Documents

Howtos — Email

This document describes the procedure on how to install and configure Postfix as MTA/SMTP server. The objective of this document is to enable Postfix to accomodate virtual domains where email accounts are stored in a database server (PostgreSQL), be able to identify spam and check emails for spam (SpamAssassin) and virus (ClamAV) signatures, and make use of maildir (maildrop) format of storing emails.

Tools used are: Postfix-2.4.6, PostgreSQL-8.2.6, Courier-Authlib-0.60, Courier-IMAP-4.3.0, ClamAV-0.92, ClamAssassin-1.2.4, SpamAssassin-3.2.3, Maildrop-2.0.4, and Altermime-0.3.8

Prepare PostgreSQL

Get an rpm version of PostgreSQL at http://download.fedora.redhat.com/pub/fedora/linux
Install PostgreSQL and its dependencies by executing this command:
`# rpm -Uvh postgresql-x.x.x.rpm postgresql-server-x.x.x.rpm postgresql-libs-x.x.x.rpm postgresql-devel-x.x.x.rpm'
Let PostgreSQL initialize its own core structure, by executing this command:
`# /etc/rc.d/init.d/postgresql initdb'
Edit /var/lib/pgsql/data/pg_hba.conf, and add this entry:
host all all 127.0.0.1 255.255.255.0 trust
Permamently include PostgreSQL during system boot-up sequence by executing these:
# /sbin/chkconfig --add postgresql
# /sbin/chkconfig --level 12345 postgresql off
# /sbin/chkconfig --level 3 postgresql on

Prepare Courier-Authlib

Get an bz2 version of Courier-Authlib at http://www.courier-mta.org/download.php#authlib
Extract Courier-Authlib at $HOME/download by executing this command:
$ bunzip2 courier-authlib-x.x.x.tar.bz2
$ tar xvf courier-authlib-x.x.x.tar
Build Courier-Authlib by following the instruction found in $HOME/download/courier-authlib-x.x.x/README file. For presentation purposes, here are the steps to build Courier-Authlib:
$ $HOME/download/courier-authlib-x.x.x/configure
      --prefix=/usr
      --sysconfdir=/etc
      --without-authpwd
      --without-authshadow
      --without-authvchkpw
      --without-ldap
      --without-mysql
$ $HOME/download/courier-authlib-x.x.x/make
# $HOME/download/courier-authlib-x.x.x/make install
Create /etc/authlib/authpgsqlrc file and add these entries:
PGSQL_PORT /tmp/.s.PGSQL.5432
..
Set /usr/var/spool/authdaemon directory viewable to all by executing this:
# /bin/chmod ugo+rx /usr/var/spool/authdaemon
Permamently include Courier-Authlib during system boot-up sequence by executing these:
# /sbin/chkconfig --add courier-authlib
# /sbin/chkconfig --level 12345 courier-authlib off
# /sbin/chkconfig --level 3 courier-authlib on

Prepare Courier-IMAP

Get an bz2 version of Courier-IMAP at http://www.courier-mta.org/download.php#maildrop
Extract Courier-IMAP at $HOME/download by executing this command:
$ bunzip2 courier-imap-x.x.x.tar.bz2
$ tar xvf courier-imap-x.x.x.tar
Build Courier-IMAP by following the instruction found in $HOME/download/courier-imap-x.x.x/README file. For presentation purposes, here are the steps to build Courier-IMAP:
$ $HOME/download/courier-imap-x.x.x/configure
--prefix=/usr
--sysconfdir=/etc/courier-imap
$ $HOME/download/courier-imap-x.x.x/make
$ $HOME/download/courier-imap-x.x.x/make check
# $HOME/download/courier-imap-x.x.x/make install
# $HOME/download/courier-imap-x.x.x/make install-configure
Edit /etc/imapd.cnf file
Edit /etc/imapd and /etc/imapd-ssl files
Permamently include Courier-IMAP during system boot-up sequence by executing these:
# /sbin/chkconfig --add courier-imap
# /sbin/chkconfig --level 12345 courier-imap off
# /sbin/chkconfig --level 3 courier-imap on

Prepare ClamAV

Please note that the daemonized ClamAV (clamd) will be using vmail* user as this will allow ClamAV to work in parallel with SMTP/MTA (Postfix).

Get an tgz version of ClamAV at http://www.clamav.org/download/sources/
Extract ClamAV at $HOME/download by executing this command:
`# tar xvzf clamav-x.x.x.tgz'
Build ClamAV by following the instruction found in $HOME/download/clamav-x.x.x/README file. For presentation purposes, here are the steps to build ClamAV:
$ $HOME/download/clamav-x.x.x/configure --prefix=/usr --sysconfdir=/etc
$ $HOME/download/clamav-x.x.x/make
# $HOME/download/clamav-x.x.x/make install
Create /etc/clamd.conf file and add these entries:
LogFile /var/log/clamd.log
LogFileMaxSize 0
LogSyslog
LogFacility LOG_MAIL
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /var/tmp
DatabaseDirectory /home/clamav
LocalSocket /tmp/clamd
FixStaleSocket
MaxConnectionQueueLength 30
MaxThreads 50
ReadTimeout 300
User vmail
ScanPE
ScanMail
ScanHTML
ScanArchive
ArchiveMaxCompressionRatio 300
ArchiveBlockEncrypted
ArchiveBlockMax
Copy `$HOME/download/clamav-x.x.x/contrib/init/Redhat/clamd' to /etc/rc.d/init.d/ and replace:
progdir="/usr/local/sbin" with progdir="/usr/sbin"
Execute following command to add ClamAV's library files to system libraries:
# /sbin/ldconfig
Create /var/log/clamd.log file and set its owner to vmail*.
# /bin/touch /var/log/clamd.log
# /bin/chown vmail.vmail /var/log/clamd.log
Fire up ClamAV by executing this command:
# /etc/rc.d/init.d/clamav start

To include ClamAV during system initialization, execute these:
# /sbin/chkconfig --add clamav
# /sbin/chkconfig --level 12345 clamav off
# /sbin/chkconfig --level 3 clamav on

Update ClamAV Virus Database

Create /etc/freshclam.conf file and add these entries:
DatabaseDirectory /home/clamav
UpdateLogFile /var/log/freshclam.log
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror db.ph.clamav.net
DatabaseMirror database.clamav.net
Checks 24
NotifyClamd /etc/clamd.conf
Create /etc/cron.daily/00freshclam file and add these entries:
#!/bin/bash
/usr/bin/freshclam --datadir=/home/clamav --log=/var/log/freshclam.log
Create /var/log/freshclam.log file and set its owner to ClamAV.
# /bin/touch /var/log/freshclam.log
# /bin/chown clamav.clamav /var/log/freshclam.log
To have an initial ClamAV virus signatures database, execute the following command to download them:
# /etc/cron.daily/00freshclam

Prepare ClamAssassin

Get an tgz version of ClamAssassin at http://jameslick.com/clamassassin/
Extract ClamAssassin at $HOME/download by executing this command:
# tar xvzf clamassassin-x.x.x.tgz
Build ClamAssassin by following the instruction found in $HOME/download/clamassassin-x.x.x/README file. For presentation purposes, here are the steps to build ClamAssassin:
$ $HOME/download/clamassassin-x.x.x/configure
      --prefix=/usr
      --enable-clamdscan
      --disable-subject-rewrite
      --enable-version-check
      --disable-name-adding
$ $HOME/download/clamassassin-x.x.x/make
# $HOME/download/clamassassin-x.x.x/make install

Prepare SpamAssassin

Please note that the daemonized SpamAssassin (spamd) will be using vmail user as this will allow SpamAssassin to work in parallel with SMTP/MTA (Postfix).

Get an rpm version of SpamAssassin at http://download.fedora.redhat.com/pub/fedora/linux
Install SpamAssassin and its dependencies by executing this command:
# rpm -Uvh spamassassin-x.x.x.rpm
Create /etc/sysconfig/spamassassin file and add this entry:
SPAMDOPTIONS="-d -c -m5 -H -u vmail"
Copy local.cf to /etc/mail/spamassassin directory and modify the file to suit up the requirements
Permamently include SpamAssassin during system boot-up sequence by executing these:
# /sbin/chkconfig --add spamassassin
# /sbin/chkconfig --level 12345 spamassassin off
# /sbin/chkconfig --level 3 spamassassin on

Prepare Maildrop

Get an bz2 version of Maildrop at http://www.courier-mta.org/download.php#maildrop
Extract Maildrop at $HOME/download by executing this command:
$ bunzip2 maildrop-x.x.x.tar.bz2
$ tar xvf maildrop-x.x.x.tar
Build Maildrop by following the instruction found in $HOME/download/maildrop-x.x.x/README file. For presentation purposes, here are the steps to build Maildrop:
$ $HOME/download/maildrop-x.x.x/configure
      --prefix=/usr
      --sysconfdir=/etc
      --enable-maildirquota
      --without-db
$ $HOME/download/maildrop-x.x.x/make
# $HOME/download/maildrop-x.x.x/make install
Copy maildroprc to /etc directory and modify the file to suit up the requirements

Prepare Altermime

Get an tar version of Altermime at http://www.pldaniels.com/altermime/
Extract Altermime at $HOME/download by executing this command:
$ tar xvf altermime-x.x.x.tar
Build Altermime by following the instruction found in $HOME/download/altermime-x.x.x/INSTALL file. For presentation purposes, here are the steps to build Altermime:
$ $HOME/download/altermime-x.x.x/make
# cp $HOME/download/altermime-x.x.x/altermime /usr/bin
# chown root.root /usr/bin/altermime
# chmod 755 /usr/bin/altermime
# useradd -r -c "Postfix Filter" -d /var/spool/filter filter
# mkdir /var/spool/filter
# chown filter.filter /usr/bin/altermime
# chmod 750 /var/spool/filter
Create /etc/postfix/disclaimer.sh script that will call Altermime for Postfix, and add these entries:
#!/bin/sh
INSPECT_DIR=/var/spool/filter
SENDMAIL="/usr/sbin/sendmail"
EX_TEMPFAIL=75
EX_UNAVAILABLE=69
trap "rm -f in.$$" 0 1 2 3 15
cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }
cat > in.$$ || { echo Cannot save mail to file; exit $EX_TEMPFAIL; }
/usr/bin/altermime --input=in.$$ \
   --disclaimer=/etc/postfix/disclaimer.txt \
   --disclaimer-html=/etc/postfix/disclaimer.txt \
   --xheader="X-Copyrighted-Material: Visit http://www.mu.edu.ph/this/privacy.php" || \
   { echo Message contect rejected; exit $EX_UNAVAILABLE; }
$SENDMAIL "$@" < in.$$
exit $?

Check master.cf how Altermime is invoke by Postfix.
Add filter in /etc/mail/trusted-users to get rid of X-Authentication-Warning:...-f
Create /etc/postfix/disclaimer.txt as footer text for every out-going email. Check http://www.emaildisclaimers.com for samples

Prepare Postfix

Get an src.rpm version of Postfix at http://ftp.wl0.org/official/
Create $HOME/.rpmmacros and add the following lines:
%_rpmdir $HOME/rpm
%_topdir $HOME/rpm
%_sourcedir $HOME/rpm/SOURCES
%_specdir $HOME/rpm/SPECS
Create these directories in $HOME using mkdir command:
$ /bin/mkdir $HOME/rpm
$ /bin/mkdir $HOME/rpm/SOURCES
$ /bin/mkdir $HOME/rpm/SPECS
$ /bin/mkdir $HOME/rpm/x86_64
Install postfix-x.x.x.src.rpm to $HOME/rpm by executing this command:
$ rpm -Uvh postfix-x.x.x.src.rpm
Set $HOME/rpm/SOURCES/make-postfix.spec variables using export:
$ export POSTFIX_PGSQL=1
$ export POSTFIX_PCRE=1
$ export POSTFIX_SASL=2
$ export POSTFIX_TLS=1
$ export POSTFIX_VDA=1
$ export POSTFIX_LDAP=0
Execute these commands to create a new Postfix that support PostgreSQL (PGSQL), Perl Compatible Regular Expressions (PCRE), and Simple Authentication and Security Layer / Transport Layer Security (SASL2/TLS):
$ sh $HOME/rpm/SOURCES/make-postfix.spec
$ rpmbuild -ba $HOME/rpm/SPECS/postfix.spec
Finally, install Postfix by executing this command:
# rpm -Uvh $HOME/rpm/x86_64/postfix-x.x.x.pcre.pgsql.sasl2.vda.x86_64.rpm
Copy main.cf to /etc/postfix directory and modify the file to suit up the requirements
Copy master.cf to /etc/postfix directory and modify the file to suit up the requirements
Create /etc/postfix/config directory as repository for basic and virtual mail configuration scripts. And add these files to it:
check_helo.pgsql
check_recipient_access.pcre
check_recipient_maps.pgsql
check_sender_access.pgsql
pgsql_recipient_maps.cf
pgsql_relay_domains.cf
pgsql_virtual_alias_maps.cf
pgsql_virtual_domains_maps.cf
pgsql_virtual_mailbox_limit_maps.cf
pgsql_virtual_mailbox_maps.cf
pgsql_virtual_uid_maps.cf
Create /usr/lib64/sasl2/smtpd.conf file and add these entries:
pwcheck_method: auxprop
mech_list: PLAIN LOGIN
Permamently include Postfix during system boot-up sequence by executing these:
# /sbin/chkconfig --add postfix
# /sbin/chkconfig --level 12345 postfix off
# /sbin/chkconfig --level 3 postfix on