Rothirsch Technologies Hintergrund

Mailserver

Definition: A mail-server transfers mails from one end to another. As administrator you can use this kind of server to get information sent to the root user from applications on multiple hosts or you can build a communication platform for your company.

Postfix

For the configuration of a mail-server, we'll use Postfix. Postfix itself has the ability to work like a

  • MTA: Mail transport agent. Sends the mails to the correct destination
  • MDA: Mail delivery agent. This sorts the incoming mails into user mailboxes

You can't use Postfix as

  • MUA: Mail user agent. This retrieves the mail form the user mailboxes and presents it to the user

But you can configure postfix to work with different other programs like fetchmail, dovecot, spamassassin, clamav or kopano to solve this shortage. You can find other articles on this blog.

System

For the installation on this site we'll use a bpi-m64 and armbian. Installation instructions

Installation

As we use the operating system Debian Stretch, we can use the Postfix version in the default repositories.

apt update && apt install postfix

Installation steps

Click! for installation steps

Mail Client

Do send some mails from one server to another we need a mail client software.

apt update && apt install mailutils

Read your mails

Your Inbox is stored in /var/mail/$USER and the program mail is able to read it.

mail

root@mx1:~# mail
No mail for root

Output

Use mail without any parameter and you can see your inbox

Send mail

You can send mails really easy.

mail user@localhost

root@mx1:~# mail user@localhost
Cc:
Subject: Test
Hey how are you!

Output

You end and send the mail with STRG + D.

echo/cat and the pipeline

You are able to combine the mail command with others. So you can use it within scripts. You can find all arguments in the documentation

man mail

Here is an example:

echo "Test" | mail -s "Sending you Test" user@localhost

If you want to send content of a file then use cat

cat content.txt | mail -s "Sending you the content of content.txt" user@localhost

sSTMP

A much lighter MTA. It can receive mails from local programs and delivers them over a SMTP server. You can read the complete description here: https://linux.die.net/man/8/ssmtp

Mail from a remote host

In this step we send a mail from a remote host to the user mailbox on the mail server that has postfix installed. This host, on a different IP address, needs two packages to be installed.

apt update && apt install mailutils ssmtp

Configuration: /etc/ssmtp/ssmtp.conf

#
# Config file for sSMTP sendmail
#
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
# root=

# The place where the mail goes. The actual machine name is required no
# MX records are consulted. Commonly mailhosts are named mail.domain.com
mailhub=192.168.0.1:25

# Where will the mail seem to come from?
#rewriteDomain=

# The full hostname
hostname=host

# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: address
FromLineOverride=YES

This is the main configuration file. At this point, you only need to add the IP address of your postfix server and change the hostname.

Send from remote

Now you are able to send mails into any user inbox on the main mail server from the remote host.

Login to the remote host and execute

echo "Test" | mail -s "Test sSMTP" root

Login to the main MTA and execute

mail

You should see the mail with the Subject Test sSMTP in your inbox. For debugging you can view in the syslog for postfix entries

tail -f /var/log/syslog | grep postfix

fetchmail

Retrieving mails from different sources

To fill the mailboxes on the mailserver we use fetchmail to get emails from different sources like POP or IMAP servers.

So you can let your emails be managed by other companies like google or use a remote server as backup resource. What? We will discuss such things on other articles ; )

Installation

Same as with the postfix server you can use the packages from the Debian repositories.

apt update && apt -y install fetchmail

Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
  fetchmailconf

The following NEW packages will be installed:
  fetchmail

0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 579 kB of archives.
After this operation, 2,391 kB of additional disk space will be used.
Get:1 http://cdn-fastly.deb.debian.org/debian stretch/main arm64 fetchmail arm64 6.3.26-3 [579 kB]
Fetched 579 kB in 0s (731 kB/s)
Selecting previously unselected package fetchmail.
(Reading database ... 33539 files and directories currently installed.)
Preparing to unpack .../fetchmail_6.3.26-3_arm64.deb ...
Unpacking fetchmail (6.3.26-3) ...
Processing triggers for systemd (232-25+deb9u3) ...
Processing triggers for man-db (2.7.6.1-2) ...
Setting up fetchmail (6.3.26-3) ...
Adding system user`fetchmail' (UID 110)...
Adding new user `fetchmail' (UID 110) with group `nogroup' ...
Creating home directory `/var/lib/fetchmail' ...
usermod: no changes
insserv: script firstrun.bpi: service firstrun already provided!
Processing triggers for systemd (232-25+deb9u3) ...

Output

What you can spot on the output is that a user fetchmail has been created. Please take notice about this. You might need this information on other articles.

Configuration

We need to create the configuration file at first.

touch /etc/fetchmailrc
chown fetchmail:root /etc/fetchmailrc
chmod 600 /etc/fetchmailrc

This is the configuration file of fetchmail and for this article we configure it with a gmail account. So any mail send to the address user@gmail.com (It's needles to say that this is a fake address) will be retrieved and transferred to mailbox of the root user.

/etc/fetchmailrc

# Disable syslog
set no syslog

# Fetchmail logs are getting huge if you have many entries in it
set logfile /var/log/fetchmail.log

# The daemon will get the mails each 60 seconds
set daemon 60

# Undeliverable mails will be send to the postmaster
set postmaster "root"

# # #
# Client configuration
poll pop.gmail.com with proto POP3
user 'user@gmail.com' there with password 'userpassword' is root
ssl
keep

Configuration

You can find many other options to finetune your fetchmail on this site: http://www.fetchmail.info/fetchmail-man.html Scroll down to Keyword/Option Summary

Logfile

We set the logfile to /var/log/fetchmail.log. Now we need to create the file and set the right permissions.

touch /var/log/fetchmail.log
chown fetchmail:root /var/log/fetchmail.log
chmod 640 /var/log/fetchmail.log

Start the daemon

Do start the fetchmail daemon we have to set one last variable.

START_DAEMON=yes in the file:

/etc/default/fetchmail

# This file will be used to declare some vars for fetchmail
#
# Uncomment the following if you don't want localized log messages
# export LC_ALL=C

# If you want to specify any additional OPTION to the start
# scripts specify them here
# OPTIONS=...

# Declare here if we want to start fetchmail. 'yes' or 'no'
START_DAEMON=yes

Configuration

Start it with

service fetchmail start

and check it afterwards

service fetchmail status

● fetchmail.service - LSB: init-Script for system wide fetchmail daemon
Loaded: loaded (/etc/init.d/fetchmail; generated; vendor preset: enabled)
Active: active (running) since Wed 2018-04-18 09:08:24 UTC; 3s ago
 Docs: man:systemd-sysv-generator(8)
Process: 20213 ExecStop=/etc/init.d/fetchmail stop (code=exited, status=0/SUCCESS)
Process: 20252 ExecStart=/etc/init.d/fetchmail start (code=exited, status=0/SUCCESS)
 Tasks: 1 (limit: 4915)
CGroup: /system.slice/fetchmail.service
  └─20260 /usr/bin/fetchmail -f /etc/fetchmailrc --pidfile /var/run/fetchmail/fetchmail.pid
Apr 18 09:08:24 mx1 systemd[1]: Starting LSB: init-Script for system wide fetchmail daemon...
Apr 18 09:08:24 mx1 fetchmail[20252]: Starting mail retriever agent: fetchmail.
Apr 18 09:08:24 mx1 systemd[1]: Started LSB: init-Script for system wide fetchmail daemon.

Output

Finished

If you send an email to your address that you have configured and read the /var/log/fetchmail.log in the same time you can see how the transfer works.

tail -f /var/log/fetchmail.log

fetchmail: starting fetchmail 6.3.26 daemon

fetchmail: 1 message for user@gmail.com at pop.gmail.com (10507 octets).

fetchmail: reading message user@gmail.com@pop.gmail.com:1 of 1 (10507 octets) not flushed

fetchmail: 1 message (1 seen) for user@gmail.com at pop.gmail.com (10507 octets).

Output (Looks something like this)

Spamfilter

Email filtering with Spamassassin.

Installation

We use the packages from the Debian Stretch repositories.

apt update && apt -y install spamassassin spamc

Configuration

If an email arrives on the server the Postfix service should send the email to the Spamassassin service before it delivers it to the mailboxes. So we have to tell Postfix how this could be accomplished.

Therefore create a script like described on the official Apache wiki.

/usr/bin/spamfilter.sh

#!/bin/bash
#
# spamfilter.sh
#
# Simple filter to plug SpamAssassin into the Postfix MTA
#
# Modified by Jeremy Morton
#
# This script should probably live at /usr/bin/spamfilter.sh
# ... and have 'chown root:root' and 'chmod 755' applied to it.
#
# For use with:
# Postfix 20010228 or later
# SpamAssassin 2.42 or later

# Note: Modify the file locations to suit your particular
# server and installation of SpamAssassin.
# File locations:
# (CHANGE AS REQUIRED TO SUIT YOUR SERVER)
SENDMAIL=/usr/sbin/sendmail
SPAMASSASSIN=/usr/bin/spamc

logger <<<"Spam filter piping to SpamAssassin, then to: $SENDMAIL $@"
${SPAMASSASSIN} | ${SENDMAIL} "$@"

exit $?

Create

Like described in the script, change the permission of the file

chown root: /usr/bin/spamfilter.sh
chmod 755 /usr/bin/spamfilter.sh


/etc/postfix/master.cf

Postfix will use the file above to redirect new mails. We tell the service within its configuration how it can use the script. Change the file /etc/postifx/master.cf

smtp inet n - y - - smtpd

Change

smtp inet n - y - - smtpd
   -o content_filter=spamfilter

To

spamfilter
          unix - n n - - pipe
   flags=Rq user=debian-spamd argv=/usr/bin/spamfilter.sh -oi -f ${sender} ${recipient}

Add

Activating

Before you activate the new settings, read the server logs with tail and watch how Postfix handles an email that you send from a remote host

tail -f /var/log/syslog |grep postfix

Apr 24 10:08:33 mx1 postfix/smtpd[12981]: connect from unknown[192.168.0.2]
Apr 24 10:08:33 mx1 postfix/smtpd[12981]: 5A8D21F09D: client=unknown[192.168.0.2]
Apr 24 10:08:34 mx1 postfix/cleanup[12985]: 5A8D21F09D: message-id=<>
Apr 24 10:08:34 mx1 postfix/qmgr[12975]: 5A8D21F09D: from=root@remote, size=437, nrcpt=1 (queue active)
Apr 24 10:08:34 mx1 postfix/smtpd[12981]: disconnect from unknown[192.168.0.2] helo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Apr 24 10:08:34 mx1 postfix/local[12986]: 5A8D21F09D: to=root@localhost, relay=local, delay=1.4, delays=1.3/0.03/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox)
Apr 24 10:08:34 mx1 postfix/qmgr[12975]: 5A8D21F09D: removed

Output



Start the server for the first time and read the server logs again

service spamassassin restart
service postfix restart
tail -f /var/log/syslog |grep postfix

Send a mail from a remote host and watch how Postfix redirects the mail to Spamassassin

Apr 24 10:19:56 mx1 postfix/smtpd[13250]: connect from unknown[192.168.0.2]
Apr 24 10:19:56 mx1 postfix/smtpd[13250]: C87861F099: client=unknown[192.168.0.2]
Apr 24 10:19:57 mx1 postfix/cleanup[13254]: C87861F099: message-id=<>
Apr 24 10:19:58 mx1 postfix/qmgr[13243]: C87861F099: from=root@remote, size=437, nrcpt=1 (queue active)
Apr 24 10:19:58 mx1 postfix/smtpd[13250]: disconnect from unknown[192.168.0.2] helo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Apr 24 10:19:58 mx1 postfix/pickup[13242]: 5D7FF1F0B4: uid=111 from=root@remote
Apr 24 10:19:58 mx1 postfix/cleanup[13254]: 5D7FF1F0B4: message-id=20180424101958.5D7FF1F0B4@localhost
Apr 24 10:19:58 mx1 postfix/pipe[13255]: C87861F099: to=root@localhost, relay=spamfilter, delay=1.6, delays=1.3/0.03/0/0.25, dsn=2.0.0, status=sent (delivered via spamfilter service)
Apr 24 10:19:58 mx1 postfix/qmgr[13243]: C87861F099: removed
Apr 24 10:19:58 mx1 postfix/qmgr[13243]: 5D7FF1F0B4: from=root@remote, size=893, nrcpt=1 (queue active)
Apr 24 10:19:58 mx1 postfix/local[13261]: 5D7FF1F0B4: to=root@localhost, relay=local, delay=0.24, delays=0.19/0.03/0/0.03, dsn=2.0.0, status=sent (delivered to mailbox)
Apr 24 10:19:58 mx1 postfix/qmgr[13243]: 5D7FF1F0B4: removed

Output

Enable

At the end you can enable the spamassassin.service so it starts on the next reboot

systemctl enable spamassassin.service

Synchronizing state of spamassassin.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable spamassassin
insserv: script firstrun.bpi: service firstrun already provided!
insserv: script firstrun.bpi: service firstrun already provided!

Output

Mailserver on ARM