Fwd: [docteam-commits] [Branch ~ubuntu-core-doc/ubuntu-doc/ubuntu-hardy]
Matthew East
mdke at ubuntu.com
Sat Nov 10 23:23:44 UTC 2007
I don't understand this revision: it adds a new directory and an
orphaned chapter in generic/server/c/mail.xml which isn't part of a
full document.
Perhaps there was meant to be an amendment to
generic/server/C/mail.xml, which already exists?
It's very important to check patches before applying them... and to
validate documents when editing them.
---------- Forwarded message ----------
From: noreply at launchpad.net <noreply at launchpad.net>
Date: 10 Nov 2007 12:07
Subject: [docteam-commits] [Branch ~ubuntu-core-doc/ubuntu-doc/ubuntu-hardy]
To: ubuntu-doc-commits at lists.ubuntu.com
------------------------------------------------------------
revno: 3626
committer: Jonathan Jesse <jjesse at iserv.net>
branch nick: ubuntu-hardy
timestamp: Sat 2007-11-10 07:04:04 -0500
message:
adding adam's patch
added:
generic/server/c/
generic/server/c/mail.xml
=== added directory 'generic/server/c'
=== added file 'generic/server/c/mail.xml'
--- a/generic/server/c/mail.xml 1970-01-01 00:00:00 +0000
+++ b/generic/server/c/mail.xml 2007-11-10 12:04:04 +0000
@@ -0,0 +1,1107 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
+<!ENTITY % globalent SYSTEM "../../../libs/global.ent">
+%globalent;
+<!ENTITY % genericent SYSTEM "../../libs/generic.ent">
+%genericent;
+<!ENTITY % cdo-C SYSTEM "../../../libs/cdo-C.ent">
+%cdo-C;
+<!ENTITY % gnome-menus-C SYSTEM "../../../ubuntu/libs/gnome-menus-C.ent">
+%gnome-menus-C;
+<!ENTITY % xinclude SYSTEM "../../../libs/xinclude.mod">
+%xinclude;
+<!ENTITY language "&EnglishAmerican;">
+]>
+ <chapter id="email-services" status="complete">
+ <title>Email Services</title>
+ <para>
+ The process of getting an email from one person to
another over a network or
+ the Internet involves many systems working
together. Each of these systems
+ must be correctly configured for the process
to work. The sender uses a <emphasis>Mail
+ User Agent</emphasis> (MUA), or email client,
to send the message through one or more
+ <emphasis>Mail Transfer Agents</emphasis>
(MTA), the last of which will hand it off to a
<emphasis>Mail Delivery Agent</emphasis> (MDA) for delivery to
the
+ recipient's mailbox, from which it
+ will be retrieved by the recipient's email
client, usually via a POP3 or IMAP server.
+ </para>
+ <sect1 id="postfix" status="complete">
+ <title>Postfix</title>
+ <para>
+ <application>Postfix</application> is the default Mail
Transfer Agent (MTA) in Ubuntu. It
+ attempts to be fast and easy to administer and secure. It is
+ compatible with the MTA
<application>sendmail</application>. This section explains how
+ to install and configure
<application>postfix</application>. It also explains how to
+ set it up as an SMTP server using a secure connection
(for sending emails securely).
+ </para>
+ <sect2 id="postfix-installation" status="complete">
+ <title>Installation</title>
+ <para>
+ To install <application>postfix</application> run the
following command:
+ </para>
+<screen>
+<command>sudo apt-get install postfix</command>
+</screen>
+ <para>
+ Simply press return when the installation process asks
questions, the configuration will be done in greater detail in the
next stage.
+ </para>
+ </sect2>
+ <sect2 id="postfix-configuration" status="complete">
+ <title>Basic Configuration</title>
+ <para>
+ To configure <application>postfix</application>, run the
following command:
+ </para>
+<screen>
+<command>sudo dpkg-reconfigure postfix</command>
+</screen>
+ <para>
+ The user interface will be displayed. On each screen,
select the following
+ values:
+ <itemizedlist spacing="compact">
+ <listitem><para>Ok</para></listitem>
+ <listitem><para>Internet Site</para></listitem>
+ <listitem><para>NONE</para></listitem>
+ <listitem><para>mail.example.com</para></listitem>
+ <listitem><para>mail.example.com, localhost.localdomain,
localhost</para></listitem>
+ <listitem><para>No</para></listitem>
+ <listitem><para>127.0.0.0/8</para></listitem>
+ <listitem><para>Yes</para></listitem>
+ <listitem><para>0</para></listitem>
+ <listitem><para>+</para></listitem>
+ <listitem><para>all</para></listitem>
+ </itemizedlist>
+ </para>
+ <note>
+ <para>
+ Replace mail.example.com with your mail server hostname.
+ </para>
+ </note>
+ <para>
+ Now is a good time to decide which mailbox format you
want to use. By default
+ Postifx will use <emphasis role="strong">mbox</emphasis>
for the mailbox format.
+ Rather than editing the configuration file directly,
+ you can use the <command>postconf</command> command to configure
+ all <application>postfix</application> parameters. The
+ configuration parameters will be stored in
+ <filename>/etc/postfix/main.cf</filename> file. Later if you
+ wish to re-configure a particular parameter, you can either
+ run the command or change it manually in the file.
