Solved

500 PTS--Setting up a email server in Linux Red hat 9.0

Posted on 2003-11-12
29
1,296 Views
Last Modified: 2013-12-15
Hello,

I have currently red hat 9.0 installed and Postfix running. I have made some madifications to the Main config file, but not sure if i edited correctly. I do have the ability to send out mail though.

I need some info on recieving mail now. I currently have POP installed and running. I am behind a firewall in a DMZ zone. I the firewall forwarding all requests on port 110 to the machine. I have purchased a static Ip adress for the cable company. For testing purposes, i just want to send an email to the email server and recieve it...Where do i begin.....?? What Process should i use??? to see it the POP is working/Postfix is working?? How would I check for errors on recieving??

Thanks in advance...
0
Comment
Question by:Johnysteaks
  • 15
  • 11
  • +2
29 Comments
 
LVL 24

Expert Comment

by:shivsa
ID: 9732716
0
 

Author Comment

by:Johnysteaks
ID: 9733318
The Thread isn't finished...I was hoping that someone who has configured this before would help.....

Not the say that you haven't...I just wanted an overview if not detailed example....
0
 
LVL 12

Expert Comment

by:mburdick
ID: 9736247
http://www.experts-exchange.com/Operating_Systems/Linux/Linux_Setup/Q_20749169.html

Try that one... It might not "finish" it off for you, but it should bring you pretty close. Tell me what's still unanswered, and I'll take care of it...
0
 
LVL 12

Expert Comment

by:paullamhkg
ID: 9736371
Have a look here http://www.siliconvalleyccie.com/ for setting up a home networking, which have info abt the firewall setting, mail server and others service.

Hope this can help
0
 
LVL 2

Expert Comment

by:mcmurrick
ID: 9756217
Sounds like you need to own a domain name and have it bound by DNS to your IP otherwise your mail will need to be sent to the IP address you have leased. such as webmaster@122.23.22.2 (whatever your server ip address is) if you have a registered domain name and it is bound to your IP address webmaster@yourdomain.com should work. However what was written in your post was not completly specific the steps you have taken already hope this helps
0
 

Author Comment

by:Johnysteaks
ID: 9756909
oK,
  I Will be alittle more specific. I have a Static Ip Adress. I have A domain Name. For Example's Sake, Let's use 62.1.1.2 for the IP and helpnetworks.org as the Domain.

I have My server in a DMZ zone Behind a Firewall that is forwarding Requests for My Web currently..

I have Update My networksolutions account to Use the DNS and the Nameserver(s) give to Me by my ISP.

Mail.helpnetworks.org is Being Resolved By my ISP and and Requests are being Forwarded to My Firewall which is Holding the IP, then Forwarding it to the IP adress adress in my DMZ zone


I currently can send Mail Outbound. Don't Have a Problem with that. I have SMTP Installed. Posfix Installed.

But Cannot send out Mail...

I need some detail instructions on what to Do to Setup this...I believe i need to setup a Pop3 or IMAP service to transport the mail to postfix..But i get lost here.....


I also have webadmin installed..Nice Program....

My Pro
0
 
LVL 12

Expert Comment

by:mburdick
ID: 9759984
Please clarify - you say you can send outbound, then you say you can't.
0
 

Author Comment

by:Johnysteaks
ID: 9763345
I misposted..

I can send Outbound Mail But cannot recieve Mail.....

0
 
LVL 12

Expert Comment

by:mburdick
ID: 9763423
Two more questions:

1) Can you post any log information from the server that shows errors or mail issues? /var/log/maillog is where everything would be going...

2) Did my other post that I listed above help you in any way?
0
 

Author Comment

by:Johnysteaks
ID: 9764326
Have you setup a Email server Before??

I am not trying to be rude, but i read alot of the info. I wanted an Overview on how i should be modeling the Recieving of the email...

I have webadmin installed...If that makes a difference...

I believe a need a courier(Imap?/Pop3?) to transport the email messages to Postfix, but wanted some detail on "Where do i go from here"...

Like a mentioned, i can send out no problem, just can't recieve email and wanted info before i begun....


0
 
LVL 12

Expert Comment

by:mburdick
ID: 9764735
I am the e-mail and web hosting administrator for my company. I run Postfix mail servers exclusively, and we also offer a hosted SPAM scrubbing solution utilizing Postfix on Linux, w/ amavisd-new and SpamAssassin.

