Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Courier-MTA semi-virtual domains - there and back again
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
btg308
n00b
n00b


Joined: 14 Aug 2002
Posts: 72
Location: Östersund, Sweden

PostPosted: Thu Jan 02, 2003 10:57 pm    Post subject: Courier-MTA semi-virtual domains - there and back again Reply with quote

I just thought I'd share my trial and tribulations of the last few days. I'm in the process of migrating my main server (mail, ftp, fido, samba, mysql and www-hosting for ~20 domains and about 30 users) from Red Hat 7.1 to Gentoo. It ran sendmail with the UW imap and pop3 servers and I wanted to shift to something neater with the same or more functionality. I was looking at scanning for viruses and spam and the rpm system just wouldn't let me update sendmail to a milter-capable version.

Since this is a production server, I started off with a 1.2 CD since I have experienced some problems emerging packages with gcc 3.x before. Also, no ~x86 hanky-panky for this one, I save that for my workstations. :-)

After the emerge rsync, portage breaks so I had to do a rescue as outlined in /usr/portage/sys-apps/portage/files/README.RESCUE. No sweat, that's old hat for me now. :-) After emerging all the stuff I wanted (first try for mailserver was with postfix and cyrus-imap) I started configuring but I never got it just the way I wanted. One of the problems that would haunt me until just a few minutes ago was that I had regular system users log in and get their mail, all of them had at least two e-mail addresses in several domains linked to their accounts by virtue of sendmail's virtusertable. A wonderfully simple feature. They are also mostly external users, using SMTP-AUTH to relay mail via my server.

Both of these features had become so natural to me that I never imagined there would be any problems, I predicted disasters when migrating the MySQL databases (two phpBB forums and a dynamic website) but that was a breeze using Webmin's MySQL database backup feature.

After being disappointed with postfix/cyrus/amavis/f-prot/spamassassin (cyrus was one of the packages that refused to build with gcc 3.2 earlier, haven't tried it again in a while) I looked at exim, looked away and fixed my gaze upon the wonder of wonders known as qmail with courier-imap. Qmail-scanner looked promising since the amavis ebuild flatly refused to find either f-prot or vlnx (it finds the oav scanner, though) ( http://bugs.gentoo.org/show_bug.cgi?id=13117 ).

A day later, I finally figured out that neither the -r8 nor -r9 qmail ebuilds actually included the required SMTP-AUTH patch and my attempts to patch it manually were in vain ( http://forums.gentoo.org/viewtopic.php?t=24525 ) so I gave up and after actually typing emerge sendmail in a console and looking at it for a long time with my finger hovering above the Enter key, I backspaced and put courier in there instead. Even in my darkest moments with qmail, courier-imap still worked, so I figured I'd give Sam's creation a chance.

Now, a lot of people are running the courier-imap, but very few Gentoo'ers seem to have taken a liking to Courier-MTA. After today, I can not really understand why. It's easy to install, has a webadmin interface (I just wish it was a webmin module), built-in everything-and-then-some and is still a fairly small package that's possible to learn reasonably well in a day. You don't have five different packages to sync, five different logfiles to check or five different ways of naming the same features... One MTA to send them all, and on the server mail them.

After a few ups and downs (hint, only sendmail has sendmail's virtusertable), it's now operational. I found a tidbit in the courier mailing list that I will share with anyone wanting to use courier in the same way I did: http://sourceforge.net/mailarchive/message.php?msg_id=2205316

Sam says the webadmin module does the same thing, but I couldn't quite get it right in there. The problem is the aliases file. It seems Courier strips all addresses of the locals domains BEFORE parsing aliases. In sendmail, you could mix
Code:

root:    richie

and
Code:

info@domain.com:   gunther

freely. Not so in Courier. And the nifty feature of adding
Code:

@domain.com:    default-user

to send all mail to non-existing addresses in a domain to a single real mailbox? "Forget about it! Set up a MySQL backend and full-flegded virtual hosting!" But thanks to Zenon Panoussis, the COS' worst enemy and herald of free speech, I don't have to do that. :-) Why I would want that feature? Simple. Everytime a website asks me for an e- mail address, I give them website.com@mydomain.se - that way I can immediately see if they have sold my address to spammers and I can easily add a filter if that should happen. This way, I won't have to manually add that address in my mailserver. Nifty, eh? ;-)

Now, I'm tired, I'm cold (the heating in the office doesn't seem to work properly when it's below -30 C outside) and I still have spam and virus filtering to figure out plus getting Gentoo's new EVMS kernel to grok my two old LVM volumes (one ~450Gb over 5 disks, one 80GB in one disk, both with ReiserFS) so I think I'll call it a night. But tonight I'll sleep like a baby, knowing my mail works. :-)
_________________
Gentoo Linux - Feel the speed.
Kawasaki GPZ 1100 - The need for speed.
Back to top
View user's profile Send private message
btg308
n00b
n00b


Joined: 14 Aug 2002
Posts: 72
Location: Östersund, Sweden

PostPosted: Fri Aug 29, 2003 4:16 pm    Post subject: Reply with quote

Hohoho. At the time, I thought that was a clear and concise how-to on how to make virtual domains work in Courier. Today, after my / partition went belly-up, I learned otherwise. Also: The backup didn't include the /etc directory, I only had /home on tape.

Two lessons for the price of one!

Anyway; to get Courier running like I wanted to, I needed to have the following things in place (with kopparhuset.net as my local domain and the others as virtuals):

/etc/courier/aliases/system
Code:
# Richie
rickard:   richie
webmaster:   richie
@webhackande.se:   richie
@gpz1100.com:   richie
@kopparhuset.net:   richie


/etc/courier/locals
Code:
kopparhuset.net


/etc/courier/hosteddomains
Code:
webhackande.se
gpz1100.com


/etc/courier/esmtpacceptmailfor.dir/esmtpacceptmailfor
Code:
webhackande.se
kopparhuset.net
gpz1100.com


The files /etc/courier/me and /etc/courier/defaultdomain must not exist.

Run:
Code:
makehosteddomains
makeacceptmailfor
makesmtpaccess)
makealiases -dump


The last one should give you something like:
Code:
rickard@kopparhuset.net:   richie@kopparhuset.net
webmaster@kopparhuset.net:   richie@kopparhuset.net
@webhackande.se:   richie
@gpz1100.com:   richie
@kopparhuset.net:   richie


In this configuration, the aliases work as one would expect them to, if one has only been exposed to sendmail aliases before (all email sent to any user in the webhackande.se domain gets routed to local user richie). No need to tinker with .courier files, creating foo-domain accounts or any of that mumbo-jumbo.

This Claimer: This is hardcore Courier configuration, I'm not 110% sure why it works and it'll probably break the next time Sam updates the program.
_________________
Gentoo Linux - Feel the speed.
Kawasaki GPZ 1100 - The need for speed.
Back to top
View user's profile Send private message
btg308
n00b
n00b


Joined: 14 Aug 2002
Posts: 72
Location: Östersund, Sweden

PostPosted: Mon Sep 01, 2003 5:57 pm    Post subject: F-prot anti-virus and Spamassassin with Courier Reply with quote

One more: "makealiases -dump" does NOT update the aliases database file. It just displays what it should do if ran as "makealiases". It's probably well documented, but as an old tech writer, I know that no one ever reads the docs, so why should I? :-/

Oh, and this one:

The unofficial late night recipe for adding Amavis, F-prot and SpamAssassin support to Courier:

F-prot:

Code:
emerge f-prot

was no fun for me. It wanted to install 3.1.2 which, while there's probably nothing wrong with it, is waaay old. The current version is 4.2.1, but as of writing this, the 4.1.2 and 4.2.0 ebuilds are masked as ~x86 and ~sparc, there is no 4.2.1 ebuild. The way around that is to
Code:
cp /usr/portage/net-mail/f-prot/f-prot-4.2.0 /usr/portage/net-mail/f-prot/f-prot-4.2.1
, change the version number and KEYWORDS in the file:
Code:
# $Header: /home/cvsroot/gentoo-x86/net-mail/f-prot/f-prot-4.2.1.ebuild,v 1.2 2003/08/27 23:01:04 weeve Exp $
KEYWORDS="x86"
, and either manually download the file to the /usr/portage/distfiles directory or
Code:
emerge f-prot
and then run
Code:
ebuild
/usr/portage/net-mail/f-prot/f-prot-4.2.1 digest
and
Code:
emerge -k f-prot
That should install f-prot 4.2.1 in /opt/f-prot.
Code:
cp /opt/f-prot/check-updates.pl /etc/cron.daily
will run an update script every night that checks for new virus definitions at updates.f-prot.com, downloads and installs them. Hooray!

Now for the rest of the fun:

Amavis:

Code:
emerge amavis


Edit /usr/sbin/amavis:
Set the options for warning sender/recipient/admin and translate/customize the warning messages if you like. Then look for the virus scan paths and check that the F-prot entry reads:
Code:
# FRISK F-Prot
$fprot = "/opt/f-prot/f-prot";

because that's where it should have been installed.

Now, replace whatever MTA section got installed as default (mine seems to alternate between postfix and sendmail depending on what I have had installed before) with this little snippet:
Code:
#
# MTA init section
# Error codes - defined below
use vars qw ( $VIRUSERR $REGERR );
#

# postfix

# error codes
$VIRUSERR = 0;
$REGERR = 75;   # EX_TEMPFAIL from sendmail sysexits.h

# don't run suid

# set path explicitly
$ENV{PATH} = "/bin:/usr/bin:/usr/local/bin";

# End postfix
#
# End MTA init section
#

use vars qw($BUFSIZE $buf);
use vars qw($recipline);

# MIME entity, av scanner output and return status
use vars qw($entity $output $errval);

# not really a loop ...
sub main_loop() {
    my($which_section) = "initialization";
    my($sts);

    eval {

   # Already set by milter
   make_tempdir() if (!$TEMPDIR);

   mkdir("$TEMPDIR/parts", oct('700'))
       or die "Can't create directory $TEMPDIR/parts: $!";
   chdir($TEMPBASE) or die "Can't chdir to $TEMPDIR: $!";

   # Read in mail message and save to file; this file is moved
   # to a quarantine area if a virus was found
   # Note: to get the qmail config working again, we now read the
   # actual message (STDIN) before the envelope information (STDOUT)

   # Save original email, or open file if already exists (milter)
   if (-r "$TEMPDIR/email.txt") {
       # already created by milter, just open it
       $fh = IO::File->new("$TEMPDIR/email.txt")
      or die "Can't open file $TEMPDIR/email.txt: $!";
   } else {
       $fh = IO::File->new("+>$TEMPDIR/email.txt")
      or die "Can't create file $TEMPDIR/email.txt: $!";
       $BUFSIZE = 8192;
       $buf = ' ' x $BUFSIZE;
# TODO: safeguard against write errors
       while (read(\*STDIN, $buf, $BUFSIZE)) {
      print $fh $buf;
       }

       # The same file also serves as input to the parser
       $fh->flush() or die "Can't flush file $TEMPDIR/email.txt: $!";
       $fh->seek(0,0) or die "Can't rewind file $TEMPDIR/email.txt: $!";

   }
    };

    if ($@ ne '') {
   chomp($@);
   do_log(0,"tmpdir creation failed, retry: $@");
   do_exit($REGERR, __LINE__);
    }

    # Determine sender and recipient(s)
    # For sendmail, also get the "real" local delivery agent
    # Note: for qmail, this must be done after reading the mail message,
    # see http://www.qmail.org/man/man8/qmail-queue.html


# command line parsing, postfix version

# we won't need any of this once amavis
# receives input from SMTP; but then,
# $SENDER and @RECIPS must be initialised
# from the SMTP dialogue

# need two args in any case
if ($#ARGV < 1) {
    do_log(0,"Missing arguments to postfix");
    do_exit($REGERR, __LINE__);
}

# optionally, we allow to use amavis with a -f <sender> flag
# to make invocation similar to sendmail
if ($ARGV[0] eq "-f") {
    # in this case, we need at least three args
    do_exit($REGERR, __LINE__) if ($#ARGV < 2);

    shift @ARGV;
}

$SENDER = shift @ARGV;
@RECIPS = @ARGV;

# End postfix cmd line parsing


There are some more useful info on this at http://www.fremerx.com/open-source/mail/courier.html , that's where I got started with this.

SpamAssassin:

Code:
emerge Mail-SpamAssassin
rc-update add spamd default


Edit the/etc/mail/spamassassin/local.cf config file to your liking and then run the daemon with
Code:
/etc/init.d/spamd start


Edit the /etc/courier/maildroprc file to read
Code:
import SENDER
import RECIPIENT
import HOME
if ($SENDER ne "")
{
FROM=$SENDER
}
else
{
FROM="unknown"
}
xfilter "/usr/bin/spamc -x"
xfilter "/usr/sbin/amavis $FROM $RECIPIENT"

LS='ls ${HOME}/.mailfilter'
if ($LS eq "" )
{
to "./.maildir/."
}


Now it's time to check some settings in your /etc/courier/courierd file that's maildrop related - if you're already using maildrop, this is old hat to you:
Code:
DYNAMICDELIVERIES=1
DEFAULTDELIVERY="| /usr/bin/maildrop"
MAILDROPDEFAULT=./.maildir

If you change any of that, restart courier:
Code:
/etc/init.d/courier restart


Now send yourself a test message.

If it doesn't work, comment out (#) both the spamc and amavis xfilter lines and try again. If it still doesn't work, check that you have in fact got a .maildir in your home directory, use maildirmake otherwise, and check Courier's mail routing.

Check the log files (/var/log/everything/current, /var/log/mail/current). If you're running metalog, disable it's buffering with
Code:
killall -USR1 metalog
and re-send the mail. Seeif it's stuck in Courier's mail queue with
Code:
mailq

Make sure amavis has proper access to the /var/amavis directory.

Re-enable one of the xfilter lines and test. Now disable that one and enable the other one. Which one works? Fine, focus on the other one.

Use the EICAR.COM test signature for testing. ( http://www.eicar.org/anti_virus_test_file.htm )

Check the mail headers for both Amavis and SpamAssassin header lines:
Code:
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
X-Virus-Scanned: by AMaViS 0.3.12



Now, what did I forget... Oh, right, This Claimer: Don't blame me if your root filesystem takes a one-way trip into never-neverland. ;-) I do welcome tips, tricks and suggestions to enhance the recipe, though.
_________________
Gentoo Linux - Feel the speed.
Kawasaki GPZ 1100 - The need for speed.
Back to top
View user's profile Send private message
DumbAss
Apprentice
Apprentice


Joined: 30 Sep 2003
Posts: 247
Location: 't Steen

PostPosted: Fri Apr 23, 2004 3:31 pm    Post subject: Reply with quote

Maybe a silly question, but why don't you use amavisd-new? Everyone uses it and your setup is a bit err.. different.
Back to top
View user's profile Send private message
btg308
n00b
n00b


Joined: 14 Aug 2002
Posts: 72
Location: Östersund, Sweden

PostPosted: Sun Apr 25, 2004 9:44 am    Post subject: Reply with quote

IIRC, Amavis-new didn't have an ebuild at the time and this route seemed easier. The Amavis install I wound up doing was actually fairly straightforward, compared to the Courier virtual domains. It's more or less just telling Amavis you have Postfix as the MTA.

I'll probably switch over to -new when I get the time.
_________________
Gentoo Linux - Feel the speed.
Kawasaki GPZ 1100 - The need for speed.
Back to top
View user's profile Send private message
CarlUman
Apprentice
Apprentice


Joined: 07 Jul 2004
Posts: 158
Location: SE Iowa

PostPosted: Tue Feb 22, 2005 4:00 pm    Post subject: Reply with quote

Just wanted to say thanks for the great info. Well, I hope it's great info (and still relevent)!

I also plan to use courier-MTA. Installed just need to setup... along with Postgres, spam and virus scanning 8O Also looking to try my hand at virtual domains.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum