Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Mail server setup less than 8 years old?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
ycUygB1
Apprentice
Apprentice


Joined: 27 Jul 2005
Posts: 276
Location: Portland, Oregon

PostPosted: Thu Aug 22, 2013 7:19 pm    Post subject: Mail server setup less than 8 years old? Reply with quote

I have been trying to set up a mail toaster including even the ability for users to self-register. The problem I have been having is something I hadn't expected. Virtually all the stack solutions are hopelessly old. I am wondering if I am missing something obvious.

First, let's look at the MTA. Sendmail is hopelessly difficult to configure, and most people recommend postfix instead. Postfix seems to be the one MTA that is still alive and under development. Qmail and Exim are both dead. No updates in over five years. So really, one has to go with Postfix.

For MUA, one can either use Courier or Dovecot. I chose courier, which works well (even if it is very old).

Things start to go south when you talk about a web interface without Javascript, which is what I want. The only alternative is Squirrelmail, which is hopelessly antiquated. I don't think anyone has updated it for about 8 years. And by the way, it doesn't do self-registration. At all.

The only system that allows self-registration is vpopmail. So I thought I'd give that a go. It uses qmail, which hasn't had an update since 2006. Sure, there was an attempt to update it via patches, called netqmail, but this was in 2007. So that seems to have died. I was encouraged by this Gentoo doc: http://www.gentoo.org/doc/en/qmail-howto.xml, but when you try to work through it, you see that it is so old that it is useless.

So I wonder what is going on here? Has everyone in the world migrated to Google Apps and given up running mail servers? Because on Linux, it just seems like the world stopped in about 2005. Or 2002.
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 6639
Location: The soundosphere

PostPosted: Thu Aug 22, 2013 7:41 pm    Post subject: Reply with quote

Check out this thread. It's a long thread, but in it, cach0rr0 sets up an absolutely fantastic mail server, using me as his alpha tester, beta tester and happy customer.

I have used both Squirrelmail and Roundcube and am happy with both.

You could possibly add on to the system designed by cach0rr0 to allow users to self-register, but I don't know anything about that, since my mail server is only for me and my girlfriend and I add "users" manually as needed. But the basic system works well, is reliable and is reasonably secure. I would be able to answer questions about basic stuff and cach0rr0 could answer more complex questions if he's around (I can't speak for him - I can only give him kudos).

Actually, now that I think about it, mail users are stored in a MySQL db, so it would be easy to build a web interface over https to allow new users to register themselves as mail users. Questions thereto I could probably answer with reasonable competence.

I hope this helps.
_________________
decibel Linux: https://decibellinux.org
Github: https://github.com/Gentoo-Music-and-Audio-Technology
Facebook: https://www.facebook.com/decibellinux
Discord: https://discord.gg/73XV24dNPN
Back to top
View user's profile Send private message
ycUygB1
Apprentice
Apprentice


Joined: 27 Jul 2005
Posts: 276
Location: Portland, Oregon

PostPosted: Thu Aug 22, 2013 8:15 pm    Post subject: Reply with quote

I actually have been working on this for several weeks. At first I followed the guide you mention in that thread, but I found it to be too terse to be useful. There is quite a lot of googling that you have to do to fill in the cracks on that. I finally have a working system (without self-registration) with Squirrelmail, postfix, courier-authd, courier-imap, and postgres. But once you start working with squirrelmail, you see that it is basically an abandoned project. Look at the dates of the plugins. Some of them haven't been updated since 2002.

The reason I want to avoid Javascript is because many users these days are paranoid about javascript exploits. The idea that a website might steal their personal info via Javascript is enough to make people reject any product that uses it and disable Javascript in their browsers. So that rules out roundcube and Horde. Squirrelmail is the natural choice because they rejected Javascript as part of their design philosophy.

What I am getting at here is that there is no solution where all the components are still being maintained. And I guess I want to understand why that is the case.
Back to top
View user's profile Send private message
ycUygB1
Apprentice
Apprentice


Joined: 27 Jul 2005
Posts: 276
Location: Portland, Oregon

PostPosted: Sun Sep 01, 2013 9:18 am    Post subject: Reply with quote

In case anyone else is trying to set up a mail server, I'll give the results of my experiments over the past month. I hope this will help you and save you some time.

The final solution was based on http://www.gentoo.org/doc/en/qmail-howto.xml. Despite the recent update to this page, the content of that guide is out of date and no longer accurate. The major mistake in that guide is that Courier-authlib no longer works with vpopmail. In fact, if you set the vpopmail use flag in courier-authlib, it will fail to build and demand that you unset the flag. Replace courier with dovecot, which supports vpopmail.

I am using Apache 2.4.6 and PHP 5.4. There was some reason that PHP 5.5 didnt' work, which I don't remember.

vpopmail is the one component that exceeded my expectations. It works very well, and I recommend it.

I am using netqmail, a very old update for the even older and unmaintained qmail. Qmail is the only MTA that works with vpopmail, so I had no choice here.

I am using mariadb, which is a drop-in replacement for mysql, written by the same Swedish guy who wrote mysql in the first place before it became part of Oracle. I am using phpmyadmin to view the databases.

Qmailadmin was very difficult to install, and I would recommend that you avoid it. If you sneeze, it stops working. Qmailadmin is just a front-end to the CLI scripts in /var/vpopmail/bin, so just call those directly at the command line to manage domains and accounts.

qmail-scanner has to be carefully installed. See my comment here https://forums.gentoo.org/viewtopic-t-216299-highlight-.html, as well as making sure that clamd is running as qscand. This will take a bit of searching on your part.

I am using Squirrelmail, which I can't say much good about. I might investigate Sqwebmail, although this has a last-mod date of 2003. Again, the requirement is to avoid javascript.

For self-registration, I had to seriously hack vqregister, which appears to have been written before the CGI standard, probably in the 90s. Someone needs to write a modern version of vqregister in PHP.

Be sure you use the latest version of openssl. Bugs are being found all the time in this hot area, so it is important to keep up to date on this stuff. I actually masked everything before 1.0.1e to make sure I never use them.

For PHP debugging, I used xdebug on the server and the geben plugin for emacs on my remote client.


I hope this helps.
Back to top
View user's profile Send private message
RAPHEAD
Tux's lil' helper
Tux's lil' helper


Joined: 20 Jun 2003
Posts: 134
Location: Germany

PostPosted: Mon Sep 02, 2013 8:54 pm    Post subject: Reply with quote

I have a vMail stack running:

- MySQL
- Postfix
- Cyrus-Imapd

and its running fine.
If you need any help with this, holler!
Back to top
View user's profile Send private message
ycUygB1
Apprentice
Apprentice


Joined: 27 Jul 2005
Posts: 276
Location: Portland, Oregon

PostPosted: Mon Sep 02, 2013 9:03 pm    Post subject: Reply with quote

I'd love to hear how you got vpopmail (if that is what you mean by vmail) running with Postfix, since vpopmail only supports Qmail as far as I know.

Postfix is the best choice, since it is the only maintained MTA. Qmail and Exim are both abandoned, and Sendmail has problems.
Back to top
View user's profile Send private message
RAPHEAD
Tux's lil' helper
Tux's lil' helper


Joined: 20 Jun 2003
Posts: 134
Location: Germany

PostPosted: Tue Sep 03, 2013 12:46 pm    Post subject: Reply with quote

No, by vmail I just meant a system that can handle mail accounts from any domain
and in which the user account DB is not equal to the bases system's account DB.
I realize the vmail capability purely with the mentioned software and use phpmyadmin
for administration.
Back to top
View user's profile Send private message
ycUygB1
Apprentice
Apprentice


Joined: 27 Jul 2005
Posts: 276
Location: Portland, Oregon

PostPosted: Tue Sep 03, 2013 1:20 pm    Post subject: Reply with quote

Right. I saw too late that Postfixadmin essentially has the same capability that vpopmail has. But now that I have everything set up with qmail, I don't see the benefit of switching. Plus, qmail's tcpserver functionality is pretty useful and powerful for setting rules.
Back to top
View user's profile Send private message
Zwisel
n00b
n00b


Joined: 17 Sep 2005
Posts: 24
Location: switzerland

PostPosted: Fri Oct 11, 2013 9:31 am    Post subject: Reply with quote

Hello

I am in a simular situation. In 2006 I installed my first Gentoo Server with Courier-IMAP, which is runing until today. But this system is now a bit old...

So I started to setup a complete new Gentoo on a newer computer. But I couldn't remember how I setup Courier in 2006 so I googled for HowTos and didn't find something usefull or working.

Yesterday I spend houres tring to access my old Mailbox on the new system, but it din't work. I googled and googled... and I have do try to setup a new Mailbox and try to access it, then.

I hope I will find a solution, it's the last thing I have to do - after that I can turn off the old Server :)

Here is my old, working system, from Client to Server (Backend):
1. Thunderbird connects to Courier-IMAP-SSL
2. Connect to AUTHLIB, I use userdb not mysql
3. If AUTH is OK, access Mailbox

Now one question: I copied the old Maildir to the new System - does a Maildir have some access-/and/or auth-information? Because I get an access-denyied-error (but also it tells that my user canot chdir to the in the userdb defined home-dir).

Cheers
Back to top
View user's profile Send private message
RAPHEAD
Tux's lil' helper
Tux's lil' helper


Joined: 20 Jun 2003
Posts: 134
Location: Germany

PostPosted: Fri Oct 11, 2013 9:37 am    Post subject: Reply with quote

Hi,

I don't think that maildir has any authN information.
I think this sounds like file permission problem.
Back to top
View user's profile Send private message
ycUygB1
Apprentice
Apprentice


Joined: 27 Jul 2005
Posts: 276
Location: Portland, Oregon

PostPosted: Sun Oct 13, 2013 10:42 am    Post subject: Reply with quote

I agree with RAPHEAD about the permissions. The issue of more concern is that you are having problems finding documentation for your setup.

For what it is worth, my suggestion is to go with maintained and well-documented components. That means Postfix, postfixadmin, and dovecot. I would also recommend storing account info in SQL. I prefer Postgres, phppgadmin, although mariadb would be the second choice. All of these components are currently maintained and well documented. See for instance http://wiki2.dovecot.org/HowTo/DovecotPostgresql

It also depends what your goal is. The hardest part for me was the web interface, but it doesn't sound like that is a goal of yours.
Back to top
View user's profile Send private message
Zwisel
n00b
n00b


Joined: 17 Sep 2005
Posts: 24
Location: switzerland

PostPosted: Mon Oct 14, 2013 12:17 pm    Post subject: Reply with quote

At the weekend i fixed the issue. As you suggested it was a permission issue, but in the userdb: I missconfigured uid and guid there. I also set the paths to the user-mailbox wrong. So after a day doing nothing a had a clear brain to restart the config and found it quite fast. Sometimes spending too much time on one thing leeds to blindness ;)
Now I have a year 2013 gentoo server running and I'm happy to shut down the old 2006-server :)

Thanks for your hints.

WebInterface is something I will try later. Which WebInterface are you using?
Back to top
View user's profile Send private message
ycUygB1
Apprentice
Apprentice


Joined: 27 Jul 2005
Posts: 276
Location: Portland, Oregon

PostPosted: Mon Oct 14, 2013 12:24 pm    Post subject: Reply with quote

Squirrelmail. It is horrible. Last mod date 2002 for some of the plugins. I chose it because it doesn't use javascript. If you are willing to tolerate javascript, there is Horde and Roundcube, both of which are significantly better than Squirrelmail.
Back to top
View user's profile Send private message
Zwisel
n00b
n00b


Joined: 17 Sep 2005
Posts: 24
Location: switzerland

PostPosted: Wed Oct 16, 2013 4:19 pm    Post subject: Reply with quote

Roundcube looks good. It was easy to install and is now running. Thanks for all the informations, now I have a "full-featured" server ;)
Back to top
View user's profile Send private message
freedomlives
n00b
n00b


Joined: 19 Aug 2011
Posts: 32
Location: Slovakia

PostPosted: Tue Jan 07, 2014 7:49 pm    Post subject: Reply with quote

I'm glad I found this thread. I'm setting up a new mail server (last time I did this was almost 5 years ago), and I noticed that qmail is even less well supported now than it was then. This time, its for more than just personal email-- multiple domains, email users who shouldn't have a normal login account, etc.

I think its time to overcome what I am realizing is a strong emotional attachment to qmail (having used it for probably a decade now)... At least I can still fill my need for a non-normal daemon with DJBDNS/tinydns...
Back to top
View user's profile Send private message
666threesixes666
Veteran
Veteran


Joined: 31 May 2011
Posts: 1248
Location: 42.68n 85.41w

PostPosted: Tue Jan 07, 2014 8:17 pm    Post subject: Reply with quote

getting my emails out of spam was driving me nuts. i figured out the cloud host that rented the ip before me was a spammer. i settup spf, and tls to no avail. dkim was next on the list then i found a website mxtools or something like that that displays all the blocklists that you could be on. my mail setup is by no means perfect, im just trying to get mail out from web applications. i think email administration is a very tough subject. i would like to see it done more around here. :?

update: mail out of spam, had to alter dns mx records, and point php.ini to sendmail alternate postfix binary. looking in postfix's settings it looks like it can do alternate domain names. postfix should be able to handle vhosts etc some how. the postfix wiki page is very under developed.


Last edited by 666threesixes666 on Sun Feb 09, 2014 12:25 am; edited 2 times in total
Back to top
View user's profile Send private message
Gatak
Apprentice
Apprentice


Joined: 04 Jan 2004
Posts: 174

PostPosted: Wed Jan 08, 2014 7:38 pm    Post subject: Courier is a full solution Reply with quote

Quote:
Postfix is the best choice, since it is the only maintained MTA.


Hi!

Gentoo provides mail-mta/courier and net-libs/courier-authlib. Together you have a full sendmail, POP3, IMAP, ESMTP and webmail solution supporting both local mailboxes and virtual email accounts. It is actively developed and has an active user and developerbase on courier mailinglists, for example courier-users@lists.sourceforge.net or courier-announce@lists.sourceforge.net. Last update to courier was released 23/12 2013!

I run courier with virtual email accounts with mysql as backend to courier-authlib since it is so easy to use and configure new accounts that way.

Courier can also be used with GnuTLS or OpenSSL, whichever you prefer. I use GnuTLS to support TLS1.2 with all the new cipher suites available.

Note, the built-in webmail can easily be replaced with webmail software like SquirrelMail or Roundcube, or any other web based client that supports IMAP or POP3.

I do agree, that there is a great lack of good documentation on how to set it all up. The courier docs are _vast_ and very detailed, but not easy for users to read.

It is also relatively easy to integrate SpamAssassin and ClamAV with Courier through pythonfilter plugin with virtually no additional configuration. With mail-filter/zdkimfilter you can add full DKIM signing support for outgoing mail!

Perhaps there should be a Wiki update on Courier for Gentoo.
Back to top
View user's profile Send private message
Zwisel
n00b
n00b


Joined: 17 Sep 2005
Posts: 24
Location: switzerland

PostPosted: Mon Jan 13, 2014 9:19 am    Post subject: Re: Courier is a full solution Reply with quote

Gatak wrote:

Perhaps there should be a Wiki update on Courier for Gentoo.


I'm also running Courier and am happy with it. As you wrote, the documentation is not so easy to read.

But as I read here, I see a few people with a bit knowledge in a few topics, so maybe we togheter could update the out-of-time Gentoo-wiki?
Back to top
View user's profile Send private message
i92guboj
Bodhisattva
Bodhisattva


Joined: 30 Nov 2004
Posts: 10315
Location: Córdoba (Spain)

PostPosted: Mon Jan 13, 2014 1:01 pm    Post subject: Reply with quote

Webmail clients are not in their best moment at all. I guess that at some point people just started using solutions in the cloud, and to few who don't do so just setup the server and connect to it using evolution, sylpheed or whatever. Some others just use some kind of shared hosting solution, which usually incorporate some webmail frontend besides offering pop3 and imap services.

I have used squirrelmail in the past, and it worked just fine, not excellent though. Rouncube is nice, but it makes intensive use of javascript which you don't want.

There's also the horde suite, but I have never used that and can't comment on it.

I have been thinking in assembling something myself, probably using Drupal's API, but real life always gets in the middle, and so far I seem to never get the time to do it.

I think it's just the trend nowadays. People say the cloud is something innovative, but I think we are back to the 60's. This is nothing but a remake of the mainframes era, the only difference is that the dumb (dumber than ever, if you ask me) terminals now fit in our pockets. Thends work that way: I estimate that self-hosted webmail clients will be back to the scene in another 10-15 years, and everyone will once more run their own servers on the basement again. But I digress... :lol:
Back to top
View user's profile Send private message
Falador
n00b
n00b


Joined: 18 Jan 2004
Posts: 60

PostPosted: Sat Feb 08, 2014 11:23 pm    Post subject: Reply with quote

I used qmail with the ldap patches for many years without issue, but like you mentioned in got long in the tooth and I was looking for features in didn't support. Switched to postfix/ldap/roundcube on gentoo and was also happy for a number of years until I got fed up updating it. I use iRedMail (www.iredmail.org) now on debian, gentoo support was recently dropped. it uses

Postfix: SMTP service
Dovecot: POP3/POP3S, IMAP/IMAPS, Managesieve service
Apache: Web server
MySQL/PostgreSQL: Storing application data and/or mail accounts
OpenLDAP: Storing mail accounts
Policyd: Postfix policy server
Amavisd: An interface between Postfix and SpamAssassin, ClamAV. Used for spam and virus scanning.
Roundcube: Webmail
Awstats: Apache and Postfix log analyzer
Fail2ban: scans log files (e.g. /var/log/maillog) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Been running for about a year and it's been great so far.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum