Centos 4.0 Postfix + Ldap + Mailscanner +, Dovecot + Cyrus-SASL +Virtual Domains... Options

[Robert83]

-----------------------------------READ THIS----------------------------------------------
CHANGE MYCOMPANY.HOSTING TO YOUR REAL DOMAIN NAME , AND USE THAT EVERYWHERE
INSTEAD OF MYCOMPANY.HOSTING
FOR EXAMPLE IF YOUR DOMAIN NAME IS BIGCOMPANY.COM YOU WILL USE BIGCOMPANY.COM
EVERYWHERE IN THIS GUIDE INSTEAD OF MYCOMPANY.HOSTING!!!!


!!! READ THIS !!!
IF YOU USED BIGCOMPANY.COM FOR FQDN (MAIL.BIGCOMPANY.COM) , YOU CANNOT USE
THE SAME DOMAIN NAME FOR VIRTUAL DOMAINS, SINCE POSTFIX WILL NOT WORK, THIS IS
A CRITICAL ERROR I MADE IN THIS GUIDE, SORRY.


if you already set up the system, and postfix is complaining about mydestination and virtual domain
then do the following to correct the problem ( no need to reinstall )

stop all services (postfix,openldap...)
delete all files under /var/lib/ldap
change all the names from bigcompany.com (example) to bigcompany.org (example)
also change
/etc/hosts (use a editor to change bigcompany.com to bigcompany.org
and
/etc/sysconfig/network

basicaly all you have to do is go trough this guide again, and change all the domain names mycompany.hosting to something else ... if you used abmas.com for it , then you'll change it to (for example, but you can USE whatever you like) abmaz.biz , and that will solve all the problems, just make sure you change EVERYTHING.


-------------------------------------------------------------------------------------------


-------------------------------------------------------------------------------------------
CHANGES :
-------------------------------------------------------------------------------------------

1. Correction at PART VI :
error :

CODE

DocumentRoot “/home/webpage/squirrelmail”
<Directory “/home/webpage/squirrelmail”>

correction :

CODE

DocumentRoot “/home/webpage/webmail”
<Directory “/home/webpage/webmail”>

2. Correction at PART I.
error :
/etc/openldap/slapd.conf

CODE

access to dn.regex=".*,jdv=([^,]+),o=hosting,dc=mycompany,dc=hosting"

correction

CODE

access to dn.regex=".*,jvd=([^,]+),o=hosting,dc=mycompany,dc=hosting"

3. Correction at PART IX
forgot to mention :

CODE

yum install mod_ssl

4. Correction at PART VII

error :

CODE

jamm.ldap.search.base = o=hosting,dc=mycompany,dc=hosting
jamm.ldap.root.dn = cn=Manager,dc=mycompany,dc=hosting

correction :

CODE

jamm.ldap.search_base = o=hosting,dc=mycompany,dc=hosting
jamm.ldap.root_dn = cn=Manager,dc=mycompany,dc=hosting

5. Correction at PART V
Forgot to add

CODE

chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine

-------------------------------------------------------------------------------------------
Special thanx to ethan for helping me out , thank you
-------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------------------

Hello everyone,

...this one is going to be a...

CentOS 4.0 : Postfix + MailScanner(ClamAV+Spamassassin)+LDAP+Dovecot+Cyrus-SASL+TomCat+Jamm+Squirrelmail(MySQL)+Virtual Domain Hosting e-mail server guide

note: due to the fact that I wanted to keep this as simple as possible , you wont find to much explanation here of what a certain option does , for that you can check the following three places :

http://wanderingbarque.com/howtos/mailserv...mailserver.html
http://jamm.sourceforge.net/howto/single-h...mailserver.html
http://www.linuxhelp.ca/forums/index.php?a...=ST&f=15&t=3647

My guide is based on these three + I added some slight modifications to it.

So let's begin.




-----------------------------------------------------------------------------------------------
PART I. Installing the operating system, and configuring OpenLDAP for mailer.mycompany.hosting
-----------------------------------------------------------------------------------------------




Download the Centos 4.0 distro for you architecture from www.centos.org.Install
CentOS 4.0 using the minimal install option.

note : if you only want to set up a e-mail server using CentOS 4.0 and this guide,
all you need to download is CD1 , no other CD is necesary in order to complete
this guide.

a.) insert CD1 into your CD drive and wait for the
CentOS logo to show up , press [ENTER]

b.) at the Installation Type choose Custom

c.) Automatically partition

d.) Network Configuration

CODE

eth0:
ip address  : 192.168.11.10
netmask : 255.255.255.0
hostname :
mailer.mycompany.hosting
gateway : 192.168.11.250
primary dns : 192.168.11.250

select No firewall (you might need to enable this, if you are not behind a firewall, and configure it properly)
Enable SELinux? : Disabled

enter the root password when promet and after that go down on the list and select
minimal installation and click next.

