Tag Archives: howto

Send email via telnet

A quick way to test your SMTP server is to use telnet. The default well known port for SMTP is 25.

telnet mail.example.com 25
220 mail.example.com ESMTP Postfix (Ubuntu)
helo me.test.com
250 mail.example.com
mail from:me@here.com
250 2.1.0 Ok
rcpt to:you@there.com
250 2.1.5 Ok
data
354 End data with .
subject:a test

blah blah.
.
250 2.0.0 Ok: Queued as ABC123
quit
220 2.0.0 Bye

To use the labels, such as From, To, Subject, add them after the data command. i.e.

data

from:me@here.com
to:you@there.com
subject:testing again.

words
.
quit

There are other commands you can issue such as ehlo (extended helo) instead of helo. This will have the server list it’s capabilities. Other commands such as vrfy (verify and address) may have been disabled by the system administrator.

One of the inherent problems with email is it allows the sender to use arbitry information in the headers. Fake domain addresses and so on. The mail administrator may use a variety of techniques to block spam and otherwise unwanted mail from entering their systems but it’s an ongoing battle.

Setting up Postfix and Mutt. 01

Install and configure Postfix

This is a basic setup of Postfix. The mail users have system accounts on the mail server so in this instance, will log into the server to read and send mail. The example client is Mutt, shown at the end.

I’ve included the configuration for the SASL (Simple Authentication and Security Layer) daemon here. We do not need it now but for sending mail from remote systems we will. I wanted to keep the blog posts short so the next will follow on, adding to this config.

At time of writing, I’m using Postfix 2.10.0 on Ubuntu Server 13.04 in a virtual machine in VMWare Workstation 10, on Windows Seven Professional.

Instructions below assume you’re running as root.

Install the application and documentation:

apt-get install postfix postfix-doc

The initial configuration screen is somewhat tricky to use with a screenreader. If possible choose no configuration. We’ll edit main.cf by hand.
There are 2 main configuration files in Postfix. /etc/postfix/main.cf and /etc/postfix/master.cf

We will only be making changes in main.cf at this time.

If you have an admin account on the system, edit /etc/aliases accordingly, so that account receives mail for postmaster via root.

# see man 5 aliases for format
postmaster: root
root: admin

Run the newaliases command to rebuild the alias database:

newaliases

Edit main.cf with basic server details. Spaces around the “=” are optional.

myhostname=mail.example.com
mydomain=example.com
myorigin=$mydomain
mydestination=$myhostname, localhost.$mydomain, $mydomain, localhost

Authenticating SMTP with SASL

For clients to authenticate we will use the SASL libraries.

With the below setup, sasl with authenticate email users against the system password file. i.e. The email users have system accounts on the
machine running postfix.

apt-get install sasl2-bin

We want the saslauthd authentication demon to start at boot.

Edit /etc/default/saslauthd

start = yes

Create /etc/postfix/sasl/smtpd.conf and add.

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

If we wanted to use an external method of checking passwords, we’d change the above line to.

pwcheck_method: auxprop

For example to use the sasl password file instead, which is at.
/etc/sasldb2

If using the sasldbd to authenticate users, for example in the case where users do not have system accounts. You need to choose the sasldb
mechanism in /etc/default/saslauthd.
mechanisms = “sasldb”

If using the sasldb2 file, you add users with the saslpasswd2 command.

Example.
saslpasswd2 -c -u example.com newuser
password:
Again for verification:

-c = create.
-u = realm.

Back continuing with our example using the system password file. i.e. we’re assuming our email users also have system accounts.

Add the user postfix, to the sasl group. This isn’t always necessary.

adduser postfix sasl

Edit main.cf

The parameters for working with sasl start with smtpd_sasl for the postfix server and smtp_sasl for postfix acting as a client. i.e. if sending
mail to a relay that requires a login.

Switch on smtpd authentication.
smtpd_sasl_auth_enable = yes

For some older clients, that didn’t implement the smtp authentication protocol correctly, you can add the following line, although it may not now
be necesary
broken_sasl_auth_clients = yes

To help prevent senders spoofing their from address, you can map the email address to a system user in a map file. Create and then run postmap
against it.
newuser@mydomain.com newuser

postmap /etc/postfix/sasl_senders

And add the below line to main.cf
smtpd_sender_login_maps = hash:/etc/postfix/sasl_senders

The next lines for main.cf are to permit legitimate users.

smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination, reject_sender_login_mismatch
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination

By default, postfix will block anonymous logins from outside your network. If you’re using some other method for checking passwords, such as md5,
you will need to list it in main.cf. However, if you do that, you also need to explicitly list noanonymous, as you’ve changed the default.

smtpd_sasl_security_options = noanonymous, plaintext

The below is my main.cf file. I have moved some of the lines around simply for layout purposes. It doesn’t matter which order they’re in as far as postfix is concerned.

Cat /etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
myhostname=mail.example.com
mydomain=example.com
myorigin=$mydomain
mydestination=$myhostname, localhost.$mydomain, $mydomain, localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

smtpd_sasl_auth_enable=yes
smtpd_recipient_restrictions = permit_mynetworks,

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
permit_sasl_authenticated, reject_unauth_destination, reject_sender_login_mismatch
home_mailbox=Maildir/
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA’s job.
append_dot_mydomain = no

# Uncomment the next line to generate “delayed mail” warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
relayhost =

mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html

Restart postfix

postfix reload.

Restart the saslauthd daemon:

service saslauthd restart.

Remember we’re using system accounts at this point. To test your login with saslauthd uset the commands:

testsaslauthd -u username -p password

Also at this point, the only host that can send mail with out authenticating is the server itself. This is the default. You can add your local
private subnet to the mynetworks parameter if desired. Assuming your subnet is 192.168.0.0/24 add to the end.
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.0/24

Be careful if you change the default, which networks you add to this parameter. You *Do not* want to make your mailserver an open relay.

The home_mailbox=Maildir/ parameter is an alternative to the Unix style mbox format. We need the Maildir format for later when it comes to adding an IMAP server to our setup. Other IMAP servers are available Dovecot, Cyrus but I’ll be using Courier.

Install and configure the Mutt mail client

Mutt is a text based mail client that the users can access from the terminal

Apt-get install mutt

Alas I can’t recall where, otherwise I’d link to them. But I found the following configuration for the Mutt mail client online and it’s worked for me. Just add the following lines at the end of the /etc/Muttrc configuration file. Note: Muttrc starts with a capital M.

set mbox_type=Maildir
set folder=”~/Maildir”
set mask=”!^\\.[^.]”
set mbox=”~/Maildir”
set record=”+.sent”
set postponed=”+.postponed”
set spoolfile=”~/Maildir”

Notes

You can view and edit parameters in main.cf with the postconf command.

postconf -d (parameter name.) Display
postconf -e (parameter name=value.) Edit.

Always restart the postfix service after making changes so the main configuration file is reread.

Postfix reload

When editing the /etc/aliases file use the newaliases command to rebuild the database. You can move this file where you want but if you do so, you then need to use the postfix command, postalias.

Postalias (path-to-aliases)

In troubleshooting view the log which by default is at. /var/log/mail.log.

To check the sintax of your configuration try the command:

Postfix check

There are various other commands for administration in Postfix. Consult the documentation.

Although published a while ago, a useful book is Postfix the Definitive Guide written by Kile D Dent, published by O’Riely Press.

Setting up a mailserver: Intro

Following will be a few step by step posts on setting up a mailserver on Linux.

I make no guarantees and you’d obviously be wise to do this on a test machine in a private network before setting up a live system.

I’m using a Ubuntu Server for the examples. The MTA (Mail Transport Agent) I’ll be using is Postfix, certainly initially. Later I may look at Exim. I’ll not be touching Qmail or Sendmail because frankly life’s too short.

Postfix’ home page is.

www.postfix.org