Archive for January, 2011

Dovecot POP3/IMAP server

The next article is about how to install and setup dovecot server.

Start a new terminal then install the dovecot server:

yum install dovecot

In the /etc directory edit the dovecot.conf file and add those changes as below here:

#you must add pop3 and pop3s to get these protocols work
protocols = imap imaps pop3 pop3s

#this part depend on what mail server you are using for eg.: Postfix, Sendmail
mail_location = mbox:~/mail:INBOX=/var/mail/%u

#you should add the mail group to the privileged user group otherwise dovecot wont be able to read the mailbox file
mail_privileged_group = mail

#You need to setup the uidl part otherwise the POP3 clients can’t follow of what messages they’ve downloaded from the server.
#More hints here: http://wiki2.dovecot.org/POP3Server
pop3_uidl_format = %08Xu%08Xv

#this part need for outlook to get it work. More hints here: http://wiki2.dovecot.org/Clients
imap_client_workarounds = delay-newmail outlook-idle netscape-eoh
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh

#we need this part to reach the server with plain text authentication. Use basic pop3 authentication only just a secure environment! Otherwise use the secure SSL authentication.
#When you use the basic plain text authentication method, all the data travels unencrypted on your network. So the login details and the password could be catched by anyone.
#Use the encrypted SSL connection to secure the whole data travels. In the outlook thick the ” This server requires an encrypted connection(SSL) box”.
#After that the outlook will use SSL authentication method and every part of the communication will be secure.
#If you check the login details of the maillog file, you will see at the and of the line TLS
#I will show examples about this further below
disable_plaintext_auth = no

To get the SSL working you need to fill this part of the dovecot.conf:

ssl_cert_file = /etc/pki/tls/certs/dovecot.pem
ssl_key_file = /etc/pki/tls/private/dovecot.key
ssl_disable = no

Save the dovecot.conf and close it. We are set.

Start the service:

service dovecot start

Then test the pop3 server.

tail -F /var/log/maillog

This below is a basic plain text login method 110 port used:

Jan 22 00:11:04 ldapproxy dovecot: pop3-login: Login: user=<aaa>, method=PLAIN, rip=192.168.0.5, lip=192.168.0.30
Jan 22 00:11:04 ldapproxy dovecot: POP3(aaa): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Jan 22 00:11:05 ldapproxy sendmail[8564]: p0M0B5XT008564: from=<aaa@opensourcetechnology.co.uk>, size=407,, nrcpts=1, msgid=<201101220011.p0M0B5XT008564@ldapproxy.localdomain>, proto=ESMTP, daemon=MTA, relay=[192.168.0.5]
Jan 22 00:11:05 ldapproxy sendmail[8566]: p0M0B5XT008564: to=<aaa@opensourcetechnology.co.uk>, ctladdr=<aaa@opensourcetechnology.co.uk> (505/505), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30693, dsn=2.0.0, stat=Sent

and this is how the Wireshark captured the login name and the password of the whole process:

pop3-nosecure1

Then change the authentication method in the outlook to use the SSL. (port 995)

The maillog will look like this one:

Jan 22 00:23:38 ldapproxy dovecot: pop3-login: Login: user=<aaa>, method=PLAIN, rip=192.168.0.5, lip=192.168.0.30, TLS
Jan 22 00:23:38 ldapproxy dovecot: POP3(aaa): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Jan 22 00:23:38 ldapproxy sendmail[9010]: p0M0NcNf009010: from=<aaa@opensourcetechnology.co.uk>, size=407,, nrcpts=1, msgid=<201101220023.p0M0NcNf009010@ldapproxy.localdomain>, proto=ESMTP, daemon=MTA, relay=[192.168.0.5]
Jan 22 00:23:38 ldapproxy sendmail[9011]: p0M0NcNf009010: to=<aaa@opensourcetechnology.co.uk>, ctladdr=<aaa@opensourcetechnology.co.uk> (505/505), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30693, dsn=2.0.0, stat=Sent

Have you noticed that the TLS at the and of the line? The whole communication was encrypted!
Take a look the Wireshark’s captured data. The whole process was encrypted.

pop31

To test your dovecot server locally without any pop3 client just start telnet:

