CTS 2322 (Unix/Linux Administration II) Project #7
Mail Service Configuration

In this project you will build and use a SOHO Mail server.  Your mail service will include SMTP service with the postfix MTA, and POP3/ IMAP service with the Dovecot MAA.  (Web mail access will be added in the next (and last) project.)  Your email service will use the Maildir mail storage system rather than the more traditional mbox format.

Actually Dovecot supports Maildir++ format, an extension that adds sub-folders and mail quota.  Most systems (MUAs and MDAs) that claim they support Maildir actually mean they support Maildir++.  (Note while the author of the format spells it with a lowercase m most of the world uses Maildir or Maildir++.)

A proper mail service (as with most services) generally requires a static IP setup and additional DNS records.  However you would need to learn more about networking to do this properly, so we will save this for another project.

(Mail service configuration continues in a CTS-2311 (Unix/Linux Security) course project to add full functionality, including virus and spam scanning and authentication, and in CTS-2333 (Unix/LInux Networking) to add static IP and network support.)

All required background material, including resource links, lecture notes with step-by-step directions, and sample configuration files, can be found here.

Note!  Fedora may not have correct SELinux policy rules for Dovecot or other servers.  It is strongly suggested you make sure SELinux is run in permissive mode for this project.  One way to always boot up in permissive mode is to edit the file /etc/selinux/config and follow the comments to change the mode.

You may work individually or in pairs on this project.  Each student in a group must submit an identical copy of the assignment, which must include both student names.

Install, configure, and test a mail service suitable for SOHO use.  Unlike some previous projects the steps will not include specific commands to run.  At this point you are expected to be able to locate relevant commands and documentation using the skills you have learned.  (But don't panic!  The resources section includes a copy of email lecture notes you can use, and the Internet resources for email setup are very good.)

Perform the following tasks and answer the following questions (optional steps appear in italics in a gray box and start with the phrase (optional)):

1. Configure the Postfix MTA.
   1. This includes turning off any other MTAs (such as sendmail) configured to run at boot time, and making sure they are off now.  Then use alternatives command to switch all shared commands to your chosen MTA (if set to, say, sendmail).  If there was no alternatives system (or some equivalent) what would you do if you need to switch MTAs (or another subsystem that uses conflicting pathnames)?
   2. Make sure the required software is installed, for both the alternatives command and the Postfix MTA.  (You can install other software as needed later.)  Be sure to install the alternatives system first.  What packages are needed?  How did you determine this?
   3. Before editing any configuration files you need to change, make a copy of the originals.  By default MTAs accept mail from localhost only.  Edit /etc/postfix/main.cf to accept email from other hosts (or at least the others in our class network).  Use the system default mailbox (an mbox) for now.  Check the syntax, and then start (or reload) the MTA and test the result.  What changes did you make (show diff output comparing the original and modified file(s))?  How do you check the email service?
   4. Use some MUA such as mutt to send and read email to your non-root account on your host, from your host.  Then try to send and read email to your non-root account on your host, from a different host.  (You should ask a fellow student or your instructor to send you the email.)  Examine the log files for any problems.  What extra steps, if any did you need to perform?  What log entries were generated, and in which log files?
   5. Verify the email aliases are setup correctly and if needed rebuild the aliases database.  (Make sure you use the correct aliases file, there may be several on the system!  Read the Postfix configuration file to see which file gets used.)  What email-related aliases should always be present?  Why is it important to set root as an alias to a real person on a server?
2. Configure the MDA used by your MTA to deliver email to the user's home directory in Maildir format to ~/Maildir/.  Now reload the mail server and test the changes.  Send email to some user and check their home directory (and the log files) to verify this works (the new mail files and folders were created).  What changes did you make?
3. Configure MUAs to read local mail from the new Maildirs.  Not all MUAs support Maildirs (notably pine, but there is a patch if you have the source).  Configure the mutt MUA to use Maildirs.  (Sample configurations for MUAs can be found in the lecture notes found on-line in the email resources.)

   Make sure you can send and receive emails with mutt.  What changes did you make to your MUA configuration?

   (Optional)  Install if necessary the mailx (formally known as nail) replacement package for mail.  (Personally I have set a shell alias for mail to mailx).  Now configure mailx MUA to use Maildirs and test the result.  Finally, repeat for any other MUAs you use including GUI MUAs.  Report any changes made.
4. Configure IMAP and POP3 service with Dovecot.  (While Courier or Cyrus are more popular MAAs, especially with ISPs, Dovecot is very easy to install and works well.)
   1. Configure your firewall to allow incoming POP3 and IMAP TCP ports.  Beside the firewall on this host, what other changes might you need to make to allow others to read email remotely using your MAA?
   2. Configure the Dovecot IMAP/POP MAA to start automatically at boot time.  Next, configure Dovecot to use Maildirs, and make any other needed changes to support local users.  Make sure it is running now. What changes did you make?
   3. Check the log files for any problems.  You can test to see if the daemon is running by using telnet localhost pop3 (or imap). 
   4. Configure your MUA to read your email via IMAP and make sure you can read your email.  mutt and alpine can read email from IMAP if you change the (incoming) mailbox to this URL (instead of the normal pathname): imap://userName@localhost/INBOX.  You can set this as the default by exporting the MAIL environment variable in a login script.  Now test by sending some mail to your account from your MUA, and try reading it using the MUA configured for IMAP.  Examine the log files to make sure there were no problems.
5. Make sure your new mail services are using the proper syslog facilities for logging, and that you have configured syslog to save email related log messages in the proper log file(s).  What changes (if any) did you make for this?
6. Verify all new log files (both email and possibly DNS) are properly rotated.  What log file(s) are used for your email service?  What log roration policy did you implement?

• Make sure SE Linux is NOT set to enforcing.  Use getenforce command ot see, and setenforce 0 command to set to Permissive.  To make the change permanent, edit the file /etc/selinux/config; the comments in there explain what to change.
• If your networking setup is not correct you will experience problems.  Be sure you have turned off the NetworkManager service and are using the network service, as explained in class.  Use chkconfig to ensure the correct service only will run at boot time.
• If you do make any network changes, especially to DNS, and are running a name server caching daemon, remember to restart that after the changes.  This might be either named or nscd (hopefully you're not running both at once!).
• Use alternatives --config mta to make sure you are really using Postfix and not Sendmail.
• Before making changes to configuration files, either add them to a version control system such as rcs, or at least make a backup copy of the original.  (I use cp foo foo-orig.)  Then you can use diff foo-orig foo to see what you changed, and that can be copied into your system journal.

A copy of your journal pages and the answers to the questions asked above.  You can send as email to (preferred).  If email is a problem for some reason (!), you may turn in a hard-copy.  In this case the pages should be readable, dated, and stapled together.  Your name should appear on the first page. 

Don't turn in your whole journal, you will need to add to it every day in class!  It is common in fact to keep the journal as a text file on the system (with a paper backup of course).

Please see your syllabus for more information about submitting projects.