SlackServer Plus (aka SlackServer Part II)
By Okibi
This guide assumes you have already setup SlackServer according to my guide. If you haven't, you'll need to do that first. This guide shows you how to setup the mail end of your server so you can have your own mail at your domain name. Let's get started.
NOTE: Bold represents commands you have to enter, Italic represents a part of the code you need to change to suit the situation, and Underline represents the package we are working on and is not a command. We'll also be running these commands as root unless specified otherwise.
SpamAssassin
The first thing we want to do is setup spamassassin. This will bounce all the spam any user receives to a spam@yourdomain.com account. It's a good idea to do this first and get it out of the way. Let's start will getting the spamassassin packages from linuxpackages.net. You will need all three packages, spamassassin, spamassassin-extra, and spamassassin-nonreq. Download them and install them with the following command:
installpkg spamassassin*.tgz
Now we will need to install the Spam Assassin Mail Filter (aka spamass-milter), so download it from linuxpackages as well. Install it with the following command:
installpkg spamass-milter*.tgz
Now let's add the user account that spam will get forwarded to.
adduser spam
You can just hit enter until you get the the password, then specify a password. Now we can start the SpamAssassin Daemon:
pico /etc/rc.d/rc.local
Add the following lines at the end of the file:
spamd -c -d
spamass-milter -p /var/run/spamass.sock -f -b spam@yourdomain.com
Be sure to change edit yourdomain.com to whatever domain you will be using. Now let's move on to sendmail.
ClamAV
Now we want to install clamav to scan our email for viruses, in case we offer email to Windows users. First, download the clamav Slackware package from linuxpackages.net and install it:
installpkg clamav*.tgz
The script will do most the work for you, but we'll edit the sendmail config ourselves in a minute. Now let's continue with sendmail.
SendMail
Next we want to setup sendmail. Sendmail should be installed already so we just need to configure it. First we need to edit inetd:
pico /etc/inetd.conf
Look for the following lines:
# POP and IMAP mail servers
#
# Post Office Protocol version 3 (POP3) server:
#pop3 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/popa3d
# Internet Message Access Protocol (IMAP) server:
#imap2 stream tcp nowait root /usr/sbin/tcpd imapd
We need to uncomment the services. Change the lines so they look like this:
# POP and IMAP mail servers
#
# Post Office Protocol version 3 (POP3) server:
pop3 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/popa3d
# Internet Message Access Protocol (IMAP) server:
imap2 stream tcp nowait root /usr/sbin/tcpd imapd
Save and exit with CTRL+O and then CTRL+X. Now restart inetd:
killall -HUP inetd
Let's see if the ports are open with the following command:
nmap localhost
Hopefully you'll see at least these three lines:
PORT STATE SERVICE
25/tcp open smtp
110/tcp open pop3
143/tcp open imap
Now we need to edit the config file:
pico /usr/share/sendmail/cf/cf/sendmail-slackware.mc
Look for the following line:
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
And change it so it looks like this:
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun,goaway')dnl
That just added some more security. Next we need to add the relay through our ISP's smtp so other servers don't think we are spamming them. Edit the following line to add your ISP's smtp info:
dnl define(`SMART_HOST',`mailserver.example.com')
It should look something like this:
dnl define(`SMART_HOST',`smtp.myisp.com')
Now we need to add the ability to get to an external host. Add the following line right after the lines that say FEATURE:
dnl DAEMON_OPTIONS('Port=smtp,Addr=127.0.0.1, Name=MTA')
We now need to add our domain name to use, so add the following lines after the line we just added:
MASQUERADE_AS(mydomain.com)
MASQUERADE_DOMAIN(mydomain.com)
FEATURE(masquerade_entire_domain)
FEATURE(masquerade_envelope)
You'll need to edit them so it says your domain name instead of mydomain.com. Now change the following line to say your domain name:
LOCAL_DOMAIN(`localhost.localdomain')dnl
Should look something like:
LOCAL_DOMAIN(`mydomain.com')dnl
Now let's add another FEATURE line right after the other FEATURE lines:
FEATURE(relay_based_on_MX)
Next we need to add some lines to configure sendmail to use sasl to authenticate. This will require users to authenticate to send mail through our smtp server. Add these lines:
FEATURE(`authinfo',`hash -o /etc/mail/authinfo.db')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/cacert.pem')dnl
define(`confSERVER_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confAUTH_OPTIONS', `A p y')dnl
Now we can add the following two lines to add the clamav milter:
INPUT_MAIL_FILTER(`clmilter', `S=local:/var/run/clamav-milter/clamd.sock, F=, T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS', `clmilter')
Next add the spamassassin filter to bounce all the spam, so add the following line:
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass.sock, F=,T=C:15m;S:4m;R:4m;E:10m')
Save and exit with CTRL+O and CTRL+X. Now let's apply the config file with the following commands:
cd /usr/share/sendmail/cf/cf
cp sendmail-slackware.mc config.mc
m4 /usr/share/sendmail/cf/m4/cf.m4 config.mc > /etc/mail/sendmail.cf
Before we start sendmail, we need to edit a few more files. First let's edit the local host names file:
pico /etc/mail/local-host-names
Add the domain name and the local host name you will be using on two seperate lines. It should look something like this:
mydomain.com
localhost.localdomain
Both lines need to be changed to reflect your server. Save and exit with CTRL+O and CTRL+X.
Next we will create our authinfo file for us to use for a login to our ISP's smtp server which we will relay our emails through.
pico /etc/mail/authinfo
The following info needs to be added and edited to reflect your login to your ISP. If your ISP doesn't require a login, create this file and leave it empty. If they do require a login, add this, but remember to edit it:
AuthInfo:mailserver.com "U:usernamehere" "P:passwordhere" "M:PLAIN"
AuthInfo: "U:usernamehere" "P:passwordhere" "M:PLAIN"
Change the permissions on the authinfo file because it contains your password:
chmod 660 /etc/mail/authinfo
Convert the authinfo file to a db file so it can be used by sendmail:
makemap hash /etc/mail/authinfo < /etc/mail/authinfo
For sasl to function correctly (and to use SSL), we need to create our Certificate Authority. We can do this with the following commands:
mkdir /etc/mail/certs
cd /etc/mail/certs
openssl req -new -x509 -keyout cakey.pem -out cacert.pem -days 1865
You will be prompted for some info. Fill it out however you need, but be sure to set Common Name to your FQDN (fully qualified domain name) such as www.mydomain.com. Now we need to make a signed certificate for our Certificate Authority with the following command:
openssl req -nodes -new -x509 -keyout sendmail.pem -out sendmail.pem -days 1460
Our certificate contains sensitive info so we need to protect it with the following command:
chmod 600 sendmail.pem
Now we want to start the salsauth daemon to start at boot, so let's add it to our rc.local file:
pico /etc/rc.d/rc.local
Add the following line to the very end:
saslauthd -a shadow
Specifying shadow at the end let's the sasl daemon know that we want to use our local users. Let's go ahead and start the sasl daemon:
saslauthd -a shadow
Now we can turn on sendmail:
chmod +x /etc/rc.d/rc.sendmail
/etc/rc.d/rc.sendmail restart
POP3AD
POP3AD comes completely configured out of the box. There is no need to edit anything for this.
SquirrelMail
To give users access to, web-based mail, we'll install SquirrelMail. Download the latest release from SquirrelMail.org to somewhere in the root of your web files. Now let's untar the package:
tar -xzf squirrelmail-xxx.tar.gz
Now let's rename the directory to something easy like webmail:
mv squirrelmail-xxx webmail
Change to the config directory in the new webmail directory:
cd webmail/config
Next we will run the configuration perl script:
./conf.pl
You'll see a little setup program run in the terminal. Press 2 to go to the Server Settings, and then 1 to change the domain name you will be using. Here you need to use the same domain name we used when we setup sendmail. Press S to save your changes and press R to return to the main menu. Now press D to go to the pre-set IMAP servers. Select uw and press S to save your changes and then press Q to quit the configuration tool.
Now we need to change some permissions, but first go up a level:
cd ..
If the owner of the webmail data files isn't the same owner as your other web files, change the owner now with the following command:
chown -R user data
Next we will change permissions on the data files. This will all depend on your setup, but if you've followed the SlackServer guides so far, running this command will work for you:
chmod 765 data
Point your web browser to http://www.yourdomain.com/webmail and you should be presented with SquirrelMails login screen.
Finishing Up
You should be good to go! You can use pine to check your email now, setup the POP3 and SMTP info in your email client of choice, or use the webmail. Remember, if you want to add a email user, just add a user to your system and they will automatically get email. For your POP3 and SMTP addresses, use the domain name you gave to your server. The next guide, SlackServer Pro, will cover installing Apache VHosts, BindDNS, and more!