E-mail for most users looks like a regular website with a user-friendly interface, where you can comfortably type text, attach pictures and send messages to friends. However, in reality, everything is much more complicated. Mail servers on Linux are used for data transfer. They are the ones who process, deliver and route messages. This article will walk you through the most popular Linux mail servers and how to configure some of them.
Overview of solutions for creating systems for sending and receiving messages
Using a mail server on Linux, you can quickly and conveniently deploy your own mechanism for receiving and sending messages. There are a lot of ready-made solutions on the Web, which you just need to install and "finish" a little. Among them, of course, there are more complex systems to configure, the configuration of which will be shown below using the Postfix example.
SendMail - popular and fast
SendMail can be called a pioneer among Linux mail servers. The first version was released back in 1983. Since then SendMail has mastered many stations and nodes. It is actively used to this day. A fast and optimized server, however, it does not meet modern security requirements and is rather difficult to configure.
Postfix is flexible, powerful and reliable
It was originally developed for the internal needs of the IBM Research Center. Many features and capabilities are borrowed from SendMail. However, it is much faster, safer, and takes less time and effort to set up. It can be used as a mail server on Linux, MacOS, Solaris.
IredMail
This server is essentially a small set of scripts and configuration files. With their help, you can quickly set up a mail server on Linux with and without a Web interface. Supports SMTP, POP3 and IMAP protocols. The installation procedure will generally not take more than 10 minutes, depending on the skill of the admin.
The iRedMail process will automatically install anti-virus and anti-spam tools. In addition to them, password brute force protection mechanisms, various analyzers, and so on can be added. An excellent option for a ready-made Linux mail server.
IndiMail
It combines several well-known protocols and technologies for the implementation of the transfer of mail messages. The system integrates the ability to create channels between nodes of the same network, for example, to organize a shared mail resource for different branches of the company. The system has a very flexible configuration mechanism. It is implemented through overriding variables, of which there are about 200 in the server. At the same time, you can create several threads of IndiMail in parallel.
Rumble
Linux mail web server written in C ++. There is a built-in API for management and scripting. It has a lot of functions and features out of the box. Several well-known versions of the DBMS are supported. If desired or reconfigured, you can quickly switch from one to another. Server interfaces are separated by rights to their specific zones - users, domain and server administrators.
Zentyal
Probably the easiest and most convenient off-the-shelf Linux mail server. In it, almost all instructions and settings are executed in a special graphical interface. This mail server is based on The addition of functions or capabilities is done by installing new modules. It can be used to organize both a separate mail server and a router or an intermediary node between the main highways.
Axigen
Free, powerful and feature-rich mail server. It can be used both through its own web interface and through any mail client. Knows how to collect mail from external mailboxes, automatically reply to messages, filter them, and also conveniently import in CSV format.
It has its own web interface for configuration and administration. For lovers of the classic control model, command assignment via the console is available.
The server supports a large number of operating systems, including those from the Windows line. The interaction process is very well documented and explained by numerous examples on the developer's site.
CommuniGate Pro
A cross-platform server capable of handling email and voice messages. It is possible to connect to it using mail clients or a centralized web interface. There is an implementation of the differentiation of access rights of one account for several people. Plugins can help integrate various antivirus systems and solutions.
Setting up on the example of one system
After reviewing mail servers on Linux, it is worth considering setting up one of them in more detail.
As an example, you can show how to install on Ubuntu. It is assumed that the hardware already has this operating system and has been updated to the most recent version.
The first thing to do is download the server itself. It is available in the Ubuntu repositories, so in the terminal you need to type:
During installation, the system will ask you to specify a new password for the database user under the root account. Then it must be repeated to confirm. Then he may ask what type of installation you are interested in. Then the system mail name, in which you can specify - some.server.ru.
Now we need to create a database for the server. This can be done using the command:
mysqladmin -u root -p create mail.
This is where you need the previously specified password for the database.
Now you can go into the MySQL shell itself using the command:
mysql -u root. The system will again ask for a password that must be entered.
You will also need tables in the main database, you can create them like this:
Now the mysql console is no longer needed and you can exit it.
Postfix configuration
First, you need to show the server how to access the database, how to find the necessary values there. Several files will be created for this. They can be located in the / etc / postfix directory. Here are their names:
They should contain the following content, among which the query string for each file will be unique:
user = admin name specified when creating the table;
password =<пароль админа>;
dbname = name of the created database;
query = query, different for each file;
hosts = 127.0.01.
The query variable for files:
These files will contain the password for entering the database, so access to them must be somehow limited. For example, set the rights, these are limiting.
Now all that remains is to add a few more customizations to Postfix. It is worth noting that in the lines below, you need to replace some.server.ru with the real domain.
Safety certifications
First, you need to create your own certification authority, which will confirm the validity of all certificates.
File storage is created:
And the config file. It contains the following code:
A little explanation to it:
- variable C - here you need to specify the country in a two-letter format, for example, for Russia - RU;
- ST - means a specific region or area;
- L - city;
- O - the name of the enterprise;
- CN - here you need to specify the domain to which the key is intended;
- E-mail address.
Then the key itself is created:
sudo openssl genrsa -des3 -out ca.key 4096
The system will prompt you to specify a password for this key, which in no case should be forgotten.
Now we need a public version of the key:
openssl req -new -x509 -nodes -sha1 -days 3650 -key ca.key -out ca.crt -config ca.conf
Here you will need to enter the previously created password for the private key.
Now the certificate:
openssl pkcs12 -export -in ca.cer -inkey ca.key -out ca.pfx
mkdir SERV / some.domen.ru
And it creates its own config:
nano SERV / some.domen.ru / openssl.conf
It should contain the settings below. They are similar to those that have already been created.
To generate keys, use the command:
sudo openssl genrsa -passout pass: 1234 -des3 -out SERV / some.server.ru / server.key.1 2048
This line uses the password 1234. It is needed for a while.
Now the password is removed from the command:
openssl rsa -passin pass: 1234 -in SERV / some.server.ru / server.key.1 -out SERV / some.server.ru/server.key
Now you need to sign the key:
openssl req -config SERV / some.server.ru / openssl.conf -new -key SERV / some.server.ru / server.key -out SERV / some.server.ru / server.csr
And remove the temporary: rm -f SERV / some.server.ru/server.key.1
With the help of the performed manipulations, a mail server will appear that can simply receive and send messages. In addition to the main ones, there are additional modules that can be installed to expand the functionality. This will create a full-fledged Linux mail server for the enterprise.
Additional functions
The following modules can be used to extend the capabilities of the mail server, for example, "Antispam" or the mailing service.
- Horde. Very user-friendly web interface for mail. In addition to its main task, it has a built-in calendar, scheduler and contacts. Has a convenient configuration and setup scheme.
- Amavisd-new. It acts as a gateway and is mainly used for connecting various technologies. Amavisd-new receives the message, filters it, finds out if it could be dangerous, and connects additional functions of other modules for verification.
- SpamAssassin. As the name suggests, the module filters emails according to certain rules, calculating spam. It can be used both separately and as part of various demons.
- ClamAV. Antivirus popular in the Linux environment.It is free software. It is able to work with many different mail servers, scan files and messages "on the fly".
- Razor. This module stores checksums of spam emails and interacts directly with P ostfix.
- Pyzor is another tool for detecting messages containing malicious or user-useless code.
- Fail2ban. A tool that protects user accounts from brute-force password cracking. After a certain number of attempts, a specific IP address is blocked for a while.
- Mailman. A convenient tool for creating mailing lists via a web interface.
- Munin. Server monitoring tool. Has a large number of ready-made plugins that extend its capabilities. The operation of network protocols can be monitored on convenient graphs.
Conclusion
As you can see from the article, manually installing and configuring a full-fledged mail server is a long and difficult task. However, this approach will allow you to generally understand how the system works, and know its vulnerabilities and strengths. In the event of a problem, a trained administrator can quickly isolate and fix the problem. This will be especially relevant for large companies, whose work depends entirely on the promptness of receiving and sending messages to clients or partners. For small networks, an out-of-the-box solution is also quite suitable, which can be quickly deployed using a user-friendly interface.
However, in the event of a server breakdown, it will take a long time to delve into and understand the structure of the system. Using the Postfix mail server as an example, the article showed the basic methods and methods of setting up for initial work. Coupled with a large number of modules, plugins and add-ons, this will create a powerful and reliable tool for sending and receiving messages.
For the mail server to work properly, it is important to have a properly configured DNS zone. In we have already touched on some aspects related to the DNS system, today we will dwell on this issue in more detail. Configuring a DNS zone is a preparatory operation before deploying a mail server and the operability of the e-mail system directly depends on it.
Incorrect settings can prevent mail from being delivered to your mail server or recipient servers to reject your mail. Indeed, if your zone records do not contain information about the mail server, where should the mail be sent to? To grandfather's village? You can, of course, ask to configure the DNS zone of your provider, but it's better to do it yourself.
What do we need? Dedicated IP address (let's say 11.22.33.44), which you should get from your ISP. Domain name (for example example.com), it can be registered with any registrar or their partner. When registering with a partner, check whether he provides access to managing the DNS zone, otherwise you will have to spend additional time, nerves and money on transferring the domain to the registrar.
If you already have a domain and, most likely, a website is functioning on it, check if it is possible to manage the DNS zone from the hosting provider's panel, otherwise it is better to transfer the domain to the registrar, for this contact the provider's support.
So, we have the domain. What records does its DNS zone contain? Firstly, this is the SOA record - the description of the zone. We will not analyze all the records in detail, this is beyond the scope of our article, but it is necessary to have a general understanding of them. There should also be two NS records pointing to name servers (DNS servers) serving this domain, these will be the registrar's servers or hosting provider.
The first entry to add will be an A entry or a name entry. It should point to the IP address of your server, if you decide to serve all requests to the domain on your own, or to the IP address of the hosting provider, if you decide to host your site. When a site is hosted by a hoster, the domain is usually delegated to its DNS server (the corresponding NS records are registered) and the A record will be made automatically when the domain is parked.
This is the most common option, but you can always create an A record yourself if necessary. This record has the form
Example.com. IN A 22.11.33.44
In our example, 22.11.33.44 is the address of our hosting provider that hosts the site. Pay attention to the dot at the end of the name, this indicates that the name is absolute, if there is no dot, the name is considered relative and the domain name from the SOA is added to it. You can check the record with the command nslookup.
For the mail server to work, you need to create an MX record, which should point to our mail server. To do this, let's create a record:
Example.com. IN MX 10 mail.example.com.
You can also write simply:
Example.com. IN MX 10 mail
To such a name (without a dot at the end) example.com will be automatically appended. Number 10 defines the priority of the server, the lower it is, the higher the priority. By the way, the DNS zone may already contain an MX record of the form:
Example.com. IN MX 0 example.com.
Usually this entry is automatically created by the hosting provider when the site is placed, it must be deleted.
Now let's create an A record for mail.example.com
Mail.example.com. IN A 11.22.33.44
Now all mail for the example.com domain will be forwarded to the mail host at 11.22.33.44, i.e. your mail server, at the same time the site example.com will continue to work on the provider's server at 22.11.33.44.
The question may arise, why is it impossible to immediately specify the IP address of the mail server in the MX record? In principle, you can, some do, but this does not comply with the DNS specifications.
You can also make aliases for a mail server like pop.example.ru and smtp.example.ru... Why is this necessary? This will allow the client to be independent of the specifics of your infrastructure, having once registered the settings. Let's say that your company has grown and dedicated a separate mail server to serve external clients. mail1, all you need to do is change two DNS records, clients will not notice that they are working with the new server. CNAME records are used to create aliases:
Pop IN CNAME mail.example.com.
smtp IN CNAME mail.example.com.
This completes the configuration of the forward DNS zone, the most interesting thing remains - the reverse zone. The reverse zone is controlled by the provider who gave you the IP address and you cannot manage it yourself (unless you are the owner of the IP address block). But it is necessary to add at least one record to the reverse zone. As we wrote in the last article, many mail servers check PTR records (reverse zone records) for the sending server and if they are absent or do not match the sender's domain, such a letter will be rejected. Therefore, ask the provider to add an entry for you like:
44.33.22.11.in-addr.arpa. IN PTR mail.example.com.
A bit weird, isn't it? Let's take a closer look at the structure of the PTR record. The special top-level domain in-addr.arpa is used for reverse name resolution. This is done in order to use the same programming mechanisms for forward and backward name translation. The point is that mnemonic names are written from left to right, and IP addresses from right to left. So mail.example.com. means that the mail host is in domain example, which is in the top-level domain com., 11.22.33.44 means that host 44 is in subnet 33, which is in subnet 22 of network 11. To keep the same order, the PTR records contain the IP address " back to front "top-level domain padded in-addr.arpa.
You can also check MX and PTR records with the command nslookup using an additional parameter -type = MX or -type = PTR
And of course, do not forget that any changes in DNS zones do not occur instantly, but within a few hours or even days necessary for the propagation of changes in the global DNS system. This means that despite the fact that your mail server will start working 2 hours after the changes are made, your partner's mail may not be sent to you for a longer time.
Today, when email is the backbone of business processes, companies need a reliable, high-performance email system that protects against viruses and spam, can authenticate users, encrypt traffic, and offers many convenient features. The presented solutions allow you to achieve such a result with a minimum of effort.
iRedMail
Name: iRedMail
License: GNU GPL
Platform:* nix
Mail servers based on * nix captivate with their openness, performance and security, but for a beginner, deployment from scratch and subsequent maintenance can turn into a real nightmare. The iRedMail project aims to solve this problem. In fact, this development is a set of scripts and ready-made configs that simplify the process of deployment and initial configuration of a Postfix / Dovecot-based mail server with support for SMTP, POP3 and IMAP protocols. After starting the script, it will download and install the necessary packages by itself, create the first virtual domain (by asking a minimum of questions) with the administrator and the user. The deployment process itself takes about ten minutes, after which it will be possible to send and receive mail. You won't have to read the documentation and delve into the settings, and you won't need any specific * nix knowledge. Accounts can be saved in OpenLDAP or MySQL, this is selected during the installation phase. Then you can create any number of domains, mailboxes and aliases, that is, there are no restrictions. To protect mail from viruses and spam, SpamAssassin and ClamAV will be automatically installed, as well as tools that provide support for SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), HPR (HELO Randomization Prevention), Spamtrap and white, black, gray lists ... To block attempts to brute-force a password, set iptables Fail2ban. The project offers its development iRedAPD (Access Policy Delegation), which allows you to manage Postfix policies by delegating authority between users. Management is carried out using the Roundcube WebMail web interface; in parallel, the service management tools phpLDAPadmin, PostfixAdmin, phpMyAdmin and the AWStats log analyzer will be installed to view statistics. There is also a localized administrator interface of our own design - iRedAdmin, in two versions: free Open Source and commercial iRedAdmin-Pro. The first allows you to manage only accounts and domains, the second solves all issues related to the administration of the mail system. All components are put on one "clean" server; if you already have a working MySQL, you can connect to it only if you make the necessary settings manually (requires some experience).
Installation on i386 / x86_64 versions of Red Hat Enterprise Linux, CentOS, Gentoo Linux, Debian, Ubuntu, openSUSE and Open / FreeBSD is supported. Several guides are available on the project website to help you quickly navigate.
IndiMail
Name: IndiMail
License: GNU GPL
Platform:* nix
A messaging platform for SMTP, IMAP, POP3 protocols, supporting QMQP, QMTP, DKIM and BATV (Bounce Address Tag Validation) and checking mail for spam and viruses. Based on several Open Source solutions: Qmail, Courier IMAP / POP3, serialmail (mail delivery over dial-up connections), qmailanalog (mailing lists), dotforward, fastforward, mess822, daemontools, ucspi-tcp, Bogofilter, Fetchmail and others. Provides a set of proprietary tools for managing virtual domains and user accounts. Provides routing for SMTP, IMAP and POP3, which allows you to host a mail domain on multiple servers with communication between them or as a proxy. This is very convenient if the organization consists of several remote offices. Using the hostcntrl utility, you can add individual addresses from other domains to the service. This allows IndiMail to be used in a heterogeneous environment without having to host multiple domains or moving from a proprietary solution. Multiple servers with data synchronization make it easy to grow the structure. Several components have been changed to provide better scalability and performance (notably Qmail). IndiMail uses several so-called queue collections, each of which runs its own qmail-send / qmail-todo process and can store data on a separate hard drive. This architecture allows requests to be processed faster than the original Qmail.
Developers give complete freedom in settings, almost all parameters can be redefined through variables (and there are about 200 of them). For example, the CONTROLDIR variable indicates the directory with configuration files, QUEUEDIR - the directory with queues. That is, you can run multiple copies of IndiMail on the same server with different settings for each queue, sender, recipient, and host. But it's not necessary to understand all the variables: it only takes a few edits to get IndiMail up and running. Newbies can manage installations using the FLASH menu (built with Ncurses). MySQL is used to store data about virtual users, address books can be stored in OpenLDAP. Recent releases are fully compatible with systemd. Developers pay a lot of attention to the security of both the server itself and services - minimal use of SETUID, clear separation between programs / addresses / files, five-level trust partitioning, automatic recognition of local IPs, access-list, tcprules, content filter, TLS / SSL and much more ...
IndiMail can be installed on any 32/64 * nix platform. Sources, packages and repositories are available for download for some popular Linux distributions (RHEL / CentOS 5/6, Fedora, openSUSE / SLE, Mandriva, Debian and Ubuntu). To manage the server, about 45 programs for various purposes are offered (most are located in / var / indimail / bin), accounts can also be configured using the iWebAdmin web interface (built on QmailAdmin), which must be installed separately.
Rumble
Name: Rumble
License: GNU GPL
Platform:* nix, Win
Mail server that supports SMTP (ESMTPSA), POP3 and IMAP. It is very easy to manage, a web interface is used for administration. Perfect for small organizations with multiple domains. It is written in C / C ++, it offers its own API for scripts (Lua and C / C ++). The architecture allows you to increase server performance by clustering servers for one or all domains. Supports SSL / TLS, SQLite and MySQL, authentication (MD5 / PLAIN / STARTTLS), white / gray / blacklist, SpamAssassin, BATV and VERP technologies (Variable Envelope Return Path) are included to protect against spam. The settings provide the ability to limit the maximum message size.
Source codes and x86 / x64 binaries for installation on Linux (Generic, Ubuntu, Debian) are available on the site. To start the server, you need to unpack the archive and execute the script, the program will do the rest by itself. For convenience, the source texts and configuration files can be distributed to the appropriate directories and provide autoloading at OS startup. Server parameters and modules are included in rumble.conf file. To be able to register via the web interface (port 2580), delete the automatically generated modules / rumblelua / auth.cfg file (it contains the admin password), then open the web browser and specify a new password. Now you can manage domains, accounts and mailboxes, server settings, view logs and statistics.
By default, SQLite is used as a database, if its capabilities are not enough or the organization already has a working MySQL, then you can easily switch the server to work with this DBMS.
Three levels are used for server administration - server administrator, domain administrator and user. The server administrator interface allows only creating and deleting domains, plus a number of specific settings are available. After creating a domain, in the RumbleLua User menu you need to add a new account and specify this domain in its settings. This will be the domain administrator, who, after registering in the system, will be able to create mailboxes, aliases, bind an address to a module, set a program that will be launched when a letter is received to a specific address, and configure a relay. The interface is not localized, although everything is very simple and straightforward.
Zentyal - out of the box mailer
Newbies who are intimidated by the very word Linux and the need to enter commands in the terminal need a simple solution that allows you to quickly deploy a mail service without reading the documentation. Alternatively, here you can recommend Zentyal - a specialized distribution built on the basis of Ubuntu Server (the latest release is based on Ubuntu 12.04 LTS) and which allows you to perform all the necessary installations and settings using a graphical interface. Zentyal is a general purpose distribution kit that can be used as a router with UTM functions, an office server or a message server. All necessary functions are implemented using installed modules / packages. There are currently more than thirty modules available in five categories, which can be added with one click. Zentyal can be installed as a standalone server using its own user base, or work in a master / slave link with the ability to replicate between several servers and synchronize credentials with LDAP / AD.
Axigen
Name: Axigen
License: GNU GPL
Platform: Linux, FreeBSD, Solaris, Windows
Multifunctional, fast, secure mail server (SMTP / POP3 / IMAP) with collaboration functions, calendar, to-do list and notes, developed by the Romanian company Gecad Technologies. Users can work with messages through an email client or using a localized (and very nice) web interface built using Ajax technology - it can be completely customized for yourself. Hotkeys are supported, further enhancing the experience of working with a regular desktop application. Available in the settings: collecting mail from external mailboxes, an autoresponder, mail filter, setting aliases, and more. User can also export / import contacts to CSV file for transfer to other applications. In addition to the standard one, it offers a simplified interface for mobile devices, ActiveSync support for synchronizing messages, contacts and calendar. An extension for working with shared folders is installed as an add-on.
Administration is performed using the command line or via the web module (runs on port 9000), which is understandable even for a beginner. At the same time, certain rights on settings are finely delegated to other users.
Integration with an LDAP server (the documentation describes OpenLDAP and eDirectory) or Active Directory is possible, for this you need to install special extension schemes. Implemented modules for backing up and restoring information, mailing lists, support for cluster and load balancing, MAPI interface, POP3 and IMAP proxies. The server can serve several domains with different settings. The documentation describes how to integrate a Jabber / XMPP-based IM service. In addition, Axigen has an advanced reporting system with the output of all kinds of charts; in total, about a hundred templates have been prepared. TLS / SSL can be used to protect information, all popular authentication mechanisms are supported: plain, login, cram-md5, digest-md5, and so on. Integration with fifteen solutions to combat viruses (Kaspersky, DrWeb, Symantec, ClamAV and others) and spam (including SpamAssassin) is possible. Supported technologies SPF, DKIM, black / gray / white lists and filtering by IP / country of origin. All this can be connected with just one click from the admin interface. Data exchange between Axigen and MS Outlook is possible, for this you need to install a connector.
A big plus of Axigen is the ability to run the server on multiple OS. The download page provides packages for Debian, Red Hat Enterprise Linux and CentOS 5/6, SUSE Linux Enterprise 10/11, Fedora 12 and 13, OpenSUSE 11.2 and 11.3, FreeBSD 7.x / 8.x, Solaris 10 x86 / SPARC and Win2k3 / 2k8 (x86 / x64). Also prepared Virtuozzo - containers for rapid deployment in virtual environments. Installation is very simple and is done using a GUI interface, in which you have to select services, set ports and specify network interfaces for user and admin connections. With proper skill, the whole process will take no more than 10-15 minutes. On the project site, you can find detailed documentation and several videos showing the installation and administration process. In addition, user and administrator demo interfaces are available. Axigen Free Mail Server (Office Edition) is free and supports up to one hundred e-mail accounts and five calendars.
CommuniGate Pro
Name: CommuniGate Pro
License: Free / paid
Platform:* nix, Windows, Mac OS X
Popular platform for e-mail, IM, VoIP, calendar functions and collaboration automation. For example, VoIP provides voice / video transmission and provides capabilities such as conferences, auto attendant (IVR), automatic call distribution, call queue management, and voice mail. At the same time, CommuniGate supports installation on a large number of operating systems and architectures (about thirty in total), IPv4 and IPv6, standard protocols SMTP, SIP, IMAP, XMPP, LDAP, RADIUS, XIMSS, CalDAV, WebDAV, MAPI, and others. The Session Border Controller ensures correct operation through NAT devices. The LDAP server included with CGP can be used by other applications as well. It is possible to synchronize data with BlackBerry using AirSync (a license for each device is purchased separately). The mailing list manager allows you to automate the newsletter with the possibility of self-subscribing by the user. The mailing list is created by the administrator, and further controlled by one of the server users.
Users can connect through any client program that supports these protocols or a localized web interface. Moreover, the web interface is very easy to configure in such a way that it takes the form of a regular mail client (so that the user interface is less confused). It is also possible to use a simplified interface to save traffic when working with PDA and access via WAP from mobile phones. You can call a user for a VoIP conversation with a single click from the web client or address book. The administrator in the settings sets the functions available to the user - sorting and forwarding mail, an autoresponder, downloading letters from external POP3 boxes, a list of contacts, tasks and a calendar.
The settings allow the user to open access to his mailbox or individual folders to other server users. This is useful when your organization needs to have a service account for customer communications that is used by multiple people.
