NSLU2-Linux
view · edit · print · history

HowTo.SetUpAnEmailServer2 History

Hide minor edits - Show changes to markup

November 23, 2008, at 09:18 PM by Bullfrog -- How to create mailbox containing a dot as part of the name
Added lines 246-249:

If tux is a name containing a dot ie fred.bloggs then use the following command syntax cm user/fred^bloggs/Drafts

December 14, 2007, at 09:02 AM by Lee Kimber -- Added info about training SpamAssassin and a better sieve script
Added lines 432-441:

Lee adds: I am currently testing how well Ham and Spam folder training works. I separate my email into these folders and have a weekly cron job that runs the following script to train spamassassin:

  1. !/bin/sh

/opt/bin/sa-learn --showdots --spam /opt/var/spool/imap/user/tux/Spam /opt/bin/sa-learn --showdots --ham /opt/var/spool/imap/user/tux/Ham /opt/bin/sa-learn --showdots --spam /opt/var/spool/imap/user/lee/Spam /opt/bin/sa-learn --showdots --ham /opt/var/spool/imap/user/lee/Ham

exit 0;

Changed lines 478-479 from:

If the sieve test worked, then the only thing left to do is to decide how to feed incoming emails into the email server. There are three ways of doing this:

to:

After some testing, I found the above multi-test sieve file manipulated every email as though the email were spam, so I simplified it to only manipulate emails that spamassassin had identified as spam. This has been remarkable successful. Here's how my current sieve file looks. Load and activate it as described above:

require "fileinto"; require "imapflags";

if anyof ( header :contains "Subject" "***SPAM***" )

      { setflag "\\Seen"; fileinto "INBOX.Spam"; }

else { fileinto "INBOX"; }

Back to sieve, if the sieve test worked, then the only thing left to do is to decide how to feed incoming emails into the email server. There are three ways of doing this:

December 13, 2007, at 12:35 PM by Lee Kimber --
Added lines 375-382:

If, when you start spamd, you see error messages along the lines of: "/opt/bin/spamd: file not found" then check the first line of /opt/bin/spamd. If you have a later version of perl installed (as you will have these days) then the perl directory name will need changing to the perl directory name you actually have. Eg

/share/flash/data/opt/bin/perl5.8.6 -T -w should likely be /share/flash/data/opt/bin/perl5.8.8 -T -w

Then try restarting spamd again

December 13, 2007, at 10:44 AM by Lee Kimber --
Changed lines 331-336 from:
to:

I found that after subsequently upgrading the system's packages as part of routine maintenance, I would see the following errors in /var/log/messages:

<20>Dec 13 13:00:48 postfix/postdrop[26875]: warning: mail_queue_enter: create file maildrop/942012.26875: Permission denied

It was the chmod command above that fixed these errors.

October 25, 2007, at 09:57 AM by Lee Kimber --
Changed line 440 from:

@@# sieveshell -u tux -a tux <hostname>\\

to:

@@# sieveshell -u tux <hostname>\\

June 11, 2007, at 05:48 PM by fcarolo -- removed false wikilinks
Changed lines 4-5 from:

Postfix+Cyrus-imapd+Sieve+SpamAssassin?

to:

Postfix+Cyrus-imapd+Sieve+SpamAssassin

Changed lines 52-53 from:
  1. Bogofilter or SpamAssassin? (perl-spamassassin)
to:
  1. Bogofilter or SpamAssassin (perl-spamassassin)
Changed lines 146-147 from:

@@telnet 192.168.1.77 25
220 SEANAS1?.leedomain.com ESMTP Postfix\\

to:

[@telnet 192.168.1.77 25
220 SEANAS1.leedomain.com ESMTP Postfix\\

Changed line 149 from:

250-SEANAS1?.leedomain.com\\

to:

250-SEANAS1.leedomain.com\\

Changed lines 172-173 from:

Connection to host lost.@@

to:

Connection to host lost.@]

Changed line 225 from:

+OK SEANAS1? Cyrus POP3? v2.2.10 server ready <1751987801.1140277042@SEANAS1?>\\

to:

+OK SEANAS1 Cyrus POP3 v2.2.10 server ready <1751987801.1140277042@SEANAS1>\\

Changed lines 227-228 from:

* OK SEANAS1? Cyrus IMAP4? v2.2.10 server ready

to:

* OK SEANAS1 Cyrus IMAP4 v2.2.10 server ready

Changed line 275 from:

250 Ok: queued as C7E6E3F02?\\

to:

250 Ok: queued as C7E6E3F02\\

Changed lines 289-290 from:

These instructions set up SpamAssassin?. In my experience, the default Bogofilter package places Bogofilter scripts in /opt/var/lib/ but Bogofilter's scripts (postfix-bogfilter.sh for example)set the default location to /opt/var/spool/. I fixed this by working through the various Bogofilter scripts replacing paths that included "spool" with paths to "lib" instead. This worked but the scripts for training Bogofilter are unclear to me so I continue to use SpamAssassin?.

to:

These instructions set up SpamAssassin. In my experience, the default Bogofilter package places Bogofilter scripts in /opt/var/lib/ but Bogofilter's scripts (postfix-bogfilter.sh for example)set the default location to /opt/var/spool/. I fixed this by working through the various Bogofilter scripts replacing paths that included "spool" with paths to "lib" instead. This worked but the scripts for training Bogofilter are unclear to me so I continue to use SpamAssassin.

Changed line 320 from:

add SpamAssassin? content filter definition to end of /opt/etc/postfix/master.cf if you missed it in one of the comments above.

to:

add SpamAssassin content filter definition to end of /opt/etc/postfix/master.cf if you missed it in one of the comments above.

Changed lines 332-333 from:

Note: having installed both Bogofilter and SpamAssassin?, you can set which spam filter you want to run by commenting one or other out in the /opt/etc/postfix/master.cf file. For example:

to:

Note: having installed both Bogofilter and SpamAssassin, you can set which spam filter you want to run by commenting one or other out in the /opt/etc/postfix/master.cf file. For example:

Changed line 337 from:

You can then switch in either SpamAssassin? or Bogofilter by writing in and uncommenting one of either:\\

to:

You can then switch in either SpamAssassin or Bogofilter by writing in and uncommenting one of either:\\

Changed line 382 from:

@@X-Spam-Checker-Version: SpamAssassin? 3.0.4 (2005-06-05) on SEANAS1?\\

to:

@@X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on SEANAS1\\

Changed line 391 from:

@@# This is the right place to customize your installation of SpamAssassin?.\\

to:

@@# This is the right place to customize your installation of SpamAssassin.\\

Changed line 393 from:

# See 'perldoc Mail::SpamAssassin?::Conf' for details of what can be\\

to:

# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be\\

Changed line 480 from:

To reduce the load on the email server I am working to dump (not bounce) known spam before it gets to SpamAssassin?. I am using Postfix's header_checks and fetchmail's antispam option to have fetchmail drop offending mail before it is allowed into the Postfix system.

to:

To reduce the load on the email server I am working to dump (not bounce) known spam before it gets to SpamAssassin. I am using Postfix's header_checks and fetchmail's antispam option to have fetchmail drop offending mail before it is allowed into the Postfix system.

June 08, 2007, at 04:26 PM by bullfrog --
Changed lines 323-328 from:

spamassassin unix - n n - - pipe

user=spamd argv=/opt/bin/spamc -f

-e /opt/sbin/sendmail -oi -f ${sender} ${recipient}

to:

spamassassin unix - n n - - pipe

 user=spamd argv=/opt/bin/spamc -f
 -e /opt/sbin/sendmail -oi -f ${sender} ${recipient}
June 08, 2007, at 04:24 PM by bullfrog --
Changed line 320 from:

add SpamAssassin? content filter definition to end of /opt/etc/postfix/master.cf

to:

add SpamAssassin? content filter definition to end of /opt/etc/postfix/master.cf if you missed it in one of the comments above.

Added line 324:
Added line 326:
June 08, 2007, at 04:17 PM by bullfrog --
Changed lines 323-326 from:

spamassassin unix - n n - - pipe
user=spamd argv=/opt/bin/spamc -f
-e /opt/sbin/sendmail -oi -f ${sender} ${recipient}

to:

spamassassin unix - n n - - pipe user=spamd argv=/opt/bin/spamc -f -e /opt/sbin/sendmail -oi -f ${sender} ${recipient}

June 08, 2007, at 04:15 PM by bullfrog --
Changed lines 372-375 from:

@@#/bin/sh echo "Starting spamd" /opt/bin/spamd -d -c -m 1 -u spamd --max-conn-per-child=100@@

to:

#/bin/sh echo "Starting spamd" /opt/bin/spamd -d -c -m 1 -u spamd --max-conn-per-child=100

June 08, 2007, at 04:13 PM by bullfrog --
Changed lines 323-326 from:

@@spamassassin unix - n n - - pipe

  user=spamd argv=/opt/bin/spamc -f
  -e /opt/sbin/sendmail -oi -f ${sender} ${recipient} @@
to:

spamassassin unix - n n - - pipe
user=spamd argv=/opt/bin/spamc -f
-e /opt/sbin/sendmail -oi -f ${sender} ${recipient}

June 08, 2007, at 04:06 PM by bullfrog -- Maildrop Permissions/spamassisin definition/launch script.
Changed lines 320-331 from:
to:

add SpamAssassin? content filter definition to end of /opt/etc/postfix/master.cf (lines starting with a blank space in the master.cf file are automatically assumed to be a continuation of the previous line)

@@spamassassin unix - n n - - pipe

  user=spamd argv=/opt/bin/spamc -f
  -e /opt/sbin/sendmail -oi -f ${sender} ${recipient} @@

Make sure /opt/var/spool/postfix/maildrop has read/write permissions for user spamd when running /opt/bin/spamc (There's probably a better way of doing this)

chmod 777 /opt/var/spool/postfix/maildrop

Added lines 370-379:

If the S62spamd script is missing then this appears to do the job

@@#/bin/sh echo "Starting spamd" /opt/bin/spamd -d -c -m 1 -u spamd --max-conn-per-child=100@@

Give everyone permission to run it just to be sure.

chmod 777 /opt/etc/init.d/S62spamd

January 06, 2007, at 09:13 PM by warti -- typo defaulttbc => defaultbc
Changed lines 429-430 from:

Comment: [nsc] I had a problem that even after doing the sieveshell it still failed with the IOERROR that the defaulttbc script was missing and the scripts didn't work. I had to create a symlink called defaulttbc in the user's sieve directory (which for me is /opt/var/lib/imap/sieve/first_initial_of_username/user_name) and then it worked.

to:

Comment: [nsc] I had a problem that even after doing the sieveshell it still failed with the IOERROR that the defaultbc script was missing and the scripts didn't work. I had to create a symlink called defaulttbc in the user's sieve directory (which for me is /opt/var/lib/imap/sieve/first_initial_of_username/user_name) and then it worked.

December 20, 2006, at 09:25 AM by nsc --
Changed lines 430-431 from:
--Mark
to:
December 20, 2006, at 09:13 AM by nsc -- Added a note about creating sieve scripts
Changed lines 402-403 from:

Create a sieve file on the email server. The following file is overkill - it checks headers from different spam checkers.

to:

Create a sieve file on the email server. The following file is overkill - it checks headers from different spam checkers. The location that you should save this file is the directory given by the parameter sievedir in the /opt/etc/imapd.conf file.

Changed lines 409-412 from:
-> header :contains "X-Spam-Level" "***",
->-> header :contains "X-Bogosity" "Spam, ",
->-> header :contains "X-Spam-Status" "Yes",
->-> header :contains "Subject" "***SPAM***" )\\
to:
header :contains "X-Spam-Level" "***",
-> header :contains "X-Bogosity" "Spam, ",
-> header :contains "X-Spam-Status" "Yes",
-> header :contains "Subject" "***SPAM***" )\\
Added lines 428-431:

Comment: [nsc] I had a problem that even after doing the sieveshell it still failed with the IOERROR that the defaulttbc script was missing and the scripts didn't work. I had to create a symlink called defaulttbc in the user's sieve directory (which for me is /opt/var/lib/imap/sieve/first_initial_of_username/user_name) and then it worked.

--Mark
October 27, 2006, at 05:38 AM by JamesL -- Correcting previous edit.
Changed lines 396-399 from:

--- Comment: [JamesL] Note the -m 1 setting above. Thi is the max number of child processes to be spawned. The default of 5 can cause the Slug to run out of memory. I'm running with -m 3 OK, but am considering reducing it. ---

to:

Comment: [JamesL] Note the -m 1 setting above. This is the max number of child processes to be spawned. The default of 5 can cause the Slug to run out of memory. I'm running with -m 3 OK, but am considering reducing it.

October 27, 2006, at 05:37 AM by JamesL -- Added warning on running spamd with too many children.
Added lines 396-399:

--- Comment: [JamesL] Note the -m 1 setting above. Thi is the max number of child processes to be spawned. The default of 5 can cause the Slug to run out of memory. I'm running with -m 3 OK, but am considering reducing it. ---

October 27, 2006, at 05:27 AM by JamesL -- Tidied up my previous comment.
Deleted line 74:
Deleted lines 75-77:
--Jamesl
Deleted line 77:
October 27, 2006, at 05:25 AM by JamesL -- Added caution on not putting underscores in hostname.
Added lines 76-84:

Comment: [JamesL] Don't put underscores in your hostname - postfix doesn't like this.

--Jamesl


September 10, 2006, at 01:10 PM by Jeroen -- Added \\\\\\\"relayhost\\\\\\\" clause to Posfix main.cf
Added lines 74-83:

Comment: [Jeroen] I also needed to make my ISP's SMTP server known for outgoing mail to work:

relayhost = <my-isp's-smtp-server>

--Jeroen

September 02, 2006, at 10:32 AM by Lee Kimber -- fiexed typo
Changed line 92 from:

@@# vi /opt/etc/aliasas\\

to:

@@# vi /opt/etc/aliases\\

August 30, 2006, at 07:39 AM by Lee Kimber --
Changed lines 6-7 from:

Built on the work of pTweety et al at SetUpAnEmailServer. Contact me with questions at lee no kimberconsulting.com

to:

''Built on the work of pTweety et al at SetUpAnEmailServer. Please update here or send questions to Lee Kimber <lee atnospam kimberconsulting dot com>. ''

August 15, 2006, at 05:53 PM by Lee Kimber -- Improved formatting
Changed line 12 from:

@@ipkg update\\

to:

@@ipkg update\\

Changed lines 23-24 from:

/opt/sbin/saslpasswd2 mail

to:

/opt/sbin/saslpasswd2 mail

Changed lines 29-30 from:

chmod 644 /opt/etc/sasl2

to:

chmod 644 /opt/etc/sasl2

Changed line 33 from:

@@# ls -l /opt/etc/sasl2\\

to:

@@# ls -l /opt/etc/sasl2\\

Changed line 38 from:

@@# ls -l /opt/etc/sasl2\\

to:

@@# ls -l /opt/etc/sasl2\\

Changed line 65 from:

@@myhostname = cen-nas1-1.leedomain.com (was #myhostname = virtual.domain.tld)\\

to:

@@myhostname = cen-nas1-1.leedomain.com (was #myhostname = virtual.domain.tld)\\

Changed lines 76-77 from:

smtp inet n - n - - smtpd

to:

smtp inet n - n - - smtpd

Changed line 79 from:

#smtp inet n - n - - smtpd -o content_filter=spamassassin\\

to:

#smtp inet n - n - - smtpd -o content_filter=spamassassin\\

Changed line 83 from:

@@spamassassin unix - n n - - pipe\\

to:

@@spamassassin unix - n n - - pipe\\

Changed line 91 from:

@@# vi /opt/etc/aliasas\\

to:

@@# vi /opt/etc/aliasas\\

Changed lines 97-98 from:

# /opt/bin/newaliases

to:

# /opt/bin/newaliases

Changed line 101 from:

