Mail server setup

Mail server

Introduction

A mail server is a server that processes email messages, which includes receiving and sending, as well as sending mail. All incoming mail does not go directly to the user's computer (otherwise, it would be necessary to keep it constantly turned on), but is directed to the mail server for storage. The mail server operates around the clock, and the user can retrieve his mail from it at any convenient time.

You can configure your mail server with Calculate utilities provided in the sys-apps / calculate-server package. OpenLDAP server is used to store user and group accounts, Postfix acts as a mail delivery agent, and Dovecot handles IMAP / POP3 server functions. All necessary software is included in [Calculate Directory Server] (cds).

LDAP configuration

Before setting up the mail server, you must have an operating LDAP configuration. Make all necessary setup procedures according to the manual.

Mail server configuration

Before configuring the mail server, setup the account storage for Unix users. To do so, run:

cl-setup unix
* WARNING: Running this program will modify the configuration files and the LDAP database. If you want to continue, enter 'yes', else enter 'no': yes 

* Added ldif file ... 
[ok] 
* Unix service configured ... 
[ok]

To install a mail server with default parameters, run:

cl-setup mail
* WARNING: Running this program will modify the configuration files and the LDAP database. If you want to continue, enter 'yes', else enter 'no': yes 

* Removed Mail DN from LDAP database ... 
[ok]
* Added ldif file ... 
[ok]
* Starting Postfix ... 
[ok]
* Starting Dovecot ...
[ok]
* Mail service configured ... 
[ok]

To select host mail.example.org and use IMAP and POP3 protocols, run the following:

cl-setup --type pop3,imap --host mail.example.org mail

To view all available parameters, run:

cl-setup --help-mail
calculate-server 2.1.18

Usage: cl-setup  [options]  service
Sets service in the system

Examples: 
  cl-setup samba                 # set Samba service in the system.             

Common options: 
  -h, --help                     display this help and exit                     
  --help-all                     display help for all services options          
  --help-jabber                  display help for Jabber service options        
  --help-ldap                    display help for LDAP service options          
  --help-mail                    display help for Mail service options          
  --help-samba                   display help for Samba service options         
  --help-proxy                   display help for Proxy service options         
  --help-dns                     display help for DNS service options           
  --help-dhcp                    display help for DHCP service options          

Mail service options: 
  -a, --allow                    enter the allowed ip addresses and network     
  --host HOST                    mail host, default - hostname                  
  -t, --type TYPE                mail type - 'imap', 'pop3', 'pop3,imap'        
                                 (default - imap)                               
  -c, --crypt CRYPT              encryption type - 'none', 'tls' (default - tls)
  --history CONDITION            enabled or disabled mail history logging,      
                                 default disable. (on/off)                      
  --history-domains DOMAIN       domain or domains for own mail (comma          
                                 delimited)                                     
  --history-path PATH            history path                                   

Services: 
  ldap                           ldap service                                   
  unix                           unix service                                   
  samba                          samba service                                  
  mail                           mail service                                   
  jabber                         jabber service                                 
  ftp                            ftp service                                    
  proxy                          proxy service                                  
  dns                            dns service                                    
  dhcp                           dhcp service

Once cl-setup operation completed, the mail service will be configured and running. Use the netstat tool to check the open ports:

netstat -tln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:636             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:389             0.0.0.0:*               LISTEN     
tcp6       0      0 :::110                  :::*                    LISTEN     
tcp6       0      0 :::143                  :::*                    LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 ::1:631                 :::*                    LISTEN     
tcp6       0      0 :::25                   :::*                    LISTEN     
tcp6       0      0 :::636                  :::*                    LISTEN     
tcp6       0      0 :::993                  :::*                    LISTEN     
tcp6       0      0 :::995                  :::*                    LISTEN     
tcp6       0      0 :::389                  :::*                    LISTEN 

Protocols POP3 и IMAP use ports 110 и 143 respectively.

To avoid spam brought to system users (described in /etc/mail/aliases), the nobody mail directory is not created by default. If however you wish to create a directory for system users, do so manually:

mkdir /var/calculate/server-data/mail/nobody

chown nobody:nobody /var/calculate/server-data/mail/nobody

chmod 0700 /var/calculate/server-data/mail/nobody

Now all messages for system users will be stored in /var/calculate/server-data/mail/nobody.

Managing accounts

An account is a record that contains information necessary for user identification when connecting to the system, authenticating and logging. In our case, it will be used for connecting to a mail service or a mailbox.
A mailbox is a logical disk partition used for mail storage, referred to as an mail address. Several addresses can correspond to a mailbox, called synonyms or aliases or else nicknames.

