Mail Server (postfix) Configuration with webmail (Debian wheezy)
Posted by Md. Mahidul Hasan on 6:41 AM with 4 comments
Mail Server (postfix) Configuration (Debian wheezy)
Postfix installation:
3.apt-get install postfix
it will popup a window for Postfix Configuration...
** Select Internet with Smarthost
** Give system mail name mail.mehedi.com
** Enter SMTP relay host if you want to relay your mail though ISP
So relay host: mx.bol-online.com
if you don't want to relay leave it blank.
** after the completion of installation of postfix it will automatically
restart the postfix service.
4. now we will configure postfix main config file...
#vim /etc/postfix/main.cf
Modify the following line:
myhostname = mail.mehedi.com
alias_maps = hash:/etc/postfix/aliases [just add the folder loacation (postfix)]
alias_database = hash:/etc/postfix/aliases
transport_maps = hash:/etc/postfix/transport
access_maps = hash:/etc/postfix/access
myorigin = /etc/mailname
mydestination = mehedi.com, mail.mehedi.com, localhost.mehedi.com, localhost
mynetworks = 127.0.0.1/8, 192.168.0.0/24, hash:/etc/postfix/transport [::ffff:127.0.0.0]/104 [::1]/128
message_size_limit = 0
Note: Don't forget to include the transport file location in mynetorks...path line....[hash:/etc/postfix/transport]. if you want to set outgoing mail size you can set from message_size_limit. by defult there is no restrictions (message_size_limit = 0).
5. cd /etc/
6.ls for listing all files & directories....here we will find aliases & aliases.db
7.now we will move it to postfix folder...
# mv aliases aliases.db /etc/postfix/
8.cd /etc/postfix
9.ls ....now we will find here aliases
10.now we will create two file named (transport & access)
# touch transport access
11. now we will create three db file....
# postalias aliases
# postmap transport
# postmap access
12.now we will edit transport file to handle local mail locally.
# vim transport
Give here your local mail domain....
mehedi.com local:
.mehedi.com local: (don't forget to give dot/ full stop sign before the domain)
13. now again enter...
# postmap transport [it will validate the modification in transport file]
14. now we will install telnet
#apt-get install telnet
15. after the successfull completion of telnet installation; we will send a local mail now for test.
# telnet localhost 25
now give the subject...
# helo mehedi
now enter....
mail from: test@mehdi.com
rcpt to: info@mehedi.com
now we will write the message body.......
data [press enter]
Hello!!! this is a test mail....
Press full stop to end the message.
now write quit to exit from the message.
16. Now we will check the mail status
# tail -f /var/log/mail.log
17. now we will see and display the sent mail...
# alpine -f /var/spool/mail/info
18. If we need to check mail que then enter the following command:
# mailq
19. If we need to clean the complete mail que (all the mails in the que )......
# postsuper -d ALL
20. If we need to delete a particular mail from the mail que......
# postsuper -d "mail que ID" [to know the mail que id enter the command (#mailq)]
***** SOME TIMES IT IS HELPFUL IF WE DOWNLOAD & INSTALL mailutils...... like (m4 file processor)
# apt-get install mailutils
Hay!!!!mail server is complete.
#################################################
---------- Mail Server Advanced Tuning ------------
################################################
Advanced tuning about TRANSPORT FILE(DB):
******What we mention in transport file of postfix:
mahidul.com local:
.mahidul.com local:
what actually these two lines mean?
Ans:
These two lines mean that when any mail come to a domain destining to suppose user@mahidul.com then transport file determines that where to deliver it. so in this case it will deliver the mail to local server.
When the below lines are given in transport file then what will happen?
[when we use the default port we need not to mention 25 port.....]
mithu.com smtp:[202.84.33.13]
.mithu.com smtp:[202.84.33.13]
or
[when we use secure port suppose 465 port; the syntax is as below:]
mithu.com smtp:[202.84.33.13]:465
.mithu.com smtp:[202.84.33.13]:465
Ans: IN this case when any mail come to a domain destining to suppose pagol@mithu.com
then transport file will determine that this mail is to deliver to another mail server whose ip addrss is 202.84.33.13
NOTE: WHENVER WE MODIFY THE TRANSPORT FILE; WE SHOULD RECREATE TRANSPORT DB FILE BY THE FOLLWING COMMAND
# cd /etc/postfix
# postmap transport
Advanced tuning about Access File (DB):
What is the main purpose of Access File in postfix???????
Ans:
If we want to fight against spamming though blocking those particular spamming domain / email address definitly we need to modify the access file.
The configuration should look like this:
mahidul@bol-online.com 550 Sorry we dont accept any spammer....
mithu@bol-online.com 550 Sorry we dont accept any spammer....
soykot@bol-online.com 550 Sorry we dont accept any spammer....
mehedi@nationalhousingbd.com 550 Sorry we dont accept any spammer....
ziaul@nationalhousingbd.com 550 Sorry we dont accept any spammer....
bdjos.com 550 Sorry we don't want any notification
prothom-alojobs.com 550 Sorry we don't want any notification
saleh@jobsa1.com OK
arshad@jobsa1.com OK
jobsa1.com 550 Sorry we don't want any notification
tuhin@anatabd.com 550
selim@anantabd.com 550
hamid@apicgroup.com 554
shoibal@proshikanet.com 554
sohel@proshikanet.com REJECT
shamaun@proshikanet.com REJECT
amadergroup.com 554
Explanation:
1. All of the domains are mentioned in the above configuration file must be blocked that means no incoming mail will be accepted from these domains / mail addresses.
2. 550 means block this domain / mail address
3. 554 means allow the domain / mail address but give no feedback. If auto reply is configured and enabled, in that case...it also not give any feedback though auto reply.
4. We can use REJECT [definitely capital letter] instead of 550
5. If we want to give reply mail against blocked mail we use [Sorry we dont accept any spammer....] this portion.
6. If we want to block a particular domain but to allow a particular mail account of that blocked domain in that case>>>>>>>>>>>>>>>>
$$ Firstly allow that mail address of that domain
$$ Then deny the whole domain
Example:
saleh@jobsa1.com OK
arshad@jobsa1.com OK
jobsa1.com 550 Sorry we don't want any notification
Advanced tuning about Aliases File (DB):
What is the main purpose of Aliases File in postfix?
