Author Topic: eBox as mail gateway + smtpauth + fetchmail  (Read 15322 times)

Handeich

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
eBox as mail gateway + smtpauth + fetchmail
« on: January 04, 2009, 07:19:00 pm »
EBOX INSTALLATION AS MAIL GATEWAY WITH SMTP AUTHENTICATION AND FETCHMAIL


After I have read the documenation and many many posts in this forum, I finally get my eBox System
to work running as mail gateway. Because it was much work and I needed a lot of time, I wrote this
little "tutorial" for all people, who would like to do the same...

I am NOT very familar with linux, so use this as a tutorial for all newbies and dummys ;-)


We use the following users and passwords:

eBox Admin: eboxadmin (password: adminpass)
eBox User: eboxuser  (password: userpass)

Your providers settings:
Mail adress: eboxuser@yourdomain.com (password: mailpass)
Provider smtp-server: smtp.yourdomain.com
Provider pop3-server: pop.yourdomain.com

If you can't select something during the configuration try to save the changes first, i.e. if you have generated a new virtual mail domain, this domain will be not available for user mail account until you have saved the changes.

Oh, and use all instructions always without the ""

And now: let's go!



1. INSTALLING EBOX

Install eBox via eBox Installer (here: 1.0 RC 1 with Ubuntu 8.04)

During the installation generate a user i.e. "eboxadmin" with password "adminpass"
Don't allow login as "root" (because this is not nessessary and a security risk)



2. SETUP EBOX

Set up your ebox-Server with networks adresses and anything else what you need. Help for that
can be found in the documentation and here in the forum. If your eBox is running smootherly we
can go further setting up the mail gateway.

eBox administration -> Objects
Generate a new object i.e. "local_pc"
Add all your PCs as members to this object

eBox administration -> Mail -> Virtual mail domains
Add a new domain "localhost"

eBox administration -> Mail -> General

Tab: "Mail server options"
Authentication:
TLS for SMTP server: yes
Require authentication: yes
   
Options:
Smarthost to send mail: "smtp.yourdomain.com" (smtp-server of your provider)

Mail retrieval services:
POP3 service enabled: yes
IMAP service enabled: no
SSL Support: no

Tab: Relay policy for network objects
Add new object, here "local_pc" and set the option "Allow relay" ("yes")


eBox administration -> Users -> Add user

Add a new user, i.e. "eboxuser" with passwort "userpass"

eBox administration -> Users -> Edit user

Edit your new user and create a mail-account, i.e. "eboxuser" with domain "localhost" ("eboxuser@localhost")



3. SETUP SMTP AUTHENTICATION

At this point the web-administration ends, now you have to do the rest manually (console)...

Console login

Login as "eboxadmin" with passwort "adminpass"

Edit /usr/share/ebox/stubs/mail/main.cf.mas

Type "cd /usr/share/ebox/stubs/mail"
Type "sudo nano main.cf.mas

Look for this line:

Code: [Select]
relayhost = <% $relay %>
Right after this line you must add:

Code: [Select]
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_pass
smtp_sasl_security_options = noanonymous

Press Ctrl-X and save the changes.

Create /etc/postfix/smtp_pass

Type "cd /etc/postfix"
Type "sudo nano smtp_pass"

Add the line

Code: [Select]
smtp.yourdomain.com eboxuser@yourdomain.com:mailpass
Press Ctrl-X and save the changes.

Postmap smtp_pass

Type "sudo postmap /etc/postfix/smtp_pass"

Restart mail / eBox

Now you should restart ebox mail module or just reboot your server.

Restart mail module:

Type "sudo /etc/init.d/ebox mail restart"

OR

Reboot server:

Type "sudo reboot"



4. SETUP FETCHMAIL

Install fetchmail

Type "sudo apt-get install fetchmail"

This installs the fetchmail package on your server.

Setup fetchmail

Type "cd /home/eboxuser"
Type "nano .fetchmailrc"

Add the following lines:

Code: [Select]
poll pop.yourdomain.com with proto pop3
user eboxuser@yourdomain.com there with password mailpass is eboxuser@localhost here

Press Ctrl-X and save the changes.

Type "chmod 600 .fetchmailrc"

Testing fetchmail

Type "fetchmail"

If it runs without errors your setup should be ok.

Setup fetchmail scheduling

Type "cd /etc"
Type "sudo nano crontab"

At the end add the following new line

Code: [Select]
*/10 *  * * *   eboxadmin   fetchmail

Press Ctrl-X and save the changes.



5. SETUP E-MAIL CLIENTS

In your eMail-client you have to use the following settings

eMail-adress: eboxuser@yourdomain.com
username:     eboxuser@localhost
password:     userpass
pop3-server (mail in):  the ip or name of your ebox-server, Port: 110
smtp-server (mail out): the ip or name of your ebox-server, Port: 25, server requires athentication



6. FINISH

That's all - you just have to test your mail settings.

I hope this helps - good luck!  :)
« Last Edit: February 01, 2009, 04:10:46 pm by Handeich »

Mammut

  • Zen Apprentice
  • *
  • Posts: 24
  • Karma: +0/-0
    • View Profile
Re: eBox as mail gateway + smtpauth + fetchmail
« Reply #1 on: July 21, 2009, 11:57:13 am »
I think there is something missing in this good post, because you have another domain "@localhost" as you have for the relayhost.
Internal Domain is: @localhost
External Domain is: @yourdomain.com

postfix has to translate the internal domain to the external domain. Some providers do not allow to send mails through their smtp-Server without the right sender-domain.
So you can use the
sender_canonical_maps
for postfix to translate the internaldomain to external domain.

you can begin with the third item if you have done the other items

Edit /usr/share/ebox/stubs/mail/main.cf.mas

Type "cd /usr/share/ebox/stubs/mail"
Type "sudo nano main.cf.mas

Look for this line:

Code: [Select]
relayhost = <% $relay %>
Right after this line you must add:
Code: [Select]
sender_canonical_maps = hash:/etc/postfix/sender_canonical_maps
Press Ctrl-X and save the changes.

Create /etc/postfix/sender_canonical_maps

Type "cd /etc/postfix"
Type "sudo nano sender_canonical_maps"

Add a line for each user

Code: [Select]
username@localhost username@yourdomain.com
Press Ctrl-X and save the changes.

Postmap sender_canonical_maps

Type "sudo postmap /etc/postfix/sender_canonical_maps"

Restart mail / eBox

Now you should restart ebox mail module or just reboot your server.

Restart mail module:

Type "sudo /etc/init.d/ebox mail restart"

OR

Reboot server:

Type "sudo reboot"


I think this will do in most cases.
If it es possible for the ebox team it will be better in the web-interface.

I hope this will help somone else.

R2D2-Master

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: eBox as mail gateway + smtpauth + fetchmail
« Reply #2 on: July 29, 2009, 01:06:34 pm »
Hi thanks for this guide. Just one question

To setup Fetchmail my Ubuntu don't have this directory 'cd /home/eboxuser' and I already have the ebox user up and running and it can use the mailbox.

The only users in the home directory is the original ubuntu install user, ftp and samba

must I create the folder.

Thanks in Advance


srinet

  • Zen Apprentice
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: eBox as mail gateway + smtpauth + fetchmail
« Reply #3 on: September 23, 2009, 03:17:43 pm »
EBOX INSTALLATION AS MAIL GATEWAY WITH SMTP AUTHENTICATION AND FETCHMAIL

.
.
.
Setup fetchmail scheduling

Type "cd /etc"
Type "sudo nano crontab"

At the end add the following new line

Code: [Select]
*/10 *  * * *   eboxadmin   fetchmail
.
.
.

Is the "eboxadmin" in crontab stands for ebox administrative user name? or is the default administrative user name itself is "eboxadmin" ?

Thanks
-srikanth

adrian

  • Zen Apprentice
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: eBox as mail gateway + smtpauth + fetchmail
« Reply #4 on: October 14, 2009, 03:21:51 pm »
Hi guys
Quote
eBox administration -> Objects
Generate a new object i.e. "local_pc"
Add all your PCs as members to this object

I get the error
Quote
Invalid value for network address:
when I try to add my pc's ip address.

Any ideas??

Thanks again

J. A. Calvo

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1986
  • Karma: +67/-3
    • View Profile
    • http://blogs.zentyal.org/jacalvo
Re: eBox as mail gateway + smtpauth + fetchmail
« Reply #5 on: October 14, 2009, 04:30:02 pm »
The netmask should be 32 for a host address. Is that your problem that you are choosing another value?
Zentyal Server Lead Developer

HANNES1985

  • Zen Warrior
  • ***
  • Posts: 141
  • Karma: +0/-0
    • View Profile
    • CSIWISP
Re: eBox as mail gateway + smtpauth + fetchmail
« Reply #6 on: November 24, 2009, 07:09:27 pm »
Quote
smtp.yourdomain.com eboxuser@yourdomain.com:mailpass

How do I proceed if I need to add more than one user because if I add one its fine but as I add 2
like this

smtp.whatever.com user1@whatever.com:mailpass
smtp.whatever.com user2@whatever.com:mailpass

Postmap gives me an error (postmap: warning: etc/postfix/smtp_pass.db: duplicate entry: "smtp.whatever.com")

It still cannot relay via my server

I feel there is something missing in my directory /usr/share/ebox/stubs/mail/main.cf.mas

here is what I have In there:

# Generated by eBox
<%args>
        $fqdn
        $ldapi

        $relay
        $relayAuth

        $allowed
        $maxmsgsize
        $aliasDN
        $vmaildir
        $usersDN
        $uidvmail
        $gidvmail
        $sasl
        $smtptls
        $ldap
        $filter
        $ipfilter
        $portfilter

        $greylist
        $greylistAddr
        $greylistPort
</%args>
<%init>
use EBox::Gettext;

my $smtpRecipientRestrictions = '';
if ($sasl) {
    $smtpRecipientRestrictions = 'permit_sasl_authenticated, ';
}

$smtpRecipientRestrictions .=  'permit_mynetworks, reject_unauth_destination';

if ($greylist) {


if ($greylist) {
    my $greylistRecipientRestriction = "check_policy_service inet:" .
                                        $greylistAddr . ':' .
                                        $greylistPort ;
    $smtpRecipientRestrictions .= ", $greylistRecipientRestriction";
}


my $certFile = '/etc/postfix/sasl/postfix.pem';
my $keyFile  = '/etc/postfix/sasl/postfix.pem';
</%init>

# require helo
smtpd_delay_reject  = yes
smtpd_helo_required = yes


smtpd_banner = eBox ESMTP
biff = no

append_dot_mydomain = no

myhostname = <% $fqdn %>
alias_maps = hash:/etc/aliases

alias_database = hash:/etc/aliases
local_recipient_maps = proxy:unix:passwd.byname $alias_maps

relayhost = <% $relay %>
sender_canonical_maps = hash:/etc/postfix/sender_canonical_maps
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_pass
smtp_sasl_security_options = noanonymous

% if ($relay) {
smtp_sasl_security_options = noanonymaoussmtp_use_tls = no
smtp_tls_security_level = may
smtp_tls_key_file  = <% $keyFile  %>
smtp_tls_cert_file = <% $certFile %>

% }

% if ($relayAuth) {
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous

% }

mynetworks = <% $allowed %>

message_size_limit = <% $maxmsgsize %>
mailbox_size_limit = 0
virtual_mailbox_limit = 0
recipient_delimiter = +
inet_interfaces = all

# Virtual Aliases
virtual_alias_maps = ldap:valiases
valiases_server_host = <% $ldapi %>
valiases_search_base = <% $aliasDN %>
valiases_query_filter = (&(mail=%s)(objectClass=CourierMailAlias))
valiases_result_attribute = maildrop
aliases_bind = no