@@# vi /etc/group\\

to:

@@# vi /etc/group\\

Changed lines 106-107 from:

/opt/sbin/postfix -c /opt/etc/postfix reload

to:

/opt/sbin/postfix -c /opt/etc/postfix reload

Changed lines 112-113 from:

/opt/etc/init.d/S69postfix

to:

/opt/etc/init.d/S69postfix

Changed line 116 from:

@@starting service postfix\\

to:

@@starting service postfix\\

Changed lines 121-122 from:

ps aux | grep postfix

to:

ps aux | grep postfix

Changed lines 125-126 from:

3479 root 2588 S /opt/libexec/postfix/master

to:

3479 root 2588 S /opt/libexec/postfix/master

Changed line 131 from:

@@telnet 192.168.1.77 25\\

to:

@@telnet 192.168.1.77 25\\

Changed lines 161-162 from:

tail -f /var/log/messages

to:

tail -f /var/log/messages

Changed line 171 from:

@@ #pop3 110/tcp pop-3 # POP version 3\\

to:

@@ #pop3 110/tcp pop-3 # POP version 3\\

Changed line 182 from:

@@ # start of cyrus-imapd services\\

to:

@@ # start of cyrus-imapd services\\

Changed lines 200-201 from:

/opt/etc/init.d/S59cyrus-imapd

to:

/opt/etc/init.d/S59cyrus-imapd

Changed line 204 from:

telnet 192.168.1.77 110\\

to:

telnet 192.168.1.77 110\\

Changed lines 206-207 from:

telnet 192.168.1.77 143

to:

telnet 192.168.1.77 143

Changed line 210 from:

+OK SEANAS1? Cyrus POP3? v2.2.10 server ready <1751987801.1140277042@SEANAS1?>\\

to:

+OK SEANAS1? Cyrus POP3? v2.2.10 server ready <1751987801.1140277042@SEANAS1?>\\

Changed line 220 from:

@@ # /opt/bin/cyradm --user mail localhost\\

to:

@@ # /opt/bin/cyradm --user mail localhost\\

Changed lines 233-234 from:

tail -f /var/log/messages

to:

tail -f /var/log/messages

Changed line 237 from:

@@telnet 192.168.1.78 25\\

to:

@@telnet 192.168.1.78 25\\

Changed line 278 from:
@@$ vi /etc/passwd\\
to:
@@$ vi /etc/passwd\\
Changed line 281 from:
        @@$ vi /etc/group\\
to:
         @@$ vi /etc/group\\
Changed line 286 from:
@@$ mkdir -p /opt/var/spool/spamd/.spamassassin\\
to:
@@$ mkdir -p /opt/var/spool/spamd/.spamassassin\\
Changed line 294 from:
@@$ vi /etc/passwd\\
to:
@@$ vi /etc/passwd\\
Changed line 297 from:
@@$ vi /etc/group\\
to:
@@$ vi /etc/group\\
Changed line 302 from:
@@$ mkdir -p /opt/var/lib/bogofilter\\
to:
@@$ mkdir -p /opt/var/lib/bogofilter\\
Changed lines 309-310 from:

smtp inet n - n - - smtpd

to:

smtp inet n - n - - smtpd

Changed line 312 from:

#smtp inet n - n - - smtpd -o content_filter=spamassassin\\

to:

#smtp inet n - n - - smtpd -o content_filter=spamassassin\\

Changed lines 314-315 from:

#smtp inet n - n - - smtpd -o content_filter=bogofilter

to:

#smtp inet n - n - - smtpd -o content_filter=bogofilter

Changed line 320 from:

@@# /opt/sbin/postfix -c /opt/etc/postfix stop\\

to:

@@# /opt/sbin/postfix -c /opt/etc/postfix stop\\

Changed line 323 from:

@@# /opt/sbin/postfix -c /opt/etc/postfix start\\

to:

@@# /opt/sbin/postfix -c /opt/etc/postfix start\\

Changed lines 330-331 from:
 # /opt/etc/init.d/S62spamd
to:

# /opt/etc/init.d/S62spamd

Changed line 346 from:

@@X-Spam-Checker-Version: SpamAssassin? 3.0.4 (2005-06-05) on SEANAS1?\\

to:

@@X-Spam-Checker-Version: SpamAssassin? 3.0.4 (2005-06-05) on SEANAS1?\\

Changed line 355 from:

@@# This is the right place to customize your installation of SpamAssassin?.\\

to:

@@# This is the right place to customize your installation of SpamAssassin?.\\

Changed lines 373-374 from:

/opt/bin/spamd -d -c -m 1 -u spamd

to:

/opt/bin/spamd -d -c -m 1 -u spamd

Changed lines 377-378 from:

/opt/bin/spamd -d -c -m 1 -u spamd --max-conn-per-child=100

to:

/opt/bin/spamd -d -c -m 1 -u spamd --max-conn-per-child=100

Changed line 387 from:
 @@# vi user.tux.siv\\
to:

@@# vi user.tux.siv\\

Changed line 402 from:

@@# sieveshell -u tux -a tux <hostname>\\

to:

@@# sieveshell -u tux -a tux <hostname>\\

Changed line 424 from:

@@# vi /opt/etc/fetchmailrc\\

to:

@@# vi /opt/etc/fetchmailrc\\

Changed line 429 from:

@@poll "www.server.com" protocol imap user 'tuxuser' there\\

to:

@@poll "www.server.com" protocol imap user 'tuxuser' there\\

Changed lines 434-435 from:

2 * * * * root /opt/bin/fetchmail -f /opt/etc/fetchmailrc &> /dev/null

to:

2 * * * * root /opt/bin/fetchmail -f /opt/etc/fetchmailrc &> /dev/null

August 15, 2006, at 05:48 PM by Lee Kimber -- Minor formatting add
Added lines 1-2:
August 01, 2006, at 12:53 PM by Bullfrog --
Changed lines 216-218 from:

@@ # /opt/bin/cyradm --user mail localhost\\ (ignore the termcap error message and You'll be asked for your password which you entered earlier)

to:

Run the following command Ignoring the termcap error message and You'll be asked for your password which you entered earlier

@@ # /opt/bin/cyradm --user mail localhost\\

August 01, 2006, at 12:47 PM by Bullfrog --
Changed line 216 from:

@@ # cyradm --user mail localhost\\

to:

@@ # /opt/bin/cyradm --user mail localhost\\ (ignore the termcap error message and You'll be asked for your password which you entered earlier)

August 01, 2006, at 11:27 AM by Bullfrog --
Changed lines 95-96 from:

# /opt/bin/newaliasas

to:

# /opt/bin/newaliases

August 01, 2006, at 09:30 AM by Bullfrog --
Changed lines 95-96 from:

# newaliasas

to:

# /opt/bin/newaliasas

May 08, 2006, at 11:56 AM by MarkH -- Amendment to start spamd and avoid probs if unslung onto disk2
Added lines 322-339:

Comment: [Mark] Before you can test the spam filtering as described below, you first need to start the spamd server

 # /opt/etc/init.d/S62spamd

Also, on my system at least, the /opt/bin/spamd script references the perl interpreter assuming you have unslung onto disk1. I'm running on disk2 so the line that reads

#!/share/hdd/data/opt/bin/perl5.8.6 -T -w

becomes

#!/share/flash/data/opt/bin/perl5.8.6 -T -w

--Mark

February 20, 2006, at 01:44 PM by Lee Kimber -- Heading change
Changed lines 4-5 from:

Built on the work of pTweety et al atSetUpAnEmailServer.

to:

Built on the work of pTweety et al at SetUpAnEmailServer. Contact me with questions at lee no kimberconsulting.com

Changed line 130 from:

220 cen-nas1-1.leedomain.com ESMTP Postfix\\

to:

220 SEANAS1?.leedomain.com ESMTP Postfix\\

Changed line 132 from:

250-cen-nas1-1.leedomain.com\\

to:

250-SEANAS1?.leedomain.com\\

Changed lines 163-164 from:

Configure client read access to email'

to:

