Re: send email

From: nessuno (nessuno_at_wigner.berkeley.edu)
Date: 07/21/03


Date: 20 Jul 2003 16:01:16 -0700


"CL (dnoyeB) Gilbert" <CheckMyGPGKey@ThisOneIsFake.com> wrote in message news:<5eacnZhtGc13o4SiXTWJig@comcast.com>...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> CL (dnoyeB) Gilbert wrote:
> | Atse wrote:
> | | That means the user who is a valid user of this mail server, locating
> | | anywhere and hosting any IP without specified at this server, can send
> email
> | | through this SMTP by using MS Outlook/Outlook Express
> | |
> |
> | You have to first install another component. look for mapi package, I
> | believe the mapi one contains the SMTP server as well
> |
> |
> |
>
> cant remember if thats mapi or imap...
>
> - --
> Respectfully,
>
>
> CL Gilbert
>
> "Verily, verily, I say unto you, He that entereth not by the door() into
> the sheepfold{}, but climbeth up some other *way, the same is a thief
> and a robber." John 10:1
>
> GnuPG Key Fingerprint:
> 82A6 8893 C2A1 F64E A9AD 19AE 55B2 4CD7 80D2 0A2D
>
> For a free Java interface to Freechess.org see
> http://www.rigidsoftware.com/Chess/chess.html
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE/GT7qVbJM14DSCi0RAi2RAJ4uyUSB39S/MXrZ8ef1gWaGLexv0ACdEuWL
> Pb4TW+mO6bFWlvqz0rW8HE8=
> =/+AV
> -----END PGP SIGNATURE-----

Dear Atse,

I'm certainly no expert on this subject, but recently I set up RH 9.0
to act as a mail server for local and remote clients, so my experience
may help. My clients were using Netscape or Mozilla to send and
receive email, not Outlook, but I suspect the general principles are
the same. (These programs are called Mail User Agents, or MUAs).

First, I found the documentation that came with RH 9.0 very useful.
Since you have RH 8.0, I can't give you page numbers, but it should be
similar. If you don't have the printed manuals (worth the price), you
should have this documentation on CDs with the distribution itself, or
you can get it online from RedHat. In particular, the Reference Guide
has a chapter on email that you might start with.

Let's think about two machines: Yours, the *mail server*, presumably
running RH Linux 8.0, and a *client*, presumably running Outlook on
Windows or something like that. The client wants to be able to send
and receive email.

In addition, you might have users with accounts on your mail server
itself, who want to send and receive email. Call them *local
clients*. I'll talk about the remote clients first, they're more
difficult to set up.

Most MUAs, running on the client machine, interact with the mail
server via one of two protocols, POP or IMAP. One difference is that
when you read emails, POP transfers the entire email to the client
machine (this can be slow if the client is using dial-up and the email
has big attachments), while IMAP only transfers the message header.
In the IMAP system, emails are maintained on the server itself, not
the client machine. This costs disk space on the server, but it is
convenient if a user wants to access his email from several different
client machines.

When a mail client (in your case, someone running Outlook on another
machine) configures his account, he will have to specify whether he
wants POP or IMAP. Also, if you want to use the IMAP protocol (say),
then you must have an imap daemon running on your client machine to
listen to and respond to imap requests that come in. I set up IMAP on
my machine, so I'll talk about that, but I believe POP is similar.

In addition to the imap daemon, you also need to have sendmail running
on the server (or equivalent program, but I'll talk about sendmail
because that's what I used). You will want to think about security
when you set up both these programs on the server.

One important security requirement concerns the process whereby remote
clients send emails. The process is that a remote client sends an
email to your server, and sendmail running on your server then
"relays" it to the destination. By default, however, sendmail on
recent RH distributions is configured not to relay anything from
anywhere. You can change the configuration of sendmail to make it
respond to any relay request it receives from anywhere ("promiscuous
relaying"), but if you do this every spammer in the world will soon be
using your mail server to relay their spam to hide its true source.
Some of the messages earlier in this thread alluded to this threat. It
sounded from your original message that you wanted to configure
sendmail for promiscuous relaying, but you surely don't want to do
that. Instead, you want to configure it to relay only from the ip
addresses of your trusted clients.

Another security question is whether you want communications between
remote clients and the mail server to be encrypted. If so, the
clients will have to enable SSL (secure sockets layer) on their MUA,
and you will have to use the right version of the imap daemon (there
are two versions, with and without ssl protection). I set
up my system with encryption.

Yet another security question concerns your firewall. You may not
have a firewall, but if you do, you are using (probably) iptables to
implement it, and the default firewall (my choice was Medium Firewall
at installation time) blocks all incoming imap requests. Thus, the
firewall configuration must be modified to accept imap requests.

