Mail server setup

Updated 7 March 2019

Mail server

Introduction

A mail server is a server that processes email messages, which includes receiving and sending, as well as sending mail. Вся приходящая почта не идет напрямую в компьютер пользователя (в противном случае пришлось бы держать его постоянно включённым), а поступает для хранения на почтовый сервер, который работает круглосуточно, так что пользователь может забрать с него свою почту в любое удобное для себя время.

Настройка почтового сервера может быть выполнена при помощи утилит Calculate, входящих в пакет sys-apps/calculate-server. Для хранения учётных записей пользователей и групп используется OpenLDAP-сервер, агентом передачи почты выступает Postfix, а функции IMAP/POP3-сервера берёт на себя Dovecot. All necessary software is included in [Calculate Directory Server] (cds).

LDAP configuration

Перед настройкой почтового сервера следует настроить LDAP-сервер. Make all necessary setup procedures according to the manual.

Mail server configuration

Before configuring the mail server, setup the account storage for Unix users. To do so, run:

cl-setup unix
* WARNING: Running this program will modify the configuration files and the LDAP database. If you want to continue, enter 'yes', else enter 'no': yes 

* Added ldif file ... 
[ok] 
* Unix service configured ... 
[ok]

Чтобы установить почтовый сервис с параметрами по умолчанию, выполните следующую команду:

cl-setup mail
* WARNING: Running this program will modify the configuration files and the LDAP database. If you want to continue, enter 'yes', else enter 'no': yes 

* Removed Mail DN from LDAP database ... 
[ok]
* Added ldif file ... 
[ok]
* Starting Postfix ... 
[ok]
* Starting Dovecot ...
[ok]
* Mail service configured ... 
[ok]

To select host mail.example.org and use IMAP and POP3 protocols, run the following:

cl-setup --type pop3,imap --host mail.example.org mail

Для отображения всех доступных параметров выполните следующее:

cl-setup --help-mail
calculate-server 2.1.18

Usage: cl-setup  [options]  service
Sets service in the system

Examples: 
  cl-setup samba                 # set Samba service in the system.             

Common options: 
  -h, --help                     display this help and exit                     
  --help-all                     display help for all services options          
  --help-jabber                  display help for Jabber service options        
  --help-ldap                    display help for LDAP service options          
  --help-mail                    display help for Mail service options          
  --help-samba                   display help for Samba service options         
  --help-proxy                   display help for Proxy service options         
  --help-dns                     display help for DNS service options           
  --help-dhcp                    display help for DHCP service options          

Mail service options: 
  -a, --allow                    enter the allowed ip addresses and network     
  --host HOST                    mail host, default - hostname                  
  -t, --type TYPE                mail type - 'imap', 'pop3', 'pop3,imap'        
                                 (default - imap)                               
  -c, --crypt CRYPT              encryption type - 'none', 'tls' (default - tls)
  --history CONDITION            enabled or disabled mail history logging,      
                                 default disable. (on/off)                      
  --history-domains DOMAIN       domain or domains for own mail (comma          
                                 delimited)                                     
  --history-path PATH            history path                                   

Services: 
  ldap                           ldap service                                   
  unix                           unix service                                   
  samba                          samba service                                  
  mail                           mail service                                   
  jabber                         jabber service                                 
  ftp                            ftp service                                    
  proxy                          proxy service                                  
  dns                            dns service                                    
  dhcp                           dhcp service

Once cl-setup operation completed, the mail service will be configured and running. Use the netstat tool to check the open ports:

netstat -tln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:636             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:389             0.0.0.0:*               LISTEN     
tcp6       0      0 :::110                  :::*                    LISTEN     
tcp6       0      0 :::143                  :::*                    LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 ::1:631                 :::*                    LISTEN     
tcp6       0      0 :::25                   :::*                    LISTEN     
tcp6       0      0 :::636                  :::*                    LISTEN     
tcp6       0      0 :::993                  :::*                    LISTEN     
tcp6       0      0 :::995                  :::*                    LISTEN     
tcp6       0      0 :::389                  :::*                    LISTEN 

Protocols POP3 и IMAP use ports 110 и 143 respectively.

To avoid spam brought to system users (described in /etc/mail/aliases), the nobody mail directory is not created by default. Создайте директорию с нужными правами, если вам необходимо получать письма для системных пользователей:

mkdir /var/calculate/server-data/mail/nobody

chown nobody:nobody /var/calculate/server-data/mail/nobody

chmod 0700 /var/calculate/server-data/mail/nobody

Now all messages for system users will be stored in /var/calculate/server-data/mail/nobody.

Managing accounts

An account is a record that contains information necessary for user identification when connecting to the system, authenticating and logging. In our case, it will be used for connecting to a mail service or a mailbox.
A mailbox is a logical disk partition used for mail storage, referred to as an mail address. Several addresses can correspond to a mailbox, called synonyms or aliases or else nicknames.