One server can serve multiple domains. Cluster nodes are able to process only a certain type of traffic (for example, by region); SIP Farm technology is used to distribute requests. The solution is easily scalable to any size. By the way, the SIPNET operator's IP-telephony network is built on CommuniGate Pro.
User authentication is possible using an internal database, Active Directory or an external program, including client certificates are supported. In the settings, you can specify the IP addresses from which the client connection is allowed or denied. All information stored on the server and transmitted between the client and the server can be encrypted using SSL, TLS, S / MIME and others.
Open APIs simplify integration with billing and management systems. Plugin support allows you to connect third-party solutions for filtering spam and viruses. Integration with solutions from Kaspersky, Sophos, McAfee, MailShell, Cloudmark is currently supported.
Standard security measures have also been implemented - checking the return address of the sender, support for DNSBL (RBL), prohibiting the receipt of mail from certain IP addresses and networks, checking a specific line in the header or body of a message. Installation in any OS is not difficult, in fact, you just need to unpack the archive and start the server. All settings of the server, domains and accounts are made using the web interface (it works on port 8010, after starting you need to connect to it within ten minutes and set the administrator password). The system of rights allows you to delegate domain administration to other users, specifying only those functions that they really need.
Currently there are several server versions available with different licenses. The Community Edition is offered free of charge, with five active accounts, while the Corporate Edition and Service Provider with additional features are offered for a fee.
WARNING
After the first launch of CommuniGate Pro, you need to connect to port 8010 within ten minutes and set the administrator password.
Conclusion
It is not so difficult to deploy a mail server using the described solutions, depending on the experience of the administrator and the number of settings it will take half an hour to launch. On which specific decision to stop, you choose. For a mid-sized organization, iRedMail, Axigen, and Rumble are great; in the case when the company consists of several geographically remote offices, you should take a closer look at Axigen, IndiMail and CommuniGate Pro. The latter also provides VoIP.
- Translation
How to set up a mail server that can receive and send e-mail, fight spam, and interact with clients? It's actually pretty simple.
Today we'll talk about Linux mail servers. We will talk about how to set up a server, about the widespread Internet protocol SMTP, as well as about other protocols such as POP and IMAP. As a result, you will be the owner of a complete system for working with e-mail.
Let's start with an SMTP server on Linux
SMTP Server
The Simple Mail Transfer Protocol (SMTP) defines the rules for sending mail between computers, while it does not regulate the rules for storing or rendering messages. It is a system-independent protocol, that is, the sender and recipient of mail can have different operating systems.SMTP only requires the server to be able to send plain ASCII text to another server using port 25 which is the standard SMTP port.
Most Linux distributions today have two of the most common SMTP implementations built into them: sendmail and postfix.
Sendmail is a popular open source mail server used by many Linux distributions. Its disadvantages include a somewhat complicated architecture and insufficiently high level of protection.
Postfix is a slightly more advanced system, with special attention to security issues during the development of this mail server.
Postal Service Components
A typical postal service has three main components:Mail client also called a Mail User Agent (MUA). It is with him that the user interacts, for example, these are Thunderbird or Microsoft Outlook mail clients. They allow the user to read mail and write emails.
Mail server, or a Mail Transport Agent (MTA). This component is responsible for moving email between systems, for example Sendmail and Postfix do.
Email Delivery Agent(Mail Delivery Agent, MDA). This component is responsible for distributing received messages to user mailboxes. For example, these are Postfix-maildrop and Procmail.
Installing the mail server
The Postfix package was chosen to configure our server. This is a popular choice among sysadmins, the standard mail server on most modern Linux distributions.Let's start by checking if Postfix is installed on the system:
$ rpm -qa | grep postfix
If Postfix is not found, you can install it, for example, on distributions based on Red Hat, using the following command:
$ dnf -y install postfix
Then we start the postfix service and arrange for it to autostart at system boot:
$ systemctl start postfix $ systemctl enable postfix
On Debian-based distributions like Ubuntu, you can install Postfix like this:
$ apt-get -y install postfix
During installation, you will be prompted to select a server configuration. Among the four available options (No configuration, Internet site, Internet with smarthost, Satellite system and Local only), we will choose No configuration which will create the user and group accounts required by Postfix.
Server Tuning
After installing the Postfix mail server, you need to configure it. Most of the configuration files are located in the directory / etc / postfix /.The main Postfix configuration file can be found at /etc/postfix/main.cf... There are many parameters here, let's look at the most important ones.
myhostname
This parameter is used to specify the hostname of the mail system. This is the hostname on the Internet for which Postfix will receive mail.
Typical examples of hostnames for mail servers are mail.example.com and smtp.example.com.
Configure this parameter like this:
Myhostname = mail.example.com
mydomain
This setting allows you to specify the mail domain that the server is servicing, for example - example.com:
Mydomain = example.com
myorigin
This parameter allows you to specify the domain name used in mail sent from the server. Let's assign it the value $ mydomain:
Myorigin = $ mydomain
In settings, you can refer to parameters by adding the $ sign in front of the variable name.
mydestination
This parameter contains a list of domains that the Postfix server will consider as the final destination for incoming mail.
In our case, the server hostname and domain name will be here, but this parameter can contain other names:
Mydestination = $ myhostname, localhost. $ Mydomain, $ mydomain, mail. $ Mydomain, www. $ Mydomain
mail_spool_directory
Postfix mail server can use two modes of mail delivery:
- Directly to the user's mailbox.
- To the central directory of queues, while mail goes to the folder / var / spool / mail where there is a file for each user.
mynetworks
This variable is an important tuning parameter. It allows you to specify which servers can forward mail through the Postfix server.
Typically, only local client computers are allowed to transfer mail. Otherwise, spammers may be interested in your server.
If the parameter is set incorrectly mynetworks, spammers will be able to use the server as a mail relay. This will very quickly lead to some anti-spam system placing it on a blacklist like DNS Blacklist (DNSBL), or Realtime Blackhole List (RBL). Once a server is included in such a list, very few will be able to receive emails sent with its help.
Setting this parameter might look like this:
Mynetworks = 127.0.0.0/8, 192.168.1.0/24
smtpd_banner
This variable allows you to set the response that the server returns when clients connect.
It is best to change this value so that it does not indicate which mail server is being used.
inet_protocols
This variable allows you to set the IP version that Postfix will use when establishing connections.
Inet_protocols = ipv4
In order for the changes made to the configuration files to take effect, the Postfix service must be restarted:
$ systemctl reload postfix
In fact, there is a lot more you can customize in the Postfix configuration file. For example - manage security levels, set debug options and other parameters.
You may be making a mistake when configuring the server by entering parameter values. You can check the correctness of the settings using the following command:
$ postfix check
Using this tool, you can find the line where the error was made and fix it.
Checking the message queue
Occasionally, the mail queue becomes full. This can be caused by many factors, such as a network error, or any reason that might delay the sending of mail.To check the message queue, use the following command:
$ mailq
It will display the messages in the queue. If the queue is full and it takes several hours to send a message, you can initiate the message sending process with the following command:
$ postfix flush
If you now check the queue, it should be empty.
Testing the mail server
After configuring the server on Postfix, you need to test it. The first step in testing is using a local mail client like mailx or mail(this is a symbolic link to mailx).Try sending an email to someone whose address is served on the same server, and if that works, send an email to an address somewhere else.
$ echo "This is message body" | mailx -s "This is Subject" -r "likegeeks
Then try accepting the email sent from another server.
If you run into problems, check the logs. On Red Hat-based distributions, what you need can be found at / var / log / maillog... On Debian distributions, the file you need can be found here: /var/log/mail.log, or along the path specified in the rsyslogd settings. Here is some material on Linux logging, if needed, and how to set up rsyslogd.
If the problems are still not resolved, try to check your DNS settings, take a look at MX records using Linux network commands.
Anti-spam
There are many solutions for detecting unwanted messages - spam - among e-mail messages. One of the best is the open source SpamAssassin.You can install it like this:
$ dnf -y install spamassassin
Then you need to start the corresponding service and add it to startup:
$ systemctl start spamassassin $ systemctl enable spamassassin
After installing SpamAssassin, take a look at its settings in the file /etc/mail/spamassassin/local.cf.
SpamAssassin is able to distinguish ordinary messages from spam, based on the results of the analysis of correspondence using various scripts. The results of inspections are evaluated in points.
The higher the final grade of the letter, the higher the likelihood that it is spam.
In the configuration file, the parameter required_hits 5 indicates that SpamAssassin will flag a message as spam if it has a rating of 5 or higher.
Parameter report_safe takes the values 0, 1, or 2. Setting it to 0 means that messages marked as spam are forwarded in their original form, but their header is modified to indicate that they are spam.
If this parameter is set to 1 or 2, SpamAssassin will generate a report and send it to the recipient.
The difference between the values 1 and 2 is that in the first case the spam message will be encoded in the message / rfc822 format, and in the second - in the text / plain format.
Text / plain encoding is safer, since some mail clients execute messages in the message / rfc822 format, which, under certain conditions, can lead to a virus infection of the client computer.
After installing and configuring SpamAssassin, you need to integrate it with Postfix. This is perhaps easiest to do with procmail.
Let's create a file / etc / procmailrc and add the following to it:
: 0 hbfw | / usr / bin / spamc
Then let's edit the Postfix configuration file - /etc/postfix/main.cf by setting the parameter mailbox_command in the following way:
Mailbox_command = / usr / bin / procmail
Finally, restart the Postfix and SpamAssassin services:
$ systemctl restart spamassassin
It must be said that SpamAssassin does not always recognize spam, which leads to the filling of mailboxes with unnecessary letters.
Fortunately, messages can be filtered using Realtime Blackhole Lists (RBLs) before they reach the Postfix mail server. This will reduce the load on your mail server and help keep it clean.
Open Postfix config file /etc/postfix/main.cf, change the parameter smtpd_recipient_restrictions and configure other parameters as follows:
Strict_rfc821_envelopes = yes relay_domains_reject_code = 554 unknown_address_reject_code = 554 unknown_client_reject_code = 554 unknown_hostname_reject_code = 554 unknown_local_recipient_reject_code = 554 unknown_relay_recipient_reject_code = 554 unverified_recipient_reject_code = 554 smtpd_recipient_restrictions = reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client dsn.rfc-ignorant.org, reject_rbl_client dul. dnsbl.sorbs.net, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, permit
Then restart the Postfix server:
$ systemctl restart postfix
The above blacklists are used most often, but you can find other similar servers.
Securing SMTP connection
It is best to send SMTP traffic over TLS to protect it from a middleman attack.First you need to generate a certificate and key using the command openssl:
$ openssl genrsa -des3 -out mail.key $ openssl req -new -key mail.key -out mail.csr $ cp mail.key mail.key.original $ openssl rsa -in mail.key.original -out mail_secure.key $ openssl x509 -req -days 365 -in mail.csr -signkey mail_secure.key -out mail_secure.crt $ cp mail_secure.crt / etc / postfix / $ cp mail_secure.key / etc / postfix /
Then you need to add to the Postfix configuration file /etc/postfix/main.cf following:
Smtpd_use_tls = yes smtpd_tls_cert_file = /etc/postfix/mail_secure.crt smtpd_tls_key_file = /etc/postfix/mail_secure.key smtp_tls_security_level = may
Finally, you need to restart the Postfix service:
$ systemctl restart postfix
Now, when the client connects to the server, you need to select TLS. Here, the first time you send mail after changing the settings, you will see a warning, since the certificate is not signed.
Basics of POP3 and IMAP protocols
So, we have established the process of sending and receiving emails via SMTP, but the organization of a full-fledged mail service does not end there. Consider the following situations:- Users need local copies of emails to view them offline.
- User mail clients do not support the mbox file format. It is a simple text format that can be read by many console mail clients such as mailx and mutt.
- Users cannot constantly use a fast connection to access the server file system and to work with mbox files, as a result, you need to make a local copy to work with them without connecting to the network.
- Security restrictions indicate that users do not have direct access to the email gateway, for example, they are not allowed to work with public message queue folders.
The two most widely used mail access protocols are POP (Post Office Protocol) and IMAP (Internet Message Access Protocol).
POP is based on a very simple idea. The central mail server on Linux is connected to the Internet all the time, it receives and stores letters for all users. All received letters remain in the queue on the server until the user connects to it via POP and downloads the letters.
When a user wants to send an email, the email client usually sends it through a central server via SMTP.
Please note that the SMTP server and the POP server can run on the same machine without any problems. This is common practice these days.
Features such as storing the original copies of user emails on the server with only cached copies on the client are not available in POP. This led to the development of the IMAP protocol.
Using IMAP, the server will support three modes of mail access:
- Online mode is similar to direct access to the file system on a mail server.
- Offline mode is similar to how POP works, with a client disconnecting from the network after receiving their emails. In this mode, the server usually does not store copies of letters.
- Offline mode allows users to keep cached copies of their emails, and the server also stores copies of these emails.
The POP3, POP3S, IMAP, and IMAPS servers listen on ports 110, 995, 143, and 993, respectively.
Installing Dovecot
Most Linux distributions come with Dovecot preinstalled, however, you can install it yourself. On Red Hat based systems, this is done like this:$ dnf -y install dovecot
On Debian-based systems, IMAP and POP3 functionality is provided in two different packages:
$ apt-get -y install dovecot-imapd dovecot-pop3d
Here you will be prompted to create a self-signed certificate for working with IMAP and POP3 over SSL / TLS. Answer the question yes and, when prompted, enter the hostname of your system.
Then you can start the corresponding service and add it to startup:
$ systemctl start dovecot $ systemctl enable dovecot
Configuring Dovecot
The main Dovecot configuration file is located at /etc/dovecot/dovecot.conf... In some Linux distributions, this file is located in the folder /etc/dovecot/conf.d/ and, to include configuration files, the include directive is used.Here are some of the options used to customize Dovecot.
protocols: protocols to be supported.
Protocols = imap pop3 lmtp
Here lmtp stands for Local Mail Transfer Protocol. listen: IP address that the server will listen to.
Listen = *, ::
Here, an asterisk means all IPv4 interfaces, double colons means all IPv6 interfaces.
userdb: user database for authentication.
Userdb (driver = pam)
mail_location: this is the entry in the file /etc/dovecot/conf.d/10-mail.conf... It looks like this:
Mail_location = mbox: ~ / mail: INBOX = / var / mail /% u
Dovecot comes with standard SSL certificates and key files that are used in the file /etc/dovecot/conf.d/10-ssl.conf.
Ssl_cert =When the user tries to connect to Dovecot, the server will show a warning because the certificates are not signed. If required, signed certificates can be purchased from a suitable certification authority.
Don't forget to open the ports of the Dovecot server on your firewall.
$ iptables -A INPUT -p tcp --dport 110 -j ACCEPT $ iptables -A INPUT -p tcp --dport 995 -j ACCEPT $ iptables -A INPUT -p tcp --dport 143 -j ACCEPT $ iptables -A INPUT -p tcp --dport 993 -j ACCEPT
And don't forget about the SMTP port.
$ iptables -A INPUT -p tcp --dport 25 -j ACCEPT
Then save the rules. If you want a refresher on the specifics of working with iptables in Linux, take a look at
Original: Install a Complete Mail Server with Postfix and Webmail in Debian 9
Author: Matei Cezar
Publication date: October 12, 2017
Translation: A. Krivoshey
Date of translation: November 2017
This guide will show you how to install and configure a fully functional Postfix mail server on Debian 9. It also describes how to configure account mailboxes using Dovecot to receive and compose IMAP emails. To work with mail, users will use the Rainloop Webmail web interface.
Requirements
Debian 9 Minimum Install
- static IP address configured for the network interface
- local or registered public domain name.
In this tutorial, we will use a private domain account to set up a mail server configured with only the / etc / hosts file, without any DNS server involved in handling DNS resolutions.
Stage 1: Pre-configuring Postfix mail server on Debian
1. In the first step, log in as root and make sure your Debian system is updated to the latest packages of installed programs and all security fixes are installed using the following command:
# apt-get update # apt-get upgrade
2. In the next step, install the packages that will be used for system administration:
# apt-get install curl net-tools bash-completion wget lsof nano
3. Next, open the /etc/host.conf file for editing in your favorite text editor and add the following line at the top of the file to allow DNS to read the hosts file first.
Order hosts, bind multi on
4. Next, set your computer's fully qualified domain name (FQDN) and add your domain name and your system's FQDN to the / etc / hosts file. Use your system's IP address to resolve the domain name and FQDN as shown in the screenshot below.
Replace the IP address and domain. Then restart your computer to use the correct hostname.
# hostnamectl set-hostname mail.tecmint.com # echo "192.168.0.102 tecmint.com mail.tecmint.com" >> / etc / hosts # init 6
5. After rebooting, verify that the hostname is configured correctly using the following sequence of commands. The hostname command should return the domain name, FQDN, hostname, and IP address of the system.
# hostname # hostname -s # hostname -f # hostname -A # hostname -i # cat / etc / hostname
6. Also, use the commands below to check if the domain is responding correctly to local requests. Please be aware that the domain will not respond to remote requests sent by other systems on your network because we are not using a DNS server.
However, the domain must respond to other systems if you manually add the domain name to each of the / etc / hosts files. Also be aware that DNS resolution for a domain added to the / etc / hosts file will not work with host, nslookup, or dig commands.
# getent ahosts mail.tecmint.com # ping tecmint.com # ping mail.tecmint.com
Stage 2. Installing Postfix mail server in Debian
7. The most important piece of software required for the mail server to function properly is the MTA agent. MTA is server-client architecture software that is responsible for forwarding mail between mail servers.
In this tutorial, we will use Postfix as the mail transfer agent. To install postfix on Debian from the official repositories, run the following command.
# apt-get install postfix
8. During the Postfix installation process, you will be asked a series of questions. In the first question, select "Internet Site" as the general type for Postfix configuration and press the key to continue, then add your domain name to the system email name as shown in the screenshots below.
Stage 3. Setting up Postfix mail server in Debian
# cp /etc/postfix/main.cf(,.backup) # nano /etc/postfix/main.cf
Now configure Postfix in the main.cf file as shown below.