# Virtual Domains
virtual_transport = virtual
virtual_mailbox_base = <% $vmaildir %>
virtual_mailbox_maps= ldap:ldapvirtualmap

ldapvirtualmap_server_host = <% $ldapi %>
ldapvirtualmap_bind = no
ldapvirtualmap_search_base = <% $usersDN %>
ldapvirtualmap_query_filter = (&(mail=%s)(!(quota=-1))(objectClass=CourierMailAccount))
ldapvirtualmap_result_attribute = mailbox

virtual_mailbox_domains = ldap:vmaildomains
vmaildomains_server_host = <% $ldapi %>
vmaildomains_bind = no
vmaildomains_search_base =  ou=postfix,dc=ebox
vmaildomains_query_filter = (|(&(objectclass=domain)(domainComponent=%s))(&(objectclass=CourierMailA$
vmaildomains_result_attribute = dc, maildrop


virtual_minimum_uid = 100
virtual_uid_maps = static:<% $uidvmail %>
virtual_gid_maps = static:<% $gidvmail %>
mailbox_transport = virtual
virtual_mailbox_limit_inbox = yes
virtual_mailbox_limit_maps = ldap:ldapvquota

ldapvquota_server_host = <% $ldapi %>
ldapvquota_bind = no
ldapvquota_search_base = <% $usersDN %>
ldapvquota_query_filter = (&(mail=%s)(objectClass=usereboxmail))
ldapvquota_result_attribute = userMaildirSize

virtual_mailbox_limit_override = yes
virtual_maildir_extended = yes
virtual_create_maildirsize = yes

% if (($smtptls) or ($sasl)){
## TLS/SSL
smtpd_use_tls = yes
smtpd_tls_note_starttls = yes
smtpd_tls_key_file  = <% $keyFile  %>
smtpd_tls_cert_file = <% $certFile %>
smtpd_tls_loglevel = 1
% }


smtpd_recipient_restrictions = <% $smtpRecipientRestrictions %>

% if ($sasl) {
#SASL authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_tls_auth_only = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain = <% $fqdn %>
% }

% if ($filter) {
content_filter=smtp-amavis:<% $ipfilter %>:<% $portfilter %>
% }

Please check this for me as I need to be able to send mail via the pop3 transport protocall
and my server returns a 554 5.7.1 <hannes.wallace@vodamail.co.za>: Relay access denied[/font][/shadow]






« Last Edit: December 06, 2009, 06:40:50 pm by HANNES1985 »
Only people that wants to no more will ask!!

Mammut

  • Zen Apprentice
  • *
  • Posts: 24
  • Karma: +0/-0
    • View Profile
Re: eBox as mail gateway + smtpauth + fetchmail
« Reply #7 on: June 24, 2010, 07:02:13 pm »
with new postfix (ebox 1.4?) you have to add following line
Code:
Code: [Select]
local_header_rewrite_clients  = static:all
Then all headers are rewritten.

9w2pju

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: eBox as mail gateway + smtpauth + fetchmail
« Reply #8 on: August 04, 2010, 02:09:41 am »
Quote
smtp.yourdomain.com eboxuser@yourdomain.com:mailpass

How do I proceed if I need to add more than one user because if I add one its fine but as I add 2
like this

smtp.whatever.com user1@whatever.com:mailpass
smtp.whatever.com user2@whatever.com:mailpass

Postmap gives me an error (postmap: warning: etc/postfix/smtp_pass.db: duplicate entry: "smtp.whatever.com")

It still cannot relay via my server

I feel there is something missing in my directory /usr/share/ebox/stubs/mail/main.cf.mas

here is what I have In there:

# Generated by eBox
<%args>
        $fqdn
        $ldapi

        $relay
        $relayAuth

        $allowed
        $maxmsgsize
        $aliasDN
        $vmaildir
        $usersDN
        $uidvmail
        $gidvmail
        $sasl
        $smtptls
        $ldap
        $filter
        $ipfilter
        $portfilter

        $greylist
        $greylistAddr
        $greylistPort
</%args>
<%init>
use EBox::Gettext;

my $smtpRecipientRestrictions = '';
if ($sasl) {
    $smtpRecipientRestrictions = 'permit_sasl_authenticated, ';
}

$smtpRecipientRestrictions .=  'permit_mynetworks, reject_unauth_destination';

if ($greylist) {


if ($greylist) {
    my $greylistRecipientRestriction = "check_policy_service inet:" .
                                        $greylistAddr . ':' .
                                        $greylistPort ;
    $smtpRecipientRestrictions .= ", $greylistRecipientRestriction";
}


my $certFile = '/etc/postfix/sasl/postfix.pem';
my $keyFile  = '/etc/postfix/sasl/postfix.pem';
</%init>

# require helo
smtpd_delay_reject  = yes
smtpd_helo_required = yes


smtpd_banner = eBox ESMTP
biff = no

append_dot_mydomain = no

myhostname = <% $fqdn %>
alias_maps = hash:/etc/aliases

alias_database = hash:/etc/aliases
local_recipient_maps = proxy:unix:passwd.byname $alias_maps

relayhost = <% $relay %>
sender_canonical_maps = hash:/etc/postfix/sender_canonical_maps
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_pass
smtp_sasl_security_options = noanonymous

% if ($relay) {
smtp_sasl_security_options = noanonymaoussmtp_use_tls = no
smtp_tls_security_level = may
smtp_tls_key_file  = <% $keyFile  %>
smtp_tls_cert_file = <% $certFile %>

% }

% if ($relayAuth) {
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous

% }

mynetworks = <% $allowed %>

message_size_limit = <% $maxmsgsize %>
mailbox_size_limit = 0
virtual_mailbox_limit = 0
recipient_delimiter = +
inet_interfaces = all

# Virtual Aliases
virtual_alias_maps = ldap:valiases
valiases_server_host = <% $ldapi %>
valiases_search_base = <% $aliasDN %>
valiases_query_filter = (&(mail=%s)(objectClass=CourierMailAlias))
valiases_result_attribute = maildrop
aliases_bind = no

# Virtual Domains
virtual_transport = virtual
virtual_mailbox_base = <% $vmaildir %>
virtual_mailbox_maps= ldap:ldapvirtualmap

ldapvirtualmap_server_host = <% $ldapi %>
ldapvirtualmap_bind = no
ldapvirtualmap_search_base = <% $usersDN %>
ldapvirtualmap_query_filter = (&(mail=%s)(!(quota=-1))(objectClass=CourierMailAccount))
ldapvirtualmap_result_attribute = mailbox

virtual_mailbox_domains = ldap:vmaildomains
vmaildomains_server_host = <% $ldapi %>
vmaildomains_bind = no
vmaildomains_search_base =  ou=postfix,dc=ebox
vmaildomains_query_filter = (|(&(objectclass=domain)(domainComponent=%s))(&(objectclass=CourierMailA$
vmaildomains_result_attribute = dc, maildrop


virtual_minimum_uid = 100
virtual_uid_maps = static:<% $uidvmail %>
virtual_gid_maps = static:<% $gidvmail %>
mailbox_transport = virtual
virtual_mailbox_limit_inbox = yes
virtual_mailbox_limit_maps = ldap:ldapvquota

ldapvquota_server_host = <% $ldapi %>
ldapvquota_bind = no
ldapvquota_search_base = <% $usersDN %>
ldapvquota_query_filter = (&(mail=%s)(objectClass=usereboxmail))
ldapvquota_result_attribute = userMaildirSize

virtual_mailbox_limit_override = yes
virtual_maildir_extended = yes
virtual_create_maildirsize = yes

% if (($smtptls) or ($sasl)){
## TLS/SSL
smtpd_use_tls = yes
smtpd_tls_note_starttls = yes
smtpd_tls_key_file  = <% $keyFile  %>
smtpd_tls_cert_file = <% $certFile %>
smtpd_tls_loglevel = 1
% }


smtpd_recipient_restrictions = <% $smtpRecipientRestrictions %>

% if ($sasl) {
#SASL authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_tls_auth_only = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain = <% $fqdn %>
% }

% if ($filter) {
content_filter=smtp-amavis:<% $ipfilter %>:<% $portfilter %>
% }

Please check this for me as I need to be able to send mail via the pop3 transport protocall
and my server returns a 554 5.7.1 <hannes.wallace@vodamail.co.za>: Relay access denied[/font][/shadow]








hi,
how can i put my network as <% $allowed %> ?
what is can see is, ebox put 127.0.0.1 as <% $allowed %>
but my real network is 10.1.1.0/24

thanks.