Friday, January 8, 2010

How to set up a home email server (without being spammed to death)

SkyHi @ Friday, January 08, 2010

Why host your own mail?

There are many reasons to host your own email. Perhaps you don't like the limits placed on you by your current ISP. Maybe they aren't willing to host the domain you want, or give you the access you want. And if they do fit your needs, they want to charge a small fortune. Maybe you want complete privacy. Or perhaps you just want to access your email from anywhere using a web-based frontend. The list goes on and on...
There are several many ways to accomplish this task. Everyone has their preferred MTA program, but for the purposes of this article, we'll use sendmail. The same can also be done using postfix, or exim. Each approach has its own merits.
Let's get started.

Requirements

I'm going to assume that when setting up your email server, you'll want to do so with your own personalized domain name. While I'm not going to explain how to register a domain name, if you're unsure, you can always click here for an explanation on how to do so. The domain that I'll refer to in this article will be mailjunkie.org, with the hostname of the machine being server1. I'm also going to assume, at least for now, that your IP address is static, and your inbound and outbound connections on port 25 are unrestricted.
The first thing you'll need will be your physical infrastructure: a computer running Red Hat® Enterprise Linux®, a high-speed Internet connection, and a registered domain name. After you have installed Red Hat Enterprise Linux on your system you will want to make sure the following packages are installed:
  • dovecot
  • sendmail
  • sendmail-cf
  • squirrelmail
  • perl
  • gcc
There are other packages we will need later on.

Configuring your mail exchanger

After you've set up your domain name with your favorite registrar, you will need to configure your Mail Exchanger (MX) record. You will do this through your domain registrar. After you find the page that will allow you to set up your MX record, I recommend you do the following:
  • Setup the MX record in the format mx.yourdomain.com. So, for our example domain, we would choose "mx.mailjunkie.org" as our MX record.
  • Configure your mail exchanger with a priority of 0 (zero).
  • Create a hostname/address (A RECORD) that associates mx.mailjunkie.org with the IP address that your ISP has assigned you.
After you're done setting this up, you can test to see if it worked by dropping to a shell prompt and issuing the following command. If your setup is correct, you should see some synthesis of:
[root@server1 ~]$ nslookup -query="MX" mailjunkie.org
Server:         127.0.0.1 
Address:        127.0.0.1#53

Non-authoritative answer:
mailjunkie.org    mail exchanger = 0 mx.mailjunkie.org.

Authoritative answers can be found from:
mailjunkie.org    nameserver = dns4.name-services.com.
mailjunkie.org    nameserver = dns5.name-services.com.
mailjunkie.org    nameserver = dns1.name-services.com.
mailjunkie.org    nameserver = dns2.name-services.com.
mailjunkie.org    nameserver = dns3.name-services.com.
mx.mailjunkie.org       internet address = 1.2.3.4
dns1.name-services.com  internet address = 69.25.142.1
dns2.name-services.com  internet address = 216.52.184.230
dns3.name-services.com  internet address = 63.251.92.193
dns4.name-services.com  internet address = 64.74.96.242
dns5.name-services.com  internet address = 70.42.37.1
Please note that it may take some time for the changes you have made to propagate through DNS. If you check immediately after you make these changes and do not see your settings reflected, try a few minutes later.

Configuring s`endmail

The next step will be setting up and configuring sendmail. The process for doing this is somewhat arduous, so please read all of the information presented before beginning.
The file /etc/mail/sendmail.cf is the main configuration file for sendmail. This "cf file" contains the directives that sendmail will operate under. Much more friendly, however, is the file /etc/mail/sendmail.mc. This "mc file" should be the base that you use for making all changes to sendmail's operating parameters. Additionally, the "cf file" is created from the parameters listed in this "mc file". Red Hat has done a wonderful job creating a template for your "mc file" and as such, the bulk of the changes that need to be made are just editing directives that are already present. Below are the directives that you must search for within your "mc file" and change accordingly:
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl  - change to -  DAEMON_OPTIONS(`Port=smtp, Name=MTA')
LOCAL_DOMAIN(`localhost.localdomain')dnl                 - change to -  LOCAL_DOMAIN(`emailjunkie.org')
dnl MASQUERADE_AS(`mydomain.com')dnl                     - change to -  MASQUERADE_AS(`emailjunkie.org')
dnl FEATURE(masquerade_envelope)dnl                      - change to -  FEATURE(`masquerade_envelope')
dnl define(`SMART_HOST',`smtp.your.provider')            - change to -  define(`SMART_HOST',`your.trusted.smtp.relay')
Add in the line:
FEATURE(`allmasquerade')
Please note: You must replace "your.trusted.smtp.relay" with the name of your ISP's SMTP server. While omitting this change will not prevent your e-mail server from operating properly, there are several filters that are often employed that will block any "at home Cable, xDSL" port 25 connections for fear of spam.
After you have made these changes and are back in your server's /etc/mail directory, run the command "make -C /etc/mail". This compiles the "cf file" based on the instructions given in your "mc file". Each time you make a change to your "mc file", you must re-compile your "cf" file by issuing this command.

Edit your hosts file

Sendmail will make use of your /etc/hosts file, so you need to modify it so that mail is routed properly. Edit your /etc/hosts file and include a line that reads:
1.2.3.4     server1.mailjunkie.org
where 1.2.3.4 is the IP address that is assigned to you by your ISP.

Obtaining and installing MailScanner, SpamAssassin, and ClamAV

Out of the box, sendmail works to deliver mail only. As such, you are quite vulnerable to spam and virus threats that will very quickly become a problem if you do not take action early. These three applications will process received mail and scan it for viruses and spam before it is delivered. You can download the latest versions of these applications from mailscanner.info.
Download the latest "for Red Hat, Fedora, and Mandrake Linux (and other RPM-based Linux distributions)" release of MailScanner, as well as the latest "ClamAV and SpamAssassin easy installation packages."
The installation package for all of the applications is quite good; it will resolve most of the dependencies that are required to gunzip, un-tar, and run both of these applications. As MailScanner checks for the presence of ClamAV when it installs, I recommend installing the SpamAssassin/ClamAV package first:
[root@server1 ~]# wget http://www.mailscanner.info/files/4/install-Clam-0.88.5-SA-3.1.7.tar.gz
[root@server1 ~]# tar zxvf install-Clam-0.88.5-SA-3.1.7.tar.gz 
[root@server1 ~]# cd install-Clam-0.88.5-SA-3.1.7
[root@server1 install-Clam-0.88.5-SA-3.1.7]# ./install.sh
There will be significantly more output produced as ClamAV and SpamAssassin are installed on your system. After they are installed, you should see a message similar to this:
Now you need to install:
1) Razor-agents-sdk and Razor2 from http://razor.sourceforge.net/ and
2) DCC from http://www.rhyolite.com/anti-spam/dcc/
Follow the links above to download the three applications that will assist SpamAssassin in processing your email. Below are the list of commands I used to download and install them. For clarity, I have removed all of the output that was produced for each command. You can expect to see significantly more than what I have listed. What is shown are the base commands to download, compile, and install the helper applications.
[root@server1 ~]# wget http://umn.dl.sourceforge.net/sourceforge/razor/razor-agents-sdk-2.07.tar.bz2
[root@server1 ~]# wget http://umn.dl.sourceforge.net/sourceforge/razor/razor-agents-2.82.tar.bz2
[root@server1 ~]# wget http://www.rhyolite.com/anti-spam/dcc/source/dcc.tar.Z

[root@server1 ~]# bunzip2 razor-agents-sdk-2.07.tar.bz2 
[root@server1 ~]# tar xvf razor-agents-sdk-2.07.tar 
[root@server1 ~]# cd razor-agents-sdk-2.07
[root@server1 razor-agents-sdk-2.07]# perl Makefile.PL
[root@server1 razor-agents-sdk-2.07]# make
[root@server1 razor-agents-sdk-2.07]# make test
[root@server1 razor-agents-sdk-2.07]# make install
[root@server1 razor-agents-2.82]# cd ..

[root@server1 ~]# bunzip2 razor-agents-2.82.tar.bz2
[root@server1 ~]# tar xvf razor-agents-2.82.tar
[root@server1 ~]# cd razor-agents-2.82
[root@server1 razor-agents-2.82]# perl Makefile.PL
[root@server1 razor-agents-2.82]# make
[root@server1 razor-agents-2.82]# make test
[root@server1 razor-agents-2.82]# make install
[root@server1 razor-agents-2.82]# cd ..

[root@server1 ~]# tar zxvf dcc.tar.Z
[root@server1 ~]# cd dcc-1.3.42/
[root@server1 dcc-1.3.42]# ./configure
[root@server1 dcc-1.3.42]# make install
[root@server1 dcc-1.3.42]# cd ..
Now that these applications are installed, we can proceed to download, compile, and install MailScanner.
[root@server1 ~]# wget http://www.mailscanner.info/files/4/rpm/MailScanner-4.56.8-1.rpm.tar.gz
[root@server1 ~]# tar zxvf MailScanner-4.56.8-1.rpm.tar.gz
[root@server1 ~]# cd MailScanner-4.56.8-1
[root@server1 MailScanner-4.56.8-1]# ./install.sh 
As with ClamAV and SpamAssassin, there will be a significant amount of output produced. You should, however, end up with:
Preparing...                ########################################### [100%]
   1:mailscanner            ########################################### [100%]
Good, SpamAssassin site rules found in /etc/mail/spamassassin

To activate MailScanner run the following commands:

service sendmail stop
chkconfig sendmail off
chkconfig --level 2345 MailScanner on
service MailScanner start

For technical support, please read the MAQ at www.mailscanner.biz/maq/
and buy the book at www.mailscanner.info/store

----------------------------------------------------------
Please buy the MailScanner book from www.mailscanner.info!
It is a very useful administration guide and introduction
to MailScanner. All the proceeds go directly to making
MailScanner a better supported package than it is today.
Now, before we issue the commands to start MailScanner, please be sure within the /etc/MailScanner/MailScanner.conf file, the following lines exist:
  • Virus Scanners = clamav
  • Use SpamAssassin = yes
These directives tell MailScanner to use ClamAV to scan for viruses, and SpamAssassin to process email for spam. From here we can issue the commands below to start MailScanner and begin processing email. I highly recommend you view the /var/log/maillog file while starting MailScanner and scan the output for undesirable actions, as well as to verify that Mail is being processed properly.
[root@server1 MailScanner-4.56.8-1]# service sendmail stop
[root@server1 MailScanner-4.56.8-1]# chkconfig sendmail off
[root@server1 MailScanner-4.56.8-1]# chkconfig --level 2345 MailScanner on
[root@server1 MailScanner-4.56.8-1]# service MailScanner start

Setting up web access to your email

I am going to assume that you have your apache server running. If you don't you should review the steps to install and configure apache.
After you have verified that your web server is running, execute the following commands at your shell prompt:
[root@server1 ~]# chkconfig dovecot on
[root@server1 ~]# service dovecot start
These commands will start your IMAP server, which will be used by the Squirrel Mail package to access the mail stored on your server. With good luck, you should now have a fully functional, protected email server running. Keep in mind you may need to make changes to your /etc/mail/local-host-names file and /etc/mail/relay-domains file. Each case will be different, so I recommend you review your /var/log/maillog file and use the links provided to perform any final setting changes. Enjoy!

Reference: http://www.redhat.com/magazine/025nov06/features/email/index.html