Zentyal Forum, Linux Small Business Server
Zentyal Server => Installation and Upgrades => Topic started by: Handeich on January 04, 2009, 07:19:00 pm
-
EBOX INSTALLATION AS MAIL GATEWAY WITH SMTP AUTHENTICATION AND FETCHMAIL
After I have read the documenation and many many posts in this forum, I finally get my eBox System
to work running as mail gateway. Because it was much work and I needed a lot of time, I wrote this
little "tutorial" for all people, who would like to do the same...
I am NOT very familar with linux, so use this as a tutorial for all newbies and dummys ;-)
We use the following users and passwords:
eBox Admin: eboxadmin (password: adminpass)
eBox User: eboxuser (password: userpass)
Your providers settings:
Mail adress: eboxuser@yourdomain.com (password: mailpass)
Provider smtp-server: smtp.yourdomain.com
Provider pop3-server: pop.yourdomain.com
If you can't select something during the configuration try to save the changes first, i.e. if you have generated a new virtual mail domain, this domain will be not available for user mail account until you have saved the changes.
Oh, and use all instructions always without the ""
And now: let's go!
1. INSTALLING EBOX
Install eBox via eBox Installer (here: 1.0 RC 1 with Ubuntu 8.04)
During the installation generate a user i.e. "eboxadmin" with password "adminpass"
Don't allow login as "root" (because this is not nessessary and a security risk)
2. SETUP EBOX
Set up your ebox-Server with networks adresses and anything else what you need. Help for that
can be found in the documentation and here in the forum. If your eBox is running smootherly we
can go further setting up the mail gateway.
eBox administration -> Objects
Generate a new object i.e. "local_pc"
Add all your PCs as members to this object
eBox administration -> Mail -> Virtual mail domains
Add a new domain "localhost"
eBox administration -> Mail -> General
Tab: "Mail server options"
Authentication:
TLS for SMTP server: yes
Require authentication: yes
Options:
Smarthost to send mail: "smtp.yourdomain.com" (smtp-server of your provider)
Mail retrieval services:
POP3 service enabled: yes
IMAP service enabled: no
SSL Support: no
Tab: Relay policy for network objects
Add new object, here "local_pc" and set the option "Allow relay" ("yes")
eBox administration -> Users -> Add user
Add a new user, i.e. "eboxuser" with passwort "userpass"
eBox administration -> Users -> Edit user
Edit your new user and create a mail-account, i.e. "eboxuser" with domain "localhost" ("eboxuser@localhost")
3. SETUP SMTP AUTHENTICATION
At this point the web-administration ends, now you have to do the rest manually (console)...
Console login
Login as "eboxadmin" with passwort "adminpass"
Edit /usr/share/ebox/stubs/mail/main.cf.mas
Type "cd /usr/share/ebox/stubs/mail"
Type "sudo nano main.cf.mas
Look for this line:
relayhost = <% $relay %>
Right after this line you must add:
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_pass
smtp_sasl_security_options = noanonymous
Press Ctrl-X and save the changes.
Create /etc/postfix/smtp_pass
Type "cd /etc/postfix"
Type "sudo nano smtp_pass"
Add the line
smtp.yourdomain.com eboxuser@yourdomain.com:mailpass
Press Ctrl-X and save the changes.
Postmap smtp_pass
Type "sudo postmap /etc/postfix/smtp_pass"
Restart mail / eBox
Now you should restart ebox mail module or just reboot your server.
Restart mail module:
Type "sudo /etc/init.d/ebox mail restart"
OR
Reboot server:
Type "sudo reboot"
4. SETUP FETCHMAIL
Install fetchmail
Type "sudo apt-get install fetchmail"
This installs the fetchmail package on your server.
Setup fetchmail
Type "cd /home/eboxuser"
Type "nano .fetchmailrc"
Add the following lines:
poll pop.yourdomain.com with proto pop3
user eboxuser@yourdomain.com there with password mailpass is eboxuser@localhost here
Press Ctrl-X and save the changes.
Type "chmod 600 .fetchmailrc"
Testing fetchmail
Type "fetchmail"
If it runs without errors your setup should be ok.
Setup fetchmail scheduling
Type "cd /etc"
Type "sudo nano crontab"
At the end add the following new line
*/10 * * * * eboxadmin fetchmail
Press Ctrl-X and save the changes.
