Debian_Mail_server.html [plain text]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<!--Converted with LaTeX2HTML 2K.1beta (1.48)
original version by: Nikos Drakos, CBLU, University of Leeds
* revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan
* with significant contributions from:
Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
<HTML>
<HEAD>
<TITLE>Debian GNU/Linux Mail Server</TITLE>
<META NAME="description" CONTENT="Debian GNU/Linux Mail Server">
<META NAME="keywords" CONTENT="Debian_Mail_server">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="LaTeX2HTML v2K.1beta">
</HEAD>
<BODY >
<P>
<P>
<P>
<P>
<H1 ALIGN="CENTER">Debian GNU/Linux Mail Server</H1>
<P ALIGN="CENTER"><STRONG>Dennis Leeuw</STRONG></P>
<P ALIGN="CENTER"><STRONG>Versie 0.2.0</STRONG></P>
<P>
<H1><A NAME="SECTION00100000000000000000">
1. Mail User Agent</A>
</H1>
<P>
The MUA is the program that a user uses to read his or her mail. Some
examples: pine, mutt or Netscape (on Windows Outlook). The MUA can
use several protocols to fetch the mail. The most used services are
POP3, IMAP, but SMTP is also possible.
<P>
<H1><A NAME="SECTION00110000000000000000">
1.1 popping mail:</A>
</H1>
<P>
All incoming mail for a user is stored in one file in /var/spool/mail/<username>.
You could read your mail with more or less, but that is not very comfortable.
The most secure way of using pop3 is by using pop3 over SSL. This
way you get a SSH like pop3 system.
<P>
<H3><A NAME="SECTION00110100000000000000">
1.1.0.1 Installation</A>
</H3>
<P>
<DL COMPACT>
<DT>
<DD>apt-get install courier-pop-ssl
</DD>
</DL>
<P>
<H3><A NAME="SECTION00110200000000000000">
1.1.0.2 Configuration</A>
</H3>
<P>
The configuration can be found in /etc/courier/.
<P>
[META] needs more docu about interfaces to run on and protocols/ports
to use.
<P>
<H1><A NAME="SECTION00200000000000000000">
2. Mail Transfer Agent</A>
</H1>
<P>
The MTA is a program that sends mail from one server to another. This
is done through the SMTP protocol. On Debian the default MTA is Exim,
however there are several GNU/Linux servers that contain this functionality
like: sendmail, postfix and qmail.
<P>
I like postfix so let's start with that one.
<P>
<H1><A NAME="SECTION00210000000000000000">
2.1 postfix</A>
</H1>
<P>
<H2><A NAME="SECTION00211000000000000000">
2.1.1 Installation</A>
</H2>
<P>
<DL COMPACT>
<DT>
<DD>apt-get install postfix
</DD>
</DL>Choose no configuration when asked for configuration.
<P>
<H2><A NAME="SECTION00212000000000000000">
2.1.2 configuration</A>
</H2>
<P>
The postfix configuration files can be found in /etc/postfix/.
<P>
The most important file is main.cf. Elements in this file that need
special attention:
<P>
<DL COMPACT>
<DT>
<DD>myhostname = mail.domain.com
<P>
mydestination = $myhostname, localhost.$mydomain, $mydomain
<P>
mynetworks = 192.168.1.0/24, 127.0.0.0/8
<P>
relay_domains = $mydomain
<P>
home_mailbox = Maildir/
</DD>
</DL>
<P>
<H2><A NAME="SECTION00213000000000000000">
2.1.3 Test</A>
</H2>
<P>
Test the configuration with telnet:
<P>
<DL COMPACT>
<DT>
<DD>telnet localhost 25 # from the local machine
<P>
telnet smtp.domein.nl 25 # from a Internet machine
<P>
telnet 192.168.1.1 25 # from an internal machine
</DD>
</DL>Use the following procedure:
<P>
<DL COMPACT>
<DT>
<DD>helo domein.org
<P>
mail from: user@domein.org
<P>
rcpt to: user@domein.nl
<P>
data
<P>
.
