Email System For The Home Network - Version 2.1

[VinnieNZ]

Hi,

I've gone through this guide and I think that all is working ok (apart from sending email via Thunderbird, I'm having invalid certificate issues and because I regenerated my cert for the mailserver I now also have issues with the cert having the same number and getting an invalid cert in Thunderbird )

But my main problem is using getchmail. This is the error I whenever I try to run the script:

[Sanjiyan]

This works great, I use the IMAP option so I can use the webmail for when I am away from the computer, and because I prefer POP3 I also use the courier-pop3-ssl option so I can pickup my email from the pop3 server it provides, all in all this as a hassel free install and setup.

I have only insalled the spam assassin spam filter at the moment, do I really need the other one? or is Spam Assassin good enough? I use Spam Inspector on my email client (OE) which is a spam remover anyway, but this is to see how well a good of a job Spam Assassin does while its sitting there.

[MarkH]

Sigh,

This was all going swimmingly until I tried to set up TLS according to beowulf's guide. I can send / receive email but as soon as I try and use TLS for my SMTP send (from Thunderbird on the same machine) postfix complains

[tapted]

Yup. Great howto.

It might be worthwile adding famd to the list of services to start.

I don't know why it wasn't in my runlevel already, but before I started/rc-updated it I was getting these errors in /var/log/messages:

[Torstello]

Hi @ all,

i followed this great howto until 7.2 sylpheed-claws.

receiving my emails works fine but if i try to send an email i get:

[TheHermit]

Great guide, I got everything but SMTP working. Thunderbird doesn't report an error just that sending failed. Looking at the logs myself I though that maybe I needed to add my ip to the mynetworks options but that did not work. I also tried to disable TLS as that seemed to help someone else but that as well didn't work.

[LiamRoutt]

I found this guide quite useful (I located it on gentoo-wiki, but it seems to be the same). I have a few tips and pointers to add:

1. The Thunderbird problem is fixed by creating your own certificates, and using those. I will try to post the exact steps to do that in the next day or two (I am pressed fro time right now), but suffice it to say that I managed to locate the right general process (as suggested by another poster here) in The Virtual Mail How-To: http://www.gentoo.org/doc/en/virt-mail-howto.xml#doc_chap5 you have to change some filenames, and stuff, but it works pretty easily.

2. In order to relay to your ISP there is an additional postfix config line you need to add (unless I missed it somewhere here) to main.cf:

relayhost = [mailhost.isp.com]

Where mailhost.isp.com is your isp's mail server you wish to use (which matches the hostname in the saslpass file). The square brackets are important - they mean "do not look for the MX record for this host". If you don't put them, and your ISP has an MX record for their mailserver (mine did) you can end up with your mail trying to be routed through an entirely different system (which doesn't want to know about you).

Without this line, the system will use the smtp_sasl_auth info if it has to send mail to your isp, but will try to send each piece of mail directly to the host for the addressee, which is not relaying through your isp, is it?
_________________
Take care,

Liam Routt (Caligari)

[TheHermit]

Tried making my own cert and that didn't work.

[LiamRoutt]

The Hermit: I noticed that you are getting messages which are different from the ones that most people (and I) were getting, so I'm sure your problem is of a different nature. One thing you might want to check is that you have compiled postifx and the auth packages with the correct USE flags. I found that I had inadvertently left off a few on my installation. I also chose to use -gdbm to force the use of berkley over gdbm (which seemed as though it was going to be a problem). The other thing I notice from your output is that your failure seems to be related to a match-string failure. You probably want to go line by line through the match string lines, chekcking the relevant portions of the postfix/main.cf to see whether you've made a typo or definied something that doesn't match your situation (different ip addresses for your subnet, for example)... Perhaps someone else has some more insight?

Anyway, here's my promised step-by-step on making the certs. Thunderbird would not connect (with an auth failure) before these steps, and was fine afterwards:

# cd /etc/ssl/
# nano -w openssl.cnf

In here you want to sent your defaults, if only because it will save you entering them again and again when you make other certs in the future. The defaults are part-way down in the file, after a lot of stuff you should leave alone. You can search for "countryName_default" and that should get you to the start of the section. Make sure you edit or add the *_default values, and not the others.

I used something like this:

countryName_default = AU
stateOrProvinceName_default = Victoria
localityName_default = Balwyn
0.organizationName_default = MyServer
organizationalUnitName_default = Mailserver
commonName_default = my.mailserver.address.com
emailAddress_default = postmaster@my.mailserver.address.com

I had to add one or two of those lines, but most were present and could be edited. Obviously you need to insert your own information. I don't know whether there is a list of country codes out there somewhere... I read that the commonName needs to match the name of your mailserver (from the client's point of view), and Thunderbird did complain when I set it incorrectly.

Next up is potentially the most confusing step (for me):

# cd misc
# nano -w CA.pl

Here we need to change the script that generates the certificates for us, so that we add the -nodes flag to each of the two relevant commands. This means that the server can startup without requiring your password each time, I believe.

In order to locate the lines to check you might want to search for the comments, below:

# create a certificate
system ("$REQ -new -nodes -x509 -keyout newreq.pem -out newreq.pem $DAYS");

# create a certificate request
system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");

For each command (and only these, as far as I know) you want to add the "-nodes" flag to the list of flags, making sure to leave the rest of the line intact. Once this is done, you are ready to generate your certificates. Note that you only need to do these first two steps (this and the oppenssl.cf edit) the first time you are doing this, later certificates will not need these edits.

# ./CA.pl -newca
# ./CA.pl -newreq
# ./CA.pl -sign

These three commands create your certificates. You will be asked questions along the way, most of which you will already have set the defaults for, with the above editing. I think you can leave most everything as it is. For the last step you are asked for a pass phrase, which I think is the only thing I entered. It may be that the passphrase there must match the challenge password requested in the -newreq run.

Next we copy the resulting files to our postfix setup:

# cp newcert.pem /etc/ssl/postfix
# cp newreq.pem /etc/ssl/postfix
# cp demoCA/cacert.pem /etc/ssl/postfix

They will not overwrite the defaults, luckily (although the defaults seem to be useless).

Finally, we need to change the main.cf to point to these new files, and restart postfix.

# cd /etc/postfix
# nano -w main.cf

Here we need to edit the following lines, putting in the names of our new files, as shown:

smtpd_tls_key_file = /etc/ssl/postfix/newreq.pem
smtpd_tls_cert_file = /etc/ssl/postfix/newcert.pem
smtpd_tls_CAfile = /etc/ssl/postfix/cacert.pem

I note that the extensions are different from the default config, and that lead to my making several replacement mistakes, until I simply reentered the information from scratch. At this point you have told postfix to use the new files.

# postfix check

It is always worth checking your update.

# /etc/init.d/postfix restart

That should restart the service, and use the new certificates as a result.

I then send a message from Thunderbird on another machine in my LAN. I was asked to okay a certificate that matched the info I had created. From that point on the client has been able to connect fine, and that problem has vanished.

The info to do this was presented in this thread before, or at least referred to, but it was perhaps not so simply presented. I hope this helps someone else (not The Hermit, it would seem!).
_________________
Take care,

Liam Routt (Caligari)

[lisnalinchy]

Excellent work Beowulf and co.

I am not sure if this has been mentioned before, but about the only thing I could suggest adding to the guide would be integrating some basic antivirus software like clamav or f-prot for incomming mail.

Just a thought

Cheers

[Torstello]

Hi @all,

i'm able to send and to receive emails after installing postfix-bogofilter.

but i've a strange output im my /var/log/messages when i send an email.

Can someone give me a hint whats going up here? Or is this quite normal?

[LiamRoutt]

This happens to me as well, and seems to be the standard debug output from the TLS or SASL connection layer. There might be a way to limit it, however, by changing settings... But I haven't looked into that yet...
_________________
Take care,

Liam Routt (Caligari)

[Holly]

[Torstello]

Hi @all,

after the setup of my mail-system everything worked fine (thanks beowulf) and i tried to add amavisd-new and clamav support as written in this howto:
https://forums.gentoo.org/viewtopic.php?p=842754#842754

i have a problem connecting to my localhost:10025 to get my amavisd-new scanned emails back to qmgr.

error:

[soulwarrior]

Thanks for this greate howto, works without a problem


I have a question concerning the other computers in my network:
Is it possible to transfer all the local mails on every computer in the local network (like cron emails) to the one mail server, so one has only to look in one place for this sort of emails?

[altstadt]

As far as I can tell, the only thing missing from your mini howto is what I am trying to get working.

You are missing any instructions on how to set up the workstation illusion to forward mail on to the server chimera. What must be configured on illusion (assuming postfix and cyrus-sasl have been emerged there as well) to get email from cron jobs, and other non-client software, sent to the mailbox on chimera? Does anything need to change in the chimera config?

Sorry if this is already explained somewhere in the 21 pages, but I searched for both illusion and its IP on every page.

[altstadt]

[lodder_]

hello,

i'm having a problem wel actually a few.
If i send a mail to a external or in ternal adrass it appears lodder@lodder.bounceme.net at any location exernal or internel but if people wnat to replay on it internel or exteral i don't get a thini i don't even receive them? plz help me on that. and i use this methode of sending : Email Client->Cyrus-SASL->Postfix->Cyrus-SASL->ISP SMTP Server->Internet

my second questions is i have 1 email adres at my isp but there are a few aliases but no i need to filter them for example me@isp.com should go to me , dad@isp.com should go to dad it's account but they all start from the same account plz help me to filter it and deliver it in the correct mailbox

thx in advance folder hope i get an answer soon

[soulwarrior]

[lodder_]

first thing is sloved now

but i still can't figurer out this : my second questions is i have 1 email account at my isp but there are a few aliasses but no i need to filter them for example me@isp.com should go to me , dad@isp.com should go to dad it's account but they all start from the same account plz help me to filter it and deliver it in the correct mailbox

[altstadt]

[strider2003]

NOTE: I have posted this message also in the network and security forum.
I'm following the tutorial, and I'm having a lot of problems. These are some of them. I hope you can help me
1) I can't receive emails.

[strider2003]

This is my output for 'postconf -n'. Do you see anything wrong?

[thompsonmike]

I am getting a error on line 46 when trying to run the script.

Here is the error:

File "/home/mike/Bin/bogotrainer", line 46
spamlist = os.listdir(os.path.join(maildir,".Spam/cur")))
^
SyntaxError: invalid syntax

Any ideas??
_________________
Thanks


Michael..

[TriKster_Abacus]

Beowulf and all of you who have had the patience to stick it out with some of us mail noobs.

The directions were pretty clear, but I am stuck big time.

I use bellsouth.net as my dsl provider, my outgoing email has to go through bellsouth.net.

I am not concerned about recieving email, I just need to send so that username/passwords can be sent for my personal webpage.

This is my /etc/procmail/main.cf:

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
inet_interfaces = all
myhostname = trikster.homelinux.org
mydomain = trikster.homelinux.org
myorigin = $myhostname
mydestination = $myhostname, localhost.$mydomain $mydomain
unknown_local_recipient_reject_code = 450
mynetworks_style = subnet
mynetworks = 127.0.0.0/8 192.168.1.0/24
mailbox_command = /usr/bin/procmail
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.0.16-r1/sample
readme_directory = /usr/share/doc/postfix-2.0.16-r1/readme
default_destination_concurrency_limit = 2
alias_database = hash:/etc/mail/aliases
local_destination_concurrency_limit = 2
alias_maps = hash:/etc/mail/aliases
home_mailbox = .maildir/

I can send email to myself within my server, I.E. from root to user, but it will not go out from the network.

I did:

telnet trikster.homelinux.org 25
Trying 192.168.1.4...
Connected to trikster.homelinux.org.
Escape character is '^]'.
220 trikster.homelinux.org ESMTP Postfix
mail from: [my_username]@trikster.homelinux.org
250 Ok
rcpt to: [my_username]@linux-militia.net
250 Ok
data
354 End data with <CR><LF>.<CR><LF>
This is a test
.
250 Ok: queued as F181441622

Then I watch my /var/log/messages and see these messages:

Dec 13 13:15:24 trikster postfix/smtp[25079]: connect to mail.linux-militia.net[206.225.84.44]: Connection timed out (port 25)
Dec 13 13:15:24 trikster postfix/smtp[25079]: F181441622: to=<[my_username]@linux-militia.net>, relay=none, delay=76, status=deferred (connect to mail.linux-militia.net[206.225.84.44]: Connection timed out)

Then do another test message to [a_username]@bellsouth.net to see if I am actually being blocked.. (of which I am not) and recieve this:

Dec 13 13:17:38 trikster postfix/smtp[25079]: 73B5741634: to=<[my_username]@bellsouth.net>, relay=mx01.mail.bellsouth.net[205.152.59.33], delay=16, status=bounced (host mx01.mail.bellsouth.net[205.152.59.33] said: 550 Invalid recipient: <[my_username]@bellsouth.net> (in reply to RCPT TO command))

So dns is working, everything seems to be working except that all the messages end up with (the bounce above was because I did in fact use a bad email address, but it shows that it is trying to connect to bellsouth.net):

(connect to mail.linux-militia.net[206.225.84.44]: Connection timed out) and such.

What could I be missing?

I also am going through a linksys dsl/cable router and I forwarded port 25 to port 25 on 192.168.1.4 with no luck either.

Thank you

Sincerely,

TriKster Abacus