Here is another security consideration. Email clients, whether local
or remote, must have accounts on the mail server. (The mail
itself is stored somewhere under /var.) However, clients who only want
you use your system for email do not need to have full accounts with
home directories, etc. In fact, it is better if they do not, since if
someone finds out their password, they could log in as a user and
create mischief if the account is a full account. I only had one
remote client I wanted to serve, so I went ahead and created a full
account for that person, but you might want to investigate how to set
up user accounts without login privileges for your email clients.

What follows are the steps I used (somewhat simplified) when I set up
my mail server on RH 9.0. Some things may be different on RH 8.0.

First I got sendmail itself running and configured. First I went to
System Settings -> Server Settings -> Services and checked sendmail,
and then started it. Now as a local user on the mail server, I used
the unix mail program to send an email to another email address (I
have one on a local ISP that I used as a target.) This should work.

The next problem is that the default configuration of sendmail with RH
9.0 can send email, but not receive it. To change this configuration,
go to /etc/mail (as root), save copies of sendmail.mc and sendmail.cf.
Then edit /etc/mail/sendmail.mc to comment out the line with
DAEMON_OPTIONS in it. Then run

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
/sbin/service sendmail restart

See the Reference Guide for documentation about this process. The
first time I did this, I found that program m4 was not installed with
my installation. So I had to go back and install the package
sendmail-cf, to get this program. When I ran the above commands, I
got an error message on shutting down sm-client, but it didn't
seem to hurt anything.

After this, a local mail client on the server itself should be able to
receive email sent from another source by using the unix mail
program. If all is ok up to this point, sendmail is probably working
correctly.

Next we worry about setting up your machine as an imap server. The
first problem is the firewall, that by default blocks imap requests.
If you're an expert with iptables, you know how to change this to
allow incoming imap requests. On RH 9.0 there is a tool for
configuring the firewall (under Start Here -> System Settings ->
Security Level), but it is rather crude and does not allow you to
enable imap. However, I found that I could use the command line
lokkit to do this (I entered imap under "Other Ports" on the second
page). This is an alternative to using iptables. BTW, gnome-lokkit,
a GUI version of lokkit, does not allow you to enable imap, use the
command line version.

Next you need to make sure imap is installed and running, and in the
right version. There are basically two versions, one that transfers
data in plain text (imap), and one that uses SSL encryption (imaps).
These listen on different ports (143 and 993 resp). I bought a book,
"Open Source Email Security" by Blum, which discusses this in Ch. 16.
On RH 9.0, you go to Start Here -> System Settings -> Server Settings
-> Services, make sure imaps is is running, and imap is not. These
are xinetd services, you might want to read about this, since xinetd
has ways of controlling access to different services. However, I
found that xinetd as configured by RH was not blocking access to imap
services.

Now you need to set up an SSL certificate, if you want to use
encrypted communication. See p. 164 of the 9.0 Reference Guide. Go
to /usr/share/ssl/certs, rename the file imapd.pem, then run

make imapd.pem

and follow the instructions to make a certificate. To do it right you
need a certificate from a certificate authority, but you have to pay
for that. Then do

/sbin/service imaps restart

or use the Services tool to restart.

Now you can test this out to see if you can make a connection. From
another unix computer enter:

openssl s_client -host <your mail server> -port 993

It will be obvious if you make the connection (you should be able to).
This will guarantee that the SSL version if the imap daemon is running
on your mail server.

Next you need to configure sendmail to relay from privileged clients.
For each such client, enter a line in the file /etc/mail/access file
like the following:

207.213.11 RELAY

where on the left is an ip address (or a partial ip address if you
want to allow access from a subnet). After changing this file, you
must run

makemap hash /etc/mail/access < /etc/mail/access

That's most of what worked for me. Hope this helps.

Sincerely, Robert Littlejohn (=nessuno, the email address above is a
dummy that forwards to the real me).



Relevant Pages

  • Re: [kde] exporting from kmail (Was: Kmail2/Akonadi issue on FreeBSD.)
    ... was setting up an imap mail server. ... native mail program on ipod-touch - any other imap aware client you ... have separate instances of claws for mail and feeds, ...
    (KDE)
  • [kde] exporting from kmail (Was: Kmail2/Akonadi issue on FreeBSD.)
    ... was setting up an imap mail server. ... native mail program on ipod-touch - any other imap aware client you ... use email, mailinglists, newsgroups and feeds, but I prefer separate ...
    (KDE)
  • Re: [kde] Kmail2/Akonadi issue on FreeBSD.
    ... setting up an imap mail server. ... server and I am free to use any client I want ... the OP in this thread is using IMAP and the new kmail is still ...
    (KDE)
  • Re: am i back up....???
    ... by your own server or by someone you trust, ... client program I want - I get the messages using fetchmail ... you could install an IMAP interface for mail ...
    (freebsd-questions)
  • Re: Need Outlook Express Help
    ... downloaded all the e-mails again from the server ... outside of OE or with the mail server to which OE connects. ... Your e-mail client is going to ... sending e-mails to the AV inspector instead of to the real mail server. ...
    (microsoft.public.outlook)