NOTE: I wrote this tutorial in 2002, when running your own mail server was a good idea. I still recommend it as a way of learning about Sendmail and Postfix on Linux which are good skills to have. However, due to the massive increase in spam since then you're better off leaving mail handling up to a dedicated provider. Google Apps is free and lets you use their GMail tool while keeping you're old email address.

Overview

This How-To is intended to help those who wish to set a secure email server for their friends and family to use. I'm using Redhat 7.1, but these instructions should apply to most Linux distributions. I set this up as I have friends and family with crummy ISP's which don't let them have enough email addresses or webmail.

To begin, you'll probably want to have a DNS name for your server so your users can easily access it. Now you need to decide what secure services to offer. I chose to offer users pop3s, imaps, and smtps. The first two are for recieving mail and the second is for sending it. I also set up a webmail service using Squirrelmail to let my users have access from any web browser.

Receiving Email Securely

The default Redhat install already has this all configured. You simply need to turn it on! Just make sure that you have the imap rpms installed on your server. Then turn on the services via xinetd. Just edit the 'disable' line in the imaps and pop3s config files in /etc/xinetd.d/. Then restart xinetd with '/etc/rc.d/init.d/xinetd restart'. Make sure your firewall is open for those ports.

Sending Email Securely

This allows you to have users send mail via your SMTP server over a secure SSL connection required authentication. To set this up, uncomment or comment the lines in your /etc/mail/sendmail.mc file to read:

TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')

Finally, you'll need to set up STMP over SSL using Stunnel to forward to the decrypted requests to sendmail. Just add the following to the bottom of your /etc/rc.d/rc.local file to ensure it starts up at boot.

/usr/sbin/stunnel -d 465 -r smtp -n smtp

Finally, I found it simplest to use the same SSL cert file (*.pem) as I did above for both imaps and pop3s. Just call it 'stunnel.pem'. This will mean your users will only need to recognize the single certificate. Use this command to generate SSL certificate to for the SMTP/stunnel connection and a similar command for the imapd.pem:

/usr/bin/openssl req -new -key stunnel.pem -x509 -days 365 -out stunnel.cer

Welcome!

I am a software developer from Calgary, Canada. I like to dabble in open-source software when not slinging Java at my day job.

You're currently only seeing the public areas of my site. For access to personal photos, videos, and blog posts, you'll need to login.

Around the Web

Recent Blog Posts

tech blog%> Google releases App Inventor framework
2010-07-12 at 12:51 pm
play blog%> Why Geo-Exchange Heating?
2010-06-21 at 12:52 pm
play blog%> Why Solar Hot Water?
2010-06-21 at 12:51 pm
play blog%> Why build Green?
2010-06-21 at 12:49 pm
play blog%> Basement development
2010-06-10 at 09:18 pm
play blog%> Welcoming Connor Davis
2010-05-14 at 11:37 am
play blog%> Mechanical systems and siding progressing
2010-04-21 at 07:34 pm
play blog%> Feds shut down housing efficiency program
2010-04-04 at 01:11 pm

Recent Comments

Listening To