU/Linux servers that contain this functionality like: sendmail, postfix and qmail.

I like postfix so let's start with that one.

2.1 postfix

2.1.1 Installation

: apt-get install postfix

Choose no configuration when asked for configuration.

2.1.2 configuration

The postfix configuration files can be found in /etc/postfix/.

The most important file is main.cf. Elements in this file that need special attention:

myhostname = mail.domain.com

mydestination = $myhostname, localhost.$mydomain, $mydomain

mynetworks = 192.168.1.0/24, 127.0.0.0/8

relay_domains = $mydomain

home_mailbox = Maildir/

2.1.3 Test

Test the configuration with telnet:

telnet localhost 25 # from the local machine

telnet smtp.domein.nl 25 # from a Internet machine

telnet 192.168.1.1 25 # from an internal machine

Use the following procedure:

helo domein.org

mail from: user@domein.org

rcpt to: user@domein.nl

data

quit

3. Mail Delivery Agent

The MDA is a program that incoming mail from the MTA accepts and it stores in the users mailbox, Local Delivery. The program is on almost any GNU/Linux systeem procmail. We use the functionality within postfix.

3.2 Fetchmail

It might be that you have some pop3 mail accounts on other servers or providers. To get that mail on your local system you could use fetchmail.

3.2.1 Installation

: apt-get install fetchmail

3.2.2 Configuration

A sample configuration file:

: poll pop.provider.net proto pop3
user "jsmith", with password secret1, is "johans" here;

4. Virus checking

4.1 Clam Antivirus

4.1.1 Installation

Get the source from http://www.konarski.edu.pl/~zolw. Read the documentation, which is very good, or do:

: groupadd clamav
useradd -g clamav -s /bin/false -c ``Clam Antivirus'' clamav

To build the software do:

./configure -prefix=/usr/local

make

make install

4.1.2 Help Out!

The biggest challenge for an open source virus scanner is the virus signature database. The Clamav writer has written een great tool called sigtool. It is able to create a signature from a virus file with the help of another anti-virus program that detects the virus.

If you find a virus that is not detected by clamscan, but is detected by another virus scanner, do the following:
sigtool -s <string of virus-scanner that finds the virus, when it detects it> -f <file that contains the virus> -c <how the virus-scanner should be executed>

This creates a signature file. Which should be added to the clamav database. And the next time a virus passes by it will be detected by clamscan.

4.2 AMAVIS

4.2.1 Installation

: groupadd vscan
useradd -g vscan -s /bin/false -c ``Amavis'' vscan

Compile this from source http://www.amavis.org/. Use amavis-perl-11.tar.gz

Before you can use AMAVIS you first need a couple of perl modules:

apt-get install libmime-perl libunix-syslog-perl \

libemail-valid-perl libconvert-uulib-perl \

libconvert-tnef-perl libarchive-tar-perl \

libarchive-zip-perl libcompress-zlib-perl

And some tools:

: apt-get install file bzip2 lha unarj unrar unzoo

4.2.1.1 Arc521

Then there is arc, which is not GNU/Linux ready yet. So download the source and do the following:

mkdir temp

cd temp

tar zxvf ../arc521.tar.Z

Edit arcdos.c and comment the struct timeval (don't do this on RH6.2 machines):

/*struct timeval { /* man page said <sys/types.h>, but it */

/* long tv_sec; /* really seems to be in <sys/time.h>, */

/* long tv_usec; /* but why bother... */

/*};*/

Edit tmclock.c to look like this:

#if BSD

#include <sys/time.h>

#include <time.h>

int daylight;

#else

#include <time.h>

#endif

I have send these changes to the maintainer of arc, so the next release might show better GNU/Linux support.

make

cp arc /usr/local/bin

cp arc.1 /usr/local/man/man1/

4.2.1.2 Compile AMAVIS

Compile AMAVIS:

patch -p1 < ../clamav-<version>/support/amavis/clamavis.patch

find . -exec touch 01010000 {} \;

./configure --enable-smtp --with-smtp-port=10025 --enable-postfix

make

make install

4.2.2 AMAVIS and Postfix

Add to /etc/postfix/main.cf:

: content_filter = vscan:

Adjust /etc/postfix/master.cf:

vscan unix - n n - 10 pipe user=vscan

: argv=/usr/sbin/amavis ${sender} ${recipient}

localhost:10025 inet n - n - - smtpd -o content_filter=

4.2.3 Test

Send an e-mail with the Eicar string to test the anti-virus functionality.

: X5O!P%@AP[4\PZX54(P)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

About this document ...

Debian GNU/Linux Mail Server

This document was generated using the LaTeX2HTML translator Version 2K.1beta (1.48)

The command line arguments were:
latex2html -no_subdir -split 0 -show_section_numbers /tmp/lyx_tmpdir30758nJeXv/lyx_tmpbuf3075QAkyC5/Debian_Mail_server.tex

The translation was initiated by Dennis Leeuw on 2002-05-28

Dennis Leeuw 2002-05-28