Configure client read access to email

Changed lines 274-276 from:
        $ vi /etc/passwd
spamd:x:40:40:spamd:/opt/var/spool/spamd:
to:
$ vi /etc/passwd
-> spamd:x:40:40:spamd:/opt/var/spool/spamd:
Changed lines 282-285 from:
        $ mkdir -p /opt/var/spool/spamd/.spamassassin
$ chown -R spamd:spamd /opt/var/spool/spamd/.spamassassin
to:
$ mkdir -p /opt/var/spool/spamd/.spamassassin
-> $ chown -R spamd:spamd /opt/var/spool/spamd/.spamassassin
Changed lines 290-295 from:
        $ vi /etc/passwd
bogo:x:41:41:bogo:/opt/var/lib/bogofilter:
$ vi /etc/group
filter:x:41:filter
to:
$ vi /etc/passwd
-> bogo:x:41:41:bogo:/opt/var/lib/bogofilter:
$ vi /etc/group
-> filter:x:41:filter
Changed lines 298-301 from:
        $ mkdir -p /opt/var/lib/bogofilter
$ chown -R bogo. /opt/var/lib/bogofilter
to:
$ mkdir -p /opt/var/lib/bogofilter
-> $ chown -R bogo. /opt/var/lib/bogofilter
February 20, 2006, at 01:36 PM by Lee Kimber -- Added saner line-wraps
Changed lines 325-326 from:

X-Spam-Status: No, score=-1.9 required=2.1 tests=ALL_TRUSTED,AWL,NO_REAL_NAME autolearn=ham version=3.0.4@@

to:

X-Spam-Status: No, score=-1.9 required=2.1
tests=ALL_TRUSTED,AWL,NO_REAL_NAME autolearn=ham version=3.0.4@@

February 20, 2006, at 01:34 PM by Lee Kimber -- More minor formatting edits
Changed lines 1-2 from:

Set Up an Email Server with Postfix+Cyrus-imapd+Sieve+SpamAssassin?

to:

Set Up an Email Server with
Postfix+Cyrus-imapd+Sieve+SpamAssassin?

Changed lines 331-337 from:

[=# This is the right place to customize your installation of SpamAssassin?.
#
# See 'perldoc Mail::SpamAssassin?::Conf' for details of what can be
# tweaked.
#
###########################################################################
#\\

to:

@@# This is the right place to customize your installation of SpamAssassin?.
#
# See 'perldoc Mail::SpamAssassin?::Conf' for details of what can be
# tweaked.
#
###########################################################################
#\\

Changed lines 340-342 from:
  1. trusted_networks 212.17.35.
    # lock_method flock
    # Added by Lee\\
to:

# trusted_networks 212.17.35.
# lock_method flock
# Added by Lee\\

Changed lines 345-346 from:

tflags WHITELIST_HOUSING [ nice ]=]

to:

tflags WHITELIST_HOUSING [ nice ]@@

Changed lines 367-375 from:

if anyof ( header :contains "X-Spam-Flag" "YES",
header :contains "X-Spam-Level" "***",
header :contains "X-Bogosity" "Spam, ",
header :contains "X-Spam-Status" "Yes",
header :contains "Subject" "***SPAM***" )
{ setflag "\\Seen"; fileinto "INBOX.Spam"; }
else { fileinto "INBOX"; }@@

to:
if anyof ( header :contains "X-Spam-Flag" "YES",
->-> header :contains "X-Spam-Level" "***",
->-> header :contains "X-Bogosity" "Spam, ",
->-> header :contains "X-Spam-Status" "Yes",
->-> header :contains "Subject" "***SPAM***" )
-> { setflag "\\Seen"; fileinto "INBOX.Spam"; }
else { fileinto "INBOX"; }@@
Changed lines 378-379 from:
 @@# sieveshell -u tux -a tux <hostname>
> put user.tux.sieve.siv\\
to:

@@# sieveshell -u tux -a tux <hostname>
> put user.tux.sieve.siv\\

Changed line 381 from:
 > activate user.tux.sieve.siv\\
to:

> activate user.tux.sieve.siv\\

Changed lines 383-384 from:
 > quit@@
to:

> quit@@

Changed lines 405-406 from:

poll "www.kimberconsulting.com" protocol imap user 'kimberconsulting/leek' there with password "noneofyourbusiness" is "lee" here

to:

poll "www.server.com" protocol imap user 'tuxuser' there
->with password "noneofyourbusiness" is "tux" here

February 20, 2006, at 01:29 PM by Lee Kimber -- Minor formatting edits
Changed lines 3-4 from:

Built on the work of pTweety et al.

to:

Built on the work of pTweety et al atSetUpAnEmailServer.

Changed lines 83-85 from:

bogofilter unix - n n - - pipe flags=R
user=bogo argv=/opt/sbin/postfix-bogofilter.sh -f ${sender} -- ${recipient}

to:

bogofilter unix - n n - - pipe
flags=R user=bogo argv=/opt/sbin/postfix-bogofilter.sh -f ${sender} -- ${recipient}

Changed lines 330-343 from:

[=# This is the right place to customize your installation of SpamAssassin?.

  1. See 'perldoc Mail::SpamAssassin?::Conf' for details of what can be
  2. tweaked.

rewrite_header Subject ***SPAM*** report_safe 1

  1. trusted_networks 212.17.35.
  2. lock_method flock
  3. Added by Lee

required_hits 2.1 body WHITELIST_HOUSING /Subject: Housing/

to:

[=# This is the right place to customize your installation of SpamAssassin?.
#
# See 'perldoc Mail::SpamAssassin?::Conf' for details of what can be
# tweaked.
#
###########################################################################
#
rewrite_header Subject ***SPAM***
report_safe 1
# trusted_networks 212.17.35.
# lock_method flock
# Added by Lee
required_hits 2.1
body WHITELIST_HOUSING /Subject: Housing/\\

February 19, 2006, at 08:02 PM by Lee Kimber -- Formatting edited for clarity
Added line 53:
Added line 55:
Changed line 80 from:

@@spamassassin unix - n n - - pipe\\

to:

@@spamassassin unix - n n - - pipe\\

Changed lines 96-97 from:

Add maildrop to /etc/group if it isn't already there:

to:

Add maildrop to /etc/group if it isn't already there (on mine it wasn't):

Added line 102:
Added line 108:
Added line 117:
Added line 121:
Changed lines 204-205 from:

In each case, the Cyrus-imapd server should respond with a message along the lines of:\\

to:

In each case, the Cyrus-imapd server should respond with a message along the lines of:

February 19, 2006, at 05:07 PM by Lee Kimber -- Formatting edits
Changed line 13 from:

Install packages

to:

Install packages

Changed lines 78-81 from:

spamassassin unix - n n - - pipe\\ user=spamd argv=/opt/bin/spamc -f -e /opt/sbin/sendmail -oi -f ${sender} ${recipient}

bogofilter unix - n n - - pipe flags=R\\ user=bogo argv=/opt/sbin/postfix-bogofilter.sh -f ${sender} -- ${recipient}

to:

@@spamassassin unix - n n - - pipe\\

  user=spamd argv=/opt/bin/spamc -f -e /opt/sbin/sendmail -oi -f ${sender} ${recipient}@@

bogofilter unix - n n - - pipe flags=R
user=bogo argv=/opt/sbin/postfix-bogofilter.sh -f ${sender} -- ${recipient}

February 19, 2006, at 05:04 PM by Lee Kimber -- Text formatting added
Changed lines 1-11 from:

Prepare the system

Before you start installing the email-specific packages, update, then install these feeds and utilities:

ipkg update ipkg install unslung-feeds ipkg update

Also, edit the /etc/hosts file to let this machine identify itself if you lack DNS.

Install packages

to:

Set Up an Email Server with Postfix+Cyrus-imapd+Sieve+SpamAssassin?

Built on the work of pTweety et al.

Prepare the system

Before you start installing the email-specific packages, update the system, then install these feeds and utilities:

ipkg update
ipkg install unslung-feeds
ipkg update

Install packages

Changed lines 20-23 from:

/opt/sbin/saslpasswd2 mail

And set the password

to:

/opt/sbin/saslpasswd2 mail

which lets you set the password.