# See /usr/share/postfix/main.cf.dist for a commented, more complete version smtpd_banner = $ myhostname ESMTP biff = no # appending .domain is the MUA "s job. Append_dot_mydomain = no readme_directory = no # See http: //www.postfix.org/COMPATIBILITY_README.html - default to 2 on # fresh installs. compatibility_level = 2 # TLS parameters smtpd_tls_cert_file = / etc / ssl / certs / ssl-cert-snakeoil.pem smtpd_tls_key_file = / etc / private / ssl-cert-snakeoil.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree: $ (data_directory) / smtpd_scache smtp_tls_session_cache_database = btree: $ (data_directory/fix / smtp_scache) doc package for # information on enabling SSL in the smtp client.smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = mail.debian.lan mydomain = debian.lan alias_maps = hash: / etc / aliases alias_database = hasiases: / etc / aliases alias_database = hasiases: / etc / etc / mailname myorigin = $ mydomain myd estination = $ myhostname, $ mydomain, localhost. $ mydomain, localhost relayhost = mynetworks = 127.0.0.0/8, 192.168.1.0/24 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all #inet_protocols = all inet_protocols = ipv4 home_mailbox = Maildir SMTP-Auth settings smtpd_sasl_type = dovecot smtpd_sasl_path = private / auth smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = permit noanonymous smtpd_sasl_local_domain = $ myhostrestname_sasl_recipient referencing
Replace the variables myhostname, mydomain and mynetworks according to your settings.
You can run the postconf -n command to check for possible errors as shown in the screenshot.
# postconf -n
10. After completing the configuration, restart the Postfix daemon to apply the changes and verify that the service is running by verifying that the main Postfix service is connected to port 25 using the netstat command.
# systemctl restart postfix # systemctl status postfix # netstat -tlpn
Stage 4. Checking Postfix mail server on Debian
11. To check if postfix can handle mail, first install the mailutils package using the command:
# apt-get install mailutils
12. Next, using the mail command-line utility, send an email to the root account and check if the mail was successfully transmitted using the command below, which checks the mail receiving queue and prints the contents of the Maildir folder in the root home directory.
# echo "mail body" | mail -s "test mail" root # mailq # mail # ls Maildir / # ls Maildir / new / # cat Maildir / new / Test Postfix by Sending Mail Test Postfix by Sending Mail
13. You can also check how the mail was processed by the postfix service by checking the contents of the mail log file with the command:
# tailf /var/log/mail.log
Stage 5: Installing and Configuring Dovecot IMAP on Debian
14. Dovecot IMAP is the mail delivery agent that we will use to deliver e-mail messages to local recipient mailboxes. IMAP is a protocol that runs on ports 143 and 993 (SSL) and is responsible for reading, deleting, or moving emails for multiple email users.
IMAP also provides synchronization to ensure that a copy of each message is kept on the server and allows users to create multiple directories on the server and move messages to those directories for sorting.
The above does not apply to POP3 protocol. POP3 does not allow users to create multiple directories on the server to sort mail. You only have an Inbox to manage your mail.
Installing the main Dovecot server and the Dovecot IMAP package in Debian is done using the command:
# apt install dovecot-core dovecot-imapd
15. After Dovecot is installed on your system, edit the dovecot files. First open the file /etc/dovecot/dovecot.conf, find and uncomment the following line:
Listen = *, ::
16. Then open /etc/dovecot/conf.d/10-auth.conf for editing, find and change the lines to look like below.
Disable_plaintext_auth = no auth_mechanisms = plain login
17. Open /etc/dovecot/conf.d/10-mail.conf and add the line below to use Maildir instead of Mbox format for storing emails.
Mail_location = maildir: ~ / Maildir
18. And the last file to edit is /etc/dovecot/conf.d/10-master.conf. Here find the Postfix smtp-auth block and make the following changes:
# Postfix smtp-auth unix_listener / var / spool / postfix / private / auth (mode = 0666 user = postfix group = postfix)
19. After making all the above changes, restart the Dovecot daemon to apply the changes, check its status and make sure that Dovecot is connected to port 143 using the commands:
# systemctl restart dovecot.service # systemctl status dovecot.service # netstat -tlpn
20. Check if the mail server is working properly by adding a new user account to the system, connecting to the SMTP server using telnet or netcat commands, and sending an email to the new user as shown below.
# adduser matie # nc localhost 25 # ehlo localhost mail from: root rcpt to: matie data subject: test Mail body. quit
21. Check if the letter has arrived in the mailbox of the new user:
# ls / home / test_mail / Maildir / new /
22. Alternatively, you can connect to the user's mailbox from the command line using the IMAP protocol, as shown below. New mail should be in the user's "Inbox" folder.
# nc localhost 143 x1 LOGIN matie user_password x2 LIST "" "*" x3 SELECT Inbox x4 LOGOUT
Stage 6. Installing and configuring Webmail in Debian.
23. Users will manage their email using the Rainwop Webmail client. Before installing Rainloop Mail Agent, first install Apache HTTP Server and PHP modules required by Rainloop using the following command:
# apt install apache2 php7.0 libapache2-mod-php7.0 php7.0-curl php7.0-xml
24. After installing the Apache web server, go to the / var / www / html / directory, remove the index.html file and install Rainloop Webmail.
# cd / var / www / html / # rm index.html # curl -sL https://repository.rainloop.net/installer.php | php
25. After installing the Rainwoo Webmail client, navigate to your domain's IP address and log into the Rainloop admin web interface with the default credentials:
Http://192.168.0.102/?admin User: admin Password: 12345
26. Go to the Domains menu, click the Add Domain button and add the domain name settings as shown in the following screenshot.
After successfully logging into Rainloop's email, you should see the message sent earlier from the command line in your Inbox folder.
Http://192.168.0.102 User: [email protected] Pass: the matie password
27. When adding a new user, use the useradd command with the -m flag to create the user's home directory. But first make sure you set up the Maildir path variable for each user with the command below.
# echo "export MAIL = $ HOME / Maildir" >> / etc / profile # useradd -m user3 # passwd user3
28. If you want to redirect all e-mails destined for root to the specified local e-mail account from the system, run the commands below. All emails destined for the root account will be forwarded to your user as shown in the image below.
# echo "root: test_mail" >> / etc / aliases # newaliases
It's all! You have successfully installed and configured a mail server on your system so that local users can communicate via email. However, this mail configuration is not properly secured and is recommended to be deployed only for small networks that you have full control over.
