OpenSUSE 11.3: How to configure a simple mail server with YAST

Konrad_Korzenowski · August 6, 2010, 7:26pm

Please excuse my ignorance; I’m sure you’ve all seen this question many times before, but after a week of tinkering, I’m no closer to getting my e-mail server to work despite numerous web and forum searches for the answer.

Probably because I don’t know what to put in some of the fields.

So; all I want to do is to run my own e-mail server for my business. The network is set up, the web server is running, but I’m having no end of trouble with YAST and the e-mail server.

I have a single server running open suse 11.3 32 bit. It is attached to a modem/router. I have a static IP address for my registered domain. The server has a static IP address (192.168.1.8 in this case). My server is NOT running either a DHCP server nor a DNS server - there is no need, since there is nothing else on this box. It has only one network connection - eth0.

I’m trying to set up an e-mail server. I have been unable to get an ‘advanced’ implementation to work because all attempts to create a suitable server certificate fail. So for now I’ll stick with a ‘standard’ set up.

I don’t know what I should put in such fields as ‘outgoing mail server’ (I’ve assumed I should use the FQDN of my server);
I’ve no idea what ‘masquerading’ is for or what I should do with it;
I don’t know what I’m supposed to put in the ‘outgoing mail server’ in the ‘authentication’ section;
I don’t know what to put in the ‘downloading’ section;
and I don’t know what ‘accept remote SMTP connections’ does.

I can get the server to start, but any attempt to retrieve e-mail from it ends in an authorisation failure - the syslog shows a sign-on attempt from my ‘real’ IP address and some form of numeric userid which cannot be found.

So, if anyone can tell me what to put in YAST to make it work, I’d be a very happy chap.

Yes, I can telnet to ‘my.server.my.domain’ 25, so something must be right. But my Linux knowledge is not enough to get it working properly.

Thanks for your help,

Paul

stevej · August 7, 2010, 2:06am

I second the motion. I’m with you.

I would really like a walk-through of the process.
I have set up email servers with Groupwise many times, but this feels very different. How do I set up all of the pieces via the OpenSuse Yast way. I’d like to understand it rather than just follow something like the following, which avoids all things OpenSuse.

The Perfect Server - OpenSUSE 11.3 x86_64 [ISPConfig 3] | HowtoForge - Linux Howtos and Tutorials

I thank the author for the above process, but I’d like to be more informed as to what I am doing and why. As slick as ISPConfig sounds, I’m not sure I want to get married to it.

What is the OpenSuse sanctioned way of doing this? Enquiring Minds Want to Know.

I’ve been playing with Yast and have got HTTP, DNS, and Firewall/Masquerade figured out, but the mail module has me stumped too. I also have MYSQL running.

Ultimately, I want:
SMTP in/out
Calendaring (Shared Calendaring?)
IMAP & POP3 Client
Web Based Client
User proxy rights
Global Rules
User Rules
Users defined in LDAP and/or MYSQL
Spam Blocking
Virus Scanning

Thanks in advance to the information gods.
Steve

vodoo · August 9, 2010, 5:09pm

I don’t know what I should put in such fields as ‘outgoing mail server’ (I’ve assumed I should use the FQDN of my server);
I’ve no idea what ‘masquerading’ is for or what I should do with it;
I don’t know what I’m supposed to put in the ‘outgoing mail server’ in the ‘authentication’ section;
I don’t know what to put in the ‘downloading’ section;
and I don’t know what ‘accept remote SMTP connections’ does.

Let’s do this step by step. First you should tell us if you have postfix or sendmail. I usually use the latter, but the principles are the same.

Before you even set up anything, make sure that there is a valid MX record for your domain pointing to your server. Otherwise no one in the wide world of the internet will be able to send you mail.

As you say that you are not running a DNS server someone else must be doing it for you. This person must set an MX record pointing to the outside (world visible) IP number of your server.

When this is done you might want to test it. Do this on the command line:

dig yourdomain.tld MX

Within the message returned you should see something similar to:

;; ANSWER SECTION:
yourdomain.tld.          172800  IN      MX      10 mail.yourdomain.tld.

tld is the top level domain like com, net, org …

In this example the official name of your server is ‘mail’. You may use another name for the box internally, but your DNS provider must set an A record resolving mail.yourdomain.tld and preferrably also a reverse lookup for it.

When this is all in place you can proceed. There is no need for an outgoing mail server. Your server is capable to distribute mail directly. You can specify your provider’s mail server as outgoing server; then all outgoing mail is handed over to this server for further processing. You need no authentication (at least not at the beginning).

There is a lot of guidance available on the internet. Google for postfix|sendmail mail server configuration howto. Both servers come with good manuals.

When stuck come back here and post what exactly you have done so far and what does not work as expected.

Konrad_Korzenowski · August 9, 2010, 9:14pm

Hello Vodoo, and thanks for such a clear and comprehensive answer.

