TheGlide\’s blog

Ramblings, ramblings, ramblings…

Mac: configuring a mail server (part 1 – postfix, dovecot)

with 2 comments

(updated Oct 11th, 2006)

Recently I’ve been playing a lot with the Mini (while my Linux box is here taking the dust :-) ) and wanted to see how easy it would be to set it up to function as a mail server. For reading emails I wanted to have it download emails from the POP3 server of my ISP, deliver them locally and make them available through an IMAP server (so I could read email from any machine in the house and have a single mail repository on the Mini); on the sending side, I wanted it to relay email through SMTP to my ISP SMTP server. This is something I’ve been wanting to play with during my Linux days but never got the time. Now that I have some free time (and a Mac!), this is something I tried. Read on for the details! In this first installment we will cover the server part: postfix (SMTP) and dovecot (IMAP).

After “shopping” around for all the necessary pieces and reading a lot of docs on the Net, I finally came up with the chain of tools necessary for the job.

On the receiving side of things, getmail would get the mails from my ISP’s POP3 server and pass them along to procmail which would finally deliver them in the local mailbox; dovecot would function as the local IMAP server for any client/machine to connect and read emails. This would allow me to change machine or email reader without the hassle to fight with incompatible mail storage systems.

As mail storage format I’ve selected Maildir, which is supported by dovecot and is IMO more efficient for my backup (dar) and searching (Spotlight) needs.

On the sending/relaying side, I would simply use the postfix SMTP server that comes installed in Mac OS X 10.4 (Tiger).

1. Getting and installing the software

Of all the mentioned software only postfix (v2.1.5) and procmail (v3.22) are readily available in Mac OS X (versions refer to Mac OS X v10.4.7). getmail and dovecot instead need to be installed but the process is really simple. Even though they are available through either Fink and DarwinPorts, I suggest to get the latest releases from their respective sites. I downloaded getmail v4.6.3 and dovecot v1.0rc7.

1.1 Installing getmail
Uncompress the downloaded getmail-4.6.3.tar.gz file, go in the getmail-4.6.3 folder an type the following:

sudo python setup.py install --prefix=/opt

This will install getmail in /opt. I’ve initially choosen this folder so that getmail files and its python libraries don’t risk to mess up my current setup; I’ve not changed this setup since then as it works flawlessly. There’s one catch to using the non-standard /opt: you need to modify getmail’s Python scripts to add a new search path for python modules. In /opt/bin/getmail, /opt/bin/getmail_fetch, /opt/bin/getmail_maildir and /opt/bin/getmail_mbox the following:

import sys

should be modified to:

import sys
sys.path.append('/opt/lib/python2.3/site-packages')

getmail is now ready to be used.

1.2 Installing dovecot
Again uncompress dovecot-1.0.rc7.tar.gz in a folder and cd into dovecot-1.0.rc7. Since dovecot needs gcc to compile, make sure you’ve install Xcode from the Mac OSX DVD. One you are ready, compilation and installation is just a few commands away:

./configure --prefix=/opt
make
sudo make install

Again installation is done in /opt. The rest of the configuration process for dovecot will be covered later.

2. Configuring the server

Now that we have everything installed and ready to go, we can proceed with the configuration of the mail server. Let’s go in order and start from the beginning.

2.1 Configuring postfix
I wanted a postfix setup where:

  • authentication is done using the local Unix user accounts;
  • relaying to my ISP’s SMTP server is only allowed for authenticated users,
  • my ISP’s SMTP needs authentication with my ISP account;this authentication should be done by the postfix server automatically;
  • delivering to local mailbox is allowed only if the connection is coming from the local machine;
  • delivery of incoming mail should be done to local Maildir folder;
  • postfix shuold run as a server (which is not the case in Mac OSX default setup for postfix).

First: the file /etc/postfix/main.cf needs to be edited in order to modify postfix’s configuration. Here are the edits I’ve made to implemented the requirements listed above:

# to enable relaying through my ISP's SMTP server
relayhost = my_isp_server_name
# to enable authentication for the ISP SMTP server
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noplaintext, noanonymous
# to enable postfix authentication using the local Unix user account,
# and to allow local deliver if connection is coming from local machine
smtpd_sasl_auth_enable=yes
smtpd_use_pw_server=yes
enable_server_options=yes
smtpd_pw_server_security_options=plain, login
smtpd_sasl_security_options=noanonymous
smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, reject
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_auth_destination, reject
broken_sasl_auth_clients=yes
# to enable local delivery to user's Maildir folder
home_mailbox = Maildir/

Some of the settings used in main.cf (enable_server_options, smtpd_use_pw_server and smtpd_pw_server_security_options) are specific to MacOSX: they are documented in this document from the Apple Knowledge Base (Title: Mac OS X Server: Apple-specific postfix options).

Now we need to add the necessary information to authenticate to the ISP’s SMTP server. For this you have to prepare the sasl_password file which is referenced in /etc/postfix/main.cf above (command smtp_sasl_password_maps). Inside the Terminal simply do the following to create the sasl_password file:

sudo vim /etc/postfix/sasl_passwd

Create the sasl_passwd file with the following format:

isp_server_name username:password

Save and close. Now complete the setup for the ISP authentication mechanism with:

sudo chown root /etc/postfix/sasl_passwd
sudo chmod 600 /etc/postfix/sasl_passwd
sudo postmap hash:/etc/postfix/sasl_passwd

The final postmap command will create a binary file with the information coming from the sasl_passwd file; if for any reason you need to change the content of sals_passwd, you have to rerun postmap.

Finally we need to setup postfix to run as a daemon. On Mac OS X this means modifying the current launchd entry for postfix, which sets it up for on-demand execution. To change the current configuration just prepare a .plist file (let’s name in new_postfix.plist) for running postfix in daemon mode at system startup:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>org.postfix.master</string>
<key>OnDemand</key>
<false/>
<key>Program</key>
<string>/usr/libexec/postfix/master</string>
<key>ProgramArguments</key>
<array>
<string>master</string>
</array>
<key>QueueDirectories</key>
<array>
<string>/var/spool/postfix/maildrop</string>
</array>
</dict>
</plist>

Then from the Terminal do the following to update postfix’s launchd configuration:

sudo launchctl stop org.postfix.master
sudo launchctl unload \
/System/Library/LaunchDaemons/org.postfix.master.plist
sudo cp new_postfix.plist \
/System/Library/LaunchDaemons/org.postfix.master.plist
sudo launchctl load \
/System/Library/LaunchDaemons/org.postfix.master.plist
sudo launchctl start org.postfix.master

2.2 Configuring dovecot
To configure dovecot we need to do three things: setup a new dovecot user, create the appropriate entry for PAM and launchd and finally prepare a dovecot.conf file.

Let’s start from the first step, creating a new dovecot user (instructions obtained from the official dovecot documentation). From the Terminal type:

sudo niutil -create / /users/dovecot
sudo niutil -createprop / /users/dovecot uid 300
sudo niutil -createprop / /users/dovecot name dovecot
sudo niutil -createprop / /users/dovecot passwd '*'
sudo niutil -createprop / /users/dovecot _writers_passwd dovecot
sudo niutil -createprop / /users/dovecot shell /usr/bin/false
sudo niutil -createprop / /users/dovecot expire 0
sudo niutil -createprop / /users/dovecot change 0

To configure the PAM entry, create the file /etc/pam.d/dovecot with the following contents:

# dovecot: auth account password session
auth required pam_nologin.so
auth sufficient pam_securityserver.so
auth sufficient pam_unix.so
auth required pam_deny.so
account required pam_permit.so
password required pam_deny.so
session required pam_uwtmp.so

To create the .plist configuration file for launchd, so that dovecot gets started upon system startup, just create the file /Library/LaunchDaemons/org.dovecot.plist as follows:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>org.dovecot</string>
<key>ProgramArguments</key>
<array>
<string>/opt/sbin/dovecot</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>

Then do the following in the Terminal to load the .plist file for launchd:

sudo launchctl load \
/Library/LaunchDaemons/org.dovecot.plist

We finally need to configure dovecot, i.e. to prepare a dovecot.conf file with all the necessary settings. Supposing you installed dovecot in /opt as outlined above, copy the file /opt/etc/dovecot-example.conf in /opt/etc/dovecot.conf. Then apply the following changes to /opt/etc/dovecot.conf:

base_dir = /var/run/dovecot/
protocols = imap
ssl_disable = yes
login_user = dovecot
default_mail_env = maildir:/Users/%u/Maildir
mail_extra_groups = mail

and you’re done with dovecot!

2.3 Testing the server configuration
With dovecot and postfix up and running, the most difficult part of the mail server setup is done. Now you need to do one last step and then test the current configuration. The last step is initializing the Maildir folder in your home directory:

mkdir ~/Maildir

Now you are ready to test the the IMAP server (dovecot) and the SMTP server (postfix). Open up your preferred email client (Apple’s Mail.app, Thunderbird, etc…) and configure them to use localhost both as the IMAP server for incoming emails and as the SMTP server for outgoing emails.

To test the IMAP server just send yourself an email at your local Unix account with the command-line utility mail:

mail -s "Maildir init - `date`" yourusername << EOF
this is a test.
EOF

In your email application you should see this new email.

Now test that the SMTP works by sending a mail with your mail application to an address outside your system (note: you can’t use mail this time because, since it does not use authentication, it is not allowed to send email outside localhost; this is a consequence of the settings we have impoased at the beginning for postfix).

Check in /var/log/mail.log that the postfix server is able to correctly connect to the relay host from your ISP and send the mail to the destination address. Also check for any errors in the process of sending the email and relaying it to the ISP SMTP server.

3. That’s all folks…for now!

Well, this is the end of this first (long) posting on setting up a mail server on your Mac. Next time I’ll complete the topic by going over how I did setup getmail to pick the mail from an external POP3 server and deliver it locally in my mailbox through procmail.

Thanks for reading!

Advertisements

Written by theglide

October 7, 2006 at 3:19 pm

Posted in Mac

2 Responses

Subscribe to comments with RSS.

  1. Excellent article – it really enlightened me !

    I have one problem though while doing something similar: how do you get Spotlight to index your Maildir given that Spotlight does not traverse “hidden” directories (ie .INBOX.xyz) ?
    I tried forcing Spotlight to index these files with no luck…

    I then tried to rename the mail folders under dovecot but it seems that they are required to begin with a dot…

    So I am really curious to know how you managed to get Spotlight to index your mails…

    Thanks !

    davidjdv

    May 22, 2007 at 8:01 am

  2. Hello,
    I haven’t actually looked into this, since my current setup it to use Mail.app and synchronize mails to the Mail.app folder (which, I understand, doesn’t make much sense as I’m basically storing emails twice, once in the Maildir folder and once in Mail.app’s storage).

    I’m going to look into this further in the next days. What I found so far is that you surely have to force Spolight to index the hidden folders, using mdimport -f . I’m not sure if simply applying this on $HOME/Maildir will force Spotlight to index even the hidden folders beneath it. I’ll check this.

    The other thing is how to instruct Spollight to index the mail files: the current type “smtp mail text” (as reported by “file” command) is not recognized by Spotlight, as also highlighted by an “mdimpor -n -d1”. It seems there are solutions to that, but honestly that’s another thing I need to investigate. Maybe worth another blog entry :-)

    Will keep you posted.
    Cheers.

    theglide

    May 25, 2007 at 10:17 pm


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: