openSUSE 11.3 as a mail server

I was asked to install a mail server for the company I work for 'cause the mail fowarding service is getting pretty expensive.

As an openSUSE user I decided to use my beloved distro for that task rather than a Windows 2003 Server.
I want to avoid using MS Windows OS and use openSUSE so I can introduce this “new” technology to the company. I have the evil (>:)) plan to progressively migrate from MS Windows to Linux and this is an excelent opportunity for showing what is Linux capable of.

Unfortunately I’m a rooky Linux admin and I could not get any satisfactory results yet.

For testing purposes I managed to point an MX record to an static ip address (200.69.219.57) using No-Ip service. I’ve tested it using dig unitan.sytes.net MX command.

Then I installed openSUSE using 3 hdd, 1 for system files and directories and 2 setting up a RAID 1 array mounted under /var directory because I’ve read that there is where the e-mails will be stored.

I’ve followed a couple of documents presented in these forums to no avail. I did install the system using LDAP but I could not get/install/create any certificate so users could not authenticate (Dovecot said so)

Any help, guidance or doc would be much appreciated. I commit myself to generate a HOW TO document for the future rooky admins like me upon achieving my goal.

TIA,

Pancho

You’ll have to be more specific than this. What are are you or your users are doing when this happens? What is the exact error message? Which program is giving it? To expect effective help, your question should provide concrete (and relevant - I might add) information about the situation so people can understand the problem.

I’m not at an openSUSE install at the moment, but you set up the certificates in yast2>security and users. (At least that’s where it is in SLES.)
Also, doesn’t the dovecot server setup/admin allow for the creation of a certificate? (I use cyrus imap, so don’t know dovecot)

Thank both for your replies. Sorry If I wasn’t providing relevant information.

I setup the LDAP server using the following:

Since the fixed ip (200.69.219.57) is pointing to unitan.sytes.net through NO-IP free dns service I used unitan.sytes.net as the host name when installing and unitan as the alias. Then the Base DN is dc=unitan,dc=sytes,dc=net
The Administrator DN is cn=Administrador (Base DN is appended)

Today I followed this tutorial and did not use any certificate. The LDAP database was created without a problem but I could not use the LDAP Client. The given error was INVALID CREDENTIALS even the Administrator DN was set properly and the password correctly entered.

Any help is really appreciated,

Pancho

Even though you are only using ldap as an authentication for the mail server login and not as a linux user login, you still need to set up each user’s mail box and login on the ldap server. Part of the ldap server data will also point to the user’s email details.
In other words, the user needs an ldap account (username/password) as well as a pointer to where his mail is stored/delivered.
To get the client logins to work after installation, you need to restart the services or reboot the machine after the ldap client setup.
You will need to set this in ldap and then point dovecot to use this info.
Have a look at this and see if it helps:
The Perfect Server - OpenSUSE 11.3 x86_64 [ISPConfig 3] | HowtoForge - Linux Howtos and Tutorials
Also, since you are setting up for a company, make sure you have a separate /var partition as well as a separate partition for the dovecot config/mail settings. This means it will not be overwritten when the distro is updated and you don’t need to recreate everything.
As a company mailserver, perhaps also look at paying for and using SLES. It doesn’t change version so often and thus gives long term stability for updates.

whych, thank you for your help. I’ve read an article which advised using LDAP auth for users, it is posted on my first message in this thread. The main problem I have is setting up the LDAP Client, not the server. This time I didn’t use certificates since they might be not need for connecting LDAP without using TLS/SSL.

If you know another way for user authentication I’m all ears. Maybe you can point me to a HOWTO. I will trye to go with The Perfect Server guide although it is not what I’m looking for.

As I stated in my first post I’ve mounted /var directory under a 2 disk RAID1 array.

Thanks a lot for your help,

Pancho

I suggest you get the mail server working with a simpler authentication source, e.g. PAM or SQL, first then work on LDAP.

Consult the Dovecot documents on how to set it up. You can chain postfix to use Dovecot for authentication so you only need to set up one authentication configuration.

Thank you very much for your suggestion Ken_yap. I simply used LDAP because that was the only document that seemed to satisfy my needs and my luck of experience. I now know it wasn’t so.
I’ll try The Perfect Server solution and I’ll get back to you.

Beside authentication were the rest of the parameters ok? unitan.sytes.net as hostname and all that?

Thank you again,

Pancho

Sorry for the double post.

I think its strange there is no simple HOWTO for setting an email server. The Perfect Server guide is for an all-in-one server which I don’t need. I’ve found very little documentation about LDAP for openSUSE and despite your efforts (and mine) I could not get any closer to my goal in a week.

I’m really sorry to say I’m downloading Debian 5 for giving Zimbra a chance since it was not possible to compile Zimbra 6.0.7 under openSUSE 11.3.

I’ve never thought as openSUSE as (just) a final user distro but it might be. SLES might be the right solution but after this week I’m not very confident about that either.

I will still try to get openSUSE running a mail server but only after I find the proper documentation or guidance.

Pancho

I reckon that in order of difficulty of setting up,

web server < mail server < LDAP server

So don’t feel bad about it.

On 2010-08-21 06:36, ken yap wrote:
>
> I reckon that in order of difficulty of setting up,
>
> web server < mail server < LDAP server
>
> So don’t feel bad about it.

I’m with linux for more than ten years and I still do not know how to sucesfully set up LDAP.
Setting a mail server like that is not trivial…

There is a module in YaST for setting it up, some people told me that it is trivial now. However, I
think that LDAP is configured in this way to create system users, while what is needed for a mail
server is virtual users.

On the other hand, ldap is not really suited for a database that is written often, rather read only.
I would thing that mysql is a better choice, specially as it can be used together with amavis-new it
you need heavy customization.

Then, the “admin” has to define his goals. A “mail server” is to fuzzy. There is smtp, to send and
receive mail in the machine, but then you also need to deliver that email to the clients, via pop
and/or imap. The first part is usually done with postfix nowdays, but the second one is not so
clear. If you have an SLES machine (you should if you are serious), then the easiest choice is just
install what YaST wants to setup. If not, there are several imap choices. Then, do you want webmail?

Then, there are the problem solving. Hey, our mails to Mr BigClient bounce, solve it yesterday!
Hey, we are blacklisted by hotmail!

None of the howtos you (Pancho) have read so far will prepare you for that, judging by the litle I
read from them. It means round the clock support, probably, which is why a good provider charges for
a lot. It means expertise and people, if they are good.

It also needs investment. For example, perhaps a fixed IP, separate from the company network and IP,
is a good idea - then if some one starts spammimg with a bot or virus, the mail server is not
contaminated and blacklisted.

In the LDP there are some howtos, or you can install them as RPMs.

Elessar:~ # zypper se howto
Loading repository data…
Reading installed packages…

S | Name | Summary | Type
–±---------±--------------------------------------------------------------------------±-------
| howto | A Collection of How-Tos | package
| howtoenh | A Collection of HOWTOs from the Linux Documentation Project (HTML Format) | package

There, search for the mail admin howto. It is old, but there are ideas there.

–
Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” GM (Elessar))

Carlos, thank you for your comments although they are a bit of an insult to me, my intelligence and the company I work for.

I’m pretty sure I’m a serious person although I don’t have a SLES copy nor license.

It seems LDAP was not the best choice but since it was part of an official SUSE paper I took a chance with it.

We had and we are investing money: we have static ip address, in fact we’ve got 5. We have a brand new server and I have 2 Microsoft Windows 2003 x64 unused original licenses which I could use. I’ve chosen openSUSE just because is the OS I use at home in my desktop PC and in my notebook and at work on both, desktop and notebook too. But never as a server and obviously the reasons I stated in my very first post.

I don’t think the term “mail server” is fuzzy at all but since this is not my mother language it might be and, of course, I could be wrong. But as a matter of fact that’s the way I saw it here in forums.opensuse.org.

OpenSUSE 11.3: How to configure a simple mail server with YAST
Mail Server configuration
Configuring mail server
…and so on.

I will install the howtos and I’ll get back to you when I have news about this topic.

Pancho

@Panchux
I know it’s not for dovecot, but cyrus imap which works well on SLES, but have a look at this:
Implementing Mail Services on SLES

One warning though: If you are using the mail server to pick up mail from your isp’s server for local delivery, make sure you have enabled the user mail accounts first, else it will pick up all the mail but with no mailboxes will delete all the mail.

For setting up ldap and mail, I think you will find SLES a lot easier to set up. You can download an evaluation copy from novell’s main site.
Licensing is also a lot cheaper than M$.

On 2010-08-22 06:06, Panchux wrote:
>
> Carlos, thank you for your comments although they are a bit of an insult
> to me, my intelligence and the company I work for.

I never intended to insult you.

I don’t know your level of expertise, but in fact you said you that you are a rookie, and the
documents you mentioned are “entry level”. If you are indeed a novice, I had to warn you about the
“mess” into which youre getting yourself into. This is more like “kindness” not insulting. You have
to be more tolerant if you ask for advice in a forum or mail list.

> I’m pretty sure I’m a serious person although I don’t have a SLES copy
> nor license.

Notice that installing a company email server with opensuse, that will only be valid for a year and
a half, forcing you to reinstall every year, with possible downtime, is a real pain in the back.
That is what I mean with “not serious”.

SLES is supported for five years, that’s a big difference. You can download evaluation copies for
free - only that you will not have updates till you pay.

It is of course doable with oS. It will be more work, also of course.

> It seems LDAP was not the best choice but since it was part of a SUSE
> official paper I took a chance with it.

My intention was to warn you that ldap is more difficult than it seems. Only people that already
know how to set it up may think it is easy.

–
Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” GM (Elessar))

Thanks! I didn’t know there was a SLES trial. I’m downloading it right now. The document you might be helpful. I hope it will.

I will try this alternative before Debian 5 + Zimbra.

I’ll get back to you,

Pancho

I have what I think are good news. I have installed SLES 11 today and make a simple compfiguration to get the mail server working.

Some certificates were created automaticaly during setup and after a couple of clicks LDAP was up and running without a problem.

I set up SMTP and open ports on firewall. For imap/pop I’m using Cyrus with default configuration.

I’ve created user “pancho” using Yast > Users and then created a mail account pancho@unitan.sytes.net in another computer to access the server.

• The server is found
• The user pancho logs in correctly
• It seems mail client (Seamonkey) can retrieve emails if there were any

• No mails are sent to user pancho. Neither from the server (using mail command) nor from outside (using Seamonkey)

Unknown user: pancho@unitan.sytes.net

RCPT TO generated following response:
550 5.1.1 <pancho@unitan.sytes.net>: Recipient address rejected: User unknown in local recipient table

I gues I will be able to solve this,

Pancho

I’ve finally found a solution to my mail server needs and it works like a charm!

I didn’t have any reply from the people in forums.novell.com. It’s a pity since my very first impression of the OS was not so good and support was not given at all for what I think was a simple bug.

It seems a mail plugin wasn’t loaded by yast (yast-mail-plugin) and I couldn’t setup Postfix for delivering incoming mails to their corresponding user folder without it. I must admit that all the rest worked really well right from the begining. After first boot, with the correct setup during installation, SUSE got LDAP, Cyrus, Postfix and Firewall working together perfectly.

I finally installed Zimbra and in half an hour everything worked. It includes a killer webmail system. I really recommeds it.

What I want to do is see how to set it up under openSUSE just for educational purposes .

Thank you for all your answers, specially to whych since his article was exactly what I was looking for,

Pancho

Yes, sometimes if there is an out of the box solution that fits, it’s much more effective. openSUSE is not specialised towards anything in particular, well perhaps there is emphasis on the desktop, so as a result you have to put the pieces together yourself and there is a steep learning curve. Which is fine if you have the time. If someone has done the hard work of integration for you why not? Obviously Zimbra has a nice niche.

I think if you look at the licencing for the complete collaboration package, you will find novell’s open workgroup suite for small business cheaper and it gives you file, print and other services.
When I tried it, I found the disadvantages outweighed the advantages, so settled on sles.

From what I remember, the link I gave you for setting up cyrus on sles gives you all the details of what to do in the guide (I figured the $5 or so for the complete book was worth it, so I bought it. …But then I use the server for authentication sevices as well as dns, dhcp, email, nfs, etc.)

I hold nothing against postfix, sendmail or exim which are very known alternatives… but look:

Life With qmail-ldap

That’s the best you can get, though it includes some fancy patching and building. This is just my opinion, up to 4 million clients it was battle tested already!

And if you never heard of DJB, then it’s a good time to get to know of the greatest community icons of all time Maybe more known than RMS