Configure Squrralmail

Configure Hosts

1. Click Applications, select System Tools then click File Browser. This will launch the File Browser window.

2. In the Location field, type in /etc and press Enter. If you don’t see the Location field, click the notepad button to toggle to text-based location bar.

3. Locate and double click on the file hosts to open it for editing. Update the content similar to the lines below. 127.0.0.1 localhost.localdomain localhost::1 localhost6.localdomain6 localhost6192.168.0.4 mail.acme.local mail

Replace the last line with your own IP address, fully qualified domain name and host name.

Test the Host Name Lookup

1. Click Applications, select Accessories, and click Terminal. This will launch the Terminal window.

2. In the terminal window, type in the command below. ping localhost

You should see localhost.localdomain and 127.0.0.1

3. Next, type in the command below. ping mail

Replace mail with your own hostname. You should see your fully qualified domain name and ip address.

Postfix SMTP Server Setup Howto for RHEL/CentOS 5

Installing and setting up Postfix SMTP Server in Red Hat Enterprise Linux 5 or CentOS 5 is easy. Postfix has secure default settings so we just need to open it up a bit

Install Postfix and Mail Transport Agent Switcher

1. If you did not add postfix and system-switch-mail-gnome during the CentOS installation, you can add it now using Package Manager tool.

Configure Postfix

1. Click Applications, select System Tools then click File Browser. This will launch the File Browser window.

2. In the Location field, type in /etc/postfix and press Enter. If you don’t see the Location field, click the notepad button to toggle to text-based location bar.

3. Double click on the file main.cf to open it for editing. We need to make it listen to network request, accept mails bound to our domain and use maildir which is a better mailbox format than mbox the default.Find the following keys and change its values as followsinet_interfaces = allmydestination = $myhostname, localhost.$mydomain, localhost, $mydomainhome_mailbox = Maildir/

In main.cf, lines starting with # are comments. Save the file after completing your changes.

Make sure that all mail_spool_directory lines are commented out. Otherwise, it will override the setting in the home_mailbox line above.

4. Restart the postfix service. Learn how to restart services here.

Test Postfix

1. Click Applications, select Accessories, and click Terminal. This will launch the Terminal window.

2. In the Terminal window, type in the highlighted commands below.

Sample postfix session. Replace johndoe with any valid user account. The dot after the line test is a command that should be typed in.

If you need to add new user accounts, learn how to add or remove user accounts here.[root@mail ~]# telnet localhost smtpTrying 127.0.0.1...Connected to localhost.localdomain (127.0.0.1).Escape character is '^]'.220 mail.acme.local ESMTP Postfixehlo localhost250-mail.acme.local250-PIPELINING250-SIZE 10240000250-VRFY250-ETRN250-ENHANCEDSTATUSCODES250-8BITMIME250 DSNmail from:<johndoe>250 2.1.0 Okrcpt to:<johndoe>250 2.1.5 Okdata354 End data with <CR><LF>.<CR><LF>test

.250 2.0.0 Ok: queued as 9729067C17quit221 2.0.0 ByeConnection closed by foreign host.[root@mail ~]#

To check if the mail indeed exists

[root@mail ~]# cd /home/johndoe/Maildir/new[root@mail new]# ls1185669817.Vfd00I18012M795756.mail.acme.local[root@mail new]# cat 1185669817.Vfd00I18012M795756.mail.acme.local

Don’t worry, you don’t have to type in the whole filename above. Just type in the first few characters say 118 then press Tab to activate automatic completion.

From [email protected] Thu Feb 22 21:48:28 2007Return-Path: <[email protected]>X-Original-To: johndoeDelivered-To: [email protected]: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by mail.acme.local (Postfix) with SMTP id 9729067C17 for <johndoe>; Thu, 22 Feb 2007 21:48:26 -0500 (EST)Message-Id: <[email protected]>Date: Thu, 22 Feb 2007 21:48:26 -0500 (EST)From: [email protected]: undisclosed-recipients:;

test

[root@mail mail]#

Configure Dovecot

1. Click Applications, select System Tools then click File Browser. This will launch the File Browser window.

2. In the Location field, type in /etc and press Enter. If you don’t see the Location field, click the notepad button to toggle to text-based location bar.

3. Double click on the file dovecot.conf to open it for editing. We need to change a few key items.Find the following keys and change its values as followsprotocols = pop3 pop3s imap imapsmail_location = maildir:~/Maildir/pop3_uidl_format = %08Xu%08Xvimap_client_workarounds = delay-newmail outlook-idle netscape-eoh

pop3_client_workarounds = outlook-no-nuls oe-ns-eoh

For 64-bit users: Add the line login_process_size = 64 in the file /etc/dovecot.conf.

Lines starting with # are comments. The last two line enables workarounds for various client bugs. Save the file after completing your changes.

4. Start the dovecot service. Learn how to start and stop services here.

Test Dovecot

1. Click Applications, select Accessories, and click Terminal. This will launch the Terminal window.

2. In the Terminal window, type in the highlighted commands below.

Sample dovecot session. Replace johndoe and password with any valid user name and password.

[root@mail ~]# telnet localhost pop3+OK dovecot ready.user johndoe+OKpass password+OK Logged in.list+OK 1 messages:1 622.retr 1+OK 622 octetsReturn-Path: <[email protected]>X-Original-To: johndoeDelivered-To: [email protected]: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by mail.acme.local (Postfix) with SMTP id 9729067C17 for <johndoe>; Thu, 22 Feb 2007 09:06:37 -0500 (EST)Message-Id: <[email protected]>Date: Thu, 22 Feb 2007 09:06:37 -0500 (EST)From: [email protected]: undisclosed-recipients:;X-IMAPbase: 1172153557 1Status: OX-UID: 1Content-Length: 5X-Keywords:

test.quit+OK Logging out.

Connection closed by foreign host.[root@mail ~]#

Postfix SMTP Authentication and Dovecot SASL

SMTP Authentication (SMTP Auth) provides an access control mechanism that can be used to allow legitimate users to relay mail while denying relay service to unauthorized users, such as spammers

Configure Postfix and Dovecot

1. Edit the file /etc/dovecot.conf and make sure your auth default section has the lines below.auth default { socket listen { client {

path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix

} } mechanisms = plain login}

If you are using Ubuntu, edit /etc/dovecot/dovecot.conf.

2. Edit /etc/postfix/main.cf, find the keys below and change its values as follows or add it at the bottom of the file if the key (the word before the = sign) cannot be found.mynetworks = 127.0.0.0/8smtpd_sasl_type = dovecotsmtpd_sasl_path = private/authsmtpd_sasl_auth_enable = yessmtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destinationbroken_sasl_auth_clients = yes

The first line says trust only localhost, meaning only localhost can send email outside the network (relay). The last line is there to support old clients like Microsoft Outlook Express 4.0 and Microsoft Exchange 5.0 just in case someone is still using it. Lines starting with # are comments. Save the file after completing your changes. 3. Restart the Dovecot and Postfix service. But if you installed MailScanner, restart MailScanner instead of Postfix.

Test Postfix

In a Terminal window, type in the highlighted commands below.

Sample postfix session

[root@mail ~]# telnet mail smtp

Replace mail with the name of your server. We should not use localhost since localhost is a trusted client ip address. And make sure the domain name you specified does not resolve to 127.0.0.1 which is the IP address of localhost.

Trying 192.168.0.1...Connected to mail.acme.local (192.168.0.1).Escape character is '^]'.220 mail.acme.local ESMTP Postfixehlo localhost250-mail.acme.local250-PIPELINING250-SIZE 10240000250-VRFY250-ETRN250-AUTH LOGIN PLAIN250-AUTH=LOGIN PLAIN250-ENHANCEDSTATUSCODES250-8BITMIME250 DSN

Note the new 250-AUTH lines. See the old SMTP Telnet Test.

mail from:<johndoe>250 2.1.0 Okrcpt to:<[email protected]>554 5.7.1 <[email protected]>: Relay access denied

It works, now to check if we can send it after authenticating.

auth plain AGpvaG5kb2UAcGFzc3dvcmQ=235 2.0.0 Authentication successfulrcpt to:<[email protected]>250 2.1.5 Ok

quit221 2.0.0 ByeConnection closed by foreign host.[root@mail ~]#

You can send to email addresses belonging to your domain without authentication. This is normal as it enables you to receive mail from the outside

Starting the Web Server

1. If you did not add Web Server and squirrelmail during installation, you can add it now. Using the Package Manager tool, add the Web Server package in the Servers category. Also add the optional package squirrelmail located in the Mail Server package under the category Servers.

2. Start the httpd service. Learn how to start and stop services here.

Configuring SquirrelMail

1. From a Terminal window, type in /usr/share/squirrelmail/config/conf.pl and press Enter. This will launch the SquirrelMail Configuration utility.

If your Terminal window has a white background, make sure that the colors are off by looking for the command Turn color on. If the command is Turn color off, type in C and press Enter to turn the colors off. This will ensure that you will be able to read all of the text.

2. Type in D and press Enter to select the Set pre-defined settings for specific IMAP servers menu. Type in dovecot and press Enter.

3. Type in 2 and press Enter to select the Server Settings menu.

4. Type in 1 and press Enter to select the Domain menu. Type in your domain name and press Enter. Save your changes when you are done.

I recommend installing the Retrieve User Data plugin so the user’s name will appear whenever he or she sends an email in SquirrelMail.

Testing SquirrelMail

1. Click the globe icon at the top near the System menu to launch the Firefox web browser. If an error occurs, you probably did not install the Graphical Internet package. You can add it now using the Package Manager tool.

2. In the address box, type in http://localhost/webmail and press Enter. Type in a valid username and password and click Login.

3. That’s it, it’s working.

If you encounter any problems, check the log file at /var/log/maillog. 

Relocating SquirrelMail into the domain root

By default, SquirrelMail is located in the /webmail of your domain. If you prefer to access SquirrelMail from the root of your domain, follow the steps below.

1. Create the file /etc/httpd/conf.d/sqroot.conf containing the lines below. <VirtualHost *:80>DocumentRoot /usr/share/squirrelmail</VirtualHost>

If you are using SSL and you want to force users to use SSL, add the Redirect directive inside the VirtualHost section to redirect browsers to the secured version. See the example below.redirect permanent / https://mail.acme.local

2. Restart the httpd service. Learn how to restart services here.

3. Now try browsing http://localhost

Firewall Configuration (GUI)

This section describes how to use the Security Level Configuration tool to configure the firewall.

1. Click System, select Administration and click Security Level and Firewall. This will launch the Security Level Configuration window.

2. For a mail server with webmail, check Mail (SMTP), Secure WWW (HTTPS) and WWW (HTTP) in the Trusted services list.

3. We also need to open the ports for the POP3 and IMAP services. In the Other ports field, add the port numbers below.

 ServicePortPOP3110:tcpPOP3S995:tcpIMAP143:tcpIMAPS993:tcp

Firewall Configuration (TUI)

This section describes how to use the Security Level Configuration text user interface (TUI) tool to configure the firewall.

Launch the Security Level Configuration tool using the command below. system-config-securitylevel-tui

2. In Security Level Configuration screen, press the Customize button.

3. Open the ports you desire and press OK button when you are done. 

You can see the list of service and port numbers by typing in getent services from the Terminal window.

Installing Clam AntiVirus

1. Install the EPEL repository package.

2. Type in the command below to install ClamAV. yum install clamd

3. To test ClamAV AntiVirus, type in the command clamscan in a terminal window.

4. To update the virus database, type in the command freshclam in a terminal window.

Installing MailScanner

1. Install the EPEL repository package.

2. Type in the command below (in one line) to install the required dependencies for MailScanner. yum install perl-Archive-Zip perl-DBIperl-DBD-SQLiteperl-Filesys-Df perl-Net-CIDR perl-OLE-Storage_Lite perl-Sys-Hostname-Longperl-Sys-SigActionperl-MIME-tools

3. Download the latest stable version of MailScanner for RedHat, Fedora and Mandrake Linux at http://www.mailscanner.info/downloads.html.

4. Extract MailScanner using the command below. tar -xvzf ~/Desktop/MailScanner*.gz

Replace ~/Desktop with the path of your downloaded file

5. Finally, type in the command below to install MailScanner. cd MailScanner-4.83.5-1yum install --nogpgcheck mailscanner* tnef*

Replace MailScanner-4.83.5-1 with the path of the extracted MailScanner archive file.

6. To test MailScanner, use the command below. MailScanner

Errors related to configuration files are ok. Errors saying “Can’t locate xxx.pm” are perl module dependency problems so repeat step

SpamAssassin is included in Red Hat Enterprise Linux and CentOS and it’s ready to go out of the box. If it is not yet installed in your system, use the command below to install it.

yum install spamassassin

Configuring MailScanner

1. Edit the file /etc/MailScanner/virus.scanners.conf and change the path of clamav to /usr.

2. Edit the file /etc/MailScanner/MailScanner.conf and update the lines below.%org-name% = your organization name%org-long-name% = your full organization name%web-site% = your mail support website or company websiteRun As User = postfixRun As Group = postfixIncoming Queue Dir = /var/spool/postfix/holdOutgoing Queue Dir = /var/spool/postfix/incoming

Incoming Work Group = clamIncoming Work Permissions = 0640MTA = postfixVirus Scanners = clamdClamd Socket = /var/run/clamav/clamd.sockUse SpamAssassin = yesSpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

3. Setup the necessary directories using the commands below. cd /var/spool/MailScanner/mkdir spamassassinchown -R postfix.clam *chmod -R 750 *restorecon -R ../MailScanner/

4. For RHEL/CentOS 6, configure SELinux using the commands below. Here’s the content of freshclamtmp.tewget linuxmail.info/files/rhel6/freshclamtmp.techeckmodule -M -m -o freshclamtmp.mod freshclamtmp.tesemodule_package -o freshclamtmp.pp -m freshclamtmp.modsemodule -i freshclamtmp.pp

Integrating MailScanner into Postfix

1. Edit the file /etc/postfix/main.cf and remove the # in front of the line below header_checks = regexp:/etc/postfix/header_checks

2. Edit the file /etc/postfix/header_checks and add the line below to the bottom of the file /^Received:/ HOLD

This will now place all incoming mail into the holding area until released by MailScanner.

3. MailScanner should now be the one to start the Postfix service. Stop the Postfix service and start the Clamd and MailScanner service in that order. Use the commands below to accomplish these. chkconfig postfix offchkconfig clamd onchkconfig MailScanner onservice clamd startservice MailScanner start

4. Test if Postfix is still working. See Test Postfix using Telnet.

If you encounter any problems, check the log file at /var/log/maillog.

Congratulations

Congratulations, your mails are now checked for spam and viruses. Each mail you send or receive will now contain the lines below to indicate that MailScanner is doing its job.

This message has been scanned for viruses anddangerous content by MailScanner, and isbelieved to be clean.

The English language message templates used in MailScanner is stored in /etc/MailScanner/reports/en and can even be configured to add a disclaimer message to outgoing mails.

Active Directory/LDAP Virtual Users for RHEL/CentOS 5/6

This guide will show you how to integrate Active Directory/LDAP into Postfix and Dovecot. In this page, you will learn how to enable Postfix to lookup email addresses in LDAP and how to enable Dovecot to authenticate to an LDAP server.

And here’s a sample OpenLDAP layout. See OpenLDAP Setup Howto for a guide in setting up OpenLDAP. Or better yet, use the 389 Directory Server.

I used JXplorer to browse the LDAP servers, you’ll need the Java Runtime Environment to use it.

We will be using the following attributes

samaccountname or uid – User Name for Active Directory or OpenLDAP respectively. mail – Email Address. For Active Directory users, you need to fill-up the E-mail field of

the User. othermailbox – For Active Directory only. We will use this field to store email aliases.

Use ADSI Edit to update this field.

Create the Virtual Mail User Account

Since the Active Directory/OpenLDAP user names are not part of the Linux system, we will have to create a user that will be the owner for all the files belonging to the LDAP user names.

1. Create a new user, we will call it vmail. Change the Login Shell to /sbin/nologin, this user account should not be used for logging in. Learn how to use the User Manager application here.

2. Take note of the User ID and Home Directory of vmail.

3. Click the Groups tab and now note down the Group ID of vmail. We’ll be needing all of them later.

Postfix Active Directory/LDAP Integration

1. Create the file /etc/postfix/ldap-users.cf containing the lines belowserver_host = your ldap serversearch_base = your search baseversion = 3query_filter = (&(objectclass=person)(mail=%s))result_attribute = samaccountnameresult_format = %s/Maildir/

If you are connecting to an Active Directory server and would like to have email alias capability, change the query filter to (&(objectclass=person)(|(mail=%s)(othermailbox=%s))) to include the othermailbox field in the search.

Change samaccountname to uid if you will be connecting to an OpenLDAP server. If your server requires authentication, add the lines below

bind = yesbind_dn = cn=mailuser,dc=acme,dc=localbind_pw = password

Replace the value of bind_dn and bind_pw with a valid user account and password respectively. If you will be connecting to an Active Directory server, bind_dn can also be

bind_dn = acme\mailuser

or

bind_dn = [email protected]

2. Test your postfix configuration file by typing in the commandpostmap -q [email protected] ldap:/etc/postfix/ldap-users.cf

in a terminal window. Replace [email protected] with a valid email address from your server. It should return the path to a mailbox file.

If you are querying a Windows 2003 Server and postmap does not seem to work, try enabling the Windows 2003 Active Directory anonymous ldap operations.

3. Edit the postfix configuration file /etc/postfix/main.cf and edit the line belowmydestination = $myhostname, localhost.$mydomain, localhost

and add the lines below

virtual_mailbox_domains = $mydomainvirtual_mailbox_base = /home/vmail/virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cfvirtual_uid_maps = static:501virtual_gid_maps = static:501

virtual_mailbox_base, virtual_uid_maps and virtual_gid_maps should contain the home directory, user id and group id of vmail respectively.

Make sure $mydomain in mydestination has been removed, otherwise the lookup will not work and you will get a “User unknown in local recipient table” error.

4. Restart the Postfix or MailScanner service if you have installed it. Learn how to start and stop services here.

5. You should now be able to send email to addresses found in your LDAP server. See Test Postfix using Telnet and try using LDAP email addresses instead of the system user names.

Dovecot Active Directory/LDAP Integration

If you will be connecting to an Active Directory server, use Active Directory and Dovecot PAM Authentication which uses Kerberos authentication instead. The Kerberos authentication method is more reliable since it doesn’t require a persistent connection and you can gain fail-over capabilities if you have multiple Active Directory servers.

1. Create a file containing the lines below using the filename specified below. RHEL/CentOS Version Filename5 /etc/dovecot-ldap.conf6 /etc/dovecot/dovecot-ldap.confhosts = your ldap serverbase = your search baseldap_version = 3auth_bind = yes

Depending on the LDAP server and the layout you are going query, you have 3 ways to enable Dovecot to authenticate to your LDAP server.

Option 1: Active DirectoryReplace acme with your own domain name. Works only with Microsoft’s Active Directory.

auth_bind_userdn = acme\%u

Option 2: Distinguished Name TemplateChange the sample value to one that is appropriate for your layout.

auth_bind_userdn = uid=%u,ou=people,dc=acme,dc=local

Option 3: Search FilterThis should work with any layout but requires an additional search operation to find the correct distinguished name. Change the sample value to one that is appropriate for your layout.

pass_filter = (&(objectclass=person)(uid=%u))

2. For RHEL/CentOS 5, edit the file /etc/dovecot.conf and change the value of the following keys below auth_username_format = %Lu

passdb ldap { args = /etc/dovecot-ldap.conf}

userdb static { args = uid=501 gid=501 home=/home/vmail/%u}

For RHEL/CentOS 6, edit the file /etc/dovecot/conf.d/10-auth.conf and add the lines below auth_username_format = %Lu

passdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf}

userdb { driver = static args = uid=501 gid=501 home=/home/vmail/%u}

uid, gid and home should contain the user id, group id and home directory respectively of the vmail user account.

Comment out all the other passdb and userdb sections or include lines except for those specified above to ensure that nothing will conflict with our LDAP virtual accounts.

3. Restart the dovecot service. Learn how to start and stop services here.

4. You should now be able to login using the user names found in your LDAP server. See Test Dovecot using Telnet and try using LDAP user names instead of the system user names.

Postfix Active Directory Mailing List

Active Directory has a type of grouping called Distribution group used solely as an email distribution list. This page will show you how to use the distribution group as a mailing list for Postfix. But first, you need to upgrade Postfix to version 2.4 or higher. Download

This is what an Active Directory distribution group looks like.

And these are the group members.

And this is how it is stored in LDAP.

We will be using the following attributes

mail – Email Address member – Distinguished Name of the group members

How to setup

1. Create the file /etc/postfix/ldap-groups.cf containing the following lines below.server_host = your domain controllersearch_base = your search baseversion = 3query_filter = (&(objectclass=group)(mail=%s))leaf_result_attribute = mailspecial_result_attribute = memberbind = yesbind_dn = user namebind_pw = password

leaf_result_attribute is available only in Postfix 2.4 and above which is why we really need to upgrade.

2. Test your postfix configuration file by typing in the command below in a terminal window.postmap -q [email protected] ldap:/etc/postfix/ldap-groups.cf

Replace [email protected] with your own valid group email. You should see the email addresses of the members.

If you are querying a Windows 2003 Server and postmap does not seem to work, try enabling the Windows 2003 Active Directory anonymous ldap operations.

3. Edit the file /etc/postfix/main.cf and add the line below.virtual_alias_maps = ldap:/etc/postfix/ldap-groups.cf

4. Restart Postfix or MailScanner (depends if you installed MailScanner).

That’s it. You should now be able to send email to your distribution group.

Customize SquirrelMail Login Page

The SquirrelMail login page, shown on the left, can easily be changed to suit your needs. This article describes how to customize the SquirrelMail login page.

Configuring SquirrelMail

1. From a Terminal window, type in /usr/share/squirrelmail/config/conf.pl and press Enter. This will launch the SquirrelMail Configuration utility.

If your Terminal window has a white background, make sure that the colors are off by looking for the command Turn color on. If the command is Turn color off, type in C and press Enter to turn the colors off. This will ensure that you will be able to read all of the text.

2. Type in 1 and press Enter to select the Organization Preferences menu.

3. Update the options to suit your needs. For the logo, put it into the /usr/share/squirrelmail/images/ directory. Save your changes when you are done.

4. Try out the result.

Securing SquirrelMail using SSL

Secure Sockets Layer (SSL) enables the HTTP protocol to be secured. This page will show you how to configure SSL in Apache and SquirrelMail.

Configuring Apache for SSL

1. Generate a certificate using the genkey tool.

2. Edit the file /etc/httpd/conf.d/ssl.conf and edit the lines below.DocumentRoot /usr/share/squirrelmailServerName mail.acme.local:443SSLCertificateFile /etc/pki/tls/certs/mail.acme.local.certSSLCertificateKeyFile /etc/pki/tls/private/mail.acme.local.key

Replace mail.acme.local with your server name.

If you are using Red Hat Enterprise Linux 6 or CentOS 6, the generated certificate file will have a .crt extension instead of .cert.

If you are not using Red Hat Enterprise Linux or CentOS, make sure the lines below are present. LoadModule ssl_module modules/mod_ssl.soListen 443

3. Restart the httpd service. Learn how to restart services here.

4. Try accessing SquirrelMail using https instead of http.

You can force browsers to always use the SSL version. See Relocating SquirrelMail into the domain root.

SquirrelMail Change Password Howto

If you are using Linux system accounts as your mail accounts, you can install the change_passwd plugin to enable SquirrelMail to provide a password change utility using the background service poppassd to reliably and securely change a user’s password.

Install the SquirrelMail Change Password Plugin

1. Install the Poppassd service.

Poppassd should be installed on the same server where dovecot is installed. And if it is not on the same server as SquirrelMail, then open the poppassd port 106.

2. Connect to your SquirrelMail server and note down its version.

3. Download the Change Passwd 4.2f and Compatibility 2.0.x plugins.

4. Extract the downloaded files and put them into the /usr/share/squirrelmail/plugins directory.

The SquirrelMail Change Password and Compatibility archives has to be extracted directly into the SquirrelMail plugin directory to enable Linux to apply the proper SELinux Context into the files. See the SquirrelMail RetrieveUserData plugin if you need help on how to do it.

5. From a Terminal window, type in /usr/share/squirrelmail/config/conf.pl and press Enter. This will launch the SquirrelMail Configuration utility.

If your Terminal window has a white background, make sure that the colors are off by looking for the command Turn color on. If the command is Turn color off, type in C and press Enter to turn the colors off. This will ensure that you will be able to read all of the text.

6. Type in 8 and press Enter to list the Plugins submenu.

7. Install the change_passwd plugin by typing in the number corresponding to it and press Enter. When you are done, type in q and press Enter to quit then type in y and press Enter to save your changes.

8. If your version of SquirrelMail is not 1.4.13 and higher or 1.5.1 and higher, you need to patch your SquirrelMail source. Go to /usr/share/squirrelmail/plugins/compatibility and apply the compatibility patch by typing in the commands below. cd /usr/share/squirrelmail/plugins/compatibility/patch -p0 < patches/compatibility_patch-1.4.8.diff

Replace 1.4.8 with your SquirrelMail version.

9. In the /usr/share/squirrelmail/plugins/change_passwd directory, copy the file config.php.sample and save it as config.php. Edit config.php and review the default settings.

Below are settings in config.php you may wish to change

$minimumPasswordLength - Minimum length of the password. $changePasswdInLogin - Change password from the login form.

Test the SquirrelMail Change Password

1. Login to SquirrelMail and go to the Options page. You should see the new Change Password section.

2. Click the Change Password link to view the new Change Password page.

SquirrelMail Active Directory/LDAP Addressbook Howto

This guide will show you how to integrate Active Directory/LDAP into the SquirrelMail addressbook. In this article, you will learn how to configure SquirrelMail to activate the Javascript addressbook and to include your Active Directory or LDAP server into the addressbook lookup list.

This is what a typical Active Directory layout looks like.

And here’s a sample OpenLDAP layout. See OpenLDAP Setup Howto for a guide in setting up OpenLDAP.

I used JXplorer to browse the LDAP servers, you’ll need the Java Runtime Environment to use it.

SquirrelMail will be using the following attributes

cn – Common Name mail – Email Address

Configure the SquirrelMail Addressbook

We will be using the Perl based SquirrelMail configuration utility to configure the addressbook.

1. Launch the Terminal application.

2. In the Terminal window, type in /usr/share/squirrelmail/config/conf.pl and press Enter. This will launch the SquirrelMail Configuration utility.

If your Terminal window has a white background, make sure that the colors are off by looking for the command Turn color on. If the command is Turn color off, type in C and press Enter to turn the colors off. This will ensure that you will be able to read all of the text.

3. Type in 6 and press Enter to list the Address Books submenu.

4. Select the Javascript address book as the default by typing in 2 and press Enter then type in y and press Enter.

5. Add your Active Directory/LDAP server by typing in 1 and press Enter then type in + and press Enter. You will now be asked a series of questions regarding your Active Directory/LDAP server configuration, see the sample session below.First, we need to have the hostname or the IP address wherethis LDAP server resides. Example: ldap.bigfoot.comhostname: server

Next, we need the server root (base dn). For this, an emptystring is allowed.Example: ou=member_directory,o=netcenter.combase: dc=acme,dc=local

This is the TCP/IP port number for the LDAP server. Defaultport is 389. This is optional. Press ENTER for default.port:

This is the charset for the server. Default is utf-8. Thisis also optional. Press ENTER for default.charset:

This is the name for the server, used to tag the results ofthe search. Default it "LDAP: hostname". Press ENTER for defaultname:

You can specify the maximum number of rows in the search result.Default is unlimited. Press ENTER for default.maxrows:

If your LDAP server does not like anonymous logins, you can specify...Default is none, anonymous bind. Press ENTER for default.binddn: cn=mailuser,dc=acme,dc=local

If you are connecting to an Active Directory server, binddn can also be in the form of acme\mailuser or [email protected]

Now, please specify password for that DN.bindpw: password

You can specify bind protocol version here.Default protocol version depends on your php ldap settings.Press ENTER for default.protocol: 3

[ldap] command (?=help) > d

You should now be back at the Address Books sub menu, type in q and press Enter to quit and type in y and press Enter to save your changes.

Test the SquirrelMail Addressbook

1. Login to SquirrelMail and compose a new mail.

2. Click the Addresses button (not the Addresses link). This will launch the SquirrelMail Addressbook window. Click the List all button, you should now see your Active Directory/LDAP email addresses.

If you are querying a Windows 2003 Server and you are encountering an Operations error message, try enabling the Windows 2003 Active Directory anonymous ldap operations.

Postfix Aliases and Mailing List

You can create a text file in Postfix containing an alias email and several destination emails. There are two ways to implement aliasing and mailing list in Postfix depending on how it is configured.

For System Accounts

Your Postfix is configured to use system accounts if your configuration file has something like

mydestination = $mydomainor sending to a non-existent account gives the error message

Recipient address rejected: User unknown in local recipient table

1. Edit the file /etc/aliases. The file has the form

alias: address1,address2If address has the same domain as yours, you can leave it out. Thus you can use the /etc/aliases file to alias an email address or to build a mailing list.

2. Type in the command newaliases in a terminal window. This will rebuild the aliases database file.

For Virtual Accounts

Your Postfix is configured to use virtual accounts if your configuration file has something like

virtual_mailbox_domains = $mydomainor sending to a non-existent account gives the error message

Recipient address rejected: User unknown in virtual mailbox table

1. Edit the file /etc/aliases. The file has the form

alias address1,address2

2. Generate the database file for valias using the command

postmap /etc/postfix/valias

3. Test your database file using the command

postmap -q [email protected] /etc/postfix/valiasReplace [email protected] with a valid alias entry. You should see the destination emails.

4. Edit the file /etc/postfix/main.cf and add the line below to your virtual settings section

virtual_alias_maps = hash:/etc/postfix/valias

If you are using virtual accounts, instead of maintaining a text file containing the aliases and mailing list, it would be better if you can work with your virtual accounts source. See the links below for examples

Active Directory MySQL

To Test Postfix

1. Restart the Postfix service. But if you installed MailScanner, then restart MailScanner instead. This will immediately reload the aliases database file instead of after a few minutes.

2. You should now be able to send email to addresses found in your aliases file. See Test Postfix using Telnet and try using the alias email addresses.

Postfix Vacation Autoresponder

This article describes how to configure a vacation autoresponder in Postfix mail server so email senders can be informed when the recipient is not available.

Installing the Vacation Perl Script

1. Install Postfix Admin. We are not going to actually use Postfix Admin, we are just going to leverage its excellent vacation message infrastructure. You can skip this part if you are actually using Postfix Admin to manage your Postfix mail server.

2. Add the EPEL repository. The EPEL repository is needed to install the required modules for the vacation.pl script.

3. Type in the command below to install the required Perl modules.

yum install perl-MIME-EncWords perl-MIME-Charset perl-Email-Valid perl-Mail-Sendmail

4. Create a new user named vacation. Change the Login Shell to /sbin/nologin, this user account should not be used for logging in. Learn how to use the User Manager application here.

5. Type in the commands below to copy vacation.pl to the vacation user home directory.

cd /home/vacationwget www.linuxmail.info/files/vacation.plchown vacation:vacation vacation.plchmod 700 vacation.plchcon -t postfix_pipe_exec_t vacation.pl

6. Type in the command below to test vacation.pl. No error should appear.

./vacation.pl

Configuring Postfix

1. Install a version of Postfix with MySQL support. The Postfix in RHEL/CentOS 6 already includes MySQL support.

2. If you are using RHEL/CentOS 6, configure SELinux using the commands below. Here’s the content of postfixmysql.te

wget linuxmail.info/files/rhel6/postfixmysql.techeckmodule -M -m -o postfixmysql.mod postfixmysql.tesemodule_package -o postfixmysql.pp -m postfixmysql.modsemodule -i postfixmysql.pp

3. Edit the file /etc/postfix/transport and add the line below.

vacation.invalid vacation:Next, type in the command below to convert it to a database file.

postmap /etc/postfix/transport

4. Edit the file /etc/postfix/master.cf and add the line below.

vacation unix - n n - - pipe flags=Rq user=vacation argv=/home/vacation/vacation.pl ${recipient} ${original_recipient}

${original_recipient} requires at least Postfix 2.5 (RHEL/CentOS 6 includes Postfix 2.6) but you can remove it if you prefer not to upgrade. It enables vacation.pl to work with aliases like in the example below.

Email(original recipient)

Forwards to(recipient)

[email protected] [email protected]

[email protected] [email protected]

5. Edit the file /etc/postfix/main.cf and add the lines below.

transport_maps = hash:/etc/postfix/transportvacation_destination_recipient_limit = 1If you are not using PostfixAdmin to manage your domains and user accounts, add the line below.

recipient_bcc_maps = mysql:/etc/postfix/mysql-vacation.cf

The file /etc/postfix/mysql-vacation.cf should contain the lines below.

host = localhostuser = postfixpassword = your_passworddbname = postfixtable = vacationselect_field = emailwhere_field = emailadditional_conditions = and active = '1'result_format = %u#%[email protected]

user, password, dbname should match your PostfixAdmin settings.

6. Restart the Postfix or MailScanner service if you have installed it. Learn how to start and stop services here.

7. Send an email to [email protected]. You should get an automated reply.

Configuring the Vacation Perl Script

1. Create the file /etc/postfix/vacation.conf containing the lines below.

$db_username = 'postfix';$db_password = 'secret';$db_name = 'postfix';$test_mode = 0;1;

$db_username, $db_password, $db_name should match your PostfixAdmin settings.

2. Install the SquirrelMail Postfix Admin Plugin and set a vacation message and to a user.

3. Verify your vacation setting by typing the command below.

postmap -q [email protected] mysql:/etc/postfix/mysql-vacation.cfor if you are using PostfixAdmin

postmap -q [email protected] mysql:/etc/postfix/mysql-aliases.cfReplace [email protected] with the email address where you have configured a vacation message. For PostfixAdmin users, replace mysql-aliases.cf with your own aliases map file. The output should contain an email address for the vacation.invalid domain.

4. Send an email to the user with a vacation message. You should receive an automatic reply.

Postfix Quota

Postfix does not support mailbox quota. But thanks to Anderson Nadal’s Postfix Virtual Delivery Agent (VDA) patches, it can. To use the Postfix VDA requires two things, first Postfix must be built with the VDA patches and second, virtual user accounts must be used. You can get the Postfix RPM with VDA patches here.

Configure Postfix VDA

1. Edit the postfix configuration file /etc/postfix/main.cf and add the lines below

virtual_mailbox_limit_override = yesvirtual_overquota_bounce = yesvirtual_mailbox_limit_maps = hash:/etc/postfix/vquota

2. Create the file /etc/postfix/vquota containing the mapping from an email address to the maximum mailbox quota in bytes. If you wish to be exact, 1KB equals 1024 bytes while 1MB equals 1024KB or 1048576 bytes.

[email protected] [email protected] 2097152

John Doe got a 10MB quota while Jane Doe got 2MB.

After creating this file, execute postmap /etc/postfix/vquota. This will generate /etc/postfix/vquota.db, the actual file that will be used for the lookup.

If you use Active Directory as your Postfix virtual user accounts source, you can use the maxStorage attribute instead to store the quota. Just copy your ldap-users.cf configuration and save it as ldap-quota.cf. Next change samaccountname to maxstorage in the result_attribute line and remove the result_format line. In your main.cf, use ldap:/etc/postfix/ldap-quota.cf as your virtual_mailbox_limit_maps. In Windows, you can use ADSI Edit to access and modify the value of maxStorage.

3. Restart the Postfix or MailScanner service if you have installed MailScanner. Learn how to start and stop services here.

4. Test Postfix using Telnet. Try using a very small quota limit so you can test the quota feature.

Webmin is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. This article will show you how to install Webmin.

1. Go to www.webmin.com and download the Webmin RPM package.

2. Double click the downloaded file to install Webmin.

3. After installing Webmin, configure the firewall to allow traffic on the TCP port 10000. Learn how to configure the firewall.

4. Start the httpd service. Learn how to start and stop services here.

5. From a web browser, connect to https://localhost:10000 and login using root.

6. That’s it. It’s working.