Вы находитесь на странице: 1из 9

Global Open Versity, ICT Labs Install Guide Secure Sendmail with Dovecot & Roundcube Webmail v1.

Global Open Versity


IT Systems Integration Hands-on Linux Labs Training Manual

Install Guide Secure Sendmail with Dovecot and RoundCube Webmail

Kefa Rabah
Global Open Versity, Vancouver Canada
krabah@globalopenversity.org
www.globalopenversity.org

Table of Contents Page No.

INSTALL GUIDE SECURE SENDMAIL WITH DOVECOT AND ROUNDCUBE WEBMAIL 1

1.0 Introduction 1

Part 1: What you need to start CentOS5 Installation 3


Step 1: Install CentOS52 3

Part 2: Install & Configure DNS Server 4

Part 3: Install and Configure Sendmail Server 5


Step 1: Install Roundcube Webmail 5
Step 1: Updating PHP 5
Step 2: Install MySQL Server 6
Step 3: Install Roundcube Webmail 6
Step 5: Create Roundcube Database 1
Step 6: Testing Roundcube Webmail 5

Summary 6

Part 4: Need More Training on Linux: 7


Sendmail Server Administration Training 7

Part 5: Hands-on Lab Assignments 7

Linux Administration Training 7

A GOV Open Access Technical Academic Publications


Enhancing education & empowering people worldwide through eLearning in the 21st Century

1
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT102 – Sendmail Server Administration Training


Global Open Versity, ICT Labs Install Guide Secure Sendmail with Dovecot & Roundcube Webmail v1.0

Global Open Versity


Systems Integration Hands-on Linux Labs Training Manual

Install Guide Secure Sendmail with Dovecot and RoundCube Webmail

By Kefa Rabah, krabah@globalopenversity.org July 2, 2010 GTS Institute

1.0 Introduction
Over the last decade, the popularity of domain hosting has increased exponentially for many companies of
all sizes. All these domains need to be hosted somewhere, but corporate-level hosting of Web sites and
mail domains can be exorbitantly expensive for start-up and small to medium size businesses.

With the growth of the Internet, e-mail has also quickly become the main vehicle to spread information
through corporate users and the public at large. As the demand for fast, cheap and reliable e-mail grows,
more individuals and business large and small are turning to open source Linux to provide a fast, cheap
and reliable solution. And Sendmail is at the forefront of this cool messaging technology and it can be
easily scaled-up. One of the best solutions is using virtual hosting, which allows multiple domains to be
housed on a single server or server cluster. This is a valuable strategy for both a large company with the
hardware and bandwidth to host hundreds of domains and a small business with a mere two domains to
control its hosting solution with ease. In this Hands-on Lab session, we’ll take a look at how to configure
Sendmail to work on a single machine, but can also be scaled up to handle more than one domain. There
will be need to lock it down from security point of view. Also we’ll give our users’ ability to access their
email using RoundCube Webmail client via Dovecot POP/IMAP server.

Sendmail is a general purpose internetwork email routing facility that supports many kinds of mail-transfer
and -delivery methods, including the Simple Mail Transfer Protocol (SMTP) used for email transport over
the Internet. It’s currently the most popular mail transfer agent (MTA) on the Internet. Its popularity is due
in part to its position as the standard MTA under most variants of the Linux/Unix-like operating systems.

Sendmail was originally developed by Eric Allman, in 1979, as "delevermail", which first shipped with
BSD 4.0. This program was not very flexible and required configuration at compile time. With the growth of
TCP protocol and other factors, it became obvious that delevermail was not flexible enough to handle
these new demands. Eric Allman had to recreate Sendmail from scratch, and what he produced has
become the standard for MTAs. Rather than reject messages that did not conform to protocols, sendmail
is designed to be tolerant of these messages. For those individuals who have never configured an e-mail
server, this hands-on manual will demonstrate how to configure sendmail 8.13.8 after a fresh install of
CentOS5.

Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems, written primarily with
security in mind. Apple Inc. includes Dovecot for email services in Mac OS X 10.6 Snow Leopard Server.
Developed by Timo Sirainen, Dovecot was first released in July 2002. Dovecot primarily aims to be a
lightweight, fast and easy to set up open source messaging server. It can work with standard mbox,
Maildir, and its own experimental native high-performance dbox formats. It is fully compatible with UW

1
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT102 – Sendmail Server Administration Training


Global Open Versity, ICT Labs Install Guide Secure Sendmail with Dovecot & Roundcube Webmail v1.0

IMAP and Courier IMAP servers’ implementation of them, as well as mail clients accessing the mailboxes
directly.

Dovecot also includes a Mail delivery agent (called Local delivery agent in Dovecot’s documentation), with
optional Sieve filtering support. It also supports a variety of authentication schemas for IMAP and POP
access including CRAM-MD5 and the more secure DIGEST-MD5. It’s a Mail Delivery Agent is simple and
easy to install. In this HowTo guide and lab session, we’ll explain how to set it up as an IMAP or POP3
server. For alternate IMAP/POP3 servers see Courier or Cyrus.

We also need to lockdown our Sendmail server to secure our Sendmail server against cyber-criminals and
malwares. For this we’ll use Clamd. Clamd which comes integrated with ClamAV and Clamav-db fits the
bill for our task. It’s a multi-threaded daemon that uses libclamav to scan files for viruses. The daemon
listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand for
viruses. The daemon is fully configurable via the clamd.conf file. It reads the configuration from
/etc/clamd.conf.

Clam AntiVirus (ClamAV) is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-
mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-
threaded daemon, a command line scanner and advanced tool for automatic database updates. The core
of the package is an anti-virus engine available in a form of shared library.

MailScanner is an open source free anti-virus and anti-spam filter protecting over 5 billion e-mails every
week, for many millions of users. MailScanner is an email virus scanner, vulnerability protector, and spam
tagger. It supports the Postfix, Sendmail, Exim, Qmail, and ZMailer MTAs, and the Sophos, McAfee, F-
Prot, F-Secure, CommandAV, InoculateIT, Inoculan, eTrust, Kaspersky, Nod32, AntiVir, BitDefender,
RAV, Panda, DrWeb, ClamAV, and other anti-virus scanners.

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It
provides full functionality you expect from an e-mail client, including MIME support, address book, folder
manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires
a MySQL or Postgres database. The user interface is fully skinnable using XHTML and CSS 2.

Solution
In this Hands-on Lab session, you’ll learn how to setup virtual network on VMware (you may also use any
other virtual machines like MS VirtualPC, Linux Xen, or VirtualBox from Sun). In this lab session, we’ll
concentrate on installing Sendmail server with Dovecot server and Roundcube webmail client on a clean
install Linux CentOS5 Server. You will learn how to install and configure Webmin to help with configuring
DNS server. I’ll also show you how to set static IP address which is required for successful deploying a
DNS and messaging servers. Finally, we’ll go through a step-by-step process to install Sendmail
messaging server, Dovecot POP/IMAP server and Roundcube Webmail client. You’ll also have an
opportunity to do some hands-on lab assignments at the end of the lab session. Upon completion of the
hands-on labs you’ll have gained a competency level and a capability to be able to plan design implement
and deploy an enterprise grade messaging solution using Sendmail.

2
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT102 – Sendmail Server Administration Training


Global Open Versity, ICT Labs Install Guide Secure Sendmail with Dovecot & Roundcube Webmail v1.0

Assumptions
It’s assumed that you have a good understanding of Linux operating system and its working environment.
It’s also assumed that you know how to install and configure Linux CentOS5, if not go ahead and pop over
to scribd.com and check out a good HowTo entitled “Install Configure and Upgrade Linux CentOS5 Server
v1.1” to get you started.

Other related articles that you may need for this Hands-on Lab session:

1. Using Webmin and Bind9 to Setup DNS Server on Linux


2. Step-by-Step Install Guide for Evolution Mail Client with Addressbook using LDAP on Linux v1.2
3. OpenLDAP for Enterprise Identity Management & SSO v1.0
4. Install Guide IPCop Firewall for Network Security with Spam and Virus Protection

Part 1: What you need to start CentOS5 Installation


1. Download the latest CentOS5 ISOs for DVD or CDs from: http://centos.org
2. A test x86 desktop computer, keyboard, monitor, mouse, and firewalled internet connection.
3. One hour of quite time and a good supply of coffee or tea – but definitely none alcoholic drink
(seriously!)

