A lists of requirements I like our office mail server to meet.
- I must be able to manage the mail server using web access or ssh
- Control how much space user’s can use in their mail boxes using mail quotas
- E-mail will be stored using Maildir
- Prevent spam and viruses from ending up in users inboxes
- Users will be able to view e-mail using IMAP or POP
- Users are able to set auto reply message
- Users are able to control their individual spam settings
- I can safely apply security updates to the mail server with the option of rolling back changes
- Users can fetch e-mail from other accounts
- Users can create sub folders on all e-mail folders
- Must be scalable to meet growth
- Scheduled backups for disaster recovery
- Should not break the bank when meeting all needs
- Rock solid reliability
- Restoring user deleted e-mails or mail folders
- Manage Postfix using a web interface
- Control Clamav using a web interface
Should not break the bank:
We we’re already in the process of virtualizing most of our physical servers. The mailserver being one of them. Aside for the time I spent working on the mail server project there where no other costs associated with implementing the mailserver.
Rock solid reliability:
Meeting this need was a no brainer.Ã‚Â My OS of choice for the mail server will be the latest Debian release Lenny. Ã‚Â I’ll start with a fresh install. The virtual server on the ESXi host has already been created.
cp sources.list sources.list.orig (make a backup copy)
Delete or comment out by placing a # sign in front of the line for CDRom.
Update the system to use the new sources.list
I must be able to manage the mail server using a remote tool:
I’m going to use SSH and Webmin to manage the server remotely. Ã‚Â I will also use Virtualmin GPL to manage the e-mail accounts.
apt-get install ssh
Install Webmin and Virtualmin could be done in one fell swoop using the install script. The cool thing using Virtualmin’s install script that it does most of the software installations including configuring of all the software needed to run an e-mail server. This process used to take me hours to complete doing the manual method. (Will only work on a fresh Debian install.)
Reboot the server.
Now I am able to create the domain which will host all of my e-mail accounts using Virtualmin GPL.
Go to Virtualmin | Choosing the Example.com domain from the drop down menu | then clicking the green arrow| Click Edit Mail and FTP Users | to begin adding mail accounts. Virtualmin by default uses Maildir when storing e-mails exactly what I need so my user’s could create mail subfolders.
After creating the user account I’m going to change a setting in Usermin so my users are able to use it to view e-mails as well as make other adjustments about how the mail server handles their e-mails. Go to Webmin | Usermin Configuration | Usermin Module Configuration | Read mail | Change the mail storage format for inbox to “Qmail style directory (Maildir.)
Login using Usermin to send a test e-mail. Ã‚Â The test succeeds.
Users are able to set auto reply message:
Each user will be able to set up and customize their own auto-replies. When they login Usermin Go to | Mail | Automatic Reply.
Users can fetch e-mail from other mail accounts:
Each user will also be able to pull e-mails from other e-mail accounts they have. Ã‚Â To make this available I will have to install Fetchmail.
apt-get install fetchmail
Then make the module available through Usermin by going to | Webmin | Usermin Configuration | Module Restrictions | click on available modules | check Fetchmail Mail Retrieval | click save. Restart Usermin to make it active.
When the user logins using Usermin they will go to Usermin | Mail | Fetchmail Mail Retrieval. Put in the login information of the mail account where to pull e-mail from. Any e-mail fetchmail pulls will still pass through the spam and virus filters. Fetchmail is even smart enough to keep the original mail headers.
E-mail will be stored using Maildir:
By default when you use Virtualmin to create e-mail accounts the mail accounts are setup to use Maildir. This is how I prefer to store user’s e-mails and not storing them in MySQL. In my opinion storing them in MySQL just adds another layer of complexity to diagnose when there are problems. Users using any mail client to connect to the server either using IMAP or POP will be allowed as long as they meet the authentication requirements. I have to change settings in Dovecot so I don’t run into permission errors of index files. Go to Webmin | Servers | Dovecot IMAP/POP3 Server | Mail Files copy the settings on the image shown. Click save.
Failure to make the change above will not only produce the error below but prevent anyone trying to connect using any mail client.
Dovecot by default disables plaintext logins. I will change this setting to allow plaintext logins since all of my users connect to the mail server within the LAN only.
Restoring user deleted e-mails or mail folders:
Occassionally a user will accidentally delete an e-mail or mail folder by mistake. To be able to restore a deleted object I will setup a scheduled backup of root direcotry containing all the users mail files. Go to Webmin | System | Filesystem Backup | Add a new backup of directory | I’ll choose where I want the backup to be stored. It could be locally or I could use FTP or SSH to back it up to a remote location.
I’ll set a schedule for the backup.
Restoring user deleted e-mails or mail folders:
Before restoring a user’s e-mail or mail folders I will let know the user to closeout of the mail client or webmail. Restore process go to Webmin | System | Filesystem Backup | click on scheduled back to restore from | click restore. Using options shown in image. I have created a folder called restored inside the /tmp directory. This is where I will extract the restored folder.
Something to keep in mind when working with Dovecot Maildirs, each users mail files or folders are being stored in a directory called Maildir within each user’s home shows that image below. The highlighted cur folder has the user’s inbox e-mails.
These are the contents of /home/example/homes/scooby/Maildir
Now back to the restoration part. If I were to restore an e-mail which got deleted by mistake I’ll go into the directory where I extracted the files.
cd /tmp/restored/home/example/homes/scooby/Maildir (example is the name of the mail domain)
Moving into the /cur directory I can copy the e-mail being restored.Ã‚Â If there was a lot of e-mails in the inbox to search from as long as the user was atleast able to give some text to use for the search I could use the search function of Webmin’s File Manager module.
Running the search based on the text “Before restore” came back with.
Opening the file numbered 1606, does contain the subject line: Before restore.
At this point I could now copy this e-mail back into the users Maildir, cur directory to put it back in the user’s inbox. If for some reason the users whole Maildir directory got corrupted I can overwrite it using the Maildir from backup. After that’s done I can have the user sync her mail folders.
Control how much space user’s can use in their mail boxes using mail quotas:
For the /home directory I have quota enabled for users and groups already done by the Virtualmin install script.Ã‚Â To edit the quota limit for the mail domain being hosted go to Virtualmin | Choose domain from drop down | Click green arrow | Edit Virtual Server | Expand Quotas and Limits. This is where to set the total quota restriction for the example.com domain.
By default each new user is given 50 MB for disk space. This could also be change by going to Virtualmin | Choose Domain | Edit Mail and FTP Users | Expand Quota and home directory settings.
Users will also be able to check their quota status through Usermin.
I can setup how often the system will pester users who are in violation of quota limits by going to Webmin | Disk Quotas | Click on /home users | Email Notifications |
To change the message being sent out to users go to Webmin | Disk Quotas | Module Config.
I changed the bounced message Postfix sends out when sending an e-mail to a user who is over quota to read below.
A user who is about to exceed their quota limit will receive this e-mail notification.
Scheduled backups for disaster recovery:
I have scheduled a cron task to pull domain mail files off this server to another server using rsync. Rsync pulls any file changes from the primary mail server into an offsite backup mail server. If our office went up in flames I would still have a very recent copy of users mail files. I also have a secondary MX, as a backup incase we lose connectivity to prevent message undeliverables. To setup host rsync.
I can safely apply security updates to the server with the option of rolling back changes:
Before applying any security updates or any major changes on the production server. I will ran a snap shot on the virtual server. Incredibly on a 150 Gig VM the snapshot only takes a little over a minute! I now have the peace of mind knowing if something horribly goes wrong I can go back to the most recent snapshot.
Must be scalable to meet growth:
I could check my mail virtual server’s performance by using ESXi performance tool. Of course I could also use the top command. But the nice thing using ESXi performance tool I could save the fancy graph results or have it printed.
If based on results I need to add more memory I could do so by editing the virtual machine settings through ESXi.
The same thing could be done for memory or an extra hard drive.
All of my users mail clients are setup to use IMAP.Ã‚Â This allows them to read their e-mails from outside of the office using webmail. They could even forgo using any desktop mail client software to get access to their e-mails. I could setup either Squirrelmail or GroupOffice to serve webmail. Setting up GroupOffice howto. The Postfix installed by Virtualmin’s install script on this server supports SASL authentication. This allows me to send e-mail from my iPhone or Blackberry through the mail server.
Prevent spam and viruses from ending up in users inboxes:
To extend my defense I also use an open source SMTP proxy called ASSP which filters spam and viruses before handing the e-mail message to my mail server.Ã‚Â When the mail server receives the e-mail message I have Postfix using RBLs to check the icoming message. Any e-mail message which passes those checks gets handover to procmail which then passes it to spamassassin and clamav for further checks before delivering it to users mailboxes. Using this layered defense has proven to be VERY effective combating spam and viruses.
Postfix RBL setup.
Applicable to Postfix versions 2.x only.
cp main.cf main.cf.orig
Copying and pasting below into main.cf
|smtpd_helo_required = yes
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
invalid_hostname_reject_code = 554
multi_recipient_bounce_reject_code = 554
non_fqdn_reject_code = 554
relay_domains_reject_code = 554
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_sender_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554smtpd_recipient_restrictions =
Check the logs for any errors.
tail -f /var/log/mail.log
Controlling clamav using a web interface:
I will add the Clamav Webmin module which will allow me to control Clamav. It also gives me the ability to search for quaratined e-mails. This module could be downloaded from here.
After downloading the module I will install it by going to Webmin | Webmin Configuration | Webmin Modules | From uploaded file | Choose where file is located. Click install module. There are other perl modules needed which I will install.
GD::Text, Mail::Mbox::MessageParser, GD::Graph::lines
After successfully installing them, Click Backup. Go to Database updates, Click Update now.
I’m now able to see the Clamav Management.
I will also set the frequency schedule of virus definition updates also when to purge the virus quarantined directory.
To search for e-mails accidentally tagged as spam the module also provides the tool.
I tried sending myself an e-mail with a virus attachment using the eicar virus. Since I have it set for my domain to “Throw away” the virus message never got delivered to my inbox. To change how procmail handles spam and viruses. Go to Virtualmin | Domain being managed | Server Configuration | Spam and Virus Delivery.
Users are able to control their personal spam settings:
Each user will be able to control their own spam control settings. A user will have to log into Usermin to make changes to their spam settings.
To futher improve spam detection I will install razor.
apt-get install razor pyzor
Installing razor will allow my users to take part in reporting spam e-mails through Usermin. They could also block an e-mail if they consider it as spam the rule will only apply to their e-mail address.Ã‚Â To do this a user logs into Usermin | Mail | SpamAssassin Mail Filter | Denied addresses | click save.
Reading e-mail using Usermin will offer the option of denying a sender or reporting an e-mail as spam. If this was spam e-mail all I have to do is click Deny Sender or Report Spam.
Manage Postfix using a web interface:
Webmin comes with a comprehensive module to manage Postfix. If I don’t have to use a text editor to make changes in Postfix this is what I use.
Occassionally I do get request to create an e-mail aliases. This could be done through either Webmin or Virtualmin. I prefer to use Virtualmin to get this done. Go to Virtualmin | Choose domain from drop down | Edit Mail and Aliases | Add alias to this domain | Advance mode.