Mail Server (SquirrelMail) on ubuntu: Difference between revisions

From ICO wiki
Jump to navigationJump to search
Ssumathi (talk | contribs)
No edit summary
Ssumathi (talk | contribs)
No edit summary
Line 179: Line 179:
<code>sudo service dovecot restart</code>
<code>sudo service dovecot restart</code>


'''Step 12 »''' Now test SMTP-AUTH and smtp/pop3 port access by <code>telnet mail.example.com smtp</code>.
'''Step 12 »''' Now test SMTP-AUTH and smtp/pop3 port access.
Use this code <code>telnet mail.example.com smtp</code> and you should get below response.
 
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix (Ubuntu)
 
now type ehlo <code>mail.example.com</code> and should get below response, please make sure you get those bolded lines.
 
ehlo mail.krizna.com
250-mail.krizna.com
--------
'''250-STARTTLS'''
'''250-AUTH PLAIN LOGIN'''
'''250-AUTH=PLAIN LOGIN'''
---------
250 DSN
 
and also try the same with other port.
 
Now the Postfix configuration is over, continue for dovecot installation.

Revision as of 19:04, 15 April 2017

Sheela Raj

Group : Cyber Security Engineering (C21)

Subject : Authentication & Authorization.

Introduction

In this article, we will cover how to setup mail server on Ubuntu using postfix, dovecot and squirrelmail.

» Postfix (for sending)

» Dovecot (for receiving)

» Squirrelmail (for web mail access)

Mail Server

  • A mail server or e-mail server is a server that handles and delivers e-mail over a network, usually over the Internet.
  • It receive e-mails from client computers and deliver them to other mail servers. 

Types of Mail Servers

  • Mail servers can be broken down into two main categories: outgoing mail servers and incoming mail servers.
Outgoing mail servers.
SMTP, or Simple Mail Transfer Protocol, servers.
When you press the "Send" button in your e-mail program, the program will connect to a server on the network/ Internet that is called an SMTP server. 
This protocol is used when e-mails are delivered from clients to servers and vice versa.
Incoming mail servers come in two main varieties.
POP3, or Post Office Protocol, version.
POP3 servers are known for storing sent and received messages on PCs' local hard drives.
When you download e-mails to your e-mail program, the program will connect to a server on the net that is known as a POP3 server.
IMAP, or Internet Message Access Protocol.
IMAP,servers always store copies of messages on server.
It is used to retrieve e-mail messages from a mail server over a TCP/IP connection.

The Process of Sending an Email

Now that you know the basics about incoming and outgoing mail servers, it will be easier to understand the role that they play in the emailing process. The basic steps of this process are outlined below.

Step #1: After composing a message and hitting send, your email client - whether it's Outlook Express or Gmail - connects to your domain's SMTP server. This server can be named many things; a standard example would be smtp.example.com.

Step #2: Your email client communicates with the SMTP server, giving it your email address, the recipient's email address, the message body and any attachments.

Step #3: The SMTP server processes the recipient's email address - especially its domain. If the domain name is the same as the sender's, the message is routed directly over to the domain's POP3 or IMAP server - no routing between servers is needed. If the domain is different, though, the SMTP server will have to communicate with the other domain's server.

Step #4: In order to find the recipient's server, the sender's SMTP server has to communicate with the DNS, or Domain Name Server. The DNS takes the recipient's email domain name and translates it into an IP address. The sender's SMTP server cannot route an email properly with a domain name alone; an IP address is a unique number that is assigned to every computer that is connected to the Internet. By knowing this information, an outgoing mail server can perform its work more efficiently.

Step #5: Now that the SMTP server has the recipient's IP address, it can connect to its SMTP server. This isn't usually done directly, though; instead, the message is routed along a series of unrelated SMTP servers until it arrives at its destination.

Step #6: The recipient's SMTP server scans the incoming message. If it recognizes the domain and the user name, it forwards the message along to the domain's POP3 or IMAP server. From there, it is placed in a sendmail queue until the recipient's email client allows it to be downloaded.

At that point, the message can be read by the recipient.


Mail Process


Before You Begin

Check your current Ubuntu version & Upgrade

You can check your current ubuntu version by the following command:

lsb_release -a

If your machine is already running Ubuntu 16.04.1 LTS or higher than that, There is no need for you to upgrade the OS.

Otherwise you need to upgrade the OS by the following command:

sudo apt-get update && sudo apt-get upgrade

Note: This article is written for a non-root user. Commands that require elevated privileges are prefixed with sudo. If you’re not familiar with the sudo command, you can check the Users and Groups guide.

Lets get Start

Installing and configuring postfix

Here i have used mail.example.com for hostname and example.com for Domain. Replace with your host and domain.

You can use nano or vim to edit the files. In this article i have used nano to edit the files.

Step 1 » Assign static IP and hostname and add a host entry for the host name.

  • Assign hostname in nano /etc/hostname
mail.example.com
  • Add a host entry in nano /etc/hosts
mail.example.com

Step 2 » Update the repositories. sudo apt-get update

Step 3 » Install postfix and dependencies.

  • Install postfix by sudo apt-get install postfix

During installation you will be prompted for set of details . So set it as you wish to configure.

  • You can also use the command dpkg-reconfigure postfix to re-configure it.

Step 4 » Edit and save nano /etc/postfix/main.cf by adding the following lines to configure Postfix for SMTP-AUTH using Dovecot SASL

home_mailbox = Maildir/
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes

and also add the below 3 lines to disable the weak chippers in postfix.

smtpd_tls_ciphers = high
smtpd_tls_protocols = TLSv1,!SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = aNULL, DES, 3DES, MD5, DES+MD5, RC4 

Step 5 » Now generate a digital certificate for tls. Issue the commands one by one and provide details as per your domain.

openssl genrsa -des3 -out server.key 2048
openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private

Step 6 »Now configure certificate path.

sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'
sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'

Step 7 » Open nano /etc/postfix/master.cf file and uncomment the below lines to enable smtps and submission.

Step 8 » Now install Dovecot SASL by typing the below command.

sudo apt-get install dovecot-common

Step 9 » Now Open nano /etc/dovecot/conf.d/10-master.conf file and find # Postfix smtp-auth line and add the below lines.

# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}

Step 10 » Change the Auth mechanisms.

  • The AUTH command is an ESMTP command (SMTP service extension) that is used to authenticate the client to the server.
  • The AUTH command sends the clients username and password to the e-mail server.
  • AUTH can be combined with some other keywords as PLAIN, LOGIN, CRAM-MD5 and DIGEST-MD5 (e.g. AUTH LOGIN) to choose an authentication mechanism.
  • The authentication mechanism chooses how to login and which level of security that should be used.

If you are not familiar with AUTH, you can check this link AUTH guide.

  • Their is a drawback of using the PLAIN and LOGIN authentication mechanisms is that the username and password can be decoded quite easy if somebody monitor the SMTP communication.
  • To obtain higher security an authentication mechanism with the name CRAM-MD5 can be used instead.
  • CRAM-MD5 combines a challenge-response authentication mechanism to exchange information and a cryptographic Message Digest 5 algorithm to encrypt important information.

Here I have used CRAM-MD5 to obtain more security.

  • To set Open nano /etc/dovecot/conf.d/10-auth.conf file.
  • Find the auth_mechanisms = plain and replace it with auth_mechanisms = cram-md5

Step 11 » Restart postfix and dovecot services.

sudo service postfix restart

sudo service dovecot restart

Step 12 » Now test SMTP-AUTH and smtp/pop3 port access. Use this code telnet mail.example.com smtp and you should get below response.

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix (Ubuntu)

now type ehlo mail.example.com and should get below response, please make sure you get those bolded lines.

ehlo mail.krizna.com
250-mail.krizna.com
--------
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
---------
250 DSN

and also try the same with other port.

Now the Postfix configuration is over, continue for dovecot installation.