[root@ldapproxy etc]# telnet 192.168.0.30 110

Trying 192.168.0.30…
Connected to 192.168.0.30 (192.168.0.30).
Escape character is ‘^]’.
+OK Dovecot ready.
user aaa
+OK
pass 123456
+OK Logged in.
list
+OK 1 messages:
1 743
.

retr 1
+OK 599 octets
Return-Path: <root@ldapproxy.localdomain>
Received: from ldapproxy.localdomain (localhost.localdomain [127.0.0.1])
by ldapproxy.localdomain (8.13.8/8.13.8) with ESMTP id p0O07gY3032579
for <aaa@ldapproxy.localdomain>; Mon, 24 Jan 2011 00:07:42 GMT
Received: (from root@localhost)
by ldapproxy.localdomain (8.13.8/8.13.8/Submit) id p0O07gRw032578
for aaa; Mon, 24 Jan 2011 00:07:42 GMT
Date: Mon, 24 Jan 2011 00:07:42 GMT
From: root <root@ldapproxy.localdomain>
Message-Id: <201101240007.p0O07gRw032578@ldapproxy.localdomain>
To: aaa@ldapproxy.localdomain
Subject: test

test
quit
.

More references and hints here: http://wiki2.dovecot.org/http://wiki.dovecot.org/MainConfig
And troubleshoot here: http://wiki.dovecot.org/QuestionsAndAnswers

Sendmail server setup

Sendmail mail server setup and configuration step by step.
Let’s start and setup our first sendmail server.

First thing to do is install the packages that we need.

yum install sendmail sendmail-cf

Then edit the sendmail.mc file and make those changes above.

Find the line:

dnl define(`confAUTH_OPTIONS’, `A p’)dnl

and change it to:

define(`confAUTH_OPTIONS’, `A p’)dnl

Then change those lines above. This is need to get outlook express and Mozilla to work with plain text authentication.
Use it only in a secure local network, otherwise use a different authentication mechanism for example ssl.

From this:

dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnl
dnl define(`confAUTH_MECHANISMS’, `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnl

To this:

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnl
define(`confAUTH_MECHANISMS’, `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnl

Next step is change the queue parts for fine tuning from these:

dnl define(`confTO_QUEUEWARN’, `4h’)dnl
dnl define(`confTO_QUEUERETURN’, `5d’)dnl
dnl define(`confQUEUE_LA’, `12′)dnl
dnl define(`confREFUSE_LA’, `18′)dnl

To these:

define(`confTO_QUEUEWARN’, `4h’)dnl
define(`confTO_QUEUERETURN’, `5d’)dnl
define(`confQUEUE_LA’, `12′)dnl
define(`confREFUSE_LA’, `18′)dnl

Next thing is the maximum children numbers:

dnl define(`confMAX_DAEMON_CHILDREN’, `20′)dnl

To:

define(`confMAX_DAEMON_CHILDREN’, `20′)dnl

Then the maximum connection number per IP address from this:

dnl define(`confCONNECTION_RATE_THROTTLE’, `3′)dnl

To this:

define(`confCONNECTION_RATE_THROTTLE’, `3′)dnl

Next is the local daemon copy the line and insert your server’s IP address:

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA’)dnl
DAEMON_OPTIONS(`Port=smtp,Addr=192.168.0.40, Name=MTA’)dnl

If you are using public IP address then put that instead of the private one.
If you want to get IPv6 support then uncomment this line:

dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6′)dnl

To this:

DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6′)dnl

Obvious the Address part should be filled properly.

Next find the line:

dnl FEATURE(`relay_based_on_MX’)dnl

and change this to:

FEATURE(`relay_based_on_MX’)dnl

If your server runs on a DSL or cable connection then you need to change the smart host part too:

define(`SMART_HOST’, `smtp.ntlworld.com’)dnl

Obvious change the smtp.ntlworld.com part to your provider. Then your server will be able to communicate through smtp protocol.
Save the sendmail.mc file, this part is done.

