Building a Linux E-mail Server

Building a Linux E-mail Server
Page content

Introduction

Managed vs. outsourced e-mail solutions are always in debate. As always both have pros and cons, but throughout the article we will go for a managed solution and build an e-mail server step by step.

If you have read the article about building a network server, we have emphasized that the requirements for a server are not too high. We will implement our e-mail server on the same hardware. We will consider a small business case, but all the information that is presented in the article is infinitely scalable; you can run an ISP with the same programs or you can manage your family’s e-mails.

Before getting our hands dirty, we must first understand some definitions. A Mail Transfer Agent (MTA) is a program which accepts and sends e-mail messages from the Internet. A Mail Delivery Agent (MDA) on the other hand allows your employees to send and receive e-mails from other locations. Therefore, implementing a MDA is essentially building a POP3/SMTP server.

Mail Transfer Agent

Since retrieving messages from the Internet is the key, we must first set up a Mail Transfer Agent. Different distributions have different default MTA, for example Ubuntu and openSuSE have Postfix as the default MTA, whereas Red Hat implements Sendmail. The configurations of the programs are more or less the same for the experienced users, but for the sake of easiness, we will assume an Ubuntu Server installation with Postfix to get you going without changing the default MTA configuration.

Make sure that you have the root account access, or you will not be able to save what we do here.

Before we get our hands dirty with configuration, we have to make a note of our system mail name. I will assume mailserver.mycompany.com and also we can send/receive mails from mycompany.com, localhost.mycompany.com, and localhost. The address for localhost is 127.0.0.1 with Netmask 255.255.255.0 (127.0.0.1/8 for short.) The easiest way to configure Postfix will be to go through the /etc/postfix/main.cf file. Before changing anything, back up the configuration file with cp /etc/postfix/main.cf /etc/postfix/main.cf.old so that if we mess something up, we can easily revert to the original file.

Let’s define our system mail configuration:

myhostname = mailserver.mycompany.com

alias_maps = hash:/etc/aliases

alias_database = hash:/etc/aliases

myorigin = /etc/mailname

mydestination = mailserver.mycompany.com,mycompany.com, localhost, mycompany.com, localhost

relayhost =

mynetworks = 127.0.0.0/8

To secure our e-mail sending, we proceed to add SMTP (Simple Mail Transfer Protocol) Authentication:

smtpd_sasl_local_domain =

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

smtpd_tls_auth_only = no

But we need to edit the /etc/postfix/sasl/smtpd.conf file also. This is simple: append the following configuration parameters at the end of the file:

pwcheck_method: saslauthd

mech_list: plain login

And we configure Postfix to impose TLS encryption both to incoming and outgoing e-mails:

smtp_tls_security_level = may

smtpd_tls_security_level = may

smtp_tls_note_starttls_offer = yes

smtpd_tls_key_file = /etc/ssl/private/smtpd.key

smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt

smtpd_tls_CAfile = /etc/ssl/cacert.pem

smtpd_tls_loglevel = 1

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

After making all the configurations, give Postfix a restart by /etc/init.d/postfix restart.  

Mail Delivery Agent

After we complete our tasks with the MTA, we will go on with the Mail Delivery Agent. We will use Dovecot for this purpose. To configure Dovecot, we will edit the configuration file in /etc/dovecot.conf. We will again make a back up to be safe with cp /etc/dovecot.conf /etc/dovecot.conf.old.

To make our users’ lives easier, we will let them use UNIX username and passwords as their e-mail username and passwords. For this, we will go with the Pluggable Application Modules (PAM) and authenticate the users by checking their shadow passwords.

In addition, we will decide on whether to use maildir or mbox folders. Both have their pros and cons but we will go maildir option.

Now, open up the /etc/dovecot.conf file and amend the following lines:

protocols = imap imaps pop3 pop3s

imap_listen = *

pop3_listen = *

imaps_listen = *

pop3s_listen = *

OK, we have enabled the POP3, IMAP and Secure POP3 for Dovecot. Amend the following line to enable maildir:

mail_location = maildir:/home/%u/Maildir

We must make our Postfix aware of using maildir, so we go back to edit our /etc/postfix/main.cf file and set home_mailbox to Maildir/ (home_mailbox = Maildir/). You can set up user’s default mail folders such as Inbox, Sent, Trash, Drafts and Templates. I will point you to Dovecot’s website to go through the configuration and to experiment yourself to some extent.

Finally, we make our configuration for the PAM. Insert the following lines into /etc/pam.d/dovecot:

passdb pam

{

# use /etc/pam.d/imap and /etc/pam.d/pop3

args = *

}

passdb pam {

# use /etc/pam.d/mail

args = mail

}

And the following to your /etc/dovecot.conf file:

passdb pam

{

args = session=yes dovecot

}

Recommendations

If you are running a small business, I definitely suggest you to outsource your e-mail management. In-house e-mail management sounds too good to be true but keep in mind that the possible down times that will occur will be intolerable. Add regular e-mail backups to this picture and you will be starting a very difficult and very costly adventure.

This post is part of the series: Building a Linux Server

In this series we look at building and configuring a Linux server from scratch. We will look at configuration in detail and we will determine ways to keep our server as secure as possible.

  1. How to Build a Linux Server: Secure Server and Secure Network
  2. How to Build a Linux Server: Network, File, Print and Proxy Servers
  3. How to Build a Linux Server: E-mail Server
  4. How to Build a Linux Server: Collaboration
  5. How to Build a Linux Server: Anti-malware and Anti-spam Protection