Subscribe Us

How to Configure sendmail ,dovecot , fetchmail , Clamav ,Mailscanner, Spamassassin,MailWatch in RHEL | centos [ Part-1/6 ]


INDEX
PART-1 Configure complete sendmail server in rhel.

PART-2 Creating the Certificate for secured communication(dovecot).

PART-3 Fetchmail Sample file to download the mail.

PART-4 Installation of CLAMAV antivirus.

PART-5 Mailscanner quick install notes.

PART-6 Installation instruction MailWatch & SpamAssassin.

General Scenario and assumption
We are going to configure OFF LINE mail server. We have our mail server hosted and our domain is “howto.info” and our mail server name “mail.howto.info” ( smtp and pop3 ).

User name at our hosted mail server is : mymail@howto.info
Password of user dimple on the mail server is : XXXX

Local configuration :
Ip address of our mail server in local network 192.168.0.xxx
We are using Redhat Enterprise Linux 4 U3 for the test setup.

All local users will contact our local mail server only.

The OFF-LINE mail server means : the last point of our mail is hosted mail server. Periodically we need to download the mail from hosted mail server. The download frequency can be decided on the basis of load and user. The fetchmail will provide the facility to download the mail from the hosted server.

The basic setup will include :

sendmail ( MTA – smtp server )
dovecot ( IMAP and POP3 server )
fetchmail ( download script from hosted server )
MailScanner ( antivirus mechanism for mail )
Clamav ( Antivirus software )
Spamassassin ( Antispam thru MailScanner only )
MailWatch ( Reports and maillog analysis )

1. General consideration and explanation :
Please check proper resolution of the hostname :
check   1. /etc/hosts
        2. /etc/sysconfig/network

Should resolve the hostname like :
[root@stationxxx ~]# hostname
stationxxx.example.com

Example : /etc/hosts
[root@stationxxx ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1       localhost.localdomain   localhost
192.168.0.xxx   stationxxx.example.com  stationxxx

Example : /etc/sysconfig/network
[root@stationxxx ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=stationxxx.example.com

Check the rpm is loaded or not :
# rpm -qa | grep sendmail
sendmail-8.13.1-2
sendmail-cf-8.13.1-2
#rpm -qa | grep dovecot
dovecot-0.99.11-2.EL4.1

# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
This command invokes the m4 macro processor, supplying it the name of two macro definition files to process. m4 processes the files in the order given. The first file is a standard sendmail macro template supplied with the sendmail source package, the second, of course, is the file containing our own macro definitions. The output of the command is directed to the /etc/mail/sendmail.cf file, which is our target file.

You may now start sendmail with the new configuration.

Sample /etc/mail/sendmail.mc file :
dnl define(`SMART_HOST',`smtp.your.provider')
define(`SMART_HOST',`mail.howto.info')
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 
LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
define(`confCACERT_PATH',`/etc/mail/certs')
define(`confCACERT',`/etc/mail/certs/cacert.pem')
define(`confSERVER_CERT',`/etc/mail/certs/sendmail.pem')
define(`confSERVER_KEY',`/etc/mail/certs/sendmail.pem')
define(`confCLIENT_CERT',`/etc/mail/certs/sendmail.pem')
define(`confCLIENT_KEY',`/etc/mail/certs/sendmail.pem')
dnl #
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
dnl #
dnl FEATURE(`accept_unresolvable_domains')dnl
FEATURE(authinfo, `hash -o /etc/mail/authinfo')
dnl # 
LOCAL_DOMAIN(`localhost.localdomain')dnl
LOCAL_DOMAIN(`howto.info')dnl
dnl #
dnl MASQUERADE_AS(`mydomain.com')dnl
MASQUERADE_AS(`howto.info')dnl
dnl #
FEATURE(masquerade_envelope)dnl
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
FEATURE(masquerade_entire_domain)dnl
dnl #
MAILER(local)

The /etc/mail/access file:
# Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
# by default we allow relaying from localhost...
localhost.localdomain  RELAY
localhost   RELAY
127.0.0.1   RELAY
192.168.0   RELAY
howto.info  RELAY
student@   REJECT

NOTE : Please check /usr/share/sendmail-cf/README for RHEL5

Sample /etc/mail/authinfo file:
#AuthInfo:yahoo.com "U:siege.x@sbcglobal.net" "P:pAsSWoRd" "M:PLAIN LOGIN"
#AuthInfo: "U:siege.x@sbcglobal.net" "P:pAsSWoRd" "M:PLAIN"

/etc/aliases (& /etc/aliases.db)
Contains aliases for e-mail addresses. For example, it allows you to send mail destined for user 'daemon' to 'root'.

Only local names may be aliased.

