Howto setup a multidrop mail server V2


(bob) #1

Version 1 of this HowTo sent backscatter spam to the internet, Version 2 does not.

Overview

This HowTo documents how I created a mail system which downloads mail from a multidrop POP3 account hosted by my ISP and delievers that mail to local users with a catchall user to receive unknown users. My first attempt at this HowTo resulted in a system which created backscatter spam, this HowTo does not create backscatter spam. However, this HowTo does require a second CentOS server to be setup and configured which downloads the email and forwards it to NethServer (it’s not difficult).

Most of the set up is done on NethServer and then copied across to a vanila CentOS7 server.

How it will work

Your NethServer provides firewalled access to the internet.
Your NethServer hosts a normal domain, e.g. domain.org.uk and stores email it receives for access through the WebTop interface.
A simple CentOS7 (in the example below it’s called lanmailer.domain.org.uk) server runs on the local network to download email from your ISPs multidrop POP3 account and relays those messages to your NethServer, which stores them for access through WebTop.
Backscatter spam that’s generated by routing mail with GetMail is bounced from your NethServer to the CentOS7 server and discarded.

Prerequisites

This HowTo assumes…

  • you understand how to access the command line and are comfortable making changes via the command line.
  • you have an existing NethServer configured as an internet gateway and it’s providing IP addresses via DHCP to your internal network.
  • the internal network address of your NethServer is 192.168.1.1
  • your NethServer gateway is to be configured as your email server.
  • you have a second PC attached to your internal network that can be configured with CentOS7 which will be configured to download email from the ISP pop3 account. This PC can be real or virtual, it could even be hosted on your NethServer using the KVM plugin.

Configure NethServer

This HowTo assumes you already have NethServer installed and that it’s configured as an internet gateway with an internal network that has an active DHCP server.

Note: The requirements for a MultiDrop mail box can be found here:
http://pyropus.ca/software/getmail/configuration.html#conf-retriever-multidrop

Software & Packages:
Nethserver 7
OpenLDAP
Email
POP3 Connector
WebTop5

  1. configure email domain on local NethServer
    Webconfig > Configuration / Email > Domain
    Click “Create New” and enter your domain name, e.g. domain.org.uk. Don’t select any other options at this point.
    Click Submit.

  2. configure users
    Webconfig > Management / Users and groups > Users
    Create your users, in my case “mum, dad, child1 and child2”.
    Create a password for each user.
    Create another user to be the CatchAll account, in my case “mail”.
    Create a password for the CatchAll account.

  3. direct unsorted mail to the CatchAll user
    Webconfig > Configuration / Email > Domain
    Edit the domain you created in step 1, select “Accept unknown recipients” and enter the address of your CatchAll user in the “deliver to” box, in my case mail@domain.org.uk
    Click Submit.

  4. configure aliases for root user – this is optional but will ensure system messages reach a real person.
    Create an email address for the root user. Select the root@YourServerName button at the top right hand corner of the Webconfig page, click Profile.
    Enter the user who will receive emails for root, e.g. dad@domain.org.uk.
    Click Submit.

  5. set up WebTop
    Login to the WebTop web interface as each of your users and the CatchAll user.
    When you are logged in to WebTop as the CatchAll user and share the inbox between your users.
    Click on the mail button, then right click on the inbox and select “Manage Sharing”.
    Select your users from the drop down list, select “Share Identity” and give them “full control”.
    In my case I have selected “Mum” and “Dad” to have full control of the “Mail” inbox.
    Click “save and close”.
    Logout of the CatchAll user and log in as “Mum” (or whatever user you selected). The shared mailbox of the CatchAll user will be visible under the entry “shared” in the list of email folders.

  6. configure the POP3 connector.
    The Webconfig does not allow a multidrop POP3 connect to be configured, so I set up what I could from the Webconfig and then edited the files from the command line.
    Webconfig > Management / POP3 Connector > Create New
    Enter an email address of a user on your machine, e.g. mum@domain.org.uk
    Enter the login details for your ISP POP3 mailbox (or IMAP mailbox if necessary).
    Deliver the messages to the email address you entered above, e.g. mum@domain.org.uk
    Select 60mins for the “check this account every” drop down.
    Do not select the options for spam and virus checking.
    Click submit.

  7. edit the getmail config
    Go to the command line of your NethServer.
    Copy the config file that was created in step 6.
    cp -p /var/lib/getmail/mum@\domain.org.uk.cfg /var/lib/getmail/multidrop.cfg
    Edit the new config file to turn it into a multidrop config.
    nano /var/lib/getmail/multidrop.cfg
    make the following changes
    Change [retriever] type to MultiDropPOP3Retriever (you may need to use MultiDropPOP3SSLRetriever if you need to use SSL to get your mail)
    Add the line [retriever] envelope_recipient = X-Delivered-To:1
    Note, this line depends on how your ISP drops your email into your multidrop POP3 mailbox, you may need to use “Delivered-to:1” instead of “X-Delivered-To:1”, check the headers of your incoming mail to see where the ”to:” address is stored.
    Change [destination] path to /usr/sbin/sendmail
    Change [destination] arguments to (“-t”,”-i”,”-f %(sender)”,”%(recipient)”)
    Remove the section [filter-1] if it exists.
    Remove the section [filter-2] if it exists.

Your edited file should look like this:

[retriever]
type = MultidropPOP3Retriever
server = your.isp.mailserver
username = username@ispmailserver
password = isppassword
envelope_recipient = X-Delivered-To:1

[destination]
type = MDA_external
path = /usr/sbin/sendmail
arguments = ("-t","-i","-f %(sender)","%(recipient)")
user = vmail
group = vmail

[options]
read_all = false
delete = true
received = false
message_log_syslog = true
delivered_to = false
  1. edit the getmail download schedule
    Go to the command line of your NethServer.
    Copy the getmail cron job to a new file.
    cp -p /etc/cron.d/getmail /etc/cron.d/multidrop
    Edit the new schedule to change the frequency and refer to the correct config file.
    nano /etc/cron.d/multidrop
    change the entry in the file to what’s shown below (which will check for messages every 2mins)
    #*/2 * * * * root /usr/bin/flock -n -E 0 /var/lib/getmail/multidrop.cfg -c "/usr/bin/getmail --getmaildir /var/lib/getmail/ --rcfile /var/lib/getmail/multidrop.cfg --quiet” &> /dev/null
    Note there is a hash # at the beginning of the entry.

  2. remove the POP3 connector config created in step 6.
    Webconfig > Management / POP3 Connector
    select the dropdown next to the Account you configured in step 6 and select delete.

Configure the CentOS7 server.

The CentOS7 server needs one network interface and that should be connected to your internal network, it will get an IP address from your DHCP server. This machine will be used to grab messages from the ISP POP3 account and route them to your NethServer, the machine does not require an internet facing network card.

  1. Download the Minimal install iso for CentOS7 from here https://www.centos.org/download/

  2. Install the base CentOS7 server.
    Boot the iso and follow the interactive setup.
    Setup networking with IPV4 and DHCP.
    Disable IPV6.
    Configure a sensible hostname, e.g. lanmailer.domain.org.uk
    Setup the time zone and switch on NTP.
    Leave the installer set to automatic disk partitioning.
    Configure a root password.
    Select the minimal software set.
    Leave the system to install, then boot the new machine.

  3. Configure the base CentOS7 server.
    Login as root.
    Enable the EPEL Repository, update the system then reboot.
    yum install epel-release
    yum update
    shutdown -r now

Disable the firewall (because the system is operating behind the NethServer gateway it doesn’t need its own firewall).
systemctl disable firewalld
systemctl stop firewalld

Install the Nano text editor and disable SELinux.
yum install nano
nano /etc/sysconfig/selinux
Then change the line SELinux=enforcing to SELinux=disabled
Reboot the system
shutdown -r now

Install GetMail and create a user to download mail with GetMail
yum install getmail
mkdir /var/lib/getmail
useradd vmail

Configure Postfix
postconf -e myhostname=lanmailer.domain.org.uk
postconf -e mydomain=domain.org.uk
postconf -e local_transport='error: this is a null client'
postconf -e myorigin='$domain'
postconf -e inet_interfaces=loopback-only
postconf -e mydestination='' # this is intentionally left blank
postconf -e mynetworks='127.0.0.0/8'
postconf -e inet_protocols = ipv4
postconf -e relayhost=[192.168.1.1]
nano /etc/postfix/master.cf
Change the line
bounce unix - - n - 0 bounce
to read
bounce unix - - n - 0 discard

Restart Postfix to enable the update configuration
systemctl restart postfix

  1. Copy the GetMail config and cron files from your NethServer
    scp root@192.168.1.1:/var/lib/getmail/multidrop.cfg /var/lib/getmail/
    scp root@192.168.1.1:/etc/cron.d/multidrop /etc/cron.d/

  2. Enable the GetMail schedule
    nano /etc/cron.d/multidrop
    Remove the hash # from the beginning of the entry.
    Exit nano.

References

http://www.postfix.org/STANDARD_CONFIGURATION_README.html#null_client
https://codingbee.net/tutorials/rhce/postfix-set-up-a-postfix-null-client-on-rhel-centos-7
http://www.techspacekh.com/configuring-postfix-to-relay-mail-to-local-exchange-mail-server-in-rhel-centos-7/


POP3 Connector MultiDrop mode
So, what are you working on? 1 Oct 2018
Howto setup a multidrop mail server