Changed lines 26-27 from:

chmod 644 /opt/etc/sasl2

to:

chmod 644 /opt/etc/sasl2

Changed lines 30-32 from:
  1. ls -l /opt/etc/sasl2
      -rw-r--r-- 1 root root ...
to:

# ls -l /opt/etc/sasl2
-rw-r--r-- 1 root root ...

Changed lines 35-37 from:
  1. ls -l /opt/etc/sasl2
      -rw------- 1 root root ...
to:

# ls -l /opt/etc/sasl2
-rw------- 1 root root ...

I have the latter, but I'm not using SASL yet.

Changed lines 42-43 from:

Configuration

to:

Configuration

Changed lines 45-48 from:

Postfix (followed by a sending test) Cyrus-imapd Bogofilter or SpamAssassin?

to:
  1. Postfix (followed by a sending test)
  2. Cyrus-imapd
  3. Bogofilter or SpamAssassin? (perl-spamassassin)
Changed line 52 from:

Configuring Postfix

to:

Configuring Postfix

Changed lines 54-55 from:

/opt/etc/postfix/main.cf and

to:

/opt/etc/postfix/main.cf
and\\

Changed lines 60-67 from:

myhostname = cen-nas1-1.leedomain.com (was #myhostname = virtual.domain.tld) mydomain = leedomain.com myorigin = $mydomain inet_interfaces = all proxy_interfaces = <external NAT interface IP address> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks = 192.168.1.0/24, 192.168.2.0/24, 127.0.0.0/8 (internal subnets on my LAN)

to:

myhostname = cen-nas1-1.leedomain.com (was #myhostname = virtual.domain.tld)
mydomain = leedomain.com
myorigin = $mydomain
inet_interfaces = all
proxy_interfaces = <external NAT interface IP address>
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 192.168.1.0/24, 192.168.2.0/24, 127.0.0.0/8 (internal subnets on my LAN)

Changed lines 70-76 from:

Beneath the line: smtp inet n - n - - smtpd

I added:

  1. smtp inet n - n - - smtpd -o content_filter=spamassassin
  2. smtp inet n - n - - smtpd -o content_filter=bogofilter
to:

Beneath the line:
smtp inet n - n - - smtpd

I added:
#smtp inet n - n - - smtpd -o content_filter=spamassassin
#smtp inet n - n - - smtpd -o content_filter=bogofilter

Changed lines 78-81 from:

spamassassin unix - n n - - pipe user=spamd argv=/opt/bin/spamc -f -e /opt/sbin/sendmail -oi -f ${sender} ${recipient}

bogofilter unix - n n - - pipe flags=R user=bogo argv=/opt/sbin/postfix-bogofilter.sh -f ${sender} -- ${recipient}

to:

spamassassin unix - n n - - pipe\\ user=spamd argv=/opt/bin/spamc -f -e /opt/sbin/sendmail -oi -f ${sender} ${recipient}

bogofilter unix - n n - - pipe flags=R\\ user=bogo argv=/opt/sbin/postfix-bogofilter.sh -f ${sender} -- ${recipient}

Changed lines 84-87 from:
 # vi /opt/etc/aliasas
  1. root: you

root: tux

to:

# vi /opt/etc/aliasas
#root: you
root: tux

Changed lines 90-91 from:
  1. newaliasas
to:

# newaliasas

Changed lines 93-95 from:

vi /etc/group maildrop:x:69:maildrop

to:

# vi /etc/group
maildrop:x:69:maildrop

Changed lines 97-100 from:

/opt/sbin/postfix -c /opt/etc/postfix reload

Test Postfix's ability to send

to:

/opt/sbin/postfix -c /opt/etc/postfix reload

Test Postfix's ability to send

Changed lines 102-103 from:

/opt/etc/init.d/S69postfix

to:

/opt/etc/init.d/S69postfix

Changed lines 106-108 from:

starting service postfix postfix/postfix-script: starting the Postfix mail system

to:

starting service postfix
postfix/postfix-script: starting the Postfix mail system

Changed lines 110-111 from:

ps aux | grep postfix

to:

ps aux | grep postfix

Changed lines 113-114 from:
 3479         root       2588   S   /opt/libexec/postfix/master
to:

3479 root 2588 S /opt/libexec/postfix/master

Changed lines 119-146 from:

telnet 192.168.1.77 25 220 cen-nas1-1.leedomain.com ESMTP Postfix ehlo leedomain.com 250-cen-nas1-1.leedomain.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250 8BITMIME mail from: lee@leedomain.com 250 Ok rcpt to: lee@kimberconsulting.com 250 Ok data 354 End data with <CR><LF>.<CR><LF> Message-ID: test1.00000@leedomain.com From: lee <lee@leedomain.com> To: lee <lee@kimberconsulting.com> Subject: Test 2

Body of test 2 . 250 Ok: queued as 6DA50EAAC quit 221 Bye

Connection to host lost.

to:

telnet 192.168.1.77 25
220 cen-nas1-1.leedomain.com ESMTP Postfix
ehlo leedomain.com
250-cen-nas1-1.leedomain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250 8BITMIME
mail from: lee@leedomain.com
250 Ok
rcpt to: tux@leedomain.com
250 Ok
data
354 End data with <CR><LF>.<CR><LF>
Message-ID: test1.00000@leedomain.com
From: lee <lee@leedomain.com>
To: lee <tux@leedomain.com>
Subject: Test 2

Body of test 2
.
250 Ok: queued as 6DA50EAAC
quit
221 Bye

Connection to host lost.

Changed lines 149-150 from:

tail -f /var/log/messages

to:

tail -f /var/log/messages

Changed lines 153-155 from:

Allow reading of email Assuming that sending was successful, let's work on the system's ability to receive email.

to:

Configure client read access to email' Assuming that sending was successful, we can work on the system's ability to receive email.

Changed lines 158-166 from:
 #pop3            110/tcp         pop-3           # POP version 3
 #pop3            110/udp         pop-3
 ...

imap2 143/tcp imap # Interim Mail Access Proto v2 imap2 143/udp imap ... imap3 220/tcp # Interactive Mail Access imap3 220/udp # Protocol v3

to:

#pop3 110/tcp pop-3 # POP version 3
#pop3 110/udp pop-3
...
imap2 143/tcp imap # Interim Mail Access Proto v2
imap2 143/udp imap
...
imap3 220/tcp # Interactive Mail Access
imap3 220/udp # Protocol v3

Changed lines 169-180 from:
 # start of cyrus-imapd services
 imsp            406/tcp
 acap            674/tcp
 sieve           2000/tcp
 lmtp            2003/tcp
 fud             4201/udp
 # end of cyrus-imapd services

Configure Cyrus-imapd

    * create your email users with the web-frontend of your nslu2, e.g. tux. You do not have to create a user called mail
to:

# start of cyrus-imapd services
imsp 406/tcp
acap 674/tcp
sieve 2000/tcp
lmtp 2003/tcp
fud 4201/udp
# end of cyrus-imapd services

Configure Cyrus-imapd

Create your email users with the web front-end of your nslu2, e.g. tux in this example. You do not have to create a user called mail/

Changed lines 183-184 from:
  # adduser [username]
to:
  # adduser [username]
Changed lines 187-188 from:

/opt/etc/init.d/S59cyrus-imapd

to:

/opt/etc/init.d/S59cyrus-imapd

Changed lines 191-201 from:

telnet 192.168.1.77 110 or telnet 192.168.1.77 143

In each case, the Cyrus-imapd server should respond with a message along the lines of: +OK SEANAS1? Cyrus POP3? v2.2.10 server ready <1751987801.1140277042@SEANAS1?> or

Create user mailboxes:

to:

telnet 192.168.1.77 110
or
telnet 192.168.1.77 143

In each case, the Cyrus-imapd server should respond with a message along the lines of:
+OK SEANAS1? Cyrus POP3? v2.2.10 server ready <1751987801.1140277042@SEANAS1?>
or
* OK SEANAS1? Cyrus IMAP4? v2.2.10 server ready

Create user mailboxes

Changed lines 204-214 from:
 # cyradm --user mail localhost
 > cm user.tux
 > cm user.tux.Drafts
 > cm user.tux.Outbox
 > cm user.tux.Sent
 > cm user.tux.Trash
 > cm user.tux.Ham
 > cm user.tux.Spam
 > lm
 > quit
to:

# cyradm --user mail localhost
> cm user.tux
> cm user.tux.Drafts
> cm user.tux.Outbox
> cm user.tux.Sent
> cm user.tux.Trash
> cm user.tux.Ham
> cm user.tux.Spam
> lm
> quit

Changed lines 217-249 from:

tail -f /var/log/messages

Then start the email-sending test.

telnet 192.168.1.78 25 220 seanas1.leedomain.com ESMTP Postfix ehlo leedomain.com 250-seanas1.leedomain.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH PLAIN 250 8BITMIME mail from: lee@leedomain.com 250 Ok rcpt to: lee@leedomain.com 250 Ok data 354 End data with <CR><LF>.<CR><LF> Message-ID: 000001.00000@leedomain.com To: lee@leedomain.com From: lee@leedomain.com Subject: Test 1 to Cyrus-imapd user lee

Body of test 1 . 250 Ok: queued as C7E6E3F02? quit 221 Bye

Connection to host lost.

to:

tail -f /var/log/messages

Then do an email-sending test:

telnet 192.168.1.78 25
220 seanas1.leedomain.com ESMTP Postfix
ehlo leedomain.com
250-seanas1.leedomain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN
250 8BITMIME
mail from: lee@leedomain.com
250 Ok
rcpt to: tux@leedomain.com
250 Ok
data
354 End data with <CR><LF>.<CR><LF>
Message-ID: 000001.00000@leedomain.com
To: tux@leedomain.com
From: lee@leedomain.com
Subject: Test 1 to Cyrus-imapd user tux

Body of test 1
.
250 Ok: queued as C7E6E3F02?
quit
221 Bye

Connection to host lost.

Changed lines 256-257 from:

Setting up spam filtering

to:

Setting up spam filtering

Changed lines 262-267 from:
        $ vi /etc/passwd
        spamd:x:40:40:spamd:/opt/var/spool/spamd:

        $ vi /etc/group
        spamd:x:40:spamd
to:
        $ vi /etc/passwd
spamd:x:40:40:spamd:/opt/var/spool/spamd:
$ vi /etc/group
spamd:x:40:spamd
Changed lines 270-273 from:
        $ mkdir -p /opt/var/spool/spamd/.spamassassin
        $ chown -R spamd:spamd /opt/var/spool/spamd/.spamassassin
to:
        $ mkdir -p /opt/var/spool/spamd/.spamassassin
$ chown -R spamd:spamd /opt/var/spool/spamd/.spamassassin
Changed lines 278-283 from:
        $ vi /etc/passwd
        bogo:x:41:41:bogo:/opt/var/lib/bogofilter:

        $ vi /etc/group
        filter:x:41:filter
to:
        $ vi /etc/passwd
bogo:x:41:41:bogo:/opt/var/lib/bogofilter:
$ vi /etc/group
filter:x:41:filter
Changed lines 286-289 from:
        $ mkdir -p /opt/var/lib/bogofilter
        $ chown -R bogo. /opt/var/lib/bogofilter
to:
        $ mkdir -p /opt/var/lib/bogofilter
$ chown -R bogo. /opt/var/lib/bogofilter
Changed lines 292-300 from:

In /opt/etc/postfix/master.cf: Comment out the line: smtp inet n - n - - smtpd

You can then switch in either SpamAssassin? or Bogofilter by writing in and uncommenting one of either:

  1. smtp inet n - n - - smtpd -o content_filter=spamassassin

or

  1. smtp inet n - n - - smtpd -o content_filter=bogofilter
to:

In /opt/etc/postfix/master.cf, comment out the line:
smtp inet n - n - - smtpd

You can then switch in either SpamAssassin? or Bogofilter by writing in and uncommenting one of either:
#smtp inet n - n - - smtpd -o content_filter=spamassassin
or
#smtp inet n - n - - smtpd -o content_filter=bogofilter

Changed lines 304-309 from:
  1. /opt/sbin/postfix -c /opt/etc/postfix stop

postfix/postfix-script: stopping the Postfix mail system

  1. /opt/sbin/postfix -c /opt/etc/postfix start

postfix/postfix-script: starting the Postfix mail system

to:

# /opt/sbin/postfix -c /opt/etc/postfix stop
postfix/postfix-script: stopping the Postfix mail system

# /opt/sbin/postfix -c /opt/etc/postfix start
postfix/postfix-script: starting the Postfix mail system

Changed lines 312-315 from:

X-Spam-Checker-Version: SpamAssassin? 3.0.4 (2005-06-05) on SEANAS1? X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.1 tests=ALL_TRUSTED,AWL,NO_REAL_NAME autolearn=ham version=3.0.4

to:

X-Spam-Checker-Version: SpamAssassin? 3.0.4 (2005-06-05) on SEANAS1?
X-Spam-Level:
X-Spam-Status: No, score=-1.9 required=2.1 tests=ALL_TRUSTED,AWL,NO_REAL_NAME autolearn=ham version=3.0.4

Changed line 320 from:
  1. This is the right place to customize your installation of SpamAssassin?.
to:

[=# This is the right place to customize your installation of SpamAssassin?.

Changed lines 334-335 from:

tflags WHITELIST_HOUSING [ nice ]

to:

tflags WHITELIST_HOUSING [ nice ]=]

Changed lines 338-339 from:

/opt/bin/spamd -d -c -m 1 -u spamd

to:

/opt/bin/spamd -d -c -m 1 -u spamd

Changed lines 342-343 from:

/opt/bin/spamd -d -c -m 1 -u spamd --max-conn-per-child=100

to:

/opt/bin/spamd -d -c -m 1 -u spamd --max-conn-per-child=100

Changed lines 346-347 from:

Configure sieve to provide server-side mailbox sorting

to:

Configure sieve to provide server-side mailbox sorting

Changed lines 352-364 from:
 # vi user.tux.siv

require "fileinto"; require "imapflags";

if anyof ( header :contains "X-Spam-Flag" "YES",

              header :contains "X-Spam-Level" "***",
              header :contains "X-Bogosity" "Spam, ",
	  header :contains "X-Spam-Status" "Yes",
	  header :contains "Subject" "***SPAM***"  )
      { setflag "\\Seen"; fileinto "INBOX.Spam"; }

else { fileinto "INBOX"; }

to:
 @@# vi user.tux.siv
require "fileinto";
require "imapflags";

if anyof ( header :contains "X-Spam-Flag" "YES",
header :contains "X-Spam-Level" "***",
header :contains "X-Bogosity" "Spam, ",
header :contains "X-Spam-Status" "Yes",
header :contains "Subject" "***SPAM***" )
{ setflag "\\Seen"; fileinto "INBOX.Spam"; }
else { fileinto "INBOX"; }@@

Changed lines 367-373 from:
 # sieveshell -u tux -a tux <hostname>
 > put user.tux.sieve.siv

> list

 > activate user.tux.sieve.siv

> list

 > quit
to:
 # sieveshell -u tux -a tux <hostname>
> put user.tux.sieve.siv
> list
> activate user.tux.sieve.siv
> list
> quit
Changed lines 376-378 from:

There's not much on how to use sieve (a server-based mail filter program that comes with cyrus-imap). I found the best source was here: http://www.bsdforums.org/forums/showthread.php?t=8238

to:

There's not much on how to use sieve (a server-based mail filter program that comes with cyrus-imap). I found the best source was here: http://www.bsdforums.org/forums/showthread.php?t=8238

Changed lines 381-384 from:

1. Set the email server up directly connected to the Internet. I'm not doing this because I haven't satisfied myself that the server's security is adequate. 2. Use your ISP's email server via a SASL connection 3. Use your ISP's email server and uses fetchmail to poll your email account on the ISP's server

to:
  1. Set the email server up directly connected to the Internet. I'm not doing this because I haven't satisfied myself that the server's security is adequate.
  2. Use your ISP's email server via a SASL connection
  3. Use your ISP's email server and uses fetchmail to poll your email account on the ISP's server
Changed lines 389-395 from:
  1. vi /opt/etc/fetchmailrc

set postmaster lee set no bouncemail set syslog

poll "www.kimberconsulting.com" protocol imap user 'kimberconsulting/lee.kimber' there with password "coincoin" is "lee" here

to:

# vi /opt/etc/fetchmailrc
set postmaster lee
set no bouncemail
set syslog

poll "www.kimberconsulting.com" protocol imap user 'kimberconsulting/leek' there with password "noneofyourbusiness" is "lee" here

Changed lines 398-399 from:

2 * * * * root /opt/bin/fetchmail -f /opt/etc/fetchmailrc &> /dev/null

to:

2 * * * * root /opt/bin/fetchmail -f /opt/etc/fetchmailrc &> /dev/null

Changed line 402 from:

Next steps

to:

Next steps

February 19, 2006, at 04:27 PM by Lee Kimber -- Initial draft prior to formatting
Added lines 1-399:

Prepare the system

Before you start installing the email-specific packages, update, then install these feeds and utilities:

ipkg update ipkg install unslung-feeds ipkg update

Also, edit the /etc/hosts file to let this machine identify itself if you lack DNS.

Install packages Install perl, libdb, coreutils, cyrus-sasl.

Although this howto does not go into how to use cyrus-sasl, having it present allows you to change the mail delivery options to the server once you have the server up and running correctly.

After installing cyrus-sasl run:

/opt/sbin/saslpasswd2 mail

And set the password

That'll create the sasl2 file that you should then set the permissions on:

chmod 644 /opt/etc/sasl2

There's some ambiguity about how the permisions of file /opt/etc/sasl2 should look:

  1. ls -l /opt/etc/sasl2
      -rw-r--r-- 1 root root ...

or

  1. ls -l /opt/etc/sasl2
      -rw------- 1 root root ...

Install readline, fetchmail, cyrus-imapd, postfix, (bogofilter or perl-spamassassin) using ipkg.

Configuration

To retain your sanity while testing and troubleshooting, you are better off configuring, starting up and testing the email server software in the following order: Postfix (followed by a sending test) Cyrus-imapd Bogofilter or SpamAssassin?

Building and testing the email server this way allows you to test and debug each essential piece before building on top of it. The reason we install postfix after installing cyrus-imapd is that the Unslung build of postfix allegedly configures itself around cyrus-imapd. However, we have to touch /opt/etc/sadl2 before installing postfix as described above due to a glitch in the way this file is created.

Configuring Postfix The two main files for configuring postfix to send (and receive) are: /opt/etc/postfix/main.cf and /opt/etc/postfix/master.cf

The relevant changes (un-comments and edits) I made to /opt/etc/postfix/main.cf are:

myhostname = cen-nas1-1.leedomain.com (was #myhostname = virtual.domain.tld) mydomain = leedomain.com myorigin = $mydomain inet_interfaces = all proxy_interfaces = <external NAT interface IP address> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks = 192.168.1.0/24, 192.168.2.0/24, 127.0.0.0/8 (internal subnets on my LAN)

In /opt/etc/postfix/master.cf:

Beneath the line: smtp inet n - n - - smtpd

I added:

  1. smtp inet n - n - - smtpd -o content_filter=spamassassin
  2. smtp inet n - n - - smtpd -o content_filter=bogofilter

At the end of master.cf I added: spamassassin unix - n n - - pipe user=spamd argv=/opt/bin/spamc -f -e /opt/sbin/sendmail -oi -f ${sender} ${recipient}

bogofilter unix - n n - - pipe flags=R user=bogo argv=/opt/sbin/postfix-bogofilter.sh -f ${sender} -- ${recipient}

Change your aliases file to ensure you receive error messages:

 # vi /opt/etc/aliasas
  1. root: you

root: tux

Then run:

  1. newaliasas

Add maildrop to /etc/group if it isn't already there: vi /etc/group maildrop:x:69:maildrop

Reload the Postfix configuration by issuing: /opt/sbin/postfix -c /opt/etc/postfix reload

Test Postfix's ability to send

Start the postfix service by issuing: /opt/etc/init.d/S69postfix

You should see the following messages:

starting service postfix postfix/postfix-script: starting the Postfix mail system

You can also see if postfix is running by issuing: ps aux | grep postfix

If it is running you should see something like:

 3479         root       2588   S   /opt/libexec/postfix/master

You'll see the system try to stop the presumably running service (and fail if the service is not running) and start the service. Hopefully, it will succeed in starting the service.

If the service is running, we can test its ability to send email to a known-working remote address by telnetting to the email server from a LAN machine using port 25:

telnet 192.168.1.77 25 220 cen-nas1-1.leedomain.com ESMTP Postfix ehlo leedomain.com 250-cen-nas1-1.leedomain.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250 8BITMIME mail from: lee@leedomain.com 250 Ok rcpt to: lee@kimberconsulting.com 250 Ok data 354 End data with <CR><LF>.<CR><LF> Message-ID: test1.00000@leedomain.com From: lee <lee@leedomain.com> To: lee <lee@kimberconsulting.com> Subject: Test 2

Body of test 2 . 250 Ok: queued as 6DA50EAAC quit 221 Bye

Connection to host lost.

Provided you receive the mail at the remote email account, your system is working. If it isn't, check the /var/log/messages file for hints about the cause of the problem. You'd be wise to monitor the message log in real-time by tailing /var/log/messages. Do that by opening an ssh session to the email server and then issuing:

tail -f /var/log/messages

Also, search the web for notes on how to troubleshoot postfix. There's lots out there.

Allow reading of email Assuming that sending was successful, let's work on the system's ability to receive email.

In /etc/services, uncomment - if necessary - the lines:

 #pop3            110/tcp         pop-3           # POP version 3
 #pop3            110/udp         pop-3
 ...

imap2 143/tcp imap # Interim Mail Access Proto v2 imap2 143/udp imap ... imap3 220/tcp # Interactive Mail Access imap3 220/udp # Protocol v3

and - if necessary - add these lines at the end of the file:

 # start of cyrus-imapd services
 imsp            406/tcp
 acap            674/tcp
 sieve           2000/tcp
 lmtp            2003/tcp
 fud             4201/udp
 # end of cyrus-imapd services

Configure Cyrus-imapd

    * create your email users with the web-frontend of your nslu2, e.g. tux. You do not have to create a user called mail

Note: for those using OpenSlug (ie no web-frontend), use:

  # adduser [username]

Start cyrus-imapd by issuing:

/opt/etc/init.d/S59cyrus-imapd

You can test that Cyrus-imapd is offering pop and imap services by telnetting to the relevant ports. eg:

telnet 192.168.1.77 110 or telnet 192.168.1.77 143

In each case, the Cyrus-imapd server should respond with a message along the lines of: +OK SEANAS1? Cyrus POP3? v2.2.10 server ready <1751987801.1140277042@SEANAS1?> or

Create user mailboxes:

You need the Cyrus-imapd server up and running before the mailbox creation tool cyradm will work.

 # cyradm --user mail localhost
 > cm user.tux
 > cm user.tux.Drafts
 > cm user.tux.Outbox
 > cm user.tux.Sent
 > cm user.tux.Trash
 > cm user.tux.Ham
 > cm user.tux.Spam
 > lm
 > quit

We can now test whether the Cyrus-imapd server is working properly by using telnet to create and send a message to the user "tux". Before starting, you might want to open an ssh connection the email server and tail (monitor) the messages log by issuing (once you've ssh'd in):

tail -f /var/log/messages

Then start the email-sending test.

telnet 192.168.1.78 25 220 seanas1.leedomain.com ESMTP Postfix ehlo leedomain.com 250-seanas1.leedomain.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH PLAIN 250 8BITMIME mail from: lee@leedomain.com 250 Ok rcpt to: lee@leedomain.com 250 Ok data 354 End data with <CR><LF>.<CR><LF> Message-ID: 000001.00000@leedomain.com To: lee@leedomain.com From: lee@leedomain.com Subject: Test 1 to Cyrus-imapd user lee

Body of test 1 . 250 Ok: queued as C7E6E3F02? quit 221 Bye

Connection to host lost.

The email should have been sent successfully, as shown above. If you tailed the messages log, you should see postifx processing the email and handing it off to Cyrus-imapd. At this point you may see a non-fatal error from Cyrus-imapd's sieve program, which has no filtering scripts to run against the incoming email.

Set up a remote pop or imap client to test retrieval of email from the server. Hopefully, you should find the test email is there. If not, track down the problem using the messages log.

Having tested this far and checked that the basic email-realted services are working correctly, we can add spam-filtering, knowing that if anything goes wrong, the error is in the spam filtering set up, not the email set up.

Setting up spam filtering

These instructions set up SpamAssassin?. In my experience, the default Bogofilter package places Bogofilter scripts in /opt/var/lib/ but Bogofilter's scripts (postfix-bogfilter.sh for example)set the default location to /opt/var/spool/. I fixed this by working through the various Bogofilter scripts replacing paths that included "spool" with paths to "lib" instead. This worked but the scripts for training Bogofilter are unclear to me so I continue to use SpamAssassin?.

Create user and group for spamd:

        $ vi /etc/passwd
        spamd:x:40:40:spamd:/opt/var/spool/spamd:

        $ vi /etc/group
        spamd:x:40:spamd

Create file processing locations for spamd:

        $ mkdir -p /opt/var/spool/spamd/.spamassassin
        $ chown -R spamd:spamd /opt/var/spool/spamd/.spamassassin

For Bogofilter, do the following:

Create user and group

        $ vi /etc/passwd
        bogo:x:41:41:bogo:/opt/var/lib/bogofilter:

        $ vi /etc/group
        filter:x:41:filter

Create file processing locations

        $ mkdir -p /opt/var/lib/bogofilter
        $ chown -R bogo. /opt/var/lib/bogofilter

Note: having installed both Bogofilter and SpamAssassin?, you can set which spam filter you want to run by commenting one or other out in the /opt/etc/postfix/master.cf file. For example:

In /opt/etc/postfix/master.cf: Comment out the line: smtp inet n - n - - smtpd

You can then switch in either SpamAssassin? or Bogofilter by writing in and uncommenting one of either:

  1. smtp inet n - n - - smtpd -o content_filter=spamassassin

or

  1. smtp inet n - n - - smtpd -o content_filter=bogofilter

Theoretically you are supposed to reload the Postfix config after doing this but I found re-starting and sometimes rebooting gave me significantly better testing results because - I presume - it forced Postfix to flush queues. I am not sure though. Certainly it is possible to manually flush postfix's queues but I haven't had time to experiment with that yet.

Restart postfix by issuing:

  1. /opt/sbin/postfix -c /opt/etc/postfix stop

postfix/postfix-script: stopping the Postfix mail system

  1. /opt/sbin/postfix -c /opt/etc/postfix start

postfix/postfix-script: starting the Postfix mail system

Test the spam filtering by telnet-sending your email server user another email. Then read the email in your email software and check the email's headers for new headers added by the spam-filter. If using spamAssassin, you should see email headers similar to the following:

X-Spam-Checker-Version: SpamAssassin? 3.0.4 (2005-06-05) on SEANAS1? X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.1 tests=ALL_TRUSTED,AWL,NO_REAL_NAME autolearn=ham version=3.0.4

You can - and should - also tail the /var/log/messages file to watch the spam filter as it processes and reports on the email. The only error you should see at this point is an error relating to sieve, which we will deal with in a moment.

Once spam-tagging is working, you can modify Spamassassin's handling of spam by editing the /opt/etc/spamassassin/local.cf file. Mine looks like this:

  1. This is the right place to customize your installation of SpamAssassin?.
  2. See 'perldoc Mail::SpamAssassin?::Conf' for details of what can be
  3. tweaked.

rewrite_header Subject ***SPAM*** report_safe 1

  1. trusted_networks 212.17.35.
  2. lock_method flock
  3. Added by Lee

required_hits 2.1 body WHITELIST_HOUSING /Subject: Housing/ tflags WHITELIST_HOUSING [ nice ]

During testing, I found that spamd would fail to process messages during a SIGCHILD thread handover (caused when child threads reach their maximum default connection limit of five. Thos emails would be handed off to Cyrus-imapd without being spam-checked. I am testing how to get around this by playing with spamd's connection limits. I edited the spamd start-up script at /opt/etc/init.d/S62spamd. In the daemon start section I took the line:

/opt/bin/spamd -d -c -m 1 -u spamd

and added a --max-conn-per-child argument as shown below:

/opt/bin/spamd -d -c -m 1 -u spamd --max-conn-per-child=100

This worked much better the first time I used it but I am still testing it.

Configure sieve to provide server-side mailbox sorting

Provide a script to control how cyrus-imapd's built in sieve program handles spam-tagged messages on the server. Using sieve in this way is useful for imap clients, who want filtering carried out on the server to save bandwidth. I'm not certain my sieve script works and am currently testing it.

Create a sieve file on the email server. The following file is overkill - it checks headers from different spam checkers.

 # vi user.tux.siv

require "fileinto"; require "imapflags";

if anyof ( header :contains "X-Spam-Flag" "YES",

              header :contains "X-Spam-Level" "***",
              header :contains "X-Bogosity" "Spam, ",
	  header :contains "X-Spam-Status" "Yes",
	  header :contains "Subject" "***SPAM***"  )
      { setflag "\\Seen"; fileinto "INBOX.Spam"; }

else { fileinto "INBOX"; }

Now, log in to sieve, upload the file and then activate it.

 # sieveshell -u tux -a tux <hostname>
 > put user.tux.sieve.siv

> list

 > activate user.tux.sieve.siv

> list

 > quit

Test the sieve script by sending an email to the server using the telnet technique shown earlier. If you tail the messages log while doing this, you should see no more sieve errors.

There's not much on how to use sieve (a server-based mail filter program that comes with cyrus-imap). I found the best source was here: http://www.bsdforums.org/forums/showthread.php?t=8238

If the sieve test worked, then the only thing left to do is to decide how to feed incoming emails into the email server. There are three ways of doing this:

1. Set the email server up directly connected to the Internet. I'm not doing this because I haven't satisfied myself that the server's security is adequate. 2. Use your ISP's email server via a SASL connection 3. Use your ISP's email server and uses fetchmail to poll your email account on the ISP's server

We'll go the fetchmail route because it is secure, well-documented and allows us to establish that the rest of the email server is working correctly in the real world before we use methods 1 or 2.

Edit the fetchmail configuration file called fetchmailrc in the email server's /opt/etc/ directory:

  1. vi /opt/etc/fetchmailrc

set postmaster lee set no bouncemail set syslog

poll "www.kimberconsulting.com" protocol imap user 'kimberconsulting/lee.kimber' there with password "coincoin" is "lee" here

I found that using fetchmail in daemon mode locked up my server. To maintain control while I debugged it, I fired fetchmail with a cronjob that looked like this:

2 * * * * root /opt/bin/fetchmail -f /opt/etc/fetchmailrc &> /dev/null

Note: I found fetchmail and my ISP's pop server often experienced protocol failures that stopped downloads. In as far as I have investigated this, it seems to be a spat over the list command.

Next steps To reduce the load on the email server I am working to dump (not bounce) known spam before it gets to SpamAssassin?. I am using Postfix's header_checks and fetchmail's antispam option to have fetchmail drop offending mail before it is allowed into the Postfix system.

view · edit · print · history · Last edited by Bullfrog.
Based on work by Lee Kimber, fcarolo, bullfrog, warti, nsc, JamesL, Jeroen, Bullfrog, and MarkH.
Originally by Lee Kimber.
Page last modified on November 23, 2008, at 09:18 PM