Next thing to do is edit the access file and insert your server’s IP address like this:

Connect:192.168.0.40            RELAY
Connect:192.168.0                   RELAY

Change the addresses to your server’s IP address and for your local network address too.
The second line needs for the clients computers on your network to be able to relay with the server.
If you are using public IP address then put that IP instead of the private one.
This file enables the sendmail server to reject and accept domain(s) and IP addresses.

When this done you need to hash the access file with this command:

makemap  hash /etc/mail/access.db &lt; /etc/mail/access

Next thing to do is enter the domain name(s) that you have into the local-host-name file like this:

vi /etc/mail/local-host-names

opensourcetechnology.co.uk
mylovelydomainname.com
mythirddomainname.com

Then save the file and close it.
Create a test user for this email account:

useradd –s /sbin/nologin test1

Change the password for the test1 user:

passwd test1

Then edit the aliases file under the /etc directory and put these line into it:

test1:         test1

Save and close it then issue the newaliases command:

newaliases

/etc/aliases: 78 aliases, longest 10 bytes, 781 bytes total

After this you got a test1@opensourcetechnology.co.uk email address.
If you want more addresses for this account just edit the /etc/aliases file and save it.
Then issue the newaliases command to be accept the new lines from the aliases file.

We are finished with the sendmail part. Let’s compile the sendmail and start it.

make clean
make all
make restart

You can start any service in CentOS Linux with these commands:

service sendmail start

or

/etc/init.d/sendmail start

Check the sendmail service because it should be switched on otherwise the next reboot the servcie wont start with the chkconfig command:

chkconfig sendmail on

Be carefull with postfix, exim and any another mail servers. Only one mail server can run on the 25 smtp port. So check the service to be switched off with the command:

chkconfig postfix off
chkconfig exim off

And check the firewall smtp port that should be enabled. You can check this with iptbales command:

iptables -L

If it says “ACCEPT     tcp  —  anywhere             anywhere            state NEW tcp dpt:smtp” that is fine.

Last thing to do is change the server name for the appropriate one.
Go to /etc/sysconfig and edit the network file.

vi /etc/sysconfig/network

Change this:

HOSTNAME=localhost.localdomain

To:

HOSTNAME=mail.opensourcetechnology.co.uk

That’s it we are done. After this you should restart the server otherwise the server name wont change.
Before that save every open files!!!
You can restart the server with this command:

shutdown -r now (-r means restart the box. If you put -h the server wont restart it will stay in halt state)

After you rebooted the server test the sendmail server with this command:

telnet localhost 25

###################
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 mail.opensourcetechnology.co.uk ESMTP Sendmail 8.13.8/8.13.8; Sun, 16 Jan 2011 19:14:03 GMT
helo me
250 mail.opensourcetechnology.co.uk Hello localhost.localdomain [127.0.0.1], pleased to meet you
mail from:lszabo@opensourcetechnology.co.uk
250 2.1.0 lszabo@opensourcetechnology.co.uk… Sender ok
rcpt to:test1
250 2.1.5 test1… Recipient ok
data
354 Enter mail, end with “.” on a line by itself
subject:test
test
.
250 2.0.0 p0GJE39C006422 Message accepted for delivery
quit
##################

To check the open ports on your box use the nmap command.

nmap localhost
nmap 192.168.0.40
nmap myexternalipaddress

Hints for DSL/Broadband connections:

If your server is behind a firewall don’t forget to forward the 25 (smtp) port into your box.
On few DSL line you might have a problem with the MTU size. If the mails stuck into the Linux box then change the MTU size to 1420 in your router.
The DSL line is not a real Ethernet network. It is a pppoe (&lt;a href=”http://en.wikipedia.org/wiki/Point-to-Point_Protocol_over_Ethernet”>http://en.wikipedia.org/wiki/Point-to-Point_Protocol_over_Ethernet&lt;/a>) line so the MTU size is smaller then a real Ethernet and it can cause trouble for sendmail.
So if you are having this kind of problem(mail can’t go out from the box)  try to change this in the router and in the Linux box too.
In the Linux box the MTU size at the /etc/sysconfig/networking/devices/ifcfg-eth0

You can download all the configuration files from here:

sendmail.mc

local-host-names

access

Sendmail-Doc

Next blog will be about the Dovecot POP3/IMAP server.

 
Show Buttons
Hide Buttons