If we demand that the mails that are comming to a particular mail adress should be received by other multiple receipients in that case we will configure the alliases file like this way:
postmaster: root
nhfil.info: rkpaul,mazharul,mubassher,abid,nhfil.info
mahidul :mehedi,arshed,shahidulalam,mahidul
Explanation:
1. If a mail come to nhfil.info mail account then a copy the mail will be also received by the mentioned [rkpaul,mazharul,mubassher,abid,nhfil.info] accounts.
nhfil.info: here this is main receipent
rkpaul,mazharul,mubassher,abid >>>>>>>>> other receipent
nhfil.info----at the end of the line why we add this accont. The answer is one copy of the mail should be received by this mail account as a main receipient.
Advanced tuning about Incomming and Outgoing mail aliasing service:
First we need procmail package for this service.
root@mail:# apt-get install procmail
Then we have to add a user account named allmail
root@mail:# adduser allmail
Send a copy of all mail to allmail account by adding auto bcc (bcc mail user will not be able notice) in postfix,
root@mail:~# vim /etc/postfix/main.cf
always_bcc = allmail@mahidul.com
Forward the incomming mail to procmail from .forward file,
root@mail:# vim /home/allmail/.forward
|/usr/bin/procmail
Resend/aliasing your mail from allmail using the folling script,
root@mail:# vim /home/allmail/.procmailrc
SHELL=/bin/sh
MAILDIR=/var/spool/mail
LOGFILE=/var/log/procmail.log
LOCKFILE=$HOME/.lockmail
### Incoming Filtering ###
:0
* ^(To|Cc):.*mehedi@mahidul.com
! mehedi, mahidul, info, mahidul24@gmail.com
### Outgoing Filtering ###
:0
* ^From.*mehedi@mahidul.com
! mehedi, mahidul, info, mahidul24@gmail.com
Here 1st line (* ^(To|Cc):.*mehedi@mahidul.com) means if mail come to mehedi@mahidul.com account then send this mail mehedi, mahidul, info and mahidul24@gmail.com.
And 2nd line (* ^From.*mehedi@mahidul.com) means if any mail is sent from mehedi@mahidul.com account then send a copy of the mail to mehedi, mahidul, info and mahidul24@gmail.com.
After that, give ownership permission to both .procmailrc and .forward files,
root@mail:# chown allmail:allmail /home/allmail/.procmailrc
root@mail:# chown allmail:allmail /home/allmail/.forward
At last restart the postfix service,
root@mail:# /etc/init.d/postfix restart
Block attachment extension type:
Open main.cf file and append / set mime_header_checks directive as follows,
# vim /etc/postfix/main.cf
mime_header_checks = regexp:/etc/postfix/mime_header_checks
Save and close the file. To block attachments first create postfix lookup table for mime_header_checks file. Then open /etc/postfix/mime_header_checks file and Append following line,
# vim /etc/postfix/mime_header_checks
/name=[^>]*\.(bat|com|exe|dll|vbs)/ REJECT
Save and close the file. Restart postfix
# /etc/init.d/postfix restart
Watch log file. You should see rejected mail log in /var/log/maillog file,
# tail -f /var/log/mail.log
Block attachment extension / Specific file extension block in postfix:
How to block attachment file extension in Postfix (OS= Debian)?
vim /etc/postfix/main.cf
Add the following line.
mime_header_checks = regexp:/etc/postfix/mime_header_checks
Now open /etc/postfix/mime_header_checks file:
vim /etc/postfix/mime_header_checks
Append following line:
/name=[^>]*\.(bat|exe|dll|eml|vbs)/ REJECT ### File ext that you want to block ####
Save and close the file. Restart postfix
# /etc/init.d/postfix restart
Watch log file. You should see rejected mail log in /var/log/maillog file,
# tail -f /var/log/mail.log
Allow the selected users only to send local mail:
[root@mail ~]# vim /etc/postfix/main.cf
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/restricted_senders, permit_mynetworks, reject_unauth_destination
[root@mail ~]# vim /etc/postfix/restricted_senders
mehedi@mahidul.com local_only
soykot@mahidul.com local_only
mithu@mahidul.com local_only
Explanation:
All of the above mentioned mail user will only able to send and receive mail
within the same domain but can't send and receive with any other domain.
Now we will setup & Configure Webmail:
So far we know there are lots of popular webmail software in Linux like
>> Squirrel Mail >> Openweb Mail >> Horde >> Roundcube
Here we will describe about Squirrel Mail & Openweb Mail.....
HOW TO CONFIGURE SQUIRREL MAIL:
1.apt-get install apache2
apt-get install php5
2.Now we will download squirrel mail tar.gz file
# wget http://sourceforge.net/projects/squirrelmail/files/stable/1.4.21/squirrelmail-1.4.21.tar.gz
it will download the squirrelmail file in postfix directory. Lets check with ls command.
3.copy the downloaded file to /var/www directory....
# cp squirrelmail-1.4.21.tar.gz /var/www
4. Now Change directory to /var/www
# cd /var/www
5.Now we will extract the downloaded tar.gz file
# tar -zxvf squirrelmail-1.4.21.tar.gz
6.Rename squirrelmail-1.4.21 folder to webmail
# mv squirrelmail-1.4.21 webmail
7.Now change directory to webmail
# cd webmail
8.Oh! ho....we will now configure webmail....
#./configure
Here the Config begins:
Command>> 1 [for organization preference]
again Command >> 1 [enter organization name suppose Mehedi Group]
command >> 2 [for organization Logo] press S for save and R for return to main menu.
Now from Main Menu....
Command >> 1 [enter Domain name mehedi.com]
Please save the changes and return to main menu.
Now from Main Menu....
