Setting up Email Services on Ubuntu Hardy Using Postfix and Courier

I recently spent some quality time (read: 6 hours) setting up email services on my server with Ubuntu Hardy. Here’s a very quick mini-tutorial of the steps that got me up and running with IMAP, SMTP, TLS, and POP3.

Preamble

For the most part I followed the instructions on The Perfect Setup but there are a few quirks to watch out for in this newest Ubuntu version. So let’s get down to business. You will probably want to do this as root so you can save your fingers from typing sudo multiple times.

Postfix

Let’s get core mail functionality going with postfix:

aptitude install libsasl2 sasl2-bin libsasl2-modules libdb3-util procmail

You will be asked a few questions. Here are the answers for some of them:

General type of configuration? <– Internet Site
Mail name? <– server1.example.com

Now run:

dpkg-reconfigure postfix

Again, you’ll be asked some questions:

General type of configuration? <– Internet Site
Where should mail for root go? <– Leave blank
Mail name? <– server1.example.com
Other destinations to accept mail for? <– server1.example.com, example.com, localhost.example.com, localhost
Force synchronous updates on mail queue? <– No
Local networks? <– 127.0.0.0/8
Use procmail for local delivery? <– Yes
Mailbox size limit? <– 0
Local address extension characters? <– +
Internet protocols to use? <– all

Now add some configuration directives to the postfix configuration file:

postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf

Now take care of the certificates for TLS. You will be asked several questions for each certficate, fill them in as you feel best:

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Now configure Postfix for TLS:

postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'>
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
postconf -e 'myhostname = server1.example.com'

Restart Postfix:

/etc/init.d/postfix restart

Authentication will be done by saslauthd. We have to change a few things to make it work properly. Because Postfix runs chrooted in /var/spool/postfix we have to do the following:

mkdir -p /var/spool/postfix/var/run/saslauthd

Now you have to edit /etc/default/saslauthd in order to activate saslauthd. Remove # in front of START=yes and add the line
OPTIONS=”-c -m /var/spool/postfix/var/run/saslauthd”
Note: The OPTIONS line may already exist with a different setting.

vi /etc/default/saslauthd

Now set the run directory using dpkg-statoverride

dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd

And add the postfix user to the sasl group:

adduser postfix sasl

Finally start saslauthd:

/etc/init.d/saslauthd start

Test

Test to make sure that mail and SMTP is now working. Here are some quick tips:

To see if SMTP-AUTH and TLS work properly:

telnet localhost 25

After you have established the connection to your Postfix mail server, type:

ehlo localhost

If you see the lines

250-STARTTLS and 250-AUTH then everything is fine and you can return to the system’s shell.

quit

Courier-IMAP/Courier-POP3

We’re on the home stretch now. Run this to install Courier-IMAP/Courier-IMAP-SSL and Courier-POP3/Courier-POP3-SSL:

aptitude install courier-authdaemon courier-base courier-imap courier-imap-ssl courier-pop courier-pop-ssl courier-ssl gamin libgamin0 libglib2.0-0

You will be asked some questions:

Create directories for web-based administration? <– No
SSL Certificate required? <– Ok

Now let’s tell Postfix to use Maildir:

postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restart

Email Nirvana

If everything went smoothly you should now be in email nirvana. Each user has their own email account and you can move on to setting up virtual accounts if you desire.

Troubleshooting

I have always found setting up mail services on servers the most finicky. In the event of trouble the best place to head is /var/log and take a look at the mail logs. If your connection is getting to the server those will tell you what’s going on.

Let me know if this helped you or if I made an omission.