Thursday, February 4, 2010

Configuring SendMail with Dovecot and SASL Authentication

SkyHi @ Thursday, February 04, 2010
Here is the steps that I followed for Configuring SendMail with Dovecot and SASL Authentication]

1)Install the following packages on the server.

[root@server1 ~]#yum install  sendmail-8.13.8-2.el5
[root@server1 ~]#yum install  sendmail-doc-8.13.8-2.el5
[root@server1 ~]#yum install  sendmail-cf-8.13.8-2.el5
[root@server1 ~]#yum install cyrus-sasl-lib-2.1.22-5.el5
[root@server1 ~]#yum install cyrus-sasl-devel-2.1.22-5.el5
[root@server1 ~]#yum install cyrus-sasl-gssapi-2.1.22-5.el5
[root@server1 ~]#yum install cyrus-sasl-2.1.22-5.el5
[root@server1 ~]#yum install cyrus-sasl-plain-2.1.22-5.el5
[root@server1 ~]#yum install cyrus-sasl-md5-2.1.22-5.el5
[root@server1 ~]#yum install dovecot-1.0.7-7.el5

2)Make sure that host name entries are correct in the /etc/hosts file.

Entries will be like this:-
[root@server1 ~]# cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
66.71.249.201 server1.openhelp.info.  server1

3) Setup the RDNS for the server IP address.

Here the IP address of the server is 66.71.249.201
Make sure that the forward and RDNS are setup  correctly.
[root@server1 ~]# host 66.71.249.201
201.249.71.66.in-addr.arpa domain name pointer server1.openhelp.info.

[root@server1 ~]# host server1.openhelp.info.
server1.openhelp.info has address 66.71.249.201

4)Configure The /etc/resolv.conf File

Check for the name server entries in the /etc/resolv.conf.
Entries will be like this:-
[root@server1 ~]# cat /etc/resolv.conf
domain openhelp.info
nameserver 208.67.220.220
nameserver 208.67.222.222
The MX record for your domain must point to the IP address of the mail server.

5)Configure the send mail configuration file.

For that you need to edit the /etc/mail/sendmail.mc file.
Make sure that the following lines are not commented:-
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl

 dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
Comment out the SMART_HOST Entry in sendmal.mc.
The mail server doesn’t need a SMART_HOST entry in its sendmail.mc file.
Comment this out with a dnl at the beginning.
dnl define(`SMART_HOST’,`mail.my-site.com’)
Execute the following command to regenerate sendmail.cf.
[root@server1 ~]#make sendmail.cf -C /etc/mail
You may also use the following command to  generate a new sendmail.cf file:
[root@server1 ~]#m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

6)Configure access.db

Make sure that the following entries are there:-
[root@server1 ~]# cat /etc/mail/ access
localhost.localdomain           RELAY
localhost                       RELAY
127.0.0.1                       RELAY
129.82.99.147                   RELAY
The IP address entries in the /etc/mail/ access can only relay mail throgh the server.
You’ll then have to convert this text file into a sendmail readable database file named /etc/mail/access.db.
Execute the following commands:-
[root@server1 ~]#cd /etc/mail
[root@server1 ~]#make

7) The /etc/mail/local-host-names File:-

The domain entries which is present in the /etc/mail/local-host-names  can only receive the mails in the server.
Entries will be like this:-
[root@server1 ~]# cat /etc/mail/local-host-names
openhelp.info
server1.openhelp.info

8) The /etc/mail/virtusertable file

A virtusertable is a database that maps virtual domains into news addresses. With this feature, mail for virtual domain on your network can be delivered to local, remote, or a single user address.
Example entries:-
[root@server1 ~]# cat /etc/mail/virtusertable
james@openhelp.info james
shane@openhelp.info shane@gmail.com
@openhelp.info admin
@tuxplanet.com tux
First column is the  the target email address and the second column is  the local user’s mail box or  a remote email addressor a mailing list entry present in the  in the /etc/aliases file to which the email should be forwarded.If matching entries are not there in the /etc/mail/virtusertable, then sendmail checks the email address in the /etc/aliases fle.After editing the file /etc/mail/virtusertable execute the commands:-
[root@server1 ~]#cd /etc/mail
[root@server1 ~]#make
These commands will convert the entries in the file /etc/mail/virtusertable to a sendmail-readable database file named /etc/mail/virtusertable.db

9)The /etc/mail/aliases file

The aliases database contains a list of virtual mailboxes that are expanded to other user(s), files, programs or other aliases.
Here are a few examples that can be used in /etc/mail/aliases
[root@server1 ~]#cat /etc/mail/aliases
root: jack
hacker : john,mark, kat
abuse:: /dev/null
procmail: "|/usr/local/bin/procmail"
The file format is simple; the mailbox name on the left side of the colon is expanded to the target(s) on the right. The first example simply expands the mailbox root to the mailbox jack,
which is then looked up again in the aliases database. If no match is found, then the message is delivered to the local user jack. The next example shows a mail list. Mail to the mailbox hacker is expanded to the three local mailboxes john,mark and kat .  The next example shows writing mail to a file, in this case /dev/null. The last example shows sending mail to a program, in this case the mail message is written to the standard input of /usr/local/bin/procmail through a UNIX® pipe. When this file is updated, you need to run make in /etc/mail/ to update the database.

10)Configure saslauthd

Saslauthd is a daemon process that handles plaintext authentication requests on behalf of the SASL library.  The server fulfills two roles: it isolates all code requiring superuser privileges into a single process, and it can be used to provide proxy authentication services to clients that do not understand SASL based authentication.
By default authentication mechanism is the local shadow password file. But here we are using PAM.
Entries should be like this:-
[root@server1 ~]# cat /etc/sysconfig/saslauthd.
# the default is "shadow", but we're using "pam"
MECH=pam
# these two settings are the defaults
SOCKETDIR=/var/run/saslauthd
FLAGS="-n 2"
Check the  /usr/lib/sasl2/Sendmail.conf file and make sure that the following entries are there:-
[root@server1 ~]# cat /usr/lib/sasl2/Sendmail.conf
pwcheck_method:saslauthd

11)Make sure that saslauthd is started at boot time.

root@ [~]#chkconfig saslauthd on

12)Configure PAM

Make sure that the following entries are there in /etc/pam.d/smtp
root@ [~]# cat /etc/pam.d/smtp
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth

13) Configure dovecot

Check the /etc/dovecot.conf file add/uncomment the following line:-
protocols = imap imaps pop3 pop3s

14)Restart the following services:-

[root@server1 ~]#/etc/init.d/saslauthd start
[root@server1 ~]#/etc/init.d/sendmail start
[root@server1 ~]#/etc/init.d/dovecot start

REFERECES
http://openhelp.net/2010/01/18/configuring-sendmail-with-dovecot-and-sasl-authentication/