Jonathan's blog

I’ve had a server at home for years now, and I’ve also been a professional sysadmin for at least three years. I know my way around Linux pretty well and for some time I’ve run my own web server and also other services.

But one thing I’ve steered clear of until now is running my own email server.

I’ve always thought it would be fairly easy to set up, but much harder to make secure. I don’t want to receive tonnes of spam and I don’t want spammers using my SMTP server as an open relay. In the past I’ve read about building SMTP servers with sendmail, postfix and exim but there was all sorts of conflicting information when it came to integrating milters and so on. Different guides all seemed to give contradictory advice and require all sorts of strange configuration steps that I couldn’t understand.

But all that changed when I heard about ClearOS. In short, it’s a spin of CentOS which uses a custom web interface to configure various software “modules”, including things like web server, email server, firewall gateway, database server, and so on.

I installed it on a virtual machine and after only a few clicks I was running a mail server: an MX for receiving mail for my domains, an authenticated SMTP server for personal outgoing mail, and a secure IMAP server for storing and accessing my mail. The frontend sets up postfix and cyrus to do its dirty work.

For ultimate ease, users (just me, in this case) are authenticated using a local LDAP directory, rather than by using system accounts. All SSL certificates for IMAPS and HTTPS were added automatically. Email antivirus scanning is done by Amavis and spam filtering is done by Spamassassin.

I had a little bit of trouble setting up Horde to access webmail and a web interface for configuring sieve rules. By “trouble” I mean the default Apache virtual host declarations needed some changing around and some aliases adding. If you’re familiar with Apache this won’t be a problem.

There are some aspects of ClearOS I don’t like so much, and I would prefer to use CentOS. But now ClearOS has written out all my configs it should be trivial to move my new mail setup to a plain old CentOS installation, where I already run my websites from. I have definitely learnt a lot about how email works by simply reading and understanding the config files written by the frontend.

So if you want to build an email server but don’t know where to start – try ClearOS. It’s a great introduction to the “scary” parts of setting up an email server, like milters and certificates.

This is a rather old email thread (as you can see from the fact I mentioned “in the new year”, i.e. looking forwards to 2009. I consider it good practice to retain the relevant parts of the history when replying, but this conversation has gone on for so long that the formatting is getting a bit silly…

When an email thread gets too long

Chances are if you have a Linux server in your home, you’ll want it to be able to send you emails, e.g. its daily logwatch or the output from cron jobs.

But most ISPs block SMTP so you can’t directly send emails from your server to wherever they need to go, which is what the default config of sendmail does.

So you need to tell sendmail to forward its mail through something called a Smart Host, which is just an SMTP server that your ISP runs.

First, find out from your ISP what their Smart Host or SMTP server is called. This is usually available somewhere on their website.

Now open up /etc/mail/sendmail.mc for editing. Locate the following block, remove the dnl markers and change the name of the server to match your ISP’s.

dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
define(`SMART_HOST', `mail.my-isp.com')

After editing, you have to run the /etc/mail/make program to write the sendmail config file. Then restart the sendmail daemon.

service sendmail restart

Your server is now capable of sending outoing mail through an external mail server. But there’s one final tweak. Open /etc/aliases and change the very last line so that you receive root’s mail.

# Person who should get root's mail
root:           me@jonathangazeley.com

Today I wrote an email in Thunderbird and clicked send. It gave me this message:

It has never asked me this before, so I wonder what prompted it to do so today. Turns out new builds of Thunderbird scan your email for keywords such as attachment or attached and reminds you to check for attachments if you used these words.

In my email I had said “It’s in my name because it’s attached to my account” so this must be what triggered it.

Pretty nifty – the number of times I’ve accidentally sent an email without its attachment…

I just received my phone bill from O2 by email. See if you can spot the deliberate mistakes. Click for a bigger version.

O2 phone bill