[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

This is an old revision of the document!


Making Slackware Mail Server

This article shows how to make an Slackware machine your personal Mail Server. This howto is for Slackware 64 13.37, but with few changes you can adapt it to the newest member of the Slackware family.

Before beginning, you need a normal installation of Slackware, without any special packages. You will manually download and install from Slackbuilds.org extra packages needed to make a Mail Server. This article uses Cyrus SASL authentication and Cyrus IMAP for remote login, rather than alternatives like qpopper or dovecot.

You will install Cyrus-SASL, Postfix, Cyurs-IMAP, and then configure them to use certificates for encrypting the mail packages that traverse the Internet.

Installing Cyrus-SASL

# cd /tmp
# mkdir cyrus-sasl
# cd cyrus-sasl
# wget ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/source/n/cyrus-sasl/cyrus-sasl-2.1.23.tar.xz
# wget ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/source/n/cyrus-sasl/cyrus-sasl.SlackBuild
# wget ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/source/n/cyrus-sasl/doinst.sh.gz
# wget ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/source/n/cyrus-sasl/rc.saslauthd.gz
# wget ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/source/n/cyrus-sasl/slack-desc
# joe cyrus-sasl.SlackBuild

and add the following lines after “–disable static”

--enable-plain \
--disable-digest \
# sh cyrus-sasl.SlackBuild
# installpkg /tmp/cyrus-sasl-2.1.23-x86_64-1.txz

Installing Postfix

# cd /tmp
# mkdir postfix
# cd postfix
# wget http://postfix.cs.utah.edu/source/official/postfix-2.8.3.tar.gz
# wget http://slackbuilds.org/slackbuilds/13.37/network/postfix/README
# wget http://slackbuilds.org/slackbuilds/13.37/network/postfix/doinst.sh
# wget http://slackbuilds.org/slackbuilds/13.37/network/postfix/postfix.SlackBuild
# wget http://slackbuilds.org/slackbuilds/13.37/network/postfix/postfix.info
# wget http://slackbuilds.org/slackbuilds/13.37/network/postfix/rc.postfix
# wget http://slackbuilds.org/slackbuilds/13.37/network/postfix/slack-desc
# joe postfix.Slackbuild

Edit the following line and replace “dovecot” with “cyrus” like this:

SASL=${SASL:-cyrus}

To begin Postfix installation, you must create the postfix user and group. Later, you will add the user postfix and user cyrus to the mail group.

# groupadd -g 200 postfix
# useradd -u 200 -d /dev/null -s /bin/false -g postfix postfix -G mail
# groupadd -g 201 postdrop
# sh postfix.SlackBuild  
# installpkg /tmp/postfix-2.8.3-x86_64-1_SBo.tgz 

Before continuing, configure Postfix can authenticate with sasl. First, make some aliases and tell Postfix to use aliases maps from /etc/postfix/aliases:

# joe /etc/postfix/main.cf

Edit these lines and make them look like this:

alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases  

Now add a user to your Slackware machine, a user who will also can read and send mail.

# adduser

Login name for new user []: slackware_user
User ID ('UID') [ defaults to next available ]: press ENTER
Initial group [ users ]: 200
Home directory [ /home/xxxxxx ]: press ENTER
Shell [ /bin/bash ]: /bin/false
Do you wish to change the sheel? (Y/n): n
Expiry date (YYYY-MM-DD) []: press ENTER

Press ENTER and input full name and other account-related stuff. Also specify a password for your newly created user.

Now edit /etc/postfix/aliases and modify it to your needs :

root  :         slackware_user
office:	  slackware_user

Update your aliases database:

# postalias hash:/etc/postfix/aliases   

Make the required configuration changes to Postfix so it can run:

# joe /etc/postfix/main.cf
myhostname = mx.yourdomain.tld
mydomain = yourdomain.tld 
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 127.0.0.0/8

Configure Postfix to authenticate users using SASL:

# mkdir /etc/sasl2
# cd /etc/sasl2
# touch smtpd.conf
# joe smtpd.conf 
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

Next, configure Postfix to have users authenticate using SASL. Edit /etc/postfix/main.cf and add the folowing code to the end of the file:

smtpd_sasl_auth_enable = yes   
broken_sasl_auth_clients = yes  
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

Start the daemons and test our configurations until now:

# saslauthd -a shadow
# postfix start

Then from another machine, telnet into your mail server on port 25 and issue the following commands :

# telnet mx.mailserver.com 25
ehlo user.mailserver.tld   
250-mx.mailserver.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN Y4R0QYxpcuHsFBRbbGjnPHIwYjB0MWrpMTk7La==
235 2.7.0 Authentication successful
MAIL FROM: <user@mailserver.com>
250 2.1.0 Ok
RCPT TO: <user@yahoo.com>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
HI. This mail is a test .
.
250 2.0.0 Ok: queued as 4C0EE221E93
QUIT
In order to find out the string after AUTH PLAIN enter the command printf 'user\0user\0password' | mmencode on your mail server, where user is your username and password is your password
Rember to put the “.” at the end so the mail can be sent to qeue daemon

Installing Mail Delivery and Cyrus IMAP

# cd /tmp
# mkdir cyrus-imap
# cd cyrus-imap
# wget http://cyrusimap.org/releases/cyrus-imapd-2.4.12.tar.gz
# wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/README
# wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/README.SLACKWARE
# wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/cyrus-imapd.SlackBuild
# wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/cyrus-imapd.info
# wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/doinst.sh
# wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/imapd.conf
# wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/patches
# wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/rc.cyrus-imapd
# wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/slack-desc
# mkdir patches
# cd patches/
# wget http://mirrors.vbi.vt.edu/mirrors/linux/slackbuilds/13.37/network/cyrus-imapd/patches/cyrus-imapd-2.4.4-autocreate-0.10-0-sv1.patch
# wget http://mirrors.vbi.vt.edu/mirrors/linux/slackbuilds/13.37/network/cyrus-imapd/patches/cyrus-imapd-2.4.4-autosieve-0.6.0-sv1.patch
# cd /tmp/cyrus-imap
# groupadd -g 238 cyrus
# useradd -d /var/imap -s /bin/sh -u 238 -g 238 cyrus -G mail 
# sh cyrus-imapd.SlackBuild
# installpkg /tmp/cyrus-imapd-2.4.12-x86_64-1_SBo.tgz
# mkdir -m 750 -p /var/imap /var/spool/imap /var/sieve
# chown cyrus:mail /var/imap /var/spool/imap /var/sieve
# su - cyrus
# /usr/doc/cyrus-imapd-2.4.12/tools/mkimap
# su - root

Edit /etc/imapd.conf and add the following lines:

sasl_mech_list: PLAIN LOGIN
allowplaintext: yes  

Edit /etc/postfix/main.cf and at mailbox_transport add the following:

mailbox_transport = lmtp:unix:/var/imap/socket/lmtp

The last step to do is to add users to your imap server.

# passwd cyrus
# cyradm --user cyrus --server localhost --auth plain    
localhost>cm user.slackware_user 
localhost>lm
localhost> quit
slackware_user is the user you have created in your slackware machine

At this point, you have a functional Mail Server, but with users authenticating in plain text . So the next step is inevitable.

SSL / TLS Postfix and Cyrus

Start by creating certificates and configuring POSTFIX to use STARTTLS.

# cd /etc/ssl
# misc/CA.pl -newca ( complete all entries)
# openssl req -new -nodes -keyout mailkey.pem -out mailreq.pem -days 36500
# openssl ca -out mail_signed_cert.pem -infiles mailreq.pem
# cp /etc/ssl/mailkey.pem /etc/postfix
# cp /etc/ssl/mail_signed_cert.pem /etc/postfix
# chown root /etc/postfix/mailkey.pem
# chmod 400 /etc/postfix/mailkey.pem
# cp /etc/ssl/demoCA/cacert.pem /etc/postfix

Add the followings to /etc/postfix/main.cf :

smtpd_use_tls = yes
smtpd_tls_key_file = /etc/postfix/mailkey.pem
smtpd_tls_cert_file = /etc/postfix/mail_signed_cert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
In /etc/postfix/master.cf delete the “#” sign from smtps and the next two columns from it
                 smtps     inet  n       -       n       -       -       smtpd
                   -o smtpd_tls_wrappermode=yes
                   -o smtpd_sasl_auth_enable=yes

Now configure IMAP to use STARTTLS:

# openssl req -new -nodes -out req.pem -keyout key.pem  
# openssl rsa -in key.pem -out new.key.pem
# openssl x509 -in req.pem -out ca-cert -req -signkey new.key.pem -days 36500
# cp new.key.pem /var/imap/server.pem
# rm new.key.pem
# cat ca-cert >> /var/imap/server.pem
# chown cyrus:mail /var/imap/server.pem
# chmod 600 /var/imap/server.pem 
# echo tls_ca_file: /var/imap/server.pem >> /etc/imapd.conf
# echo tls_cert_file: /var/imap/server.pem >> /etc/imapd.conf
# echo tls_key_file: /var/imap/server.pem >> /etc/imapd.conf 

Adding daemons to rc.local

The final step is to add all daemons to rc.local so they can start when machine boots. Open /etc/rc.d/rc.local and add these lines :

# Starting saslauthd daemon
if [ ! -r /var/state/saslauthd/saslauthd.pid ]; then
    echo "Starting SASL authentication daemon:  /usr/sbin/saslauthd -a shadow"
    /usr/sbin/saslauthd -a shadow
fi
# Starting IMAP daemon
if [ -x /usr/libexec/cyrus/master ]; then
    echo "Starting Cyrus IMAP daemon:  /usr/libexec/cyrus/master"
    /etc/rc.d/rc.cyrus-imapd start
fi
# Starting POSTFIX daemon
/etc/rc.d/rc.postfix start
   

Sources

Postfix The Definitive Guide, Kyle D. Dent, O'Reilly
Managing IMAP, Dianna Mullet & Kevin Mullet, O'Reilly
Official Postfix Documentation, [[http://www.postfix.org/documentation.html]]
 howtos:network_services:postfix_with_cyrus ()