Command >> 4 [it will enter General options]
Command >> 1 [to change the Data Directory to /var/www/webmail/data/ ]
Command >> 2 [to change the attachment Directory to /var/www/webmail/attach/ ]
******* Don't forget to create a folder named attach in webmail directory.
# cd /var/www/webmail
# makdir attach
Save the changes and return to the main menu and then exit from webmail configuration..... Finally....
9. # cd.. [for go to previous directory... now we will be at /var/www/ directory...]
10.# chown -R www-data:www-data webmail/
# cd /var/www/webmail/
# chown -R www-data:www-data data/
# chown -R www-data:www-data attach/
11.# /etc/init.d/apache2 restart
# /etc/init.d/postfix restart
# /etc/init.d/dovecot restart
If your squirrel mail open a download file instead opening the web interface install the following package and restart apache2.
# apt-get install apache2-mpm-prefork
# /etc/init.d/apache2 restart
Of course remove your browser's cache
Now go to web browser and type: http://192.168.0.2/webmail....
ha ha ha you find the Squirrell mail login page...hopefully....
12. Squirrelmail index.html (Auto-Redirect)
# vim /var/www/index.html
<HTML><HEAD>
<TITLE>Auto-Redirect Page for Webmail</TITLE>
<meta http-equiv="Refresh" content="0; URL=http://192.168.1.1/webmail/">
</HEAD><BODY>
</body>
</html>
13. Increase squirrelmail attachment size:
By default Squirrel mail (webmail) has maximum attachment size limit 2MB. But in our daily mail transections we need to send large files as attachment.
To increase the attachment size edit /etc/php5/apache2/php.ini file.
# vim /etc/php5/apache2/php.ini
upload_max_filesize = 2M [increase the size as you need]
post_max_size = 20M [increase the size as you need]
save and close.
Now restart apache.
#/etc/init.d/apache2 restart
Changing password and save company logo:
root@mail:~# apt-get install poppassd
root@mail:~# cd /var/www/webmail/
root@mail:~# wget http://www.squirrelmail.org/plugins/change_pass-2.7a-1.4.x.tar.gz
root@mail:~# tar -zxvf change_pass-2.7a-1.4.x.tar.gz
root@mail:~# cd ..
root@mail:~# ./configure
Move the plugin change_pass\94 from available plugins to installed plugins. Changing password option should be available in the options menu under squirrelmail. Logo location: /var/www/webmail/images/sm_logo.png. If there is a problem, try rebooting the server.
14. webmail changepassword in linux
I was working with squirrelmail change password plugin on RHEL 5. Though it works, I know, but unfortunately it was not working on that day. I have tried all the possible ways but failed. Then I have to go for alternate way and did changepassword on that server. Here is how I did it.
Download it on your server.
# wget <the link for changepassword-0.9.tar.gz>
untar the file:
# tar \96zxvf changepassword-0.9.tar.gz
Now enter the directory do the following steps (I have a cgi-bin dir in /var/www):
# cd changepassword-0.9
# ./configure \96help
# ./configure --enable-cgidir=/var/www/cgi-bin --disable-smbpasswd --disable-squidpasswd
# make && make install
Now open the page with the follwing URL and change your password:
http://<your-server-IP>/cgi-bin/changepassword.cgi
To make easier for user we have to change the path:
# mkdir /var/www/changepass
# cd /var/www/changepass
vim index.html
## type the following lines in this file and save it ##
<HTML><HEAD>
<TITLE>Webmail Password change</TITLE>
<meta http-equiv="Refresh" content="0; URl=http://<your-server-ip>/cgi-bin/changepassword.cgi">
</HEAD><BODY>
</body>
</html>
Now restart the apache service and open the below URL:
http://<your-server-ip>/changepass/
****Note: If you download squirrelmail by apt-get install method it may occur some difficulties later on.
But the way is:
# apt-get install squirrelmail (To download & install)
# squirrelmail-configure (To configure)
HOW TO CONFIGURE OPENWEB MAIL
# apt-get install apache2
# cd /var/www
# wget http://openwebmail.acatysmoof.com/download/current/openwebmail-current.tar.gz
# tar xvf openwebmail-current.tar.gz
# cp -R cgi-bin/openwebmail /usr/lib/cgi-bin/
# cd data/
# mv openwebmail /var/www
# vim /usr/lib/cgi-bin/openwebmail/etc/openwebmail.conf
domainnames arif.com
auth_module auth_unix.pl
mailspooldir /var/mail
ow_cgidir /usr/lib/cgi-bin/openwebmail
ow_cgiurl /cgi-bin/openwebmail
ow_htmldir /var/www/openwebmail
ow_htmlurl /openwebmail
logfile /var/log/openwebmail.log
# vim /usr/lib/cgi-bin/openwebmail/etc/defaults/auth_unix.conf
passwdfile_encrypted /etc/shadow
passwdmkdb none
# vim /usr/lib/cgi-bin/openwebmail/etc/defaults/dbm.conf
dbm_ext .pag
dbmopen_ext none
dbmopen_haslock no
# apt-get install perl-suid
# apt-get install libhtml-template-perl
# cd /usr/lib/cgi-bin/openwebmail
# chmod 4555 *.pl [After 4555 there should be a space]
# cd /var/www
# chown -R www-data:www-data openwebmail
# cd /usr/lib/cgi-bin/openwebmail/etc/
# chmod 777 sessions
# cd /usr/lib/cgi-bin/openwebmail
# ./openwebmail-tool.pl --init
# cd /var/www/openwebmail
# cp redirect.html /var/www/index.html
# cp redirect.html index.html
That's it. Installation is complete. Now type this address to login to the web page.
