Dear All I am planning to setup mail server for my domain.
Which one is preferred postfix or sendmail.
I came across a link * http://ostechnix.wordpress.com/2013/02/08/setup-mail-server-using-postfixdov... * for postfix mail setup.
It says, Prerequisites:
- The mail server should contain a valid MX record in the DNS server. Navigate to this link how to setup DNS serverhttp://ostechnix.wordpress.com/2013/01/25/setup-dns-server-step-by-step-in-centos-6-3-rhel-6-3-scientific-linux-6-3-3/ . - Firewall and SELinux should be disabled.
I have disabled iptables as my m/c is behind the firewall.
It says I need to disable firewall. Is it really required. Kindly let me know.
Best Regards Austin
On 2013-03-11, Austin Einter austin.einter@gmail.com wrote:
Which one is preferred postfix or sendmail.
I suspect this is mostly personal preference. I prefer postfix because the configuration files are easier to read and write.
It says I need to disable firewall. Is it really required. Kindly let me know.
No, it is not required. But you do need to accept TCP traffic on port 25 to your SMTP host. Because you need to do this, you should make sure your SMTP server can not be used as an open relay, or you will find yourself on many blacklists. Here's a reasonable tester I found:
--keith
On 03/10/2013 11:12 PM, Keith Keller wrote:
On 2013-03-11, Austin Einter austin.einter@gmail.com wrote:
Which one is preferred postfix or sendmail.
I suspect this is mostly personal preference. I prefer postfix because the configuration files are easier to read and write.
It says I need to disable firewall. Is it really required. Kindly let me know.
No, it is not required. But you do need to accept TCP traffic on port 25 to your SMTP host. Because you need to do this, you should make sure your SMTP server can not be used as an open relay, or you will find yourself on many blacklists. Here's a reasonable tester I found:
Here is a list of ports I have open on my mail server:
HTTP 80 & 443 SMTP 25 & 587 IMAP 143 & 993 POP3 110 & 995 manageseive 4190
On 03/10/2013 10:54 PM, Austin Einter wrote:
Dear All I am planning to setup mail server for my domain.
Which one is preferred postfix or sendmail.
I switched to postfix 3 years ago, and never looked back.
I came across a link * http://ostechnix.wordpress.com/2013/02/08/setup-mail-server-using-postfixdov...
- for postfix mail setup.
Here are two very good links:
http://campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServ... http://wiki.centos.org/HowTos/Amavisd
I have used both as guideposts, and found problems with both, as people here and on related lists will attest to be the questions resulting by following other's instructions lead to strangeness. I really suggest that you step slowly into this. There is a lot to do to get all the pieces together. A lot you need to understand with each package. And then things not even covered, but you are expected to know when setting up a server. Like php.conf, you need to set your timezone. None of the tutorials for things like roundcube tell you this; you are expected to know about using php.
It says, Prerequisites:
- The mail server should contain a valid MX record in the DNS server. Navigate to this link how to setup DNSserverhttp://ostechnix.wordpress.com/2013/01/25/setup-dns-server-step-by-step-in-centos-6-3-rhel-6-3-scientific-linux-6-3-3/ . - Firewall and SELinux should be disabled.
You should never disable the server firewall. It is easy to figure out what ports are necessary and open only those. As far as selunix, this is hard. I have been given a set of scripts to work out what to enable for selinux, and this is still a work in progress for me.
I have disabled iptables as my m/c is behind the firewall.
So what? Read the press about "Advance Persistant Threats". Only open what is necessary.
It says I need to disable firewall. Is it really required. Kindly let me know.
Figure out the ports you need. This is not hard. It is easy compared to the rest you will have to learn.
I have the wounds, even with my kevlar suit. :)
BTW, I am putting together my own blog on what I am doing. I have to work out a few pieces to get my mysql passwords out of the scripts I use, but I have learned a lot over the past few months, and really should share. some.
Dear Robert Moskowitz The link * http://campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServ... * you suggested is working great for me so far.
At one point it says
Configuring Postfix
Here we go with more config files. You'll have to be sure to change some settings to match your host. The config files will have sections commented out. Don't worry about it. These sections are for spam/virus/sympa configuration. Just copy and past to create the config files. What ever you see here replaces what already exists.
The main postfix config files. /etc/postfix/main.cf
When I checked, I did not find any folder postfix in my /etc path. Even I searched the whole machine, I did not get main.cf anywhere. Does it mean that I have done some mistake somewhere in earlier steps.
Even, in main.cf file given in above link has an entry as below.
*daemon_directory = /usr/libexec/postfix*
But in my machine I do not see any postfix folder in path /usr/libexec. However I found /var/lib/postfix folder. So should I use /var/lib/postfix instead of */usr/libexec/postfix*.
Please guide me.
-Austin
On Mon, Mar 11, 2013 at 9:13 AM, Robert Moskowitz rgm@htt-consult.comwrote:
On 03/10/2013 10:54 PM, Austin Einter wrote:
Dear All I am planning to setup mail server for my domain.
Which one is preferred postfix or sendmail.
I switched to postfix 3 years ago, and never looked back.
I came across a link *
http://ostechnix.wordpress.**com/2013/02/08/setup-mail-**server-using-** postfixdovecotsquirrelmail-in-**centosrhelscientific-linux-6-** 3-step-by-step/http://ostechnix.wordpress.com/2013/02/08/setup-mail-server-using-postfixdovecotsquirrelmail-in-centosrhelscientific-linux-6-3-step-by-step/
- for postfix mail setup.
Here are two very good links:
http://campworld.net/thewiki/**pmwiki.php/LinuxServersCentOS/** Cent6VirtMailServerhttp://campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServer http://wiki.centos.org/HowTos/**Amavisdhttp://wiki.centos.org/HowTos/Amavisd
I have used both as guideposts, and found problems with both, as people here and on related lists will attest to be the questions resulting by following other's instructions lead to strangeness. I really suggest that you step slowly into this. There is a lot to do to get all the pieces together. A lot you need to understand with each package. And then things not even covered, but you are expected to know when setting up a server. Like php.conf, you need to set your timezone. None of the tutorials for things like roundcube tell you this; you are expected to know about using php.
It says,
Prerequisites:
- The mail server should contain a valid MX record in the DNS server. Navigate to this link how to setup DNSserver<http://ostechnix.**wordpress.com/2013/01/25/** setup-dns-server-step-by-step-**in-centos-6-3-rhel-6-3-** scientific-linux-6-3-3/http://ostechnix.wordpress.com/2013/01/25/setup-dns-server-step-by-step-in-centos-6-3-rhel-6-3-scientific-linux-6-3-3/
. - Firewall and SELinux should be disabled.You should never disable the server firewall. It is easy to figure out what ports are necessary and open only those. As far as selunix, this is hard. I have been given a set of scripts to work out what to enable for selinux, and this is still a work in progress for me.
I have disabled iptables as my m/c is behind the firewall.
So what? Read the press about "Advance Persistant Threats". Only open what is necessary.
It says I need to disable firewall. Is it really required. Kindly let me
know.
Figure out the ports you need. This is not hard. It is easy compared to the rest you will have to learn.
I have the wounds, even with my kevlar suit. :)
BTW, I am putting together my own blog on what I am doing. I have to work out a few pieces to get my mysql passwords out of the scripts I use, but I have learned a lot over the past few months, and really should share. some.
On 03/11/2013 10:30 PM, Austin Einter wrote:
Dear Robert Moskowitz The link */http://campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServ... suggested is working great for me so far.
At one point it says
Configuring PostfixHere we go with more config files. You'll have to be sure to change some settings to match your host. The config files will have sections commented out. Don't worry about it. These sections are for spam/virus/sympa configuration. Just copy and past to create the config files. What ever you see here replaces what already exists.
The main postfix config files. /etc/postfix/main.cf http://main.cf
Definately something wrong here. as root:
grep post install.log
You should see (for Centos 6.3):
Installing postfix-2.6.6-2.2.el6_1.i686
or x86_64 based on architecture. This creates all the postfix default files. Or install postfix via yum.
When I checked, I did not find any folder postfix in my /etc path. Even I searched the whole machine, I did not get main.cf http://main.cf anywhere. Does it mean that I have done some mistake somewhere in earlier steps.
Even, in main.cf http://main.cf file given in above link has an entry as below.
*daemon_directory = /usr/libexec/postfix*
But in my machine I do not see any postfix folder in path /usr/libexec. However I found /var/lib/postfix folder. So should I use /var/lib/postfix instead of */usr/libexec/postfix*.
All the postfix directories in that howto work, but I did not go with his 'use my main.cf' I studied it, using postconf and created a script containing:
# postfix config file
# uncomment for debugging if needed #postconf -e 'soft_bounce=yes'
# postfix main postconf -e 'delay_warning_time = 4'
# network settings postconf -e 'inet_interfaces = all' postconf -e 'mydomain = mailserver.domain.com' postconf -e 'myhostname = mail.mailserver.domain.com' postconf -e 'mynetworks = $config_directory/mynetworks' postconf -e 'relay_domains = proxy:mysql:/etc/postfix/mysql-relay_domains_maps.cf'
# mail delivery postconf -e 'recipient_delimiter = +'
# mappings postconf -e 'alias_maps = hash:/etc/aliases' postconf -e 'transport_maps = hash:/etc/postfix/transport'
# virtual setup postconf -e 'virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, regexp:/etc/postfix/virtual_regexp' postconf -e 'virtual_mailbox_base = /home/vmail' postconf -e 'virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains_maps.cf' postconf -e 'virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf' postconf -e 'virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf' postconf -e 'virtual_minimum_uid = 101' postconf -e 'virtual_uid_maps = static:101' postconf -e 'virtual_gid_maps = static:12' postconf -e 'virtual_transport = dovecot' postconf -e 'dovecot_destination_recipient_limit = 1'
# authentication postconf -e 'smtpd_sasl_auth_enable = yes' # postconf -e 'smtpd_sasl_security_options = noanonymous' postconf -e 'smtpd_sasl_local_domain = $myhostname' postconf -e 'broken_sasl_auth_clients = yes' postconf -e 'smtpd_sasl_type = dovecot' postconf -e 'smtpd_sasl_path = private/auth'
# tls config postconf -e 'smtp_use_tls = yes' postconf -e 'smtp_tls_note_starttls_offer = yes' postconf -e 'smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache' postconf -e 'smtpd_use_tls = yes' postconf -e 'smtpd_tls_loglevel = 1' postconf -e 'smtpd_tls_received_header = yes' postconf -e 'smtpd_tls_security_level = may' postconf -e 'smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache' # Change mail.example.com.* to your host name postconf -e 'smtpd_tls_key_file = /etc/pki/tls/private/mailserver.domain.com.key' postconf -e 'smtpd_tls_cert_file = /etc/pki/tls/certs/mailserver.domain.com.crt'
cat <<EOF>>main.cf || exit 1 # rules restrictions smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain # uncomment for realtime black list checks # ,reject_rbl_client zen.spamhaus.org # ,reject_rbl_client bl.spamcop.net # ,reject_rbl_client dnsbl.sorbs.net EOF
postconf -e 'smtpd_helo_required = yes' postconf -e 'disable_vrfy_command = yes' postconf -e 'smtpd_data_restrictions = reject_unauth_pipelining'
============================================
that append above addresses that postconf cannot handle continues. You can replace it with a single line command; I like the multiline formatting.
If you want more help, let's take it off list. I am at IETF in Orlando right now, and IEEE 802 next week, then Passover after that, so my posting speeds will vary.
Am 11.03.2013 03:54, schrieb Austin Einter:
Dear All I am planning to setup mail server for my domain.
Which one is preferred postfix or sendmail.
Choose the one you understand best.
I came across a link * http://ostechnix.wordpress.com/2013/02/08/setup-mail-server-using-postfixdov...
- for postfix mail setup.
Don't follow tutorials. Period. They don't really teach you how to do things. Look at the one you refered to: it explains nothing. It keeps you dumb and in case something goes wrong - and be assured, things will go mad running a mailserver - you have not the slightest clue how to debug or how to fix it.
So please, read the original documentation of the MTA of choice.
And don't expect to be able to configure your first MTA properly right from the beginning. So don't start with a public one but train in a closed area like a protected LAN.
It says, Prerequisites:
- The mail server should contain a valid MX record in the DNS server.
Navigate to this link how to setup DNS serverhttp://ostechnix.wordpress.com/2013/01/25/setup-dns-server-step-by-step-in-centos-6-3-rhel-6-3-scientific-linux-6-3-3/ .
- Firewall and SELinux should be disabled.
Any tutorial or page that instructs you to turn off the firewall and/or SELinux is going plainly wrong right from the start. I have no words about that nonsense.
I have disabled iptables as my m/c is behind the firewall.
It says I need to disable firewall. Is it really required. Kindly let me know.
It is required to configure the iptables based firewall, but it is not required to completely shut it off.
Best Regards Austin
Regards
Alexander
On 03/11/2013 04:39 AM, Alexander Dalloz wrote:
Am 11.03.2013 03:54, schrieb Austin Einter:
Dear All I am planning to setup mail server for my domain.
Which one is preferred postfix or sendmail.
Choose the one you understand best.
I came across a link * http://ostechnix.wordpress.com/2013/02/08/setup-mail-server-using-postfixdov...
- for postfix mail setup.
