April 27, 2011, 6:51 a.m.
posted by void
Build an Email Server
Setting up an email server is remarkably straightforward, but there are a couple of things to be very careful of so it doesn't end up being a haven for spammers.
An email server consists of several components: an SMTP (Simple Mail Transport Protocol) server to handle mail transfer between hosts, POP and IMAP servers to give users access to mailboxes from their desktop mail clients, and often some kind of mail-filtering system for reducing spam and viruses passing through the system.
Postfix SMTP Server
There are many SMTP servers available in Ubuntu, and many administrators have their own personal preference, but the Postfix SMTP server is a good general-purpose choice that is fast, secure, and extensible:
$ sudo apt-get install postfix
The installation process will ask some questions about how the system will operate. Select Internet Site as the operation mode and set Mail Name to your domain.
Once the package has been installed, open /etc/postfix/main.cf in an editor and find a line like:
mynetworks = 127.0.0.0/8
To allow computers on your network to send outgoing email through the server, you need to add your network range to the mynetworks value. For example, if your network is the 192.168.0.0 class-C range, you would edit the line to read:
mynetworks = 127.0.0.0/8 192.168.0.0/24
This setting is critical to preventing your mail server being used as a relay by spammers, so only add network ranges that you trust.
When mail is delivered to a local user, it can be stored in several different ways. The older and most common approach is the mbox format, which stores all mail in a single file for each user, but the performance of the mbox format falls off dramatically with large mail volumes. Most newer mail systems use the maildir format, which stores messages in individual files nested inside directories. Postfix can handle either format equally well. Add this line to main.cf to use the maildir format:
home_mailbox = Maildir/
The Maildir/ value is appended to the home directory path of the recipient, and the trailing slash indicates to use the maildir format for storage.
Finally, look for a line that starts with mydestination =. Mail for all domains listed in this line will be accepted by your mail server, and local delivery will be attempted, so if you will host mail for multiple domains, add them here.
Restart Postfix to make your changes take effect:
$ sudo /etc/init.d/postfix restart
If you will be using your mail server only as an outbound mail gateway, that's all you need to do. Configure your email client to use your mail server for outbound mail and try sending a message to an external email account.
If the message doesn't come through, try "putting a tail" on the Postfix logfile to see what went wrong, and adjust your configuration as necessary:
$ sudo tail -f /var/log/mail.log
Reduce Spam with Greylisting
There are a variety of methods to protect your users from spam, but unfortunately there is no magic solution that causes absolutely no false positives or negatives. Greylisting is one approach that requires very little ongoing maintenance but has a very high success rate with very few false positives in which valid email is mistakenly rejected.
Greylisting works on the premise that valid mail servers will attempt redelivery of mail if they receive a "temporarily unavailable" error from the destination server, while spam hosts and viruses will typically attempt delivery only once and then move on to the next target. This means legitimate mail from a remote system will be delayed, but afterwards your mail server will remember that the sender is valid and let the mail straight through. The delay on the first message can be inconvenient, but on the whole, greylisting is one of the most successful spam-mitigation techniques currently available. To take advantage of greylisting, install Postgrey:
$ sudo apt-get install postgrey
Postgrey runs as a daemon on your mail server on port 60000, so configure Postfix to use it as a delivery policy service. Open /etc/postfix/main.cf and add an entry for the service:
smtpd_recipient_restrictions = reject_unauth_destination, check_policy_service inet:127.0.0.1:60000
Then restart Postfix and put a tail on the Postfix logfile before sending a test message to the system from an external mail server. On the first delivery attempt, you will see the message rejected with a nonfatal error, and then after five minutes your mail server will allow the message to be delivered. Subsequent messages from the same remote system will be delivered immediately.
$ sudo apt-get install mailgraph $ sudo /etc/init.d/mailgraph start
Mailgraph watches mail-server activity and logs it in an extremely efficient database, and then builds graphs that you can access through a web browser at http:// yourhost /cgi-bin/mailgraph.cgi. By default, the graphs are accessible from anywhere, so if you prefer to keep them secret, you may wish to restrict access to them using an Apache .htaccess file or with explicit access control in the Apache configuration.
POP and IMAP Services
To allow users to collect mail from the server, you need to run IMAP and/or POP services. Once again, there is a variety of alternatives, each of which have advantages and disadvantages, but the Courier suite provides very simple setup and natively supports maildir format:
$ sudo apt-get install courier-imap courier-imap-ssl \\ courier-pop courier-pop-ssl
If you configured Postfix to use maildirs, as described above, you don't need to make any changes to the Courier configuration: it will automatically detect the maildirs, and everything should just work.