Community Home

Installation and configuration HowTo of Cyrus-IMAP/Postfix/amavis/spamassassin on SuSE 9.1 pro



Designed by Stephan Schulz
Version:1.1From Juri et Timon
21/07/2005







Installation of necessary packages| sysconfig| main.cf| master.conf| lmtp| aliases| canonical.db| access.db| virtual.db| postmap| amavisd.conf| Start Postfix| Check Postfix| amavis| spamassassin local.cf| Configure IMAP| saslauthd| Test IMAP| Create mail-boxes| Smartsieve| shared folder's| For OX | Finish your work |
Note:
This is an example installation. I do not take responsibility and no adhesion in relation to the instructions printed here! I do not tidy up also your dwelling if the server exploded...EVERYTHING ON OWN DANGER AND WITHOUT GUARANTEE!
This howto describes an installation by cyrus-IMAP / Postfix / amavis / spamassassin on SuSE 9.1.
As example a server with the IP: 192.168.1.1 and the example-Domain example.com. The config-files are from our Linux-Test-box...You must change the values for the IP and the mail-domain to your own enviroments!This HowTo describe the feature of an internal IMAP.
The authentification for user over LDAP will not here described!And there is no fine-tunning for the mail-server... Follow the mini-HowTo step by step...than the email 'things' will work for You.

You have to configure amavis-new before You start postfix!!


And You must have a antiVirus-tool with working licence-file!

Postfix is here working in a 'chroot-jail'!
The installation steps must be implemented as root!

There are further assistance in Postfix and the mailinglists for cyrus:Cyrus Mailinglists
Have a lot of fun with your Mail-System :-)

READ THE PART 'RELAYHOST' IN THE main.cf VERY CAREFUL,BECAUSE IS AGAINST SPAMMER'S...(they have no brain...)OR YOU FIND YOUR MAIL-SERVER AT SPAM-COP!!That's not really funny..


Installation of necessary packages:
postfix
amavis-new
spamassassin

cyrus-imapd
cyrus-sasl
cyrus-sasl-devel
perl-cyrus-IMAP
imap-lib
perl-Cyrus_SIEVE-managesieve

fetchmail
db-Berkeley-DB 4.2.52-85!! DON'T USE IT FROM SuSE-DVD..!!!
db-utils


antivir H+BEDV  You can download it here:AntiVir  This tool is not free,only for personal use!!
Bitdefender  You can download it here:Bitdefender :-)  This tool is not free,only for personal use!!You need no license for private use ;-))

After installation of these packages,update with YAST!Check out that You do not update the Berkeley-DB,because the SuSE packages does not work for You!
To the start of page

Edit sysconfig:These are IMPORTANT step's!
There are two files,You have to edited:
These files are in /etc/sysconfig/
mail:
If you don't want to let SuSEconfig generate your configuration file, set this to 'no'

MAIL_CREATE_CONFIG="no"

postfix:

Start postfix services chrooted, that are able to run chrooted?
Note: if you want SuSEconfig to maintain the chroot jail, you
also have to set POSTFIX_UPDATE_CHROOT_JAIL to yes

POSTFIX_CHROOT="yes"

Set this to 'yes', if SuSEconfig should setup the chroot jail itself

POSTFIX_UPDATE_CHROOT_JAIL="yes"
------------------------------------------------------------------------------------------
lmtp-transport:
It is important to set the right lmtp-path in:
The LMTP client processes message delivery requests from
the queue manager. Each request specifies a queue file,a
sender address, a domain or host to deliver to, and recipient information.
main.cf:
# DELIVERY TO MAILBOX:
mailbox_transport = lmtp:unix:public/lmtp

cyrus.conf:
lmtpunix cmd="lmtpd" listen="/var/spool/postfix/public/lmtp" prefork=1

imap.conf:
lmtpsocket: /var/spool/postfix/public/lmtp

------------------------------------------------------------------------------------------
aliases:
Access to root-mail's:
The file 'aliases'
root:	[Your admin-user]@example.com
# Basic system aliases that MUST be present.
postmaster:	root
mailer-daemon:	postmaster
# amavis
virusalert:	root
spam: postmaster

canonical:
The optional canonical table specifies an address mapping for local and non-local addresses.
This means the email-address will changed:
e.g.:@tux.local @example.com

access:
The optional access table directs the Postfix SMTP
server to selectively reject or accept mail. Access can be
allowed or denied for specific host names, domain names,
networks, host addresses or mail addresses.
@masterbatesknows.com REJECT
All mail's from this address will be blocked...SPAMMERS don't like this ;-)

virtual:
The optional virtual alias table rewrites recipient
addresses for all local, all virtual,and all remote mail
destinations.

The command postmap:
The postmap command creates or queries one or more
Postfix lookup tables, or updates an existing one.
You need this command after You changed your edited values from the file into the db e.g. 'access.db'
tux# postmap /etc/postfix/access
You must do this command,when You edited the following files:
    access
    canonical
    sasl_passwd
    sender_canonical
    transport
    virtual
If You have another email-server and You want to 'fetch' the mails,You must have a fetchmailrc in /etc/:
#Configuration created Tue Jun 21 11:35:06 2005 by fetchmailconf
set postmaster "postmaster"
set bouncemail
set no spambounce
set properties ""
poll [IP from your external email-server] with proto POP3
     user 'user1' there with password 'passwd1' is 'the local user1 at the system' here options stripcr
     
poll [IP from your external email-server] with proto POP3
     user 'user2' there with password 'passwd2' is 'the local user2 at the system' here options stripcr
     
an so on...
If You want to repeat fetch the mails for a user:
poll [IP from your external email-server] with proto POP3
     user 'user2:v=1' there with password 'passwd2' is 'the local user2 at the system' here options stripcr
------------------------------------------------------------------------------------------
Now You can edit the main.cf and master.cf:

main.cf:
# LOCAL PATHNAME INFORMATION:
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix

# QUEUE AND PROCESS OWNERSHIP:
mail_owner = postfix
default_privs = nobody

# INTERNET HOST AND DOMAIN NAMES
myhostname = mail.example.com


# SENDING MAIL:
myorigin = $myhostname

# RECEIVING MAIL:
inet_interfaces = all

# TRUST AND RELAY CONTROL:And your network-range
mynetworks = 192.168.1.0/24,127.0.0.0/8

# RECEIVING MAIL
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
# DELIVERY TO MAILBOX:
mail_spool_directory = /var/spool/imap/$user
mailbox_command = /usr/lib/cyrus/bin/deliver
mailbox_transport = lmtp:unix:public/lmtp

# SHOW SOFTWARE VERSION OR NOT:
smtpd_banner = $myhostname ESMTP

# DEBUGGING CONTROL:
debug_peer_level = 2
debugger_command =
     PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
     xxgdb $daemon_directory/$process_name $process_id & sleep 5

To the start of page

# INSTALL-TIME CONFIGURATION INFORMATION:
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
canonical_maps = hash:/etc/postfix/canonical
recipient_canonical_maps = hash:/etc/postfix/canonical
virtual_maps = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
local_recpient_maps =
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
program_directory = /usr/lib/postfix
disable_dns_lookups = yes
content_filter = smtp-amavis:[127.0.0.1]:10024
smtpd_helo_required = no
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
smtp_sasl_auth_enable = yes
smtpd_sasl_auth_enable = yes
smtpd_use_tls = no
smtp_use_tls = no
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 10240000
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
html_directory = /usr/share/doc/packages/postfix/html
unknown_local_recipient_reject_code = 450


To the start of page



---------------------------------------------------------------------------------------------------

master.cf:
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       2    smtpd -o content_filter=smtp:[localhost]:10024
127.0.0.1:10025 inet    n   -   n       -       -    smtpd -o content_filter=
                                                           -o myhostname=localhost.example.com
                                                           -o localhost_recipient_maps=
                                                           -o relay_recipient_maps=
                                                           -o smtpd_restriction_classes=
                                                           -o smtpd_client_restrictions=
                                                           -o smtpd_helo_restrictions=
                                                           -o smtpd_sender_restrictions=
                                                           -o smtpd_recipient_restrictions=permit_mynetworks,reject
                                                           -o mynetworks=127.0.0.0/8
                                                           -o strict_rfc821_enevlopes=yes

pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
smtp-amavis unix -       -       n       -      2       smtp
 -o lmtp_data_done_timeout=1800
 -o lmtp_send_xforward_command=yes
 -o disable_dns_lookups=yes

 maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus     unix  -   n   n   -   -   pipe
  flags= user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp      unix  -   n   n   -   -   pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
vscan     unix  -       n       n       -       10       pipe
  user=vscan argv=/usr/sbin/amavis ${sender} ${recipient}
procmail  unix  -       n       n       -       -       pipe
  flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}




--------------------------------------------------------------------------------------------------
 
amavisd.conf:


ATTENTION! This is not simple!...But funny ;-)

#Sections:
# Section I    - Essential daemon and MTA settings
# Section II   - MTA specific
# Section III  - Logging
# Section IV   - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine
# Section V    - Per-recipient and per-sender handling, whitelisting, etc.
# Section VI   - Resource limits
# Section VII  - External programs, virus scanners, SpamAssassin
# Section VIII - Debugging

#Section I - Essential daemon and MTA settings:
$MYHOME = '/var/spool/amavis';
$mydomain = 'example.com';
$myhostname = 'mail.example.com';  # fqdn of this host, default by uname(3)
$daemon_user = 'vscan';
$daemon_group = 'vscan';
$TEMPBASE = $MYHOME;	        # (must be set if other config vars use is)
$ENV{TMPDIR} = $TEMPBASE;       # wise to set TMPDIR, but not obligatory
$forward_method = 'smtp:127.0.0.1:10025';  # where to forward checked mail
$notify_method = $forward_method;          # where to submit notifications
$max_servers  =  2;   # number of pre-forked children          (default 2)
$max_requests = 10;   # retire a child after that many accepts (default 10)
$child_timeout=5*60;  # abort child if it does not complete each task in n sec
                      # (default: 8*60 seconds)
@local_domains_acl = ( ".$mydomain" );  # $mydomain and its subdomains

#Section II - MTA specific (defaults should be ok):
$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket
$inet_socket_port = 10024;        # accept SMTP on this local TCP port
                                  # (default is undef, i.e. disabled)
@inet_acl = qw( 127.0.0.1 );      # allow SMTP access only from localhost IP
                                  # (default is qw( 127.0.0.1 ) )

To the start of page

# Section III - Logging:
$DO_SYSLOG = 1;                   # (defaults to false)
$LOGFILE = "$MYHOME/amavis.log";  # (defaults to empty, no log)
$log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], #
$log_level = 2;		  # (defaults to 0)
# log both infected and noninfected messages (default):
$log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], #
<%o> -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';

# Section IV - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine:
$final_virus_destiny      = D_DISCARD;  # (defaults to D_BOUNCE)
$final_banned_destiny     = D_BOUNCE;  # (defaults to D_BOUNCE)
$final_spam_destiny = D_DISCARD;
$final_bad_header_destiny = D_PASS;  # (defaults to D_PASS),D_BOUNCE suggested
$warnvirusrecip = 1;	# (defaults to false (undef))
$viruses_that_fake_sender_re = new_RE(
  qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,
  qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,
  qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i,
  qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i,
  qr'@mm|@MM',    # mass mailing viruses as labeled by f-prot and uvscan
  qr'Worm'i,      # worms as labeled by ClamAV, Kaspersky, etc
  [qr'^(EICAR|Joke\.|Junk\.)'i         => 0],
  [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i  => 0],
  [qr/.*/ => 1],  # true by default  (remove or comment-out if undesired)
);
$virus_admin = "virusalert\@$mydomain";
$mailfrom_notify_admin     = "virusalert\@$mydomain";
$mailfrom_notify_recip     = "virusalert\@$mydomain";
$mailfrom_notify_spamadmin = "spam.police\@$mydomain";
$mailfrom_to_quarantine = '';   # override sender address with null return path
$QUARANTINEDIR = '/var/spool/amavis/virusmails';

$virus_quarantine_to  = 'virus-quarantine';    # traditional local quarantine

#$spam_quarantine_to = undef;
$spam_quarantine_to = "spam-quarantine\@$mydomain";
$X_HEADER_TAG = 'X-Virus-Scanned';	# (default: undef)
$X_HEADER_LINE = "by amavisd-new at $mydomain";
$undecipherable_subject_tag = '***UNCHECKED*** ';  # undef disables it
$remove_existing_x_scanned_headers= 1; # remove existing headers
					# (defaults to false)
$remove_existing_spam_headers  = 1;     # remove existing spam headers if
					# spam scanning is enabled (default)
$banned_filename_re = new_RE(
#  qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components
   qr'\.[^.]*\.(exe|vbs|pif|scr|bat|cmd|com|dll)$'i, # double extension
#  qr'.\.(exe|vbs|pif|scr|bat|cmd|com)$'i,           # banned extension - basic
#  qr'.\.(ade|adp|bas|bat|chm|cmd|com|cpl|crt|exe|hlp|hta|inf|ins|isp|js|
#         jse|lnk|mdb|mde|msc|msi|msp|mst|pcd|pif|reg|scr|sct|shs|shb|vb|
#         vbe|vbs|wsc|wsf|wsh)$'ix,                  # banned extension - long
#  qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab.
#  qr'^\.(zip|lha|tnef|cab)$'i,                      # banned file(1) types
   qr'^\.exe$'i,                                     # banned file(1) types
   qr'^application/x-msdownload$'i,                  # banned MIME types
   qr'^application/x-msdos-program$'i,
#  qr'^message/partial$'i, qr'^message/external-body$'i, # block rfc2046
);

# Section V - Per-recipient and per-sender handling, whitelisting, etc.:
$sql_select_white_black_list = undef;  # undef disables SQL white/blacklisting
$recipient_delimiter = '+';		# (default is '+')
$localpart_is_case_sensitive = 0;	# (default is false)
$blacklist_sender_re = new_RE(
    qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i,
    qr'^(investments|lose_weight_today|market.alert|money2you|MyGreenCard)@'i,
    qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@'i,
    qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i,
    qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i,
    qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
);

To the start of page

map { $whitelist_sender{lc($_)}=1 } (qw(
  nobody@cert.org
  owner-alert@iss.net
  slashdot@slashdot.org
  bugtraq@securityfocus.com
  NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
  security-alerts@linuxsecurity.com
  amavis-user-admin@lists.sourceforge.net
  notification-return@lists.sophos.com
  mailman-announce-admin@python.org
  owner-postfix-users@postfix.org
  owner-postfix-announce@postfix.org
  owner-sendmail-announce@Lists.Sendmail.ORG
  owner-technews@postel.ACM.ORG
  lvs-users-admin@LinuxVirtualServer.org
  ietf-123-owner@loki.ietf.org
  cvs-commits-list-admin@gnome.org
  rt-users-admin@lists.fsck.com
  clp-request@comp.nus.edu.sg
  surveys-errors@lists.nua.ie
  emailNews@genomeweb.com
  owner-textbreakingnews@CNNIMAIL12.CNN.COM
  yahoo-dev-null@yahoo-inc.com
  returns.groups.yahoo.com
));



To the start of page

# Section VI - Resource limits:
# Maximum recursion level for extraction/decoding (0 or undef disables limit)
$MAXLEVELS = 14;		# (default is undef, no limit)
$MAXFILES = 1500;		# (default is undef, no limit)
$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)
$MIN_EXPANSION_FACTOR =   5;  # times original mail size  (must be specified)
$MAX_EXPANSION_FACTOR = 500;  # times original mail size  (must be specified)

$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$file   = 'file';   # file(1) utility; use 3.41 or later to avoid vulnerability

$gzip   = 'gzip';
$bzip2  = 'bzip2';
$lzop   = 'lzop';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze   = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc        = ['nomarch', 'arc'];
$unarj      = ['arj', 'unarj'];  # both can extract, arj is recommended
$unrar      = ['rar', 'unrar'];  # both can extract, same options
$zoo    = 'zoo';
$lha    = 'lha';
$cpio   = ['gcpio','cpio']; # gcpio is a GNU cpio on OpenBSD, which supports
                            # the options needed; the rest of us use cpio

# SpamAssassin settings:
$sa_local_tests_only = 1;   # (default: false)
$sa_timeout = 30;           # timeout in seconds for a call to SpamAssassin
			                      # (default is 30 seconds, undef disables it)
$sa_mail_body_size_limit = 150*1024; # don't waste time on SA if mail is larger
			                      # (less than 1% of spam is > 64k)
			                      # default: undef, no limitations

$sa_tag_level_deflt  = 1.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 3.0;
$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions
			                      # at or above that level: bounce/reject/drop,
			                      # quarantine, and adding mail address extension

$sa_dsn_cutoff_level = 10;  # spam level beyond which a DSN is not sent,
                            # effectively turning D_BOUNCE into D_DISCARD;
                            # undef disables this feature and is a default;
# string to prepend to Subject header field when message exceeds tag2 level
$sa_spam_subject_tag = '***SPAM*** ';	# (defaults to undef, disabled)
			                      # (only seen when spam is not to be rejected
			                      # and recipient is in local_domains*)
@av_scanners = (
### http://www.hbedv.com/ or http://www.centralcommand.com/
  #['H+BEDV AntiVir or CentralCommand Vexira Antivirus',
   # ['antivir','vexira'],
    #'--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
    #qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
     #    (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
    # NOTE: if you only have a demo version, remove -z and add 214, as in:
    #  '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,
### http://www.bitdefender.com/
  ['BitDefender', 'bdc',
    '--all --arc --mail {}', qr/^Infected files *:0(?!\d)/,
    qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,
    qr/(?:suspected|infected): (.*)$/ ],

To the start of page

);
@av_scanners_backup = (

  ### http://www.clamav.net/
  ['Clam Antivirus - clamscan', 'clamscan',
    '--stdout --no-summary -r {}', [0], [1],
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

  ### http://www.f-prot.com/
  ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
    '-dumb -archive -packed {}', [0,8], [3,6],
    qr/Infection: (.+)/ ],

  ### http://www.trendmicro.com/
  ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
    '-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],

  ['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'],
    '-i1 -xp {}', [0,10,15], [5,20,21,25],
    qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ ,
    sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
    sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
  ],

# Section VIII - Debugging:
1;  # insure a defined return

------------------------------------------------------------------------------------------

To the start of page


And now You can start postfix:

Execute:
tux# rcpostfix start
Look in /var/log/messages,maybe there are some error's:
Execute:
tux# tail -fn20 /var/log/messages

Postfix running?:

Execute:
tux# ps ax | grep postfix You will see in the console:
3000  ?      Ss      0:00 /usr/lib/postfix/master
3001  ?      S+      0:00 grep postfix


The port 25 is very important,because postfix listen on it:

Execute:
tux# lsof -i :25
You will see following:
COMMAND    PID    USER   FD    TYPE    DEVICE     SIZE    NODE    NAME
master     3000   root   12u   IPv4    5000               TCP     localhost:smtp (listen)
master     3000   root   13u   IPv6    5001               TCP     localhost:smtp (listen)
-----------------------------------------------------------------------------------------
To the start of page
Check the port's with the tool 'nmap':
Execute:
tux# nmap localhost
Starting nmap 3.50 (http://www.insecure.org/nmap/)
Interesting ports on localhost (127.0.0.1)
(The 1643 ports scanned but not shown below are in state: closed)
PORT       STATE     SERVICE
25/tcp     open      smtp
110/tcp    open      pop3
143/tcp    open      imap
-----------------------------------------------------------------------------------------
Check postfix is running on port 25:
tux# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]
220 mail.example.com ESMTP
QUIT
221 Bye
Connection closed by foreign host.
-----------------------------------------------------------------------------------------
You can check now is postfix really working:
Send a test-mail..
tux# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]
220 mail.example.com ESMTP
HELO gecko
250  mail.example.com
Mail from:tux@linux.com
250 OK
RCPT TO:postmaster@example.com
250 OK
DATA
354 End data with.....
SUBJECT:Test-mail
That's is a mail from Billy-Boy
.
250 OK: queued as E1234567
QUIT
221 Bye
Connection closed by foreign host.
------------------------------------------------------------------------------------------
Maybe there is something wrong...
Check the /var/log/mail or with the programm mailq:
tux# mailq
-Queue  ID  --Size-- ----Arrival Time---- -Sender/Recipient-------
D47110815     800        April 25 11:30:09  dollar@ms.com.deferred transport)
                                             tux@example.com
------------------------------------------------------------------------------------------
To the start of page
'Flush' mail's:
tux# postqueue -f
It is important,because when one mail is in the pipe that 'blocked' the other mail's..your mail-pipe does not work!
Can't You 'flush' the mail,You have delete it:
tux# postsuper -d F123456
postsuper: F123456: removed
postsuper: Deleted: 1 message
You can delete all mail's in the queue:
tux# postsuper -d ALL
postsuper: Deleted: 2000000000 messages
But ATTENTION,with this command ALL YOUR MAIL's GO TO THE 'NIRVANA'!!!!
To the start of page

amavis
The AMaVIS-daemon listen on port 10024 for mail's which comes from the postfix-mail-server.
Following procedure will happend here:
depack-virusscan-spam-check.After this when the mail's are 'clean',amavis sent it to port 10025.On this port is your email-server listen
Postfix can now delivery to imap or send the emails.
Look in the master.cf,there is the configuration of the transport way:
smtp      inet  n       -       n       -       2    smtpd -o content_filter=smtp:[localhost]:10024
127.0.0.1:10025 inet    n   -   n       -       -    smtpd -o content_filter=
                                                      .
                                                      .
                                                      .

This values must inside the master.cf,otherwise your mail-server does not work for You!


SpamAssassin:
The config-file (/etc/mail/spamassassin/local.cf) for spamassassin is local.cf.There You can specify details for spamassassin.


Example:


#Add your own customisations to this file. See 'man Mail::SpamAssassin::Conf'
#For details of what can be tweaked
#Welcher Punktestand wird als Spam angesehen?
required_hits 5
#Wie sollen Spam-Berichte in die nachricht eingefuegt werden?
#report_safe 1
#Standartmaessig fuehrt SpamAssassin RBL-Pruefungen durch.
#skip_rbl_checks 1
#rewrite the Subject: line with ****SPAM**** .* if set to 1 (default=1)
rewrite_subject 1
use_bayes 1
auto_learn 1
auto_learn_threshold_nonspam 1
#subject_tag ****SPAM****
#report briefly, recommended for report_header==1 (default=0)
#use_terse_report 1
#report *****Checked by example.com-Spamassassin*****
whitelist_from *@informationweek.**


If You not sure,what You can do with this file,let the default values or try more information with:



tux# perldoc Mail::SpamAssassin::Conf



local.cf:


# Add your own customisations to this file.  See 'man Mail::SpamAssassin::Conf'
# for details of what can be tweaked.
#


# rewrite the Subject: line with ****SPAM**** .* if set to 1 (default=1)
rewrite_subject 0
# report briefly, recommended for report_header==1 (default=0)
use_terse_report 1


Test of amavis:


tux# telnet localhost 10024
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]
220 [127.0.0.1] ESMTP amavis-new service ready



Start amavis-new:


tux# rcamavis start





The funny IMAP-Server:

You need for OX an IMAP Server,because the users can look with the webmail-modul there mail's. :-)

cyrus.conf:


# standard standalone server implementation

To the start of page

START {
  # do not delete this entry!
  recover	cmd="ctl_cyrusdb -r"

  # this is only necessary if using idled for IMAP IDLE
  idled		cmd="idled"
}

# UNIX sockets start with a slash and are put into /var/lib/imap/socket
SERVICES {
  # add or remove based on preferences
  imap		cmd="imapd" listen="imap" prefork=0
#  imaps		cmd="imapd -s" listen="imaps" prefork=0
  pop3		cmd="pop3d" listen="pop3" prefork=0
#  pop3s		cmd="pop3d -s" listen="pop3s" prefork=0
  sieve		cmd="timsieved" listen="sieve" prefork=0

  # at least one LMTP is required for delivery
#  lmtp		cmd="lmtpd" listen="lmtp" prefork=0
  #lmtpunix	cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=0
  lmtpunix	cmd="lmtpd" listen="/var/spool/postfix/public/lmtp" prefork=1 IMPORTANT!!!!

  # this is only necessary if using notifications
#  notify	cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp" prefork=1
}

EVENTS {
  # this is required
  checkpoint	cmd="ctl_cyrusdb -c" period=30

  # this is only necessary if using duplicate delivery suppression
  delprune      cmd="cyr_expire -E 3" at=0400

  # this is only necessary if caching TLS sessions
  tlsprune      cmd="tls_prune" at=0400

  # Uncomment the next entry, if you want to automatically remove
  # old messages of EVERY user.
  # This example calls ipurge every 60 minutes and ipurge will delete
  # ALL messages older then 30 days.
  # enter 'man 8 ipurge' for more details

  # cleanup      cmd="ipurge -d 30 -f" period=60
}

To the start of page
imap.conf:
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
sievedir: /var/lib/sieve
sieveusehomedir:no
admins: cyrus root postfix
allowanonymouslogin: no
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 480
poptimeout: 10
dracinterval: 0
#drachost: localhost
#sasl_pwcheck_method: saslauthd
sasl_pwcheck_method: auxprop
sasl_mech_list: PLAIN LOGIN
lmtp_overquota_perm_failure: no
#lmtpsocket: /var/lib/imap/socket/lmtp
lmtpsocket: /var/spool/postfix/public/lmtp
#
# if you want TLS, you have to generate certificates and keys
#
#tls_cert_file: /usr/ssl/certs/cert.pem
#tls_key_file: /usr/ssl/certs/skey.pem
#tls_ca_file: /usr/ssl/CA/CAcert.pem
#tls_ca_path: /usr/ssl/CA
sharedprefix: shared
Test the IMAP-Server :-): 
tux# telnet localhost imap
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
*OK tux Cyrus IMAP4 v... server ready
. logout
* BYE LOGOUT received
  OK Compled

saslauthd:
Is a daemon process that handles plaintext authentication requests on behalf of the SASL library. The server fulfills two roles: it isolates all code requiring superuser privileges into a single process, and it can be used to provide proxy authentication services to clients that do not understand SASL based authentication. You need the daemon for authentificate the user's to Cyrus-IMAP. Start the daemon:
tux# rcsaslauthd start
Create mail-boxes for the users: First,You must sure that the sasldb2 has following rights:user=cyrus
Than create a password for the user cyrus and the other user's:
tux# saslpasswd2 cyrus
Password:....
Again (for verification):....
tux# saslpasswd2 [other user's]
...
...
Create the mail-boxes: Login as user 'cyrus':
tux# su cyrus
Execute the following command:

tux# cyradm --auth login localhost --user cyrus
IMAP Password:....
             localhost:cm user.[Your new user for Cyrus/IMAP]


Check which mail-boxes has the user:

             localhost:listmailbox
             user.[Your new user for Cyrus/IMAP]


You can set quota's for the user mail-boxes:

              localhost:user.[Your new user for Cyrus/IMAP] 102400
              localhost listquotaroot user.[Your new user for Cyrus/IMAP]
              user.[Your new user for Cyrus/IMAP] STORAGE 5120/102400 (5%)
              exit
Create mailbox for the user spam-quarantine: This is important to put all spam-mail into a mail-box
see:amavisd.conf
#$spam_quarantine_to = undef;
$spam_quarantine_to = "spam-quarantine\@$mydomain";

tux# saslpasswd2 spam-quarantine
Password:....
Again (for verification):...
Create the mail-boxes: Login as user 'cyrus':
tux# su cyrus
Execute the following command:

tux# cyradm --auth login localhost --user cyrus
IMAP Password:....
             localhost:cm user.spam-quarantine


Check which mail-boxes has the user:

             localhost:listmailbox
             user.[Your new user for Cyrus/IMAP]
Create shared folder's:

First,You have to edit /etc/imapd.conf: look in 'man imapd.conf' for more information.
#altnamespace: yes
#userprefix: user
sharedprefix: shared
#unixhierachysep: no
#allowallsubcribe: yes

tux# rccyrus restart
After this:
tux# su cyrus
Execute the following command: 
tux# cyradm --auth login localhost --user cyrus
IMAP Password:....
             localhost:cm shared.public
             localhost:setaclmailbox shared.public [user] read
Check:
             localhost: listaclmailbox shared.public
Give right to user to another mailbox:
tux# su cyrus
Execute the following command: 
tux# cyradm --auth login localhost --user cyrus
IMAP Password:....

             localhost:setaclmailbox user.[mailbox] [to user1] read
Check:
             localhost: listaclmailbox user.[mailbox] [to user1]
Manage your sieve-filter
You can create with smartsieve following rules to put your mails in your mail-box:
#Mail filter rules dor user1
#Generated by user1 using Smatsieve 0.5.2 2005/07/01 08:55:21
require ["fileinto"]

if allof (address :contains ["From"] "linux.d") {
          fileinto "INBOX.Linux";
}
if allof (address :contains ["From"] "gecko.de") {
          fileinto "INBOX.Gecko";
}

------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------


And now You must tell OX which IMAP to use:

./changeuserattr_ox --username=[Your user] --attrib=imapServer --value=imap.example.com

Do not forget this,because than You will not have a PopUp-windows for incoming mail's and no mail's ;-)


After You have all configured,than start all the daemon's ;-):


    rcamavis start


    rcsaslauthd start


    rcpostfix start


    rccyrus start


Check the /var/log/messages for error's.

To the start of page