MySQL, Java, JSP, Servlet, Tomcat and Jboss Web Hosting Blog

Chapter 25 . Running a Mail Server 681 You ll be asked a number of questions about how ClamAV should be configured. Here s how to answer them: Virus update method This is the method that freshclam (part of ClamAV) will use to download updated virus databases. The recommended option is to run freshclam as a daemon. Local database mirror site This is the site that freshclam will retrieve the virus information updates from. The second part of the site is the two-letter country code. Select your country code or that of a nearby country if yours isn t available. HTTP proxy information Do not enter anything here unless you are required to use a proxy server to access Web servers. If your connection is suitable for running a mail server, then you probably don t need to use a proxy server. Notify clamd after updates Select yes here. 2. Add the clamav user to the Debian-exim group and restart the ClamAV daemon. This allows the ClamAV daemon access to read the files in Exim s mail queue: # gpasswd -a clamav Debian-exim # invoke-rc.d clamav-daemon restart 3. Replace the report template used by SpamAssassin with one that will fit more easily in a message header. Use a text editor to add these lines to the end of /etc/spamassassin/local.cf: clear_report_template report _YESNO_, score=_SCORE_, required=_REQD_, summary= report _SUMMARY_ 4. Configure the SpamAssassin background daemon to run automatically and to not attempt to create preference files for users. Change the following options in /etc/default/spamassassin: ENABLED=1 OPTIONS= –max-children 5 5. Start the SpamAssassin daemon: # invoke-rc.d spamassassin start 6. Create the entries that will be included in Exim s ACL (Access Control List) for scanning message data. Use a text editor to create a file named /etc/exim4/ acl_check_data_local that contains the following: deny message = $malware_name detected in message demime = * malware = *
We recommend cheap and reliable webhost to host and run your web applications: Coldfusion Web Hosting services.

680 Part V . Running Servers 7. Next, Exim needs to be configured to deliver messages using Maildrop. Use your preferred text editor to open /etc/exim4/update-exim4.conf.conf and add the following line at the end of the file: dc_localdelivery= maildrop_pipe 8. Tell Exim to load the most recent configuration change: # invoke-rc.d exim4 reload 9. Finally, install Courier IMAP and Courier POP: # apt-get install courier-imap courier-pop Select no when asked whether or not the installer should create directories for Web-based administration. Your system should now be capable of receiving messages. You should also be able to connect to your server using a mail client such as Thunderbird or Evolution. This is a good time to test mail delivery, even if you re planning to follow the directions in the next section to enable virus and spam filters later. More information about configuring a mail client to connect to your server can be found in the Configuring Mail Clients section later in this chapter. Installing ClamAV and SpamAssassin Installing and configuring the virus and spam filtering mechanisms is more involved than installing Exim and Courier, but should still go smoothly as long as you follow the steps carefully. Keep in mind, however, that this will add a lot of complexity to the system, so it is a good idea to make sure the Exim mail server is working first so that you don t have as many things to check if the system doesn t work as expected. The version of ClamAV included with Debian 3.1 (aka Sarge ) uses an older virusscanning engine. Because the updated engine is not likely to make it into an update any time soon because of the Debian upgrade policies, a group of Debian developers has created special sets of the ClamAV packages that are designed for easy installation on Sarge. For more information about how to use these packages instead of the stock versions, see http://volatile.debian.net/. You may choose to do this from the start, or to add the appropriate URIs to your APT configuration later and do an upgrade. In either case, the configuration process detailed in this section will be the same. Here s how to install ClamAV and SpamAssassin, and then configure Exim to use them for scanning messages: 1. Install the ClamAV and SpamAssassin packages: # apt-get install clamav-daemon clamav-testfiles spamassassin spamc Note
In case you need quality webspace to host and run your web applications, try our personal web hosting services.

Chapter 25 . Running a Mail Server 679 Mail name: Enter the name of your mail server here. IP addresses: Clear this box (or leave it empty if it is already so) so that Exim will listen on all local IP addresses. Destinations to accept mail for: Enter any domains that your server will be accepting mail for. Be sure to separate them with colons, and not commas or spaces. Domains to relay for: Enter the names of any domains that your machine will relay mail for, meaning that it can receive mail from them but then passes it on. In most cases, you will not want to enter anything here. Machines to relay for: Enter the IP address ranges of any client machines that you want your server to accept mail from. Another (safer) option is to leave this empty and require clients to authenticate using SMTP authentication. SMTP authentication is best performed over an encrypted connection, so this process is described in the security section at the end of this chapter. Keep DNS queries to a minimum: No. 3. This configuration uses Maildrop for local mail delivery. Maildrop can deliver messages to the Maildir-style folders that Courier is expecting, and can also handle basic sorting and filtering (as described in the Configuring Mail Clients section). This package is not installed by default, so install it as follows: # apt-get install maildrop 4. Create Maildir mail directories for every user already on the system. This step must be performed for every user that is already on the system, and must be run as the user because running this command as root will result in Maildrop being unable to write to the folders: $ maildirmake.maildrop $HOME/Maildir $ maildirmake.maildrop -f Trash $HOME/Maildir 5. Create mail directories under /etc/skel. The contents of /etc/skel will be copied to the home directories of any new accounts that you create after the setup is completed: # maildirmake.maildrop /etc/skel/Maildir # maildirmake.maildrop -f Trash /etc/skel/Maildir 6. Configure Maildrop to deliver to the Maildir folders instead of mbox files stored in /var/spool/mail. Use your favorite text editor to edit /etc/ maildroprc and add this line at the end of the file: DEFAULT= $HOME/Maildir/
In case you need quality webspace to host and run your web applications, try our personal web hosting services.

678 Part V . Running Servers Configuring for Retrieval from a Mail Host The configuration requirements when retrieving mail from a mail host are pretty limited. Your server should be ready to accept mail addressed to localhost and should generally have a name that is unique to it. In the event that a message sent to one of your mailboxes is rejected, the server will need to have a valid host name by which to identify itself when sending out the DSN (Delivery Status Notification). You must be able to access the server from clients, although you may need to do so only from clients within your network. In either case, you should be familiar with the information about DNS and A records in the previous section. Installing and Configuring the Mail Server Software Once you have finished with the prerequisites, you will be ready to begin the software installation. The software installation and configuration have been divided into two sections. The first section covers the installation of Exim and Courier. The second section covers the installation of ClamAV and SpamAssassin and configuring Exim to use them to filter incoming mail. Installing Exim and Courier Installing and configuring Exim and Courier is very straightforward thanks to the quality of the packages that come with Debian. Chances are, if you have a new Debian system, it already has a version of Exim installed. However, you ll want to use a specific version of Exim that contains features for content scanning. 1. Start by installing this particular Exim package: # apt-get install exim4-daemon-heavy 2. There are a few configuration options that you need to change from the defaults. Run the following command: # dpkg-reconfigure –priority=medium exim4-config You are asked a number of questions. Here s how to answer them: Split configuration into small files: Yes. General type: Select Mail sent by smarthost; received via SMTP or fetchmail if you need to send all of your outgoing mail through a server at your Internet service provider. Otherwise, select Internet site; mail is sent and received directly using SMTP.
Check Tomcat Web Hosting services for best quality webspace to host your web application.

Chapter 25 . Running a Mail Server 677 The first parameter, bigserver.example.org, is the label, and the second parameter is the class (IN for Internet, which is where most DNS records are found). The A indicates the type, and the final parameter is the IP address associated with the label. Once you have your A record, you can direct mail to your server using an MX (Mail eXchanger) record. The A and MX records do not need to be part of the same domain, which allows for much greater flexibility. Here is a sample MX record: widgets.test. IN MX 0 bigserver.example.org. This MX record indicates that mail for (any address)@widgets.test should be sent through the server bigserver.example.org. The 0 indicates the numeric priority for this MX record. When more than one MX record exists for a given label, the MX with the lowest priority is tried first. If a temporary error is encountered, the next highest priority mail server is tried, and so on until the list is exhausted. At that point the sending server will keep trying periodically until the message times out (generally five days). If multiple MX records exist with the same priority, they are tried in a random order. Most mail servers will also fall back on the IP address listed in the A record for a label in the event that no MX records exist. However, it is considered bad practice to rely on this. In some cases, it may be complicated to establish an A record because your IP address frequently changes. Obviously, this is not suitable for commercial purposes, but there is a workaround that is acceptably reliable for personal use. This is achieved through dynamic DNS services that are available (often at no charge) through a number of different companies. A list of these companies is maintained at http://dmoz.org/Computers/Software/Internet/Servers/Address_ Management/Dynamic_DNS_Services/. Three of the most popular (in no particular order) are: . DynDNS.org (http://dyndns.org/), supported by the ddclient or ipcheck packages . ZoneEdit (http://zonedit.com/), supported by the ez-ipupdate package . No-IP (http://no-ip.com/), supported by the no-ip package The ez-ipupdate package supports all three of these, plus a number of others. View the package description (apt-cache show ez-ipupdate) for more information. Most of these services will provide you with a hostname under a shared domain at no charge and can also provide a similar service for your own domain for a reasonable fee. Note Note
Searching for affordable and proven webhost to host and run your servlet applications? Go to Linux Web Hosting services and you will find it.

676 Part V . Running Servers Preparing Your System You will need a few common items for the mail server configuration covered in this chapter, starting with the proper hardware. A personal mail server can easily run on a Pentium-class computer, although you may notice occasional slowdowns while incoming messages are being scanned. Disk space requirements depend mostly on how much mail you want to have room for, so plan on having a few gigabytes for the operating system (which will leave you plenty of extra, just in case), plus the amount of mail you want to store. The operating system should be installed with only the basic set of packages before you begin these examples. Some general information about the installation is provided in Chapter 9. Although the software described in this chapter works even if you aren t running Debian, the installation methods will not. If you don t have a spare system to act as a dedicated mail server, you can still use it as your workstation, although this is obviously recommended only for personal use. Your network settings should also be properly configured before you begin installing the mail software. The exact requirements depend on the method by which mail will be delivered to your server: . Direct delivery is the method used by most traditional mail servers. DNS records tell remote servers that any mail addressed to your domain should be sent to your server via SMTP. . Retrieval from a mail host is also possible using an MRA (Mail Retrieval Agent) such as Fetchmail. This option can be used when you have a mailbox under a shared domain but want to access the mail on your own server. This can also be done in combination with direct delivery if you have both your own domain and mailboxes under shared domains. Configuration of Fetchmail is explained in the Configuring Mail Clients section of this chapter. Configuring DNS for Direct Delivery For direct delivery to function, the SMTP service (TCP port 25) must be accessible to the outside world through a fixed name in DNS. This name will be in the form of an A (Address) record. A records allow DNS resolver processes to determine the IP address associated with a specific name and are used by most of the common protocols on the Internet. A typical DNS A record looks something like this: bigserver.example.org IN A 1.2.18.12 Note
Note: In case you are looking for affordable and reliable webhost to host and run your j2ee application check Vision J2ee Web Hosting services.

Chapter 25 . Running a Mail Server 675 Web mail applications use IMAP as their backend protocol for accessing mailboxes; this eliminates the need for direct access to the mail files and makes it easier to split functions between systems. About the System and the Software Used The mail server configuration described in this chapter is based on the Exim mail transfer agent. Along with Exim, several other components are added for managing the server and checking e-mail contents for spam and viruses: . Exim (http://www.exim-mta.org/) is an MTA written and designed by Philip Hazel at the University of Cambridge, with contributions from many people around the world. The version referred to in this chapter includes the Exiscan-ACL patches (http://duncanthrax.net/exiscan-acl/) packages from Tom Kistner. This patch allows content scanning from within Exim. Because this patch is integrated with Exim, its features are considered part of Exim for the purpose of this chapter. . Maildrop (http://www.flounder.net/~mrsam/maildrop/) is a local MDA that is part of the Courier MTA package, but is also available as a standalone program. It is used in this configuration to allow the use of advanced features, such as mailbox quotas and server-side message sorting. . Courier IMAP and POP (http://www.courier-mta.org/imap/), like Maildrop, are parts of the Courier MTA that are also available separately. They were chosen for their easy installation, good performance, and compatibility with the Maildir format mail directories. . ClamAV (www.clamav.net) is an open source virus scanner that detects more than 20,000 viruses, worms, and Trojans. It uses a virus pattern database to identify viruses and includes a program named freshclam that handles updating the database automatically. Like SpamAssassin, ClamAV includes a daemon (clamd), a client (clamdscan), and a second command-line tool that does not use the daemon (clamscan). . SpamAssassin (http://spamassassin.apache.org/) is a spam-filtering program written in Perl. It uses a large set of rules to help determine how spammy a message looks and assigns a score based on the total of the rule values. For performance reasons, SpamAssassin uses a background daemon called spamd to perform message analysis. Access to this daemon is performed through the spamc client. A spamassassin command that performs the analysis without using spamd is also installed but is not used by either of the example configurations in this chapter.
If you are looking for affordable and reliable webhost to host and run your business application visit our ftp web hosting services.

674 Part V . Running Servers . Local IPC Inter-process communications are often used instead of SMTP when transferring a message between programs within a system. Upon receiving a message, the MTA places it in a queue to be processed by an MDA (Mail Delivery Agent). Mail Delivery Agents come in two varieties: . Local MDAs, which deliver messages to mailboxes on the local server. Simple versions copy messages directly to a specified mailbox, while complex implementations can alter messages or delivery parameters based on user-specified rules. . Remote MDAs, which deliver messages over the network to remote servers. Full remote MDAs use DNS (the Domain Name System) to determine the mail exchanger hosts for recipient addresses and deliver to the best one available for each. Simple remote MDAs (sometimes also called null clients ) forward messages to a central server to continue the delivery process. Most remote MDAs are capable of either method and will act as configured by the administrator that performed the configuration. You will often see the term MTA used in reference to the software that performs both MTA and MDA functions. This is a carry-over from older designs that did not separate the functions and is still fairly accurate given the fact that most mail server implementations include a minimum of an MTA, remote MDA, and basic local MDA. When a message reaches its destination server, it is written to the user s mailbox by the local MDA. From that point, the message may be viewed by the user using one of three methods: . Direct access to the mailbox An MUA (Mail User Agent) with access to the mailbox file, directly or through a network file system, can read messages from the disk and display them for the user. This is generally a console or Web mail application running on the server. . Downloaded to a workstation for local viewing Most mail users use POP3 (Post Office Protocol, version 3) to download messages to their local computers and view them in applications such as Evolution or Balsa. By default, messages are removed from the server during this process (similar to when you get your snail mail from the mailbox). . Accessed interactively over the network Most clients also support viewing messages while they are still on the server, through IMAP (Internet Message Access Protocol). Unlike POP3, this protocol enables users to access multiple folders on their servers and also allows them to access their messages from anywhere. However, this also creates a heavier burden on the server because it must process (and store) everything that the user decides to keep. Most Note
Searching for affordable and reliable webhost to host and run your web applications? Go to our java web server services and you will be pleased.