Previous Section  < Day Day Up >  Next Section

Recipe 20.2. Building a POP3 Mail Server

20.2.1 Problem

You want to set up a POP3 mail server—nothing fancy, just a basic server for Internet mail for a single domain, with TLS/SSL support for more secure logins.

20.2.2 Solution

Here are the requirements:

  • Postfix

  • Courier-IMAP, which supplies both POP3 and IMAP

  • OpenSSL

  • famd, the file alteration monitor daemon

See Recipe 20.3 for Debian instructions.


Install or upgrade OpenSSL and famd first.

Next, remove any installed MTAs and POP/IMAP servers. Look first for Sendmail, as it is still the default on a lot of installations. Go ahead and break dependencies, because Postfix will satisfy them.

Then stop any running processes belonging to the old MTA:

$ ps ax | grep sendmail

root 10204 0.0 0.7 5296 1980 ? S 19:27 0:00 sendmail:accepti 

$ su

# kill 10204

Now install Postfix. If you build from sources, be sure to compile in SASL support. (See the SASL_README in the tarball.)

After installing Postfix, make a backup copy of /etc/postfix/main.cf:

# cp /etc/postfix/main.cf  /etc/postfix/main.cf-old

Erase everything in the original, and copy in these lines. Be sure to enter filepaths and host/domain names appropriate for your system:

command_directory = /usr/sbin

mail_owner = postfix

default_privs = nobody

# enter your domain name here

mydomain = tuxcomputing.com

# enter your own fully-qualified domain name here

myhostname = windbag.tuxcomputing.com

myorigin = $mydomain

alias_maps = hash:/etc/aliases

alias_database = hash:/etc/aliases

inet_interfaces = all

mydestination = $myhostname, localhost.$mydomain $mydomain

mynetworks_style = subnet

   

# very important! Courier must have maildirs, not mbox

home_mailbox = Maildir/

mail_spool_directory = /var/mail

mtpd_banner = $myhostname ESMTP $mail_name

mailbox_size_limit = 0

recipient_delimiter = +

Create aliases for root and postmaster in /etc/aliases:

# See man 5 aliases for format

root:foober@test.net

postmaster:root

Then create the alias database:

# newaliases

and run the built-in syntax checker:

# postfix check

Some distributions start Postfix automatically after installation. To start it manually, use the postfix command:

# postfix start

If Postfix is already running, restart it:

# postfix reload

postfix/postfix-script: refreshing the Postfix mail system

Then verify that Postfix is running:

$ ps ax | grep postfix

26342 ?        Ss     0:00 /usr/lib/postfix/master

Next, verify that the smtp daemon is working:

$ telnet localhost 25

Trying 127.0.0.1...

Connected to localhost.localdomain.

Escape character is '^]'.

220 windbag.test.net ESMTP Postfix (Libranet/GNU)

EHLO windbag.test.net

250-windbag.test.net

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-XVERP

250 8BITMIME

^]

telnet> quit

Connection closed.

Now install Courier-IMAP. To install from RPMs, you'll need courier-imap-common and courier-imap-pop3. If you build from sources, be sure to read 00README.NOW.OR.SUFFER.

After installation, generate the POP3 TLS/SSL certificate. First, edit /etc/courier/pop3d.cnf, entering your own site information:

[ req_dn ]

C=US

ST=NM

L=Albuquerque

O=mailserver

OU=Automatically-generated POP3 SSL key

CN=Windbag

emailAddress=postmaster@tuxcomputing.com

Now generate the key:

# mkpop3dcert

Generating a 1024 bit RSA private key

..........................................++++++..++++++

writing new private key to '/usr/lib/courier/pop3d.pem'-----

1024 semi-random bytes loaded

Generating DH parameters, 512 bit long safe prime, generator 2

This is going to take a long time

.....+.......+........+............+...+.......................................+..........       ...

subject= /C=US/ST=NM/L=Albuquerque/O=Courier Mail Server/OU=Automatically-generated POP3 SSL key/CN=windbag/emailAddress=postmaster@tuxcomputing.com

notBefore=May 20 18:08:13 2004 GMT

notAfter=May 20 18:08:13 2005 GMT

MD5 Fingerprint=D4:A5:53:48:09:65:C4:F0:11:8F:31:9E:FB:9F:EB:8A

#

Some distributions start Courier automatically after installation. Use these commands to start Courier manually, if necessary:

# /etc/init.d/courier-pop3d start

# /etc/init.d/courier-pop3d-ssl start

Verify the filenames, as they vary on different distributions.

Now you have a fully functioning POP3 mail server.

20.2.3 Discussion

The various Linux distributions customize Postfix and Courier in their own weird little ways, so be sure to verify filepaths and filenames.

If you're used to having mail queued in /var/spool, you're going to find that Courier is different. The mail queues are in each user's home directory:

# ls /home/foober

Desktop  Maildir

# ls /home/foober/Maildir

courierimapkeywords    courierimapuiddb      cur  tmp

courierimapsubscribed  courierpop3dsizelist  new

New mail sits in /Maildir/new until the user retrieves it. This is configured in Postfix, in main.cf:

home_mailbox = Maildir/

A POP3 mail server can be any old Pentium, or even a 486. It's best to put a mail server on its own dedicated box. A mail server must be exposed to untrusted networks, so anything on the same machine is exposed to some risk. Also, because this configuration of Postfix uses system passwords, giving it its own box means that email accounts will have their own separate passwords. You don't want users to have the same passwords for email as for logging into their workstations or LANs, because that's a big security hole.

When you generate the Courier SSL certificate, it is self-signed, which means no "trusted" third party vouches for the authenticity of your certificate. This is perfectly okay for most uses. If you think you need a genuine, signed, commercially generated SSL certificate from a vendor such as VeriSign or Thawte, it will cost you several hundred dollars per year. An alternative is to check with your ISP or web host to see if they offer lower-cost shared certificates.

20.2.4 See Also

    Previous Section  < Day Day Up >  Next Section