5. SETUP E-MAIL CLIENTS
In your eMail-client you have to use the following settings
eMail-adress: eboxuser@yourdomain.com
username: eboxuser@localhost
password: userpass
pop3-server (mail in): the ip or name of your ebox-server, Port: 110
smtp-server (mail out): the ip or name of your ebox-server, Port: 25, server requires athentication
6. FINISH
That's all - you just have to test your mail settings.
I hope this helps - good luck! :)
-
I think there is something missing in this good post, because you have another domain "@localhost" as you have for the relayhost.
Internal Domain is: @localhost
External Domain is: @yourdomain.com
postfix has to translate the internal domain to the external domain. Some providers do not allow to send mails through their smtp-Server without the right sender-domain.
So you can use the
sender_canonical_maps
for postfix to translate the internaldomain to external domain.
you can begin with the third item if you have done the other items
Edit /usr/share/ebox/stubs/mail/main.cf.mas
Type "cd /usr/share/ebox/stubs/mail"
Type "sudo nano main.cf.mas
Look for this line:
relayhost = <% $relay %>
Right after this line you must add:
sender_canonical_maps = hash:/etc/postfix/sender_canonical_maps
Press Ctrl-X and save the changes.
Create /etc/postfix/sender_canonical_maps
Type "cd /etc/postfix"
Type "sudo nano sender_canonical_maps"
Add a line for each user
username@localhost username@yourdomain.com
Press Ctrl-X and save the changes.
Postmap sender_canonical_maps
Type "sudo postmap /etc/postfix/sender_canonical_maps"
Restart mail / eBox
Now you should restart ebox mail module or just reboot your server.
Restart mail module:
Type "sudo /etc/init.d/ebox mail restart"
OR
Reboot server:
Type "sudo reboot"
I think this will do in most cases.
If it es possible for the ebox team it will be better in the web-interface.
I hope this will help somone else.
-
Hi thanks for this guide. Just one question
To setup Fetchmail my Ubuntu don't have this directory 'cd /home/eboxuser' and I already have the ebox user up and running and it can use the mailbox.
The only users in the home directory is the original ubuntu install user, ftp and samba
must I create the folder.
Thanks in Advance
-
EBOX INSTALLATION AS MAIL GATEWAY WITH SMTP AUTHENTICATION AND FETCHMAIL
.
.
.
Setup fetchmail scheduling
Type "cd /etc"
Type "sudo nano crontab"
At the end add the following new line
*/10 * * * * eboxadmin fetchmail
.
.
.
Is the "eboxadmin" in crontab stands for ebox administrative user name? or is the default administrative user name itself is "eboxadmin" ?
Thanks
-srikanth
-
Hi guys
eBox administration -> Objects
Generate a new object i.e. "local_pc"
Add all your PCs as members to this object
I get the error Invalid value for network address:
when I try to add my pc's ip address.
Any ideas??
Thanks again
-
The netmask should be 32 for a host address. Is that your problem that you are choosing another value?
-
smtp.yourdomain.com eboxuser@yourdomain.com:mailpass
How do I proceed if I need to add more than one user because if I add one its fine but as I add 2
like this
smtp.whatever.com user1@whatever.com:mailpass
smtp.whatever.com user2@whatever.com:mailpass
Postmap gives me an error (postmap: warning: etc/postfix/smtp_pass.db: duplicate entry: "smtp.whatever.com")
It still cannot relay via my server
I feel there is something missing in my directory /usr/share/ebox/stubs/mail/main.cf.mas
here is what I have In there:
# Generated by eBox
<%args>
$fqdn
$ldapi
$relay
$relayAuth
$allowed
$maxmsgsize
$aliasDN
$vmaildir
$usersDN
$uidvmail
$gidvmail
$sasl
$smtptls
$ldap
$filter
$ipfilter
$portfilter
$greylist
$greylistAddr
$greylistPort
</%args>
<%init>
use EBox::Gettext;
my $smtpRecipientRestrictions = '';
if ($sasl) {
$smtpRecipientRestrictions = 'permit_sasl_authenticated, ';
}
$smtpRecipientRestrictions .= 'permit_mynetworks, reject_unauth_destination';
if ($greylist) {
if ($greylist) {
my $greylistRecipientRestriction = "check_policy_service inet:" .
$greylistAddr . ':' .
$greylistPort ;
$smtpRecipientRestrictions .= ", $greylistRecipientRestriction";
}
my $certFile = '/etc/postfix/sasl/postfix.pem';
my $keyFile = '/etc/postfix/sasl/postfix.pem';
</%init>
# require helo
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_banner = eBox ESMTP
biff = no
append_dot_mydomain = no
myhostname = <% $fqdn %>
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
relayhost = <% $relay %>
sender_canonical_maps = hash:/etc/postfix/sender_canonical_maps
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_pass
smtp_sasl_security_options = noanonymous
% if ($relay) {
smtp_sasl_security_options = noanonymaoussmtp_use_tls = no
smtp_tls_security_level = may
smtp_tls_key_file = <% $keyFile %>
smtp_tls_cert_file = <% $certFile %>
% }
% if ($relayAuth) {
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
% }
mynetworks = <% $allowed %>
message_size_limit = <% $maxmsgsize %>
mailbox_size_limit = 0
virtual_mailbox_limit = 0
recipient_delimiter = +
inet_interfaces = all
# Virtual Aliases
virtual_alias_maps = ldap:valiases
valiases_server_host = <% $ldapi %>
valiases_search_base = <% $aliasDN %>
valiases_query_filter = (&(mail=%s)(objectClass=CourierMailAlias))
valiases_result_attribute = maildrop
aliases_bind = no
# Virtual Domains
virtual_transport = virtual
virtual_mailbox_base = <% $vmaildir %>
virtual_mailbox_maps= ldap:ldapvirtualmap
ldapvirtualmap_server_host = <% $ldapi %>
ldapvirtualmap_bind = no
ldapvirtualmap_search_base = <% $usersDN %>
ldapvirtualmap_query_filter = (&(mail=%s)(!(quota=-1))(objectClass=CourierMailAccount))
ldapvirtualmap_result_attribute = mailbox
virtual_mailbox_domains = ldap:vmaildomains
vmaildomains_server_host = <% $ldapi %>
vmaildomains_bind = no
vmaildomains_search_base = ou=postfix,dc=ebox
vmaildomains_query_filter = (|(&(objectclass=domain)(domainComponent=%s))(&(objectclass=CourierMailA$
vmaildomains_result_attribute = dc, maildrop
virtual_minimum_uid = 100
virtual_uid_maps = static:<% $uidvmail %>
virtual_gid_maps = static:<% $gidvmail %>
mailbox_transport = virtual
virtual_mailbox_limit_inbox = yes
virtual_mailbox_limit_maps = ldap:ldapvquota
ldapvquota_server_host = <% $ldapi %>
ldapvquota_bind = no
ldapvquota_search_base = <% $usersDN %>
ldapvquota_query_filter = (&(mail=%s)(objectClass=usereboxmail))
ldapvquota_result_attribute = userMaildirSize
virtual_mailbox_limit_override = yes
virtual_maildir_extended = yes
virtual_create_maildirsize = yes
% if (($smtptls) or ($sasl)){
## TLS/SSL
smtpd_use_tls = yes
smtpd_tls_note_starttls = yes
smtpd_tls_key_file = <% $keyFile %>
smtpd_tls_cert_file = <% $certFile %>
smtpd_tls_loglevel = 1
% }
smtpd_recipient_restrictions = <% $smtpRecipientRestrictions %>
% if ($sasl) {
#SASL authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_tls_auth_only = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain = <% $fqdn %>
% }
% if ($filter) {
content_filter=smtp-amavis:<% $ipfilter %>:<% $portfilter %>
% }
Please check this for me as I need to be able to send mail via the pop3 transport protocall
and my server returns a 554 5.7.1 <hannes.wallace@vodamail.co.za>: Relay access denied[/font][/shadow]
-
with new postfix (ebox 1.4?) you have to add following line
Code:
local_header_rewrite_clients = static:all
Then all headers are rewritten.
-
smtp.yourdomain.com eboxuser@yourdomain.com:mailpass
How do I proceed if I need to add more than one user because if I add one its fine but as I add 2
like this
smtp.whatever.com user1@whatever.com:mailpass
smtp.whatever.com user2@whatever.com:mailpass
Postmap gives me an error (postmap: warning: etc/postfix/smtp_pass.db: duplicate entry: "smtp.whatever.com")
It still cannot relay via my server
I feel there is something missing in my directory /usr/share/ebox/stubs/mail/main.cf.mas
here is what I have In there:
# Generated by eBox
<%args>
$fqdn
$ldapi
$relay
$relayAuth
$allowed
$maxmsgsize
$aliasDN
$vmaildir
$usersDN
$uidvmail
$gidvmail
$sasl
$smtptls
$ldap
$filter
$ipfilter
$portfilter
$greylist
$greylistAddr
$greylistPort
</%args>
<%init>
use EBox::Gettext;
my $smtpRecipientRestrictions = '';
if ($sasl) {
$smtpRecipientRestrictions = 'permit_sasl_authenticated, ';
}
$smtpRecipientRestrictions .= 'permit_mynetworks, reject_unauth_destination';
if ($greylist) {
if ($greylist) {
my $greylistRecipientRestriction = "check_policy_service inet:" .
