Jon is a tech enthusiast and entrepreneur living in Colorado. More »
Jon Stacey's life with technology
How To: Setup Email Services on Ubuntu Using Postfix (TLS+SASL) and Dovecot
Here is a guide on getting Email services running on Ubuntu Intrepid. I used Postfix for core services (SMTP wtih TLS and SASL) and Dovecot for fast IMAP and POP3. This tutorial has been tested on a bare bones Ubuntu 8.10 slice from Slicehost.
Preamble
Estimated Time Required: 10-15 minutes
This guide makes several assumptions. For example, it assumes that you will use Maildir. If you decide to make any changes, just keep an eye out for any subsequent changes that might be needed down the line. If you are upgrading from another system, such as Courier, please look at Appendix A.
If you prefer Postfix and Courier, refer to my older tutorial which is reported to work with Ubuntu Intrepid.
Postfix
Let’s get core email functionality going with Postfix:
1 | aptitude install postfix sasl2-bin |
You will be asked a few questions with a nice graphical interface. Here are the answers for some of them. Replace all occurrences of example.com with your root FQDN (e.g. jonsview.com), and server1.example.com with your server’s FQDN (e.g. swift.jonsview.com).
- General type of mail configuration? Internet Site
- System mail name? server1.example.com
Unfortunately, the graphical configuration interface that was automatically launched was a condensed version. You will need to run the full graphical configuration utility.
1 | dpkg-reconfigure postfix |
Again, you will be asked some questions:
- General type of mail configuration? Internet Site
- System mail name? server1.example.com
- Root and postmaster mail recipient? Leave blank
- Other destinations to accept mail for? server1.example.com, example.com, localhost.example.com, localhost
- Force synchronous updates on mail queue? No
- Local networks? Leave default (127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128)
- Mailbox size limit (bytes)? 0
- Local address extension character? Leave default (+)
- Internet protocols to use? ipv4 (most likely)
Next, let’s take care of certificates for TLS. You will be asked several questions during this process. Fill them in as you see fit.
1 2 3 4 5 6 7 8 9 | mkdir /etc/postfix/ssl cd /etc/postfix/ssl/ openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 chmod 600 smtpd.key openssl req -new -key smtpd.key -out smtpd.csr openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt openssl rsa -in smtpd.key -out smtpd.key.unencrypted mv -f smtpd.key.unencrypted smtpd.key openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 |
Finish configuring Postfix for TLS and SASL.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | postconf -e 'smtpd_sasl_local_domain =' postconf -e 'smtpd_sasl_auth_enable = yes' postconf -e 'smtpd_sasl_security_options = noanonymous' postconf -e 'broken_sasl_auth_clients = yes' postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination' postconf -e 'inet_interfaces = all' echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf postconf -e 'smtpd_tls_auth_only = no' postconf -e 'smtp_use_tls = yes' postconf -e 'smtpd_use_tls = yes' postconf -e 'smtp_tls_note_starttls_offer = yes' postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key' postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt' postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem' postconf -e 'smtpd_tls_loglevel = 1' postconf -e 'smtpd_tls_received_header = yes' postconf -e 'smtpd_tls_session_cache_timeout = 3600s' postconf -e 'tls_random_source = dev:/dev/urandom' postconf -e 'myhostname = server1.example.com' postconf -e 'home_mailbox = Maildir/' postconf -e 'mailbox_command =' |
Finally, restart Postfix
1 | /etc/init.d/postfix restart |
SASL
Authentication will be done by saslauthd which will need to be configured to support a chrooted Postfix setup. Edit /etc/default/saslauthd and add or change the following settings so that they match:
1 2 | START=yes OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" |
Finish up SASL by creating the chroot directory, adding the postfix user to the sasl group, and then starting saslauthd.
1 2 3 4 | mkdir -p /var/spool/postfix/var/run/saslauthd dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd adduser postfix sasl /etc/init.d/saslauthd start |
Testing
At this point, core email services should be up and running. Let’s make sure that you’re in good shape before moving on. First, establish a connection with the mail server.
1 | telnet localhost 25 |
After establsihing a connection with the Postfix service, run:
1 | ehlo localhost |
You should see a few lines of output. Make sure that the two most important lines are there:
1 2 3 4 | . . . 250-STARTTLS 250-AUTH PLAIN LOGIN . . . |
Type quit to get out.
Dovecot
Note: If you followed my last guide and are migrating from Courier, please see Appendix A before continuing.
Install and configure Dovecot.
1 2 3 | aptitude install dovecot-imapd dovecot-pop3d perl -pi -e 's/#mail_location =/mail_location = maildir:\/home\/\%u\/Maildir/' /etc/dovecot/dovecot.conf /etc/init.d/dovecot restart |
If everything went smoothly you should now be in email nirvana. Each user has their own email account and you can move on to virtual accounts if you desire.
