Difference between revisions of "Mailserver"

Revision as of 10:59, 16 February 2009

You can create a mailserver with Group-Office. It uses:

1. Group-Office module called postfixadmin
2. Postfix
3. Dovecot
4. MySQL
5. spamassassin
6. vacation script

I've written a tutorial about how to install this on Debian 5. It should work on other Linux distributions too.

Install all the necessary software on the server

On Debian you can do:

apt-get install php5 php5-mysql php5-imap php5-gd php5-cli php5-curl apache2 postfix postfix-mysql mysql-server mysql-client phpmyadmin subversion dovecot-imapd libemail-valid-perl libmail-sendmail-perl spamassassin spamc zip tnef libwbxml2-utils sudo openssl pyzor razor rsync mailutils libmime-charset-perl libmime-encwords-perl

Install Group-Office

Follow the installation instructions that come with Group-Office

Install postfixadmin module

Copy the "postfixadmin" folder in the "modules" folder of Group-Office. Go to Admin menu -> modules and install it.

Edit the Group-Office config.php file and add: $config['postfixadmin_autoreply_domain']="autoreply.example.com";

Make sure the domain matches with the vacation transport of postfix you will add later.

Configure postfix

Postfix must be configured to use MySQL:

The following variables in main.cf. Start with filling some basic info:

# postconf -e 'myhostname = mx-1.example.com'
# postconf -e 'smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)'
# postconf -e 'biff = no'
# postconf -e 'append_dot_mydomain = no'
# postconf -e 'myorigin = example.com'
# postconf -e 'mydestination = $myhostname, localhost, locahost.localdomain'
# postconf -e 'mynetworks = 127.0.0.0/8'
# postconf -e 'recipient_delimiter = +'
# postconf -e 'inet_interfaces = all'
# postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination \
    $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps \
    $virtual_mailbox_domains $relay_recipient_maps $relay_domains \
    $canonical_maps $sender_canonical_maps $recipient_canonical_maps \
    $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps' 
    
# postconf -e 'smtpd_recipient_restrictions = \
	permit_mynetworks, \
	reject_unauth_destination, \
	reject_rbl_client zen.spamhaus.org, \
	reject_rbl_client list.dsbl.org, \
	permit'
# postconf -e 'message_size_limit=52428800'
# postconf -e 'mailbox_size_limit=0'

Now configure it for Virtual users in MySQL:

# postconf -e 'virtual_alias_domains ='
# postconf -e 'virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf'
# postconf -e 'virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf'
# postconf -e 'virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf'
# postconf -e 'virtual_mailbox_base = /vmail'
# postconf -e 'virtual_minimum_uid = 150'
# postconf -e 'virtual_uid_maps = static:150'
# postconf -e 'virtual_gid_maps = static:8'
# postconf -e 'virtual_create_maildirsize = yes'
# postconf -e 'virtual_mailbox_extended = yes'
# postconf -e 'virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf'
# postconf -e 'virtual_mailbox_limit_override = yes'
# postconf -e 'virtual_maildir_limit_message = "The user you are trying to reach has exceeded their quota."'
# postconf -e 'virtual_overquota_bounce = yes'
# postconf -e 'transport_maps = proxy:mysql:/etc/postfix/mysql_virtual_transports.cf'
# postconf -e 'relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf'

We will use Dovecot delivery:

# postconf -e 'virtual_transport=dovecot'
# postconf -e 'dovecot_destination_recipient_limit=1'
# postconf -e 'transport_maps = hash:/etc/postfix/transport'
# postconf -e 'smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce, permit'
# postconf -e 'vacation_destination_recipient_limit = 1'

Postfix was installed with MySQL support, but that doesn't mean it already knows how to use our database. It needs to be provided with various SQL-query information for each type of table in our database. This information is stored in the MySQL files defined in the main.cf file:

/etc/postfix/mysql_virtual_alias_maps.cf

user = vmail_user
password = vmail_user_password
hosts = localhost
dbname = groupoffice
table = pa_aliases
select_field = goto
where_field = address
additional_conditions = and active = '1'

/etc/postfix/mysql_virtual_domains_maps.cf

user = vmail_user
password = vmail_user_password
hosts = localhost
dbname = groupoffice
table = pa_domains
select_field = domain
where_field = domain
additional_conditions = and backupmx = '0' and active = '1'

/etc/postfix/mysql_virtual_mailbox_limit_maps.cf

user = vmail_user
password = vmail_user_password
hosts = localhost
dbname = groupoffice
table = pa_mailboxes
select_field = quota
where_field = username
additional_conditions = and active = '1'

/etc/postfix/mysql_virtual_mailbox_maps.cf

user = vmail_user
password = vmail_user_password
hosts = localhost
dbname = groupoffice
table = pa_mailboxes
select_field = maildir
where_field = username
additional_conditions = and active = '1'

/etc/postfix/mysql_virtual_transports.cf

user = vmail_user
password = vmail_user_password
hosts = localhost
dbname = groupoffice
table = pa_domains
select_field = transport
where_field = domain
additional_conditions = and active = '1'

/etc/postfix/mysql_relay_domains_maps.cf

user = vmail_user
password = vmail_user_password
hosts = localhost
dbname = groupoffice
table = pa_domains
select_field = domain
where_field = domain
additional_conditions = and backupmx = '1' and active = '1'

Add the mail user:

# useradd -r -u 150 -g mail -d /var/vmail -s /sbin/nologin -c "Virtual Mailbox" vmail
# mkdir /vmail
# chmod 770 /vmail/
# chown vmail:mail /vmail/

Edit postfix master.cf:

Alter the first line with the smtp service:

smtp      inet  n       -       -       -       -       smtpd
	-o content_filter=spamassassin

After that line add:

spamassassin unix -     n       n       -       -       pipe
	user=spamd argv=/usr/bin/spamc -f -e
	/usr/sbin/sendmail -oi -f ${sender} ${recipient}
dovecot   unix  -       n       n       -       -       pipe
    flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -d ${recipient}

At the interfaces to non-Postfix software add:

vacation    unix  -       n       n       -       -       pipe
  flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}

Setup spamassasin

# groupadd -g 5001 spamd
# useradd -u 5001 -g spamd -s /sbin/nologin -d /var/lib/spamassassin spamd
# mkdir /var/lib/spamassassin
# chown spamd:spamd /var/lib/spamassassin

/etc/spamassassin/local.cf

# rewrite_header Subject *****SPAM*****
# report_safe 1
# trusted_networks 212.17.35.
# lock_method flock

# How many hits before a message is considered spam.
required_hits           4.0

# Text to prepend to subject if rewrite_subject is used
rewrite_subject		0
#rewrite_header Subject  ***SPAM***

# Encapsulate spam in an attachment
report_safe             0

# Enable the Bayes system
use_bayes               1

# Enable Bayes auto-learning
bayes_auto_learn        1
bayes_path              /home/spamd/
bayes_file_mode         0666

# Enable or disable network checks
skip_rbl_checks         0
use_razor2              1
use_dcc                 1
use_pyzor               1

dns_available yes

## Optional Score Increases
score DCC_CHECK 4.000
score SPF_FAIL 10.000
score SPF_HELO_FAIL 10.000
score RAZOR2_CHECK 2.500
score BAYES_99 4.300
score BAYES_90 3.500
score BAYES_80 3.000

# Added by jsu2
# refer to http://flakshack.com/anti-spam/wiki/index.php?page=Testing
body LOCAL_TEST1 /myspamtest12341234/
describe LOCAL_TEST1 This is a unique phrase to trigger a positive score
score LOCAL_TEST1 50

urirhssub       URIBL_BLACK  multi.uribl.com.        A   2
body            URIBL_BLACK  eval:check_uridnsbl('URIBL_BLACK')
describe        URIBL_BLACK  Contains an URL listed in the URIBL blacklist
tflags          URIBL_BLACK  net
score           URIBL_BLACK  3.0

urirhssub       URIBL_GREY  multi.uribl.com.        A   4
body            URIBL_GREY  eval:check_uridnsbl('URIBL_GREY')
describe        URIBL_GREY  Contains an URL listed in the URIBL greylist
tflags          URIBL_GREY  net
score           URIBL_GREY  0.25
<pre>

/etc/default/spamassassin
Set ENABLED=1 to start the server



==Setup vacation==

Copy scripts/vacation.pl to /var/spool/vacation

<pre>
# mkdir /var/spool/vacation
# useradd -r -d /var/spool/vmail -s /sbin/nologin -c "Virtual vacation" vacation

# chown -R vacation:vacation /var/spool/vacation/
# chmod 700 /var/spool/vacation/
# chmod 750 /var/spool/vacation/vacation.pl
# touch /var/log/vacation.log /var/log/vacation-debug.log
# chown vacation:vacation /var/log/vacation*

/etc/postfix transport

autoreply.example.com vacation:

Setup Dovecot

Dovecot will check user quota and will filter Spam to the spam folder. Change / Add these values to /etc/dovecot.conf:

#Enable IMAP and IMAPS
protocols = imap imaps 

#Listen on all IP addresses
listen = *

#configure the location of our virtual mailboxes
mail_location = maildir:/vmail/%d/%u

# Group to enable temporarily for privileged operations. Currently this is
# used only for creating mbox dotlock files when creation fails for INBOX.
# Typically this is set to "mail" to give access to /var/mail.
#mail_privileged_group =
mail_privileged_group = mail

# Grant access to these supplementary groups for mail processes. Typically
# these are used to set up access to shared mailboxes. Note that it may be
# dangerous to set these if users can create symlinks (e.g. if "mail" group is
# set here, ln -s /var/mail ~/mail/var could allow a user to delete others'
# mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it).
mail_access_groups = mail

# Valid UID range for users, defaults to 500 and above. This is mostly
# to make sure that users can't log in as daemons or other system users.
# Note that denying root logins is hardcoded to dovecot binary and can't
# be done even if first_valid_uid is set to 0.
first_valid_uid = 150
last_valid_uid = 150


Inside the protocol imap { } section change:

mail_plugins = quota imap_quota

Inside the protocol lda { } section change:

postmaster_address = postmaster@intermesh.nl
mail_plugin_dir = /usr/lib/dovecot/modules/lda
mail_plugins = cmusieve quota
#the globalsieverc script will filter spam messages to the Spam folder 
global_script_path = /var/vmail/globalsieverc

Inside auth default { } section change:

auth default {
 mechanisms = plain
 passdb sql {
	 args = /etc/dovecot/dovecot-sql.conf
 }
 userdb sql {
	 args = /etc/dovecot/dovecot-sql.conf
 }
 user = nobody
 socket listen {
	 master {
	 path = /var/run/dovecot/auth-master
	 mode = 0660
	 user = vmail
	 group = mail
 }
 	client {
	 path = /var/spool/postfix/private/auth
	 mode = 0660
	 user = postfix
	 group = postfix
	}
}
plugin {
  quota = maildir:storage=512000
}

Also comment out the passdb pam section or you will get a very slow Dovecot connection!

/etc/postfix/dovecot-sql.conf:

driver = mysql
connect = host=localhost dbname=servermanager user=vmail_user password=vmail_user_pass
default_pass_scheme = PLAIN-MD5
user_query = SELECT '/vmail/%d/%n' AS home, 'maildir:/vmail/%d/%n' AS mail, 150 AS uid, 8 AS gid, CONCAT('maildir:storage=', quota) AS quota FROM pa_mailboxes WHERE username = '%u' AND active = '1'
password_query = SELECT username AS user, password, '/vmail/%d/%n' AS userdb_home, 'maildir:/vmail/%d/%n' AS userdb_mail, 150 AS userdb_uid, 8 AS userdb_gid FROM pa_mailboxes WHERE username = '%u' AND active = '1'

Create globalsieverc script:

1. mkdir /var/vmail/

Edit /var/vmail/globalsieverc:

require "fileinto";
if exists "X-Spam-Flag" {
  fileinto "Spam";
}

1. chown vmail:mail -R /var/vmail

Now it should work! Restart Postfix, Spamassassin and Dovecot and start testing!