<P>
quit
</DD>
</DL>
<P>
<H1><A NAME="SECTION00300000000000000000">
3. Mail Delivery Agent</A>
</H1>
<P>
The MDA is a program that incoming mail from the MTA accepts and it
stores in the users mailbox, Local Delivery. The program is on almost
any GNU/Linux systeem procmail. We use the functionality within postfix.
<P>
<H1><A NAME="SECTION00320000000000000000">
3.2 Fetchmail</A>
</H1>
<P>
It might be that you have some pop3 mail accounts on other servers
or providers. To get that mail on your local system you could use
fetchmail.
<P>
<H2><A NAME="SECTION00321000000000000000">
3.2.1 Installation</A>
</H2>
<P>
<DL COMPACT>
<DT>
<DD>apt-get install fetchmail
</DD>
</DL>
<P>
<H2><A NAME="SECTION00322000000000000000">
3.2.2 Configuration</A>
</H2>
<P>
A sample configuration file:
<P>
<DL COMPACT>
<DT>
<DD>poll pop.provider.net proto pop3
<P>
user "jsmith", with password secret1, is "johans" here;
</DD>
</DL>
<P>
<H1><A NAME="SECTION00400000000000000000">
4. Virus checking</A>
</H1>
<P>
<H1><A NAME="SECTION00410000000000000000">
4.1 Clam Antivirus</A>
</H1>
<P>
<H2><A NAME="SECTION00411000000000000000">
4.1.1 Installation</A>
</H2>
<P>
Get the source from http://www.konarski.edu.pl/~zolw.
Read the documentation, which is very good, or do:
<P>
<DL COMPACT>
<DT>
<DD>groupadd clamav
<P>
useradd -g clamav -s /bin/false -c ``Clam Antivirus'' clamav
</DD>
</DL>To build the software do:
<P>
<DL COMPACT>
<DT>
<DD>./configure -prefix=/usr/local
<P>
make
<P>
make install
</DD>
</DL>
<P>
<H2><A NAME="SECTION00412000000000000000">
4.1.2 Help Out!</h2>
<p>The biggest challenge for an open source virus scanner is the virus signature database. The Clamav writer has written een great tool called sigtool. It is able to create a signature from a virus file with the help of another anti-virus program that detects the virus.</p>
<p>If you find a virus that is not detected by clamscan, but is detected by another virus scanner, do the following:<br>
<tt>
sigtool -s <string of virus-scanner that finds the virus, when it detects it> -f <file that contains the virus> -c <how the virus-scanner should be executed></tt>
<P>This creates a signature file. Which should be added to the clamav database. And the next time a virus passes by it will be detected by clamscan.</p>
<P>
<H1><A NAME="SECTION00420000000000000000">
4.2 AMAVIS</A>
</H1>
<P>
<H2><A NAME="SECTION00421000000000000000">
4.2.1 Installation</A>
</H2>
<P>
<DL COMPACT>
<DT>
<DD>groupadd vscan
<P>
useradd -g vscan -s /bin/false -c ``Amavis'' vscan
</DD>
</DL>Compile this from source http://www.amavis.org/. Use amavis-perl-11.tar.gz
<P>
Before you can use AMAVIS you first need a couple of perl modules:
<P>
<DL COMPACT>
<DT>
<DD>apt-get install libmime-perl libunix-syslog-perl \
<P>
libemail-valid-perl libconvert-uulib-perl \
<P>
libconvert-tnef-perl libarchive-tar-perl \
<P>
libarchive-zip-perl libcompress-zlib-perl
</DD>
</DL>And some tools:
<P>
<DL COMPACT>
<DT>
<DD>apt-get install file bzip2 lha unarj unrar unzoo
</DD>
</DL>
<P>
<H3><A NAME="SECTION00421100000000000000">
4.2.1.1 Arc521</A>
</H3>
<P>
Then there is arc, which is not GNU/Linux ready yet. So download the
source and do the following:
<P>
<DL COMPACT>
<DT>
<DD>mkdir temp
<P>
cd temp
<P>
tar zxvf ../arc521.tar.Z
</DD>
</DL>Edit arcdos.c and comment the struct timeval (don't do this on RH6.2 machines):
<P>
<DL COMPACT>
<DT>
<DD>/*struct timeval { /* man page said <sys/types.h>, but it */
<P>
/* long tv_sec; /* really seems to be in <sys/time.h>, */
<P>
/* long tv_usec; /* but why bother... */
<P>
/*};*/
</DD>
</DL>Edit tmclock.c to look like this:
<P>
<DL COMPACT>
<DT>
<DD>#if BSD
<P>
#include <sys/time.h>
<P>
#include <time.h>
<P>
int daylight;
<P>
#else
<P>
#include <time.h>
<P>
#endif
</DD>
</DL>I have send these changes to the maintainer of arc, so the next release
might show better GNU/Linux support.
