Email with sendmail and IMAP

by Marion Bates <mbates at whoopis.com>
with much help from William Stearns <wstearns at pobox.com>

" . $googleAdBlack; ?>

You know how to log in to your server, and how to do things as root (with sudo, or as root directly)
You know how to start and stop services (usually /etc/init.d/servicename restart)
You know how to configure a service to start up automatically after your server reboots (there are several ways to do it, e.g., run ntsysv or chkconfig, or cd /etc/rc.d/rc3.d/ and mv Kxxservicename to S(100-xx)servicename. In other words, to enable sendmail to start up on restart:
mv K30sendmail S70sendmail

NOTE: If you want to know about setting up authenticated Sendmail with SSL, please refer to this howto.

As root, on your server (soon to be mailserver), edit /etc/mail/local-host-names -- add the domains for which you want to handle email. A template:

# local-host-names - include all aliases for your machine here.
66.59.xxx.xxx 		# (your server's IP)
mail.goober.com		# probably don't need this, only the next line
goober.com
anotherdomain.com

Then, edit /etc/mail/access and add your domain(s):

# by default we allow relaying from localhost...
localhost.localdomain	RELAY
localhost				RELAY
127.0.0.1				RELAY
goober.com				RELAY
foobar.com				RELAY

Now, edit /etc/sendmail.cf (good idea to make a backup copy first) and find the line that says "# SMTP daemon options". Below that there should be a line that looks like the following:

O DaemonPortOptions=Port=smtp, Name=MTA, Addr=127.0.0.1,

Move the Addr= part to its own line and comment it out, leaving:

#Addr=127.0.0.1, 
O DaemonPortOptions=Port=smtp, Name=MTA

This allows sendmail to receive connections from hosts besides localhost. Save changes and restart sendmail.

In a separate terminal, type tail -f /var/log/maillog so you can see what sendmail's doing as you begin testing. From another terminal, type

telnet your-server-ip 25

You should get back something like this:

	Trying 66.59.xxx.xxx... Connected to goober.com. Escape character is '^]'. 220
	goober.com ESMTP Sendmail 8.11.6/8.11.6; Wed, 9 Oct 2002 11:34:02 -0400

From here on, your entries are left-justified, the server responses are indented:

HELO GOOBER.COM
	
	250 whoopis.com Hello [66.59.111.182], pleased to meet you, wanna get high?

MAIL FROM: mbates@dartmouth.edu

	250 2.1.0 mbates@dartmouth.edu... Sender ok

RCPT TO: root@whoopis.com

	250 2.1.5 root@whoopis.com... Recipient ok

DATA (return)

	354 Enter mail, end with "." on a line by itself

Type some message, then:

.  (return)

	250 2.0.0 g99FgAK00839 Message accepted for delivery

Exit session and quit telnet.

Make sure that you're not an open spam relay. Do same as above, except use different email addresses, neither of which are listed in local-domains -- for example:

MAIL FROM: spleen@yahoo.com 
	(Sender ok) 
RCPT TO: goober@netscape.com 
	(550 5.7.1 goober@netscape.com... Relaying denied. 
	IP name lookup failed [66.59.xxx.xxx] )

Current versions of sendmail should be configured to deny relaying by default, but make sure.

If, when you send normal email to your new mail accounts, you get majordomo errors regarding name service, check your DNS db records and make sure you defined the MX record properly. Check with dig:

bash-2.05a# dig goober.com MX

	; <<>> DiG 9.2.1 <<>> goober.com MX
	;; global options: printcmd
	;; Got answer:
	;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11482
	;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

	;; QUESTION SECTION:
	;goober.com. IN MX

	;; ANSWER SECTION:
	goober.com. 38400 IN MX 5 mail.goober.com.

(Note on dig: You can literally type

dig@some-specific-nameserver-ip goober.com MX (enter)

and have it tell you which nameserver "some-specific-nameserver-ip" believes is the mail exchanger (MX) for the goober.com comain.)

If all you want to do is be able to receive mail for username@domain.com, then you're basically done. Create a .forward file in your home directory and put your "real" email address in there; now, email sent to yourusername@yourdomain.com will be forwarded to your real address.

If you want to be able to have other various email addresses routed to certain accounts (for example, "sales@yourdomain.com"), you can either create accounts for those users (unnecessary) or edit /etc/mail/virtusertable (this file also allows you to have "info@firstdomain.com" and "info@seconddomain.com" go to different accounts, if you are doing multiple virtual hostnames):

info@domain1.com	joeblow@randomisp.com
info@domain2.com 	localuser	
@domain3.com 		anotherlocaluser
@domain4.org 		user@otherisp.com

Note line 2. If you want to direct "info@domain2.com" to a user account on THIS system, do not add @domain.com -- in other words, if your domain is goober.com, and your email account is joeblow@goober.com, just put joeblow in the second column.

Furthermore, there is rule-ordering possible in the virtusertable file. See the following:

user1@goober.com    user1
user2@goober.com    user2
user3@goober.com	user3

user1@foobar.com 	user4
user2@foobar.com 	user5
@goober.com    		user1
@foobar.com       	user4

This allows your real users to get their email, and anything else @goober.com will go to user1. So, if your customers take a guess that you've got a webmaster account (which you may not have explicitly defined) and they try sending email to webmaster@goober.com, user1 (you, probably) will receive it. And this works for your other domains as well. Be careful not to enter this into virtusertable:

@whoopis.com	mbates@whoopis.com

Or you get this:

----- The following addresses had permanent fatal errors -----


----- Transcript of session follows ----- ... while talking to
mail.whoopis.com.: >>> RCPT To: <<< 554 5.0.0 rewrite: excessive recursion (max
50), ruleset canonify 554 ... Service unavailable

In other words, sendmail went into a bad loop trying to re-direct whoopis.com email to itself.

Now, if you want to do more than just .forward your domain's mail, i.e., you want to be able to login and send/receive mail from this account directly, you can set up IMAP to do this. Check to see if IMAP is installed (rpm -q imap for RedHat users). If it is, edit /etc/xinetd.d/imap (and imaps if you want to do SSL-enabled IMAP, but you have to generate an SSL certificate first, which I don't know how to do). Find the line that says disable=yes and change it to disable=no. Reload/restart xinetd. Check with netstat to see if IMAP is running:

bash-2.05a# netstat -anp | egrep '(:110|:143|:993)'
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      1339/xinetd         
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      1339/xinetd

Port 143 is IMAP, port 993 is IMAPS.

You can test it by hand, as with sendmail, but it's slightly different. Type:

telnet localhost 143

	Trying 127.0.0.1...
	Connected to localhost.
	Escape character is '^]'.
	* OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS STARTTLS AUTH=LOGIN] localhost IMAP4rev1 2001.315rh at Wed, 9 Oct 2002 17:21:51 -0400 (EDT)

A0001 LOGOUT

	* BYE whoopis.com IMAP4rev1 server terminating connection
	A0001 OK LOGOUT completed
	Connection closed by foreign host.

If you get that, then it's working.

Now configure your mail client (and move/rename your .forward file, if you had one). The fields in your mail client should be self-explanatory -- your mailserver for both IMAP and SMTP is mail.goober.com (unless you named it something else in the db file) and your username and password are what you use to log in to your server. In my case, the tricky part was specifying the path to the actual mail -- my client at first thought that my entire home directory was email, and dutifully fetched all my web files etc. and made them into email messages. :) In my client settings, there was a slot for Account Path Prefix (it may have another name in a different client) and I filled in

~/mail

Such that my email went into /home/mbates/mail. Then it worked just fine. Your Mileage May Vary.

If you want to see what your client sees for folders, take a look at ~/.mailboxlist. You can mess with this manually to make your mail reader re-think its folder list, but that is not for the faint-of-heart. ;)