Simple Mail Server using POSTFIX, CYRUS-SASL, DOVECOT

mandrivadovecotpostfix

install openssl
urpmi openssl

install cyrus-sasl
urpmi cyrus-sasl

edit file /etc/sasl2/smtpd.conf
vim /etc/sasl2/smtpd.conf

isinya seperti ini :

# SASL library configuration file for postfix
# all parameters are documented into:
# /usr/share/doc/cyrus-sasl/options.html

# The mech_list parameters list the sasl mechanisms to use,
# default being all mechs found.
#mech_list: plain login
# To authenticate using the separate saslauthd daemon, (e.g. for
# system or ldap users). Also see /etc/sysconfig/saslauthd.
#pwcheck_method: saslauthd
#saslauthd_path: /var/lib/sasl2/mux
# To authenticate against users stored in sasldb.
#pwcheck_method: auxprop
#auxprop_plugin: sasldb
#sasldb_path: /var/lib/sasl2/sasl.db

kemudian edit menjadi seperti ini :
# This sets smtpd to authenticate using the saslauthd daemon.
pwcheck_method:saslauthd
# This allows only plain, login, cram-md5 and digest-md5 as the authentication mechanisms.
mech_list: plain login cram-md5 digest-md5

install postfix
urpmi postfix

setelah itu salin file /etc/postfix/aliases.db ke /etc/aliases.db
cp /etc/postfix/aliases.db /etc/aliases.db

trus bikin certificate buat postfix
mkdir /etc/postfix/ssl

trus masuk
cd /etc/postfix/ssl/

kemudian proses buat nya, pake perintah ini :
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

25 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
....................++++++
............................++++++
e is 65537 (0x10001)
Enter pass phrase for smtpd.key:
masukin passwordnya, misal 123456

Verifying - Enter pass phrase for smtpd.key:

masukin passwordnya lagi, tadi pake 123456 (misal)

file hasil perintah diatas adalah smtpd.key letaknya di /etc/postfix/ssl
kemudian ubah mode file ke 600 pake perintah
chmod 600 smtpd.key

trus jalankan lagi openssl untuk menggenerate csr file dari smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
Enter pass phrase for smtpd.key: (masukkan password smtpd.key, tadi 123456)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:INA (heheheh, sori salah)
string is too long, it needs to be less than 2 bytes long
Country Name (2 letter code) [GB]:ID (yang bener ID untuk INDONESIA)
State or Province Name (full name) [Berkshire]:East Java
Locality Name (eg, city) [Newbury]:Blitar
Organization Name (eg, company) [My Company Ltd]:bayu mandriva
Organizational Unit Name (eg, section) []:headoffice
Common Name (eg, your name or your server's hostname) []:bayu
Email Address []:bayu@blitar.org

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:654321
An optional company name []:bayu mandriva


trus jalankan perintah ini :
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
Signature ok
subject=/C=ID/ST=East Java/L=Blitar/O=bayu mandriva/OU=headoffice/CN=bayu/emailAddress=bayu@blitar.org
Getting Private key
Enter pass phrase for smtpd.key: (masukin passwordnya tadi smtpd.key 123456)
trus perintah :
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
Enter pass phrase for smtpd.key: (masukin password smtpd.key lagi 123456)
writing RSA key

trus perintah ini
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Generating a 1024 bit RSA private key
.................................++++++
.++++++
writing new private key to 'cakey.pem'
Enter PEM pass phrase: (isi password smtpd.key)
Verifying - Enter PEM pass phrase: (isi password smtpd.key)
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]: ID (isi kaya sing tadi)
State or Province Name (full name) [Berkshire]:East Java
Locality Name (eg, city) [Newbury]:Blitar
Organization Name (eg, company) [My Company Ltd]:bayu mandriva
Organizational Unit Name (eg, section) []:head office
Common Name (eg, your name or your server's hostname) []:bayu mandriva
Email Address []:bayu@blitar.org

sekarang edit file main.cf di /etc/postfix/main.cf
vim /etc/postfix/main.cf
# User configurable parameters

#inet_interfaces = localhost
mynetworks_style = host
#delay_warning_time = 4h
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) (Mail Server Q)
unknown_local_recipient_reject_code = 450
smtp-filter_destination_concurrency_limit = 2
lmtp-filter_destination_concurrency_limit = 2
data_directory = /var/lib/postfix

mydomain = blitar.org
myhostname = mail.$mydomain
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains
internet_interface = all
alias_maps = hash:/etc/aliases
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

sekarang konfigurasi saslauthd nya (gak wajib)
bikin file /etc/default/saslauthd, trus isinya seperti ini :
# This needs to be uncommented before saslauthd will be run automatically
START=yes

# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb"
MECHANISMS=shadow

selesai dah… fiuh….
sekarang testing …. sekali netes cewe sekampung pada bunting …kekekekekeke

testing
jalankan postfix sama saslauthd nya

service postfix start
ato
/etc/init.d/postfix start

service saslauthd start
ato
/etc/init.d/saslauthd start

cek pake perintah netstat -pln
netstat -pln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 8867/master

yah seperti itu lah kira-kira hasilnya :)

kemudian telnet buat ngetes nya
telnet localhost 25
Trying 127.0.0.1...
Connected to pop (127.0.0.1).
Escape character is '^]'.
220 mail.blitar.org ESMTP Postfix (2.5.1) (Mail Server Q)
ehlo localhost
250-mail.blitar.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN DIGEST-MD5
250-AUTH=LOGIN PLAIN DIGEST-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
tuh kan sukses …. hehehehe

sekarang install buat pop3 or imap nya, kita pake dovecot aja sing gampang.
trus sekalian webmail nya, kita pake squirrelmail

urpmi dovecot

sama

urpmi squirrelmail

o iya sebelom di lanjut, kita edit dulu postfixnya supaya naruh email nya pake formay Maildir
edit file /etc/postfix/main.cf, dan tambahkan nilai berikut di akhir baris, trus simpan dan reload postfixnya

home_mailbox = Maildir/

selesai, sekarang masuk ke konfigurasi dovecot di file /etc/dovecot.conf
protocols = pop3 imap (jika kepengen laine silahkan baca)
pop3_uidl_format = %08Xu%08Xv
mail_location = maildir:~/Maildir (disesuaikan ma postfixnya)

kemudian jalankan dovecotnya

service dovecot start
ato
/etc/init.d/dovecot start

trus sekarang edit konfigurasi squirrelmailnya
/var/www/squirrelmail/conf/conf.pl

SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages

D. Set pre-defined settings for specific IMAP servers

C Turn color off
S Save data
Q Quit

Command >>

pilih 2 untuk server settings

Server Settings

General
-------
1. Domain : pop
2. Invert Time : false
3. Sendmail or SMTP : Sendmail

A. Update IMAP Settings : localhost:143 (uw)
B. Change Sendmail Config : /usr/sbin/sendmail

R Return to Main Menu
C Turn color off
S Save data
Q Quit

Command >>
trus pilih A buat update IMAP settings

IMAP Settings
--------------
4. IMAP Server : localhost
5. IMAP Port : 143
6. Authentication type : login
7. Secure IMAP (TLS) : false
8. Server software : uw
9. Delimiter : /

B. Change Sendmail Config : /usr/sbin/sendmail
H. Hide IMAP Server Settings

pilih 8 buat server software nya
Command >> 8

Each IMAP server has its own quirks. As much as we tried to stick
to standards, it doesn't help much if the IMAP server doesn't follow
the same principles. We have made some work-arounds for some of
these servers. If you would like to use them, please select your
IMAP server. If you do not wish to use these work-arounds, you can
set this to "other", and none will be used.
bincimap = Binc IMAP server
courier = Courier IMAP server
cyrus = Cyrus IMAP server
dovecot = Dovecot Secure IMAP server
exchange = Microsoft Exchange IMAP server
hmailserver = hMailServer
macosx = Mac OS X Mailserver
mercury32 = Mercury/32
uw = University of Washington's IMAP server
other = Not one of the above servers
[uw]:

isikan dovecot, soale kita kan pake dovecot :)
abis tu save, pake tekan S

R Return to Main Menu
C Turn color off
S Save data
Q Quit

Command >> S

Data saved in config.php
Press enter to continue...

Selesai deh… hepi ending :p