http://***.***.***.***/openwebmail/
http://***.***.***.***/cgi-bin/openwebmail/openwebmail.pl
# Openwebmail redirect
# vim /var/www/index.html
<HTML><HEAD>
<TITLE>Auto-Redirect Page for Open Webmail</TITLE>
<meta http-equiv="Refresh" content="0; URL=http://192.168.1.1/cgi-bin/openwebmail/openwebmail.pl">
</HEAD><BODY>
</body>
</html>
HOW TO CONFIGURE WEBMAIL ROUNDCUBE:
# apt-get install apache2
# apt-get install mysql-server
# apt-get install php5 php5-mcrypt
# apt-get install phpmyadmin
mkdir /var/www/webmail/
cd /var/www/
wget http://sourceforge.net/projects/roundcubemail/files/roundcubemail/0.7/roundcubemail-0.7.tar.gz
tar xfz roundcubemail-0.7.tar.gz
mv roundcubemail-0.7/* webmail
rm roundcubemail-0.7.tar.gz
rm -rf roundcubemail-0.7
cd webmail
chown -R www-data:www-data temp/ logs/
# mysql -u root -p (enter the given password while installing MYSQL )
CREATE DATABASE roundcubemail;
GRANT ALL PRIVILEGES ON roundcubemail.* TO mithupcs@localhost IDENTIFIED BY 'mithupcs';
FLUSH PRIVILEGES;
4 Configuring RoundCube
Now point your browser to http://172.16.0.1/webmail/installer/ and you will find tow NOT OK responding error
message. Don't worry about NOT AVAILABLE ERROR.(ignore them....) Do as follows.........
#cd /etc/php5/apache2/conf.d
# vim suhosin.ini (To change the suhosin entry....)
The error message is [ suhosin.session.encrypt: NOT OK]
Solution:
remove the ( ; ) sign from infront of the line & set its value (off)
Another error message is date.timezone NOT OK.....
Have to change the date.timezone to Asia / Dacca
Solution:
cd /etc/php5/apache2/
vim php.ini
remove the ( ; ) sign from infront of the line & set its value
date.timezone = 'Asia/Dacca'
If everything is okay click
"START INSTALLATION". The installer checks if everything is there. In case you see some red NOT OK
messages, you need to install or enable something. Follow the links to see what has to be done.
If everything checks out fine you are ready to create the configuration files, click "NEXT" to get
there. Get through the form and change the settings according to your needs. Do not forget to enter
the database setting that we made earlier within the "Database Setup" section.
DATABASE SETUP:
Database Server : localhost
Database Name : roundcubemail
Database UserName : mithupcs
Database Password : mithupcs
IMAP Settings:
default_host : localhost
default_port : 143
SMTP Settings:
smtp_server : localhost
When you are finished hit the "CREATE CONFIG" button and you will get two text boxes with the information
for main.inc.php and db.inc.php. Download this two file and paste them into /var/www/webmail/config directory.
Finally click "CONTINUE" and get to the last step of the installation process. Your configuration will
now be verified and tested against your webserver. Click "Initialize database" to create the necessary
tables in your database.
If there are no red NOT OK messages, you can also try to send a mail in order to test the SMTP settings.
Last but not least you have to remove the whole installer directory from the webserver. If this remains
active it can expose the configuration including passwords. We do this with the following command:
Test SMTP Config
Sender : mehedi@mithu.com (Domain should be included...)
Receipent: hasan@mithu.com (Domain should be included...)
Test IMAP Config
Username : mehedi (Only give the user name, not along with domain... )
Password : ******
FINAL TOUCH AFTER COMPLETION OF ROUNDCUBE CONFIG
Don't forget to remove the mail installer folder after successful roundcube config...
# rm -rf /var/www/webmail/installer
For everyone to be able to access his webmail (under his domain name) you have to create or edit
the file /etc/apache2/conf.d/roundcube.conf and add the alias "/webmail" and some more information
about the directories:
#vim /etc/apache2/conf.d/roundcube.conf
copy and paste the following script:
# RoundCube alias and redirect functions
Alias /webmail /var/www/webmail
<Directory /var/www/webmail>
Options +FollowSymLinks
# This is needed to parse /var/www/webmail/.htaccess. See its
# content before setting AllowOverride to None.
AllowOverride All
order allow,deny
allow from all
</Directory>
# Protecting basic directories:
<Directory /var/www/webmail/config>
Options -FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/webmail/temp>
Options -FollowSymLinks
AllowOverride None
Order allow,deny
Deny from all
</Directory>
<Directory /var/www/webmail/logs>
Options -FollowSymLinks
AllowOverride None
Order allow,deny
Deny from all
</Directory>
<IfModule mod_rewrite.c>
<IfModule mod_ssl.c>
<Location /webmail>
RewriteEngine on
RewriteCond %{HTTPS} !^on$ [NC]
RewriteRule . https://www.yourdomain.com:8080/webmail/ [L]
</Location>
</IfModule>
</IfModule>
Final TWEAKS:
# vim /var/www/webmail/config/main.inc.php
Give the following values as given below:
[...]
$rcmail_config['message_cache_lifetime'] = '30m';
[...]
$rcmail_config['default_host'] = 'localhost';
[...]
$rcmail_config['smtp_server'] = '%h';
[...]
$rcmail_config['session_lifetime'] = 30;
[...]
$rcmail_config['create_default_folders'] = TRUE;
[...]
Now go to http://yourServerIp/webmail to access the newly created webmail interface.
Trouble Shooting:
Problem: IF WEBSPACE doesn't user MOD-PHP then do the following....
#vi /etc/apache2/conf.d/roundcube.conf
Submitted by xxs (not registered) on Fri, 2012-01-06 20:07.
vi /etc/apache2/conf.d/roundcube.conf
must be
# RoundCube alias and redirect functions
Alias /webmail /var/www/webmail
<Directory /var/www/webmail>
Options +FollowSymLinks
# This is needed to parse /var/www/webmail/.htaccess. See its
# content before setting AllowOverride to None.
AllowOverride All
order allow,deny
allow from all
<IfModule mod_php5.c>
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_value include_path .
</IfModule>
</Directory>
# Protecting basic directories:
<Directory /var/www/webmail/config>
Options -FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/webmail/temp>
Options -FollowSymLinks
AllowOverride None
Order allow,deny
Deny from all
</Directory>
<Directory /var/www/webmail/logs>
Options -FollowSymLinks
AllowOverride None
Order allow,deny
Deny from all
</Directory>
to make sure it is working if the customer webspace doesn't use mod_php
Postfix installation:
3.apt-get install postfix
it will popup a window for Postfix Configuration...
** Select Internet with Smarthost
** Give system mail name mail.mehedi.com
** Enter SMTP relay host if you want to relay your mail though ISP
So relay host: mx.bol-online.com
if you don't want to relay leave it blank.
** after the completion of installation of postfix it will automatically
restart the postfix service.
4. now we will configure postfix main config file...
#vim /etc/postfix/main.cf
Modify the following line:
myhostname = mail.mehedi.com
alias_maps = hash:/etc/postfix/aliases [just add the folder loacation (postfix)]
alias_database = hash:/etc/postfix/aliases
transport_maps = hash:/etc/postfix/transport
access_maps = hash:/etc/postfix/access
myorigin = /etc/mailname
mydestination = mehedi.com, mail.mehedi.com, localhost.mehedi.com, localhost
mynetworks = 127.0.0.1/8, 192.168.0.0/24, hash:/etc/postfix/transport [::ffff:127.0.0.0]/104 [::1]/128
message_size_limit = 0
Note: Don't forget to include the transport file location in mynetorks...path line....[hash:/etc/postfix/transport]. if you want to set outgoing mail size you can set from message_size_limit. by defult there is no restrictions (message_size_limit = 0).
5. cd /etc/
6.ls for listing all files & directories....here we will find aliases & aliases.db
7.now we will move it to postfix folder...
# mv aliases aliases.db /etc/postfix/
8.cd /etc/postfix
9.ls ....now we will find here aliases
10.now we will create two file named (transport & access)
# touch transport access
11. now we will create three db file....
# postalias aliases
# postmap transport
# postmap access
12.now we will edit transport file to handle local mail locally.
# vim transport
Give here your local mail domain....
mehedi.com local:
.mehedi.com local: (don't forget to give dot/ full stop sign before the domain)
13. now again enter...
# postmap transport [it will validate the modification in transport file]
14. now we will install telnet
#apt-get install telnet
15. after the successfull completion of telnet installation; we will send a local mail now for test.
# telnet localhost 25
now give the subject...
# helo mehedi
now enter....
mail from: test@mehdi.com
rcpt to: info@mehedi.com
now we will write the message body.......
data [press enter]
Hello!!! this is a test mail....
Press full stop to end the message.
now write quit to exit from the message.
16. Now we will check the mail status
# tail -f /var/log/mail.log
17. now we will see and display the sent mail...
# alpine -f /var/spool/mail/info
18. If we need to check mail que then enter the following command:
# mailq
19. If we need to clean the complete mail que (all the mails in the que )......
# postsuper -d ALL
20. If we need to delete a particular mail from the mail que......
# postsuper -d "mail que ID" [to know the mail que id enter the command (#mailq)]
***** SOME TIMES IT IS HELPFUL IF WE DOWNLOAD & INSTALL mailutils...... like (m4 file processor)
# apt-get install mailutils
Hay!!!!mail server is complete.
#################################################
---------- Mail Server Advanced Tuning ------------
################################################
Advanced tuning about TRANSPORT FILE(DB):
******What we mention in transport file of postfix:
mahidul.com local:
.mahidul.com local:
what actually these two lines mean?
Ans:
These two lines mean that when any mail come to a domain destining to suppose user@mahidul.com then transport file determines that where to deliver it. so in this case it will deliver the mail to local server.
When the below lines are given in transport file then what will happen?
[when we use the default port we need not to mention 25 port.....]
mithu.com smtp:[202.84.33.13]
.mithu.com smtp:[202.84.33.13]
or
[when we use secure port suppose 465 port; the syntax is as below:]
mithu.com smtp:[202.84.33.13]:465
.mithu.com smtp:[202.84.33.13]:465
Ans: IN this case when any mail come to a domain destining to suppose pagol@mithu.com
then transport file will determine that this mail is to deliver to another mail server whose ip addrss is 202.84.33.13
NOTE: WHENVER WE MODIFY THE TRANSPORT FILE; WE SHOULD RECREATE TRANSPORT DB FILE BY THE FOLLWING COMMAND
# cd /etc/postfix
# postmap transport
Advanced tuning about Access File (DB):
What is the main purpose of Access File in postfix???????
Ans:
If we want to fight against spamming though blocking those particular spamming domain / email address definitly we need to modify the access file.
The configuration should look like this:
mahidul@bol-online.com 550 Sorry we dont accept any spammer....
mithu@bol-online.com 550 Sorry we dont accept any spammer....
soykot@bol-online.com 550 Sorry we dont accept any spammer....
mehedi@nationalhousingbd.com 550 Sorry we dont accept any spammer....
ziaul@nationalhousingbd.com 550 Sorry we dont accept any spammer....
bdjos.com 550 Sorry we don't want any notification
prothom-alojobs.com 550 Sorry we don't want any notification
saleh@jobsa1.com OK
arshad@jobsa1.com OK
jobsa1.com 550 Sorry we don't want any notification
tuhin@anatabd.com 550
selim@anantabd.com 550
hamid@apicgroup.com 554
shoibal@proshikanet.com 554
sohel@proshikanet.com REJECT
shamaun@proshikanet.com REJECT
amadergroup.com 554
Explanation:
1. All of the domains are mentioned in the above configuration file must be blocked that means no incoming mail will be accepted from these domains / mail addresses.
2. 550 means block this domain / mail address
3. 554 means allow the domain / mail address but give no feedback. If auto reply is configured and enabled, in that case...it also not give any feedback though auto reply.
4. We can use REJECT [definitely capital letter] instead of 550
5. If we want to give reply mail against blocked mail we use [Sorry we dont accept any spammer....] this portion.
6. If we want to block a particular domain but to allow a particular mail account of that blocked domain in that case>>>>>>>>>>>>>>>>
$$ Firstly allow that mail address of that domain
$$ Then deny the whole domain
Example:
saleh@jobsa1.com OK
arshad@jobsa1.com OK
jobsa1.com 550 Sorry we don't want any notification
Advanced tuning about Aliases File (DB):
What is the main purpose of Aliases File in postfix?
If we demand that the mails that are comming to a particular mail adress should be received by other multiple receipients in that case we will configure the alliases file like this way:
postmaster: root
nhfil.info: rkpaul,mazharul,mubassher,abid,nhfil.info
mahidul :mehedi,arshed,shahidulalam,mahidul
Explanation:
1. If a mail come to nhfil.info mail account then a copy the mail will be also received by the mentioned [rkpaul,mazharul,mubassher,abid,nhfil.info] accounts.
nhfil.info: here this is main receipent
rkpaul,mazharul,mubassher,abid >>>>>>>>> other receipent
nhfil.info----at the end of the line why we add this accont. The answer is one copy of the mail should be received by this mail account as a main receipient.
Advanced tuning about Incomming and Outgoing mail aliasing service:
First we need procmail package for this service.
root@mail:# apt-get install procmail
Then we have to add a user account named allmail
root@mail:# adduser allmail
Send a copy of all mail to allmail account by adding auto bcc (bcc mail user will not be able notice) in postfix,
root@mail:~# vim /etc/postfix/main.cf
always_bcc = allmail@mahidul.com
Forward the incomming mail to procmail from .forward file,
root@mail:# vim /home/allmail/.forward
|/usr/bin/procmail
Resend/aliasing your mail from allmail using the folling script,
root@mail:# vim /home/allmail/.procmailrc
SHELL=/bin/sh
MAILDIR=/var/spool/mail
LOGFILE=/var/log/procmail.log
LOCKFILE=$HOME/.lockmail
### Incoming Filtering ###
:0
* ^(To|Cc):.*mehedi@mahidul.com
! mehedi, mahidul, info, mahidul24@gmail.com
### Outgoing Filtering ###
:0
* ^From.*mehedi@mahidul.com
! mehedi, mahidul, info, mahidul24@gmail.com
Here 1st line (* ^(To|Cc):.*mehedi@mahidul.com) means if mail come to mehedi@mahidul.com account then send this mail mehedi, mahidul, info and mahidul24@gmail.com.
And 2nd line (* ^From.*mehedi@mahidul.com) means if any mail is sent from mehedi@mahidul.com account then send a copy of the mail to mehedi, mahidul, info and mahidul24@gmail.com.
After that, give ownership permission to both .procmailrc and .forward files,
root@mail:# chown allmail:allmail /home/allmail/.procmailrc
root@mail:# chown allmail:allmail /home/allmail/.forward
At last restart the postfix service,
root@mail:# /etc/init.d/postfix restart
Block attachment extension type:
Open main.cf file and append / set mime_header_checks directive as follows,
# vim /etc/postfix/main.cf
mime_header_checks = regexp:/etc/postfix/mime_header_checks
Save and close the file. To block attachments first create postfix lookup table for mime_header_checks file. Then open /etc/postfix/mime_header_checks file and Append following line,
# vim /etc/postfix/mime_header_checks
/name=[^>]*\.(bat|com|exe|dll|vbs)/ REJECT
Save and close the file. Restart postfix
# /etc/init.d/postfix restart
Watch log file. You should see rejected mail log in /var/log/maillog file,
# tail -f /var/log/mail.log
Block attachment extension / Specific file extension block in postfix:
How to block attachment file extension in Postfix (OS= Debian)?
vim /etc/postfix/main.cf
Add the following line.
mime_header_checks = regexp:/etc/postfix/mime_header_checks
Now open /etc/postfix/mime_header_checks file:
vim /etc/postfix/mime_header_checks
Append following line:
/name=[^>]*\.(bat|exe|dll|eml|vbs)/ REJECT ### File ext that you want to block ####
Save and close the file. Restart postfix
# /etc/init.d/postfix restart
Watch log file. You should see rejected mail log in /var/log/maillog file,
# tail -f /var/log/mail.log
Allow the selected users only to send local mail:
[root@mail ~]# vim /etc/postfix/main.cf
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/restricted_senders, permit_mynetworks, reject_unauth_destination
[root@mail ~]# vim /etc/postfix/restricted_senders
mehedi@mahidul.com local_only
soykot@mahidul.com local_only
mithu@mahidul.com local_only
Explanation:
All of the above mentioned mail user will only able to send and receive mail
within the same domain but can't send and receive with any other domain.
Now we will setup & Configure Webmail:
So far we know there are lots of popular webmail software in Linux like
>> Squirrel Mail >> Openweb Mail >> Horde >> Roundcube
Here we will describe about Squirrel Mail & Openweb Mail.....
HOW TO CONFIGURE SQUIRREL MAIL:
1.apt-get install apache2
apt-get install php5
2.Now we will download squirrel mail tar.gz file
# wget http://sourceforge.net/projects/squirrelmail/files/stable/1.4.21/squirrelmail-1.4.21.tar.gz
it will download the squirrelmail file in postfix directory. Lets check with ls command.
3.copy the downloaded file to /var/www directory....
# cp squirrelmail-1.4.21.tar.gz /var/www
4. Now Change directory to /var/www
# cd /var/www
5.Now we will extract the downloaded tar.gz file
# tar -zxvf squirrelmail-1.4.21.tar.gz
6.Rename squirrelmail-1.4.21 folder to webmail
# mv squirrelmail-1.4.21 webmail
7.Now change directory to webmail
# cd webmail
8.Oh! ho....we will now configure webmail....
#./configure
Here the Config begins:
Command>> 1 [for organization preference]
again Command >> 1 [enter organization name suppose Mehedi Group]
command >> 2 [for organization Logo] press S for save and R for return to main menu.
Now from Main Menu....
Command >> 1 [enter Domain name mehedi.com]
Please save the changes and return to main menu.
Now from Main Menu....
Command >> 4 [it will enter General options]
Command >> 1 [to change the Data Directory to /var/www/webmail/data/ ]
Command >> 2 [to change the attachment Directory to /var/www/webmail/attach/ ]
******* Don't forget to create a folder named attach in webmail directory.
# cd /var/www/webmail
# makdir attach
Save the changes and return to the main menu and then exit from webmail configuration..... Finally....
9. # cd.. [for go to previous directory... now we will be at /var/www/ directory...]
10.# chown -R www-data:www-data webmail/
# cd /var/www/webmail/
# chown -R www-data:www-data data/
# chown -R www-data:www-data attach/
11.# /etc/init.d/apache2 restart
# /etc/init.d/postfix restart
# /etc/init.d/dovecot restart
If your squirrel mail open a download file instead opening the web interface install the following package and restart apache2.
# apt-get install apache2-mpm-prefork
# /etc/init.d/apache2 restart
Of course remove your browser's cache
Now go to web browser and type: http://192.168.0.2/webmail....
ha ha ha you find the Squirrell mail login page...hopefully....
12. Squirrelmail index.html (Auto-Redirect)
# vim /var/www/index.html
<HTML><HEAD>
<TITLE>Auto-Redirect Page for Webmail</TITLE>
<meta http-equiv="Refresh" content="0; URL=http://192.168.1.1/webmail/">
</HEAD><BODY>
</body>
</html>
13. Increase squirrelmail attachment size:
By default Squirrel mail (webmail) has maximum attachment size limit 2MB. But in our daily mail transections we need to send large files as attachment.
To increase the attachment size edit /etc/php5/apache2/php.ini file.
# vim /etc/php5/apache2/php.ini
upload_max_filesize = 2M [increase the size as you need]
post_max_size = 20M [increase the size as you need]
save and close.
Now restart apache.
#/etc/init.d/apache2 restart
Changing password and save company logo:
root@mail:~# apt-get install poppassd
root@mail:~# cd /var/www/webmail/
root@mail:~# wget http://www.squirrelmail.org/plugins/change_pass-2.7a-1.4.x.tar.gz
root@mail:~# tar -zxvf change_pass-2.7a-1.4.x.tar.gz
root@mail:~# cd ..
root@mail:~# ./configure
Move the plugin change_pass\94 from available plugins to installed plugins. Changing password option should be available in the options menu under squirrelmail. Logo location: /var/www/webmail/images/sm_logo.png. If there is a problem, try rebooting the server.
14. webmail changepassword in linux
I was working with squirrelmail change password plugin on RHEL 5. Though it works, I know, but unfortunately it was not working on that day. I have tried all the possible ways but failed. Then I have to go for alternate way and did changepassword on that server. Here is how I did it.
Download it on your server.
# wget <the link for changepassword-0.9.tar.gz>
untar the file:
# tar \96zxvf changepassword-0.9.tar.gz
Now enter the directory do the following steps (I have a cgi-bin dir in /var/www):
# cd changepassword-0.9
# ./configure \96help
# ./configure --enable-cgidir=/var/www/cgi-bin --disable-smbpasswd --disable-squidpasswd
# make && make install
Now open the page with the follwing URL and change your password:
http://<your-server-IP>/cgi-bin/changepassword.cgi
To make easier for user we have to change the path:
# mkdir /var/www/changepass
# cd /var/www/changepass
vim index.html
## type the following lines in this file and save it ##
<HTML><HEAD>
<TITLE>Webmail Password change</TITLE>
<meta http-equiv="Refresh" content="0; URl=http://<your-server-ip>/cgi-bin/changepassword.cgi">
</HEAD><BODY>
</body>
</html>
Now restart the apache service and open the below URL:
http://<your-server-ip>/changepass/
****Note: If you download squirrelmail by apt-get install method it may occur some difficulties later on.
But the way is:
# apt-get install squirrelmail (To download & install)
# squirrelmail-configure (To configure)
HOW TO CONFIGURE OPENWEB MAIL
# apt-get install apache2
# cd /var/www
# wget http://openwebmail.acatysmoof.com/download/current/openwebmail-current.tar.gz
# tar xvf openwebmail-current.tar.gz
# cp -R cgi-bin/openwebmail /usr/lib/cgi-bin/
# cd data/
# mv openwebmail /var/www
# vim /usr/lib/cgi-bin/openwebmail/etc/openwebmail.conf
domainnames arif.com
auth_module auth_unix.pl
mailspooldir /var/mail
ow_cgidir /usr/lib/cgi-bin/openwebmail
ow_cgiurl /cgi-bin/openwebmail
ow_htmldir /var/www/openwebmail
ow_htmlurl /openwebmail
logfile /var/log/openwebmail.log
# vim /usr/lib/cgi-bin/openwebmail/etc/defaults/auth_unix.conf
passwdfile_encrypted /etc/shadow
passwdmkdb none
# vim /usr/lib/cgi-bin/openwebmail/etc/defaults/dbm.conf
dbm_ext .pag
dbmopen_ext none
dbmopen_haslock no
# apt-get install perl-suid
# apt-get install libhtml-template-perl
# cd /usr/lib/cgi-bin/openwebmail
# chmod 4555 *.pl [After 4555 there should be a space]
# cd /var/www
# chown -R www-data:www-data openwebmail
# cd /usr/lib/cgi-bin/openwebmail/etc/
# chmod 777 sessions
# cd /usr/lib/cgi-bin/openwebmail
# ./openwebmail-tool.pl --init
# cd /var/www/openwebmail
# cp redirect.html /var/www/index.html
# cp redirect.html index.html
That's it. Installation is complete. Now type this address to login to the web page.
http://***.***.***.***/openwebmail/
http://***.***.***.***/cgi-bin/openwebmail/openwebmail.pl
# Openwebmail redirect
# vim /var/www/index.html
<HTML><HEAD>
<TITLE>Auto-Redirect Page for Open Webmail</TITLE>
<meta http-equiv="Refresh" content="0; URL=http://192.168.1.1/cgi-bin/openwebmail/openwebmail.pl">
</HEAD><BODY>
</body>
</html>
HOW TO CONFIGURE WEBMAIL ROUNDCUBE:
# apt-get install apache2
# apt-get install mysql-server
# apt-get install php5 php5-mcrypt
# apt-get install phpmyadmin
mkdir /var/www/webmail/
cd /var/www/
wget http://sourceforge.net/projects/roundcubemail/files/roundcubemail/0.7/roundcubemail-0.7.tar.gz
tar xfz roundcubemail-0.7.tar.gz
mv roundcubemail-0.7/* webmail
rm roundcubemail-0.7.tar.gz
rm -rf roundcubemail-0.7
cd webmail
chown -R www-data:www-data temp/ logs/
# mysql -u root -p (enter the given password while installing MYSQL )
CREATE DATABASE roundcubemail;
GRANT ALL PRIVILEGES ON roundcubemail.* TO mithupcs@localhost IDENTIFIED BY 'mithupcs';
FLUSH PRIVILEGES;
4 Configuring RoundCube
Now point your browser to http://172.16.0.1/webmail/installer/ and you will find tow NOT OK responding error
message. Don't worry about NOT AVAILABLE ERROR.(ignore them....) Do as follows.........
#cd /etc/php5/apache2/conf.d
# vim suhosin.ini (To change the suhosin entry....)
The error message is [ suhosin.session.encrypt: NOT OK]
Solution:
remove the ( ; ) sign from infront of the line & set its value (off)
Another error message is date.timezone NOT OK.....
Have to change the date.timezone to Asia / Dacca
Solution:
cd /etc/php5/apache2/
vim php.ini
remove the ( ; ) sign from infront of the line & set its value
date.timezone = 'Asia/Dacca'
If everything is okay click
"START INSTALLATION". The installer checks if everything is there. In case you see some red NOT OK
messages, you need to install or enable something. Follow the links to see what has to be done.
If everything checks out fine you are ready to create the configuration files, click "NEXT" to get
there. Get through the form and change the settings according to your needs. Do not forget to enter
the database setting that we made earlier within the "Database Setup" section.
DATABASE SETUP:
Database Server : localhost
Database Name : roundcubemail
Database UserName : mithupcs
Database Password : mithupcs
IMAP Settings:
default_host : localhost
default_port : 143
SMTP Settings:
smtp_server : localhost
When you are finished hit the "CREATE CONFIG" button and you will get two text boxes with the information
for main.inc.php and db.inc.php. Download this two file and paste them into /var/www/webmail/config directory.
Finally click "CONTINUE" and get to the last step of the installation process. Your configuration will
now be verified and tested against your webserver. Click "Initialize database" to create the necessary
tables in your database.
If there are no red NOT OK messages, you can also try to send a mail in order to test the SMTP settings.
Last but not least you have to remove the whole installer directory from the webserver. If this remains
active it can expose the configuration including passwords. We do this with the following command:
Test SMTP Config
Sender : mehedi@mithu.com (Domain should be included...)
Receipent: hasan@mithu.com (Domain should be included...)
Test IMAP Config
Username : mehedi (Only give the user name, not along with domain... )
Password : ******
FINAL TOUCH AFTER COMPLETION OF ROUNDCUBE CONFIG
Don't forget to remove the mail installer folder after successful roundcube config...
# rm -rf /var/www/webmail/installer
For everyone to be able to access his webmail (under his domain name) you have to create or edit
the file /etc/apache2/conf.d/roundcube.conf and add the alias "/webmail" and some more information
about the directories:
#vim /etc/apache2/conf.d/roundcube.conf
copy and paste the following script:
# RoundCube alias and redirect functions
Alias /webmail /var/www/webmail
<Directory /var/www/webmail>
Options +FollowSymLinks
# This is needed to parse /var/www/webmail/.htaccess. See its
# content before setting AllowOverride to None.
AllowOverride All
order allow,deny
allow from all
</Directory>
# Protecting basic directories:
<Directory /var/www/webmail/config>
Options -FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/webmail/temp>
Options -FollowSymLinks
AllowOverride None
Order allow,deny
Deny from all
</Directory>
<Directory /var/www/webmail/logs>
Options -FollowSymLinks
AllowOverride None
Order allow,deny
Deny from all
</Directory>
<IfModule mod_rewrite.c>
<IfModule mod_ssl.c>
<Location /webmail>
RewriteEngine on
RewriteCond %{HTTPS} !^on$ [NC]
RewriteRule . https://www.yourdomain.com:8080/webmail/ [L]
</Location>
</IfModule>
</IfModule>
Final TWEAKS:
# vim /var/www/webmail/config/main.inc.php
Give the following values as given below:
[...]
$rcmail_config['message_cache_lifetime'] = '30m';
[...]
$rcmail_config['default_host'] = 'localhost';
[...]
$rcmail_config['smtp_server'] = '%h';
[...]
$rcmail_config['session_lifetime'] = 30;
[...]
$rcmail_config['create_default_folders'] = TRUE;
[...]
Now go to http://yourServerIp/webmail to access the newly created webmail interface.
Trouble Shooting:
Problem: IF WEBSPACE doesn't user MOD-PHP then do the following....
#vi /etc/apache2/conf.d/roundcube.conf
Submitted by xxs (not registered) on Fri, 2012-01-06 20:07.
vi /etc/apache2/conf.d/roundcube.conf
must be
# RoundCube alias and redirect functions
Alias /webmail /var/www/webmail
<Directory /var/www/webmail>
Options +FollowSymLinks
# This is needed to parse /var/www/webmail/.htaccess. See its
# content before setting AllowOverride to None.
AllowOverride All
order allow,deny
allow from all
<IfModule mod_php5.c>
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_value include_path .
</IfModule>
</Directory>
# Protecting basic directories:
<Directory /var/www/webmail/config>
Options -FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/webmail/temp>
Options -FollowSymLinks
AllowOverride None
Order allow,deny
Deny from all
</Directory>
<Directory /var/www/webmail/logs>
Options -FollowSymLinks
AllowOverride None
Order allow,deny
Deny from all
</Directory>
to make sure it is working if the customer webspace doesn't use mod_php
Vaia.. your blog is very helpful for us.Thanks..
ReplyDeleteThank you... Happy to help you.. :-D
ReplyDeletepostalias: fatal: /etc/mailname: cannot open file: No such file or directory
ReplyDeletei m not understanding, pls brother can u help me?
Don't worry.. Just create the directory manually...
Delete~# mkdir -p /etc/mailname
It should work. :D