How to set up an email server with postfix/cyrus

[cach0rr0]

i hate conference calls. but i have one in 15, so i have to be brief. Man, weekend needs to come fast, this week has been insane.

[cach0rr0]

now that I'm off that bloody call, a few more points

-587 is very likely NOT blocked
-the other advantage to a "business class" line, is that your IP won't be listed on any DNS blacklists/RBL's, whereas dynamic, residential comcast IP's, are all listed on, for example, Spamhaus PBL (which is used in the Spamhaus ZEN list....which, is a very, very, very widely used list, if you're on the PBL, few corporate mail servers are going to accept mail from your home IP, and any servers that use zen.spamhaus.org are going to block mail from your IP). Also, for the business customers, theyre rolling out DOCCIS 3, which I plan on moving to sooner rather than later (i think it's free?).

no, i dont work for comcast
i made this move because i was pissed at being blacklisted, and although they dont block 25 in my area, i was worried they might at some point. I'd have moved to another provider if there was one available that fit my needs, but there isn't, and this ultimately ended up being the most cost-effective path for me
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash

[trigggl]

I'm getting the following message in my imapd.conf

[cach0rr0]

unless you plan on setting up sieve scripts, i wouldnt worry about it
i dont use them. maybe i should, but sieve is one "language" i just cant be bothered learning.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash

[cach0rr0]

Hi guys - Just a quick heads up!

I've updated the ebuild for cyrus-imapd-2.4.12 since there was the GLSA/vuln published for prior versions

http://www.gentoo.org/security/en/glsa/glsa-201110-16.xml

I have not tested it other than "it patches and compiles without issue" (see note, it's actually not "without issue)". I upgraded my production box for this maybe 5 minutes ago, and will holler if anything catches fire. I don't expect anyone else to be an "early adopter", I am guinea pigging it, and at least this way with me going first I will know if "issues" that pop up are related to these patches, or just related to new cyrus without patches, or unrelated at all.

NOTE: in order for this to build cleanly, you have to have 'sieve' enabled in your USE, otherwise there are files missing, and although things patch correctly, the build fails with:

[audiodef]

[audiodef]

Came across this today: http://thewalter.net/stef/software/clamsmtp/postfix.html

Might be useful to integrate it into the howto.
_________________
decibel Linux: https://decibellinux.org
Github: https://github.com/Gentoo-Music-and-Audio-Technology
Facebook: https://www.facebook.com/decibellinux
Discord: https://discord.gg/73XV24dNPN

[cach0rr0]

basically the same steps there that one would use for integrating amavisd-new

Might add a link for it, dunno that id include any piece of that actual HOWTO.

First I need to get a new laptop, one that has its O key intact. I'm currently hitting the little rubber nipple directly.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash

[audiodef]

I have a phpbb board for which I want to enable new user self-validation via email. I'm having trouble getting this to work and I'm not sure why. I've set the email settings like so:

SMTP settings

Use SMTP server for e-mail: yes

SMTP server address: audiodef.com (which is what I use in my mail client and this works)

SMTP server port: I've tried both 587 and 995

Authentication method for SMTP: Tried both plain and login (other options are cram and md5, which I don't use in my mail clients, so I figure they don't apply here, either)

SMTP username/pass: I enter a webmaster account for this, no typos

I thought I'd post this here first to make sure it's not just me using incorrect mail server settings. I have not gotten phpbb to send out a validation email yet.
_________________
decibel Linux: https://decibellinux.org
Github: https://github.com/Gentoo-Music-and-Audio-Technology
Facebook: https://www.facebook.com/decibellinux
Discord: https://discord.gg/73XV24dNPN

[cach0rr0]

a few quick things - sorry so late, very busy times 'round these parts !

-do the connection attempts from your web server even show up in mail.log ? debug_peer might be useful.
-smtpd_tls_auth_only means that you cannot do AUTH, nor will the extension even be advertised, unless the connecting host first establishes a TLS-enabled session (i.e. via STARTTLS).
-if your web server, where you have this phpbb instance, is included in $mynetworks, you shouldn't need to auth. I would of course avoid doing such a thing if you had your site on some kind of shared hosting environment where the unwashed masses were hosted on your same IP, but for your own server that shouldn't be an issue.

I'll tick the 'notify me' box on this one, otherwise I'll never notice a new post has been made
My world isn't going to be calm for at least another few months. In the good sense, all work stuff, big great things happening for me there, but those big great things mean a time vortex.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash

[audiodef]

Thanks for your as-usual in-depth and helpful advice.

How do I get postfix to have it's own mail log? Right now, it gets dumped into /var/log/messages, which can be a pain to grep through.

I finally grokked what you said about not needing auth if it's all on the same server, so I disabled phpBB's "use smtp for mail" and replaced "mail" with "sendmail" in the local mail function box. This is what succeeded.

So what great, big things are happening? Good stuff, I hope.
_________________
decibel Linux: https://decibellinux.org
Github: https://github.com/Gentoo-Music-and-Audio-Technology
Facebook: https://www.facebook.com/decibellinux
Discord: https://discord.gg/73XV24dNPN

[cach0rr0]

[audiodef]

I thought I had syslog-ng on hardened, since I knew about that, but I it wasn't. Well, that's fixed now.

Nice. I wish you all the best with the good stuff, busy coffee-laced schedule notwithstanding.
_________________
decibel Linux: https://decibellinux.org
Github: https://github.com/Gentoo-Music-and-Audio-Technology
Facebook: https://www.facebook.com/decibellinux
Discord: https://discord.gg/73XV24dNPN

[whatalotta]

Hi cach0rr0,

Thanks for a great HowTo! I tried the official Gentoo Virtual Mail Server and even with a lot of googling and searching in the forums, I couldn't get past the "Relay Access Denied" errors when trying to receive on my virtual domains (although the domain in mydestination worked fine).

The only difficulty I had with your instructions was in the adding domains section. I created the table in mysql, created virtual_domain_lookup.cf, added the virtual domains to the new table and changed virtual_mailbox_domains = drumm1.ath.cx, like.webhop.org to read virtual_mailbox_domains = mysql:/etc/postfix/virtual_domain_lookup.cf. Unfortunately, my virtual domains started giving me the "Relay Access Denied" error upon testing receive functionality. I think it might have worked if I had understood what you meant by "(adjust your SQL lookups accordingly!). I went back to virtual_mailbox_domains = drumm1.ath.cx, like.webhop.org and bingo -- everything worked!

Thanks, and good luck with the start-up!
-w

[cach0rr0]

[audiodef]

I've been using Claws Mail. I like it a lot, except for one thing: it appears not to do anything when I select Options -> Request Return Receipt before sending a message.

Does Claws Mail use DSN or MDN for return receipts? How can I make either of these work? I'm posting this here because I'm wondering if this has to do with my postfix setup, which was done according to the how-to in this thread.

Since I run my own mail server, this would be a very useful function for me, as opposed to checking the server logs every time I want to verify a message was successfully delivered.

I'm also open to other ways of receiving DSNs or MDNs, if anyone has such suggestions.
_________________
decibel Linux: https://decibellinux.org
Github: https://github.com/Gentoo-Music-and-Audio-Technology
Facebook: https://www.facebook.com/decibellinux
Discord: https://discord.gg/73XV24dNPN

[ChrisJumper]

Little Offtopic:

Before i follow your How-To..

- Could i use/integrate Roundcube as Webfrontend?
- Is this a solution for collecting all/much emails for multiple Accounts from different Mailhosters?
(This off Course could be done with IMAP and E-Mail forwarding, but i would prefer a single Point of interact and Collecting).
- Or did the Postfix/Cyrus just handle my Domain and its as MTA?

EDIT Ok, the Cyrus and Postfix Service is really easy to use with a roundcube Webfrontend. So now i am really lucky to got that worked. Just one thing on that guide did not work for me as expected. The magic autocreation of the new INBOX ad co. The Useflags have changed and i think that you have to add "sieve" to it. Even with it the autocreation fails. I activate in roundecube that the first logged in Users, roundcube will autocreate INBOX, Sent, Trash and Junk.

Since i just checked this with roundecube it could work with other imap-Mail Clients. After create this Folders the service work as expected.

Since i am new to cyrus i don't know how to use or configure and use net-mail/cyrus-imap-admin. Would be nice if your great hwoto could add some aspect there. Since you add an admins in your /etc/imap.conf i never could connect as admin to my cyrus.. even if i add this user with a pass in the mysql database. I suppose that the cyrus user have to exist on the system as user and should be able to login as user. Both login with cyadm as root or as cyrus did not work. :/

Thinks ill do is to spent some time to HASH, salt and pepper the Passworts in the ICMP Databse or find a good way to allow connections via SSL from Outside. And roundcube would love to use a icmp-proxy inside to speed up the connections..?