Search Suggest

How to Configure sendmail ,dovecot , fetchmail , Clamav ,Mailscanner, Spamassassin,MailWatch in RHEL | centos [ Part-1/6 ]


INDEX
PART-1 Configure complete sendmail server in rhel.

PART-2 Creating the Certificate for secured communication(dovecot).

PART-3 Fetchmail Sample file to download the mail.

PART-4 Installation of CLAMAV antivirus.

PART-5 Mailscanner quick install notes.

PART-6 Installation instruction MailWatch & SpamAssassin.

General Scenario and assumption
We are going to configure OFF LINE mail server. We have our mail server hosted and our domain is “howto.info” and our mail server name “mail.howto.info” ( smtp and pop3 ).

User name at our hosted mail server is : mymail@howto.info
Password of user dimple on the mail server is : XXXX

Local configuration :
Ip address of our mail server in local network 192.168.0.xxx
We are using Redhat Enterprise Linux 4 U3 for the test setup.

All local users will contact our local mail server only.

The OFF-LINE mail server means : the last point of our mail is hosted mail server. Periodically we need to download the mail from hosted mail server. The download frequency can be decided on the basis of load and user. The fetchmail will provide the facility to download the mail from the hosted server.

The basic setup will include :

sendmail ( MTA – smtp server )
dovecot ( IMAP and POP3 server )
fetchmail ( download script from hosted server )
MailScanner ( antivirus mechanism for mail )
Clamav ( Antivirus software )
Spamassassin ( Antispam thru MailScanner only )
MailWatch ( Reports and maillog analysis )

1. General consideration and explanation :
Please check proper resolution of the hostname :
check   1. /etc/hosts
2. /etc/sysconfig/network

Should resolve the hostname like :
[root@stationxxx ~]# hostname
stationxxx.example.com

Example : /etc/hosts
[root@stationxxx ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.0.xxx stationxxx.example.com stationxxx

Example : /etc/sysconfig/network
[root@stationxxx ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=stationxxx.example.com

Check the rpm is loaded or not :
# rpm -qa | grep sendmail
sendmail-8.13.1-2
sendmail-cf-8.13.1-2
#rpm -qa | grep dovecot
dovecot-0.99.11-2.EL4.1

# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
This command invokes the m4 macro processor, supplying it the name of two macro definition files to process. m4 processes the files in the order given. The first file is a standard sendmail macro template supplied with the sendmail source package, the second, of course, is the file containing our own macro definitions. The output of the command is directed to the /etc/mail/sendmail.cf file, which is our target file.

You may now start sendmail with the new configuration.

Sample /etc/mail/sendmail.mc file :
dnl define(`SMART_HOST',`smtp.your.provider')
define(`SMART_HOST',`mail.howto.info')
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5
LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
define(`confCACERT_PATH',`/etc/mail/certs')
define(`confCACERT',`/etc/mail/certs/cacert.pem')
define(`confSERVER_CERT',`/etc/mail/certs/sendmail.pem')
define(`confSERVER_KEY',`/etc/mail/certs/sendmail.pem')
define(`confCLIENT_CERT',`/etc/mail/certs/sendmail.pem')
define(`confCLIENT_KEY',`/etc/mail/certs/sendmail.pem')
dnl #
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
dnl #
dnl FEATURE(`accept_unresolvable_domains')dnl
FEATURE(authinfo, `hash -o /etc/mail/authinfo')
dnl #
LOCAL_DOMAIN(`localhost.localdomain')dnl
LOCAL_DOMAIN(`howto.info')dnl
dnl #
dnl MASQUERADE_AS(`mydomain.com')dnl
MASQUERADE_AS(`howto.info')dnl
dnl #
FEATURE(masquerade_envelope)dnl
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
FEATURE(masquerade_entire_domain)dnl
dnl #
MAILER(local)

The /etc/mail/access file:
# Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
# by default we allow relaying from localhost...
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
192.168.0 RELAY
howto.info RELAY
student@ REJECT

NOTE : Please check /usr/share/sendmail-cf/README for RHEL5

Sample /etc/mail/authinfo file:
#AuthInfo:yahoo.com "U:siege.x@sbcglobal.net" "P:pAsSWoRd" "M:PLAIN LOGIN"
#AuthInfo: "U:siege.x@sbcglobal.net" "P:pAsSWoRd" "M:PLAIN"

/etc/aliases (& /etc/aliases.db)
Contains aliases for e-mail addresses. For example, it allows you to send mail destined for user 'daemon' to 'root'.

Only local names may be aliased.

Example /etc/aliases file:
daemon:        root  # Messages sent to user daemon are redirected to root
root: steve # Messages sent to root are redirected to steve
webmaster: steve bob sue
steve@foo.com: bob # This entry is invalid unless the local host name is foo.com
# or foo.com is listed in /etc/mail/local-host-names
After editing /etc/aliases,
you must regenerate /etc/aliases.db with the newaliases command.

/etc/mail/access (& /etc/mail/access.db) :
Controls which hosts are allowed to use sendmail.
localhost.localdomain   RELAY   #
localhost RELAY ### These 3 permit the localhost to relay
127.0.0.1 RELAY #
10.22 REJECT # Reject mail from any host with an IP that starts with 10.22
nobody@ REJECT # Rejects any mail addressed to user 'nobody' regardless
# of the domain it's sent to.
foo.com OK # Accept mail from foo.com (not for relaying) even
# if other rules might reject it
bar.com REJECT # Reject all mail from bar.com and send message to sender
foobar.com DISCARD # Like REJECT, except sender doesn't receive a message

# The following sends the specfied RFC error code back to the sender along with the
# message specified after it.
someone.com 550 We don't accept your mail.
After editing /etc/mail/access, you must regenerate /etc/mail/access.db by going into /etc/mail and typing make.

/etc/mail/mailertable (& /etc/mail/mailertable.db)
Useful for overriding DNS or if DNS isn't available.
Allows you to perform domain translation.
Can specify the deliver agent.
foo.net     smtp:bar.net        
# Forward mail addressed to foot.net to bar.net
foobar.net smtp:[192.168.1.20]

# Forward mail addressed to foobar.com to the host at 192.168.1.20
Regenerate /etc/mail/mailertable.db by going to /etc/mail and typing make.

/etc/mail/virtusertable (& /etc/mail/virtusertable.db)
Allows you to map multiple virtual domains and users to other addresses.
webmaster@foo.com     steve          
# Mail sent to webmaster@foo.com is redirected to local user steve

postmaster@bar.com steve@foo.com
# Mail sent to postmaster@bar.com is redirected to steve@foo.com

@somedomain.com joe@foo.com
# Mail addressed to _any_ user at somedomain.com is redirected

# to joe@foo.com
@foobar.com %1@bar.com
# Mail addressed to a user at foobar.com is redirected to the same
# user at barr.com.
Regenerate /etc/mail/virtualusertable.db by going to /etc/mail and typing make.


/etc/mail/domaintable (& /etc/mail/domaintable.db)
Allows an old domain to be mapped to a new one.
Example /etc/mail/domaintable:
NEED TO FIND MORE INFO ABOUT domaintable
Regenerate /etc/mail/domaintable.db by going to /etc/mail and typing make.


/etc/mail/local-host-names
This file must contain the sendmail server's machine name and any aliases. Sendmail must be restarted after changing this file in order for it to take effect.
foo.com
howto.info

Your Sendmail.conf file should look like as below or change it so it will look like below for user authentication
# cat /usr/lib/sasl2/Sendmail.conf
pwcheck_method:saslauthd

Execute below command to use /etc/shadow file as authentication.
#saslauthd -a shadow

PART-1 Configure complete sendmail server in rhel.

PART-2 Creating the Certificate for secured communication(dovecot).

PART-3 Fetchmail Sample file to download the mail.

PART-4 Installation of CLAMAV antivirus.

PART-5 Mailscanner quick install notes.

PART-6 Installation instruction MailWatch & SpamAssassin.

Đăng nhận xét