The good news is that steps you have outlined have been done and appear to be correct. I set up the DNS records with the vendor who supplied the domain name. They point to my server, and as far as I can see the request is crossing the internet correctly (with the slight caveat that the Windows box I’m using to test e-mail is connected to the same physical modem/router).

Now we get to the bit that is causing me the most angst. When I try to receive mail from my server, I have to supply a userid and password. But my server rejects them as invalid (something about SASL -13). I have no idea is this is because my mail server setting are incorrect, or perhaps my network settings are not quite right, or if I’ve missed something else - my knowledge of Linux simply isn’t good enough to know.

I have searched for postfix articles on the web, but generally they either refer to entries in the appropriate configuration files, or out of date versions of YAST. I’m trying to keep things as simple as possible (for me) by using YAST without resorting to directly editing configuration files, but I just can’t get it to work.

I appreciate it takes some time and effort to provide such a comprehensive answer, so perhaps providing semi-abstract data may help keep the answer simple. Here goes…

Modem router signs on to ISP to obtain a static IP address;
The route identifies itself as 192.168.1.1, NAT on, DMZ points to 192.168.1.8;
eth0 defined as static IP 192.168.1.8;
Server has host name ‘fred’ and domain name ‘my.domain.co.uk’;
The DNS records maintained by my domain name supplier point to my static IP address, with suitable A and MX records for the web and mail servers.

What I don’t know is what I have to specify in YAST to correctly define my system as a mail server to allow it to receive e-mail.

Also, I’m intrigued by the comment that I don’t need it to act as an out-going server. Does that mean I direct outgoing mail to my ISP’s mail server via my mail client, or do I somehow tell postfix to do that?

And if all of that was a lot to ask, I have not explicitly defined a reverse lookup for the mail server, as I’ve assumed such records are automatically generated by the supplier’s DNS. If anyone thinks I’ve got that wrong, please feel free to correct me.

Once again, thanks to Vodoo for taking the time to help, and to stevej for the support. It is good to know I’m not on my own.

mgnome · August 9, 2010, 11:02pm

Here you have a very nice step-by-step article from Novell Cool Solutions. It refers to Suse Linux 9 but you can perfectly take it to 11.3 with some knowledge of what you are doing.
Cool Solutions: Configuring a Mail Server on SLES

Hope it helps, cheers!

ken_yap · August 10, 2010, 12:09am

In many cases you have no choice but to specify your ISP as your relayhost for postfix as SMTP from consumer broadband addresses are often on blacklists or even blocked by the ISP.

vodoo · August 10, 2010, 12:55pm

The good news is that steps you have outlined have been done and appear to be correct.

Good. I assume that you have used ‘dig’ to verify the DNS settings and that your modem/router forwards port 25 to the DMZ at 192.168.1.8 and that your server firewall has also enabled port 25 on this external interface (eth0). When all of this is in place connections from the outside to port 25 of your server are possible.

Now, when you start postfix and tell it that the domain according to your MX record is a local domain, postfix will accept incoming mail and store it in a file in directory /var/spool/mail/. There is a separate file for each user.

The whole process of address rewriting and masquerading is explained in this postfix document: Postfix Address Rewriting.

When I try to receive mail from my server, I have to supply a userid and password. But my server rejects them as invalid (something about SASL -13).

This is a completely different thing. It has nothing to do with the server accepting incoming mail from the outside. I recommend that you install ‘alpine’ on the server itself and use it to check the contents of the INBOX (this is the file mentioned above, something like /var/spool/mail/<username>.

I understand that you have a windows box in the LAN which should get the mail from the server. The easiest way to do this is to install ‘qpopper’, enable it in Network Services (xinetd) and open port 110 on the LAN side. The local windows box can then fetch mail from the server with the POP3 protocol.

For the configuration of SASL read here: Postfix SASL Howto.

Also, I’m intrigued by the comment that I don’t need it to act as an out-going server. Does that mean I direct outgoing mail to my ISP’s mail server via my mail client, or do I somehow tell postfix to do that?

Your mail clients (within the LAN) should direct outgoing mail to your server. Your server in turn will take care of sending outgoing mail to the recipients. It will do this directly when you do not configure any outgoing.mail.server for postfix. Your mails will appear to originate from your server with its public IP address. However, as ken_yap remarked, some recipient servers will not accept mail originating from certain address blocks and there are even some ISP’s blocking outgoing connections on port 25. If this is the case for you, the only choice is to configure postfix to hand over all outgoing mail to your ISP’s mail server (this is the ‘relayhost’ setting) and let it do the work.

Konrad_Korzenowski · August 11, 2010, 3:30pm

Once again I must express my deepest gratitude to Vodoo for such a clear and comprehensive answer.

It will take me a while to read the two cited documents, but with the answers from Vodoo and their guidance, things are begining to fall into place and I have a better idea of what I’m doing, and what I need to do.

I’ll let you know how I get on, though at the moment I’m complicating matters by simplifying them (!). Which is to say, I’ve replaced the modem/router with a bridging modem (eth0 now has my ‘real’ IP address), and a switch on eth1 to connect the rest of my machines through the web server (just a little bit of tinkering to get my DNS configuration correct and it should all work).

Thanks again for your considerable patience and generosity. It is very much appreciated.

Konrad_Korzenowski · August 13, 2010, 7:41pm

So: progress of sorts.

As far as I can see, everything is working as it should, apart from this problem with authentication. I’ve verified the DNS records with dig, and there is no problem talking to the server. It just isn’t happy about authentication.

I should mention that to confuse matters I’ve rejigged my network. The mail server is now directly connected to my ISP through a simple modem. Everything else is routed through this machine instead of the earlier arrangement where everything was connected to a modem/router.

I’ve set up a standard mail server using the documents suggested by Vodoo (and very good they were too). I’m not having problems talking to the mail server; I just can’t ‘log in’ to it.

The only messages I can see are in syslog, an extract of which follows:

2010-08-13 18:07:22 (none) master[19110] about to exec /usr/lib/cyrus/bin/pop3d

2010-08-13 18:07:22 (none) pop3[19110] executed

2010-08-13 18:07:22 (none) pop3[19110] IOERROR: opening /var/lib/imap/user_deny.db: No such file or directory

2010-08-13 18:07:22 (none) pop3[19110] accepted connection

2010-08-13 18:07:23 (none) pop3[19110] unable to open Berkeley db /etc/sasldb2: No such file or directory

2010-08-13 18:07:23 (none) pop3[19110] badlogin: [192.168.1.201] APOP (<2287633337.1281719242@-MY.SERVER.NAME->) SASL(-13): user not found: could not find password

2010-08-13 18:07:26 (none) master[2962] process 19110 exited, status 0

NB -MY.SERVER.NAME- is just the host name of the server, not the full host and domain name (if that’s relevant at all). I get this message when I try to check for mail in the Windows mail client, where I have specified my.user@mail.my.domain as the userid. Wireshark on Windows shows:

POP S: +OK -MY.SERVER.NAME- Cyrus POP3 v2.3.16 server ready <3082890008.1281717826@-MY.SERVER.NAME->
POP S: -ERR [AUTH] authenticating: authentication failure

What follows is the contents of /etc/postfix/main.cf. I’ve made a few substitutions to make things anonymous and sorted the file to make it easier to read, but otherwise unchanged. Any ideas where I should be looking?

alias_maps = hash:/etc/aliases
biff = no
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
content_filter =
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
defer_transports =
delay_warning_time = 1h
disable_dns_lookups = no
disable_mime_output_conversion = no
html_directory = /usr/share/doc/packages/postfix-doc/html
inet_interfaces = localhost, 192.168.1.1, -MY.ISP.IP.ADDR-
inet_protocols = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 0
mailbox_transport =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains = -MY.DOMAIN.NAME-
masquerade_exceptions = root
message_size_limit = 0
message_strip_characters = \0
mydestination = $myhostname, localhost.$mydomain
mydomain = -MY.DOMAIN.NAME-
myhostname = -MY.SERVER.NAME-.-MY.DOMAIN.NAME-
mynetworks = 192.168.1.1/24, -MY.ISP.IP.ADDR-/32, 127.0.0.0/8
mynetworks_style = subnet
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
program_directory = /usr/lib/postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES
relay_domains = $mydestination, hash:/etc/postfix/relay
relay_domains = $mydestination, hash:/etc/postfix/relay
relayhost = -MY.ISP.MAIL.SERVER-
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix-doc/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_enforce_tls = no
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
smtp_tls_session_cache_timeout = 3600s
smtp_use_tls = no
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = -MY.DOMAIN.NAME-
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_use_tls = no
strict_8bitmime = no
strict_rfc821_envelopes = no
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_domains = hash:/etc/postfix/virtual

vodoo · August 15, 2010, 12:02pm

Sorry, I can’t help with the SASL part; don’t use it here. Reading the log files in your last post it appears to me that some user/password database is missing.

Possibly you can find help in this howto: Cyrus IMAP HOWTO. Be careful: your actual directory tree may be different.

I understand that you are fetching mail exclusively from within the LAN. All requests come from the LAN and go to the INTERNAL NIC of the mail server. In this scenario you don’t really need all the authentication. Probably ‘qpopper’ would do the job with pop3 protocol and simple username/password identification. This is very easy to set up as an xinetd service with yast.

Konrad_Korzenowski · August 15, 2010, 12:13pm

Thank you Vodoo, I’ve been able to make considerable progress with your advice.

I has not attached much significance to the missing database, although it was the cause of the problem. I have one problem left related to a cross-realm issue, but I’ll worry about that later.

Sadly, I long ago gave up using YAST to get my mail server to work and resorted instead to directly editing the main.cf file. Most of what I needed to know came from documents suggested by Vodoo, plus a few google searches.

I’ll consider this question closed, and once again record my thanks to Vodoo for the clear, patient and invaluable advice.