Problems with mail section of Ubuntu Server Doc
jjesse at gmail.com
Sun Dec 14 21:31:56 UTC 2008
Feel free to report these suggestions as bugs against ubuntu doc package
From: James Rodríguez de Castro <decastro at netvigator.com>
Sent: Saturday, December 13, 2008 10:36 AM
To: ubuntu-doc at lists.ubuntu.com
Cc: rjls at jabber.org; bhuvan at collab.net
Subject: Problems with mail section of Ubuntu Server Doc
I have run into a few problems with the mail section of Ubuntu Server documentation and have two suggested changes and some questions.
I am trying to set up a mail server using Postfix, Dovecot, Amavis, clamAV, Spamassassin etc
just like the guide explains, using Maildir/ storage format and IMAP server based storage, with SASL authentication and TLS certificates for server and client authentication.
Problem 1) and question
The recommended default contains the line:
mailbox_command = procmail -a "$EXTENSION"
As set out in the guide, and with the guide only as guidance, this does not work. Mails simply dont get delivered at all. I think $EXTENSION is undefined (maybe there needs to be some further entries in /etc/postfix/master.cf which have not yet made it into the documentation to set up the user .procmailrc files etc..), and there are no instructions on how to configure procmail which can be a whole new subject in itself.
However, if you replace the line with :
mailbox_command = /usr/lib/dovecot/deliver
then mails do get delivered. Is there any reason why the procmail line is there maybe relating to spam filtering etc.? If yes, then that needs to be documented, an if not then the dovecot/deliver alternative needs to be substituted into the default installation and the reference to procmail removed (or just replaced with a comment that says something like if you are a procmail expert this is where you WOULD insert it)
Problem 2) Multiplication of certificates.
The Postfix installation routine goes through creating an smtpd.crt certificate and smtpd.key pair to use for authenticating the server, which then get referenced in the /etc/postfix/main.cf file. This is presumably a TLS server certificate.
The Dovecot configuration does the same but with a ssl-cert-snakeoil certificate and key pair, which do its SSL authentication.
Am I correct in thinking that we could (and probably should) use the same certificate and key pair for both functions?
In which case maybe we should see instructions to create server.crt and server.key, and use this single pair instead of smtpd.crt, smtpd.key, ssl-cert-snakeoil and ssl-key-snakeoil in both Postfix and Dovecot, and change the default /etc/postfix/main.cf and /etc/dovecot/dovecof.conf accordingly. OR, is there a clear reason why Postfix and Dovecot SHOULD be using different server cert/key pairs, and if so, what is this reason?
Problem 3) TLS certificates.
I have been unable so far with the provided instructions in the Server guide to set up TLS client authentication. If I set Evolution to use SSL for receiving emails it works, if I choose TLS it says connection refused. When it does work using SSL, the full message header says the client did not present a certificate. I suspect this whole class of symptoms could be to do with the required x509v3 extensions for the CA, server cert, and client certs somehow not playing nice with each other.
Could you please document which extensions are needed for each type of certificate so that it all works together without problems?
Problem 4) Mail filtering.
I have followed to the letter the instructions for setting up amavis, clamav, spamassasin, pyzor-razor etc. and tested it, and the full header of received messages (from inside our local network) shows an X-entry referring to antivirus scanning having been done, but nothing relating to spam like the guide says I should be seeing. I have not yet opened this server to the external internet as it doesnt seem ready for prime time yet. As there is no entry in the header referring to spam scoring etc.. I am beginning to think that the spam filtering side is not working. Why could this be? Does it depend on procmail being up, in which case Problem 1) above could be related?
Also, where does one see filtered spam and how does this get configured? The Server Guide is silent on the subject, and it should perhaps mention configuration file X sets out the path / folder / whatever where Spamassasin will drop suspected spam, and if any non-spam message gets tagged as spam, this (file Y) is how you tell Spamassasin about it so that it doesnt do it again
Could you sent me a set of /etc/postfix main.cf and master.cf, plus /etc/dovecot/dovecot.conf that you have configured according to your latest recommendations and which are known to work together for Maildir/, IMAP with SASL and TLS, and Amavis/ClamAV/Spamassasin?
Could you please send me the required extensions for 1) the CA certificate, 2) the server certificate, 3) the client certificates? Also, what should the Common Name be for the client certificates? Should it be user1 or user1 at example.com ?
Hope this is all clear and look forward to hearing back soon!
Thanks in advance
James R de Castro
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ubuntu-doc