Sunday Feb 05
English French German Italian Portuguese Russian Spanish Filipino

Run Your Own Free Enterprise Mail Server

Attention: open in a new window. PDFPrintE-mail

Last Updated on Tuesday, 18 August 2009 15:49 Written by Joe Aldeguer Monday, 18 May 2009 15:15


During an economic down turn, why spend thousands of dollars buying commercial mailserver software or even pay monthly/annual fees for e-mail service? When you could use Open Source software to run your own free mail server. If you already have unused server hardware capable of running Linux or Vmware ESXi, you're a step closer to enjoying significant costs savings! I have successfully ran our e-mail infrastructure for the last nine years using open source software, maybe you could do the same. On the other hand if you're used to having paid tech support to call whenever you encounter problems I'd stick with commercial solutions.

Disclaimer: There is no guarantee this will work for you the information provided is for author's personal use.

Note: Words in italic are commands to be type at the shell.

A lists of requirements I like our office mail server to meet.

  • I must be able to manage the mail server using web access or ssh
  • Control how much space user's can use in their mail boxes using mail quotas
  • E-mail will be stored using Maildir
  • Prevent spam and viruses from ending up in users inboxes
  • Users will be able to view e-mail using IMAP or POP
  • Users are able to set auto reply message
  • Users are able to control their individual spam settings
  • I can safely apply security updates to the mail server with the option of rolling back changes
  • Users can fetch e-mail from other accounts
  • Users can create sub folders on all e-mail folders
  • Must be scalable to meet growth
  • Scheduled backups for disaster recovery
  • Should not break the bank when meeting all needs
  • Rock solid reliability
  • Webmail
  • Restoring user deleted e-mails or mail folders
  • Manage Postfix using a web interface
  • Control Clamav using a web interface


Should not break the bank:

We we're already in the process of virtualizing most of our physical servers. The mailserver being one of them. Aside for the time I spent working on the mail server project there where no other costs associated with implementing the mailserver.

Rock solid reliabilty:

Meeting this requirement was a no brainer.  My OS of choice for the mail server will be the latest Debian release Lenny.  I'll start off with a fresh install. The virtual server on the ESXi host has already been created.

Partitions used.

partitions

 

 

 

 

 

 

 

 

 

 

 

Edit sources.list.

cd /etc/apt/sources.list

cp sources.list sources.list.orig (make a backup copy)

vi sources.list

Delete or comment out by placing a # sign in front of the line for CDRom.

Update the system to use the new sources.list

apt-get update

I must be able to manage the mail server using a remote tool:

I'm going to use SSH and Webmin to manage the server remotely.  I will also use Virtualmin GPL to manage the e-mail accounts.

apt-get install ssh

Install Webmin and Virtualmin could be done in one fell swoop using the install script. The cool thing using Virtualmin's install script that it does most of the software installations including configuring of all of the software needed to run an e-mail server. This process used to take me hours to complete doing the manual method. (Will only work on a fresh Debian install.)

Reboot the server.

reboot

I prefer to change the port Webmin is using to listen for connections.

Now I am able to create the domain which will host all of my e-mail accounts using Virtualmin GPL.

 

creating-mail-domain



 

 

 

 

 

 

Go to Virtualmin | Choosing the Example.com domain from the drop down menu | then clicking the green arrow| Click Edit Mail and FTP Users | to begin adding mail accounts. Virtualmin by default uses Maildir when storing e-mails exactly what I need so my user's could create mail subfolders.

 

creating-user-mail-accounts

 

 

 

 

 

 

 

 

After creating the user account I'm going to change a setting in Usermin so my users are able to use it to view e-mails as well as make other adjustments as to how the mail server handles their e-mails. Go to Webmin | Usermin Configuration | Usermin Module Configuration | Read mail | Change the mail storage format for inbox to "Qmail style directory (Maildir.)

 

usermin-maildir-setting

 

 

 

 

Login using Usermin to send a test e-mail.  The test succeeds.


usermin-test-email





 

Users are able to set auto reply message:

Each user will be able to setup and customize their own auto-replies. When they login Usermin Go to | Mail | Automatic Reply.

 

auto-reply

 

 

 

 

 

Users can fetch e-mail from other mail accounts:

Each user will also be able to pull e-mails from other e-mail accounts they have.  To make this available I will have to install Fetchmail.

apt-get install fetchmail

Then make the module available through Usermin by going to | Webmin | Usermin Configuration | Module Restrictions | click on available modules | check Fetchmail Mail Retrieval | click save. Restart Usermin to make it active.

 

check-fetchmail-retrieval

 

 

 

 

 

When the user logins using Usermin they will go to Usermin | Mail | Fetchmail Mail Retrieval. Put in the login information of the mail account where to pull e-mail from. Any e-mail fetchmail pulls will still pass through the spam and virus filters. Fetchmail is even smart enough to keep the original mail headers.

 

fetchmail-pull-account

 

 

 

 

 

 

E-mail will be stored using Maildir:

By default whenever you use Virtualmin to create e-mail accounts the mail accounts are setup to use Maildir. This is how I prefer to store user's e-mails rather than storing them in MySQL. In my opinion storing them in MySQL just adds another layer of complexity to diagnose when there are problems. Users using any mail client to connect to the server either using IMAP or POP will be allowed as long as they meet the authentication requirements. I have to change settings in Dovecot so I don't run into permission errors regarding index files. Go to Webmin | Servers | Dovecot IMAP/POP3 Server | Mail Files copy the settings on the image shown. Click save.

 

dovecot-index-location-correction

 

 

 

 

 

 

Failure to make the change above will not only produce the error below but prevent anyone trying to connect using any mail client.

 

dovecot-permission-errors-index-files

 

 

Dovecot by default disables plaintext logins. I will change this setting to allow plaintext logins since all of my users connect to the mail server within the LAN only.

 

enable-plaintext-logins-dovecot

 

 

 

 

 

Restoring user deleted e-mails or mail folders:

Occassionally a user will accidentally delete an e-mail or mail folder by mistake. To be able to restore a deleted object I will setup a scheduled backup of root direcotry containing all of the users mail files. Go to Webmin | System | Filesystem Backup | Add a new backup of directory | I'll choose where I want the backup to be stored. It could be locally or I could use FTP or SSH to back it up to a remote location.

 

backup-options

 

 

 

 

 

 

 

 

 

 

I'll set a schedule for the backup.

 

backup-schedule

 

Restoring user deleted e-mails or mail folders:

Before restoring a user's e-mail or mail folders I will notify the user to closeout of the mail client or webmail. Restore process go to Webmin | System | Filesystem Backup | click on scheduled back to restore from | click restore. Using options shown in image. I have created a folder called restored inside the /tmp directory. This is where I will extract the restored folder.

 

restore-options

 

 

 

 

 

 

 

Something to keep in mind when working with Dovecot Maildirs, each users mail files or folders are being stored in a directory called Maildir within each user's home as shown in image below. The highlighted cur folder contains the users inbox e-mails.

These are the contents of /home/example/homes/scooby/Maildir

user-maildir-structure

 

 

 

 

 

 

Now back to the restoration part. If I were to restore an e-mail which got deleted by mistake I'll go into the directory where I extracted the files.

cd /tmp/restored/home/example/homes/scooby/Maildir (example is the name of the mail domain)

Moving into the /cur directory I can copy the e-mail being restored.  If there was a lot of e-mails in the inbox to search from as long as the user was atleast able to provide some text to use for the search I could use the search function of Webmin's File Manager module.

 

searching-text

 

 

 

 

 

 

 

 

 

 

 

Running the search based on the text "Before restore" came back with.

 

searched-results

 

 

 

 

 

 

 

Opening the file numbered 1606, does contain the subject line: Before restore.

 

containing-searched-text

 

 

 

 

 

 

 

 

 

 

At this point I could now copy this e-mail back into the users Maildir, cur directory to put it back in the users inbox. If for some reason the users whole Maildir directory got corrupted I can overwrite it using the Maildir from backup. After thats done I can have the user sync her mail folders.

 

sync

 

 

 

 

 

 

 

 

 

 

 

Control how much space user's can use in their mail boxes using mail quotas:

For the /home directory I have quota enabled for users and groups already done by the Virtualmin install script.  To edit the quota limit for the mail domain being hosted go to Virtualmin | Choose domain from drop down | Click green arrow | Edit Virtual Server | Expand Quotas and Limits. This is where to set the total quota restriction for the example.com domain.

 

edit-quota-limit-per-domain

 

 

 

 

 

 

 

By default each new user is given 50 MB for disk space. This could also be change by going to Virtualmin | Choose Domain | Edit Mail and FTP Users | Expand Quota and home directory settings.

 

new-user-quota

 

 

 

 

 

 

 

Users will also be able to check their quota status through Usermin.

 

usermin-quota-read-out

 

 

 

I can setup how often the system will pester users who are in violation of quota limits by going to Webmin | Disk Quotas | Click on /home users | Email Notifications |

 

over-quota-notifications

 

 

 

 

 

To modify the message being sent out to users go to Webmin | Disk Quotas | Module Config.

 

quota-over-limit-message-notification

 

 

 

 

 

 

 

 

 

I changed the bounced message Postfix sends out when sending an e-mail to a user who is over quota to read below.

 

message-sent-to-sender-for-mailbox-full

 

 

 

 

 

 

 

 

 

A user who is about to exceed their quota limit will receive this e-mail notification.

 

mail-over-quota-warning

 

 

 

 

 

 

Scheduled backups for disaster recovery:

I have scheduled a cron task to pull domain mail files off this server to another server using rsync. Rsync pulls any file changes from the primary mail server into an offsite backup mail server. If our office went up in flames I would still have a very recent copy of users mail files. I also have a secondary MX, as a backup incase we loose connectivity to prevent message undeliverables. To setup host rsync.

I can safely apply security updates to the server with the option of rolling back changes:

Before applying any security updates or any major changes on the production server. I will ran a snap shot on the virtual server. Incredibly on a 150 Gig VM the snapshot only takes a little over a minute! I now have the peace of mind knowing if something horribly goes wrong I can go back to the most recent snapshot.

 

esxi-snap-shots

 

 

 

 

 

 

 

 

 

 

Must be scalable to meet growth:

I could monitor my mail virtual server's performance by using ESXi performance tool. Of course I could also use the top command. But the nice thing using ESXi performance tool I could save the fancy graph results or have it printed.

 

performance-tool-esxi

 

 

 

 

 

 

 

 

 

If based on results I need to add more memory I could do so by editing the virtual machine settings through ESXi.

 

adding-memory

 

 

 

 

 

 

 

 

 

 

 

 

The same thing could be done for memory or an additional hard drive.

 

adding-cpu

 

 

 

 

 

 

 

 

 

 

 

 

Webmail:

All of my users mail clients are setup to use IMAP.  This allows them to read their e-mails from outside of the office using webmail. They could even forgo using any desktop mail client software to access their e-mails. I could setup either Squirrelmail or GroupOffice to serve webmail. Setting up GroupOffice howto. The Postfix installed by Virtualmin's install script on this server supports SASL authentication. This allows me to send e-mail from my iPhone or Blackberry through the mail server.

 

Prevent spam and viruses from ending up in users inboxes:

To extend my defense I also use an open source SMTP proxy called ASSP which filters spam and viruses before handing the e-mail message to my mail server.  When the mail server receives the e-mail message I have Postfix using RBLs to check the icoming message. Any e-mail message which passes those checks gets handover to procmail which then passes it to spamassassin and clamav for further checks before delivering it to users mailboxes. Using this layered defense has proven to be VERY effective combating spam and viruses.

SMTP Proxy setup howto.

Postfix RBL setup.

Applicable to Postfix versions 2.x only.

cd /etc/postfix

cp main.cf main.cf.orig

vi /etc/postfix/main.cf

Copying and pasting below into main.cf

smtpd_helo_required = yes
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
invalid_hostname_reject_code = 554
multi_recipient_bounce_reject_code = 554
non_fqdn_reject_code = 554
relay_domains_reject_code = 554
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_sender_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554

smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client multi.uribl.com,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client combined.rbl.msrbl.net,
reject_rbl_client rabl.nuclearelephant.com,
permit

 

Restart Postfix.

/etc/init.d/postfix restart

Check the logs for any errors.

tail -f /var/log/mail.log

 

Controlling clamav using a web interface:

I will add the Clamav Webmin module which will allow me to control Clamav. It also gives me the ability to search for quaratined e-mails. This module could be downloaded from here.

After downloading the module I will install it by going to Webmin | Webmin Configuration | Webmin Modules | From uploaded file | Choose where file is located. Click install module. There are other perl modules needed which I will install.

GD::Text, Mail::Mbox::MessageParser, GD::Graph::lines

After successfully installing them, Click Backup. Go to Database updates, Click Update now.

 

clamav-management

 

 

 

 

 

 

 

 

 

I'm now able to see the Clamav Management.

 

clamav-cpanel

 

 

 

 

 

 

 

I will also set the frequency schedule of virus definition updates also when to purge the virus quarantined directory.

 

clamav-schedule

 

 

 

 

 

 

 

 

 

 

To search for e-mails accidentally tagged as spam the module also provides the tool.

 

searching-quarantine

 

 

 

 

 

 

 

 

 

 

I tried sending myself an e-mail with a virus attachment using the eicar virus. Since I have it set for my domain to "Throw away" the virus message never got delivered to my inbox. To change how procmail handles spam and viruses. Go to Virtualmin | Domain being managed | Server Configuration | Spam and Virus Delivery.

 

virus-delivery-rule

 

 

 

 

 

 

 

 

 

 

 

Users are able to control their individual spam settings:

Each user will be able to control their own spam control settings. A user will have to log into Usermin to make changes to their spam settings.

 

usermin-login

 

 

 

 

 


To futher improve spam detection I will install razor.

apt-get install razor pyzor

Installing razor will allow my users to take part in reporting spam e-mails through Usermin. They could also block an e-mail if they consider it as spam the rule will only apply to their e-mail address.  To do this a user logs into Usermin | Mail | SpamAssassin Mail Filter | Denied addresses | click save.

 

deny-spam

 

 

 

 

 

 

Reading e-mail using Usermin will provide the option of denying a sender or reporting an e-mail as spam. If this was spam e-mail all I have to do is click Deny Sender or Report Spam.

 

mail-over-quota-warning

 

 

 

 

 

 

Manage Postfix using a web interface:

Webmin comes with a comprehensive module to manage Postfix. If I don't have to use a text editor to make changes in Postfix this is what I use.

 

postfix-interface

 

 

 

 

 

 

 

 

Occassionally I do get request to create an e-mail aliases. This could be done through either Webmin or Virtualmin. I prefer to use Virtualmin to get this done. Go to Virtualmin | Choose domain from drop down | Edit Mail and Aliases | Add an alias to this domain | Advance mode.

 

creating-aliases

 

 

 

 

 

 

EOF.

References used:

http://www.howtoforge.com/block_spam_at_mta_level_postfix

 


Add this page to your favorite Social Bookmarking websites
Digg! Reddit! Del.icio.us! Google! Live! Facebook! StumbleUpon! Yahoo! Joomla Portal

Comments

Name *
Code   
ChronoComments by Joomla Professional Solutions
Submit Comment