Linux Mail Server

All posts in the Linux Mail Server category

Setup sSMTP configuration , Sending email without smtp service

Published December 3, 2013 by Siva

Follow the below steps on terminal…

# yum -y install ssmtp

If you have Sendmail installed, you need to run the following command below to change your default Mail Transfer Agent (MTA): –

# alternatives –config mta

There are 2 programs which provide ‘mta’.

Selection Command
———————————————–
*+ 1 /usr/sbin/sendmail.sendmail
2 /usr/sbin/sendmail.ssmtp

Enter to keep the current selection[+], or type selection number: 2

You can verify the sendmail binaries by running the command below: –

# sendmail -V
sSMTP 2.61 (Not sendmail at all)

Now, sSMTP is installed and we will configure the mail server info to relay outgoing email. We going to create new configuration files as below: –

# mv /etc/ssmtp/ssmtp.conf /etc/ssmtp/ssmtp.conf.orig
# touch /etc/ssmtp/ssmtp.conf
# mv /etc/ssmtp/revaliases /etc/ssmtp/revaliases.orig
# touch /etc/ssmtp/revaliases

Next, we will configure sSMTP to forward email to any shared hosting server either running CPanel or DirectAdmin.

Include the following below in /etc/ssmtp/ssmtp.conf file: –

root=postmaster
mailhub=mail.yourdomain.com:587
Hostname=localhost
FromLineOverride=YES
AuthUser=username@yourdomain.com
AuthPass=YourPassWord
UseSTARTTLS=YES

Include the following below in /etc/ssmtp/revaliases file: –

root:username@yourdomain.com:mail.yourdomain.com:587

If you an option to forward email to Gmail server, you can configure using steps below.

Replace previous configuration to below in /etc/ssmtp/ssmtp.conf file: –

root=postmaster
mailhub=smtp.gmail.com:587
Hostname=username@gmail.com
FromLineOverride=YES
AuthUser=username@gmail.com
AuthPass=YourPassWord
UseSTARTTLS=YES

Replace previous configuration to below in /etc/ssmtp/revaliases file: –

root:username@gmail.com:smtp.gmail.com:587

Next, you can start sending email using your preferred email server using command below: –

# echo “Testing outgoing email” | mutt -s “Testing” receipient@receivermail.com

Finally, with all the configuration above I hope you are able to use and enjoy your sSMTP to send an email.

Thank you.

Changing SMTP port in postfix mail server

Published February 1, 2010 by Siva

The default SMTP port is 25. In Postfix we can change it to some other port (say 2525) using the following steps.

Open the file master.cf.

$  vi /etc/postfix/master.cf

Add the following line to the file.

2525 inet n – n – – smtpd

Restart postfix.

$ /etc/init.d/postfix restart

You can check the connection to the new port using telnet. Also make sure that the new port is not blocked in the server firewall.

Send Mail Postfix through Gmail’s SMTP on a Linux Box

Published December 16, 2009 by Siva

After looking on the internet for awhile I finally found a decent guide on how to setup Gmail SMTP through postifx; however, after following the guide I found that it left parts out or things didn’t work quite the same on a Linux server. This guide is intended to get Gmail’s SMTP set up through postifx on a LTS Ubuntu server quickly and without too much information about other operating systems; although, you could probably adapt the guide to work on other systems.

Google’s Gmail service requires the protocols TLS and SASL2 to be built into Postfix. Luckily this is already done on the Ubuntu LTS Server.

In order to communicate with google we need to have Gmail’s certificate authority and we need to generate our own Certificate Authority (CA).