Example /etc/aliases file:
daemon:        root  # Messages sent to user daemon are redirected to root
root:          steve # Messages sent to root are redirected to steve
webmaster:     steve bob sue 
steve@foo.com: bob   # This entry is invalid unless the local host name is foo.com
                     # or foo.com is listed in /etc/mail/local-host-names  
After editing /etc/aliases,
you must regenerate /etc/aliases.db with the newaliases command.

/etc/mail/access (& /etc/mail/access.db) :
Controls which hosts are allowed to use sendmail.
localhost.localdomain   RELAY   #
localhost     RELAY   ### These 3 permit the localhost to relay
127.0.0.1     RELAY   #
10.22         REJECT  # Reject mail from any host with an IP that starts with 10.22
nobody@       REJECT  # Rejects any mail addressed to user 'nobody' regardless
                      # of the domain it's sent to.
foo.com       OK      # Accept mail from foo.com (not for relaying) even
                      # if other rules might reject it
bar.com       REJECT  # Reject all mail from bar.com and send message to sender
foobar.com    DISCARD # Like REJECT, except sender doesn't receive a message

# The following sends the specfied RFC error code back to the sender along with the
# message specified after it.
someone.com             550 We don't accept your mail. 
After editing /etc/mail/access, you must regenerate /etc/mail/access.db by going into /etc/mail and typing make.

/etc/mail/mailertable (& /etc/mail/mailertable.db)
Useful for overriding DNS or if DNS isn't available.
Allows you to perform domain translation.
Can specify the deliver agent.
foo.net     smtp:bar.net        
# Forward mail addressed to foot.net to bar.net
foobar.net  smtp:[192.168.1.20] 

# Forward mail addressed to foobar.com to the host at 192.168.1.20        
Regenerate /etc/mail/mailertable.db by going to /etc/mail and typing make.

/etc/mail/virtusertable (& /etc/mail/virtusertable.db)
Allows you to map multiple virtual domains and users to other addresses.
webmaster@foo.com     steve          
# Mail sent to webmaster@foo.com is redirected to local user steve

postmaster@bar.com    steve@foo.com  
# Mail sent to postmaster@bar.com is redirected to steve@foo.com

@somedomain.com       joe@foo.com    
# Mail addressed to _any_ user at somedomain.com is redirected

                                     # to joe@foo.com
@foobar.com           %1@bar.com     
# Mail addressed to a user at foobar.com is redirected to the same
                                     # user at barr.com.
Regenerate /etc/mail/virtualusertable.db by going to /etc/mail and typing make.


/etc/mail/domaintable (& /etc/mail/domaintable.db)
Allows an old domain to be mapped to a new one.
Example /etc/mail/domaintable:
NEED TO FIND MORE INFO ABOUT domaintable
Regenerate /etc/mail/domaintable.db by going to /etc/mail and typing make.


/etc/mail/local-host-names
This file must contain the sendmail server's machine name and any aliases. Sendmail must be restarted after changing this file in order for it to take effect.
foo.com
howto.info

Your Sendmail.conf file should look like as below or change it so it will look like below for user authentication
# cat /usr/lib/sasl2/Sendmail.conf
pwcheck_method:saslauthd

Execute below command to use /etc/shadow file as authentication.
#saslauthd -a shadow

PART-1 Configure complete sendmail server in rhel.

PART-2 Creating the Certificate for secured communication(dovecot).

PART-3 Fetchmail Sample file to download the mail.

PART-4 Installation of CLAMAV antivirus.

PART-5 Mailscanner quick install notes.

PART-6 Installation instruction MailWatch & SpamAssassin.

Post a Comment

29 Comments

  1. hey there and thank you for your info – I've definitely picked up anything new from right here. I did however expertise several technical issues using this site, as I experienced to reload the site a lot of times previous to I could get it to load correctly. I had been wondering if your web host is OK? Not that I'm complaining,
    but sluggish loading instances times will
    often affect your placement in google and could
    damage your quality score if ads and marketing with Adwords.
    Well I am adding this RSS to my e-mail and can look out
    for much more of your respective intriguing content.
    Make sure you update this again soon.

    my homepage; black ops 2 hacks

    ReplyDelete
  2. hello!,I like your writing so much! share we communicate
    extra approximately your article on AOL? I need an expert on this house to
    unravel my problem. Maybe that's you! Having a look forward to see you.

    Review my weblog :: weight loss ()

    ReplyDelete
  3. Great work! This is the kind of info that are meant to be shared around
    the web. Shame on the seek engines for no longer positioning this put up upper!
    Come on over and consult with my site . Thanks =)

    Visit my weblog :: league of legends riot points generator

    ReplyDelete
  4. Thank you for the auspicious writeup. It in fact was a enjoyment account it.
    Look complicated to far brought agreeable from you! However, how can we keep up a
    correspondence?

    my homepage: black ops 2 hack

    ReplyDelete
  5. Hi there, just became alert to your blog through Google, and
    found that it is really informative. I am gonna watch out for brussels.

    I will be grateful if you continue this in future. Numerous people will be benefited from your
    writing. Cheers!

    Stop by my web blog league of legends riot points generator (askanastronomer.net)

    ReplyDelete
  6. I am in fact grateful to the owner of this site who has shared
    this impressive article at at this time.

    Feel free to surf to my page - diablo 3 key generator

    ReplyDelete
  7. I have read so many posts concerning the blogger lovers except this article is genuinely a
    good piece of writing, keep it up.

    My weblog :: league of legends hack

    ReplyDelete
  8. I am regular reader, how are you everybody? This paragraph posted at this
    website is actually nice.

    my web-site league of legends riot points generator

    ReplyDelete
  9. Hi mates, how is all, and what you wish for to say on the topic of this post, in
    my view its truly amazing for me.

    Have a look at my homepage - Black ops 2 aimbot

    ReplyDelete
  10. Remarkable! Its actually awesome article, I have got
    much clear idea about from this post.

    Here is my blog post :: black op 2 hack

    ReplyDelete
  11. Great article.

    Feel free to surf to my blog post - fifa 13 coins generator

    ReplyDelete
  12. Hi there I am so grateful I found your blog, I really found you by error, while I was looking on Bing
    for something else, Anyways I am here now and would just like to say thank you for a incredible post and a all round exciting blog
    (I also love the theme/design), I don’t have time to go through it all at the moment but I have saved it and also added your RSS feeds, so when I have time I will be back to read a great deal
    more, Please do keep up the excellent work.

    Also visit my blog - big cock

    ReplyDelete
  13. My family members all the time say that I am wasting my time here at web, except I know I am getting knowledge every day by reading thes good posts.


    Also visit my homepage; fifa 13 ultimate team coin generator (fifa13coingenerator2013.tumblr.com)

    ReplyDelete
  14. Awesome article.

    My web-site ... steam wallet hack - http://www.youtube.com,

    ReplyDelete
  15. I constantly spent my half an hour to read
    this website's articles every day along with a mug of
    coffee.

    Look into my homepage :: payday 2 full game

    ReplyDelete
  16. Why visitors still make use of to read news papers when in this technological globe all is available on net?



    My web-site; clash of clans hack

    ReplyDelete
  17. You have made some really good points there.
    I looked on the web for more info about the issue and found most people will
    go along with your views on this website.

    My blog post ... free robux

    ReplyDelete
  18. Wonderful article! We are linking to this particularly great post on our site.
    Keep up the great writing.

    Check out my site; paysafecard code generator

    ReplyDelete
  19. Aw, this was an exceptionally good post. Finding the time and actual effort to make a superb article…
    but what can I say… I hesitate a lot and never manage to get anything done.


    Feel free to surf to my weblog - clash of clans hack unlimited gems hack 2014

    ReplyDelete
  20. I always spent my half an hour to read this weblog's posts every day along
    with a cup of coffee.

    Here is my website ... http://xed.cc/7pQV

    ReplyDelete
  21. bookmarked!!, I like your web site!

    Also visit my web-site http://Z23.co/4v

    ReplyDelete
  22. I create a comment each time I like a article on a site or if I have something to add to the conversation. Usually it is triggered by
    the sincerness communicated in the article I browsed.
    And after this article "How to Configure sendmail ,dovecot , fetchmail , Clamav ,Mailscanner, Spamassassin,MailWatch in RHEL | centos [ Part-1/6 ]".
    I was actually moved enough to post a comment ;) I actually do
    have 2 questions for you if it's okay. Is it just me or do some of the responses look
    like they are coming from brain dead people? :-P And, if you are posting on other social sites,
    I would like to keep up with everything fresh you have to post.
    Would you make a list all of all your community sites like your twitter feed, Facebook page or linkedin profile?


    My web blog ... Christian Louboutin Outlet

    ReplyDelete
  23. Simply desire to say your article is as astounding.
    The clearness in your post is simply spectacular and i could assume you're
    an expert on this subject. Well with your permission allow me to grab your RSS feed to keep up to date
    with forthcoming post. Thanks a million and please keep up the rewarding
    work.

    my site: http://best.co.za/TheLindenMethod309881

    ReplyDelete
  24. I'm impressed, I must say. Seldom do I encounter a blog that's equally educative and amusing, and without a doubt, you
    have hit the nail on the head. The issue is something that not enough men and women are speaking intelligently about.
    I am very happy I found this during my hunt for something concerning
    this.

    Also visit my web site :: Louis Vuitton Handbags

    ReplyDelete