Problems with mail section of Ubuntu Server Doc

[James Rodríguez de Castro]

Hi there

 

I have run into a few problems with the mail section of Ubuntu Server
documentation and have two suggested changes and some questions.

I am trying to set up a mail server using Postfix, Dovecot, Amavis, clamAV,
Spamassassin etc
 just like the guide explains, using Maildir/ storage
format and IMAP server based storage, with SASL authentication and TLS
certificates for server and client authentication.

 

Problem 1) and question

In /etc/postfix/main.cf

The recommended default contains the line:

mailbox_command = procmail -a "$EXTENSION"

As set out in the guide, and with the guide only as guidance, this does not
work. Mails simply don’t get delivered at all. I think $EXTENSION is
undefined (maybe there needs to be some further entries in
/etc/postfix/master.cf which have not yet made it into the documentation to
set up the user .procmailrc files etc..), and there are no instructions on
how to configure procmail which can be a whole new subject in itself.

However, if you replace the line with :

mailbox_command = /usr/lib/dovecot/deliver

then mails do get delivered. Is there any reason why the procmail line is
there – maybe relating to spam filtering etc.? If yes, then that needs to be
documented, an if not then the dovecot/deliver alternative needs to be
substituted into the default installation and the reference to procmail
removed (or just replaced with a comment that says something like “if you
are a procmail expert this is where you WOULD insert it”)

 

Problem 2) Multiplication of certificates.

The Postfix installation routine goes through creating an smtpd.crt
certificate and smtpd.key pair to use for authenticating the server, which
then get referenced in the /etc/postfix/main.cf file. This is presumably a
TLS server certificate.

The Dovecot configuration does the same but with a ssl-cert-snakeoil
certificate and key pair, which do its SSL authentication.

Am I correct in thinking that we could (and probably should) use the same
certificate and key pair for both functions?

In which case maybe we should see instructions to create server.crt and
server.key, and use this single pair instead of smtpd.crt, smtpd.key,
ssl-cert-snakeoil and ssl-key-snakeoil in both Postfix and Dovecot, and
change the default /etc/postfix/main.cf and /etc/dovecot/dovecof.conf
accordingly. OR, is there a clear reason why Postfix and Dovecot SHOULD be
using different server cert/key pairs, and if so, what is this reason?

 

Problem 3) TLS certificates.

I have been unable so far with the provided instructions in the Server guide
to set up TLS client authentication. If I set Evolution to use SSL for
receiving emails it works, if I choose “TLS” it says “connection refused”.
When it does work using SSL, the full message header says “the client did
not present a certificate”. I suspect this whole class of symptoms could be
to do with the required x509v3 extensions for the CA, server cert, and
client certs somehow not playing nice with each other.

Could you please document which extensions are needed for each type of
certificate so that it all works together without problems?

 

Problem 4) Mail filtering.

I have followed to the letter the instructions for setting up amavis,
clamav, spamassasin, pyzor-razor etc. and tested it, and the full header of
received messages (from inside our local network) shows an X-entry referring
to antivirus scanning having been done, but nothing relating to spam like
the guide says I should be seeing. I have not yet opened this server to the
external internet as it doesn’t seem ready for prime time yet. As there is
no entry in the header referring to spam scoring etc.. I am beginning to
think that the spam filtering side is not working. Why could this be? Does
it depend on procmail being up, in which case Problem 1) above could be
related?

Also, where does one see filtered spam and how does this get configured? The
Server Guide is silent on the subject, and it should perhaps mention
‘configuration file X sets out the path / folder / whatever where
Spamassasin will drop suspected spam’, and ‘if any non-spam message gets
tagged as spam, this (file Y) is how you tell Spamassasin about it so that
it doesn’t do it again’

 

Request 1)

Could you sent me a set of /etc/postfix main.cf and master.cf, plus
/etc/dovecot/dovecot.conf that you have configured according to your latest
recommendations and which are known to work together for Maildir/, IMAP with
SASL and TLS, and Amavis/ClamAV/Spamassasin?

 

Request 2) 

Could you please send me the required extensions for 1) the CA certificate,
2) the server certificate, 3) the client certificates? Also, what should the
Common Name be for the client certificates? Should it be “user1” or
user1 at example.com ?

 

Hope this is all clear and look forward to hearing back soon!

 

Thanks in advance

 

James R de Castro

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-doc/attachments/20081213/483f1d72/attachment.html>