Step 1: Create a Certificate Authority

Since we will be creating temporary files and will want to delete them later, Change the directory to your home directory so we don’t forget to delete them later and leave what I call “mouse turds” laying around.
cd ~

Create the CA
$ /usr/lib/ssl/misc/CA.pl -newca
CA certificate filename (or enter to create)

Making CA certificate …
Generating a 1024 bit RSA private key
…….++++++
……………….++++++
writing new private key to ‘./demoCA/private/cakey.pem’
Enter PEM pass phrase: password
Verifying – Enter PEM pass phrase: password
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [US]:US
State or Province Name (full name) [New York]:New York
Locality Name (eg, city) []:New York
Organization Name (eg, company) []:Sanborn_Widgets

Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:Mark
Email Address []:username@gmail.com

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
Check that the request matches the signature
Signature ok

Step 2: Create a Server Certificate

Since these values have to match with the CA you just created. You may want to keep that output of what you just did to reference it for the next command. You can do this by opening another console or virtual terminal and switch back and forth between them.

openssl req -new -nodes -subj '/CN=domain.com/O=Sanborn_Widgets/C=US/ST=New York/L=New York/emailAddress=username@gmail.com' -keyout FOO-key.pem -out FOO-req.pem -days 3650

Step 3: Sign the Certificate

# openssl ca -out FOO-cert.pem -infiles FOO-req.pem
Using configuration from
/usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
Check that the request matches the signature
Signature ok

Then press y for anything else it asks.

Step 4: Copy the certificates to the Postfix folder

# cp demoCA/cacert.pem FOO-key.pem FOO-cert.pem /etc/postfix
# chmod 644 /etc/postfix/FOO-cert.pem /etc/postfix/cacert.pem
# chmod 400 /etc/postfix/FOO-key.pem

Gmail uses the Thawte Premium Server CA. You need to add this to the end of /etc/postfix/cacert.pem

-----BEGIN CERTIFICATE-----
MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t
MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB
MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG
A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl
cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv
bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE
VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ
ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR
uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM
pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==
-----END CERTIFICATE-----

Alternative Method

If you do not trust me or don’t feel comfortable copying CA certs from me you can get it from www.thawte.com/roots and download all of the certs from them. The file is called, ‘ThawtePremiumServerCA_b64.txt’.

The following code would put it in cacert.pem from the ThawtePremiumServerCA_b64.txt

cat ThawtePremiumServerCA_b64.txt >>cacert.pem

If you want to understand how this command works I recommend checking out, Getting Familiar with the Linux Command Line.

Step 5: Add these lines to the bottom of /etc/postfix/main.cf

Note: When I first added these lines I had a space in front of the first line which would give me errors when trying to run postfix. The only problem was the error was misleading saying there was something wrong with the line above steering me into the wrong direction and I ended up trouble shooting something that wasn’t broke. So make sure you have copied these lines exactly into the bottom of main.cf without and spaces in front of any of the lines.

## TLS Settings
#
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_cert_file = /etc/postfix/FOO-cert.pem
smtp_tls_key_file = /etc/postfix/FOO-key.pem
smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
smtp_use_tls = yes
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/FOO-cert.pem
smtpd_tls_key_file = /etc/postfix/FOO-key.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
#
## SASL Settings
# This is going in to THIS server
smtpd_sasl_auth_enable = no
# We need this
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_sasl_local_domain = $myhostname
smtp_sasl_security_options = noanonymous
#smtp_sasl_security_options =
smtp_sasl_tls_security_options = noanonymous
smtpd_sasl_application_name = smtpd

Step 7: Create the transport file

# Contents of /etc/postfix/transport
#
# This sends mail to Gmail
gmail.com smtp:[smtp.gmail.com]:587
#

Step 8: Create the SASL password

Replace username/password with your actual username and password.

#contents of sasl_passwd
#
[smtp.gmail.com]:587 username@gmail.com:password

Step 9: Hash the password and transport files

postmap sasl_passwd && postmap transport

Step 10: Restart the postfix server and clean up

Enter the following command as root to restart postfix:
/etc/init.d/postfix restart

Go to your home directory where you made the temporary .pem files in step 1.
cd ~

Clean up the mouse turds! :)
rm FOO-req.pem FOO-cert.pem FOO-key.pem && rm -r demoCA/

Does it work?