Once the installation is completed, login as root.And do the following :

CODE

cd /home
wget http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-4
rpm --import RPM-GPG-KEY-CentOS-4
yum update
yum install openldap-servers openldap-clients

Update all packages that need updating.Then install Midnight Commander.

CODE

yum install mc

Download JAMM from http://jamm.sourceforge.net/ (you are going to love this)

CODE

wget http://belnet.dl.sourceforge.net/sourceforge/jamm/jamm-0.9.6-bin.tar.gz
tar -zxvf jamm-0.9.6-bin.tar.gz
slappasswd
New password:
Re-enter new password:
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

What you get here you shall type in to the /etc/openldap/slapd.conf as
rootpw


Copy jamm.schema from the /home/jamm-0.9.6 direcotry to /etc/openldap/schema/

Edit the file /etc/openldap/ldap.conf adding/modifying only the following parts

CODE

BASE dc=mycompany,dc=hosting

Then edit the file /etc/openldap/slapd.conf

CODE

include          /etc/openldap/schema/jamm.schema

password-hash {CRYPT}

database       ldbm
suffix            "dc=mycompany,dc=hosting"
rootdn          "cn=Manager,dc=mycompany,dc=hosting"
rootpw          {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

access to dn.regex=".*,jvd=([^,]+),o=hosting,dc=mycompany,dc=hosting"
        attr=userPassword
   by self write
   by group/jammPostmaster/roleOccupant.expand="cn=postmaster,jvd=$1,o=hosting,dc=mycompany,dc=hosting" write
   by dn="cn=dovecot,dc=mycompany,dc=hosting" read
   by anonymous auth
   by * none

access to dn.regex=".*,jvd=([^,]+),o=hosting,dc=mycompany,dc=hosting"
   by self write
   by group/jammPostmaster/roleOccupant.expand="cn=postmaster,jvd=$1,o=hosting,dc=mycompany,dc=hosting" write
   by * read

access to *
   by * read

CODE

cd /etc/openldap
vi base.ldif

CODE

dn: dc=mycompany, dc=hosting
objectClass: top
objectClass: domain
domainComponent: mycompany

dn: cn=Manager, dc=mycompany, dc=hosting
objectClass: top
objectClass: organizationalRole
cn: Manager

dn: o=hosting, dc=mycompany, dc=hosting
objectClass: top
objectClass: organization
o: hosting

dn: cn=dovecot, dc=mycompany, dc=hosting
objectClass: top
objectClass: organizationalPerson
cn: dovecot
sn: dovecot

delete all files in /var/lib/ldap/

CODE

/etc/init.d/ldap start
ldapadd -x -D "cn=Manager,dc=mycompany,dc=hosting" -W -f base.ldif
ldappasswd -x -W -S -D "cn=Manager,dc=mycompany,dc=hosting" "cn=dovecot,dc=mycompany,dc=hosting"
yyyyyyyyyyyyyyyyyyyyyyyyy

-----------------------------------------------------------------------------------------------
PART II. Installing Postfix and configuring it with OpenLDAP
-----------------------------------------------------------------------------------------------

CODE

yum install postfix
yum remove sendmail

CODE

adduser vmail

check the users uid gid under /etc/password and use that uid gid in postfix main.cf
/etc/passwd
for examaple : vmail:x:500:500::/home/vmail:/sbin/nologin 500:500 is the one that is interesting to us

under /etc/postfix create the following files

ldap-accounts

CODE

server_host = localhost
server_port = 389
search_base = o=hosting,dc=mycompany,dc=hosting
query_filter = (&(objectClass=JammMailAccount)(mail=%s)(accountActive=TRUE)(delete=FALSE))
result_attribute = mailbox
bind = no

ldap-accountsmap

CODE

server_host = localhost
server_port = 389
search_base = o=hosting,dc=mycompany,dc=hosting
query_filter = (&(objectClass=JammMailAccount)(mail=%s)(accountActive=TRUE)(delete=FALSE))
result_attribute = mail
bind = no

ldap-aliases

CODE

server_host = localhost
server_port = 389
search_base = o=hosting,dc=mycompany,dc=hosting
query_filter = (&(objectClass=JammMailAlias)(mail=%s)(accountActive=TRUE))
result_attribute = maildrop
bind = no

ldap-domains

CODE

server_host = localhost
server_port = 389
search_base = o=hosting,dc=mycompany,dc=hosting
query_filter = (&(objectClass=JammVirtualDomain)(jvd=%s)(accountActive=TRUE)(delete=FALSE))
result_attribute = jvd
bind = no
scope = one

