Here is a guide on getting Email services running on Ubuntu Intrepid. I used Postfix for core services (SMTP wtih TLS and SASL) and Dovecot for fast IMAP and POP3. This tutorial has been tested on a bare bones Ubuntu 8.10 slice from Slicehost.
Preamble
Estimated Time Required: 10-15 minutes
This guide makes several assumptions. For example, it assumes that you will use Maildir. If you decide to make any changes, just keep an eye out for any subsequent changes that might be needed down the line. If you are upgrading from another system, such as Courier, please look at Appendix A.
If you prefer Postfix and Courier, refer to my older tutorial which is reported to work with Ubuntu Intrepid.
Postfix
Let’s get core email functionality going with Postfix:
aptitude install postfix sasl2-bin
You will be asked a few questions with a nice graphical interface. Here are the answers for some of them. Replace all occurrences of example.com with your root FQDN (e.g. jonsview.com), and server1.example.com with your server’s FQDN (e.g. swift.jonsview.com).
* General type of mail configuration? Internet Site
* System mail name? server1.example.com
Unfortunately, the graphical configuration interface that was automatically launched was a condensed version. You will need to run the full graphical configuration utility.
dpkg-reconfigure postfix
Again, you will be asked some questions:
* General type of mail configuration? Internet Site
* System mail name? server1.example.com
* Root and postmaster mail recipient? Leave blank
* Other destinations to accept mail for? server1.example.com, example.com, localhost.example.com, localhost
* Force synchronous updates on mail queue? No
* Local networks? Leave default (127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128)
* Mailbox size limit (bytes)? 0
* Local address extension character? Leave default (+)
* Internet protocols to use? ipv4 (most likely)
Next, let’s take care of certificates for TLS. You will be asked several questions during this process. Fill them in as you see fit.
mkdir /etc/postfix/ssl cd /etc/postfix/ssl/ openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 chmod 600 smtpd.key openssl req -new -key smtpd.key -out smtpd.csr openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt openssl rsa -in smtpd.key -out smtpd.key.unencrypted mv -f smtpd.key.unencrypted smtpd.key openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Finish configuring Postfix for TLS and SASL.
postconf -e 'smtpd_sasl_local_domain =' postconf -e 'smtpd_sasl_auth_enable = yes' postconf -e 'smtpd_sasl_security_options = noanonymous' postconf -e 'broken_sasl_auth_clients = yes' postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination' postconf -e 'inet_interfaces = all' echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf postconf -e 'smtpd_tls_auth_only = no' postconf -e 'smtp_use_tls = yes' postconf -e 'smtpd_use_tls = yes' postconf -e 'smtp_tls_note_starttls_offer = yes' postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key' postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt' postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem' postconf -e 'smtpd_tls_loglevel = 1' postconf -e 'smtpd_tls_received_header = yes' postconf -e 'smtpd_tls_session_cache_timeout = 3600s' postconf -e 'tls_random_source = dev:/dev/urandom' postconf -e 'myhostname = server1.example.com' postconf -e 'home_mailbox = Maildir/' postconf -e 'mailbox_command ='
Finally, restart Postfix
/etc/init.d/postfix restart
SASL
Authentication will be done by saslauthd which will need to be configured to support a chrooted Postfix setup. Edit /etc/default/saslauthd and add or change the following settings so that they match:
START=yes OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
Finish up SASL by creating the chroot directory, adding the postfix user to the sasl group, and then starting saslauthd.
mkdir -p /var/spool/postfix/var/run/saslauthd dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd adduser postfix sasl /etc/init.d/saslauthd start
Testing
At this point, core email services should be up and running. Let’s make sure that you’re in good shape before moving on. First, establish a connection with the mail server.
telnet localhost 25
After establsihing a connection with the Postfix service, run:
ehlo localhost
You should see a few lines of output. Make sure that the two most important lines are there:
. . . 250-STARTTLS 250-AUTH PLAIN LOGIN . . .
Type quit to get out.
Dovecot
Note: If you followed my last guide and are migrating from Courier, please see Appendix A before continuing.
Install and configure Dovecot.
aptitude install dovecot-imapd dovecot-pop3d perl -pi -e 's/#mail_location =/mail_location = maildir:\/home\/\%u\/Maildir/' /etc/dovecot/dovecot.conf /etc/init.d/dovecot restart
If everything went smoothly you should now be in email nirvana. Each user has their own email account and you can move on to virtual accounts if you desire.
Appendix A: Courier to Dovecot Conversion
Please refer to this Dovecot wiki article for detailed information, but in a nutshell:
wget http://www.dovecot.org/tools/courier-dovecot-migrate.pl chmod 755 courier-dovecot-migrate.pl ./courier-dovecot-migrate.pl --to-dovecot --recursive /home
If everything looks good, then perform the actual conversion.
Note: Even if 0 mailbox changes are shown, the script may still be working. If there aren’t any explicit errors, run the conversion and then check the Maildirs for dovecot indexes.
./courier-dovecot-migrate.pl --to-dovecot --convert --recursive /home
For a transparent conversion you will need to setup Dovecot to use INBOX as the namespace for private mailboxes. Edit /etc/dovecot/dovecot.conf and uncomment the namespace private { block (and corresponding } ). Uncomment #prefix = and change to prefix = INBOX. (include the period). Finally, change #inbox = no to inbox = yes. In essence, it should look like the following, which has been stripped of comments for brevity.
namespace private {
prefix = INBOX.
inbox = yes
}
Appendix B: SMTP Troubleshooting
If core email services and IMAP are working, but not SMTP, then it’s most likely that sasl is not set up properly. Log entries like the following in /var/log/mail.warn will confirm this:
Mar 27 00:36:56 swift postfix/smtpd[12537]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Last words
I’ve always found setting up email services on Linux a pain, so hopefully this has helped you get up and running. Please let me know if you find any errors, or have suggestions that would make this guide easier to understand.
I’m trying to follow this on Ubunttu Server 10.04 LTS (I assume it should work and that not much has changed compatibility-wise over a year). However, when I get to the part where I run ‘ehlo localhost’ in the telnet session, I do not get the two lines you mentioned that are important. I copied and pasted everything as you posted it, and received no errors, but these two lines don’t show up.
Any ideas?
Jenkinbr, I’m running 10.04 LTS on this very server, but I’ve been upgrading along the way consistently. I took a quick look at the Postfix TLS Documentation and it appears that some of the configuration directives have changed. For example, smtpd_use_tls has been replaced, but it should still work.
I would start by combing through the configuration file double checking everything related to TLS. It’s also possible that postfix is generating errors silently in /var/log, so check there. Also make sure that the saslauthd service is running and isn’t generating any errors saved to the logs.
Let us know how it turns out. The guide probably needs a bit of updating.
Im getting some issue while installing postfix on my Ubuntu server. Below find log for same. Can anyone help me out?
apt-get install postfix
Reading package lists… Done
Building dependency tree
Reading state information… Done
Suggested packages:
postfix-cdb postfix-ldap postfix-mysql postfix-pcre postfix-pgsql resolvconf sasl2-bin
The following NEW packages will be installed:
postfix
0 upgraded, 1 newly installed, 0 to remove and 993 not upgraded.
1 not fully installed or removed.
Need to get 0B/1160kB of archives.
After this operation, 2695kB of additional disk space will be used.
Preconfiguring packages …
Selecting previously deselected package postfix.
(Reading database … 153695 files and directories currently installed.)
Unpacking postfix (from …/postfix_2.5.1-2ubuntu1.2_i386.deb) …
Setting up tomcat5.5 (5.5.25-5ubuntu1.2) …
chown: `tomcat55:adm’: invalid group
dpkg: error processing tomcat5.5 (–configure):
subprocess post-installation script returned error exit status 1
Setting up postfix (2.5.1-2ubuntu1.2) …
chown: `root:root’: invalid group
dpkg: error processing postfix (–configure):
subprocess post-installation script returned error exit status 1
Processing triggers for libc6 …
ldconfig deferred processing now taking place
Errors were encountered while processing:
tomcat5.5
postfix
E: Sub-process /usr/bin/dpkg returned an error code (1)
Amit,
Just a hunch, but it looks like you have unresolved issues with the package manager and Tomcat. Those need to be taken care of before installing new packages. For example force the abortion of the failing tomcat installation. This service is unrelated to this email setup guide.
There’s no easy answer to that. It really depends on what you deem as safe and acceptable risk. I don’t know the gory details of that option but it does imply that the password is going to be sent in plaintext.
I had to add this
disable_plaintext_auth = no
To my /etc/dovecot/dovecot.conf file to get pop3 working from gmail. Is this safe? I get the same
250-STARTTLS
250-AUTH PLAIN LOGIN
I assume this means my password is being transmitted in plaintext from gmail everytime it checks?
Jon —
http://www.checktls.com/TestReceiver?LEVEL=2
Feel free to add this link in the body of your wonderful tutorial.
Simple annotated mail server test. Site is free with a good privacy policy.
Thanks for this. After trying a number of other tutorials without success, I finally got my mail server up and running. I had Postfix and Dovecot running, and I could send email from the command line, but I couldn’t connect with Thunderbird from another computer. Turns out it was SASL that I was missing.
I have installed everything successfully. But I am still having trouble sending email from the command line. I am not sure if I am doing it right. Can anyone please explain me how to do this ?
At the moment, I am just trying this:
mail my@self.com < emailmessage.html
mutt -e "set content_type=text/html" my@self.com < emailmessage.html
I am a newbie, so please forgive me for my basic questions.
At the bottom of my /var/log/mail.warn I get the error:
dovecot: Killed with signal 15 (by pid=1793 uid=0 code=kill)
I feel it’s so close to working!
Great info !
Thanks a lot, it was always so painfully complicated, this time I really spent no more than 10min setting all up, amazing!
Hi, Do i have to go through each user’s directory and create the Maildir directory, or will they already be there when i setup dovecot for Maildir?
If I recall correctly, the directories will be created for you the first time you setup the account for the user. You might want to refer to the dovecot wiki for confirmation.
I have no words to say thank you, you has done a great job, may God bless you, hugs from Cuba
Problem with SASL
See this link!!
http://www.vivaolinux.com.br/dica/Smtp-autenticado-erro-SASL/
Hi,
im a newbie.. using linux for the past three months.. currently working with django-postgresql application..
i followed all the steps given by u, to set up email server in my machine. im using ubuntu9.04.. when i give ” telnet localhost 25 ” it shows me like this,
Trying ::1…
Trying ::1…
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
Connection closed by foreign host.
what could be the problem?
I just wondering where i can get ehlo tool coz I using ubuntu 9.04 server and istalled postfix separate or whats included in ubuntu package no socha thing as EHLO..
ok never mind about ehlo i just discover another problem after
./courier-dovecot-migrate.pl –to-dovecot –recursive /home
i’ve got error No maildirs found
i justed fixed perl version.
thx
rossi,
If you’re migrating from courier be sure to read the wiki for the latest information: http://wiki.dovecot.org/Migration/Courier.
You only need to follow the instructions in Appendix A if you’re migrating from an existing setup. If this truly is the case, one possibility is that your courier configuration is using the older mailbox format rather than Maildir, but that migration is outside the scope of this article.
is it any mail server program which would be easy to setup i mean without these mile long config files, some nice gui just add FQDNs, IP, users/passwd some mail dir quota, something loke that.
GMail, MobileMe? You could always splurge for a control panel that will assist with some of this, but mile long config files are just a typical day in the life of a Linux systems administrator… Have you considered a managed service from someone like MediaTemple?
Well this works nicely, except for SSL on SMTP.
Is there any way to enable this?
Thanks for a great guide!
Sorry, TLS is what I wanted.
Seems that my virus-scanner doesnt support TLS, so i disabled scanning of outgoing messages.
Everything works now!! wee
Is there any special way to add users to the email system? Aside of sudo useradd name?
olboy, yes, virtual user/boxes are possible. It’s been years since I’ve used them (and on a Exim setup), but Dovecot appears to have a similar capability. Here’s the link: http://wiki.dovecot.org/VirtualUsers.
Jon:
I think that you saved me from institutionalization. Thank you very much for your help. If you need to learn how hard to push the power switch on a Pavilion, let me know: I (modestly) consider myself somewhat of an expert.
blue
Nevermind! Figured it out!
Excellent! Glad to hear that you got it working.
Sam, you would use something like mail.mywebsite.org. For example, the hostname of the server running this blog is “bamboo” so I use the FQDN (bamboo.jonsview.com) in the Postfix configuration. Also keep in mind that the address used for email should match the reverse DNS and MX records, both of which use the same FQDN.
Another little side tip: the hostname should not match any domain that is intended for use on the server. For example, if you wanted to use user@example.org, then the hostname should not be example.org but something unique such as server1.example.org.
Ok, I set it up using mail.mywebsite.org (my website being http://www.mywebsite.org in this example).
I wanted to do all of this so I could use mail on my phpbb forum hosted on my dedicated server. Basically mail wasn’t working (user authenticating emails and such). I’m not quite sure what settings to use now, though. I’ve set it up to work through the local smtp server, however there are 3 boxes I’m unsure what to put in.
Authentication method for SMTP – options are PLAIN, LOGIN, CRAM-MD5, DIGEST-MD5, POP-BEFORE-SMTP – “Only used if a username/password is set, ask your provider if you are unsure which method to use.”
SMTP username – “Only enter a username if your SMTP server requires it.”
SMTP password – “Only enter a password if your SMTP server requires it.”
Considering I did my install pretty much EXACTLY as you wrote above (with the exception of my own passkey in the ssl directory), what do you think my settings may be?
Hi, thanks for a great tut.
Where you said the stuff about setting it up with your root FQDN and server1.example.com (server FQDN), what if my slicehost server is simply mywebsite.org? I don’t have any subdomain for it. Would I set mywebsite.org in both cases, or did you mean for me to setup something like mywebsite.org as root and mail.mywebsite.org as the system mail name?
yes! It is okay now!
Enh…., but using OE is still a problem in receiving an email
The behavior of continually asking for the password seems to indicate that a connection is being made. I would head to the server logs which should indicate why the authorization is being rejected.
Is this configuration supported / easily set up on 64-bit hardware and Ubuntu OS?
Daniel, yes. In fact I wrote the guide walking through my x86_64 Ubuntu install. I would imagine that the Ubuntu setup and configuration would be the same for both 32 and 64-bit.
David, Looks like I forgot to escape the forward slashes. Try this:
[cc lang=”bash”]perl -pi -e ‘s/#mail_location =/mail_location = maildir:\/home\/\%u\/Maildir/’ /etc/dovecot/dovecot.conf[/cc]
and then restart Dovecot.
BTW, ignoring the errors above, I can use evaluation to send and receive the email from my configured server, but when I try to use Outlook Express in Windows, I can only send out email but can not receive one, the OE always prompt me about the password. What’s the problem in this case?
Thanks!
when I try to run this command “perl -pi -e ‘s/#mail_location =/mail_location = maildir:/home/%u/Maildir/’ /etc/dovecot/dovecot.conf”, I got an error and can not proceed.
Here is the details:
syntax error at -e line 1, near “s/#mail_location =/ mail_location = maildir:/home”
Execution of -e aborted due to compilation errors.
Can you give me some suggestions?