Send a test email to yourself, replace username with your actual username. Note this is a test and it only tests to see if it WOULD send. You will not get an email in your Gmail inbox.
sendmail -bv username@gmail.com

Check to see if it went
cat /var/log/mail.log | tail

If everything went ok you will see something like this in the log
Oct 1 12:22:04 localhost postfix/smtp[21389]: 671AD676BF: to=, relay=smtp.gmail.com[123.233.169.109], delay=3, status=deliverable (delivery via smtp.gmail.com[123.233.169.109]: 250 2.1.5 OK)

If it didn’t work out you will see this in the log
Oct 1 12:21:57 localhost postfix/local[21381]: 4E5BA676BF: to=, orig_to=, relay=local, delay=0, status=undeliverable (delivery via local: unknown user: "user")

Alternative Method

After issuing the sendmail command you can check to see if it worked by checking your local email with any email client. I used mutt.

You can also check the email queue with
postqueue -p

And deleting all messages in queue with
postsuper -d ALL

If all goes well you should know have a working outgoing email server through Gmail’s SMTP. Now you can write scripts on your server to alert you of all sorts of things happening on your server.

Source: http://www.marksanborn.net/linux/send-mail-postfix-through-gmails-smtp-on-a-ubuntu-lts-server/

Configuring Fetchmail for Receving emails from Remote Mailserver

Published December 16, 2009 by Siva

Scenario :

fetching the emails from remote server to local mail server ( i m running post fix server with configured with SMTP routing with my remote server) & forwarding the emails to localuser

You can also forward to many users using /etc/aliases

user1:        user2, user1, user3

In above example user1 mail copy to user2 & 3.

create file in your home directory names as .fetchmailrc with the permission 600

#chmod 600 .fetmailrc

The file content should be ..

# vi .fetmailrc
defaults

# without ssl for POP3S
poll pop.myserver.com
proto pop3
port 995
user “mymail@myserver.com” password “password” ssl
is vis100
keep

# without ssl for POP3
poll pop.myserver.com
proto pop3
port 110
user “mymail@myserver.com” password “password”
is localuser
keep

poll pop.bizmail.yahoo.com
proto pop3
port 995
user “objective@velaninfo.com” password “objective1947” ssl
is localuser
keep

Add the following line in crontab for scheduling the fetchmail command fto fetch the mails from the remote server in given time period.

crontab -u user -e

*/5 * * * * fetchmail -k -s

Please contact me , if u have any clarification in this regard….

How to limit mail attachment size for Sendmail

Published September 8, 2009 by Siva

This little document is going to briefly show how to limit the size of incoming mail attachments. In order to this you are going to have to be familiar with Vi editing (see Basic Vi editing for an introduction).

First off telnet on to your mail server and log on as root or su. Next change to /etc directory. In that directory you should find a file called sendmail.cf (if you can’t find it, try typing whereis sendmail.cf, this should return a list of files with the word sendmail in it and hence you should be able to locate it that way). Prior to editing it, make a backup copy of it. Now you can type vi sendmail.cf.

Now scroll down this file until you find an entry that looks something like this:
# maximum message size
# 0 MaxMessageSize=1000000
In order to limit the size of messages simply uncomment the last line so that it reads:
0 MaxMessageSize=1000000
Furthermore you can specify the maximum message size by editing the value bit. Once done, save the changes and exit.

The final step involves stopping and restarting the server so that the changes can take effect (check your /etc/rc.d/init.d/ directory).

Catch the Spam Tagged emails in spamassassin

Published August 31, 2009 by Siva

Catching spam mails into other mail accounts

In below example i have catched the all spam tagged emails for the domain siva.com into spammailbox@siva.com.

OPen the procmailc file in /etc

# nano /etc/procmailrc

# Catch the Spam Tagged Mail
:0:
* ^X-Spam-Flag: YES
! spammailbox@siva.com

addd the above entry in last ..

Thats it ….