So, I currently have the following on my VPS so that I can properly run my own mail server:
- sendmail: for SMTP mail
- dovecot: for POP3 mail
When I set them up, I made it so that I could emulate what I originally had through phpwebhosting.com, which was basically “all mail gets forwarded to one mail box, then that mail box is downloaded.”
So, since I use an internet service that prevents Port 25 connection, it renders my sendmail ability null and void.
I do know that I need to get TLS up and running so I can use that to connect to instead of standard SMTP to relay mail. I just need to figure out how to setup the mail servers again and how to configure it up so I don’t interrupt my production setup already. Sooo….
Lets get things installed:
As usual, I use a minimal-installed Centos 6.8 system, yum upgraded, and no additional users. According to my documentation, i’ll need 3 things to yum install:
- dovecot – a secure and highly configurable IMAP and POP3 server
- sendmail – an electronic mail transport agent
- saslauthd – sasl authentication server
We need dovecot as the retrieval mechanism, and it won’t be configured just yet.
We need sendmail to …. send email.
We need saslauthd so that we can AUTH our sendmail instance, which allows us to not mail-proxy the world.
[root@mailboy ~]# yum install sendmail sendmail-cf cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain dovecot Package cyrus-sasl-2.1.23-15.el6_6.2.x86_64 already installed and latest version Resolving Dependencies --> Running transaction check ---> Package sendmail.x86_64 0:8.14.4-9.el6_8.1 will be installed --> Processing Dependency: procmail for package: sendmail-8.14.4-9.el6_8.1.x86_64 --> Processing Dependency: libhesiod.so.0()(64bit) for package: sendmail-8.14.4-9.el6_8.1.x86_64 --> Running transaction check ---> Package sendmail-cf.noarch 0:8.14.4-9.el6_8.1 will be installed --> Running transaction check ---> Package hesiod.x86_64 0:3.1.0-19.el6 will be installed ---> Package procmail.x86_64 0:3.22-25.1.el6_5.1 will be installed --> Running transaction check ---> Package cyrus-sasl-devel.x86_64 0:2.1.23-15.el6_6.2 will be installed ---> Package cyrus-sasl-gssapi.x86_64 0:2.1.23-15.el6_6.2 will be installed ---> Package cyrus-sasl-md5.x86_64 0:2.1.23-15.el6_6.2 will be installed ---> Package cyrus-sasl-plain.x86_64 0:2.1.23-15.el6_6.2 will be installed ---> Package dovecot.x86_64 1:2.0.9-22.el6 will be installed --> Processing Dependency: portreserve for package: 1:dovecot-2.0.9-22.el6.x86_64 --> Running transaction check ---> Package portreserve.x86_64 0:0.0.4-11.el6 will be installed --> Finished Dependency Resolution Installed: sendmail.x86_64 0:8.14.4-9.el6_8.1 cyrus-sasl-devel.x86_64 0:2.1.23-15.el6_6.2 cyrus-sasl-gssapi.x86_64 0:2.1.23-15.el6_6.2 cyrus-sasl-md5.x86_64 0:2.1.23-15.el6_6.2 cyrus-sasl-plain.x86_64 0:2.1.23-15.el6_6.2 dovecot.x86_64 1:2.0.9-22.el6 Dependency Installed: hesiod.x86_64 0:3.1.0-19.el6 procmail.x86_64 0:3.22-25.1.el6_5.1 portreserve.x86_64 0:0.0.4-11.el6 Complete!
And that takes care of 99% of everything we need! Just need to make sure we have our services:
[root@mailboy ~]# service sendmail status sendmail is stopped sm-client is stopped [root@mailboy ~]# service dovecot status dovecot is stopped [root@mailboy ~]# service saslauthd status saslauthd is stopped [root@mailboy ~]#
Bingo!
Configuring Sendmail:
This…this is a pain in the ass. Get to /etc/mail, which is where sendmail claims its territory.
So, the first thing we need to do is /know/ what we need to do. This can be pretty hard and daunting at the start, but i’ve seemed to break this down to a couple steps.
Some configuration files are easy, plain-texty-types. Others are “learn M4, make, compile, pray”.
local-host-names: Easy plain-text list of all domains you are accepting mail from. There shouldn’t really be much aside from “Edit with favorite editor, then edit more and more”. A sample entry is as easy as derpydoodles.com
virtusertable: This is the “who gets what mail, and where mail can go to” configuration. Before digging into this, I created a linux postyman user to have all domains listed in the local-host-names dump their mail to. Seemed pretty easy. The configuration to place into this file ended up being:
# http://www.yolinux.com/TUTORIALS/Sendmail.html # File /etc/mail/virtusertable (Optional) Allows the separation of emails by domain. i.e. greg@domain1.com and greg@domain2.com go to two different users greg1 and greg2. # webmaster@domain-1.com dave # webmaster@domain-2.com john # john@domain-2.com john # @domain-2.com error:nouser User unknown # @domain3.com mathew # The second column is the local user, a remote forwarding email address or a mailing list entry in /etc/aliases. ######################################## # NOTE: Check /etc/aliases to make sure that you dont use one there before putting it here ######################################## # Make all email to all domains below go to postmaster. @derpydoodles.com postyman
After this configuration is done, we have to “build the database!”. This is sort-of easy:
makemap hash /etc/mail/virtusertable < /etc/mail/virtusertable
sendmail.mc: This is a son-of-a-doggie.
So, the first thing is to get Authentication rolling up. I’ve copy/pasted the changes necessary to get “AUTH LOGIN” working for sendmail:
Uncomment:
dnl # dnl # The following allows relaying if the user authenticates, and disallows dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links dnl # define(`confAUTH_OPTIONS', `A p')dnl define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
Comment and Add:
dnl # TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl # define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_OPTIONS', `A')dnl define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl TRUST_AUTH_MECH(`LOGIN PLAIN')dnl dnl #
Comment and Modify:
dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # dnl #DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl dnl #
And finally, allow the extra port for funsies:
DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')dnl
And then we need to “compile” this out…
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
Start some services:
[root@mailboy mail]# service saslauthd start Starting saslauthd: [ OK ] [root@mailboy mail]# service sendmail start Starting sendmail: [ OK ] Starting sm-client: [ OK ] [root@mailboy mail]#
And testing: