Eye of the storm on Jupiter


Brian J. Densmore

2004-04-17, 0.1.1alpha


So you want to have your own mailserver? This mini-HowTo is specific to debian so your mileage may vary. This document will attempt to instruct you how to install and configure : exim to send and receive mail, procmail to gather all your mail and organize it according to your taste into folders, spamassasin to filter the Spam, courier-imap to allow you to access mail by secure imap and Squirrelmail to retrieve mail via the Web (webmail).

Table of Contents
1. Preface
1.1 Authorship and copyright
1.2 Acknowledgements
1.3 Comments and Corrections
1.4 Latest Version and Translations
2. Requirements
2.1 Hardware
2.2 Software
2.3 Installing Debian
3. Installation
3.1 Exim
3.2 Procmail
3.3 Spamassassin
3.4 Courier-IMAP
3.5 Apache
3.6 Squirrelmail
3.7 Amavis
4. FAQs
4.1 What yet another mail HowTo!?
4.2 Debian sucks, why don't you use RedHat?
4.3 Why doesn't it work for me?
4.4 Why use exim, I prefer qmail?
4.5 There are mistakes how do I let you know?
4.6 What if I want to translate this in another language?
5. Errata

1. Authorship and copyright

1.1. Authorship

This document is copyright (c) by Brian J. Densmore 2004 under the creative commons license. You are free to copy, modify, and/or redistribute only under the terms of this license. If you do modify this document or redistribute it for commercial purposes, I would appreciate a copy of the work or an order of 7 star Kung Pao Shrimp.

1.2 Acknowledgements

I'd like to thank a somewhat anonymous writer on the 'net for giving me the idea. A person using the handle of Rei (king). I'd also like to thank Jason Boxman and I'm sure I'll add more names before I release my 1.0 version of this HowTo.

1.3 Comments and Corrections

Yours can be the first!

1.4 Latest Version and Translations

The latest version can be found here. Or a strict html version downloaded here. Or a single page version here.
I haven't done any translations yet.

2. Requirements

2.1. The hardware

I use a pentium 133, 40 MB ram, and 2 Gig of hard disk.

2.2. Necessary Software

Our centralized mail/webmail server needs:

  • A functional Linux Operating System
  • A functional mail transport agent: exim or postfix or ...
  • A program to process the mail: Procmail
  • A program to strip out SPAM: Spamassassin
  • An application to receive mail from user accounts: fetchmail
  • An application to access to the mail from other computers: Courier-IMAP
  • A webmail interface: Squirrelmail and apache
  • A virus scanner: Amavis

I know this list may seem daunting, but it's really not that difficult in debian. The installation of each one of them separately can be trivial, but when combined they tend to interact and thus can create issues that are easily overcome with some planning.

2.3. Installing Debian

The first task is to choose a flavor of Debian. I recommend stable, which what I run. The downside to Stable is it is very outdated, from a Linux standpoint. Testing is more current and is quite stable, but the downside is that security patches are less frequently applied to Testing. Unstable will be as stable as most of the major distributions, but I don't recommend running unstable on a production box. I prefer to use a prepakaged debian version and one with a minimal approach, so we will use Bonzai Linux. There are plenty of good documents on installing debian so I won't detail it extensively here. A mailserver accessible over the internet should be secured and run a minimum of dangerous services.
As soon as we have Debian in operation, we can recompile the kernel so that it is better adjusted with the hardware. Go ahead, I'll wait...
Done already? I didn't do this for mine. That's a future project. Next we will need a means of remotely controlling the machine. We will use ssh as telnet is too dangerous. Install ssh thus:

server:~#apt-get install ssh
You'll want to get a real certificate but for now we can just use the snake oil cert.

If you are running a firewall you will need these ports open 22, 80, 443, and 993. If you aren't using a firewall, why aren't you!?

3. Installation

The first step is to install the necessary packages. We will do this one at a time and configure and test each one before going on to the next package. So let's start!