+ </para>
+ <para>
+ To configure the mailbox format for <emphasis
role="strong">Maildir:</emphasis>
+ </para>
+<screen>
+<command>sudo postconf -e 'home_mailbox = Maildir/'</command>
+</screen>
+ <note>
+ <para>
+ This will place new mail in /home/<emphasis
role="italic">username</emphasis>/Maildir so
+ you will need to configure your Mail Delivery Agent (MDA)
to use the same path.
+ </para>
+ </note>
+ </sect2>
+ <sect2 id="postfix-smtp-authentication" status="complete">
+ <title>SMTP Authentication</title>
+ <para>
+ SMTP-AUTH allows a client to identify itself through an
authentication mechanism (SASL).
+ Transport Layer Security (TLS) should be used to encrypt
the authentication process.
+ Once authenticated the SMTP server will allow the client
to relay mail.
+ </para>
+ <procedure>
+ <step>
+ <para>
+ Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):
+ </para>
+<screen>
+sudo postconf -e 'smtpd_sasl_type = dovecot'
+sudo postconf -e 'smtpd_sasl_path = private/auth-client'
+sudo postconf -e 'smtpd_sasl_local_domain ='
+sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
+sudo postconf -e 'broken_sasl_auth_clients = yes'
+sudo postconf -e 'smtpd_sasl_auth_enable = yes'
+sudo postconf -e 'smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
+sudo postconf -e 'inet_interfaces = all'
+</screen>
+ <note>
+ <para>
+ The <emphasis>smtpd_sasl_path</emphasis> configuration
is a path relative to the Postfix queue directory.
+ </para>
+ </note>
+ </step>
+ <step>
+ <para>
+ Next, configure the digital certificate for TLS. When
asked questions, follow
+ the instructions and answer appropriately:
+ </para>
+<screen>
+openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
+chmod 600 smtpd.key
+openssl req -new -key smtpd.key -out smtpd.csr
+openssl x509 -req -days 365 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
+openssl rsa -in smtpd.key -out smtpd.key.unencrypted
+mv -f smtpd.key.unencrypted smtpd.key
+openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out
cacert.pem -days 3650
+sudo mv smtpd.key /etc/ssl/private/
+sudo mv smtpd.crt /etc/ssl/certs/
+sudo mv cakey.pem /etc/ssl/private/
+sudo mv cacert.pem /etc/ssl/certs/
+</screen>
+ <note>
+ <para>
+ You can get the digital certificate from a
certificate authority. Alternatively, you
+ can create the certificate yourself. Refer to
+ <ulink
url="./web-servers.xml#creating-a-self-signed-certificate">Creating
+ a self Signed Certification</ulink> sub-section for more
+ details.
+ </para>
+ </note>
+ </step>
+ <step>
+ <para>
+ Configure Postfix to provide TLS encryption for both
incoming and outgoing mail:
+ </para>
+<screen>
+sudo postconf -e 'smtpd_tls_auth_only = no'
+sudo postconf -e 'smtp_use_tls = yes'
+sudo postconf -e 'smtpd_use_tls = yes'
+sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
+sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/smtpd.key'
+sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt'
+sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
+sudo postconf -e 'smtpd_tls_loglevel = 1'
+sudo postconf -e 'smtpd_tls_received_header = yes'
+sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
+sudo postconf -e 'tls_random_source = dev:/dev/urandom'
+sudo postconf -e 'myhostname = mail.example.com'
+</screen>
+ </step>
+ </procedure>
+ <note>
+ <para>
+ After running all the commands,
<application>Postfix</application> is configured for SMTP-AUTH
+ and a self-signed cerficiate has been created for TLS encryption.
+ </para>
+ </note>
+ <para>
+ Now, the file <filename>/etc/postfix/main.cf</filename>
+ should look like <ulink
url="../sample/postfix_configuration">this</ulink>.
+ </para>
+ <para>
+ The postfix initial configuration is complete. Run
+ the following command to start the postfix daemon:
+ </para>
+<screen>
+<command>sudo /etc/init.d/postfix start</command>
+</screen>
+ <para>
+ <application>Postfix</application> supports SMTP-AUTH as defined in
+ <ulink
+ url="ftp://ftp.isi.edu/in-notes/rfc2554.txt">RFC2554</ulink>.
+ It is based on <ulink
+ url="ftp://ftp.isi.edu/in-notes/rfc2222.txt">SASL</ulink>.
However it is still necessary
+ to set up SASL authentication before you can use SMTP-AUTH.
+ </para>
+ </sect2>
+ <sect2 id="sasl">
+ <title>Configuring SASL</title>
+ <para>
+ Postfix supports two SASL implementations Cyrus SASL and
Dovecot SASL. To enable Dovecot SASL
+ the <application>dovecot-common</application> package will
need to be installed. From a terminal prompt
+ enter the following:
+ </para>
+<screen>
+<command>sudo apt-get install dovecot-common</command>
+</screen>
+ <para>
+ Next you will need to edit
<filename>/etc/dovecot/dovecot.conf</filename>. In the <emphasis>auth
default</emphasis>
+ section uncomment the <emphasis>socket listen</emphasis>
option and change the following:
+ </para>
+<programlisting>
+ socket listen {
+ #master {
+ # Master socket provides access to userdb information. It's typically
+ # used to give Dovecot's local delivery agent access to userdb so it
+ # can find mailbox locations.
+ #path = /var/run/dovecot/auth-master
+ #mode = 0600
+ # Default user/group is the one who started dovecot-auth (root)
+ #user =
+ #group =
+ #}
+ client {
+ # The client socket is generally safe to export to everyone. Typical use
+ # is to export it to your SMTP server so it can do SMTP AUTH lookups
+ # using it.
+ path = /var/spool/postfix/private/auth-client
+ mode = 0660
+ user = postfix
+ group = postfix
+ }
+ }
+</programlisting>
+ <para>
+ Once you have <application>Dovecot</application>
configured start it with:
+ </para>
+<screen>
+<command>sudo /etc/init.d/dovecot start</command>
+</screen>
+ </sect2>
+ <sect2 id="postfix-testing" status="complete">
+ <title>Testing</title>
+ <para>
+ SMTP-AUTH configuration is complete. Now it is time to
test the setup.
+ </para>
+ <para>
+ To see if SMTP-AUTH and TLS work properly, run the following
+ command:
+ </para>
+<screen>
+<command>telnet mail.example.com 25</command>
+</screen>
+ <para>
+ After you have established the connection to the postfix mail
+ server, type:
+ </para>
+<screen>
+ehlo mail.example.com
+</screen>
+ <para>
+ If you see the following lines among others, then everything
+ is working perfectly. Type <command>quit</command> to exit.
+ </para>
+<programlisting>
+250-STARTTLS
+250-AUTH LOGIN PLAIN
+250-AUTH=LOGIN PLAIN
+250 8BITMIME
+</programlisting>
+ </sect2>
+
+ <sect2 id="postfix-troubleshooting">
+ <title>Troubleshooting</title>
+ <para>
+ This section introduces some common ways to determine the
cause if problems arise.
+ </para>
+ <sect3 id="postfix-chroot">
+ <title>Escaping chroot</title>
+ <para>
+ The Ubuntu <application>postfix</application> package will
by default install into a <emphasis>chroot</emphasis>
+ environment for security reasons. This can add greater
complexity when troubleshooting problems.
+ </para>
+ <para>
+ To turn off the chroot operation locate for the following line in the
+ <filename>/etc/postfix/master.cf</filename> configuration file:
+ </para>
+<screen>
+smtp inet n - - - - smtpd
+</screen>
+ <para>
+ and modify it as follows:
+ </para>
+<screen>
+smtp inet n - n - - smtpd
+</screen>
+ <para>
+ You will then need to restart Postfix to use the new
configuration. From a terminal prompt enter:
+ </para>
+<screen>
+<command>sudo /etc/init.d/postfix restart</command>
+</screen>
+ </sect3>
+ <sect3 id="postfix-logs">
+ <title>Log Files</title>
+ <para>
+ <application>Postfix</application> sends all log messages to
<filename>/var/log/mail.log</filename>.
+ However error and warning messages can sometimes get lost in
the normal log output so they are also logged to
+ <filename>/var/log/mail.err</filename> and
<filename>/var/log/mail.warn</filename> respectivley.
+ </para>
+ <para>
+ To see messages entered into the logs in real time you can
use the <application>tail -f</application>
+ command:
+ </para>
+<screen>
+<command>tail -f /var/log/mail.err</command>
+</screen>
+ <para>
+ The amount of detail that is recorded in the logs can be
increased. Below are some configuration options for increasing the
log level
+ for some of the areas covered above.
+ </para>
+ <itemizedlist spacing="compact">
+ <listitem>
+ <para>
+ To increase <emphasis>TLS</emphasis> activity logging set
the <emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1
to 4.
+ </para>
+<screen>
+<command>sudo postconf -e 'smtpd_tls_loglevel = 4'</command>
+</screen>
+ </listitem>
+ <listitem>
+ <para>
+ If you are having trouble sending or receiving mail from a
specific domain you can add the domain to the
<emphasis>debug_peer_list</emphasis>
+ parameter.
+ </para>
+<screen>
+<command>sudo postconf -e 'debug_peer_list = problem.domain'</command>
+</screen>
+ </listitem>
+ <listitem>
+ <para>
+ You can increase the verbosity of any
<application>Postfix</application> daemon process by editing the
<filename>/etc/postfix/master.cf</filename>
+ and adding a <emphasis>-v</emphasis> after the entry. For
example edit the <emphasis>smtp</emphasis> entry:
+ </para>
+<programlisting>
+smtp unix - - - - - smtp -v
+</programlisting>
+ </listitem>
+ </itemizedlist>
+ <note>
+ <para>
+ It is important to note that after making one of the logging
changes above the <application>Postfix</application> process will need
to be reloaded
+ in order to recognize the new configuration: <command>sudo
/etc/init.d/postfix reload</command>
+ </para>
+ </note>
+ <itemizedlist spacing="compact">
+ <listitem>
+ <para>
+ To increase the amount of information logged when
troubleshooting <emphasis>SASL</emphasis> issues you can set the
following options in
+ <filename>/etc/dovecot/dovecot.conf</filename>
+ </para>
+<programlisting>
+auth_debug=yes
+auth_debug_passwords=yes
+</programlisting>
+ </listitem>
+ </itemizedlist>
+ <note>
+ <para>
+ Just like <application>Postfix</application> if you change a
<application>Dovecot</application> configuration the process will need
to be
+ reloaded: <command>sudo /etc/init.d/dovecot reload</command>.
+ </para>
+ </note>
+ <note>
+ <para>
+ Some of the options above can drastically increase the
amount of information sent to the log files. Remember to return the
log level
+ back to normal after you have corrected the problem. Then
reload the appropriate daemon for the new configuration to take
affect.
+ </para>
+ </note>
+ </sect3>
+ <sect3 id="postfix-help">
+ <title>Where to get Help</title>
+ <para>
+ Administering a <application>Postfix</application> server
can be a very complicated task. At some point you may
+ need to turn to the Ubuntu community for more experienced help.
+ </para>
+ <para>
+ A great place to ask for <application>Postfix</application>
assistance, and get involved with the Ubuntu Server community,
+ is the <emphasis>#ubuntu-server</emphasis> IRC channel on
<ulink url="http://freenode.net">freenode</ulink>. You
+ can also post a message to one of the <ulink
url="http://www.ubuntu.com/support/community/webforums">Web
Forums</ulink>.
+ </para>
+ <para>
+ For in depth <application>Postfix</application> information
Ubuntu developers highly recommend:
+ <ulink url="http://www.postfix-book.com/">The Book of Postfix</ulink>.
+ </para>
+ <para>
+ Finally, the <ulink
url="http://www.postfix.org/documentation.html">Postfix</ulink>
website also has great documentaion on all
+ the different configuration options available.
+ </para>
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="exim4" status="complete">
+ <title>Exim4</title>
+ <para>
+ <application>Exim4</application> is another Message Transfer
+ Agent (MTA) developed at the University of Cambridge for use
+ on Unix systems connected to the internet. Exim can be
+ installed in place of <application>sendmail</application>,
+ although the configuration of
+ <application>exim</application> is quite different to
+ that of <application>sendmail</application>.
+ </para>
+ <sect2 id="exim4-installation" status="complete">
+ <title>Installation</title>
+ <para>
+ To install <application>exim4</application>, run the
following command:
+<screen>
+<command>sudo apt-get install exim4</command>
+</screen>
+ </para>
+ </sect2>
+ <sect2 id="exim4-configuration" status="complete">
+ <title>Configuration</title>
+ <para>
+ To configure <application>exim4</application>, run the
following command:
+ </para>
+<screen>
+<command>sudo dpkg-reconfigure exim4-config</command>
+</screen>
+ <para>
+ The user interface will be displayed. The user interface
+ lets you configure many parameters. For example, In
+ <application>exim4</application> the configuration files are
+ split among multiple files. If you wish to have them in one
+ file you can configure accordingly in this user interface.
+ </para>
+
+ <para>
+ All the parameters you configure in the user interface are
+ stored in
+ <filename>/etc/exim4/update-exim4.conf.conf</filename> file.
+ If you wish to re-configure, either you re-run the
+ configuration wizard or manually edit this file
+ using your favourite editor. Once you configure, you can run
+ the following command to generate the master configuration
+ file:
+ </para>
+<screen>
+<command>sudo update-exim4.conf</command>
+</screen>
+ <para>
+ The master configuration file, is generated and
+ it is stored in
+ <filename>/var/lib/exim4/config.autogenerated</filename>.
+ </para>
+ <warning>
+ <para>
+ At any time, you should not edit the master configuration
+ file,
+ <filename>/var/lib/exim4/config.autogenerated</filename>
+ manually. It is updated automatically every time you run
+ <command>update-exim4.conf</command>
+ </para>
+ </warning>
+ <para>
+ You can run the following command to start
+ <application>exim4</application> daemon.
+ </para>
+<screen>
+<command>sudo /etc/init.d/exim4 start</command>
+</screen>
+ </sect2>
+ <sect2>
+ <title>SMTP Authentication</title>
+ <para>
+ In this section we'll configure Exim4 to use SMTP-AUTH using
TLS and SASL.
+ </para>
+ <para>
+ The first step is to create a certificate for use with TLS.
Enter the following into a terminal prompt:
+ </para>
+<screen>
+<command>sudo /usr/share/doc/exim4-base/examples/exim-gencert</command>
+</screen>
+ <para>
+ Now Exim4 needs to be configured for TLS by editing
<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename>
+ add the following:
+ </para>
+<programlisting>
+MAIN_TLS_ENABLE = yes
+</programlisting>
+ <para>
+ Next you need to configure <application>Exim4</application>
to use the <application>saslauthd</application>
+ for authentication. Edit
<filename>/etc/exim4/conf.d/auth/30_exim4-config_examples</filename>
and uncomment
+ the <emphasis>plain_saslauthd_server</emphasis> and
<emphasis>login_saslauthd_server</emphasis> sections:
+ </para>
+<programlisting>
+ plain_saslauthd_server:
+ driver = plaintext
+ public_name = PLAIN
+ server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
+ server_set_id = $auth2
+ server_prompts = :
+ .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
+ server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
+ .endif
+#
+ login_saslauthd_server:
+ driver = plaintext
+ public_name = LOGIN
+ server_prompts = "Username:: : Password::"
+ # don't send system passwords over unencrypted connections
+ server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}
+ server_set_id = $auth1
+ .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
+ server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
+ .endif
+</programlisting>
+ <para>
+ Finally, update the Exim4 configuration and restart the service:
+ </para>
+<screen>
+<command>sudo update-exim4.conf</command>
+<command>sudo /etc/init.d/exim4 restart</command>
+</screen>
+ </sect2>
+ <sect2>
+ <title>Configuring SASL</title>
+ <para>
+ This section provides details on configuring the saslauthd
to provide authentication for <application>Exim4</application>.
+ </para>
+ <para>
+ The first step is to install the sasl2-bin package. From a
terminal prompt enter the following:
+ </para>
+<screen>
+<command>sudo apt-get install sasl2-bin</command>
+</screen>
+ <para>
+ To configure saslauthd edit the /etc/default/saslauthd
configuration file and set START=no to:
+ </para>
+<programlisting>
+START=yes
+</programlisting>
+ <para>
+ Next the <emphasis>Debian-exim</emphasis> user needs to be
part of the <emphasis>sasl</emphasis> group in
+ order for Exim4 to use the saslauthd service:
+ </para>
+<screen>
+<command>sudo adduser Debian-exim sasl</command>
+</screen>
+ <para>
+ Now start the <application>saslauthd</application> service:
+ </para>
+<screen>
+<command>sudo /etc/init.d/saslauthd start</command>
+</screen>
+ <para>
+ <application>Exim4</application> is now configured with
SMTP-AUTH using TLS and SASL authentication.
+ </para>
+ </sect2>
+ </sect1>
+ <sect1 id="dovecot-server" status="complete">
+ <title>Dovecot Server</title>
+ <para>
+ <application>Dovecot</application> is a Mail Delivery
Agent, written with security
+ primarily in mind. It supports the major mailbox formats: mbox
+ or Maildir. This section explain how to set it up as an imap or
+ pop3 server.
+ </para>
+ <sect2 id="dovecot-installation" status="complete">
+ <title>Installation</title>
+ <para>
+ To install <application>dovecot</application>, run the
following command in the
+ command prompt:
+ </para>
+<screen>
+<command>sudo apt-get install dovecot-common dovecot-imapd
dovecot-pop3d</command>
+</screen>
+ </sect2>
+ <sect2 id="dovecot-configuration" status="complete">
+ <title>Configuration</title>
+ <para>
+ To configure <application>dovecot</application>, you can
edit the file
+ <filename>/etc/dovecot/dovecot.conf</filename>. You can
+ choose the protocol you use. It could be pop3, pop3s (pop3
+ secure), imap and imaps (imap secure). A description of
these protocols is beyond the scope of this guide. For further
information, refer to the wikipedia articles on <ulink
+ url="http://en.wikipedia.org/wiki/POP3">POP3</ulink> and
+ <ulink
+ url="http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol">IMAP</ulink>.
+ </para>
+
+ <para>
+ IMAPS and POP3S are more secure that the simple IMAP and
+ POP3 because they use SSL encryption to connect. Once you
+ have chosen the protocol, amend the following line in the file
+ <filename>/etc/dovecot/dovecot.conf</filename>:
+ </para>
+<programlisting>
+protocols = pop3 pop3s imap imaps
+</programlisting>
+ <para>
+ It enables the protocols when
<application>dovecot</application> is started. Next, add the following
line in the pop3 section of the file
<filename>/etc/dovecot/dovecot.conf</filename>:
+ </para>
+<programlisting>
+pop3_uidl_format = %08Xu%08Xv
+</programlisting>
+ <para>
+ Next, choose the mailbox you use.
<application>Dovecot</application> supports
+ <emphasis role="strong">maildir</emphasis> and <emphasis
+ role="strong">mbox</emphasis> formats. These are the most
+ commonly used mailbox formats. They both have their own
+ benefits and they are discussed on <ulink
+ url="http://wiki.dovecot.org/MailboxFormat">the dovecot
website</ulink>.
+ </para>
+ <para>
+ Once you have chosen your mailbox type, edit the file
+ <filename>/etc/dovecot/dovecot.conf</filename> and change
+ the following line:
+ </para>
+<programlisting>
+mail_location = maildir:~/Maildir # (for maildir)
+or
+mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)
+</programlisting>
+ <note>
+ <para>
+ You should configure your Mail Transport Agent (MTA) to transfer the
+ incoming mail to this type of mailbox if it is different from the one
+ you have configured.
+ </para>
+ </note>
+ <para>
+ Once you have configured dovecot, start the
<application>dovecot</application> daemon
+ in order to test your setup:
+ </para>
+ <screen><command>sudo /etc/init.d/dovecot start</command></screen>
+ <para>
+ If you have enabled imap, or pop3, you can also try to log in
+ with the commands <command>telnet localhost pop3</command> or
+ <command>telnet localhost imap2</command>. If you see
+ something like the following, the installation has been
+ successful:
+ </para>
+<programlisting>
+bhuvan at rainbow:~$ telnet localhost pop3
+Trying 127.0.0.1...
+Connected to localhost.localdomain.
+Escape character is '^]'.
++OK Dovecot ready.
+</programlisting>
+ </sect2>
+ <sect2 id="dovecot-ssl" status="complete">
+ <title>Dovecot SSL Configuration</title>
+ <para>
+ To configure <application>dovecot</application> to use
SSL, you can edit the file
+ <filename>/etc/dovecot/dovecot.conf</filename> and amend
+ following lines:
+ </para>
+<programlisting>
+ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
+ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
+ssl_disable = no
+disable_plaintext_auth = no
+</programlisting>
+ <para>
+ You can get the SSL certificate from a Certificate Issuing
+ Authority or you can create self signed SSL certificate. Please
+ refer to <xref linkend="creating-a-self-signed-certificate"/>
+ for details about how to create self signed SSL certificate. Once
+ you create the certificate, you will have a key file and a
+ certificate file. Please copy them to the location pointed
+ in the <filename>/etc/dovecot/dovecot.conf</filename>
+ configuration file.