If you need to get this server working, I can help you do it. The reason I pointed you to my other question is because the other poster was looking to get his server set up to properly receive inbound mail. Look through that post and follow it. It will get you a lot closer to where you need to be than you are right now.
0
 

Author Comment

by:Johnysteaks
ID: 9766292
Nice,

Thanks for responding..I looked at the Info and seems straight forward, but i think some of the info i may be interpreting incorrectly.

I really am getting lost after compiling IMAP...

I am not sure on the MX record....Also--Can you give me an overview on how it should be configureD. Then, i can attempt to complete the bulleted list...The ask questions:
For Example:

Install/Validate IMAP
Edit Hosts Name to reflect XXX
Update MX Record
Issue Command XXX

And So On

Doesn't have to be that specific...Just an over view....I am a sysadm as well and want to understand/Not just skim.....From your expierance--your a Prime example...I very much appreciate your time....
0
 

Author Comment

by:Johnysteaks
ID: 9766299
Nice,

Thanks for responding..I looked at the Info and seems straight forward, but i think some of the info i may be interpreting incorrectly.

I really am getting lost after compiling IMAP...

I am not sure on the MX record....Also--Can you give me an overview on how it should be configureD. Then, i can attempt to complete the bulleted list...The ask questions:
For Example:

Install/Validate IMAP
Edit Hosts Name to reflect XXX
Update MX Record
Issue Command XXX

And So On

Doesn't have to be that specific...Just an over view....I am a sysadm as well and want to understand/Not just skim.....From your expierance--your a Prime example...I very much appreciate your time....
0
 
LVL 12

Expert Comment

by:mburdick
ID: 9766537
While IMAP is a useful tool to use in conjunction with a remote e-mail client or a webmail component, it is absolutely not required to send/receive e-mail on the machine.

While I'm on the subject: there are a couple of ways that you can implement IMAP on RedHat - you can go with the RPM package that ships with the OS, or you can go to Courier. Which method you opt for is determined by your needs. The main advantage to Courier is the ability to support Maildir style mailboxes. If the amount of mail received on the system is expected to be reasonably "small" (less than a hundred messages or so kept for any length of time), you can stick with the IMAP that ships with RedHat. If you expect the incoming mail load to be much higher, consider changing to Courier. Tell me your thoughts here, and I can help you get this done...

As for incoming mail:

For your MX - go to the DNS server that is running your domain. Create an MX, give it a value of 10 (if you can set values), and point it to your hostname (machine.domain.org, or whatever). Then, make sure that machine is listed in DNS with an A record that is your static IP Address.

If the IP Address on the machine is not the public address you put in the MX record, but is a translated address that's behind a firewall, you will need to edit /etc/postfix/main.cf and put the public IP Address in the "proxy_interfaces = " parameter.

You should be able to use the notes in my other posts to set most of the other variables in the main.cf file.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:Johnysteaks
ID: 9767316
I have the ISP resolving the Ip address to the FQDN(myDomain.org) and also any requests for Mail.Mydomain.org forwarded to My Ipadress...

I am not sure if i listed this above...Or it was clear enough..

I will compile and install Courier(Seems like the way to go)

Change the MX record....

What Port should My firewall be forwarding???

0
 
LVL 12

Expert Comment

by:mburdick
ID: 9767562
Port 25, TCP
0
 

Author Comment

by:Johnysteaks
ID: 9776566
Ok,
Below is the Following items i have completed:

iPop3 Is on(Wasn't)
I added lines that were listed in the Main.cf file

POP

==================Main.cf======================== command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
queue_directory = /var/spool/postfix
program_directory = /usr/libexec/postfix
mail_owner = postfix
default_privs = nobody
myhostname = <computername.mydomain.org>
mydomain = <Mydomain.org>
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, $mydomain, $mydomain
default_transport = smtp
alias_maps = hash:/etc/postfix/virtual
alias_database = hash:/etc/postfix/aliases
newaliases_path = /usr/bin/newaliases.postfix
recipient_deliimiter = +
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/bin/procmail -Y -a "$DOMAIN"
header_checks = regexp:/etc/postfix/header_checks
mynetworks_style = host
mynetworks = 127.0.0.0/8
local_recipient_maps = $alias_maps unix:passwd.byname
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
maps_rbl_domains = relays.ordb.org
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_maps_rbl
smtpd_sender_restrictons = reject_unauth_pipelining, reject_non_fqdn_sender
smtpd_recipient_restrictions = permit_mynetworks, check_recipient_access hash:/etc/postfix/whitelist,

reject_unauth_destination, reject_non_fqdn_recipient
disable_vrfy_command = yes
debug_peer_level = 2
delay_warning_time = 4
debugger_command =
       PATH=/usr/bin:/usr/X11R6/bin
       xxgdb $daemon_directory/$process_name $process_id & sleep 5


==================Main.cf========================
I can telnet to

SMTP(25), POp3(110)

I can access my mailbox using Kmail..
I can retrieve email and send email locally..Using Kmail...



I would like to use Pop3 with SSL on Port 995 instead of Pop3--for security..Mayby you can suggest something else....




I am getting these errors in the Log trying to access:

Recipient address rejected: Relay access denied; from=<myworkemailaddress> to=<myaccount@mydomain.org>

I am also getting this as well, but does not hinder my email retrieval;
postfix/smtpd[3488]: warning: restriction reject_maps_rbl is going away. Please use reject_rbl_client <domain> instead

I get this trying to access from a computer on my insternal subnet:

connect from unknown[192.168.2.11]

and yet another:
B1A1620E115: to=<mailtest@basilnetworks.org>, relay=local, delay=5, status=sent ("|/usr/bin/procmail -Y -a "$DOMAIN"")

Let me know what you think






0
 
LVL 12

Expert Comment

by:mburdick
ID: 9778555
Ok. Good information. Tell me the following:

1) Have you tried sending an e-mail to an account on this machine from someplace like Hotmail, Yahoo, or AOL? What happens when you do? If the message fails, can you post any of the return info here for review?

2) If you are logged on to the box, can you send mail to other users on the box?

3) Are you agreeable to getting IMAP and POP working in "basic" mode before attempting to enable all of the encrypting pieces?
0
 

Author Comment

by:Johnysteaks
ID: 9779394
I can send out anywhere logged onto the Machine locally...I can recieve mail locally...

I tried to Retrieve it using Outlook express on my win2k system. I can connect and SMTP tests Out OK.

It states that i can connect to the POP server, but the server doesn't respond...

I can connect using the mail.<mydomain>.org for SMTP--

Havent Tried sending mail to other users on the box But if i can send mail out and recieve mail, i should be able to..

I can connect to POP 3 and smtp via telnet @the correcponding Ports..So i guess they are working....

My big problem is that i just cant retrieve email logged onto another machine by setting Up the POP3 and smtp settings on another machine....

Any of the errors listed above help--what do they mean-?-I can give you my email address if you want to start exchanging email...


 

0
 

Author Comment

by:Johnysteaks
ID: 9779711
Just want to clarify..

I can send email to user@mydomain.org from my work account me@mywork.com no problem. I can also reply to the email and send one from user@mydomain.com to anywhere i want(Never had a problem with it..

How does my Main.cf look--Not to sure on the mynetworks line...

0
 
LVL 12

Expert Comment

by:mburdick
ID: 9784291
Ok. I think this is where we're at...

Let's cover a couple quick things first...

Don't sweat the error about the reject_maps_rbl thing. And, as much as it might be "quicker" to hash through some of this through e-mail, I want to keep the detail in this forum. "History" is a big part of why this site works. If we switch to e-mail, a lot gets lost, and others with similar problems don't get to see what you did to fix it.

The SMTP daemon appears to be listening properly for inbound mail and, from your description, it appears to be delivering to the appropriate users. Good.

The mailer appears to be functioning properly when delivering outbound mail. This means that it is able to understand the detsinations and connect correctly. Good.

There are two pieces left to either get working properly, or just get working. These are:

1) The ability to retrieve mail from a remote machine using POP3

2) The ability to use the mailer daemon to "relay" mail for a remote machine - this essentially means that you will use the daemon to send mail to another system.

The mynetworks parameter in the main.cf file is used to determine what machines (or networks) are allowed to use the mailer on this server as a relay. You don't want to be an open relay, so you want this to be as tight as possible. Your setting should be changed. To what? You'll need to determine the final answer, but here's the template:

mynetworks = 127.0.0.1/32, a.b.c.d/x

Using the layout above, add as many a.b.c.d/x entries as makes sense for your environment. Allow the machines that need to relay through the server, don't allow the ones that don't. If you have a whole network (192.168.5.0 / 255.255.255.0) that you need to allow, put it in (192.168.5.0/24). You'll need to know how to covert between subnet masks and prefix lengths...

Can you tell me what you're running for your POP daemon? If you look in /etc/xinetd.d, is there a ipop3 listed? If you look in that file, is it disabled, or no?

To fully test the POP daemon, telnet to the machine on port 110 and enter the following:

user <username>
pass <password>

Don't include the <>, and replace the user and password accordingly. Try running on the local machine first. Make sure that you can get a proper prompt that the mailbox is open after the two commands. Then, move to a remote machine. Tell me where it falls apart.
0
 

Author Comment

by:Johnysteaks
ID: 9786930
It's Ipop3

I can log in using telnet to 110 Locally.

The Using USER <user>
                PASS <User password> and that works



I don't believe it disabled as it does allow me to connect..

My internal network is 192.168.2.X. So entering the line below will allow all systems in my network to be allowed to recieve a relayed message from the mail server??
mynetworks = 127.0.0.1/32, 192.168.2.0 / 255.255.255.0







0
 
LVL 12

Expert Comment

by:mburdick
ID: 9787013
Can you authenticate to the POP daemon from a remote machine?

For the mynetworks:

1) Make sure there is no space in the network declaration, and that you use prefix lengths instead of masks (should be 192.168.2.0/24).

2) mynetworks has nothing to do with receiving mail, only relaying (or sending) messages to other destinations (like @microsoft.com). Essentially, this parameter tells Postfix which machines to "trust" and accept outbound mail from for delivery. If you were to put 0.0.0.0/0 in this field, any machine in the world could "drop off messages" for delivery to anywhere else in the world. That would make you an open relay. That would be bad.
0
 

Author Comment

by:Johnysteaks
ID: 9788724
So Basically what you are telling, just to be clear, is that the Relay agent is Ip/Subment specific .  It uses that parameter to authenticate the validity of the retrieving subnet, to relay the mail off...

Then upon validating a trusting network, it validates the username/pass of the user, then forwards the email using relay agent of postfix..

My current network is only set to local host, 127.0.0.8, so that in fact is the probably reason why i can only retrieve mail from the local host...

As no other domain has been entered(validated) in the my network field, so there-in-fact is the reason the relay agent hasn't forwarded anything off...





0
 
LVL 12

Expert Comment

by:mburdick
ID: 9789191
Let me try again to make this absolutely clear -

mynetworks has *absolutlely nothing* to do with *retrieval*. It has *ONLY* to do with sending.

When a remote machine connects to the SMTP daemon to send a message, and that message is not addressed to a recipient specifically on the Postfix server, it must be relayed. If the address of the the remote machine is in the mynetworks variable, the relay is permitted.

In no way, under no circumstances, does retrieval or user/password authentication come into play.

SMTP is for sending, and is tied to the mynetworks parameter. POP is for retrieval, and IS NOT associated with the mynetworks parameter.

Perform the POP commands I gave you above from a remote machine and see if you can log in or even connect.
0
 

Author Comment

by:Johnysteaks
ID: 9789419
I cannot connect to remote system via Port 110. Only On Local System
0
 

Author Comment

by:Johnysteaks
ID: 9789606
I didn't have telnet running as well--FYI
0
 
LVL 12

Accepted Solution

by:
mburdick earned 500 total points
ID: 9796457
Telnet is for connections on port 23, so that's ok.

When you installed the box, did you opt for firewall protection? On a console, type "service iptables stop" and then try connecting to port 110 from a remote machine again...
0
 

Author Comment

by:Johnysteaks
ID: 9796909
That Did It--Bingo---
Man-your good---


I knew it was something Minor....I do have one last question reguarding the Trusted domains Listed below...

http://www.experts-exchange.com/Operating_Systems/Linux/Linux_Setup/Q_20805065.html


Here is my next post on securing it--If possible-Couuld you take a look at it so i can get consistent imput on developing it and your already steps ahead of other Admins(Both through EE and your work)

I tried to Relay an email from my work Domain, Me@myworkdomain.com and it listed relay access denied..Which, from your post, is because i have not yet identified it as a trusting domain.If my Outbound ip address is 172.18.2.112 from the firewall (Confirmed this with the Maillog as it states it), how should my mynetworks line look??
I now the first is Less secure as it open the whole subnet up...

127.0.0.1/8, 192.168.2.0 / 24,172.18.2.0/24

Or 127.0.0.1/8, 192.168.2.0 / 24,<Exact IP><---Need help with syntax


0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now