$greylistAddr . ':' .
$greylistPort ;
$smtpRecipientRestrictions .= ", $greylistRecipientRestriction";
}
my $certFile = '/etc/postfix/sasl/postfix.pem';
my $keyFile = '/etc/postfix/sasl/postfix.pem';
</%init>
# require helo
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_banner = eBox ESMTP
biff = no
append_dot_mydomain = no
myhostname = <% $fqdn %>
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
relayhost = <% $relay %>
sender_canonical_maps = hash:/etc/postfix/sender_canonical_maps
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_pass
smtp_sasl_security_options = noanonymous
% if ($relay) {
smtp_sasl_security_options = noanonymaoussmtp_use_tls = no
smtp_tls_security_level = may
smtp_tls_key_file = <% $keyFile %>
smtp_tls_cert_file = <% $certFile %>
% }
% if ($relayAuth) {
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
% }
mynetworks = <% $allowed %>
message_size_limit = <% $maxmsgsize %>
mailbox_size_limit = 0
virtual_mailbox_limit = 0
recipient_delimiter = +
inet_interfaces = all
# Virtual Aliases
virtual_alias_maps = ldap:valiases
valiases_server_host = <% $ldapi %>
valiases_search_base = <% $aliasDN %>
valiases_query_filter = (&(mail=%s)(objectClass=CourierMailAlias))
valiases_result_attribute = maildrop
aliases_bind = no
# Virtual Domains
virtual_transport = virtual
virtual_mailbox_base = <% $vmaildir %>
virtual_mailbox_maps= ldap:ldapvirtualmap
ldapvirtualmap_server_host = <% $ldapi %>
ldapvirtualmap_bind = no
ldapvirtualmap_search_base = <% $usersDN %>
ldapvirtualmap_query_filter = (&(mail=%s)(!(quota=-1))(objectClass=CourierMailAccount))
ldapvirtualmap_result_attribute = mailbox
virtual_mailbox_domains = ldap:vmaildomains
vmaildomains_server_host = <% $ldapi %>
vmaildomains_bind = no
vmaildomains_search_base = ou=postfix,dc=ebox
vmaildomains_query_filter = (|(&(objectclass=domain)(domainComponent=%s))(&(objectclass=CourierMailA$
vmaildomains_result_attribute = dc, maildrop
virtual_minimum_uid = 100
virtual_uid_maps = static:<% $uidvmail %>
virtual_gid_maps = static:<% $gidvmail %>
mailbox_transport = virtual
virtual_mailbox_limit_inbox = yes
virtual_mailbox_limit_maps = ldap:ldapvquota
ldapvquota_server_host = <% $ldapi %>
ldapvquota_bind = no
ldapvquota_search_base = <% $usersDN %>
ldapvquota_query_filter = (&(mail=%s)(objectClass=usereboxmail))
ldapvquota_result_attribute = userMaildirSize
virtual_mailbox_limit_override = yes
virtual_maildir_extended = yes
virtual_create_maildirsize = yes
% if (($smtptls) or ($sasl)){
## TLS/SSL
smtpd_use_tls = yes
smtpd_tls_note_starttls = yes
smtpd_tls_key_file = <% $keyFile %>
smtpd_tls_cert_file = <% $certFile %>
smtpd_tls_loglevel = 1
% }
smtpd_recipient_restrictions = <% $smtpRecipientRestrictions %>
% if ($sasl) {
#SASL authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_tls_auth_only = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain = <% $fqdn %>
% }
% if ($filter) {
content_filter=smtp-amavis:<% $ipfilter %>:<% $portfilter %>
% }
Please check this for me as I need to be able to send mail via the pop3 transport protocall
and my server returns a 554 5.7.1 <hannes.wallace@vodamail.co.za>: Relay access denied[/font][/shadow]
hi,
how can i put my network as <% $allowed %> ?
what is can see is, ebox put 127.0.0.1 as <% $allowed %>
but my real network is 10.1.1.0/24
thanks.