Global Open Versity, ICT Labs Install & Configure Sendmail & Dovecot with ClamAV on Linux v1.

Global Open Versity

IT Systems Integration Hands-on Linux Labs Training Manual

Deploy Secure Messaging Solution using Sendmail & Dovecot Servers with
ClamAV

Kefa Rabah
Global Open Versity, Vancouver Canada
krabah@globalopenversity.org
www.globalopenversity.org

Table of Contents Page No.

DEPLOY SECURE MESSAGING SOLUTION USING SENDMAIL & DOVECOT

SERVERS WITH CLAMAV 1
1.0 Introduction 1

Part 1: What you need to start CentOS5 Installation 3

Step 1: Install CentOS52 3

Part 2: Install & Configure DNS Server 4

Part 3: Install and Configure Sendmail Server 5

Step 1: Verify that DNS is working correctly 5
Step 2: Install & Configure Sendmail Server 5
Step 3: The /etc/mail/sendmail.mc File 6
Step 4: Why Sendmail Only Listens On the Loopback Interface By Default 6
Step 5: Test sending mail through SMTP using Telnet 10

Part 4: Allowing Remote Access to your Mail Server using IMAP/POP 11

Step 1: Install & Configure Dovecot POP3/IMAP Server for RHEL/CentOS 5 12
Step 2: Configure Dovecot – putting it all-together 13
Step 3: Test Dovecot POP3/IMAP 14
Step 4: Test Dovecot IMAP 15
Step 5: Authentication with Dovecot 15
Step 6: Accessing your emails from Outside 16
Step 7: Setup Email Clients 16

Part 5: Lock it Down with Clamd Antivirus solution 16

Step 1: Setting up Antivirus and Antispam Connectors 17

Part 6: Lock it Down with MailScanner Antivirus solution 17

Step 1: Install & Setup MailScanner on CentOS5/RHE5 17

Part 7: Setup SquirrelMail Webmail on RHEL/CentOS 5 18

Step 1: Install SquirrelMail 18
Step 2: Testing SquirrelMail 21

Part 8: Performance Tuning & Troubleshooting 23

Step1: Troubleshooting 23

1
April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT102 – Sendmail Server Administration Training

Global Open Versity, ICT Labs Install & Configure Sendmail & Dovecot with ClamAV on Linux v1.2

Summary 24

Part 9: Need More Training on Linux: 24

Sendmail Server Administration Training 24

Part 10: Hands-on Lab Assignments 25

Linux Administration Training 25

A GOV Open Access Technical Academic Publications

Enhancing education & empowering people worldwide through eLearning in the 21st Century

2
April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT102 – Sendmail Server Administration Training

Global Open Versity, ICT Labs Install & Configure Sendmail & Dovecot with ClamAV on Linux v1.2

Global Open Versity

Systems Integration Hands-on Linux Labs Training Manual

Deploy Secure Messaging Solution using Sendmail & Dovecot Servers with
ClamAV

By Kefa Rabah, krabah@globalopenversity.org Oct., 28, 2009 GTS Institute

1.0 Introduction
Over the last decade, the popularity of domain hosting has increased exponentially for many companies of
all sizes. All these domains need to be hosted somewhere, but corporate-level hosting of Web sites and
mail domains can be exorbitantly expensive for start-up and small to medium size businesses.

With the growth of the Internet, e-mail has also quickly become the main vehicle to spread information
through corporate users and the public at large. As the demand for fast, cheap and reliable e-mail grows,
more individuals and business large and small are turning to open source Linux to provide a fast, cheap
and reliable solution. And Sendmail is at the forefront of this cool messaging technology and it can be
easily scaled-up. One of the best solutions is using virtual hosting, which allows multiple domains to be
housed on a single server or server cluster. This is a valuable strategy for both a large company with the
hardware and bandwidth to host hundreds of domains and a small business with a mere two domains to
control its hosting solution with ease. In this Hands-on Lab session, we’ll take a look at how to configure
Sendmail to work on a single machine, but can also be scaled up to handle more than one domain. There
will be need to lock it down from security point of view. Also we’ll give our users’ ability to access their
email using RoundCube Webmail client via Dovecot POP/IMAP server.

Sendmail is a general purpose internetwork email routing facility that supports many kinds of mail-transfer
and -delivery methods, including the Simple Mail Transfer Protocol (SMTP) used for email transport over
the Internet. It’s currently the most popular mail transfer agent (MTA) on the Internet. Its popularity is due
in part to its position as the standard MTA under most variants of the Linux/Unix-like operating systems.

Sendmail was originally developed by Eric Allman, in 1979, as "delevermail", which first shipped with
BSD 4.0. This program was not very flexible and required configuration at compile time. With the growth of
TCP protocol and other factors, it became obvious that delevermail was not flexible enough to handle
these new demands. Eric Allman had to recreate Sendmail from scratch, and what he produced has
become the standard for MTAs. Rather than reject messages that did not conform to protocols, sendmail
is designed to be tolerant of these messages. For those individuals who have never configured an e-mail
server, this hands-on manual will demonstrate how to configure sendmail 8.13.8 after a fresh install of
CentOS5.

Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems, written primarily with
security in mind. Apple Inc. includes Dovecot for email services in Mac OS X 10.6 Snow Leopard Server.
Developed by Timo Sirainen, Dovecot was first released in July 2002. Dovecot primarily aims to be a
lightweight, fast and easy to set up open source messaging server. It can work with standard mbox,
1
April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT102 – Sendmail Server Administration Training

Global Open Versity, ICT Labs Install & Configure Sendmail & Dovecot with ClamAV on Linux v1.2

Maildir, and its own experimental native high-performance dbox formats. It is fully compatible with UW
IMAP and Courier IMAP servers’ implementation of them, as well as mail clients accessing the mailboxes
directly.

Dovecot also includes a Mail delivery agent (called Local delivery agent in Dovecot’s documentation), with
optional Sieve filtering support. It also supports a variety of authentication schemas for IMAP and POP
access including CRAM-MD5 and the more secure DIGEST-MD5. It’s a Mail Delivery Agent is simple and
easy to install. In this HowTo guide and lab session, we’ll explain how to set it up as an IMAP or POP3
server. For alternate IMAP/POP3 servers see Courier or Cyrus.

We also need to lockdown our Sendmail server to secure our Sendmail server against cyber-criminals and
malwares. For this we’ll use Clamd. Clamd which comes integrated with ClamAV and Clamav-db fits the
bill for our task. It’s a multi-threaded daemon that uses libclamav to scan files for viruses. The daemon
listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand for
viruses. The daemon is fully configurable via the clamd.conf file. It reads the configuration from
/etc/clamd.conf.

Clam AntiVirus (ClamAV) is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-
mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-
threaded daemon, a command line scanner and advanced tool for automatic database updates. The core
of the package is an anti-virus engine available in a form of shared library.

MailScanner is an open source free anti-virus and anti-spam filter protecting over 5 billion e-mails every
week, for many millions of users. MailScanner is an email virus scanner, vulnerability protector, and spam
tagger. It supports the Postfix, Sendmail, Exim, Qmail, and ZMailer MTAs, and the Sophos, McAfee, F-
Prot, F-Secure, CommandAV, InoculateIT, Inoculan, eTrust, Kaspersky, Nod32, AntiVir, BitDefender,
RAV, Panda, DrWeb, ClamAV, and other anti-virus scanners.

SquirrelMail is a web-based email application started by Nathan and Luke Ehresman and written in the
PHP scripting language. It can be installed on almost all web servers as long as PHP is present and the
web server has access to an IMAP and SMTP server. SquirrelMail outputs valid HTML 4.0 for its
presentation, making it compatible with a majority of current web browsers. SquirrelMail uses a plug-in
architecture to accommodate additional features around the core application, and over 200 plug-ins are
available on the SquirrelMail website Licensed under the GNU General Public License, SquirrelMail is free
software. It is currently available in over 50 languages. SquirrelMail is included in many major GNU/Linux
distributions and is independently downloaded by tens of thousands of people every month.

Solution
In this Hands-on Lab session, you’ll learn how to setup virtual network on VMware (you may also use any
other virtual machines like MS VirtualPC, Linux Xen, or VirtualBox from Sun). In this lab session, we’ll
concentrate on installing Sendmail server with Dovecot server and SquirrelMail webmail client on a clean
install Linux CentOS5 Server. You will learn how to install and configure Webmin to help with configuring
DNS server. I’ll also show you how to set static IP address which is required for successful deploying a
DNS and messaging servers. Finally, we’ll go through a step-by-step process to install Sendmail
messaging server, Dovecot POP/IMAP server and SquirrelMail Webmail client. You’ll also have an
opportunity to do some hands-on lab assignments at the end of the lab session. Upon completion of the
2
April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT102 – Sendmail Server Administration Training

Global Open Versity, ICT Labs Install & Configure Sendmail & Dovecot with ClamAV on Linux v1.2

hands-on labs you’ll have gained a competency level and a capability to be able to plan design implement
and deploy an enterprise grade messaging solution using Sendmail.

Assumptions
It’s assumed that you have a good understanding of Linux operating system and its working environment.
It’s also assumed that you know how to install and configure Linux CentOS5, if not go ahead and pop over
to scribd.com and check out a good HowTo entitled “Install Configure and Upgrade Linux CentOS5 Server
v1.1” to get you started.

Other related articles that you may need for this Hands-on Lab session:

1. Using Webmin and Bind9 to Setup DNS Server on Linux

2. Step-by-Step Install Guide for Evolution Mail Client with Addressbook using LDAP on Linux v1.2
3. OpenLDAP for Enterprise Identity Management & SSO v1.0
4. Install Guide IPCop Firewall for Network Security with Spam and Virus Protection

Part 1: What you need to start CentOS5 Installation

1. Download the latest CentOS5 ISOs for DVD or CDs from: http://centos.org
2. A test x86 desktop computer, keyboard, monitor, mouse, and firewalled internet connection.
3. One hour of quite time and a good supply of coffee or tea – but definitely none alcoholic drink
(seriously!)

Step 1: Install CentOS52

1. Install Centos52 from DVD or CDROM configure the entire disk
2. Configure your Fully Qualified Hostname, IP address and Gateway, DNS details
3. Setup your root password
4. Setup the software. Select Server only and Customize Now
• Select only the following components:
Editors
Text base Internet
Development Libraries
Development Tools
Administration Tools
Base
System Tools

5. The system will now install and will required CDs 1-6.
6. Once the system reboots disable firewall and SElinux.
7. Make sure your /etc/hosts file has the line:
IP address and FQDN hostname (i.e. 192.168.83.21 linuxc.monstserv.com linuxc).
8. Reboot the system (for changes to take effect).
9. Then run yum update to my sure your system is fully up to date.
10. Reboot the system.
11. OS server installation complete and ready for DNS, Sendmail and Dovecot servers’ installation.

3
April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT102 – Sendmail Server Administration Training

Global Open Versity, ICT Labs Install & Configure Sendmail & Dovecot with ClamAV on Linux v1.2

Part 2: Install & Configure DNS Server

1. For your new e-mail server to work, you must first get all the DNS issues straight as we have done in
Part 2. First, add the hostname and IP address for the new e-mail server to your DNS server and
confirm the address with nslookup and dig command as we’ll see later:

2. Webmin is the most powerful administration tool in its nature. We will use it to set up our DNS, but I
will not go over it in detail because we already know how to use other administrative tools. It is not
difficult to use because it is web based, in any event, you should know that you can use it remotely to
administrate the system. Checkout a great HowTo by the same author on Docstoc.com for the
detailed DNS server setup using Webmin. In this HowTo you can see how you use Webmin to setup
DNS Server and mail, www and ftp servers on Linux CentOS5.
3. While here also note our hostname: linuxc.monstserv.com
4. Other servers are:

mail.monstserv.com
www.monstserv.com
ftp.monstserv.com

5. Check out /etc/hosts to ensure that you have a correct setup, in our case, it’s as follows:

# Do not remove the following line, or various programs

# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.83.21 linuxc.monstserv.com linuxc mail www ftp
::1 localhost6.localdomain6 localhost6

6. To ensure that your DNS server is installed and configured correctly, perform the following test via
dig and nslookup command:

[root@linuxc ~]# dig linuxc.monstserv.com

; <<>> DiG 9.3.4-P1 <<>> linuxc.monstserv.com

;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1096
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;linuxc.monstserv.com. IN A

;; ANSWER SECTION:
linuxc.monstserv.com. 38400 IN A 192.168.83.21

;; AUTHORITY SECTION:
monstserv.com. 38400 IN NS linuxc.monstserv.com.

;; Query time: 4 msec

;; SERVER: 192.168.83.21#53(192.168.83.21)
;; WHEN: Sun Oct 25 13:16:03 2009
;; MSG SIZE rcvd: 68

4
April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT102 – Sendmail Server Administration Training

Global Open Versity, ICT Labs Install & Configure Sendmail & Dovecot with ClamAV on Linux v1.2

[root@linuxc ~]# nslookup linuxc.monstserv.com

Server: 192.168.83.21
Address: 192.168.83.21#53

Name: linuxc.monstserv.com
Address: 192.168.83.21

7. We’re good and ready to move on Part 3, Install and configure Sendmail server

Part 3: Install and Configure Sendmail Server

In this section, we present the steps necessary to successfully install and configure Sendmail 8.13 on
Linux CentOS5. I have used these steps to install Sendmail on several servers and all work perfectly. I
hope this guide will save others the time of hunting around forums.

Step 1: Verify that DNS is working correctly

1. Now let’s do more tests to ensure that our DNS server is sound & solid:

[root@linuxc ~]# nslookup -sil linuxc.monstserv.com

Server: 192.168.83.21
Address: 192.168.83.21#53
Name: linuxc.monstserv.com
Address: 192.168.83.21

2. It is also important that your administrator put a reverse DNS entry to prevent delays in mail delivery.
Most modern e-mail servers use reverse lookup as a means of authentication for mail transfer. Again,
confirm this setting is correct using the nslookup command on your IP address.

[root@linuxc ~]# nslookup -sil 192.168.83.21

Server: 192.168.83.21
Address: 192.168.83.21#53
21.83.168.192.in-addr.arpa name = linuxc.monstserv.com

3. As you can see, the DNS entries are setup and working correctly, so let's move on to actually
configuring sendmail. By default, sendmail installations on CentOS5 will only allow SMTP traffic on the
localhost. The output of netstat -nl will show you all ports that have a dæmon listening; note
the line that says 127.0.0.1:25. This means the server is only listening on the loop back interface
for connections on port 25 (SMTP).

Step 2: Install & Configure Sendmail Server

1. You can first verify if the necessary Sendmail packages are installed by running:

[root@linuxc ~]# rpm -qa | grep sendmail*

sendmail-8.13.8-2.el5
sendmail-cf-8.13.8-2.el5

2. In case you get blank result, then Sendmail is not installed. Best way to get Sendmail is to compile it
from the source file. However, I have found that the RPM files obtained via Yum, if you use
CentOS4/RHE4 and later, Fedora Core 8 and later, or Yast with OpenSuse 11.1 contain all the
required files. To install all Sendmail files with CentOS5, do the following:
5
April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT102 – Sendmail Server Administration Training

Global Open Versity, ICT Labs Install & Configure Sendmail & Dovecot with ClamAV on Linux v1.2

[root@linuxc ~]# yum install sendmail* -y

Step 3: The /etc/mail/sendmail.mc File

1. Most of Sendmail’s configuration parameters are set in this file with the exception of mailing list and
mail relay security features. It is often viewed as an intimidating file with its series of structured
"directive" statements that get the job done. Fortunately in most cases you won't have to edit this file
very often.

2. The two most basic steps in configuring a Sendmail server are to modify this file to enable Sendmail
to listen on the NIC interface and to make Sendmail to accept mail from valid web domains.

Step 4: Why Sendmail Only Listens On the Loopback Interface By Default

1. All Linux systems have a virtual loopback interface that only lives in memory with an IP address
127.0.0.1. As mail must be sent to a target IP address even when there is no NIC in the box,
Sendmail therefore uses the loopback address to send mail to users on the local box. To become a
server, and not a client, Sendmail needs to be also configured to listen for messages on the NIC
interface.
2. We can verify that sendmail is running by first using the pgrep command which will return the
sendmail process ID number once sendmail is running. If it isn't running, then the return value will be
blank.

[root@linuxc ~]# pgrep sendmail

5424

3. It is also good idea to check the interfaces on which Sendmail is listening with the "netstat"
command. Sendmail listens on TCP port 25, so we use "netstat" and "grep" for "25" to see a
default configuration listening only on IP address 127.0.0.1 (loopback).

[root@linuxc ~]# netstat -an | grep :25 | grep tcp

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
[root@linuxc ~]#

4. Follow the link to access the document.

The full document has moved to Docstoc.com. You may download it from here:

http://www.docstoc.com/docs/30208011/?key=OTFmNTYwMTIt&pass=MzlmOS00MTll

-----------------------------------------------
Kefa Rabah is the Founder and CIO, of Serengeti Systems Group Inc. Kefa is knowledgeable in
several fields of Science & Technology, IT Security Compliance and Project Management, and
Renewable Energy Systems. He is also the founder of Global Open Versity, a place to enhance
your educating and career goals using the latest innovations and technologies.

6
April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada

www.globalopenversity.org EBT102 – Sendmail Server Administration Training