Don't follow tutorials. Period. They don't really teach you how to do things. Look at the one you refered to: it explains nothing. It keeps you dumb and in case something goes wrong - and be assured, things will go mad running a mailserver - you have not the slightest clue how to debug or how to fix it.
So please, read the original documentation of the MTA of choice.
And don't expect to be able to configure your first MTA properly right from the beginning. So don't start with a public one but train in a closed area like a protected LAN.
It says, Prerequisites:
- The mail server should contain a valid MX record in the DNS server. Navigate to this link how to setup DNSserverhttp://ostechnix.wordpress.com/2013/01/25/setup-dns-server-step-by-step-in-centos-6-3-rhel-6-3-scientific-linux-6-3-3/ . - Firewall and SELinux should be disabled.
Any tutorial or page that instructs you to turn off the firewall and/or SELinux is going plainly wrong right from the start. I have no words about that nonsense.
So far, I have not found any published selinux help for dovecot using a mysql store for domain/userid accounts. This is a common setup, in fact postfixadmin is available to simplify this approach. But maybe my search fu continues to be weak and I have missed the selinux help for this. I HAVE received general help that is helping me build the module.pp files to address the selinux requirements. So I am fixing this, and when I publish MY learning experience, I will definitely include this portion. It frightens me that there is so much out there on HOW to set this up; you read a bunch of them to get the information to help plow through the documentation, but no help on selinux.
I have disabled iptables as my m/c is behind the firewall.
It says I need to disable firewall. Is it really required. Kindly let me know.
It is required to configure the iptables based firewall, but it is not required to completely shut it off.
In another email I have supplied all the ports he is likely to need opened.
Am 11.03.2013 03:54, schrieb Austin Einter:
I am planning to setup mail server for my domain.
Which one is preferred postfix or sendmail.
Choose the one your most familiar with. If you aren't familiar with either, find someone who is. Setting up a mail server in today's hostile Internet is not a task to be taken lightly.
I came across a link * http://ostechnix.wordpress.com/2013/02/08/setup-mail-server-using-postfixdov...
- for postfix mail setup.
That page does not give good advice. Surely there must be better resources than that?
It says, Prerequisites:
- The mail server should contain a valid MX record in the DNS server.
Strange wording, but I guess they mean the right thing: your DNS zone should contain an MX RR pointing to the mail server, but only *after* your mail server is up and running.
Navigate to this link how to setup DNS serverhttp://ostechnix.wordpress.com/2013/01/25/setup-dns-server-step-by-step-in-centos-6-3-rhel-6-3-scientific-linux-6-3-3/
That page contains the blatant DNS configuration errors we sorted out in your other thread. Don't use it. While we're at it, consider not setting up your own nameserver at all but using your registrar's nameservice instead. It may save you some hassle.
- Firewall and SELinux should be disabled.
Bad advice.
I have disabled iptables as my m/c is behind the firewall.
It says I need to disable firewall. Is it really required. Kindly let me know.
No, you don't need to, and you shouldn't.
HTH T.
On 03/11/2013 04:52 AM, Tilman Schmidt wrote:
Am 11.03.2013 03:54, schrieb Austin Einter:
I am planning to setup mail server for my domain.
Which one is preferred postfix or sendmail.
Choose the one your most familiar with. If you aren't familiar with either, find someone who is. Setting up a mail server in today's hostile Internet is not a task to be taken lightly.
I came across a link * http://ostechnix.wordpress.com/2013/02/08/setup-mail-server-using-postfixdov...
- for postfix mail setup.
That page does not give good advice. Surely there must be better resources than that?
It says, Prerequisites:
- The mail server should contain a valid MX record in the DNS server.Strange wording, but I guess they mean the right thing: your DNS zone should contain an MX RR pointing to the mail server, but only *after* your mail server is up and running.
The OP should set up and DNS internal view to work with the MX record if a test mode. Then replicate it to the external view after everything has been tested to work. Especially the anti-spam/virus portions. Since the OP's named.conf has not explicit views, he first needs to learn more on setting up DNS for safe development before tackling the bigger email challenge.
Navigate to this link how to setup DNSThat page contains the blatant DNS configuration errors we sorted out in your other thread. Don't use it. While we're at it, consider not setting up your own nameserver at all but using your registrar's nameservice instead. It may save you some hassle.
- Firewall and SELinux should be disabled.Bad advice.
I have disabled iptables as my m/c is behind the firewall.
It says I need to disable firewall. Is it really required. Kindly let me know.
No, you don't need to, and you shouldn't.
HTH T.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 03/11/2013 05:08 AM, Eero Volotinen wrote:
- Firewall and SELinux should be disabled.Bad advice.
this page also configures unsafe imap and pop settings. People should always enable only ssl-enabled versions of imap and pop only.
