Implementing Mail Services
Configuring mail services on GNU/Linux servers can sometimes be a daunting task. Not only do you have to know how to configure different services, but you also have to figure out how to get all these services to work together in order to deliver mail.
With this in mind, Suse Linux Enterprise Server includes a Yast Module to handle configuring all of the various services involved with a mail server. However, in order to use this module you must follow certain guidelines when setting up your server. Keeping in mind the old adage that "You can't please everyone all of the time", you need to look at how you must manage your server in order to utilize the Yast Mail Server module.
The first item you must look at is the fact that you must configure the DNS Server on the machine and you must enable LDAP support within the DNS Server. You do not need to have an advanced DNS Server setup to do this (although this is recommended for every site), you simply only need to create a simple zone within the DNS Server for every domain you want to receive mail.
Along these same lines, the next requirement to utilize the Yast Mail Server Module is the fact that you must use an LDAP server to maintain all of the users on your network. This is where you need to make a decision. If your server is simply a stand alone server that you want to configure as a mail server, you may not want to deal with the overhead of maintaining an account on the server for every email user that you setup. For instance, using the Yast Mail Server module may not be the best tool for the job if you are an ISP with thousands of accounts.
However, if you are configuring a main server for your network and want an easy way to allow your users to communicate through email, the Yast Mail Server module may be just what you need. Just keep in mind that this configuration is only utilized for mail. This is not meant to be a "Workgroup Collaboration" solution. If you are looking for something more advanced, you may want to look at Novell's GroupWise Server solution, Open-Xchange Server, or utilize another solution for anything this setup may lack. I have found that this mail solution works extremely well for most deployments, although a few organizations have also utilized other products, such as Google Calender for their scheduling needs.
Configuring the Mail Server
The first step in configuring your server to handle mail is the process of installing the software. Normally I wouldn't cover this obvious process, however in this case you will be presented with an error that will provide to you a few options. So, in order to install the mail server software, open the Yast Software Management module and change the "filter" to Patterns. Now simply select the "Mail and News Server" Primary Function.
You will probably be prompted with an "error" stating that yast-mail conflicts with other resolvables. What this means is that you cannot have the "Yast Mail" module and the "Yast Mail Server" module installed at the same time on the server. To continue to install the mail server software simply check "Delete yast2-mail" and hit "OK - Try Again".
Once all of the software is installed, go ahead and launch the Yast Mail Server module. Upon startup it will check for all of the required software and ensure that LDAP support is available. If you haven't already done so, it will inform you to configure the DNS server with LDAP support. If this is the case, refer to the DNS Server chapter of this book to configure this service properly.
Mail Server Domains and General Configuration
The Yast Mail Server module is split into different sections or tabs that are separated by their functions. I will try to give a thorough explanation of all of these sections and give you information on what needs to be done in order for the mail server to work properly.
First, lets look at the last "tab" in the list, the Mailserver Domains. This section allows you to specify all of the domains that your mail server will deliver and receive mail for. When you "Add" or "Change" these Domains you can configure them into different "types", including:
- main - When set, all users will receive emails from this domain using their username.
- virtual - When set, only users that are assigned email addresses through the Yast User Management Module will receive email for this domain.
- local - When set, all users will be able to receive email.
- none - If this is set, the mail server will not receive mail for this domain.
Also, when you create or edit these domains, the masquerading option gives you the ability to change the outgoing email address or the outgoing mail server for that domain (useful under certain circumstances). Just remember that you will probably want to create a separate DNS Zone for any domain that you want to receive mail for.
Now let's move on to the "Global Settings" section of the Yast Mail Server Module. This section allows you to adjust the Server Identification, the Mail Size limit and how Outgoing Emails are handled. The settings that you can adjust here include:
- Server Identification - Under most circumstances you will not want or need to adjust the Server Identification.
- Mail Size - This allows you to limit the size of mail that your server will handle. This will vary upon your environment and what you will use your mail server for. If you are utilizing your mail server over the Internet, it is courteous to limit the size to at most 10MB.
- Outgoing Mails - This section configures how your server will deliver mail outside of your network over the Internet. If you are simply using this server for internal mail select "No Outgoing Mail". If you need to utilize your ISPs, or another mail server on your network to deliver outgoing mail, select "Use Relay Host" and enter all the required information. Otherwise, simply use "Direct Delivery".
Mail Storage and Delivery
The "Local Delivery" section allows you to specify how you want all of the mail to be handled, such as utilizing a separate service to store emails, using the filesystem for mail storage, or even specify that all mail be sorted and delivered with procmail.
Under most circumstances, you simply need to decide on whether or not to use the filesystem, or use Cyrus IMAP for mail storage. If your network only uses GNU/Linux or other Unix type Operating Systems (and you do not need remote access to your email), the filesystem option becomes viable (especially when storing the mail in the user's home directory). However if you have Microsoft Windows Clients and/or you want to be able to access your mail remotely (either through POP or IMAP), you must use the Cyrus IMAP "Local Delivery Type".
When setting up Cyrus IMAP you are presented with a few options regarding security, mailbox size and Idle Time limits for Clients. In regards to the security option, this allows you to require all communication to the server be encrypted - highly recommended for any business.
The Mailbox size options give you the opportunity to limit the size of your user's mail storage. If you set a default mailbox size, the server will notify the user when the mailbox reaches the "Quota Warning Limit" percentage. This will allow the user to know that they may want to clean up their mail a little bit. When setting Quota Limits, normally the server will still deliver mail well beyond the quota limit unless you check the "Hard Quota Limit" box. When this box is checked the server will reject any further messages for that user (use with caution).
Other options on this page include "Fallback Mailbox" and "Use Alternate Namespace". The fallback mailbox allows you to specify a local mailbox that all messages to non-existent accounts will be delivered to. The "Use Alternate Namespace" option allows you specify how the user's additional mail folders are located. When checked, they are located on the same level as the INBOX folder, and when not checked, they are listed as sub-folders to their INBOX folder.
Mail Server Relaying and Communication Between Servers
Once you configure how to store all of your email, you now need to focus on another function of a Mail Server - Mail Delivery. Suse Linux Enterprise Server utilizes the postfix MTA (Mail Transfer Agent) and fortunately, by default, Postfix is a very secure MTA. Although, even the most secure services can be a weak link in your system security if they are not configured correctly.
When talking about Mail Servers, one of the most persistent problems you will encounter is the number of servers that are used as Open Mail Relays by spammers. What this means is that some mail servers will happily relay mail from anyone on the Internet. I myself have witnessed dozens of mail servers improperly configured that were being used for this purpose unknowingly.
To avoid the unauthorized use of your server as an open relay, you have two options. The first is to define "Trusted Local Networks". This tells the server to go ahead and allow any computer using certain IP Addresses the ability to relay mail through your server. This works well most of the time, however if you have a firewall that forwards traffic to your mail server, you must ensure that someone outside of your network cannot relay mail using your server.
The second way to avoid the open mail relay problem is simply the option of requiring anyone relaying mail through your server to provide a username and password. This option has been overlooked in the past, but more and more ISPs are starting to go this route to fight the increase of SPAM. To do this with Suse Linux Enterprise Server, simply check the box "Require SASL Authentication". You can also setup encryption options when sending mail by enabling TLS with the Mail Server.
To configure how the mail server will talk with other mail servers, the Yast Mail Server module provides the "Mail Transport Configuration page". This page is mostly useful when you have multiple mail servers on your network that need to exchange data.
Enabling Spam and Virus Prevention
Once you configure your email server, you will eventually start to get SPAM messages delivered to your users. This has become a growing problem over the last decade and Suse Linux Enterprise Server gives you a few tools to utilize to help reduce the amount of SPAM on your server.
The first way to fight SPAM on your server is to utilize what are called Real-Time Blacklists. These are lists that others have created that includes Internet addresses that are known to generate SPAM. There are many lists available over the Internet that you can use. Many are available to use for free while some do require a subscription.
Some of the free ones available to use (as of this writing) are:
To use these lists, simply add them to the "Configured RBL Server" list and enable them by using "Medium" or "Hard" Basic Settings (depending upon how strict you want the server to enforce these lists).
Below the SPAM Prevention settings, you will find the "Sender Restrictions" settings. Here you can enable different rules that are specific to different senders. This can be very helpful if you constantly receive emails from a specific person or a mailing list that you cannot seem to get off of.
Then, below the sender restrictions you will find a checkbox to enable the AMAVIS virus scanner. Simply check this to have your email checked for viruses when it is received. Note that you will need to run the command "freshclam" (as root) to download current virus definitions. You should also put this command in a cron job so your server will automatically download new definitions.
Some other problems you may encounter:
- If you get an error stating that "localhost" cannot be found and the mail bounces, adjust the "/etc/postfix/main.cf" file and set "disable_dns_lookups=yes".
- With some versions of SLES, amavisd sometimes has a problem starting up due to the fact that a FQDN is not listed. To fix this simply edit the "/etc/amavisd.conf" file and set the "$myhostname =" directive to your server's Fully Qualified Domain Name.
Fetching User's Mail on Remote Servers
When changing email addresses, it can be pretty annoying to constantly setup a few Mail Accounts on the client for all of the older email addresses that still have to be maintained. Fortunately Suse Linux Enterprise Server allows you to configure the server to periodically check these old email accounts and deliver that mail to any user's account on the server.
To accomplish this, simply go to the "Fetching Mail" section of the Yast Mail Server module, click the "Fetch Mail Regularly" box then set a specific interval that you want the server to use to check for new mail on these old accounts.
To configure the server to check an old account, simply click on "Add" and enter all of the relevant information for the old account along with the "Local User" account that you want the mail to be delivered to.
Enabling Mail for Users
Once you have the mail server configured, you can start configuring your User's accounts to be able to send/receive email on your server. To do this, simply go to the Yast User Management module and edit any user you want to be able to receive mail.
The specific area you want to be in is the "Plug-Ins" tab of the User configuration screen and ensure that there is a checkbox beside the "Edit user mail parameters". You can also highlight that plugin and hit "Launch" to start the Mail Settings page for that user. Here you can define additional email addresses that you want the user to be able to receive mail for. This is useful if you host multiple Mail domains on your server.
Enabling Mail for Groups
Similar to enabling mail for specific Users, you can also enable mail for specific Groups. This has two benefits. First, you are able to create "Mailing Lists" by creating a new Group and adding the users to the group that you wish to receive the list's mail.
In addition to Mailing Lists, you can also utilize a "Shared Folder" for a specific Group by using the Group Mail Plugin. This allows the user to "subscribe" to the Group Folder within their Email Client, thus allowing all members of the Group to share all the email, documents, etc that are located within the IMAP folder. You may need to reference your Email Client's documentation to find out how to "subscribe" to shared IMAP folders.
Advanced Mail Configurations and Preventative Tasks
The Yast Mail Server module was created to make it somewhat easy to setup a Mail Server on Suse Linux Enterprise Server. There are many times where you will need to fine tune your server with options that are not available within the Mail Server Module. To further help you along, Suse includes quite a few options that you can adjust within the "/etc/sysconfig Editor" Yast module. However be aware that anything you adjust there can have adverse affects if you plan on continuing to use the Mail Server module.
To maintain your mail server, you should realize that the Cyrus IMAP server stores all of the it's files within the
"/var/lib/imap" directory and all of the user's mail is stored in the
"/var/spool/imap" directory, so ensure you backup these directories periodically. Also note that Suse Linux Enterprise Server utilizes scripts to automatically backup any databases that Cyrus needs to run properly, these backups are also found within the "/var/spool/imap" directory.