I recently spent some quality time (read: 6 hours) setting up email services on my server with Ubuntu Hardy. Here’s a very quick mini-tutorial of the steps that got me up and running with IMAP, SMTP, TLS, and POP3.
Preamble
For the most part I followed the instructions on The Perfect Setup but there are a few quirks to watch out for in this newest Ubuntu version. So let’s get down to business. You will probably want to do this as root so you can save your fingers from typing sudo multiple times.
Update 3/26/2009: People have reported that this works on Ubuntu Intrepid, however you may want to consider my newer guide using Postfix and Dovecot.
Postfix
Let’s get core mail functionality going with postfix:
aptitude install libsasl2 sasl2-bin libsasl2-modules libdb-dev procmail
You will be asked a few questions. Here are the answers for some of them:
General type of configuration? <– Internet Site
Mail name? <– server1.example.com
Now run:
dpkg-reconfigure postfix
Again, you’ll be asked some questions:
General type of configuration? <– Internet Site
Where should mail for root go? <– Leave blank
Mail name? <– server1.example.com
Other destinations to accept mail for? <– server1.example.com, example.com, localhost.example.com, localhost
Force synchronous updates on mail queue? <– No
Local networks? <– 127.0.0.0/8
Use procmail for local delivery? <– Yes
Mailbox size limit? <– 0
Local address extension characters? <– +
Internet protocols to use? <– all
Now add some configuration directives to the postfix configuration file:
postconf -e 'smtpd_sasl_local_domain =' postconf -e 'smtpd_sasl_auth_enable = yes' postconf -e 'smtpd_sasl_security_options = noanonymous' postconf -e 'broken_sasl_auth_clients = yes' postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination' postconf -e 'inet_interfaces = all' echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf
Now take care of the certificates for TLS. You will be asked several questions for each certficate, fill them in as you feel best:
mkdir /etc/postfix/ssl cd /etc/postfix/ssl/ openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 chmod 600 smtpd.key openssl req -new -key smtpd.key -out smtpd.csr openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt openssl rsa -in smtpd.key -out smtpd.key.unencrypted mv -f smtpd.key.unencrypted smtpd.key openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Now configure Postfix for TLS:
postconf -e 'smtpd_tls_auth_only = no' postconf -e 'smtp_use_tls = yes' postconf -e 'smtpd_use_tls = yes' postconf -e 'smtp_tls_note_starttls_offer = yes' postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key' postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt' postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem' postconf -e 'smtpd_tls_loglevel = 1' postconf -e 'smtpd_tls_received_header = yes' postconf -e 'smtpd_tls_session_cache_timeout = 3600s' postconf -e 'tls_random_source = dev:/dev/urandom' postconf -e 'myhostname = server1.example.com'
Restart Postfix:
/etc/init.d/postfix restart
Authentication will be done by saslauthd. We have to change a few things to make it work properly. Because Postfix runs chrooted in /var/spool/postfix we have to do the following:
mkdir -p /var/spool/postfix/var/run/saslauthd
Now you have to edit /etc/default/saslauthd in order to activate saslauthd. Remove # in front of START=yes and add the line
OPTIONS=”-c -m /var/spool/postfix/var/run/saslauthd”
Note: The OPTIONS line may already exist with a different setting.
vi /etc/default/saslauthd
Now set the run directory using dpkg-statoverride
dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
And add the postfix user to the sasl group:
adduser postfix sasl
Finally start saslauthd:
/etc/init.d/saslauthd start
Test
Test to make sure that mail and SMTP is now working. Here are some quick tips:
To see if SMTP-AUTH and TLS work properly:
telnet localhost 25
After you have established the connection to your Postfix mail server, type:
ehlo localhost
If you see the lines
250-STARTTLS and 250-AUTH then everything is fine and you can return to the system’s shell.
quit
Courier-IMAP/Courier-POP3
We’re on the home stretch now. Run this to install Courier-IMAP/Courier-IMAP-SSL and Courier-POP3/Courier-POP3-SSL:
aptitude install courier-authdaemon courier-base courier-imap courier-imap-ssl courier-pop courier-pop-ssl courier-ssl gamin libgamin0 libglib2.0-0
You will be asked some questions:
Create directories for web-based administration? <– No
SSL Certificate required? <– Ok
Now let’s tell Postfix to use Maildir:
postconf -e 'home_mailbox = Maildir/' postconf -e 'mailbox_command =' /etc/init.d/postfix restart
Email Nirvana
If everything went smoothly you should now be in email nirvana. Each user has their own email account and you can move on to setting up virtual accounts if you desire.
Troubleshooting
I have always found setting up mail services on servers the most finicky. In the event of trouble the best place to head is /var/log and take a look at the mail logs. If your connection is getting to the server those will tell you what’s going on.
Let me know if this helped you or if I made an omission.
The miracle guide to setting up a mail server.
First time in 5 years I can set up a mail server with absolutely no headaches. I followed this article step by step, and everything was working at once. Took me less than 20 minutes.
Thanks a lot Jon
I’m at the following command:
vi /etc/default/saslauthd
The file appears to be empty. Any idea of where I may have gone wrong?
Michael, I’d try purging the three sasl packages and then reinstalling them. Hopefully that should get the default configuration in there. Another option is to pull it from another system, but a basic configuration has always been provided upon install for me.
Thanks for the quick response! I just tried to install them again and realized that it couldn’t find any of the packages. I’ve done the test prescribed above though and all seems to be working. Should I worry about it? I’m frightfully new to server setup so please excuse me if this is a ridiculous question.
I believe, based on my installation on Ubuntu Intrepid/Jaunty, that only the sasl2-bin package is required.
If you’ve tested and everything is working to your satisfaction, then “if it’s not broken, don’t fix it,” or so the saying goes. You’ll want to perform real tests with email accounts and authentication. Just because starttls and auth are listed in the ehlo doesn’t mean that it’s working. The service could be available, but if not properly configured then you won’t be able to authenticate.
If this is a new install you might want to consider starting fresh with the latest version of Ubuntu and using my Postfix+Dovecot guide. Dovecot should give you much better performance on large mail boxes compared to Courier.
Jon,
You are a savior! I’ve been struggling with the SASL config for an extended period of time. Thank you for sharing a recipe that actually works.
Oh ya, and:
Great guide – works perfectly for the rest. Kinda rare for an email guide to work that smoothly. Thanks!
I’m glad to hear that things went smoothly. I did a little searching this morning and it does look like libdb3 was removed in favor of libdb4.6. There does appear to be a difference between db4.6 and libdb4.6 in that libdb only contains the runtime package for use by other programs. Since everything is working, my guess is that db-util also encompasses the runtime package.
I’ve updated the instructions to use libdb-dev which should pull down the latest version as part of the dependencies (theoretically).
the package “libdb3-util” that is referred to in the first code-line does not exist in hardy. Can it be replaced by “db4.3-util” without any subsequent changes?
Elvin,
Give libdb-dev and its dependency, libdb4.6-dev, a shot. Let me know if that works and I’ll adjust the instructions.
I’m sorry, I’m too inexperienced to give a feedback on this. I followed your guide using db4.3-util and adding postfix itself to the line in question and everything works perfectly. I can’t justify more downtime to the staff to replicate the scenario with libdb4.6 – sorry.
thank you! I was having issues like no other! THANKS!
you have a spare > in the third line down of now configure postfix for tls
postconf -e ‘smtp_tls_note_starttls_offer = yes’>
but overall it works on ubuntu 8.10
Thanks Nigel. I have fixed the error.
@Jason – I would try removing everything and attempt the installation again–the configuration can be very particular I’ve found. It seems as if the SASL and TLS parts are not installed or configured properly….
Everything seems fine until I reach the test section
I try
ehlo localhost
and I get the following output
250-sandman.inadaze.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250 ENHANCEDSTATUSCODES
Any suggestions of what is wrong?
thanks
jay
Thanks This one actually worked
I spent the last week trying different schemes to get the sasl working under Hardy this one is the only one I found that changed the saslauthd permissions correctly. Now I can finally get some sleep.
I am going to put a tag so that Google can find you better.
SASLAUTHD POSTFIX IMAPD MAIN.CF AUTHDAEMON UBUNTU HARDY
@RoyBot, Removing the -f argument should get you going.
I’m actually not sure why I put that in there… I double checked my config and I’m not using it so I’ve removed it from the instructions.
Great article… Not quite working for me yet. I’m on Debian and it seems like it choked at:
OPTIONS=â€-c -m /var/spool/postfix/var/run/saslauthd -fâ€
and kicked out of the restart unable to interpret the “-f”
Thoughts?
Thanks for the heads up on that! It seems like my double hyphens were automatically being converted to ellipses. I put all of the commands in pre tags so that they’re preserved.
Thanks for putting this together Jon! Great article! I wish I had this the first time around!
One correction though:
dpkg-statoverride –add root sasl 710 /var/spool/postfix/var/run/saslauthd
should be…
dpkg-statoverride -–add root sasl 710 /var/spool/postfix/var/run/saslauthd