3.1. Exim

myserver:~#apt-get install exim

When prompted for the server type we will choose option 1 for direct delivery ("Internet Server"). We will not relay to any other host, nor accept mail if it is not for our computer. Exim is in charge of transporting mail from and to other mail servers, hence the name Mail Transport Agent (MTA). For the delivery of local mail we will use procmail.
Test your exim configuration now. You should be able to send mail and receive. Got that working? Now let's make some changes to the /etc/exim/exim.conf in preparation for the next steps. We don't want exim in it's default configuration. We need to have exim understand Maildir format.
To set up Maildir in exim we need to edit the /etc/exim/exim.conf file.
Change the local_directory section like this:
# old settings
driver = appendfile
group = mail
mode = 0660
mode_fail_narrower = false
envelope_to_add = true
return_path_add = true
create_directory = true
# new fields to old version
maildir_format = true
prefix = ""
# file = /var/spool/mail/${local_part}

This should turn on sitewide Maildir format. I also like to
Change the address_directory section like this:
driver = appendfile
prefix = ""
suffix = ""
Change the userforward section like:
driver = forwardfile
file_transport = address_file
directory_transport = address_directory
pipe_transport = address_pipe
reply_transport = address_reply
file = .forward
modemask = 002
you'll also want to create a .forward file in each home directory with at least this one line in it, making very sure to remember to add the trailing forward slash:
Finally you'll need to create the Maildirs for each user and also in /etc/skel. For the /etc/skel directory running:
maildirmake /etc/skel
should create the maildir format in /etc/skel. You can run this on the home directory of every user on the system, or you can send a mail to every user, and exim should create the Maildir structure for everyone. You should now have a functioning exim delivering in maildir format. It's very important to remember that Maildirs must be owned by the user. Don't forget to restart exim after making these changes.

3.2. Procmail

myserver:~#apt-get install procmail

Procmail is going to give much flexibility to us. We will create in the home of each existing user a control file ".procmailrc" where we will put the configuration. We will also put a copy in /etc/skel for users created in the future. In this file we will have to do two things: first to send mails to spamassassin so that it filters the Spam, and to organize it by folders.

To filter Spam: Add these lines:
# Redirect the mail to spamassassin (if we want to use spamc
# filters the messages smaller than 250kb since the Spam usually is short messages,
# and to filter long messages can load the system too much.
# the lock avoids two processes of spamassassin running at the same time
:0fw: spamassassin.lock
* < 256000
# Spamassassin!
# All the noticeable mail Spam we put in the Spam folder
* ^X-Spam-Status: Yes

To organize in subfolders: I have several mail accounts and several lists. So as soon as I receive the mail I organize it by lists and by accounts. Here is an example:
# now the section for subfolders
# an example of organizing the mail by lists. It looks in the
# header for Resent-From and watches if it contains to debian-security
# if it is there it puts it into the directory Debian /td>
# The best thing is to watch the headers of an email.
# debian-security
:0: *
^Resent-From. * debian-security@lists.debian.org
# Finally, if something is left we put to the INBOX

3.3. Spamassassin

server:~#apt-get install spamassassin

This program will allow us to filter the incoming mail and what it considers to be Spam placed in another folder. Rather than delete it since it is possible to get false positives detecting Spam mail that is not. Usually it is configured a little permissive (the limit is 5 and that lets pass Spam, with 4 much less is passed) We edit the configuration file in the user directories and in /etc/skel
myserver:~#nano -w .spamassassin/user_prefs

# How many hits before mail is considered Spam.
required_hits 4

3.4. Courier-imap

The application for distributing mail to users. In debian is as simple to install as:

server:~#apt-get install courier-imap courier-imap-ssl

I have the imap port set up only for local connection which is used by squirrelmail, the only imap port open to the internet is the imap-ssl port 993

3.5. Apache

To install we will use debian's apt-get functionality again. From a command prompt We will install apache with ssl so we never transmit passwords over the internet unencrypted and expose our servers to evil crackers.
myserver:~#apt-get install apache

Edit the /etc/apache/httpd config file thus:
TODO: add content here

3.6. Squirrelmail

myserver:~#apt-get install squirrelmail

Running the above install will also install php4 if it is not installed on your server. PHP is required to run Squirrelmail. Made it this far? Excellent! You may notice squirrelmail will install in a directory that is not:
Which is where we installed apache. Therefore it is not directly accessible by apache. We will have to create a link to it in order to use it. I prefer to fully qualify my symbolic links.
myserver:/var/www/# ln - s /usr/share/squirrelmail /var/www/webmail
Squirrelmail requires php4 to work.
You will also need to uncomment the following lines in your configuration file,
myserver:~# nano -w /etc/apache/httpd.conf
LoadModule php4_module/usr/lib/apache/1.3/libphp4.so
AddType application/x-httpd-php php
AddType application/x-httpd-php-source phps

Or add them if not it there.

Setting Squirrelmail is as easy as running the configuration menu:

SquirrelMail Configuration:
Read: config.php (1.4.0)
Main Menu--
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books (LDAP)
7. Message of the Day (MOTD)
8. Plugins
9. Database
D. Set pre-defined settings for specific IMAP servers
C. Turn color on
S Save data
Q Quit Command > >

We will perform the 1,2, 4, and 8
i) 2. Server Settings
A. Update IMAP Settings : localhost:143 (courier)
B. Update SMTP Settings : localhost:25

Select item 'A' and configure as below:
IMAP Settings
1. Domain : amason.net
2. IMAP Server : localhost
3. IMAP Port : 143
5. Use sendmail/SMTP : SMTP
6. SMTP Host : localhost
7. SMTP Port : 25
8. Authenticated SMTP :false
9. POP before IMAP : false
10. Server : courier
11. Invert Time : false
12. Delimiter : .

ii) 4. General Options
Configure according to your specifications.
iii) 8. Plugins: Install any plug-ins you want, like the calendar.
iv) 1. You may want to change the organization name.
There are plenty of other options you can set. Most are self-explanatory. For some you may want to read the documentation.

3.7. Amavis

myserver:~#apt-get install amavis

I haven't installed this yet.

Congratulations! Now your new internet mail server is complete.

4. FAQs

4.1 What yet another mail HowTo!?

Yes, still another HowTo. I did this because I couldn't find one with all the pieces I wanted on my mail server. It was purely a selfish thing, and hopefully having it all in one place will help someone else.

4.2 Debian sucks, why don't you use RedHat?

I've used just about every major type of distro out there. From simple do it all for you distros to through Slackware, RedHat,Mandrake, LFS and gentoo. I've found that gentoo and debian have the best update and upgrade functionality. I know that RH and Mandrake are are improving one this, but I feel that debian's method is mature and stable and it just works. I feel that gentoo is too time intensive for a production server. So I'm now a true believer in debian. If you aren't that's fine too.

4.3 Why doesn't it work for me?

This document probably won't work for everyone. I may have left something out. You may have different software installed, or you may have a different system configuration.

4.4 Why use exim, I prefer qmail?

There are several fine choices for mail transport agents (MTAs). I've used sendmail and it is powerful and stable and yes it can even be secure. Qmail is an excellent MTA also, but I felt that exim was easier to set up and also I choose it to work with squirrelmail better. It's fast, lightweight, secure and easy to maintain. Sure the same can be said for other MTAs.

4.5 There are mistakes how do I let you know?

If you find mistakes in my HowTo, I'll would like to hear from you. If you have refinements, I'd be glad to incorporate them also.

4.6 What if I want to translate this in another language?

If you want to translate this into another language, please do so. If you contact me, I'll make sure you have the latest copy. I would also appreciate a link, or if you want, I'll post it here.

5. Errata

There are no errors, of course. If you do find any, I would appreciate hearing from you.

Page Hits

Debian Apache