+ </para>
+ </sect2>
+ <sect2>
+ <title>Firewall Configuration for an Email Server</title>
+ <para>
+ To access your mail server from another computer, you must
+ configure your firewall to allow connections to the server on
+ the necessary ports.
+ <itemizedlist>
+ <listitem><para>IMAP - 143</para></listitem>
+ <listitem><para>IMAPS - 993</para></listitem>
+ <listitem><para>POP3 - 110</para></listitem>
+ <listitem><para>POP3S - 995</para></listitem>
+ </itemizedlist>
+ </para>
+ </sect2>
+ </sect1>
+ <sect1 id="mailman" status="complete">
+ <title>Mailman</title>
+ <para>
+ Mailman is an open source program for managing electronic mail
+ discussions and e-newsletter lists. Many open source mailing
+ lists (including all the <ulink
+ url="http://lists.ubuntu.com">Ubuntu mailing lists</ulink>) use
+ Mailman as their mailing list software. It is powerful and easy
+ to install and maintain.
+ </para>
+ <sect2 id="mailman-installation" status="complete">
+ <title>Installation</title>
+ <para>
+ Mailman provides a web interface for the administrators
+ and users. So, it requires Apache with mod_perl support.
+ Mailman uses an external mail server to send and receive
+ emails. It works perfectly with the following mail servers:
+ </para>
+ <para>
+ <itemizedlist spacing="compact">
+ <listitem>
+ <para><application>Postfix</application></para>
+ </listitem>
+ <listitem>
+ <para><application>Exim</application></para>
+ </listitem>
+ <listitem>
+ <para><application>Sendmail</application></para>
+ </listitem>
+ <listitem>
+ <para><application>Qmail</application></para>
+ </listitem>
+ </itemizedlist>
+ </para>
+
+ <para>
+ We will see how to install and configure Mailman with,
the Apache web server,
+ and either the Postfix or Exim mail server. If you wish
to install Mailman
+ with a different mail server, please refer to the references
+ section.
+ </para>
+ <note>
+ <para>
+ You only need to install one mail server and
<application>Postfix</application> is the default Ubuntu Mail Transfer
Agent.
+ </para>
+ </note>
+ <sect3 id="mailman-apache2">
+ <title>Apache2</title>
+ <para>
+ To install apache2 you refer to <ulink
+ url="./web-servers.xml#http-installation">HTTPD
+ Installation</ulink> section for details.
+ </para>
+ </sect3>
+ <sect3 id="mailman-postfix">
+ <title>Postfix</title>
+ <para>
+ For instructions on installing and configuring Postfix
refer to <xref linkend="postfix"/>
+ </para>
+ </sect3>
+ <sect3 id="mailman-exim4">
+ <title>Exim4</title>
+ <para>
+ To install Exim4 refer to <xref linkend="exim4"/>.
+ </para>
+ <para>
+ Once exim4 is installed, the configuration files are stored in
+ the <filename>/etc/exim4</filename> directory. In
Ubuntu, by default, the exim4 configuration files are
+ split across different files. You can change this
behavior by changing
+ the following variable in the
<filename>/etc/exim4/update-exim4.conf</filename> file:
+
+ <itemizedlist spacing="compact">
+ <listitem>
+
<para><application>dc_use_split_config='true'</application></para>
+ </listitem>
+ </itemizedlist>
+ </para>
+ </sect3>
+ <sect3 id="mailman-mailman">
+ <title>Mailman</title>
+ <para>
+ To install <application>Mailman</application>, run
following command at a terminal prompt:
+ </para>
+<screen>
+<command>sudo apt-get install mailman</command>
+</screen>
+ <para>
+ It copies the installation files in
+ <application>/var/lib/mailman</application> directory. It
installs the
+ CGI scripts in <application>/usr/lib/cgi-bin/mailman</application>
+ directory. It creates <emphasis>list</emphasis> linux
+ user. It creates the <emphasis>list</emphasis> linux
+ group. The mailman process will be owned by this user.
+ </para>
+ </sect3>
+ </sect2>
+ <sect2 id="mailman-configuration" status="complete">
+ <title>Configuration</title>
+ <para>
+ This section assumes you have successfully installed
+ <application>mailman</application>,
+ <application>apache2</application>, and
+ <application>postfix</application> or
<application>exim4</application>. Now you just need
+ to configure them.
+ </para>
+ <sect3 id="mailman-conf-apache2">
+ <title>Apache2</title>
+ <para>
+ An example Apache configuration file comes with
<application>Mailman</application> and is placed
+ in <filename>/etc/mailman/apache.conf</filename>. In
order for Apache to use the config file it needs
+ to be copied to <filename>/etc/apache2/sites-available</filename>:
+ </para>
+<screen>
+<command>sudo cp /etc/mailman/apache.conf
/etc/apache2/sites-available/mailman.conf</command>
+</screen>
+ <para>
+ This will setup a new Apache
<emphasis>VirtualHost</emphasis> for the Mailman administration site.