To add user guest with mail nickname guestmail@mail.example.org, run:

cl-useradd -p -e guestmail@mail.example.org guest mail
New password:
Repeat new password:
* User added to Unix service
* User added to Mail service

To modify the guest user password, run:

cl-passwd guest mail
New password:
Repeat new password:
* Password of Mail service user changed

To remove user guest from the mail service, run:

cl-userdel guest mail
* Created /var/calculate/server-backup/deleted/guest-1000/mail for storing remote user data
* User mail directory /var/calculate/server-data/mail/guest deleted
* User guest of Mail service deleted

Managing mail groups

A mail group is a set of mail addresses used to send mail to several recipients. An email sent to the group address is sent to all mail accounts that belong to this group.

To add a mail group named guestgroup and nicknamed gg@example.org, run:

cl-groupadd -e gg@example.org guestgroup mail
 * Group 'guestgroup' added to Mail service

To remove the guestgroup group, run:

cl-groupdel guestgroup mail
* Group guestgroup of Mail service was removed

To add and remove accounts, the cl-usermod and cl-groupmod commands are used.

For instance, to add user guest to groups guesttest and guestgroup, run:

cl-usermod -a guesttest,guestgroup guest mail
* User added to groups

To move user guest to the guesttest group, run:

cl-usermod -G guesttest guest mail
* List of additional groups replaced

To add users guest1 and guest2 to group guesttest, run:

cl-groupmod -a guest1,guest2 guesttest mail
* Users added to group guesttest

To remove users guest1 and guest2 from group guesttest, run:

cl-groupmod -d guest1,guest2 guesttest mail
* Users removed from group guesttest

Server checkup

To check if mail has been sent to ~~guestmail@mail.example.org, run:

openssl s_client -starttls smtp -connect mail.example.org:25
CONNECTED(00000003)
...
---
250 DSN
ehlo mail
250-mail.example.org
250-PIPELINING
250-SIZE 100000000
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:<guest@mail.example.org>
250 2.1.0 Ok
rcpt to:<guestmail@mail.example.org>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
From:<guest@mail.example.org>
To:<guestmail@mail.example.org>
Subject: Test

Test
.
250 2.0.0 Ok: queued as 15A9D1D4A2
quit
221 2.0.0 Bye
closed

To check the receipt of mail via IMAP for user guest with password secret , follow these steps:

openssl s_client -starttls imap -crlf mail.example.org:143
CONNECTED(00000003)
...
---
. OK Pre-login capabilities listed, post-login capabilities have more.
A1 LOGIN guest secret
* CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY LITERAL+ NOTIFY SPECIAL-USE
A1 OK Logged in
A2 SELECT Inbox
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
* 1 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1542618255] UIDs valid
* OK [UIDNEXT 2] Predicted next UID
A2 OK [READ-WRITE] Select completed (0.002 + 0.000 + 0.001 secs).
A3 FETCH 1 BODY[HEADER]
* 1 FETCH (BODY[HEADER] {598}
Return-Path: <noname@mail.example.org>
X-Original-To: guestmail@mail.example.org
Delivered-To: guest@mail.example.org
Received: from mail (mail.example.org [127.0.0.1])
    (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
    (No client certificate requested)
    by mail.example.org (Postfix) with ESMTPS id 15A9D1D4A2
    for <guestmail@mail.example.org>; Mon, 19 Nov 2018 11:58:27 +0300 (MSK)
From:<guest@mail.example.org>
To:<guestmail@mail.example.org>
Subject: Test
Message-Id: <20181119085920.15A9D1D4A2@mail.example.org>
Date: Mon, 19 Nov 2018 11:58:27 +0300 (MSK)

)
A3 OK Fetch completed (0.001 + 0.000 secs).
A4 LOGOUT
* BYE Logging out
A4 OK Logout completed (0.001 + 0.000 secs).
closed

To check the receipt of mail via POP3 for user guest with password secret , follow these steps:

openssl s_client -starttls pop3 -crlf mail.example.org:110
CONNECTED(00000003)
...
---
+OK Dovecot ready.
user guest
+OK
pass secret
+OK Logged in.
list
+OK 1 messages:
1 604
.
retr 1
+OK 604 octets
Return-Path: <noname@mail.example.org>
X-Original-To: guestmail@mail.example.org
Delivered-To: guest@mail.example.org
Received: from mail (mail.example.org [127.0.0.1])
    (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
    (No client certificate requested)
    by mail.example.org (Postfix) with ESMTPS id 15A9D1D4A2
    for <guestmail@mail.example.org>; Mon, 19 Nov 2018 11:58:27 +0300 (MSK)
From:<guest@mail.example.org>
To:<guestmail@mail.example.org>
Subject: Test
Message-Id: <20181119085920.15A9D1D4A2@mail.example.org>
Date: Mon, 19 Nov 2018 11:58:27 +0300 (MSK)

Test
.
quit
+OK Logging out.
closed