Appendix A: Courier to Dovecot Conversion
Please refer to this Dovecot wiki article for detailed information, but in a nutshell:
1 2 3 | wget http://www.dovecot.org/tools/courier-dovecot-migrate.pl chmod 755 courier-dovecot-migrate.pl ./courier-dovecot-migrate.pl --to-dovecot --recursive /home |
If everything looks good, then perform the actual conversion.
Note: Even if 0 mailbox changes are shown, the script may still be working. If there aren’t any explicit errors, run the conversion and then check the Maildirs for dovecot indexes.
1 | ./courier-dovecot-migrate.pl --to-dovecot --convert --recursive /home |
For a transparent conversion you will need to setup Dovecot to use INBOX as the namespace for private mailboxes. Edit /etc/dovecot/dovecot.conf and uncomment thenamespace private { block (and corresponding } ). Uncomment #prefix = and change toprefix = INBOX. (include the period). Finally, change #inbox = no to inbox = yes. In essence, it should look like the following, which has been stripped of comments for brevity.
1 2 3 4 | namespace private { prefix = INBOX. inbox = yes } |
Appendix B: SMTP Troubleshooting
If core email services and IMAP are working, but not SMTP, then it’s most likely that sasl is not set up properly. Log entries like the following in /var/log/mail.warn will confirm this:
1 | Mar 27 00:36:56 swift postfix/smtpd[12537]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory |
Last words
I’ve always found setting up email services on Linux a pain, so hopefully this has helped you get up and running. Please let me know if you find any errors, or have suggestions that would make this guide easier to understand.
PREVIOUS POST: Quick LNMP Server Setup Guide
NEXT POST: Jing, a Free and Simple Way to Create Screencasts
'Web Service > AWS' 카테고리의 다른 글
| SES 사용법 및 스팸 지정 방지 (0) | 2012.08.07 |
|---|---|
| Sending Email from EC2 Instances (0) | 2012.07.27 |
| [Mysql] 외부에서 mysql에 접근할 권한 주는 명령어 (0) | 2012.07.17 |
| AWS EBS 볼륨 추가/삭제 시 참고 (0) | 2012.07.16 |
| Texewrangler에서 aws에 있는 파일 바로 열기 (0) | 2012.07.09 |
{ 55 comments… read them below or add one }
← PREVIOUS COMMENTS
Thanks a whole lot, that worked out of the box! ☺
So not that I’ve completed this tutorial, how do I proceed from here? How do I add usernames and passwords for individuals who want to use my email services? How do I know that the email works? Just a few questions I have other than that thanks for the great tutorial I found that the only errors I made were my fault not the tutorials
That depends on the complexity of your needs. For example, my needs are pretty simple so every email user has a corresponding unix account, so dovecot references the passwd file. There are more sophisticated options though such as using MySQL or static database files:
http://wiki.dovecot.org/VirtualUsers
http://wiki.dovecot.org/HowTo/DovecotLDAPostfixAdminMySQL
I too am having trouble with the line, “/etc/init.d/saslauthd start”
I get the following – /etc/default/saslauthd: 55: Syntax error: Unterminated quoted string
I’ve made sure sasl2-bin is installed. I’ve checked for any updates. and I’ve restarted.
Does anyone have any suggestions. I’d really love to get this working. Many thanks
Sounds like the config fille is corrupt. Perhaps a copy/paste error, the configuration format has changed since I wrote the tutorial, or any other number of reasons. Try to see what’s going on in line 55 of the file to correct the problem by adding the missing quote terminator. Another option is to purge the sasl2-bin and configuration with the package manager and try again.
/etc/init.d/saslauthd start — This line is failing for me.. saying saslauthd not found.
Also, i tried sending email to my gmail id after this and it did not work. I did not receive any email. Any suggestions.
Did you install sasl2-bin ?
This is a nice info. It saved my time a lot to build a mail server.
Just to share my experience, getting “authentication” issue for pop, I found that, similar to your tip of “telnet localhost 25″, I run “telnet localhost 110″ on the server to check how the authentication had been, and I could resolve it later.
Thanks much for this great article !
Thanks, great tutorial, worked out of the box, helped a lot.
THANK YOU!!!
I wish I’d found this 15 tutorials earlier. It’s the only one that has worked 100% without any swearing!
Hey,
I think installation went well following your steps. Just one question though. When I ran ‘telnet localhost pop3′ at the terminal, I get the return “+OK Dovecot ready,” but it doesn’t give me the login prompt. How can I check my mails then?
ice
The purpose of telnet in this guide was simply to test. As for actually retrieving email, you will have to install an email client such as mutt, or download the email with an imap or pop3 client to your local computer, or install a webmail application such asSquirrelmail.
See an example below;
root@userver1:/etc# telnet localhost 110
Trying ::1…
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
+OK Dovecot ready.
user mii
+OK
pass mii
+OK Logged in.
list
+OK 1 messages:
1 720
.
retr 1
+OK 720 octets
← PREVIOUS COMMENTS
{ 3 trackbacks }