To add user guest with mail nickname guestmail@mail.example.org, run:

cl-useradd -p -e guestmail@mail.example.org guest mail
New password:
Repeat new password:
* User added to Unix service
* User added to Mail service

To modify the guest user password, run:

cl-passwd guest mail
New password:
Repeat new password:
* Password of Mail service user changed

To remove user guest from the mail service, run:

cl-userdel guest mail
* Created /var/calculate/server-backup/deleted/guest-1000/mail for storing remote user data
* User mail directory /var/calculate/server-data/mail/guest deleted
* User guest of Mail service deleted

Managing mail groups

A mail group is a set of mail addresses used to send mail to several recipients. Письмо, отправленное на адрес группы, рассылается для всех почтовых учетных записей, входящих в эту группу.

Для добавления почтовой группы guestgroup с альтернативным почтовым адресом gg@example.org выполните:

cl-groupadd -e gg@example.org guestgroup mail
 * Group 'guestgroup' added to Mail service

Для удаления почтовой группы guestgroup выполните:

cl-groupdel guestgroup mail
* Group guestgroup of Mail service was removed

To add and remove accounts, the cl-usermod and cl-groupmod commands are used.

For instance, to add user guest to groups guesttest and guestgroup, run:

cl-usermod -a guesttest,guestgroup guest mail
* User added to groups

To move user guest to the guesttest group, run:

cl-usermod -G guesttest guest mail
* List of additional groups replaced

To add users guest1 and guest2 to group guesttest, run:

cl-groupmod -a guest1,guest2 guesttest mail
* Users added to group guesttest

To remove users guest1 and guest2 from group guesttest, run:

cl-groupmod -d guest1,guest2 guesttest mail
* Users removed from group guesttest

Server checkup

To check if mail has been sent to ~~guestmail@mail.example.org, run:

openssl s_client -starttls smtp -connect mail.example.org:25
CONNECTED(00000003)
...
---
250 DSN
ehlo mail
250-mail.example.org
250-PIPELINING
250-SIZE 100000000
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:<guest@mail.example.org>
250 2.1.0 Ok
rcpt to:<guestmail@mail.example.org>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
From:<guest@mail.example.org>
To:<guestmail@mail.example.org>
Subject: Test

Test
.
250 2.0.0 Ok: queued as 15A9D1D4A2
quit
221 2.0.0 Bye
closed

To check the receipt of mail via IMAP for user guest with password secret , follow these steps:

openssl s_client -starttls imap -crlf -connect mail.example.org:143
CONNECTED(00000003)
...
---
. OK Pre-login capabilities listed, post-login capabilities have more.
A1 LOGIN guest secret
* CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY LITERAL+ NOTIFY SPECIAL-USE
A1 OK Logged in
A2 SELECT Inbox
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
* 1 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1542618255] UIDs valid
* OK [UIDNEXT 2] Predicted next UID
A2 OK [READ-WRITE] Select completed (0.002 + 0.000 + 0.001 secs).
A3 FETCH 1 BODY[HEADER]
* 1 FETCH (BODY[HEADER] {598}
Return-Path: <noname@mail.example.org>
X-Original-To: guestmail@mail.example.org
Delivered-To: guest@mail.example.org
Received: from mail (mail.example.org [127.0.0.1])
    (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
    (No client certificate requested)
    by mail.example.org (Postfix) with ESMTPS id 15A9D1D4A2
    for <guestmail@mail.example.org>; Mon, 19 Nov 2018 11:58:27 +0300 (MSK)
From:<guest@mail.example.org>
To:<guestmail@mail.example.org>
Subject: Test
Message-Id: <20181119085920.15A9D1D4A2@mail.example.org>
Date: Mon, 19 Nov 2018 11:58:27 +0300 (MSK)

)
A3 OK Fetch completed (0.001 + 0.000 secs).
A4 LOGOUT
* BYE Logging out
A4 OK Logout completed (0.001 + 0.000 secs).
closed

To check the receipt of mail via POP3 for user guest with password secret , follow these steps:

openssl s_client -starttls pop3 -crlf -connect mail.example.org:110
CONNECTED(00000003)
...
---
+OK Dovecot ready.
user guest
+OK
pass secret
+OK Logged in.
list
+OK 1 messages:
1 604
.
retr 1
+OK 604 octets
Return-Path: <noname@mail.example.org>
X-Original-To: guestmail@mail.example.org
Delivered-To: guest@mail.example.org
Received: from mail (mail.example.org [127.0.0.1])
    (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
    (No client certificate requested)
    by mail.example.org (Postfix) with ESMTPS id 15A9D1D4A2
    for <guestmail@mail.example.org>; Mon, 19 Nov 2018 11:58:27 +0300 (MSK)
From:<guest@mail.example.org>
To:<guestmail@mail.example.org>
Subject: Test
Message-Id: <20181119085920.15A9D1D4A2@mail.example.org>
Date: Mon, 19 Nov 2018 11:58:27 +0300 (MSK)

Test
.
quit
+OK Logging out.
closed