/etc/postfix/header_checks

CODE

/^Received:/ HOLD

/etc/postfix/main.cf

CODE

header_checks = regexp:/etc/postfix/header_checks
myhostname = mailer.mycompany.hosting
mydomain = mycompany.hosting
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, $mydomain, localhost
unknown_local_recipient_reject_code = 550
mynetworks_style = host
relay_domains = $mydestination
mail_spool_directory = /var/spool/mail

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks, reject_unauth_destination, permit
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtp_sasl_auth_enable = no

smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/mycompany.key
smtpd_tls_cert_file = /etc/postfix/mycompany.crt
smtpd_tls_Cafile = /etc/postfix/mycompany.ca

message_size_limit = 10485760
mailbox_size_limit = 104857600

virtual_alias_maps = ldap:/etc/postfix/ldap-accountsmap, ldap:/etc/postfix/ldap-aliases

virtual_transport = virtual
virtual_mailbox_base = /home/vmail/domains
virtual_mailbox_maps = ldap:/etc/postfix/ldap-accounts
virtual_mailbox_domains = ldap:/etc/postfix/ldap-domains
virtual_minimum_uid = 500
virtual_uid_maps = static:500
virtual_gid_maps = static:500

/usr/share/ssl/misc

CODE

modify CA
-newcert)
   # create a certificate
   $REQ -new -nodes -x509 -keyout newreq.pem -out newreq.pem $DAYS
   RET=$?
   echo "Certificate (and private key) is in newreq.pem"
;;
-newreq)
   # create a certificate request
   $REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS
   RET=$?
   echo "Request (and private key) is in newreq.pem"
;;

/usr/share/ssl/openssl.cnf

CODE

...
[ CA_default ]

dir             = ./demoCA         # Where everything is kept
...
default_days    = 3650             # How long to certify for
...

[ req_distinguished_name ]
countryName                     = Country Name (code)
countryName_default             = CS
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Vojvodina

localityName                    = Locality Name (eg, city)
localityName_default            = Backa Topola

0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = Mycompany Hosting

# we can do this but it is not needed normally :-)
#1.organizationName             = Second Organization Name (eg, company)
#1.organizationName_default     = World Wide Web Pty Ltd

organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Virtual Domain Hosting

commonName                      = Common Name (eg, your name or your server's hostname)
# (Very Important, in order to keep mail clients and other user agents from complaining, this name must
# match exactly the name that the user will be entering into their client settings.  Whether that be
# domain.extension or mail.domain.extension or what.  It must be a valid DNS name pointing at your
# server.
commonName_default              = mailer.mycompany.hosting
commonName_max                  = 64

emailAddress                    = Email Address
emailAddress_default            = postmaster@mycompany.hosting
emailAddress_max                = 64

CODE

/usr/share/ssl/misc/CA –newca
/usr/share/ssl/misc/CA –newreq
/usr/share/ssl/misc/CA –sign

/etc/newreq.pem
only lines BEGIN RSA PRIVATE KEY till END RSA PRIVATE KEY are needed

rename newreq.pem to mycompany.key
rename newcert.pem to mycompany.crt
rename cacert.pem to mycompany.ca

and then copy the renamed files to /etc/postfix (like this)

/etc/postfix/mycompany.key
/etc/postfix/mycompany.crt
/etc/postfix/mycompany.ca




-----------------------------------------------------------------------------------------------
PART III. Installing CYRUS-SASL and configuring it with OpenLDAP
-----------------------------------------------------------------------------------------------




/usr/lib/sasl2/smtpd.conf

CODE

pwcheck_method: saslauthd
mech_list: login plain

/etc/sysconfig/saslauthd

CODE

MECH=ldap

/etc/saslauthd.conf

CODE

ldap_servers: ldap://127.0.0.1
ldap_search_base: o=hosting,dc=mycompany,dc=hosting
ldap_filter: (&(objectClass=JammMailAccount)(mail=%u@%r)(accountActive=TRUE)(delete=FALSE))

-----------------------------------------------------------------------------------------------
PART IV. Installing Dovecot and configuring it with OpenLDAP
-----------------------------------------------------------------------------------------------

CODE

cd /home
wget http://dag.wieers.com/packages/dovecot/dovecot-0.99.13-1.2.el4.test.i386.rpm
yum install mysql postgresql-libs
rpm –Uvh dovecot*

/etc/dovecot.conf

CODE

protocols = imap imaps pop3 pop3s
ssl_disable = no
disable_plaintext_auth = no
first_valid_uid = 500
last_valid_uid = 500
first_valid gid = 500
last_valid_gid = 500
default_mail_env = maildir:/home/vmail/domains/%d/%n
auth = default
auth_mechanisms = plain
auth_userdb = ldap /etc/dovecot-ldap.conf
auth_passdb = ldap /etc/dovecot-ldap.conf
auth_user = root

/etc/dovecot-ldap.conf

CODE

hosts = localhost
dn = cn=dovecot,dc=mycompany,dc=hosting
dnpass = yyyyyyyyyyyyyyyyyyyyyyyyy
ldap_version = 3
base = o=hosting,dc=mycompany,dc=hosting
deref = never
scope = subtree
user_attrs = mail,homeDirectory,,,,
user_filter = (&(objectClass=JammMailAccount)(mail=%u)(accountActive=TRUE)(delete=FALSE))
pass_attrs = mail,userPassword
pass_filter = (&(objectClass=JammMailAccount)(mail=%u)(accountActive=TRUE)(delete=FALSE))
default_pass_scheme = CRYPT
user_global_uid = 500
user_global_gid = 500

-----------------------------------------------------------------------------------------------
PART V. Installing Mailscanner (Clamav+Spamassassin)
-----------------------------------------------------------------------------------------------

CODE

yum install spamassassin sendmail-devel bzip2-devel gmp-devel zlib-devel autoconf automake rpm-build
rpm-devel gcc perl-CPAN curl-devel

CODE

cd /home
wget http://crash.fce.vutbr.cz/crash-hat/2/clamav/clamav-0.83-1.src.rpm
rpmbuild --rebuild clamav-0.74-1.src.rpm
cd /usr/src/redhat/RPMS/i386
rpm -Uvh clamav-0.83-1.i386.rpm clamav-devel-0.83-1.i386.rpm
cpan
accept all the settings till you get to the mirror, there choose the closest mirror
install Parse::RecDescent
install Inline
install Mail::ClamAV

CODE

cd /home
wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-4.40.5-1.rpm.tar.gz
tar -xvzf MailScanner-4.40.5-1.rpm.tar.gz
cd MailScanner-4.40.5-1
export LANG=C; ./install.sh

modify /etc/MailScanner/MailScanner.conf

CODE

%org-name% = mycompany.hosting
%org-long-name% = MyCompany Hosting
%web-site% = www.mycompany.com


Run As User = postfix
Run As Group = postfix
MTA = postfix

Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming

File Timeout = 120
Maximum Archive Depth = 20
Virus Scanners = clamavmodule
Monitors for ClamAV Updates = /var/lib/clamav/*.cvd
Use SpamAssassin = yes
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

Spam List = ORDB-RBL SBL+XBL SORBS-DNSBL CBL RSL DSBL spamcop
Allow IFrame Tags = yes
Allow Script Tags = yes
Allow Object Codebase Tags = yes
Convert Dangerous HTML To Text = no
Minimum Stars If On Spam List = 3
Spam Lists To Reach High Score = 3
Sign Clean Messages = yes
Spam Actions = deliver
High Scoring Spam Actions = deliver

CODE

mkdir /var/spool/MailScanner/spamassassin
chown postfix.postfix /var/spool/MailScanner/spamassassin
chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine

modify /etc/MailScanner/virus.scanners.conf

CODE

clamav    /usr/lib/MailScanner/clamav-wrapper    /usr

modify /etc/MailScanner/filename.rules.conf

CODE

allow    .[a-z][a-z0-9]{2,3}s*.[a-z0-9]{3}$    Found possible filename hiding
allow    s{10,0}    Filename contains lots of white space
allow    {[a-hA-H0-9-]{25,}}    Filename trying to hide its real type
allow    .exe$    Windows/DOS Executable
allow    .bmp$    Windows bitmap file security vulnerability

modify /etc/MailScanner/filetype.rules.conf

CODE

allow    self-extract    -      -
allow    ELF  -      -
allow    executable    -      -

CODE

cd /home
wget http://dag.wieers.com/packages/unrar/unrar-3.4.3-1.2.el4.rf.i386.rpm
rpm -Uvh unrar-3.4.3-1.2.el4.rf.i386.rpm

[Robert83]

In order to access JAMM to add new users

enter into your browser

CODE

http://ip_address_of_your_server:8080/jamm

username : root
password : the_one_you_used_for_rootpw (in /etc/openldap/slapd.conf)

Once you are done adding the user with JAMM , you MUST create the directories for that user
on the linux box.

Access it via ssh

CODE

ssh ip_address_of_your_server

CODE

cd /home/vmail
mkdir domain_name/user_name

both domain_name and user_name directory must be rwxrwx--- vmail.vmail

use chown vmail.vmail to change owner of dir (example chown vmail.vmail domain_name)
use chmod 770 to change premission of dir (example chmod 770 domain_name)

Once this is the the user will be able to recieve e-mail.

To access the e-mail box via squirrelmail or a e-mail client you must enter the username and password like this (example)

username : someuser@somedomain.com
password : passwordforsomeuser

Sincerely
Robert B