self help arrow DEBIAN arrow Mail server
NEW PC's
SECURITY
BROADBAND
DEBIAN
Setting up a Debian based IMAP mailserver

It's been said that IMAP is the best kept secret on the internet. Rather than downloading your mail to your workstation or laptop, your mail can be downloaded from different Internet Service Providers (ISPs) on to an IMAP server and accessed from any PC on your network. It can also be made available via webmail using a package such as squirellmail.

These notes are based on our own mail setup and installations for clients. In addition to IMAP, the mail is scanned for spam and viruses at collection time which offers a number of advantages:

  • the risk of email viruses to your PC are reduced
  • valuable computing resources are conserved for more productive tasks

What is described here is not a full blown mailserver ie. email is still sent and received by an ISP. Setting up smtp services is currently beyond the scope of these notes; however, the spam and virus filtering described here will be even more effective if you run your own smtp server; the way mail is rejected at smtp time means that your address will be invalid as far as the spammer is concerned.

References:

http://blogs.papercutsoftware.com/matt.doran/page/2/
http://dman13.dyndns.org/~dman/config_docs/exim-spamassassin/

Installing required packages:

It is assumed that you have already setup a server, if not see File Server

  • $ sudo aptitude update
  • $ sudo aptitude install dovecot-imapd exim4-daemon-heavy greylistd sa-exim spamassassin razor clamav clamav-daemon fetchmail

To configure exim4:

  • $ sudo dpkg-reconfigure exim4-config
  • Split configuration into small files? = No
  • mail sent by smarthost; received via SMTP or fetchmail
  • System mail name: everything after '@' in your main email address
  • Machine handling outgoing mail for this host (smarthost): your ISP's smtp server
  • Otherwise, it is usually safe to accept the defaults

Configure exim4 to direct mail to $home/Maildir:

  • Add the following to /etc/exim4/update-exim4.conf.conf:
  • $ dc_localdelivery='maildir_home'
  • then run:
  • $ sudo update-exim4.conf

Dovecot setup:

  • edit /etc/dovecot/dovecot.conf adding values for "protocols" - for an IMAP server:
  • protocols = imap imaps
  • For Outlook clients: enable outlook-idle in /etc/dovecot/dovecot.conf:
  • client_workarounds = outlook-idle

Configure fetchmail:

  • edit $home/.fetchmailrc to look something like:
  • set postmaster "postmaster"
  • set nobouncemail
  • set no spambounce
  • set properties ""
  • poll smtp.your_isp.net with proto POP3
  • user 'username' there with password 'passwd' is 'user@your.domain here options
  • poll smtp.another_isp.net with proto POP3
  • other_user 'username' there with password 'passwd' is @your.domain here options keep
  • see man page for fetchmailrc
  • to run fetchmail as a daemon for each user ie. login as user, then:
  • $ fetchmail -d 600
  • where 600 is seconds ie. every 10 mins

To activate spamassassin and clamav:

  • edit /etc/default/spamassassin:
  • ENABLED=1
  • to integrate with exim4 follow the instructions in: /usr/share/doc/sa-exim/README.Debian and add the following two lines to /etc/exim4/exim4.conf.template:
  • local_scan_path = /usr/lib/exim4/local_scan/sa-exim.so
  • av_scanner = clamd:/var/run/clamav/clamd.ctl
  • and add this to acl/40_exim4-config_check_data setcion to activate clamav:
  • # added for configuring clamav
  • deny
  • message = This message contains a virus: ($malware_name) please scan your system.
  • demime = *
  • malware = *
  • and add clamav to group Debian-exim; then reconfigure clamav:
  • $ dpkg-reconfigure clamav-daemon
  • to configure sa-exim edit /etc/exim4/sa-exim.conf:
  • SApermreject: 8.0
  • SAtempreject: 5.0
  • SAEximRunCond: 1

To activate greylisting

At a root prompt, type:
# greylistd-setup-exim4 add
If you overwrite your Exim configuration files in the future (for instance, when upgrading Exim), you may need to re-run this command.

To configure razor

  • follow the instructions in /usr/share/doc/razor/README.Debian but with the following commands
  • $ razor-client
  • $ razor-admin --create &
  • $ razor-admin -discover
  • $ razor-admin --register

Mail Clients

The various mail clients handle IMAP quite differently. On Debian clients, we use Mozilla-Thunderbird or Mutt (a text based email client). Both handle IMAP very well. On Windows we also favour Mozilla-Thunderbird. Although Outlook does handle IMAP, it seems (on some versions at least) that you need to set up filters to ensure copies of sent messages are saved on the server. See Email

Dovecot SSL certificates

The default is for certificates on the server to expire after 12 months - we found this two step process to renew the certificate - thanks to Tom Insam http://jerakeen.org/blog/2005/08/22/ssl/

This removes the old certs 

find /etc/ssl -name dovecot.* -exec rm {} \;

This makes new ones 

dpkg-reconfigure dovecot-common

Clive Menzies - (updated following an 'etch RC1' install) January 2007