Step 1: Install CentOS52


1. Install Centos52 from DVD or CDROM configure the entire disk
2. Configure your Fully Qualified Hostname, IP address and Gateway, DNS details
3. Setup your root password
4. Setup the software. Select Server only and Customize Now
• Select only the following components:
Editors
Text base Internet
Development Libraries
Development Tools
Administration Tools
Base
System Tools

5. The system will now install and will required CDs 1-6.
6. Once the system reboots disable firewall and SElinux.
7. Make sure your /etc/hosts file has the line:
IP address and FQDN hostname (i.e. 192.168.83.21 linuxc.monstserv.com linuxc).
8. Reboot the system (for changes to take effect).
9. Then run yum update to my sure your system is fully up to date.
10. Reboot the system.
11. OS server installation complete and ready for DNS, Sendmail and Dovecot servers’ installation.

3
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT102 – Sendmail Server Administration Training


Global Open Versity, ICT Labs Install Guide Secure Sendmail with Dovecot & Roundcube Webmail v1.0

Part 2: Install & Configure DNS Server


1. For your new e-mail server to work, you must first get all the DNS issues straight as we have done in
Part 2. First, add the hostname and IP address for the new e-mail server to your DNS server and
confirm the address with nslookup and dig command as we’ll see later:

2. Webmin is the most powerful administration tool in its nature. We will use it to set up our DNS, but I
will not go over it in detail because we already know how to use other administrative tools. It is not
difficult to use because it is web based, in any event, you should know that you can use it remotely to
administrate the system. Checkout a great HowTo by the same author on Docstoc.com for the
detailed lab manual “Using Webmin and Bind9 to Setup DNS Server on Linux. In this Hands-on
manual you will learn how to use Webmin to setup DNS Server and mail, www and ftp aliases on the
Linux CentOS5 server.
3. While here also note our hostname: linuxc.monstserv.com
4. Other servers are:

mail.monstserv.com
www.monstserv.com
ftp.monstserv.com

5. Check out /etc/hosts to ensure that you have a correct setup, in our case, it’s as follows:

# Do not remove the following line, or various programs


# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.83.21 linuxc.monstserv.com linuxc mail www ftp
::1 localhost6.localdomain6 localhost6

6. To ensure that your DNS server is installed and configured correctly, perform the following test via
dig and nslookup command:

[root@linuxc ~]# dig linuxc.monstserv.com

; <<>> DiG 9.3.4-P1 <<>> linuxc.monstserv.com


;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1096
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;linuxc.monstserv.com. IN A

;; ANSWER SECTION:
linuxc.monstserv.com. 38400 IN A 192.168.83.21

;; AUTHORITY SECTION:
monstserv.com. 38400 IN NS linuxc.monstserv.com.

;; Query time: 4 msec


;; SERVER: 192.168.83.21#53(192.168.83.21)
;; WHEN: Sun Oct 25 13:16:03 2009
;; MSG SIZE rcvd: 68

4
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT102 – Sendmail Server Administration Training


Global Open Versity, ICT Labs Install Guide Secure Sendmail with Dovecot & Roundcube Webmail v1.0

[root@linuxc ~]# nslookup linuxc.monstserv.com


Server: 192.168.83.21
Address: 192.168.83.21#53

Name: linuxc.monstserv.com
Address: 192.168.83.21

7. We’re good and ready to move on Part 3, Install and configure Sendmail server

Part 3: Install and Configure Sendmail Server


In this section, we present the steps necessary to successfully install and configure Sendmail 8.13 on
Linux CentOS5 with Dovecot IMAP/POP server, and other security measures. The steps in this lab
manual have been used to install Sendmail on several servers and all work perfectly.

Assumptions
It’s assumed that you have a good understanding of Linux operating system and its working environment.
It’s also assumed that you know how to install and configure Sendmail on Linux CentOS5, if not go ahead
and pop over to lulu.com and check out a good Hands-on manual by the same author entitled “Deploy
Secure Messaging Solution using Sendmail & Dovecot Servers with ClamAV on Linux” to get you started.

1. Make required services permanent (after a reboot they start automatically)

# chkconfig sendmail on
# chkconfig dovecot on
# chkconfig saslauthd on

2. As of now the sendmail server is ready. The server can be accessed by outlook or any mail client.

3. You’re done with this section.

Step 1: Install Roundcube Webmail


It will be very nice if you are having an IMAP webmail client already installed, in our case Dovecot
POP/IMAP server. The previous version of Roundcube was having some security holes. But the current
stable version seems to be secured.

1. Round cube requires MySQL support and PHP greater than 5.2.0.

2. Therefore if your current version of PHP is 5.1.6, then you need to update PHP version.

Step 1: Updating PHP


1. To the check the current version of your PHP, issue the following command:

[root@linuxc ~]# php -v

5
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT102 – Sendmail Server Administration Training


Global Open Versity, ICT Labs Install Guide Secure Sendmail with Dovecot & Roundcube Webmail v1.0

PHP 5.1.6 (cli) (built: Mar 14 2007 18:56:07)


Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies

2. To update your PHP package, perform the following procedure

# cd /etc/yum.repos.d

# wget dev.centos.org/centos/5/CentOS-Testing.repo

# yum --disablerepo=* --enablerepo=c5-testing update php php-xml php-mysql

3. Now again recheck your PHP version:

[root@linuxc ~]# php -v


PHP 5.2.10 (cli) (built: Nov 13 2009 11:24:03)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies

4. You’re done with section

Step 2: Install MySQL Server


1. Install Mysql And set root password

yum install mysql mysql-server

2. For security reason we now need to set MySQL root password:

/usr/bin/mysqladmin -u root password 'newrootpassword'

Step 3: Install Roundcube Webmail


1. We need to download Roundcube Stable version and extract it. To do this, perform the following
procedure:

[root@linuxc ~]# cd /tmp/

# wget
nchc.dl.sourceforge.net/project/roundcubemail/roundcubemail/0.3.1/roundcube
mail-0.3.1.tar.gz

# tar -zxvf roundcubemail-0.3.1.tar.gz

6
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT102 – Sendmail Server Administration Training


Global Open Versity, ICT Labs Install Guide Secure Sendmail with Dovecot & Roundcube Webmail v1.0

2. After extracting, rename "roundcubemail-0.3.1" to "roundcubemail" and then move it to


"/usr/share/" directory, as follows:

# mv roundcube /usr/share/

3. Using your favorite Text editor, create a "roundcube.conf" file, as follows:


[root@linuxc ~]# vi /etc/httpd/conf/roundcube.conf

4. Next, inside this file add the following text, as follows,

<IfModule mod_alias.c>
Alias /rcm /usr/share/roundcube
</IfModule>
<Directory /usr/share/roundcube>
Options None
Order allow,deny
allow from all
</Directory>

5. Now, we need to edit, "httpd.conf" file, as follows:

[root@linuxc ~]# vi /etc/httpd/conf/httpd.conf

and then add the following line:

Include /etc/httpd/conf/roundcube.conf

6. To access the full hands-on training register for the Sendmail Server Admin Training (EBT102).

Sendmail Server Administration Training


You can now register and take our superb Sendmail Server Administration Training course:

• EBT102 – Sendmail Server Administration Training

to access the full document module:

• Module 07 - Install Guide Secure Sendmail with Dovecot & Roundcube Webmail v1.0

Contact us today: Email: info@globalopenversity.org. URL: www.globalopenversity.org

-----------------------------------------------
Kefa Rabah is the Founder and CIO, of Serengeti Systems Group Inc. Kefa is knowledgeable in
several fields of Science & Technology, IT Security Compliance and Project Management, and
Renewable Energy Systems. He is also the founder of Global Open Versity, a place to enhance
your educating and career goals using the latest innovations and technologies.

7
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT102 – Sendmail Server Administration Training

Оценить