Freesbsd - Long version - Step by step with explanations
Installing Postfix with SMTPUTF8 enabled, Cyrus SASL and OpenSSL
Contents
- 1 Summary of the mail server
- 2 Notice, requirements and initial setup
- 3 Install Postfix from source and required libraries (Cyrus SASL, OPENSSL)
- 4 Postfix configuration
- 5 Test if you have SMTPUTF8 enabled
- 6 Enable SMTP Auth
- 7 Enable TLS
- 8 Sending and Receiving email to and from the Internet
- 9 Configuring Courier authlib, Courier imap
- 10 Test imap, pop3
- 11 Install Squirrel-mail
- 12 Related Links
- 13 Sources
Summary of the mail server
This guide will install a Mail server that can receive mail with SMTPUTF8 . This prevents the senders email to bounce when the mail server does not support SMTPUTF8.
This includes Imap and POP3 using Courier, the users will be added as local user, with or without SSH login . They have their mail stored in /home/user.
A modified Squirrel-mail is installed to send and receive email?? (NEED TO TEST THIS )
Any email client can be used as your user is not an EAI address.
Using Freebsd 10.2
Notice, requirements and initial setup
- Make sure you don't have Postfix installed which is lesser than version 3.0
- If you install any mail compontent after installation, make sure to test your Server if it still return the SMTPUTF8
- You already setup your DNS settings
- hostname is the name your domain e.g ( domain.com )
- mail.hostname is the name of your Mail server e.g (mail.domain.com)
- A working FreeBSD server with a root account (sudo privileges.)
- Installation is run as root unless if specified
Update your hostname
If you are using an international domain, use the punycode equivalent.
For example mail.วีคลาส.ไทย should be punycode equivalent mail.xn--42c0eeo3bp.xn--o3cw4h
vi /etc/hostname
UPDATE YOUR OWN hostname for your Mail server
mail.domain.com
Reboot your server to update your hostname.
After reboot, the following command should show your hostname mail.domain.com
hostname
Install Postfix from source and required libraries (Cyrus SASL, OPENSSL)
Get Postfix version 3.0.1 or later versions to enable SMTPUTF8 extension. You can get a copy in http://www.postfix.org/download.html. In the example below we have downloaded postfix-3.0.1.tar.gz, your version might be different. Currently, installing Postfix by apt-get will install an older version that has no support yet for SMTPUTF8. This may also change in the future.
Install the required libraries using ports with the default options
cd /usr/ports/security/openssl
make && make install
cd /usr/ports/security/cyrus-sasl2
make && make install
cd /usr/ports/devel/icu
make && make install
Refresh your environment
Create the required users and directory ownership
pw groupadd postfix -g 32
pw groupmod mail -m postfix
pw groupadd postdrop
pw useradd postfix -c "Postfix Daemon User" -d /var/spool/postfix -g postfix -s /bin/false -u 32
chown -v postfix:postfix /var/mail
Download Postfix 3.x.x or later version and Compile with openssl and sasl auth
tar -xzvf postfix-3.0.1.tar.gz
cd postfix-3.0.1
make CCARGS="-DUSE_TLS -I/usr/include/openssl/ -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/local/include/sasl" AUXLIBS="-lssl -lcrypto -lsasl2" makefiles
make
Install Postfix
sh postfix-install -non-interactive daemon_directory=/usr/lib/postfix \
manpage_directory=/usr/share/man \
html_directory=/usr/share/doc/postfix-3.0.1/html \
readme_directory=/usr/share/doc/postfix-3.0.1/readme
Edit or update /etc/rc.conf with the following
postfix_enable="YES"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
Edit, create or update /etc/periodic.conf
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"
Stop sendmail and start postfix
service sendmail stop
postfix start
Postfix configuration
Change mail.domain.tld, domain.tld, yourotherdomain.tld(or remove this)
postconf -e 'myhostname = mail.domain.tld'
postconf -e 'mydomain = domain.tld'
postconf -e 'myorigin = $mydomain'
postconf -e 'inet_interfaces = all'
postconf -e 'mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24'
postconf -e 'alias_database = hash:/etc/aliases'
postconf -e 'alias_maps = hash:/etc/aliases'
postconf -e 'mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, yourotherdomain.tld'
postconf -e 'smtputf8_enable = yes'
postfix reload
@TODO
Enable Postfix as service and run at startup
Try and Send a Mail using Telnet and send mail to an external server like gmail
Test if you have SMTPUTF8 enabled
Enter the command in the console, this will connect to the SMTP
telnet localhost 25
This should result to
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 YourHostName ESMTP Postfix
Type the following and press enter
EHLO localhost
If you can see 250 SMTPUTF8 then your server should be able to send and received from an internationalized email addresses
250-YourHostName
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
If you don't see the 250 SMTPUTF8, try removing Postfix and try again. You may have installed a component that installed an older Postfix.
Enable SMTP Auth
Install saslauthd with default options
cd /usr/ports/security/cyrus-sasl2-saslauthd
make && make install
edit /etc/rc.conf
saslauthd_enable="YES"
create or edit /usr/local/lib/sasl2/smtpd.conf . Only PLAIN mechanism will be used.
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
Update Postfix config
sudo postconf -e 'smtpd_sasl_path = smtpd'
sudo postconf -e 'smtpd_sasl_auth_enable = yes'
service saslauthd start
sudo postfix reload
Create a user which we can test for authentication, replace AnyUserName with your own.
sudo useradd -m AnyUserName -s /usr/sbin/nologin
sudo passwd AnyUserName
Generate your Auth key, replace username with your username and password with your password
perl -MMIME::Base64 -e 'print encode_base64("\000username\000yourpassword")'
Replace dGVzdAB0ZXN0AHRlc3Q= , with the one you generated
telnet localhost 25
EHLO localhost
AUTH PLAIN dGVzdAB0ZXN0AHRlc3Q=
You should get a message Authentication successful.
Known Error: If your base64 encode has two == in the last, it may not be accepted by the terminal. So use a password that won't result a two == in the last part of the string.
Finalize Postfix config to allow only authenticated users to send SMTP
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'smtpd_sasl_local_domain = $mydomain'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination'
postconf -e 'smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_sender_login_mismatch '
postfix reload
Enable TLS
Create the certificates
cd /etc/postfix
openssl req -new -outform PEM -out smtpd.cert \
-newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM \
-days 365 -x509
Answer the following questions as prompted
Update Postfix config
postconf -e 'smtpd_enforce_tls = no'
postconf -e 'smtpd_tls_security_level = may'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/smtpd.cert'
postfix reload
You can test by telnet to 25 and doing an EHLO, you should see STARTTLS
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
Issue the command
STARTTLS
and you should see the result
220 2.0.0 Ready to start TLS
Sending and Receiving email to and from the Internet
Sending email by telnet
telnet localhost 25
EHLO localhost
MAIL FROM: <youruser@domain.tld> SMTPUTF8
RCPT FROM: <EAI@IDN.idn>
data
Subject: A Test
This is the body
.
Take not of the dot(.) , this is to end and send the message.
In this point make sure you can send and receive mail.
You can send message using an EAI address and check /var/mail/mail.log, in the log below test@domain.tld is a local receiver
Aug 3 02:48:49 ip-172-31-21-209 postfix/local[21614]: 7EAD343550: to=<test@domain.tld>, relay=local, delay=0.62, delays=0.62/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
Aug 3 02:48:49 ip-172-31-21-209 postfix/qmgr[21586]: 7EAD343550: removed
The email stored is stored in /var/mail/
if you cannot receive any email, use an online tool such as mxtoolbox.com to diagnose your problem.
Configuring Courier authlib, Courier imap
This will enable imap and pop3
cd /usr/ports/security/courier-authlib
make && make install
cd /usr/ports/mail/courier-imap
make && make install
Edit /usr/local/etc/authlib/authdaemonrc and change the authentication method
authmodulelist="authpam"
Add in /etc/rc.conf
courier_authdaemond_enable="YES"
courier_imap_imapd_enable="YES"
courier_imap_imapd_ssl_enable="YES"
courier_imap_pop3d_enable="YES"
courier_imap_pop3d_ssl_enable="YES"
Configure Postfix to use Maildir as a storage for Mail
postconf -e 'home_mailbox = Maildir/'
service courier-authdaemond start
service courier-imap-imapd
service courier-imap-imapd-ssl
service courier-imap-pop3d
service courier-imap-pop3d-ssl
service courier-imap-imapd start
service courier-imap-imapd-ssl start
service courier-imap-pop3d start
service courier-imap-pop3d-ssl start
postfix reload
Update the Skeleton and create the folder for user we created just before. In this example we used the user test
mkdir -p /usr/share/skel/Maildir/{cur,new,tmp}
mkdir -p /home/test/Maildir/{cur,new,tmp}
chown test:test /home/test/Maildir/{,cur,new,tmp}
chmod 0700 /home/test/Maildir/{,cur,new,tmp}
Test imap, pop3
telnet localhost imap
ok login username password
telnet localhost pop3
User username
Pass password
Install Squirrel-mail
Install Modified Squirrel mail
cd to-your-public-html-filder
wget http://interlab.ait.ac.th/eai-wiki/files/squirrelmail.zip
unzip squirrelmail.zip
edit the configuration file and change the attachchment_dir and data_dir, don't forget to create the folders. Change the ownership to your apache user, and allow a write access as well.
vi squirrelmail/config/config.php
Access squirrelmail
http://your-domain/squirrelmail/
Related Links
Mail server is not sending or receiving email to outside world