Setting up a mail server

Discuss Networking
Post Reply
shuiend
scripter
scripter
Posts: 91
Joined: Mon Apr 28, 2003 8:05 pm

Setting up a mail server

Post by shuiend » Tue Feb 03, 2004 8:42 pm

After having lots of problems with email hosts lately i decided that i want to set up my own email server. Whats the best way to do that? I want to be able to connect with pop3 and send smtp out of it. I am planning if i get it working well my whole family moving to it.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Tue Feb 03, 2004 9:10 pm

I have my own server at a hosting facility (my buddy runs the facility and is nice enough to let me steal his bandwidth and power). Actually I have several sites/domains on this server as well as many email accounts (pop, imap, etc) including addresses for my whole familiy. If you have a good line (T1, etc) then it's no problem, any Linux distro is ready to go out of the box with very very minor customization to get things going (I could do a scratch Fedora or RHAS install and have a web site and email server running in less than an hour, easy).

You can do it on cable or dsl as well as long as you have a static IP address. Just beware that many sites block cable/DSL address ranges (mostly dynamic ranges though). For instance, I send mail directly from the void server rather than relaying it through another server and a lot of places block my mail just because I am on a dynamic IP range. I could have my void server configured to forward through my server at my buddy's facility but that could blow my cover. :)

shuiend
scripter
scripter
Posts: 91
Joined: Mon Apr 28, 2003 8:05 pm

Post by shuiend » Tue Feb 03, 2004 10:04 pm

I was wondering more of what software i would install to set it up and what not? I was actually planning on using fedora for the server os though so its nice to know it dosent take long to set up.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Tue Feb 03, 2004 10:21 pm

It all comes with Fedora. Sendmail (or postfix) is your mail transport for sending and receiving mail. All of the other pieces pop, imap etc are simple xinetd services. I can't remember the name of the group that it falls under at install time (I think it's under a general category like "common network services"). If it doesn't get installed during the CD install it's all in the "imap" RPM on disk 2. Just install it and that's about all there is to it. Just add local users and they automatically have an imap and/or pop account if you have those services turned on:

Code: Select all

# chkconfig imap on
# chkconfig imaps on
# chkconfig ipop3 on
# chkconfig pop3s on
# service xinetd reload
If you want your machine to be able to receive mail then you'll need to edit your /etc/mail/sendmail.mc file and comment out this line:

Code: Select all

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
like so:

Code: Select all

dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
then restart sendmail:

Code: Select all

# service sendmail restart
This will cause sendmail to listen on port 25 on your ethernet interface so it can receive mail (SMTP). Of course you'll need an MX record in DNS for your domain that points to your server's IP address.

You'll likely have to change one or two more lines in your /etc/mail/sendmail.mc to get outgoing mail working exactly as you want but if you get to that point and need help just ask for help as you need it.

That's really about the basics of it. You might want to get into it a little deeper and create user aliases (add aliases in /etc/aliases) and have multiple domains, etc. All of that configuration is done in the files in the /etc/mail directory.

shuiend
scripter
scripter
Posts: 91
Joined: Mon Apr 28, 2003 8:05 pm

Post by shuiend » Wed Feb 04, 2004 9:02 pm

ok i just installed fedora and after first boot it tried the chkconfig imap on and it gave me an error the error was " error reading information on services imap: No such file or directory" I tried the other services to and they gave me the same errors. So what does that mean?

Master of Reality
guru
guru
Posts: 562
Joined: Thu Jan 09, 2003 8:25 pm

Post by Master of Reality » Thu Feb 05, 2004 6:36 pm

they are not installed. Use apt-get or install them from the CD. I believe void said the package was named imap and sendmail

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Thu Feb 05, 2004 7:32 pm

Yeah, stick CD 1 in your drive and:

# mount /mnt/cdrom
# rpm -Uvh /mnt/cdrom/Fedora/RPMS/sendmail*
# eject

then stick CD 3 in your drive and:

# mount /mnt/cdrom
# rpm -Uvh /mnt/cdrom/Fedora/RPMS/sendmail*
# rpm -Uvh /mnt/cdrom/Fedora/RPMS/imap*
# eject

Or you could use your add/remove applications on the menu.

agent007
administrator
administrator
Posts: 254
Joined: Wed Feb 12, 2003 11:26 pm

Post by agent007 » Sat Feb 21, 2004 12:31 pm

Void,

What about security issues? Is it a good idea to run a mail-server on a T1/DSL line? since it can be easily hacked and turned into a box for spamming....

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Sat Feb 21, 2004 12:43 pm

agent007 wrote:What about security issues? Is it a good idea to run a mail-server on a T1/DSL line? since it can be easily hacked and turned into a box for spamming....
It would be hard for people to send mail to each other without mail servers. For the record, I have been running sendmail servers on T1's and above for the better part of 15 years and I have never had sendmail cracked on any of my systems. To be honest I don't even recall of knowing anyone first hand who has had a sendmail server cracked. I won't say the same for bind, wu-ftpd, or even Apache though. Like everything else, keep your system up to date and securely configured and you won't have a problem. Sendmail is a lot more security conscious than it once was way back when it got it's bad rep. For instance, if a buffer overflow exploit were discovered at least now it is very unlikely that they can get a root shell (privilege separation is much improved).

Of course that doesn't mean you shouldn't turn it off if you are not using it. Sure, the more things you have running the more chances there are for an exploit but turn on what you need, keep it up to date and properly configured, turn off everything else.

You might be thinking of people who have their servers misconfigured and allow open relaying. A spammer could use their server as a spam relay in this case, but they would be allowing it, it's not broken. They can just go to any RBL site (www.ordb.org, www.njabl.org, mail-abuse.org/rbl/, etc) and test their server to see if it detects it as an open relay (if they don't know any other way to do it, or they can give me their IP address and I can check it out).

The only machines I have seen that have serious problems with being turned in to zombie spam spewers are Windows machines. See my analysis:

http://voidmain.is-a-geek.net/spam/

The above is not made up. I tracked all the spam that I got for a period of time that made it past my RBL filters and investigated the source. Notice that *all* of it came from Windows machines, most of them probably infected with the Windows virus of the day. I didn't have one case of a SPAM message coming from a legit Linux/UNIX based sendmail server.

agent007
administrator
administrator
Posts: 254
Joined: Wed Feb 12, 2003 11:26 pm

Post by agent007 » Sun Feb 22, 2004 12:18 pm

wow!! The hall of shame is really cool! Does nmap keep on scanning all IP's? What about the bandwith usage? Neat idea void...Btw, why dont u just link it to that anti-virus page? There'd be a rush to dl the 'solution' 8-)

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Sun Feb 22, 2004 8:03 pm

No, I just ran nmap manually on only the IP that the spam message came from. I also ran nmblookup on them (same as NBTSTAT in Windows) if the Windows ports were open. If 25 is open I also telneted to it and manually sent a message to the postmaster explaining my displeasure. You are right, I will link that page and this thread to the AV page. Thank for the idea!

agent007
administrator
administrator
Posts: 254
Joined: Wed Feb 12, 2003 11:26 pm

Post by agent007 » Wed Feb 25, 2004 11:59 am

Void,

I was just going through a book from RedHat and they mentioned nothing about those extra settings on how to secure sendmail or apache....any idea as to where I may find info on how to edit the default and keep it secure?

thanks..

Post Reply