header image
Exim & Dovecot
January 14th, 2021 under Linux, Website Status. [ Comments: none ]

I finally set up my mail server with POP3 access. I just want to host couple of mail addresses which map to users on the (arch-)linux system. So no fancy virtual users or LDAP.

First, set up exim. The configuration is straight forward. Just read through the entire configuration file. It turns out I needed just some adjustments. First the proper primary_homename must be set.

primary_hostname = ganymede.ch

Since I want to use TLS, the certificate and private key must be set. Don’t generate any self-signed key. This just causes problems because the certificate must always be added as an exception wherever it is used. So, generate a Let’s Encrypt certificate. Point exim to Let’s Encrypt files.

tls_certificate = /etc/letsencrypt/live/ganymede.ch/fullchain.pem
tls_privatekey = /etc/letsencyrpt/live/ganymede.ch/privkey.pem

The Let’s Encrypt files can also be used for an Apache webserver. Apache is typically started with root privileges which it later drops. During this phase, the certificate and private key are read by Apache. So the default permission (mostly exclusively root access) of the Let’s Encrypt folder works just fine for Apache. Exim on the other hand read the certificate and key just when a TLS connection should be established. Hence the exim log shows some TLS Error with a message like system library:fopen:Permission denied. An easy fix for this is to set the owner of the folder /etc/letsencrypt/live/ and /etc/letsencrypt/archive/ to the exim user and group. Clearly, this can cause problems if other users, without root privileges, need access to the files. However, this is not the case in my setup.

Next, I don’t want to allow mail delivery to all local users such as the exim or http user. I just want to whitelist certain users. This can be achieved by modifying the localuser router. Simply add local_parts = lsearch;/etc/mail/accepted_local_users. So the router looks like this:

driver = accept
local_parts = lsearch;/etc/mail/accepted_local_users
transport = local_delivery
cannout_route_message = Unknown user

This router only routes if check_local_user succeeds and local_parts can be found in the accepted_local_users file. So, create the file accepted_local_users and write every username which is allowed to receive E-Mails into the file. One username per line.

That’s it… Exim with TLS done.

Let’s look at dovecot for the POP3 access. On archlinux the dovecot configuration is split into many file. The config file need to be copied into the /etc folder (see the archlinux wiki). The main config file is /etc/dovecot/dovecot.conf. There it restricted the supported protocols to pop3

protocols = pop3

This main config file loads all config files from the conf.d subdirectory. Here I rely on the system (PAM) authentication by including auth-system.conf.ext

!include auth-system.conf.ext

Again as with exim, I want only whitelisted users to be able to login and not all system users. To achive this it is possible to use the username_filter. Simply give it the username which are allowed to login.

passdb {
driver = pam
username_filter = my_user my_user2

Of course we also want the secure the server with SSL. This is just as easy as before. Simply point dovecot to the Let’s Encrypt certificate and private key in 10-ssl.conf

ssl_cert = </etc/letsencrypt/live/ganymede.ch/fullchain.pem
ssl_key = </etc/letsencrypt/live/ganymede.ch/privkey.pem

Since dovecot is run as root we don’t have any permission issues.

The last thing that needs to be done, is to tell dovecot about the mailbox format and the mailbox locations. In the file 10-mail.conf write

mail_location = mbox:~/mail:INBOX=/var/mail/%u

After that we are all done. You can receive email for the given user and access the mails through pop3 with the system password for that user.

You can also send email from you system (for instance through mail or with php) trough exim to any E-Mail address.

December 29th, 2007 under Website Status. [ Comments: none ]

After several hours struggling with my corrupted Gentoo Linux, I decided to switch to FreeBSD.  Almost all functionality is available now.  Still, some issues are present. Hopefully, I’ll get rid of them in the next day. If someone should find a bug, please send me an email.

Courier Mailserver
July 6th, 2007 under Website Status. [ Comments: none ]

Since yesterday, Courier MTA, IMAP, POP, SMTP is set up and ready to be used. Additionally, i installed roundcubemail as the webmail interface.

Proud Sparc Admin
June 28th, 2007 under Website Status. [ Comments: none ]

Finally, I managed to switch my old x86 server with my new ‘old’ sparc server. Now the server is a Sun Blade 100:

  • 500MHz Sparc64
  • 512 MB RAM
  • 400 GB Storage

I’m still running a Gentoo Linux as the operating system. The server runs the following services:

In the future the following will be installed as well:

Picture Gallery
April 21st, 2007 under Website Status. [ Comments: none ]

I finally decided which picture album I will use. It is Gallery, a nice and highly configurable open source website. I am going to use my gallery to publish my less artistic (or maybe just wannabe artistic) pictures.

Feel free to check it out under pictures.ganymede.ch

« Previous entries