Mail Server (SquirrelMail) on ubuntu: Difference between revisions

From ICO wiki
Jump to navigationJump to search
Ssumathi (talk | contribs)
No edit summary
Ssumathi (talk | contribs)
No edit summary
Line 126: Line 126:
Step 5 » Now generate a digital certificate for tls. Issue the commands one by one and provide details as per your domain.
Step 5 » Now generate a digital certificate for tls. Issue the commands one by one and provide details as per your domain.


<code>
  openssl genrsa -des3 -out server.key 2048
  openssl genrsa -des3 -out server.key 2048
  openssl rsa -in server.key -out server.key.insecure
  openssl rsa -in server.key -out server.key.insecure
Line 135: Line 134:
  sudo cp server.crt /etc/ssl/certs
  sudo cp server.crt /etc/ssl/certs
  sudo cp server.key /etc/ssl/private
  sudo cp server.key /etc/ssl/private
</code>

Revision as of 12:27, 6 April 2017

Sheela Raj

Group : Cyber Security Engineering (C21)

Subject : Authentication & Authorization.

Introduction

In this article, we will cover how to setup mail server on Ubuntu using postfix, dovecot and squirrelmail.

» Postfix (for sending)

» Dovecot (for receiving)

» Squirrelmail (for web mail access)

Mail Server

  • A mail server or e-mail server is a server that handles and delivers e-mail over a network, usually over the Internet.
  • It receive e-mails from client computers and deliver them to other mail servers. 

Types of Mail Servers

  • Mail servers can be broken down into two main categories: outgoing mail servers and incoming mail servers.
Outgoing mail servers.
SMTP, or Simple Mail Transfer Protocol, servers.
When you press the "Send" button in your e-mail program, the program will connect to a server on the network/ Internet that is called an SMTP server. 
This protocol is used when e-mails are delivered from clients to servers and vice versa.
Incoming mail servers come in two main varieties.
POP3, or Post Office Protocol, version.
POP3 servers are known for storing sent and received messages on PCs' local hard drives.
When you download e-mails to your e-mail program, the program will connect to a server on the net that is known as a POP3 server.
IMAP, or Internet Message Access Protocol.
IMAP,servers always store copies of messages on server.
It is used to retrieve e-mail messages from a mail server over a TCP/IP connection.

The Process of Sending an Email

Now that you know the basics about incoming and outgoing mail servers, it will be easier to understand the role that they play in the emailing process. The basic steps of this process are outlined below.

Step #1: After composing a message and hitting send, your email client - whether it's Outlook Express or Gmail - connects to your domain's SMTP server. This server can be named many things; a standard example would be smtp.example.com.

Step #2: Your email client communicates with the SMTP server, giving it your email address, the recipient's email address, the message body and any attachments.

Step #3: The SMTP server processes the recipient's email address - especially its domain. If the domain name is the same as the sender's, the message is routed directly over to the domain's POP3 or IMAP server - no routing between servers is needed. If the domain is different, though, the SMTP server will have to communicate with the other domain's server.

Step #4: In order to find the recipient's server, the sender's SMTP server has to communicate with the DNS, or Domain Name Server. The DNS takes the recipient's email domain name and translates it into an IP address. The sender's SMTP server cannot route an email properly with a domain name alone; an IP address is a unique number that is assigned to every computer that is connected to the Internet. By knowing this information, an outgoing mail server can perform its work more efficiently.

Step #5: Now that the SMTP server has the recipient's IP address, it can connect to its SMTP server. This isn't usually done directly, though; instead, the message is routed along a series of unrelated SMTP servers until it arrives at its destination.

Step #6: The recipient's SMTP server scans the incoming message. If it recognizes the domain and the user name, it forwards the message along to the domain's POP3 or IMAP server. From there, it is placed in a sendmail queue until the recipient's email client allows it to be downloaded.

At that point, the message can be read by the recipient.


Mail Process


Before You Begin

Check your current Ubuntu version & Upgrade

You can check your current ubuntu version by the following command:

lsb_release -a

If your machine is already running Ubuntu 16.04.1 LTS or higher than that, There is no need for you to upgrade the OS.

Otherwise you need to upgrade the OS by the following command:

sudo apt-get update && sudo apt-get upgrade

Note: This article is written for a non-root user. Commands that require elevated privileges are prefixed with sudo. If you’re not familiar with the sudo command, you can check the Users and Groups guide.

Lets get Start

Installing and configuring postfix

Here i have used mail.example.com for hostname and example.com for Domain. Replace with your host and domain.

You can use nano or vim to edit the files. In this article i have used nano to edit the files.

Step 1 » Assign static IP and hostname and add a host entry for the host name.

  • Assign hostname in nano /etc/hostname
mail.example.com
  • Add a host entry in nano /etc/hosts
mail.example.com

Step 2 » Update the repositories. sudo apt-get update

Step 3 » Install postfix and dependencies.

  • Install postfix by sudo apt-get install postfix

During installation you will be prompted for set of details . So set it as you wish to configure.

  • You can also use the command dpkg-reconfigure postfix to re-configure it.

Step 4 » Edit and save nano /etc/postfix/main.cf by adding the following lines to configure Postfix for SMTP-AUTH using Dovecot SASL

home_mailbox = Maildir/
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes

and also add the below 3 lines to disable the weak chippers in postfix.

smtpd_tls_ciphers = high
smtpd_tls_protocols = TLSv1,!SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = aNULL, DES, 3DES, MD5, DES+MD5, RC4 

Step 5 » Now generate a digital certificate for tls. Issue the commands one by one and provide details as per your domain.

openssl genrsa -des3 -out server.key 2048
openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private