Just don't open those ports. Then they only work locally. For imap, that works well with the local imap webmail software.
Why should a local squirelmail or roundcube server have to go through SSL to the local dovecot server?
But this is why you DON'T turn off the firewall and apply the right rules.
2013/3/11 Robert Moskowitz rgm@htt-consult.com:
On 03/11/2013 05:08 AM, Eero Volotinen wrote:
- Firewall and SELinux should be disabled.Bad advice.
this page also configures unsafe imap and pop settings. People should always enable only ssl-enabled versions of imap and pop only.
Just don't open those ports. Then they only work locally. For imap, that works well with the local imap webmail software.
Why should a local squirelmail or roundcube server have to go through SSL to the local dovecot server?
why not? it is always wise to use encrypted protocols, when possible.
-- Eero
On 03/11/2013 05:27 AM, Eero Volotinen wrote:
2013/3/11 Robert Moskowitz rgm@htt-consult.com:
On 03/11/2013 05:08 AM, Eero Volotinen wrote:
- Firewall and SELinux should be disabled.Bad advice.
this page also configures unsafe imap and pop settings. People should always enable only ssl-enabled versions of imap and pop only.
Just don't open those ports. Then they only work locally. For imap, that works well with the local imap webmail software.
Why should a local squirelmail or roundcube server have to go through SSL to the local dovecot server?
why not? it is always wise to use encrypted protocols, when possible.
If the system is so hacked that there is a risk of snooping on localhost, you have larger issues.
And I develop cryptographic protocols. RIght now I am off to the IETF meeting. I understand what encrypted protocols give and what they don't. In this case, the user is validating the webmail cert for their TLS connection to webmail. They don't even see the dovecot cert. maybe it is the same cert or maybe not. But the point is it never gets to the user domain for validation.
Further, it may well be the case that webmail uses a single TLS channel to dovecot for all users? Would have to look into that.
Dear All I am able to send receive mail properly with use of roundcube.
Thanks a lot for all your support.
The last thing I did was started dovecot service, then roundcuble was able to work properly.
Next, I will look into security aspect, spam filtering etc etc. Will start a new thread for that.
Many thanks for great tips to me.
Best Regards Austin
On Mon, Mar 11, 2013 at 8:24 AM, Austin Einter austin.einter@gmail.comwrote:
Dear All I am planning to setup mail server for my domain.
Which one is preferred postfix or sendmail.
I came across a link * http://ostechnix.wordpress.com/2013/02/08/setup-mail-server-using-postfixdov...
- for postfix mail setup.
It says, Prerequisites:
- The mail server should contain a valid MX record in the DNS server.
Navigate to this link how to setup DNS serverhttp://ostechnix.wordpress.com/2013/01/25/setup-dns-server-step-by-step-in-centos-6-3-rhel-6-3-scientific-linux-6-3-3/ .
- Firewall and SELinux should be disabled.
I have disabled iptables as my m/c is behind the firewall.
It says I need to disable firewall. Is it really required. Kindly let me know.
Best Regards Austin
Am 13.03.2013 04:24, schrieb Austin Einter:
Dear All I am able to send receive mail properly with use of roundcube.
Thanks a lot for all your support.
The last thing I did was started dovecot service, then roundcuble was able to work properly.
Next, I will look into security aspect, spam filtering etc etc. Will start a new thread for that.
Hello Austin,
please consider to address such kind of questions to a mailing list or forum dedicated to these topics or the software you will use. This list is hardly the properly place to ask questions like "how do I filter spam using software X?". Thanks.
Many thanks for great tips to me.
Best Regards Austin
Regards
Alexander
On 03/12/2013 11:24 PM, Austin Einter wrote:
Dear All I am able to send receive mail properly with use of roundcube.
Thanks a lot for all your support.
The last thing I did was started dovecot service, then roundcuble was able to work properly.
Yes, with no IMAP server, your email client can't get to the mail :)
Next, I will look into security aspect, spam filtering etc etc. Will start a new thread for that.
As I implied earlier, for anti-spam, I decided I did not like what I saw in:
http://campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServ...
And instead used:
http://wiki.centos.org/HowTos/Amavisd
A number of reasons that I forget now ;)
I did find a permission bug with the later that I have reported to the EPEL bugtrack. It has not been fixed yet. If you go with the later, get with me and I will look up exactly what I did for the workaround.
-
Alexander Dalloz -
Austin Einter -
Eero Volotinen -
Keith Keller -
Robert Moskowitz -
Tilman Schmidt