<P>
<DL COMPACT>
<DT>
<DD>make
<P>
cp arc /usr/local/bin
<p>
cp arc.1 /usr/local/man/man1/
</DD>
</DL>
<P>
<H3><A NAME="SECTION00421200000000000000">
4.2.1.2 Compile AMAVIS</A>
</H3>
<P>
Compile AMAVIS:
<P>
<DL COMPACT>
<DT>
<DD>patch -p1 < ../clamav-<I><version></I>/support/amavis/clamavis.patch
<P>
find . -exec touch 01010000 {} \;
<P>
./configure --enable-smtp --with-smtp-port=10025 --enable-postfix
<P>
make
<P>
make install
</DD>
</DL>
<P>
<H2><A NAME="SECTION00422000000000000000">
4.2.2 AMAVIS and Postfix</A>
</H2>
<P>
Add to /etc/postfix/main.cf:
<P>
<DL COMPACT>
<DT>
<DD>content_filter = vscan:
</DD>
</DL>Adjust /etc/postfix/master.cf:
<P>
<DL COMPACT>
<DT>
<DD>vscan unix - n n - 10 pipe user=vscan
<DL COMPACT>
<DT>
<DD>argv=/usr/sbin/amavis ${sender} ${recipient}
</DD>
</DL>localhost:10025 inet n - n - - smtpd -o content_filter=
</DD>
</DL>
<P>
<H2><A NAME="SECTION00423000000000000000">
4.2.3 Test</A>
</H2>
<P>
Send an e-mail with the Eicar string to test the anti-virus functionality.
<P>
<DL COMPACT>
<DT>
<DD>X5O!P%@AP[4\PZX54(P)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
<P>
</DD>
</DL>
<P>
<H1><A NAME="SECTION00500000000000000000">
About this document ...</A>
</H1>
<STRONG>Debian GNU/Linux Mail Server</STRONG><P>
This document was generated using the
<A HREF="http://www-texdev.mpce.mq.edu.au/l2h/docs/manual/"><STRONG>LaTeX</STRONG>2<tt>HTML</tt></A> translator Version 2K.1beta (1.48)
<P>
Copyright © 1993, 1994, 1995, 1996,
<A HREF="http://cbl.leeds.ac.uk/nikos/personal.html">Nikos Drakos</A>,
Computer Based Learning Unit, University of Leeds.
<BR>
Copyright © 1997, 1998, 1999,
<A HREF="http://www.maths.mq.edu.au/~ross/">Ross Moore</A>,
Mathematics Department, Macquarie University, Sydney.
<P>
The command line arguments were: <BR>
<STRONG>latex2html</STRONG> <TT>-no_subdir -split 0 -show_section_numbers /tmp/lyx_tmpdir30758nJeXv/lyx_tmpbuf3075QAkyC5/Debian_Mail_server.tex</TT>
<P>
The translation was initiated by Dennis Leeuw on 2002-05-28<HR>
<!--Navigation Panel-->
<IMG WIDTH="81" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next_inactive"
SRC="/usr/share/latex2html/icons/nx_grp_g.png">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up"
SRC="/usr/share/latex2html/icons/up_g.png">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous"
SRC="/usr/share/latex2html/icons/prev_g.png">
<BR>
<!--End of Navigation Panel-->
<ADDRESS>
Dennis Leeuw
2002-05-28
</ADDRESS>
</BODY>
</HTML>