+ Once you have copied the new configuration file you will
need to enable it and restart Apache:
+ </para>
+<screen>
+<command>sudo a2ensite mailman.conf</command>
+<command>sudo /etc/init.d/apache2 restart</command>
+</screen>
+ <para>
+ Mailman uses apache2 to render its CGI scripts. The
mailman CGI scripts
+ are installed in the
<application>/usr/lib/cgi-bin/mailman</application>
+ directory. So, the mailman url will be
+ http://hostname/cgi-bin/mailman/. You can make changes to the
+ <filename>/etc/apache2/sites-available/mailman.conf</filename>
file if you wish to
+ change this behavior.
+ </para>
+ </sect3>
+ <sect3 id="mailman-conf-postfix">
+ <title>Postfix</title>
+ <para>
+ For <application>Postfix</application> integration, we
will associate the domain lists.example.com with the mailing lists.
+ Please replace <emphasis>lists.example.com</emphasis> with
the domain of your choosing.
+ </para>
+ <para>
+ You can use the postconf command to add the necessary
configuration to <filename>/etc/postfix/main.cf</filename>:
+ </para>
+<screen>
+<command>sudo postconf -e 'relay_domains = lists.example.com'</command>
+<command>sudo postconf -e 'transport_maps =
hash:/etc/postfix/transport'</command>
+<command>sudo postconf -e 'mailman_destination_recipient_limit = 1'</command>
+</screen>
+ <para>
+ In <filename>/etc/postfix/master.cf</filename> double check
that you have the following transport:
+ </para>
+<programlisting>
+mailman unix - n n - - pipe
+ flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
+ ${nexthop} ${user}
+</programlisting>
+ <para>
+ It calls the <emphasis>postfix-to-mailman.py</emphasis>
script when a mail is delivered to a list.
+ </para>
+ <para>
+ Associate the domain lists.example.com to the Mailman
transport with the transport map. Edit the file
<filename>/etc/postfix/transport</filename>:
+ </para>
+<programlisting>
+lists.example.com mailman:
+</programlisting>
+ <para>
+ Now have <application>Postfix</application> build the
transport map by entering the following from a terminal prompt:
+ </para>
+<screen>
+<command>sudo postmap -v /etc/postfix/transport</command>
+</screen>
+ <para>
+ Then restart Postfix to enable the new configurations:
+ </para>
+<screen>
+<command>sudo /etc/init.d/postfix restart</command>
+</screen>
+ </sect3>
+ <sect3 id="mailman-conf-exim4">
+ <title>Exim4</title>
+ <para>
+ Once Exim4 is installed, you can start the Exim server
using the following
+ command from a terminal prompt:
+ </para>
+<screen>
+<command>sudo apt-get /etc/init.d/exim4 start</command>
+</screen>
+ <para>
+In order to make mailman work with exim4, you need to configure exim4.
+As mentioned earlier, by default, exim4 uses multiple configuration
+files of different types. For details, please refer to the <ulink
+url="http://www.exim.org">Exim</ulink> website. To run mailman, we
+should add new a configuration file to the following configuration
+types:
+ <itemizedlist spacing="compact">
+ <listitem>
+ <para>Main</para>
+ </listitem>
+ <listitem>
+ <para>Transport</para>
+ </listitem>
+ <listitem>
+ <para>Router</para>
+ </listitem>
+ </itemizedlist>
+ Exim creates a master configuration file by sorting all
+ these mini configuration files. So, the order of these
+ configuration files is very important.
+ </para>
+ </sect3>
+ <sect3 id="mailman-conf-main">
+ <title>Main</title>
+ <para>
+ All the configuration files belonging to the main type are
+ stored in the
+ <filename>/etc/exim4/conf.d/main/</filename> directory.
You can add
+ the following content to a new file, named
<filename>04_exim4-config_mailman</filename>:
+
+<programlisting>
+# start
+# Home dir for your Mailman installation -- aka Mailman's prefix
+# directory.
+# On Ubuntu this should be "/var/lib/mailman"
+# This is normally the same as ~mailman
+MM_HOME=/var/lib/mailman
+#
+# User and group for Mailman, should match your --with-mail-gid
+# switch to Mailman's configure script. Value is normally "mailman"
+MM_UID=list
+MM_GID=list
+#
+# Domains that your lists are in - colon separated list
+# you may wish to add these into local_domains as well
+domainlist mm_domains=hostname.com
+#
+# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+#
+# These values are derived from the ones above and should not need
+# editing unless you have munged your mailman installation
+#
+# The path of the Mailman mail wrapper script
+MM_WRAP=MM_HOME/mail/mailman
+#
+# The path of the list config file (used as a required file when
+# verifying list addresses)
+MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck
+# end
+</programlisting>
+ </para>
+ </sect3>
+ <sect3 id="mailman-conf-transport">
+ <title>Transport</title>
+ <para>
+All the configuration files belonging to transport type are stored in
+the <filename>/etc/exim4/conf.d/transport/</filename> directory. You
+can add the following content to a new file named <filename>
+40_exim4-config_mailman</filename>:
+
+<programlisting>
+ mailman_transport:
+ driver = pipe
+ command = MM_WRAP \
+ '${if def:local_part_suffix \
+ {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
+ {post}}' \
+ $local_part
+ current_directory = MM_HOME
+ home_directory = MM_HOME
+ user = MM_UID
+ group = MM_GID
+</programlisting>
+ </para>
+ </sect3>
+ <sect3 id="mailman-conf-router">
+ <title>Router</title>
+ <para>
+All the configuration files belonging to router type are stored in the
+<filename>/etc/exim4/conf.d/router/</filename> directory. You can add
the following content
+in to a new file named <filename>101_exim4-config_mailman</filename>:
+<programlisting>
+ mailman_router:
+ driver = accept
+ require_files = MM_HOME/lists/$local_part/config.pck
+ local_part_suffix_optional
+ local_part_suffix = -bounces : -bounces+* : \
+ -confirm+* : -join : -leave : \
+ -owner : -request : -admin
+ transport = mailman_transport
+</programlisting>
+
+ </para>
+<warning>
+<para>
+The order of main and transport configuration files can be in any order.
+But, the order of router configuration files must be the same.
+This particular file must appear before the
+<application>200_exim4-config_primary</application> file.
+These two configuration files contain same type of information. The
+first file takes the precedence. For more details, please refer to the
+references section.
+</para>
+</warning>
+ </sect3>
+ <sect3 id="mailman-conf-mailman">
+ <title>Mailman</title>
+ <para>
+ Once mailman is installed, you can run it using the
following command:
+ </para>
+<screen>
+<command>sudo /etc/init.d/mailman start</command>
+</screen>
+ <para>
+ Once mailman is installed, you should create the default
mailing list.
+ Run the following command to create the mailing list:
+ </para>
+
+<screen>
+<command>sudo /usr/sbin/newlist mailman</command>
+</screen>
+
+<programlisting>
+ Enter the email address of the person running the list: bhuvan at ubuntu.com
+ Initial mailman password:
+ To finish creating your mailing list, you must edit your
<filename>/etc/aliases</filename> (or
+ equivalent) file by adding the following lines, and possibly running the
+ `newaliases' program:
+
+ ## mailman mailing list
+ mailman: "|/var/lib/mailman/mail/mailman post mailman"
+ mailman-admin: "|/var/lib/mailman/mail/mailman admin mailman"
+ mailman-bounces: "|/var/lib/mailman/mail/mailman bounces mailman"
+ mailman-confirm: "|/var/lib/mailman/mail/mailman confirm mailman"
+ mailman-join: "|/var/lib/mailman/mail/mailman join mailman"
+ mailman-leave: "|/var/lib/mailman/mail/mailman leave mailman"
+ mailman-owner: "|/var/lib/mailman/mail/mailman owner mailman"
+ mailman-request: "|/var/lib/mailman/mail/mailman request mailman"
+ mailman-subscribe: "|/var/lib/mailman/mail/mailman subscribe mailman"
+ mailman-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe mailman"
+
+ Hit enter to notify mailman owner...
+
+ #
+</programlisting>
+ <para>
+ We have configured either Postfix or Exim4 to recognize
all emails from mailman. So, it is
+ not mandatory to make any new entries in
+ <filename>/etc/aliases</filename>. If you have made any changes
+ to the configuration files, please ensure that you restart those
+ services before continuing to next section.
+ </para>
+ </sect3>
+ </sect2>
+ <sect2 id="mailman-admin" status="complete">
+ <title>Administration</title>
+<para>
+We assume you have a default installation. The
+mailman cgi scripts are still in the
+<application>/usr/lib/cgi-bin/mailman/</application> directory. Mailman
+provides a web based administration facility. To access this page, point
+your browser to the following url:
+
+</para>
+<para>
+http://hostname/cgi-bin/mailman/admin
+</para>
+
+<para>
+The default mailing list, <emphasis>mailman</emphasis>,
+will appear in this screen. If you click the mailing list name, it
+will ask for your authentication password. If you enter the correct
+password, you will be able to change administrative settings of this
+mailing list.
+
+You can create a new mailing list using the command line utility
+(<command>/usr/sbin/newlist</command>).
+Alternatively, you can create a new mailing list using the web interface.
+</para>
+ </sect2>
+ <sect2 id="mailman-users" status="complete">
+ <title>Users</title>
+<para>
+Mailman provides a web based interface for users. To access this page,
+point your browser to the following url:
+</para>
+
+<para>
+http://hostname/cgi-bin/mailman/listinfo
+</para>
+
+<para>
+The default mailing list, <emphasis>mailman</emphasis>,
+will appear in this screen. If you
+click the mailing list name, it will display the subscription form. You
+can enter your email address, name (optional), and password to subscribe.
+An email invitation will be sent to you. You can follow the
+instructions in the email to subscribe.
+</para>
+ </sect2>
+ <sect2 id="mailman-references" status="complete">
+ <title>References</title>
+<para>
+<ulink url="http://www.list.org/mailman-install/index.html"> GNU Mailman
+- Installation Manual</ulink>
+</para>
+<para>
+<ulink url="http://www.exim.org/howto/mailman21.html">HOWTO - Using Exim
+4 and Mailman 2.1 together</ulink>
+</para>
+ </sect2>
+ </sect1>
+ </chapter>
+
--
https://code.launchpad.net/~ubuntu-core-doc/ubuntu-doc/ubuntu-hardy
You are receiving this branch notification because you are subscribed to it.
To unsubscribe from this branch go to
https://code.launchpad.net/~ubuntu-core-doc/ubuntu-doc/ubuntu-hardy/+subscription/ubuntu-core-doc.
--
ubuntu-doc-commits mailing list
ubuntu-doc-commits at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-doc-commits
--
Matthew East
http://www.mdke.org
gnupg pub 1024D/0E6B06FF
More information about the ubuntu-doc
mailing list